@sourceregistry/node-webserver 1.2.0 → 1.2.2

package/dist/index.es.js

@@ -1,134 +1,23 @@
-import { createReadStream as I } from "node:fs";
-import { stat as L, realpath as O, lstat as D } from "node:fs/promises";
-import { sep as $, resolve as v, relative as U, isAbsolute as F, extname as z } from "node:path";
-import { Readable as B } from "node:stream";
-import { createServer as q } from "http";
-import { createServer as X } from "https";
-import { TLSSocket as G } from "tls";
-import { Readable as J, Transform as V, Writable as K } from "stream";
-import { WebSocketServer as Y, WebSocket as E } from "ws";
-import { parse as T, serialize as Q } from "cookie";
-const Z = {
-  ".avif": "image/avif",
-  ".css": "text/css; charset=utf-8",
-  ".gif": "image/gif",
-  ".html": "text/html; charset=utf-8",
-  ".ico": "image/x-icon",
-  ".jpg": "image/jpeg",
-  ".jpeg": "image/jpeg",
-  ".js": "text/javascript; charset=utf-8",
-  ".json": "application/json; charset=utf-8",
-  ".mjs": "text/javascript; charset=utf-8",
-  ".pdf": "application/pdf",
-  ".png": "image/png",
-  ".svg": "image/svg+xml; charset=utf-8",
-  ".txt": "text/plain; charset=utf-8",
-  ".wasm": "application/wasm",
-  ".webp": "image/webp",
-  ".xml": "application/xml; charset=utf-8"
-}, ee = {
-  index: "index.html",
-  cacheControl: "public, max-age=0",
-  dotFiles: "ignore"
-};
-async function te(a, e, t = {}) {
-  const s = ae(e), r = {
-    ...ee,
-    ...t
-  }, n = await se(a), o = re(s, r.dotFiles);
-  if (o instanceof Response)
-    return o;
-  const i = o.length > 0 ? o.join($) : "", u = v(n, i);
-  if (!_(n, u))
-    return new Response("Forbidden", { status: 403 });
-  const c = await ne(u, n, r.index);
-  if (c instanceof Response)
-    return c;
-  const l = await L(c), d = new Headers({
-    "content-length": String(l.size),
-    "content-type": oe(c),
-    "cache-control": r.cacheControl,
-    "last-modified": l.mtime.toUTCString(),
-    "x-content-type-options": "nosniff"
-  });
-  if (t.headers) {
-    const h = typeof t.headers == "function" ? t.headers(c, l) : t.headers;
-    new Headers(h).forEach((f, y) => {
-      d.set(y, f);
-    });
-  }
-  return new Response(B.toWeb(I(c)), {
-    status: 200,
-    headers: d
-  });
+import { createServer as $ } from "http";
+import { createServer as I } from "https";
+import { TLSSocket as D } from "tls";
+import { Readable as U, Transform as F, Writable as z } from "stream";
+import { WebSocketServer as q, WebSocket as P } from "ws";
+import { parse as T, serialize as B } from "cookie";
+import { createReadStream as X } from "node:fs";
+import { stat as L, realpath as O, lstat as J } from "node:fs/promises";
+import { sep as G, resolve as v, relative as V, isAbsolute as K, extname as Y } from "node:path";
+import { Readable as Q } from "node:stream";
+function _(o) {
+  return x(o) && o.status >= 400 && o.status < 600;
 }
-async function se(a) {
-  return O(a);
+function N(o) {
+  return x(o) && o.status >= 300 && o.status < 400;
 }
-function re(a, e) {
-  if (a.includes("\0"))
-    return new Response("Bad Request", { status: 400 });
-  const t = a.replace(/\\/g, "/").split("/").filter(Boolean), s = [];
-  for (const r of t) {
-    let n;
-    try {
-      n = decodeURIComponent(r);
-    } catch {
-      return new Response("Bad Request", { status: 400 });
-    }
-    if (!(!n || n === ".")) {
-      if (n === ".." || n.includes("/") || n.includes("\\") || n.includes("\0"))
-        return new Response("Forbidden", { status: 403 });
-      if (n.startsWith(".")) {
-        if (e === "deny")
-          return new Response("Forbidden", { status: 403 });
-        if (e !== "allow")
-          return new Response("Not Found", { status: 404 });
-      }
-      s.push(n);
-    }
-  }
-  return s;
+function x(o) {
+  return o instanceof Response;
 }
-async function ne(a, e, t) {
-  try {
-    if ((await D(a)).isDirectory()) {
-      const r = v(a, t);
-      return C(r, e);
-    }
-    return C(a, e);
-  } catch {
-    return new Response("Not Found", { status: 404 });
-  }
-}
-async function C(a, e) {
-  try {
-    const t = await O(a);
-    return _(e, t) ? (await L(t)).isFile() ? t : new Response("Not Found", { status: 404 }) : new Response("Forbidden", { status: 403 });
-  } catch {
-    return new Response("Not Found", { status: 404 });
-  }
-}
-function _(a, e) {
-  const t = U(a, e);
-  return t === "" || !t.startsWith("..") && !F(t);
-}
-function oe(a) {
-  return Z[z(a).toLowerCase()] ?? "application/octet-stream";
-}
-function ae(a) {
-  return typeof a.params.path == "string" ? a.params.path : a.url.pathname.replace(/^\/+/, "");
-}
-function N(a) {
-  return x(a) && a.status >= 400 && a.status < 600;
-}
-function j(a) {
-  return x(a) && a.status >= 300 && a.status < 400;
-}
-function x(a) {
-  return a instanceof Response;
-}
-class ie {
+class Z {
   constructor(e) {
     this.data = /* @__PURE__ */ new Map(), this.windowMs = e.windowMs, this.startCleanup();
   }
@@ -151,54 +40,54 @@ class ie {
     this.data.clear();
   }
 }
-function ce(a) {
+function ee(o) {
   const {
     windowMs: e = 6e4,
     max: t,
     key: s = (c) => c.getClientAddress(),
     message: r = "Too many requests, please try again later.",
     statusCode: n = 429,
-    headers: o = "include",
+    headers: a = "include",
     onRateLimit: i,
-    store: u = new ie({ windowMs: e })
-  } = a;
+    store: u = new Z({ windowMs: e })
+  } = o;
   return async (c, l) => {
     const d = `rl:${s(c)}`, { current: h, reset: f } = await u.incr(d), y = Math.ceil((f - Date.now()) / 1e3);
     if (h > t) {
       i && i(c, { current: h, max: t, key: d });
-      const w = {
+      const g = {
         status: n,
         headers: new Headers()
-      }, p = w.headers;
-      o === "include" && (p.set("X-RateLimit-Limit", String(t)), p.set("X-RateLimit-Remaining", "0"), p.set("X-RateLimit-Reset", String(Math.floor(f / 1e3))), p.set("Retry-After", String(y)));
+      }, p = g.headers;
+      a === "include" && (p.set("X-RateLimit-Limit", String(t)), p.set("X-RateLimit-Remaining", "0"), p.set("X-RateLimit-Reset", String(Math.floor(f / 1e3))), p.set("Retry-After", String(y)));
       let m;
-      return typeof r == "string" ? (m = r, p.set("Content-Type", "text/plain")) : (m = JSON.stringify(r), p.set("Content-Type", "application/json")), new Response(m, w);
+      return typeof r == "string" ? (m = r, p.set("Content-Type", "text/plain")) : (m = JSON.stringify(r), p.set("Content-Type", "application/json")), new Response(m, g);
     }
     if (c.rateLimit = {
       current: h,
       limit: t,
       reset: new Date(f),
       remaining: t - h
-    }, o === "include") {
-      const w = {
+    }, a === "include") {
+      const g = {
         "X-RateLimit-Limit": String(t),
         "X-RateLimit-Remaining": String(t - h),
         "X-RateLimit-Reset": String(Math.floor(f / 1e3))
       }, p = c.setHeaders;
       c.setHeaders = (m) => {
         p({
-          ...w,
+          ...g,
           ...m
         });
-      }, p(w);
+      }, p(g);
     }
     return l();
   };
 }
-const Te = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
+const be = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
   __proto__: null,
-  fixedWindowLimit: ce
-}, Symbol.toStringTag, { value: "Module" })), ue = [
+  fixedWindowLimit: ee
+}, Symbol.toStringTag, { value: "Module" })), te = [
   "GET",
   "POST",
   "PUT",
@@ -206,13 +95,13 @@ const Te = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
   "PATCH",
   "HEAD",
   "OPTIONS"
-], le = [
+], se = [
   "Accept",
   "Accept-Language",
   "Content-Language",
   "Content-Type",
   "Range"
-], de = [
+], re = [
   "Authorization",
   "X-Auth-Token",
   "X-Requested-With",
@@ -222,55 +111,55 @@ const Te = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
   "X-Real-IP",
   "X-Custom-Header"
 ];
-function M(a, e) {
-  return !a || !e ? !1 : e === "*" ? !0 : e === "null" ? a === "null" : Array.isArray(e) ? e.some((t) => M(a, t)) : typeof e == "function" ? e(a) : e instanceof RegExp ? e.test(a) : a === e;
+function j(o, e) {
+  return !o || !e ? !1 : e === "*" ? !0 : e === "null" ? o === "null" : Array.isArray(e) ? e.some((t) => j(o, t)) : typeof e == "function" ? e(o) : e instanceof RegExp ? e.test(o) : o === e;
 }
-function he(a, e) {
+function ne(o, e) {
   const { origin: t = "*" } = e;
-  return a ? t === "*" ? e.credentials ? a : "*" : M(a, t) ? a : null : t === "*" ? "*" : null;
+  return o ? t === "*" ? e.credentials ? o : "*" : j(o, t) ? o : null : t === "*" ? "*" : null;
 }
-function fe(a = {}) {
+function ae(o = {}) {
   const {
-    methods: e = ue,
-    allowedHeaders: t = de,
+    methods: e = te,
+    allowedHeaders: t = re,
     exposedHeaders: s,
     credentials: r = !1,
     maxAge: n = 86400,
-    onResponse: o
-  } = a, i = "Origin,Access-Control-Request-Method,Access-Control-Request-Headers", u = e.join(","), c = [...le, ...t].join(","), l = [
+    onResponse: a
+  } = o, i = "Origin,Access-Control-Request-Method,Access-Control-Request-Headers", u = e.join(","), c = [...se, ...t].join(","), l = [
     ["Vary", i],
     ["Access-Control-Allow-Methods", u],
     ["Access-Control-Allow-Headers", c]
   ];
   return s && l.push(["Access-Control-Expose-Headers", s.join(",")]), r && l.push(["Access-Control-Allow-Credentials", "true"]), n && l.push(["Access-Control-Max-Age", n.toString()]), async (d, h) => {
-    const f = d.request, y = f.headers.get("Origin"), w = f.method === "OPTIONS" && y !== null && f.headers.has("Access-Control-Request-Method"), p = he(y, a);
-    if (w) {
+    const f = d.request, y = f.headers.get("Origin"), g = f.method === "OPTIONS" && y !== null && f.headers.has("Access-Control-Request-Method"), p = ne(y, o);
+    if (g) {
       if (!p)
         return new Response(null, { status: 403 });
-      const g = new Response(null, { status: 204 });
-      for (const [H, k] of l)
-        g.headers.set(H, k);
-      return g.headers.set("Access-Control-Allow-Origin", p), g;
+      const w = new Response(null, { status: 204 });
+      for (const [H, M] of l)
+        w.headers.set(H, M);
+      return w.headers.set("Access-Control-Allow-Origin", p), w;
     }
     const m = await h();
     if (!m) return;
     if (!p) return m;
     const S = new Response(m.body, m);
-    for (const [g, H] of l)
-      S.headers.set(g, H);
+    for (const [w, H] of l)
+      S.headers.set(w, H);
     S.headers.set("Access-Control-Allow-Origin", p);
     let A = S;
-    if (o) {
-      const g = o(A);
-      g && (A = g);
+    if (a) {
+      const w = a(A);
+      w && (A = w);
     }
     return A;
   };
 }
 const Ce = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProperty({
   __proto__: null,
-  policy: fe
-}, Symbol.toStringTag, { value: "Module" })), pe = ["GET", "PUT", "POST", "DELETE", "PATCH", "HEAD", "OPTIONS"];
+  policy: ae
+}, Symbol.toStringTag, { value: "Module" })), oe = ["GET", "PUT", "POST", "DELETE", "PATCH", "HEAD", "OPTIONS"];
 class b {
   static {
     this.cache = /* @__PURE__ */ new Map();
@@ -282,7 +171,7 @@ class b {
     this.cache.set(e, t);
   }
 }
-class P {
+class E {
   constructor() {
     this._routes = [], this._wsRoutes = [], this._nestedRouters = [], this._middlewares = [], this._preHandlers = [], this._postHandlers = [], this.routesSorted = !1, this.wsRoutesSorted = !1;
   }
@@ -316,23 +205,23 @@ class P {
   }
   // Universal method
   USE(e, t, ...s) {
-    return pe.forEach((r) => this.addHandler(r, e, t, s)), this;
+    return oe.forEach((r) => this.addHandler(r, e, t, s)), this;
   }
   // Action handler (POST only)
   action(e, t, ...s) {
     const r = async (n) => {
       try {
-        const o = await t(n);
-        return this.formatActionResult(o);
-      } catch (o) {
-        return this.handleActionError(o);
+        const a = await t(n);
+        return this.formatActionResult(a);
+      } catch (a) {
+        return this.handleActionError(a);
       }
     };
     return this.addHandler("POST", e, r, s);
   }
   use(e, t, ...s) {
-    let r, n, o = s;
-    Array.isArray(e) ? ([r, n] = e, o = e.length > 2 ? e.slice(2) : []) : (r = e, n = t);
+    let r, n, a = s;
+    Array.isArray(e) ? ([r, n] = e, a = e.length > 2 ? e.slice(2) : []) : (r = e, n = t);
     const i = this.normalizePrefix(r), { regex: u, paramNames: c, isCatchAll: l, priority: d } = this.createPrefixRegex(i);
     return this._nestedRouters.push({
       prefix: i,
@@ -341,7 +230,7 @@ class P {
       paramNames: c,
       isCatchAll: l,
       priority: d,
-      middlewares: o
+      middlewares: a
     }), this;
   }
   // Global middleware
@@ -362,12 +251,12 @@ class P {
   }
   // WebSocket route
   WS(e, t, ...s) {
-    const { regex: r, paramNames: n, isCatchAll: o, priority: i } = this.createPathRegex(e);
+    const { regex: r, paramNames: n, isCatchAll: a, priority: i } = this.createPathRegex(e);
     return this._wsRoutes.push({
       path: e,
       regex: r,
       paramNames: n,
-      isCatchAll: o,
+      isCatchAll: a,
       priority: i,
       handler: t,
       middlewares: s
@@ -386,11 +275,11 @@ class P {
     for (const s of [...this._nestedRouters].sort((r, n) => n.priority - r.priority)) {
       const r = t.match(s.regex);
       if (!r || r.index !== 0) continue;
-      const n = r[0], o = t.slice(n.length) || "/", i = {
+      const n = r[0], a = t.slice(n.length) || "/", i = {
         ...e,
         params: { ...e.params, ...this.extractPrefixParams(s, n) }
       };
-      if (await s.router.canHandleWebSocketAtPath(i, o))
+      if (await s.router.canHandleWebSocketAtPath(i, a))
         return !0;
     }
     for (const s of this._wsRoutes)
@@ -404,10 +293,10 @@ class P {
   }
   async handleWebSocketAtPath(e, t, s) {
     this.wsRoutesSorted || this.sortWsRoutes();
-    for (const r of [...this._nestedRouters].sort((n, o) => o.priority - n.priority)) {
+    for (const r of [...this._nestedRouters].sort((n, a) => a.priority - n.priority)) {
       const n = s.match(r.regex);
       if (!n || n.index !== 0) continue;
-      const o = n[0], i = s.slice(o.length) || "/", u = this.extractPrefixParams(r, o), c = {
+      const a = n[0], i = s.slice(a.length) || "/", u = this.extractPrefixParams(r, a), c = {
         ...e,
         params: { ...e.params, ...u }
       }, l = [...this._middlewares, ...r.middlewares], d = () => r.router.handleWebSocketAtPath(c, t, i);
@@ -417,11 +306,11 @@ class P {
       if (!r.regex.test(s)) continue;
       const n = s.match(r.regex);
       if (!n) continue;
-      const o = Object.fromEntries(
+      const a = Object.fromEntries(
         r.paramNames.map((l, d) => [l, n[d + 1] || ""])
       ), i = {
         ...e,
-        params: { ...e.params, ...o },
+        params: { ...e.params, ...a },
         route: { ...e.route, id: r.path },
         websocket: t
       }, u = [...this._middlewares, ...r.middlewares];
@@ -439,11 +328,11 @@ class P {
       const s = e.request.method;
       let r = await this.runPreHandlers(e);
       if (!r) {
-        const o = async () => {
+        const a = async () => {
           const i = await this.handleNestedRouters(e, t);
           return i || (this.routesSorted || this.sortRoutes(), this.handleLocalRoutes(e, s, t));
         };
-        r = await this.applyMiddlewaresWithList(e, this._middlewares, o);
+        r = await this.applyMiddlewaresWithList(e, this._middlewares, a);
       }
       const n = r || new Response("No Content", { status: 204 });
       return await this.runPostHandlers(e, n);
@@ -454,7 +343,7 @@ class P {
   }
   // Apply middlewares utility
   async applyMiddlewaresWithList(e, t, s) {
-    const r = [...t], n = async (o) => o >= r.length ? s() : r[o](e, () => n(o + 1));
+    const r = [...t], n = async (a) => a >= r.length ? s() : r[a](e, () => n(a + 1));
     return n(0);
   }
   async runPreHandlers(e) {
@@ -474,12 +363,12 @@ class P {
   }
   // Add route handler
   addHandler(e, t, s, r = []) {
-    const { regex: n, paramNames: o, isCatchAll: i, priority: u } = this.createPathRegex(t);
+    const { regex: n, paramNames: a, isCatchAll: i, priority: u } = this.createPathRegex(t);
     return this._routes.push({
       method: e,
       path: t,
       regex: n,
-      paramNames: o,
+      paramNames: a,
       isCatchAll: i,
       priority: u,
       handler: s,
@@ -492,10 +381,10 @@ class P {
     if (t) return t;
     const s = [];
     let r = !1, n;
-    const o = e.split("/").filter(Boolean);
-    n = o.reduce((c, l) => l.startsWith("[...") ? c - 10 : l.startsWith("[[") ? c - 5 : l.startsWith("[") ? c - 1 : c + 1, 0);
+    const a = e.split("/").filter(Boolean);
+    n = a.reduce((c, l) => l.startsWith("[...") ? c - 10 : l.startsWith("[[") ? c - 5 : l.startsWith("[") ? c - 1 : c + 1, 0);
     let i = "^";
-    for (const c of o)
+    for (const c of a)
       if (c.startsWith("[...") && c.endsWith("]")) {
         r = !0;
         const l = c.slice(4, -1);
@@ -518,21 +407,21 @@ class P {
     let s = !1, r;
     const n = e.split("/").filter(Boolean);
     r = n.reduce((i, u) => u.startsWith("[...") ? i - 10 : u.startsWith("[[") ? i - 5 : u.startsWith("[") ? i - 1 : i + 1, 0);
-    let o = "^";
+    let a = "^";
     for (const i of n)
       if (i.startsWith("[...") && i.endsWith("]")) {
         s = !0;
         const u = i.slice(4, -1);
-        t.push(u), o += "/(.+)";
+        t.push(u), a += "/(.+)";
       } else if (i.startsWith("[[") && i.endsWith("]]")) {
         const u = i.slice(2, -2);
-        t.push(u), o += "(?:/([^/]+))?";
+        t.push(u), a += "(?:/([^/]+))?";
       } else if (i.startsWith("[") && i.endsWith("]")) {
         const u = i.slice(1, -1);
-        t.push(u), o += "/([^/]+)";
+        t.push(u), a += "/([^/]+)";
       } else
-        o += "/" + i.replace(/[-/\\^$*+?.()|[\]{}]/g, "\\$&");
-    return o += "(?=/|$)", { regex: new RegExp(o), paramNames: t, isCatchAll: s, priority: r };
+        a += "/" + i.replace(/[-/\\^$*+?.()|[\]{}]/g, "\\$&");
+    return a += "(?=/|$)", { regex: new RegExp(a), paramNames: t, isCatchAll: s, priority: r };
   }
   normalizePrefix(e) {
     return e.startsWith("/") ? e.replace(/\/$/, "") : `/${e.replace(/\/$/, "")}`;
@@ -541,8 +430,8 @@ class P {
     const s = t.match(e.regex);
     if (!s) return {};
     const r = {};
-    return e.isCatchAll && e.paramNames.length === 1 ? r[e.paramNames[0]] = s[1]?.replace(/^\//, "") || "" : e.paramNames.forEach((n, o) => {
-      r[n] = s[o + 1] || "";
+    return e.isCatchAll && e.paramNames.length === 1 ? r[e.paramNames[0]] = s[1]?.replace(/^\//, "") || "" : e.paramNames.forEach((n, a) => {
+      r[n] = s[a + 1] || "";
     }), r;
   }
   // FIXED: Nested router handling without duplicate middleware application
@@ -551,7 +440,7 @@ class P {
     for (const r of s) {
       const n = t.match(r.regex);
       if (!n || n.index !== 0) continue;
-      const o = n[0], i = t.slice(o.length) || "/", u = this.extractPrefixParams(r, o), c = {
+      const a = n[0], i = t.slice(a.length) || "/", u = this.extractPrefixParams(r, a), c = {
         ...e,
         params: { ...e.params, ...u }
       }, l = async () => await r.router.handleAtPath(c, i), d = await this.applyMiddlewaresWithList(c, r.middlewares, l);
@@ -563,25 +452,25 @@ class P {
   async handleLocalRoutes(e, t, s) {
     const r = /* @__PURE__ */ new Set();
     let n = !1;
-    for (const o of this._routes) {
-      if (!o.regex.test(s) || (r.add(o.method), o.method === "GET" && (n = !0, r.add("HEAD")), !(o.method === t || t === "HEAD" && o.method === "GET"))) continue;
-      const u = s.match(o.regex);
+    for (const a of this._routes) {
+      if (!a.regex.test(s) || (r.add(a.method), a.method === "GET" && (n = !0, r.add("HEAD")), !(a.method === t || t === "HEAD" && a.method === "GET"))) continue;
+      const u = s.match(a.regex);
       if (!u) continue;
       const c = Object.fromEntries(
-        o.paramNames.map((d, h) => [d, u[h + 1] || ""])
+        a.paramNames.map((d, h) => [d, u[h + 1] || ""])
       );
-      e.params = { ...e.params, ...c }, e.route = { ...e.route, id: o.path };
-      const l = () => o.handler(e);
-      return await this.applyMiddlewaresWithList(e, o.middlewares, l);
+      e.params = { ...e.params, ...c }, e.route = { ...e.route, id: a.path };
+      const l = () => a.handler(e);
+      return await this.applyMiddlewaresWithList(e, a.middlewares, l);
     }
     if (r.size > 0 || t === "HEAD" && n) {
-      const o = [...r].join(", ");
+      const a = [...r].join(", ");
       return t === "OPTIONS" ? new Response(null, {
         status: 200,
-        headers: { Allow: o }
+        headers: { Allow: a }
       }) : new Response("Method Not Allowed", {
         status: 405,
-        headers: { Allow: o }
+        headers: { Allow: a }
       });
     }
     return new Response("Not Found", { status: 404 });
@@ -596,37 +485,37 @@ class P {
     return e instanceof Response ? e : e?.type === "failure" && "status" in e ? R.fail(e.status, e.data) : R.success(200, e ?? void 0);
   }
   handleActionError(e) {
-    if (N(e))
+    if (_(e))
       return R.error(e.status, { message: e.statusText || "Error" });
-    if (j(e)) {
+    if (N(e)) {
       const t = e.headers.get("Location") || "/";
       return R.redirect(e.status, t);
     }
     return console.error(e), R.error(500, { message: "Internal Server Error" });
   }
   static New() {
-    return new P();
+    return new E();
   }
 }
 const R = {
-  success: (a = 200, e) => new Response(JSON.stringify({ data: e, type: "success", status: a }), {
-    status: a,
+  success: (o = 200, e) => new Response(JSON.stringify({ data: e, type: "success", status: o }), {
+    status: o,
     headers: { "Content-Type": "application/json" }
   }),
-  redirect: (a = 302, e) => new Response(JSON.stringify({ location: e, type: "redirect", status: a }), {
-    status: a,
+  redirect: (o = 302, e) => new Response(JSON.stringify({ location: e, type: "redirect", status: o }), {
+    status: o,
     headers: { "Content-Type": "application/json" }
   }),
-  error: (a = 500, e) => new Response(JSON.stringify({ error: e, type: "error", status: a }), {
-    status: a,
+  error: (o = 500, e) => new Response(JSON.stringify({ error: e, type: "error", status: o }), {
+    status: o,
     headers: { "Content-Type": "application/json" }
   }),
-  fail: (a = 400, e) => new Response(JSON.stringify({ data: e, type: "failure", status: a }), {
-    status: a,
+  fail: (o = 400, e) => new Response(JSON.stringify({ data: e, type: "failure", status: o }), {
+    status: o,
     headers: { "Content-Type": "application/json" }
   })
 };
-class me {
+class ie {
   constructor(e, t) {
     this.raw = e.headers.get("cookie") ?? "", this.setCookieHeader = t;
   }
@@ -637,20 +526,20 @@ class me {
     return Object.entries(T(this.raw, e)).filter(([, t]) => t !== void 0).map(([t, s]) => ({ name: t, value: s }));
   }
   set(e, t, s) {
-    this.setCookieHeader(Q(e, t, s));
+    this.setCookieHeader(B(e, t, s));
   }
   delete(e, t) {
     this.set(e, "", { ...t, maxAge: 0 });
   }
 }
-class W extends Error {
+class C extends Error {
   constructor(e = "Payload Too Large") {
     super(e), this.status = 413, this.name = "PayloadTooLargeError";
   }
 }
-class be extends P {
+class We extends E {
   constructor(e) {
-    super(), this.upgradeHandlerInstalled = !1, this.config = e ?? { type: "http", options: {} }, this.wss = new Y({
+    super(), this.upgradeHandlerInstalled = !1, this.config = e ?? { type: "http", options: {} }, this.wss = new q({
       noServer: !0,
       maxPayload: this.config.security?.maxWebSocketPayload ?? 1024 * 1024
     });
@@ -662,7 +551,7 @@ class be extends P {
           console.error("Unhandled request error:", r), s.statusCode = 500, s.end("Internal Server Error");
         });
       };
-      this._server = this.config.type === "https" ? X(this.config.options, e) : q(this.config.options, e);
+      this._server = this.config.type === "https" ? I(this.config.options, e) : $(this.config.options, e);
     }
     return this._server;
   }
@@ -682,23 +571,23 @@ class be extends P {
         t.destroy();
         return;
       }
-      const o = this.toRequestEvent(n, r, {
+      const a = this.toRequestEvent(n, r, {
         getClientAddress: () => e.socket.remoteAddress ?? "127.0.0.1",
         setHeader: () => {
         },
         pushSetCookie: () => {
         }
       });
-      this.canHandleWebSocket(o).then((i) => {
+      this.canHandleWebSocket(a).then((i) => {
         if (!i || !this.isAllowedWebSocketOrigin(e)) {
           t.destroy();
           return;
         }
         this.wss.handleUpgrade(e, t, s, (u) => {
-          this.handleWebSocket(o, u).then((c) => {
-            !c && u.readyState === E.OPEN && u.close(1008, "Route not found");
+          this.handleWebSocket(a, u).then((c) => {
+            !c && u.readyState === P.OPEN && u.close(1008, "Route not found");
           }).catch((c) => {
-            console.error("WebSocket routing error:", c), u.readyState === E.OPEN && u.close(1011, "Internal error");
+            console.error("WebSocket routing error:", c), u.readyState === P.OPEN && u.close(1011, "Internal error");
           });
         });
       }).catch(() => t.destroy());
@@ -720,13 +609,13 @@ class be extends P {
       t.statusCode = 413, t.end("Payload Too Large");
       return;
     }
-    const s = this.toWebRequest(e), r = new URL(s.url), n = {}, o = [], i = this.toRequestEvent(s, r, {
+    const s = this.toWebRequest(e), r = new URL(s.url), n = {}, a = [], i = this.toRequestEvent(s, r, {
       getClientAddress: () => e.socket.remoteAddress ?? "127.0.0.1",
       setHeader: (c, l) => {
         n[c.toLowerCase()] = l;
       },
       pushSetCookie: (c) => {
-        o.push(c);
+        a.push(c);
       }
     });
     let u;
@@ -737,7 +626,7 @@ class be extends P {
     }
     for (const [c, l] of Object.entries(n))
       t.setHeader(c, l);
-    o.length > 0 && t.setHeader("Set-Cookie", o), await this.sendWebResponse(t, u);
+    a.length > 0 && t.setHeader("Set-Cookie", a), await this.sendWebResponse(t, u);
   }
   toWebRequest(e) {
     const t = this.toURL(e, !1);
@@ -750,17 +639,17 @@ class be extends P {
       // @ts-ignore
       duplex: "half"
     };
-    return !s && e.method !== "GET" && e.method !== "HEAD" && (r.body = J.toWeb(this.wrapRequestBody(e))), new Request(t, r);
+    return !s && e.method !== "GET" && e.method !== "HEAD" && (r.body = U.toWeb(this.wrapRequestBody(e))), new Request(t, r);
   }
   wrapRequestBody(e) {
     const t = this.config.security?.maxRequestBodySize;
     if (!t)
       return e;
     let s = 0;
-    const r = new V({
-      transform(n, o, i) {
+    const r = new F({
+      transform(n, a, i) {
         if (s += Buffer.byteLength(n), s > t) {
-          i(new W());
+          i(new C());
           return;
         }
         i(null, n);
@@ -769,7 +658,7 @@ class be extends P {
     return e.on("aborted", () => r.destroy(new Error("Request aborted"))), e.on("error", (n) => r.destroy(n)), e.pipe(r), r;
   }
   toURL(e, t) {
-    const s = e.socket instanceof G ? t ? "wss" : "https" : t ? "ws" : "http", r = this.resolveAuthority(e);
+    const s = e.socket instanceof D ? t ? "wss" : "https" : t ? "ws" : "http", r = this.resolveAuthority(e);
     return new URL(e.url ?? "/", `${s}://${r}`);
   }
   resolveAuthority(e) {
@@ -817,9 +706,9 @@ class be extends P {
     return Number.isFinite(r) && r <= t;
   }
   handleError(e) {
-    if (e instanceof W)
+    if (e instanceof C)
       return new Response(e.message, { status: e.status });
-    if (N(e))
+    if (_(e))
       return new Response(JSON.stringify({
         error: e.statusText || "Error",
         status: e.status
@@ -827,7 +716,7 @@ class be extends P {
         status: e.status,
         headers: { "Content-Type": "application/json" }
       });
-    if (j(e)) {
+    if (N(e)) {
       const t = e.headers.get("Location") || "/";
       return new Response(null, {
         status: e.status,
@@ -837,18 +726,18 @@ class be extends P {
     return console.error("Unhandled error:", e), new Response("Internal Server Error", { status: 500 });
   }
   async sendWebResponse(e, t) {
-    if (e.statusCode = t.status, t.headers.forEach((n, o) => {
-      e.setHeader(o, n);
+    if (e.statusCode = t.status, t.headers.forEach((n, a) => {
+      e.setHeader(a, n);
     }), e.hasHeader("Server") || e.setHeader("Server", "WebHTTPServer"), !t.body || this.shouldOmitResponseBody(t, e.req?.method)) {
       e.end();
       return;
     }
-    const s = t.body.getReader(), r = K.toWeb(e).getWriter();
+    const s = t.body.getReader(), r = z.toWeb(e).getWriter();
     try {
       for (; ; ) {
-        const { done: n, value: o } = await s.read();
+        const { done: n, value: a } = await s.read();
         if (n) break;
-        await r.write(o);
+        await r.write(a);
       }
     } finally {
       await r.close().catch(() => {
@@ -865,13 +754,13 @@ class be extends P {
     return s ? this.matchesValue(t, s) : !0;
   }
   toRequestEvent(e, t, s) {
-    const r = new me(e, s.pushSetCookie), n = this.config, o = {}, i = { name: "WebHTTPServer" }, u = /* @__PURE__ */ new Set(), c = {
+    const r = new ie(e, s.pushSetCookie), n = this.config, a = {}, i = { name: "WebHTTPServer" }, u = /* @__PURE__ */ new Set(), c = {
       request: e,
       url: t,
       cookies: r,
       getClientAddress: s.getClientAddress,
       get locals() {
-        return o;
+        return a;
       },
       get platform() {
         return i;
@@ -889,11 +778,180 @@ class be extends P {
         }
       }
     };
-    return n.locals && Object.assign(o, n.locals(c)), n.platform && Object.assign(i, n.platform(c)), c;
+    return n.locals && Object.assign(a, n.locals(c)), n.platform && Object.assign(i, n.platform(c)), c;
   }
 }
-const We = async (a, e) => {
-  const t = JSON.stringify(await a);
+const ce = {
+  ".avif": "image/avif",
+  ".css": "text/css; charset=utf-8",
+  ".gif": "image/gif",
+  ".html": "text/html; charset=utf-8",
+  ".ico": "image/x-icon",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".js": "text/javascript; charset=utf-8",
+  ".json": "application/json; charset=utf-8",
+  ".mjs": "text/javascript; charset=utf-8",
+  ".pdf": "application/pdf",
+  ".png": "image/png",
+  ".svg": "image/svg+xml; charset=utf-8",
+  ".txt": "text/plain; charset=utf-8",
+  ".wasm": "application/wasm",
+  ".webp": "image/webp",
+  ".xml": "application/xml; charset=utf-8"
+}, ue = {
+  index: "index.html",
+  cacheControl: "public, max-age=0",
+  dotFiles: "ignore"
+};
+async function le(o, e, t = {}) {
+  const s = me(e), r = {
+    ...ue,
+    ...t
+  }, n = await de(o), a = he(s, r.dotFiles);
+  if (a instanceof Response)
+    return a;
+  const i = a.length > 0 ? a.join(G) : "", u = v(n, i);
+  if (!k(n, u))
+    return new Response("Forbidden", { status: 403 });
+  const c = await fe(u, n, r.index);
+  if (c instanceof Response)
+    return c;
+  const l = await L(c), d = new Headers({
+    "content-length": String(l.size),
+    "content-type": pe(c),
+    "cache-control": r.cacheControl,
+    "last-modified": l.mtime.toUTCString(),
+    "x-content-type-options": "nosniff"
+  });
+  if (t.headers) {
+    const h = typeof t.headers == "function" ? t.headers(c, l) : t.headers;
+    new Headers(h).forEach((f, y) => {
+      d.set(y, f);
+    });
+  }
+  return new Response(Q.toWeb(X(c)), {
+    status: 200,
+    headers: d
+  });
+}
+async function de(o) {
+  return O(o);
+}
+function he(o, e) {
+  if (o.includes("\0"))
+    return new Response("Bad Request", { status: 400 });
+  const t = o.replace(/\\/g, "/").split("/").filter(Boolean), s = [];
+  for (const r of t) {
+    let n;
+    try {
+      n = decodeURIComponent(r);
+    } catch {
+      return new Response("Bad Request", { status: 400 });
+    }
+    if (!(!n || n === ".")) {
+      if (n === ".." || n.includes("/") || n.includes("\\") || n.includes("\0"))
+        return new Response("Forbidden", { status: 403 });
+      if (n.startsWith(".")) {
+        if (e === "deny")
+          return new Response("Forbidden", { status: 403 });
+        if (e !== "allow")
+          return new Response("Not Found", { status: 404 });
+      }
+      s.push(n);
+    }
+  }
+  return s;
+}
+async function fe(o, e, t) {
+  try {
+    if ((await J(o)).isDirectory()) {
+      const r = v(o, t);
+      return W(r, e);
+    }
+    return W(o, e);
+  } catch {
+    return new Response("Not Found", { status: 404 });
+  }
+}
+async function W(o, e) {
+  try {
+    const t = await O(o);
+    return k(e, t) ? (await L(t)).isFile() ? t : new Response("Not Found", { status: 404 }) : new Response("Forbidden", { status: 403 });
+  } catch {
+    return new Response("Not Found", { status: 404 });
+  }
+}
+function k(o, e) {
+  const t = V(o, e);
+  return t === "" || !t.startsWith("..") && !K(t);
+}
+function pe(o) {
+  return ce[Y(o).toLowerCase()] ?? "application/octet-stream";
+}
+function me(o) {
+  return typeof o.params.path == "string" ? o.params.path : o.url.pathname.replace(/^\/+/, "");
+}
+const Le = (o, e = {}) => (t) => le(o, t, e);
+function we(o, e = {}) {
+  const t = [];
+  if (e.comment)
+    for (const s of e.comment.split(/\r?\n/))
+      t.push(`: ${s}`);
+  if (e.event && t.push(`event: ${e.event}`), e.id && t.push(`id: ${e.id}`), e.retry !== void 0 && t.push(`retry: ${e.retry}`), o !== void 0) {
+    const s = typeof o == "string" ? o : JSON.stringify(o);
+    for (const r of s.split(/\r?\n/))
+      t.push(`data: ${r}`);
+  }
+  return `${t.join(`
+`)}
+
+`;
+}
+const Oe = (o, e = {}) => (t) => {
+  const s = new TextEncoder();
+  let r = null, n = !1, a;
+  const i = async () => {
+    if (!n) {
+      n = !0;
+      try {
+        await a?.();
+      } finally {
+        r?.close();
+      }
+    }
+  }, u = new ReadableStream({
+    async start(c) {
+      r = c;
+      const l = (d, h = {}) => {
+        n || c.enqueue(s.encode(we(d, h)));
+      };
+      t.request.signal.addEventListener("abort", () => {
+        i();
+      }, { once: !0 });
+      try {
+        if (a = await o(t, l), !t.request.signal.aborted && a === void 0)
+          return;
+        t.request.signal.aborted && await i();
+      } catch (d) {
+        n || c.error(d);
+      }
+    },
+    async cancel() {
+      await i();
+    }
+  });
+  return new Response(u, {
+    ...e,
+    headers: {
+      "content-type": "text/event-stream",
+      "cache-control": "no-cache",
+      connection: "keep-alive",
+      ...e.headers
+    }
+  });
+}, ve = async (o, e) => {
+  const t = JSON.stringify(await o);
   return new Response(t, {
     ...e,
     headers: {
@@ -903,24 +961,24 @@ const We = async (a, e) => {
     }
   });
 };
-function Le(a, e) {
+function _e(o, e) {
   throw new Response(null, {
-    status: a,
+    status: o,
     headers: {
       location: e.toString()
     }
   });
 }
-function Oe(a, e) {
+function Ne(o, e) {
   throw new Response(JSON.stringify(typeof e == "string" ? { message: e } : e), {
-    status: a,
+    status: o,
     headers: {
       "content-type": "application/json"
     }
   });
 }
-const ve = async (a, e) => {
-  const t = await a;
+const je = async (o, e) => {
+  const t = await o;
   return new Response(t, {
     ...e,
     headers: {
@@ -929,8 +987,8 @@ const ve = async (a, e) => {
       ...e?.headers
     }
   });
-}, _e = async (a, e) => {
-  const t = await a;
+}, ke = async (o, e) => {
+  const t = await o;
   return new Response(t, {
     ...e,
     headers: {
@@ -939,23 +997,24 @@ const ve = async (a, e) => {
       ...e?.headers
     }
   });
-}, Ne = (a, e = {}) => (t) => te(a, t, e);
+};
 export {
   R as Action,
   Ce as CORS,
-  Te as RateLimiter,
-  pe as RequestMethods,
-  P as Router,
-  be as WebServer,
-  Ne as dir,
-  Oe as error,
-  _e as html,
-  N as isHttpError,
-  j as isRedirect,
+  be as RateLimiter,
+  oe as RequestMethods,
+  E as Router,
+  We as WebServer,
+  Le as dir,
+  Ne as error,
+  ke as html,
+  _ as isHttpError,
+  N as isRedirect,
   x as isResponse,
-  We as json,
-  Le as redirect,
-  te as serveStatic,
-  ve as text
+  ve as json,
+  _e as redirect,
+  le as serveStatic,
+  Oe as sse,
+  je as text
 };
 //# sourceMappingURL=index.es.js.map