@shware/http 1.1.13 → 1.2.0

package/dist/hono/__tests__/csrf.test.cjs

@@ -1,162 +0,0 @@
-"use strict";
-
-// src/hono/__tests__/csrf.test.ts
-var import_hono = require("hono");
-var import_csrf = require("../csrf.cjs");
-var import_handler = require("../handler.cjs");
-describe("CSRF Protection", () => {
-  let app;
-  beforeEach(() => {
-    app = new import_hono.Hono();
-    app.onError(import_handler.errorHandler);
-  });
-  it("should allow GET requests without CSRF token", async () => {
-    app.use((0, import_csrf.csrf)());
-    app.get("/test", (c) => c.text("OK"));
-    const res = await app.request("/test");
-    expect(res.status).toBe(200);
-    expect(await res.text()).toBe("OK");
-  });
-  it("should allow HEAD requests without CSRF token", async () => {
-    app.use((0, import_csrf.csrf)());
-    app.all("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", { method: "HEAD" });
-    expect(res.status).toBe(200);
-  });
-  it("should allow OPTIONS requests without CSRF token", async () => {
-    app.use((0, import_csrf.csrf)());
-    app.options("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", { method: "OPTIONS" });
-    expect(res.status).toBe(200);
-  });
-  it("should reject POST requests without CSRF token", async () => {
-    app.use((0, import_csrf.csrf)());
-    app.post("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", { method: "POST" });
-    expect(res.status).toBe(403);
-  });
-  it("should reject POST requests with mismatched tokens", async () => {
-    app.use((0, import_csrf.csrf)());
-    app.post("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", {
-      method: "POST",
-      headers: { "X-XSRF-TOKEN": "header-token", Cookie: "XSRF-TOKEN=cookie-token" }
-    });
-    expect(res.status).toBe(403);
-  });
-  it("should allow POST requests with matching tokens", async () => {
-    app.use((0, import_csrf.csrf)());
-    app.post("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", {
-      method: "POST",
-      headers: {
-        "X-XSRF-TOKEN": "matching-token",
-        Cookie: "XSRF-TOKEN=matching-token"
-      }
-    });
-    expect(res.status).toBe(200);
-    expect(await res.text()).toBe("OK");
-  });
-  it("should use custom cookie and header names", async () => {
-    app.use((0, import_csrf.csrf)({ cookieName: "csrf-token", headerName: "X-CSRF-Token" }));
-    app.post("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", {
-      method: "POST",
-      headers: {
-        "X-CSRF-Token": "test-token",
-        Cookie: "csrf-token=test-token"
-      }
-    });
-    expect(res.status).toBe(200);
-  });
-  it("should ignore specified paths", async () => {
-    app.use((0, import_csrf.csrf)({ ignores: [{ path: "/webhook/*", methods: ["POST"] }] }));
-    app.post("/webhook/stripe", (c) => c.text("OK"));
-    app.post("/api/data", (c) => c.text("OK"));
-    const webhookRes = await app.request("/webhook/stripe", { method: "POST" });
-    expect(webhookRes.status).toBe(200);
-    const apiRes = await app.request("/api/data", { method: "POST" });
-    expect(apiRes.status).toBe(403);
-  });
-  it("should ignore all methods for a path when methods not specified", async () => {
-    app.use((0, import_csrf.csrf)({ ignores: [{ path: "/auth/apple/callback" }] }));
-    app.post("/auth/apple/callback", (c) => c.text("OK"));
-    app.put("/auth/apple/callback", (c) => c.text("OK"));
-    const postRes = await app.request("/auth/apple/callback", { method: "POST" });
-    expect(postRes.status).toBe(200);
-    const putRes = await app.request("/auth/apple/callback", { method: "PUT" });
-    expect(putRes.status).toBe(200);
-  });
-  it("should handle empty tokens safely", async () => {
-    app.use((0, import_csrf.csrf)());
-    app.post("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", {
-      method: "POST",
-      headers: { "X-XSRF-TOKEN": "", Cookie: "XSRF-TOKEN=" }
-    });
-    expect(res.status).toBe(403);
-  });
-  it("should handle missing cookie", async () => {
-    app.use((0, import_csrf.csrf)());
-    app.post("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", {
-      method: "POST",
-      headers: { "X-XSRF-TOKEN": "token" }
-    });
-    expect(res.status).toBe(403);
-  });
-  it("should handle missing header", async () => {
-    app.use((0, import_csrf.csrf)());
-    app.post("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", {
-      method: "POST",
-      headers: { Cookie: "XSRF-TOKEN=token" }
-    });
-    expect(res.status).toBe(403);
-  });
-  it("should use custom error message", async () => {
-    app.use((0, import_csrf.csrf)({ errorMessage: "Custom CSRF error" }));
-    app.post("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", { method: "POST" });
-    expect(res.status).toBe(403);
-    const body = await res.json();
-    expect(body.error.message).toBe("Custom CSRF error");
-  });
-  it("should work with custom safe methods", async () => {
-    app.use((0, import_csrf.csrf)({ safeMethods: ["GET"] }));
-    app.all("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", { method: "HEAD" });
-    expect(res.status).toBe(403);
-  });
-  it("should handle complex ignore patterns", async () => {
-    app.use(
-      (0, import_csrf.csrf)({
-        ignores: [
-          { path: "/api/v1/*", methods: ["GET", "POST"] },
-          { path: "/api/v2/*", methods: ["POST"] },
-          { path: "/public/*" }
-          // All methods
-        ]
-      })
-    );
-    app.get("/api/v1/users", (c) => c.text("OK"));
-    app.post("/api/v1/users", (c) => c.text("OK"));
-    app.put("/api/v1/users", (c) => c.text("OK"));
-    app.post("/api/v2/users", (c) => c.text("OK"));
-    app.get("/api/v2/users", (c) => c.text("OK"));
-    app.post("/public/data", (c) => c.text("OK"));
-    let res = await app.request("/api/v1/users", { method: "GET" });
-    expect(res.status).toBe(200);
-    res = await app.request("/api/v1/users", { method: "POST" });
-    expect(res.status).toBe(200);
-    res = await app.request("/api/v1/users", { method: "PUT" });
-    expect(res.status).toBe(403);
-    res = await app.request("/api/v2/users", { method: "POST" });
-    expect(res.status).toBe(200);
-    res = await app.request("/api/v2/users", { method: "GET" });
-    expect(res.status).toBe(200);
-    res = await app.request("/public/data", { method: "POST" });
-    expect(res.status).toBe(200);
-  });
-});
-//# sourceMappingURL=csrf.test.cjs.map

package/dist/hono/__tests__/csrf.test.cjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/hono/__tests__/csrf.test.ts"],"sourcesContent":["import { Hono } from 'hono';\nimport { csrf } from '../csrf';\nimport { errorHandler, type Env } from '../handler';\n\ndescribe('CSRF Protection', () => {\n  let app: Hono<Env>;\n\n  beforeEach(() => {\n    app = new Hono();\n    app.onError(errorHandler);\n  });\n\n  it('should allow GET requests without CSRF token', async () => {\n    app.use(csrf());\n    app.get('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test');\n    expect(res.status).toBe(200);\n    expect(await res.text()).toBe('OK');\n  });\n\n  it('should allow HEAD requests without CSRF token', async () => {\n    app.use(csrf());\n    app.all('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', { method: 'HEAD' });\n    expect(res.status).toBe(200);\n  });\n\n  it('should allow OPTIONS requests without CSRF token', async () => {\n    app.use(csrf());\n    app.options('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', { method: 'OPTIONS' });\n    expect(res.status).toBe(200);\n  });\n\n  it('should reject POST requests without CSRF token', async () => {\n    app.use(csrf());\n    app.post('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', { method: 'POST' });\n    expect(res.status).toBe(403);\n  });\n\n  it('should reject POST requests with mismatched tokens', async () => {\n    app.use(csrf());\n    app.post('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', {\n      method: 'POST',\n      headers: { 'X-XSRF-TOKEN': 'header-token', Cookie: 'XSRF-TOKEN=cookie-token' },\n    });\n    expect(res.status).toBe(403);\n  });\n\n  it('should allow POST requests with matching tokens', async () => {\n    app.use(csrf());\n    app.post('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', {\n      method: 'POST',\n      headers: {\n        'X-XSRF-TOKEN': 'matching-token',\n        Cookie: 'XSRF-TOKEN=matching-token',\n      },\n    });\n    expect(res.status).toBe(200);\n    expect(await res.text()).toBe('OK');\n  });\n\n  it('should use custom cookie and header names', async () => {\n    app.use(csrf({ cookieName: 'csrf-token', headerName: 'X-CSRF-Token' }));\n    app.post('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', {\n      method: 'POST',\n      headers: {\n        'X-CSRF-Token': 'test-token',\n        Cookie: 'csrf-token=test-token',\n      },\n    });\n    expect(res.status).toBe(200);\n  });\n\n  it('should ignore specified paths', async () => {\n    app.use(csrf({ ignores: [{ path: '/webhook/*', methods: ['POST'] }] }));\n    app.post('/webhook/stripe', (c) => c.text('OK'));\n    app.post('/api/data', (c) => c.text('OK'));\n\n    // Ignored path should work without CSRF token\n    const webhookRes = await app.request('/webhook/stripe', { method: 'POST' });\n    expect(webhookRes.status).toBe(200);\n\n    // Non-ignored path should require CSRF token\n    const apiRes = await app.request('/api/data', { method: 'POST' });\n    expect(apiRes.status).toBe(403);\n  });\n\n  it('should ignore all methods for a path when methods not specified', async () => {\n    app.use(csrf({ ignores: [{ path: '/auth/apple/callback' }] }));\n    app.post('/auth/apple/callback', (c) => c.text('OK'));\n    app.put('/auth/apple/callback', (c) => c.text('OK'));\n\n    const postRes = await app.request('/auth/apple/callback', { method: 'POST' });\n    expect(postRes.status).toBe(200);\n\n    const putRes = await app.request('/auth/apple/callback', { method: 'PUT' });\n    expect(putRes.status).toBe(200);\n  });\n\n  it('should handle empty tokens safely', async () => {\n    app.use(csrf());\n    app.post('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', {\n      method: 'POST',\n      headers: { 'X-XSRF-TOKEN': '', Cookie: 'XSRF-TOKEN=' },\n    });\n    expect(res.status).toBe(403);\n  });\n\n  it('should handle missing cookie', async () => {\n    app.use(csrf());\n    app.post('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', {\n      method: 'POST',\n      headers: { 'X-XSRF-TOKEN': 'token' },\n    });\n    expect(res.status).toBe(403);\n  });\n\n  it('should handle missing header', async () => {\n    app.use(csrf());\n    app.post('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', {\n      method: 'POST',\n      headers: { Cookie: 'XSRF-TOKEN=token' },\n    });\n    expect(res.status).toBe(403);\n  });\n\n  it('should use custom error message', async () => {\n    app.use(csrf({ errorMessage: 'Custom CSRF error' }));\n    app.post('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', { method: 'POST' });\n    expect(res.status).toBe(403);\n    const body = await res.json();\n    expect(body.error.message).toBe('Custom CSRF error');\n  });\n\n  it('should work with custom safe methods', async () => {\n    app.use(csrf({ safeMethods: ['GET'] }));\n    app.all('/test', (c) => c.text('OK'));\n\n    // HEAD is no longer safe, should require CSRF token\n    const res = await app.request('/test', { method: 'HEAD' });\n    expect(res.status).toBe(403);\n  });\n\n  it('should handle complex ignore patterns', async () => {\n    app.use(\n      csrf({\n        ignores: [\n          { path: '/api/v1/*', methods: ['GET', 'POST'] },\n          { path: '/api/v2/*', methods: ['POST'] },\n          { path: '/public/*' }, // All methods\n        ],\n      })\n    );\n\n    app.get('/api/v1/users', (c) => c.text('OK'));\n    app.post('/api/v1/users', (c) => c.text('OK'));\n    app.put('/api/v1/users', (c) => c.text('OK'));\n    app.post('/api/v2/users', (c) => c.text('OK'));\n    app.get('/api/v2/users', (c) => c.text('OK'));\n    app.post('/public/data', (c) => c.text('OK'));\n\n    // Ignored GET and POST for /api/v1/*\n    let res = await app.request('/api/v1/users', { method: 'GET' });\n    expect(res.status).toBe(200);\n\n    res = await app.request('/api/v1/users', { method: 'POST' });\n    expect(res.status).toBe(200);\n\n    // PUT not ignored for /api/v1/*\n    res = await app.request('/api/v1/users', { method: 'PUT' });\n    expect(res.status).toBe(403);\n\n    // Only POST ignored for /api/v2/*\n    res = await app.request('/api/v2/users', { method: 'POST' });\n    expect(res.status).toBe(200);\n\n    // GET not ignored for /api/v2/* (but GET is safe by default)\n    res = await app.request('/api/v2/users', { method: 'GET' });\n    expect(res.status).toBe(200);\n\n    // All methods ignored for /public/*\n    res = await app.request('/public/data', { method: 'POST' });\n    expect(res.status).toBe(200);\n  });\n});\n"],"mappings":";;;AAAA,kBAAqB;AACrB,kBAAqB;AACrB,qBAAuC;AAEvC,SAAS,mBAAmB,MAAM;AAChC,MAAI;AAEJ,aAAW,MAAM;AACf,UAAM,IAAI,iBAAK;AACf,QAAI,QAAQ,2BAAY;AAAA,EAC1B,CAAC;AAED,KAAG,gDAAgD,YAAY;AAC7D,QAAI,QAAI,kBAAK,CAAC;AACd,QAAI,IAAI,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAEpC,UAAM,MAAM,MAAM,IAAI,QAAQ,OAAO;AACrC,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAC3B,WAAO,MAAM,IAAI,KAAK,CAAC,EAAE,KAAK,IAAI;AAAA,EACpC,CAAC;AAED,KAAG,iDAAiD,YAAY;AAC9D,QAAI,QAAI,kBAAK,CAAC;AACd,QAAI,IAAI,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAEpC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS,EAAE,QAAQ,OAAO,CAAC;AACzD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,oDAAoD,YAAY;AACjE,QAAI,QAAI,kBAAK,CAAC;AACd,QAAI,QAAQ,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAExC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS,EAAE,QAAQ,UAAU,CAAC;AAC5D,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,kDAAkD,YAAY;AAC/D,QAAI,QAAI,kBAAK,CAAC;AACd,QAAI,KAAK,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAErC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS,EAAE,QAAQ,OAAO,CAAC;AACzD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,sDAAsD,YAAY;AACnE,QAAI,QAAI,kBAAK,CAAC;AACd,QAAI,KAAK,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAErC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,gBAAgB,QAAQ,0BAA0B;AAAA,IAC/E,CAAC;AACD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,mDAAmD,YAAY;AAChE,QAAI,QAAI,kBAAK,CAAC;AACd,QAAI,KAAK,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAErC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,QAAQ;AAAA,MACV;AAAA,IACF,CAAC;AACD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAC3B,WAAO,MAAM,IAAI,KAAK,CAAC,EAAE,KAAK,IAAI;AAAA,EACpC,CAAC;AAED,KAAG,6CAA6C,YAAY;AAC1D,QAAI,QAAI,kBAAK,EAAE,YAAY,cAAc,YAAY,eAAe,CAAC,CAAC;AACtE,QAAI,KAAK,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAErC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,QAAQ;AAAA,MACV;AAAA,IACF,CAAC;AACD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,iCAAiC,YAAY;AAC9C,QAAI,QAAI,kBAAK,EAAE,SAAS,CAAC,EAAE,MAAM,cAAc,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;AACtE,QAAI,KAAK,mBAAmB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAC/C,QAAI,KAAK,aAAa,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAGzC,UAAM,aAAa,MAAM,IAAI,QAAQ,mBAAmB,EAAE,QAAQ,OAAO,CAAC;AAC1E,WAAO,WAAW,MAAM,EAAE,KAAK,GAAG;AAGlC,UAAM,SAAS,MAAM,IAAI,QAAQ,aAAa,EAAE,QAAQ,OAAO,CAAC;AAChE,WAAO,OAAO,MAAM,EAAE,KAAK,GAAG;AAAA,EAChC,CAAC;AAED,KAAG,mEAAmE,YAAY;AAChF,QAAI,QAAI,kBAAK,EAAE,SAAS,CAAC,EAAE,MAAM,uBAAuB,CAAC,EAAE,CAAC,CAAC;AAC7D,QAAI,KAAK,wBAAwB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AACpD,QAAI,IAAI,wBAAwB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAEnD,UAAM,UAAU,MAAM,IAAI,QAAQ,wBAAwB,EAAE,QAAQ,OAAO,CAAC;AAC5E,WAAO,QAAQ,MAAM,EAAE,KAAK,GAAG;AAE/B,UAAM,SAAS,MAAM,IAAI,QAAQ,wBAAwB,EAAE,QAAQ,MAAM,CAAC;AAC1E,WAAO,OAAO,MAAM,EAAE,KAAK,GAAG;AAAA,EAChC,CAAC;AAED,KAAG,qCAAqC,YAAY;AAClD,QAAI,QAAI,kBAAK,CAAC;AACd,QAAI,KAAK,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAErC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,IAAI,QAAQ,cAAc;AAAA,IACvD,CAAC;AACD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,gCAAgC,YAAY;AAC7C,QAAI,QAAI,kBAAK,CAAC;AACd,QAAI,KAAK,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAErC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,QAAQ;AAAA,IACrC,CAAC;AACD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,gCAAgC,YAAY;AAC7C,QAAI,QAAI,kBAAK,CAAC;AACd,QAAI,KAAK,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAErC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS,EAAE,QAAQ,mBAAmB;AAAA,IACxC,CAAC;AACD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,mCAAmC,YAAY;AAChD,QAAI,QAAI,kBAAK,EAAE,cAAc,oBAAoB,CAAC,CAAC;AACnD,QAAI,KAAK,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAErC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS,EAAE,QAAQ,OAAO,CAAC;AACzD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAC3B,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,WAAO,KAAK,MAAM,OAAO,EAAE,KAAK,mBAAmB;AAAA,EACrD,CAAC;AAED,KAAG,wCAAwC,YAAY;AACrD,QAAI,QAAI,kBAAK,EAAE,aAAa,CAAC,KAAK,EAAE,CAAC,CAAC;AACtC,QAAI,IAAI,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAGpC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS,EAAE,QAAQ,OAAO,CAAC;AACzD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,yCAAyC,YAAY;AACtD,QAAI;AAAA,UACF,kBAAK;AAAA,QACH,SAAS;AAAA,UACP,EAAE,MAAM,aAAa,SAAS,CAAC,OAAO,MAAM,EAAE;AAAA,UAC9C,EAAE,MAAM,aAAa,SAAS,CAAC,MAAM,EAAE;AAAA,UACvC,EAAE,MAAM,YAAY;AAAA;AAAA,QACtB;AAAA,MACF,CAAC;AAAA,IACH;AAEA,QAAI,IAAI,iBAAiB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAC5C,QAAI,KAAK,iBAAiB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAC7C,QAAI,IAAI,iBAAiB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAC5C,QAAI,KAAK,iBAAiB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAC7C,QAAI,IAAI,iBAAiB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAC5C,QAAI,KAAK,gBAAgB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAG5C,QAAI,MAAM,MAAM,IAAI,QAAQ,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAC9D,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAE3B,UAAM,MAAM,IAAI,QAAQ,iBAAiB,EAAE,QAAQ,OAAO,CAAC;AAC3D,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAG3B,UAAM,MAAM,IAAI,QAAQ,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAC1D,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAG3B,UAAM,MAAM,IAAI,QAAQ,iBAAiB,EAAE,QAAQ,OAAO,CAAC;AAC3D,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAG3B,UAAM,MAAM,IAAI,QAAQ,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAC1D,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAG3B,UAAM,MAAM,IAAI,QAAQ,gBAAgB,EAAE,QAAQ,OAAO,CAAC;AAC1D,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AACH,CAAC;","names":[]}

package/dist/hono/__tests__/csrf.test.d.cts

@@ -1,2 +0,0 @@
-
-export {  }

package/dist/hono/__tests__/csrf.test.d.ts

@@ -1,2 +0,0 @@
-
-export {  }

package/dist/hono/__tests__/csrf.test.mjs

@@ -1,160 +0,0 @@
-// src/hono/__tests__/csrf.test.ts
-import { Hono } from "hono";
-import { csrf } from "../csrf.mjs";
-import { errorHandler } from "../handler.mjs";
-describe("CSRF Protection", () => {
-  let app;
-  beforeEach(() => {
-    app = new Hono();
-    app.onError(errorHandler);
-  });
-  it("should allow GET requests without CSRF token", async () => {
-    app.use(csrf());
-    app.get("/test", (c) => c.text("OK"));
-    const res = await app.request("/test");
-    expect(res.status).toBe(200);
-    expect(await res.text()).toBe("OK");
-  });
-  it("should allow HEAD requests without CSRF token", async () => {
-    app.use(csrf());
-    app.all("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", { method: "HEAD" });
-    expect(res.status).toBe(200);
-  });
-  it("should allow OPTIONS requests without CSRF token", async () => {
-    app.use(csrf());
-    app.options("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", { method: "OPTIONS" });
-    expect(res.status).toBe(200);
-  });
-  it("should reject POST requests without CSRF token", async () => {
-    app.use(csrf());
-    app.post("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", { method: "POST" });
-    expect(res.status).toBe(403);
-  });
-  it("should reject POST requests with mismatched tokens", async () => {
-    app.use(csrf());
-    app.post("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", {
-      method: "POST",
-      headers: { "X-XSRF-TOKEN": "header-token", Cookie: "XSRF-TOKEN=cookie-token" }
-    });
-    expect(res.status).toBe(403);
-  });
-  it("should allow POST requests with matching tokens", async () => {
-    app.use(csrf());
-    app.post("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", {
-      method: "POST",
-      headers: {
-        "X-XSRF-TOKEN": "matching-token",
-        Cookie: "XSRF-TOKEN=matching-token"
-      }
-    });
-    expect(res.status).toBe(200);
-    expect(await res.text()).toBe("OK");
-  });
-  it("should use custom cookie and header names", async () => {
-    app.use(csrf({ cookieName: "csrf-token", headerName: "X-CSRF-Token" }));
-    app.post("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", {
-      method: "POST",
-      headers: {
-        "X-CSRF-Token": "test-token",
-        Cookie: "csrf-token=test-token"
-      }
-    });
-    expect(res.status).toBe(200);
-  });
-  it("should ignore specified paths", async () => {
-    app.use(csrf({ ignores: [{ path: "/webhook/*", methods: ["POST"] }] }));
-    app.post("/webhook/stripe", (c) => c.text("OK"));
-    app.post("/api/data", (c) => c.text("OK"));
-    const webhookRes = await app.request("/webhook/stripe", { method: "POST" });
-    expect(webhookRes.status).toBe(200);
-    const apiRes = await app.request("/api/data", { method: "POST" });
-    expect(apiRes.status).toBe(403);
-  });
-  it("should ignore all methods for a path when methods not specified", async () => {
-    app.use(csrf({ ignores: [{ path: "/auth/apple/callback" }] }));
-    app.post("/auth/apple/callback", (c) => c.text("OK"));
-    app.put("/auth/apple/callback", (c) => c.text("OK"));
-    const postRes = await app.request("/auth/apple/callback", { method: "POST" });
-    expect(postRes.status).toBe(200);
-    const putRes = await app.request("/auth/apple/callback", { method: "PUT" });
-    expect(putRes.status).toBe(200);
-  });
-  it("should handle empty tokens safely", async () => {
-    app.use(csrf());
-    app.post("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", {
-      method: "POST",
-      headers: { "X-XSRF-TOKEN": "", Cookie: "XSRF-TOKEN=" }
-    });
-    expect(res.status).toBe(403);
-  });
-  it("should handle missing cookie", async () => {
-    app.use(csrf());
-    app.post("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", {
-      method: "POST",
-      headers: { "X-XSRF-TOKEN": "token" }
-    });
-    expect(res.status).toBe(403);
-  });
-  it("should handle missing header", async () => {
-    app.use(csrf());
-    app.post("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", {
-      method: "POST",
-      headers: { Cookie: "XSRF-TOKEN=token" }
-    });
-    expect(res.status).toBe(403);
-  });
-  it("should use custom error message", async () => {
-    app.use(csrf({ errorMessage: "Custom CSRF error" }));
-    app.post("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", { method: "POST" });
-    expect(res.status).toBe(403);
-    const body = await res.json();
-    expect(body.error.message).toBe("Custom CSRF error");
-  });
-  it("should work with custom safe methods", async () => {
-    app.use(csrf({ safeMethods: ["GET"] }));
-    app.all("/test", (c) => c.text("OK"));
-    const res = await app.request("/test", { method: "HEAD" });
-    expect(res.status).toBe(403);
-  });
-  it("should handle complex ignore patterns", async () => {
-    app.use(
-      csrf({
-        ignores: [
-          { path: "/api/v1/*", methods: ["GET", "POST"] },
-          { path: "/api/v2/*", methods: ["POST"] },
-          { path: "/public/*" }
-          // All methods
-        ]
-      })
-    );
-    app.get("/api/v1/users", (c) => c.text("OK"));
-    app.post("/api/v1/users", (c) => c.text("OK"));
-    app.put("/api/v1/users", (c) => c.text("OK"));
-    app.post("/api/v2/users", (c) => c.text("OK"));
-    app.get("/api/v2/users", (c) => c.text("OK"));
-    app.post("/public/data", (c) => c.text("OK"));
-    let res = await app.request("/api/v1/users", { method: "GET" });
-    expect(res.status).toBe(200);
-    res = await app.request("/api/v1/users", { method: "POST" });
-    expect(res.status).toBe(200);
-    res = await app.request("/api/v1/users", { method: "PUT" });
-    expect(res.status).toBe(403);
-    res = await app.request("/api/v2/users", { method: "POST" });
-    expect(res.status).toBe(200);
-    res = await app.request("/api/v2/users", { method: "GET" });
-    expect(res.status).toBe(200);
-    res = await app.request("/public/data", { method: "POST" });
-    expect(res.status).toBe(200);
-  });
-});
-//# sourceMappingURL=csrf.test.mjs.map

package/dist/hono/__tests__/csrf.test.mjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/hono/__tests__/csrf.test.ts"],"sourcesContent":["import { Hono } from 'hono';\nimport { csrf } from '../csrf';\nimport { errorHandler, type Env } from '../handler';\n\ndescribe('CSRF Protection', () => {\n  let app: Hono<Env>;\n\n  beforeEach(() => {\n    app = new Hono();\n    app.onError(errorHandler);\n  });\n\n  it('should allow GET requests without CSRF token', async () => {\n    app.use(csrf());\n    app.get('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test');\n    expect(res.status).toBe(200);\n    expect(await res.text()).toBe('OK');\n  });\n\n  it('should allow HEAD requests without CSRF token', async () => {\n    app.use(csrf());\n    app.all('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', { method: 'HEAD' });\n    expect(res.status).toBe(200);\n  });\n\n  it('should allow OPTIONS requests without CSRF token', async () => {\n    app.use(csrf());\n    app.options('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', { method: 'OPTIONS' });\n    expect(res.status).toBe(200);\n  });\n\n  it('should reject POST requests without CSRF token', async () => {\n    app.use(csrf());\n    app.post('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', { method: 'POST' });\n    expect(res.status).toBe(403);\n  });\n\n  it('should reject POST requests with mismatched tokens', async () => {\n    app.use(csrf());\n    app.post('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', {\n      method: 'POST',\n      headers: { 'X-XSRF-TOKEN': 'header-token', Cookie: 'XSRF-TOKEN=cookie-token' },\n    });\n    expect(res.status).toBe(403);\n  });\n\n  it('should allow POST requests with matching tokens', async () => {\n    app.use(csrf());\n    app.post('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', {\n      method: 'POST',\n      headers: {\n        'X-XSRF-TOKEN': 'matching-token',\n        Cookie: 'XSRF-TOKEN=matching-token',\n      },\n    });\n    expect(res.status).toBe(200);\n    expect(await res.text()).toBe('OK');\n  });\n\n  it('should use custom cookie and header names', async () => {\n    app.use(csrf({ cookieName: 'csrf-token', headerName: 'X-CSRF-Token' }));\n    app.post('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', {\n      method: 'POST',\n      headers: {\n        'X-CSRF-Token': 'test-token',\n        Cookie: 'csrf-token=test-token',\n      },\n    });\n    expect(res.status).toBe(200);\n  });\n\n  it('should ignore specified paths', async () => {\n    app.use(csrf({ ignores: [{ path: '/webhook/*', methods: ['POST'] }] }));\n    app.post('/webhook/stripe', (c) => c.text('OK'));\n    app.post('/api/data', (c) => c.text('OK'));\n\n    // Ignored path should work without CSRF token\n    const webhookRes = await app.request('/webhook/stripe', { method: 'POST' });\n    expect(webhookRes.status).toBe(200);\n\n    // Non-ignored path should require CSRF token\n    const apiRes = await app.request('/api/data', { method: 'POST' });\n    expect(apiRes.status).toBe(403);\n  });\n\n  it('should ignore all methods for a path when methods not specified', async () => {\n    app.use(csrf({ ignores: [{ path: '/auth/apple/callback' }] }));\n    app.post('/auth/apple/callback', (c) => c.text('OK'));\n    app.put('/auth/apple/callback', (c) => c.text('OK'));\n\n    const postRes = await app.request('/auth/apple/callback', { method: 'POST' });\n    expect(postRes.status).toBe(200);\n\n    const putRes = await app.request('/auth/apple/callback', { method: 'PUT' });\n    expect(putRes.status).toBe(200);\n  });\n\n  it('should handle empty tokens safely', async () => {\n    app.use(csrf());\n    app.post('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', {\n      method: 'POST',\n      headers: { 'X-XSRF-TOKEN': '', Cookie: 'XSRF-TOKEN=' },\n    });\n    expect(res.status).toBe(403);\n  });\n\n  it('should handle missing cookie', async () => {\n    app.use(csrf());\n    app.post('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', {\n      method: 'POST',\n      headers: { 'X-XSRF-TOKEN': 'token' },\n    });\n    expect(res.status).toBe(403);\n  });\n\n  it('should handle missing header', async () => {\n    app.use(csrf());\n    app.post('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', {\n      method: 'POST',\n      headers: { Cookie: 'XSRF-TOKEN=token' },\n    });\n    expect(res.status).toBe(403);\n  });\n\n  it('should use custom error message', async () => {\n    app.use(csrf({ errorMessage: 'Custom CSRF error' }));\n    app.post('/test', (c) => c.text('OK'));\n\n    const res = await app.request('/test', { method: 'POST' });\n    expect(res.status).toBe(403);\n    const body = await res.json();\n    expect(body.error.message).toBe('Custom CSRF error');\n  });\n\n  it('should work with custom safe methods', async () => {\n    app.use(csrf({ safeMethods: ['GET'] }));\n    app.all('/test', (c) => c.text('OK'));\n\n    // HEAD is no longer safe, should require CSRF token\n    const res = await app.request('/test', { method: 'HEAD' });\n    expect(res.status).toBe(403);\n  });\n\n  it('should handle complex ignore patterns', async () => {\n    app.use(\n      csrf({\n        ignores: [\n          { path: '/api/v1/*', methods: ['GET', 'POST'] },\n          { path: '/api/v2/*', methods: ['POST'] },\n          { path: '/public/*' }, // All methods\n        ],\n      })\n    );\n\n    app.get('/api/v1/users', (c) => c.text('OK'));\n    app.post('/api/v1/users', (c) => c.text('OK'));\n    app.put('/api/v1/users', (c) => c.text('OK'));\n    app.post('/api/v2/users', (c) => c.text('OK'));\n    app.get('/api/v2/users', (c) => c.text('OK'));\n    app.post('/public/data', (c) => c.text('OK'));\n\n    // Ignored GET and POST for /api/v1/*\n    let res = await app.request('/api/v1/users', { method: 'GET' });\n    expect(res.status).toBe(200);\n\n    res = await app.request('/api/v1/users', { method: 'POST' });\n    expect(res.status).toBe(200);\n\n    // PUT not ignored for /api/v1/*\n    res = await app.request('/api/v1/users', { method: 'PUT' });\n    expect(res.status).toBe(403);\n\n    // Only POST ignored for /api/v2/*\n    res = await app.request('/api/v2/users', { method: 'POST' });\n    expect(res.status).toBe(200);\n\n    // GET not ignored for /api/v2/* (but GET is safe by default)\n    res = await app.request('/api/v2/users', { method: 'GET' });\n    expect(res.status).toBe(200);\n\n    // All methods ignored for /public/*\n    res = await app.request('/public/data', { method: 'POST' });\n    expect(res.status).toBe(200);\n  });\n});\n"],"mappings":";AAAA,SAAS,YAAY;AACrB,SAAS,YAAY;AACrB,SAAS,oBAA8B;AAEvC,SAAS,mBAAmB,MAAM;AAChC,MAAI;AAEJ,aAAW,MAAM;AACf,UAAM,IAAI,KAAK;AACf,QAAI,QAAQ,YAAY;AAAA,EAC1B,CAAC;AAED,KAAG,gDAAgD,YAAY;AAC7D,QAAI,IAAI,KAAK,CAAC;AACd,QAAI,IAAI,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAEpC,UAAM,MAAM,MAAM,IAAI,QAAQ,OAAO;AACrC,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAC3B,WAAO,MAAM,IAAI,KAAK,CAAC,EAAE,KAAK,IAAI;AAAA,EACpC,CAAC;AAED,KAAG,iDAAiD,YAAY;AAC9D,QAAI,IAAI,KAAK,CAAC;AACd,QAAI,IAAI,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAEpC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS,EAAE,QAAQ,OAAO,CAAC;AACzD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,oDAAoD,YAAY;AACjE,QAAI,IAAI,KAAK,CAAC;AACd,QAAI,QAAQ,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAExC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS,EAAE,QAAQ,UAAU,CAAC;AAC5D,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,kDAAkD,YAAY;AAC/D,QAAI,IAAI,KAAK,CAAC;AACd,QAAI,KAAK,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAErC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS,EAAE,QAAQ,OAAO,CAAC;AACzD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,sDAAsD,YAAY;AACnE,QAAI,IAAI,KAAK,CAAC;AACd,QAAI,KAAK,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAErC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,gBAAgB,QAAQ,0BAA0B;AAAA,IAC/E,CAAC;AACD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,mDAAmD,YAAY;AAChE,QAAI,IAAI,KAAK,CAAC;AACd,QAAI,KAAK,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAErC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,QAAQ;AAAA,MACV;AAAA,IACF,CAAC;AACD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAC3B,WAAO,MAAM,IAAI,KAAK,CAAC,EAAE,KAAK,IAAI;AAAA,EACpC,CAAC;AAED,KAAG,6CAA6C,YAAY;AAC1D,QAAI,IAAI,KAAK,EAAE,YAAY,cAAc,YAAY,eAAe,CAAC,CAAC;AACtE,QAAI,KAAK,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAErC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,QAAQ;AAAA,MACV;AAAA,IACF,CAAC;AACD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,iCAAiC,YAAY;AAC9C,QAAI,IAAI,KAAK,EAAE,SAAS,CAAC,EAAE,MAAM,cAAc,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;AACtE,QAAI,KAAK,mBAAmB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAC/C,QAAI,KAAK,aAAa,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAGzC,UAAM,aAAa,MAAM,IAAI,QAAQ,mBAAmB,EAAE,QAAQ,OAAO,CAAC;AAC1E,WAAO,WAAW,MAAM,EAAE,KAAK,GAAG;AAGlC,UAAM,SAAS,MAAM,IAAI,QAAQ,aAAa,EAAE,QAAQ,OAAO,CAAC;AAChE,WAAO,OAAO,MAAM,EAAE,KAAK,GAAG;AAAA,EAChC,CAAC;AAED,KAAG,mEAAmE,YAAY;AAChF,QAAI,IAAI,KAAK,EAAE,SAAS,CAAC,EAAE,MAAM,uBAAuB,CAAC,EAAE,CAAC,CAAC;AAC7D,QAAI,KAAK,wBAAwB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AACpD,QAAI,IAAI,wBAAwB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAEnD,UAAM,UAAU,MAAM,IAAI,QAAQ,wBAAwB,EAAE,QAAQ,OAAO,CAAC;AAC5E,WAAO,QAAQ,MAAM,EAAE,KAAK,GAAG;AAE/B,UAAM,SAAS,MAAM,IAAI,QAAQ,wBAAwB,EAAE,QAAQ,MAAM,CAAC;AAC1E,WAAO,OAAO,MAAM,EAAE,KAAK,GAAG;AAAA,EAChC,CAAC;AAED,KAAG,qCAAqC,YAAY;AAClD,QAAI,IAAI,KAAK,CAAC;AACd,QAAI,KAAK,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAErC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,IAAI,QAAQ,cAAc;AAAA,IACvD,CAAC;AACD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,gCAAgC,YAAY;AAC7C,QAAI,IAAI,KAAK,CAAC;AACd,QAAI,KAAK,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAErC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,QAAQ;AAAA,IACrC,CAAC;AACD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,gCAAgC,YAAY;AAC7C,QAAI,IAAI,KAAK,CAAC;AACd,QAAI,KAAK,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAErC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS;AAAA,MACrC,QAAQ;AAAA,MACR,SAAS,EAAE,QAAQ,mBAAmB;AAAA,IACxC,CAAC;AACD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,mCAAmC,YAAY;AAChD,QAAI,IAAI,KAAK,EAAE,cAAc,oBAAoB,CAAC,CAAC;AACnD,QAAI,KAAK,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAErC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS,EAAE,QAAQ,OAAO,CAAC;AACzD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAC3B,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,WAAO,KAAK,MAAM,OAAO,EAAE,KAAK,mBAAmB;AAAA,EACrD,CAAC;AAED,KAAG,wCAAwC,YAAY;AACrD,QAAI,IAAI,KAAK,EAAE,aAAa,CAAC,KAAK,EAAE,CAAC,CAAC;AACtC,QAAI,IAAI,SAAS,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAGpC,UAAM,MAAM,MAAM,IAAI,QAAQ,SAAS,EAAE,QAAQ,OAAO,CAAC;AACzD,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AAED,KAAG,yCAAyC,YAAY;AACtD,QAAI;AAAA,MACF,KAAK;AAAA,QACH,SAAS;AAAA,UACP,EAAE,MAAM,aAAa,SAAS,CAAC,OAAO,MAAM,EAAE;AAAA,UAC9C,EAAE,MAAM,aAAa,SAAS,CAAC,MAAM,EAAE;AAAA,UACvC,EAAE,MAAM,YAAY;AAAA;AAAA,QACtB;AAAA,MACF,CAAC;AAAA,IACH;AAEA,QAAI,IAAI,iBAAiB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAC5C,QAAI,KAAK,iBAAiB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAC7C,QAAI,IAAI,iBAAiB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAC5C,QAAI,KAAK,iBAAiB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAC7C,QAAI,IAAI,iBAAiB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAC5C,QAAI,KAAK,gBAAgB,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC;AAG5C,QAAI,MAAM,MAAM,IAAI,QAAQ,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAC9D,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAE3B,UAAM,MAAM,IAAI,QAAQ,iBAAiB,EAAE,QAAQ,OAAO,CAAC;AAC3D,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAG3B,UAAM,MAAM,IAAI,QAAQ,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAC1D,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAG3B,UAAM,MAAM,IAAI,QAAQ,iBAAiB,EAAE,QAAQ,OAAO,CAAC;AAC3D,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAG3B,UAAM,MAAM,IAAI,QAAQ,iBAAiB,EAAE,QAAQ,MAAM,CAAC;AAC1D,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAG3B,UAAM,MAAM,IAAI,QAAQ,gBAAgB,EAAE,QAAQ,OAAO,CAAC;AAC1D,WAAO,IAAI,MAAM,EAAE,KAAK,GAAG;AAAA,EAC7B,CAAC;AACH,CAAC;","names":[]}

package/dist/hono/authorizer.cjs

@@ -1,99 +0,0 @@
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-
-// src/hono/authorizer.ts
-var authorizer_exports = {};
-__export(authorizer_exports, {
-  Authorizer: () => Authorizer,
-  authorizer: () => authorizer
-});
-module.exports = __toCommonJS(authorizer_exports);
-var import_router = require("hono/router");
-var import_reg_exp_router = require("hono/router/reg-exp-router");
-var import_smart_router = require("hono/router/smart-router");
-var import_trie_router = require("hono/router/trie-router");
-var import_status = require("../error/status.cjs");
-var Authorizer = class _Authorizer {
-  router = new import_smart_router.SmartRouter({
-    routers: [new import_reg_exp_router.RegExpRouter(), new import_trie_router.TrieRouter()]
-  });
-  auth;
-  constructor(auth) {
-    this.auth = auth;
-  }
-  static create = (auth) => new _Authorizer(auth);
-  match(path, methods) {
-    if (methods) {
-      for (const method of methods) {
-        this.router.add(method, path, null);
-      }
-    } else {
-      this.router.add(import_router.METHOD_NAME_ALL, path, null);
-    }
-    return this;
-  }
-  build = () => {
-    return async (c, next) => {
-      if (c.req.method === "OPTIONS") {
-        await next();
-        return;
-      }
-      const [matched] = this.router.match(c.req.method, c.req.path);
-      if (matched.length === 0) {
-        await next();
-        return;
-      }
-      const authenticated = await this.auth.isAuthenticated(c.req.raw);
-      if (!authenticated) throw import_status.Status.unauthorized().error();
-      await next();
-    };
-  };
-};
-function authorizer({
-  auth,
-  errorMessage = "Unauthorized, please login to continue.",
-  rules = []
-}) {
-  const router = new import_smart_router.SmartRouter({ routers: [new import_reg_exp_router.RegExpRouter(), new import_trie_router.TrieRouter()] });
-  for (const { path, methods = [import_router.METHOD_NAME_ALL] } of rules) {
-    for (const method of methods) {
-      router.add(method, path, null);
-    }
-  }
-  return async (c, next) => {
-    if (c.req.method === "OPTIONS") {
-      await next();
-      return;
-    }
-    const [matched] = router.match(c.req.method, c.req.path);
-    if (matched.length === 0) {
-      await next();
-      return;
-    }
-    const authenticated = await auth.isAuthenticated(c.req.raw);
-    if (!authenticated) throw import_status.Status.unauthorized(errorMessage).error();
-    await next();
-  };
-}
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  Authorizer,
-  authorizer
-});
-//# sourceMappingURL=authorizer.cjs.map

package/dist/hono/authorizer.cjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/hono/authorizer.ts"],"sourcesContent":["import { METHOD_NAME_ALL } from 'hono/router';\nimport { RegExpRouter } from 'hono/router/reg-exp-router';\nimport { SmartRouter } from 'hono/router/smart-router';\nimport { TrieRouter } from 'hono/router/trie-router';\nimport { Status } from '../error/status';\nimport type { MiddlewareHandler } from 'hono';\n\ntype Methods = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';\n\ntype Auth = { isAuthenticated: (request: Request) => Promise<boolean> };\n\nexport class Authorizer {\n  private readonly router = new SmartRouter<null>({\n    routers: [new RegExpRouter(), new TrieRouter()],\n  });\n\n  private readonly auth: Auth;\n\n  private constructor(auth: Auth) {\n    this.auth = auth;\n  }\n\n  static create = (auth: Auth) => new Authorizer(auth);\n\n  match(path: string, methods?: [Methods, ...Methods[]]) {\n    if (methods) {\n      for (const method of methods) {\n        this.router.add(method, path, null);\n      }\n    } else {\n      this.router.add(METHOD_NAME_ALL, path, null);\n    }\n    return this;\n  }\n\n  build = (): MiddlewareHandler => {\n    return async (c, next) => {\n      if (c.req.method === 'OPTIONS') {\n        await next();\n        return;\n      }\n\n      const [matched] = this.router.match(c.req.method, c.req.path);\n      if (matched.length === 0) {\n        await next();\n        return;\n      }\n\n      const authenticated = await this.auth.isAuthenticated(c.req.raw);\n      if (!authenticated) throw Status.unauthorized().error();\n      await next();\n    };\n  };\n}\n\nexport interface AuthorizerConfig {\n  auth: Auth;\n  errorMessage?: string;\n  rules?: { path: string; methods?: [Methods, ...Methods[]] }[];\n}\n\nexport function authorizer({\n  auth,\n  errorMessage = 'Unauthorized, please login to continue.',\n  rules = [],\n}: AuthorizerConfig): MiddlewareHandler {\n  const router = new SmartRouter<null>({ routers: [new RegExpRouter(), new TrieRouter()] });\n\n  for (const { path, methods = [METHOD_NAME_ALL] } of rules) {\n    for (const method of methods) {\n      router.add(method, path, null);\n    }\n  }\n\n  return async (c, next) => {\n    if (c.req.method === 'OPTIONS') {\n      await next();\n      return;\n    }\n\n    const [matched] = router.match(c.req.method, c.req.path);\n    if (matched.length === 0) {\n      await next();\n      return;\n    }\n\n    const authenticated = await auth.isAuthenticated(c.req.raw);\n    if (!authenticated) throw Status.unauthorized(errorMessage).error();\n    await next();\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAAgC;AAChC,4BAA6B;AAC7B,0BAA4B;AAC5B,yBAA2B;AAC3B,oBAAuB;AAOhB,IAAM,aAAN,MAAM,YAAW;AAAA,EACL,SAAS,IAAI,gCAAkB;AAAA,IAC9C,SAAS,CAAC,IAAI,mCAAa,GAAG,IAAI,8BAAW,CAAC;AAAA,EAChD,CAAC;AAAA,EAEgB;AAAA,EAET,YAAY,MAAY;AAC9B,SAAK,OAAO;AAAA,EACd;AAAA,EAEA,OAAO,SAAS,CAAC,SAAe,IAAI,YAAW,IAAI;AAAA,EAEnD,MAAM,MAAc,SAAmC;AACrD,QAAI,SAAS;AACX,iBAAW,UAAU,SAAS;AAC5B,aAAK,OAAO,IAAI,QAAQ,MAAM,IAAI;AAAA,MACpC;AAAA,IACF,OAAO;AACL,WAAK,OAAO,IAAI,+BAAiB,MAAM,IAAI;AAAA,IAC7C;AACA,WAAO;AAAA,EACT;AAAA,EAEA,QAAQ,MAAyB;AAC/B,WAAO,OAAO,GAAG,SAAS;AACxB,UAAI,EAAE,IAAI,WAAW,WAAW;AAC9B,cAAM,KAAK;AACX;AAAA,MACF;AAEA,YAAM,CAAC,OAAO,IAAI,KAAK,OAAO,MAAM,EAAE,IAAI,QAAQ,EAAE,IAAI,IAAI;AAC5D,UAAI,QAAQ,WAAW,GAAG;AACxB,cAAM,KAAK;AACX;AAAA,MACF;AAEA,YAAM,gBAAgB,MAAM,KAAK,KAAK,gBAAgB,EAAE,IAAI,GAAG;AAC/D,UAAI,CAAC,cAAe,OAAM,qBAAO,aAAa,EAAE,MAAM;AACtD,YAAM,KAAK;AAAA,IACb;AAAA,EACF;AACF;AAQO,SAAS,WAAW;AAAA,EACzB;AAAA,EACA,eAAe;AAAA,EACf,QAAQ,CAAC;AACX,GAAwC;AACtC,QAAM,SAAS,IAAI,gCAAkB,EAAE,SAAS,CAAC,IAAI,mCAAa,GAAG,IAAI,8BAAW,CAAC,EAAE,CAAC;AAExF,aAAW,EAAE,MAAM,UAAU,CAAC,6BAAe,EAAE,KAAK,OAAO;AACzD,eAAW,UAAU,SAAS;AAC5B,aAAO,IAAI,QAAQ,MAAM,IAAI;AAAA,IAC/B;AAAA,EACF;AAEA,SAAO,OAAO,GAAG,SAAS;AACxB,QAAI,EAAE,IAAI,WAAW,WAAW;AAC9B,YAAM,KAAK;AACX;AAAA,IACF;AAEA,UAAM,CAAC,OAAO,IAAI,OAAO,MAAM,EAAE,IAAI,QAAQ,EAAE,IAAI,IAAI;AACvD,QAAI,QAAQ,WAAW,GAAG;AACxB,YAAM,KAAK;AACX;AAAA,IACF;AAEA,UAAM,gBAAgB,MAAM,KAAK,gBAAgB,EAAE,IAAI,GAAG;AAC1D,QAAI,CAAC,cAAe,OAAM,qBAAO,aAAa,YAAY,EAAE,MAAM;AAClE,UAAM,KAAK;AAAA,EACb;AACF;","names":[]}

package/dist/hono/authorizer.d.cts

@@ -1,25 +0,0 @@
-import { MiddlewareHandler } from 'hono';
-
-type Methods = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
-type Auth = {
-    isAuthenticated: (request: Request) => Promise<boolean>;
-};
-declare class Authorizer {
-    private readonly router;
-    private readonly auth;
-    private constructor();
-    static create: (auth: Auth) => Authorizer;
-    match(path: string, methods?: [Methods, ...Methods[]]): this;
-    build: () => MiddlewareHandler;
-}
-interface AuthorizerConfig {
-    auth: Auth;
-    errorMessage?: string;
-    rules?: {
-        path: string;
-        methods?: [Methods, ...Methods[]];
-    }[];
-}
-declare function authorizer({ auth, errorMessage, rules, }: AuthorizerConfig): MiddlewareHandler;
-
-export { Authorizer, type AuthorizerConfig, authorizer };

package/dist/hono/authorizer.d.ts

@@ -1,25 +0,0 @@
-import { MiddlewareHandler } from 'hono';
-
-type Methods = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
-type Auth = {
-    isAuthenticated: (request: Request) => Promise<boolean>;
-};
-declare class Authorizer {
-    private readonly router;
-    private readonly auth;
-    private constructor();
-    static create: (auth: Auth) => Authorizer;
-    match(path: string, methods?: [Methods, ...Methods[]]): this;
-    build: () => MiddlewareHandler;
-}
-interface AuthorizerConfig {
-    auth: Auth;
-    errorMessage?: string;
-    rules?: {
-        path: string;
-        methods?: [Methods, ...Methods[]];
-    }[];
-}
-declare function authorizer({ auth, errorMessage, rules, }: AuthorizerConfig): MiddlewareHandler;
-
-export { Authorizer, type AuthorizerConfig, authorizer };

package/dist/hono/authorizer.mjs

@@ -1,73 +0,0 @@
-// src/hono/authorizer.ts
-import { METHOD_NAME_ALL } from "hono/router";
-import { RegExpRouter } from "hono/router/reg-exp-router";
-import { SmartRouter } from "hono/router/smart-router";
-import { TrieRouter } from "hono/router/trie-router";
-import { Status } from "../error/status.mjs";
-var Authorizer = class _Authorizer {
-  router = new SmartRouter({
-    routers: [new RegExpRouter(), new TrieRouter()]
-  });
-  auth;
-  constructor(auth) {
-    this.auth = auth;
-  }
-  static create = (auth) => new _Authorizer(auth);
-  match(path, methods) {
-    if (methods) {
-      for (const method of methods) {
-        this.router.add(method, path, null);
-      }
-    } else {
-      this.router.add(METHOD_NAME_ALL, path, null);
-    }
-    return this;
-  }
-  build = () => {
-    return async (c, next) => {
-      if (c.req.method === "OPTIONS") {
-        await next();
-        return;
-      }
-      const [matched] = this.router.match(c.req.method, c.req.path);
-      if (matched.length === 0) {
-        await next();
-        return;
-      }
-      const authenticated = await this.auth.isAuthenticated(c.req.raw);
-      if (!authenticated) throw Status.unauthorized().error();
-      await next();
-    };
-  };
-};
-function authorizer({
-  auth,
-  errorMessage = "Unauthorized, please login to continue.",
-  rules = []
-}) {
-  const router = new SmartRouter({ routers: [new RegExpRouter(), new TrieRouter()] });
-  for (const { path, methods = [METHOD_NAME_ALL] } of rules) {
-    for (const method of methods) {
-      router.add(method, path, null);
-    }
-  }
-  return async (c, next) => {
-    if (c.req.method === "OPTIONS") {
-      await next();
-      return;
-    }
-    const [matched] = router.match(c.req.method, c.req.path);
-    if (matched.length === 0) {
-      await next();
-      return;
-    }
-    const authenticated = await auth.isAuthenticated(c.req.raw);
-    if (!authenticated) throw Status.unauthorized(errorMessage).error();
-    await next();
-  };
-}
-export {
-  Authorizer,
-  authorizer
-};
-//# sourceMappingURL=authorizer.mjs.map

package/dist/hono/authorizer.mjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/hono/authorizer.ts"],"sourcesContent":["import { METHOD_NAME_ALL } from 'hono/router';\nimport { RegExpRouter } from 'hono/router/reg-exp-router';\nimport { SmartRouter } from 'hono/router/smart-router';\nimport { TrieRouter } from 'hono/router/trie-router';\nimport { Status } from '../error/status';\nimport type { MiddlewareHandler } from 'hono';\n\ntype Methods = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';\n\ntype Auth = { isAuthenticated: (request: Request) => Promise<boolean> };\n\nexport class Authorizer {\n  private readonly router = new SmartRouter<null>({\n    routers: [new RegExpRouter(), new TrieRouter()],\n  });\n\n  private readonly auth: Auth;\n\n  private constructor(auth: Auth) {\n    this.auth = auth;\n  }\n\n  static create = (auth: Auth) => new Authorizer(auth);\n\n  match(path: string, methods?: [Methods, ...Methods[]]) {\n    if (methods) {\n      for (const method of methods) {\n        this.router.add(method, path, null);\n      }\n    } else {\n      this.router.add(METHOD_NAME_ALL, path, null);\n    }\n    return this;\n  }\n\n  build = (): MiddlewareHandler => {\n    return async (c, next) => {\n      if (c.req.method === 'OPTIONS') {\n        await next();\n        return;\n      }\n\n      const [matched] = this.router.match(c.req.method, c.req.path);\n      if (matched.length === 0) {\n        await next();\n        return;\n      }\n\n      const authenticated = await this.auth.isAuthenticated(c.req.raw);\n      if (!authenticated) throw Status.unauthorized().error();\n      await next();\n    };\n  };\n}\n\nexport interface AuthorizerConfig {\n  auth: Auth;\n  errorMessage?: string;\n  rules?: { path: string; methods?: [Methods, ...Methods[]] }[];\n}\n\nexport function authorizer({\n  auth,\n  errorMessage = 'Unauthorized, please login to continue.',\n  rules = [],\n}: AuthorizerConfig): MiddlewareHandler {\n  const router = new SmartRouter<null>({ routers: [new RegExpRouter(), new TrieRouter()] });\n\n  for (const { path, methods = [METHOD_NAME_ALL] } of rules) {\n    for (const method of methods) {\n      router.add(method, path, null);\n    }\n  }\n\n  return async (c, next) => {\n    if (c.req.method === 'OPTIONS') {\n      await next();\n      return;\n    }\n\n    const [matched] = router.match(c.req.method, c.req.path);\n    if (matched.length === 0) {\n      await next();\n      return;\n    }\n\n    const authenticated = await auth.isAuthenticated(c.req.raw);\n    if (!authenticated) throw Status.unauthorized(errorMessage).error();\n    await next();\n  };\n}\n"],"mappings":";AAAA,SAAS,uBAAuB;AAChC,SAAS,oBAAoB;AAC7B,SAAS,mBAAmB;AAC5B,SAAS,kBAAkB;AAC3B,SAAS,cAAc;AAOhB,IAAM,aAAN,MAAM,YAAW;AAAA,EACL,SAAS,IAAI,YAAkB;AAAA,IAC9C,SAAS,CAAC,IAAI,aAAa,GAAG,IAAI,WAAW,CAAC;AAAA,EAChD,CAAC;AAAA,EAEgB;AAAA,EAET,YAAY,MAAY;AAC9B,SAAK,OAAO;AAAA,EACd;AAAA,EAEA,OAAO,SAAS,CAAC,SAAe,IAAI,YAAW,IAAI;AAAA,EAEnD,MAAM,MAAc,SAAmC;AACrD,QAAI,SAAS;AACX,iBAAW,UAAU,SAAS;AAC5B,aAAK,OAAO,IAAI,QAAQ,MAAM,IAAI;AAAA,MACpC;AAAA,IACF,OAAO;AACL,WAAK,OAAO,IAAI,iBAAiB,MAAM,IAAI;AAAA,IAC7C;AACA,WAAO;AAAA,EACT;AAAA,EAEA,QAAQ,MAAyB;AAC/B,WAAO,OAAO,GAAG,SAAS;AACxB,UAAI,EAAE,IAAI,WAAW,WAAW;AAC9B,cAAM,KAAK;AACX;AAAA,MACF;AAEA,YAAM,CAAC,OAAO,IAAI,KAAK,OAAO,MAAM,EAAE,IAAI,QAAQ,EAAE,IAAI,IAAI;AAC5D,UAAI,QAAQ,WAAW,GAAG;AACxB,cAAM,KAAK;AACX;AAAA,MACF;AAEA,YAAM,gBAAgB,MAAM,KAAK,KAAK,gBAAgB,EAAE,IAAI,GAAG;AAC/D,UAAI,CAAC,cAAe,OAAM,OAAO,aAAa,EAAE,MAAM;AACtD,YAAM,KAAK;AAAA,IACb;AAAA,EACF;AACF;AAQO,SAAS,WAAW;AAAA,EACzB;AAAA,EACA,eAAe;AAAA,EACf,QAAQ,CAAC;AACX,GAAwC;AACtC,QAAM,SAAS,IAAI,YAAkB,EAAE,SAAS,CAAC,IAAI,aAAa,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC;AAExF,aAAW,EAAE,MAAM,UAAU,CAAC,eAAe,EAAE,KAAK,OAAO;AACzD,eAAW,UAAU,SAAS;AAC5B,aAAO,IAAI,QAAQ,MAAM,IAAI;AAAA,IAC/B;AAAA,EACF;AAEA,SAAO,OAAO,GAAG,SAAS;AACxB,QAAI,EAAE,IAAI,WAAW,WAAW;AAC9B,YAAM,KAAK;AACX;AAAA,IACF;AAEA,UAAM,CAAC,OAAO,IAAI,OAAO,MAAM,EAAE,IAAI,QAAQ,EAAE,IAAI,IAAI;AACvD,QAAI,QAAQ,WAAW,GAAG;AACxB,YAAM,KAAK;AACX;AAAA,IACF;AAEA,UAAM,gBAAgB,MAAM,KAAK,gBAAgB,EAAE,IAAI,GAAG;AAC1D,QAAI,CAAC,cAAe,OAAM,OAAO,aAAa,YAAY,EAAE,MAAM;AAClE,UAAM,KAAK;AAAA,EACb;AACF;","names":[]}