@tknf/matchbox 0.2.6 → 0.3.0

package/dist/htaccess/parser.js

@@ -0,0 +1,365 @@
+function tokenize(line) {
+  const tokens = [];
+  let current = "";
+  let inQuotes = false;
+  let quoteChar = "";
+  let escaped = false;
+  for (let i = 0; i < line.length; i++) {
+    const char = line[i];
+    if (escaped) {
+      current += char;
+      escaped = false;
+      continue;
+    }
+    if (char === "\\") {
+      escaped = true;
+      continue;
+    }
+    if ((char === '"' || char === "'") && !inQuotes) {
+      inQuotes = true;
+      quoteChar = char;
+      continue;
+    }
+    if (char === quoteChar && inQuotes) {
+      inQuotes = false;
+      tokens.push(current);
+      current = "";
+      quoteChar = "";
+      continue;
+    }
+    if (/\s/.test(char) && !inQuotes) {
+      if (current) {
+        tokens.push(current);
+        current = "";
+      }
+      continue;
+    }
+    current += char;
+  }
+  if (current) tokens.push(current);
+  return tokens;
+}
+function parseRewriteFlags(flagString) {
+  const flags = {};
+  const cleaned = flagString.replace(/^\[|\]$/g, "").trim();
+  if (!cleaned) return flags;
+  const parts = cleaned.includes(",") ? cleaned.split(",") : cleaned.split(/\s+/);
+  for (const part of parts) {
+    const trimmed = part.trim();
+    if (!trimmed) continue;
+    if (trimmed === "L") flags.last = true;
+    else if (trimmed === "NC") flags.noCase = true;
+    else if (trimmed === "QSA") flags.qsAppend = true;
+    else if (trimmed === "QSD") flags.qsDiscard = true;
+    else if (trimmed === "NE") flags.noEscape = true;
+    else if (trimmed === "F") flags.forbidden = true;
+    else if (trimmed === "G") flags.gone = true;
+    else if (trimmed === "R" || trimmed.startsWith("R=")) {
+      const match = trimmed.match(/^R(?:=(\d+))?$/);
+      flags.redirect = match?.[1] ? Number.parseInt(match[1], 10) : 302;
+    }
+  }
+  return flags;
+}
+function parseConditionFlags(flagString) {
+  const flags = {};
+  const cleaned = flagString.replace(/^\[|\]$/g, "");
+  if (!cleaned) return flags;
+  const parts = cleaned.split(",");
+  for (const part of parts) {
+    const trimmed = part.trim();
+    if (trimmed === "NC") flags.noCase = true;
+    else if (trimmed === "OR") flags.or = true;
+  }
+  return flags;
+}
+function parseRewriteCond(tokens) {
+  if (tokens.length < 3) {
+    throw new Error("RewriteCond requires at least 2 arguments");
+  }
+  return {
+    testString: tokens[1],
+    pattern: tokens[2],
+    flags: parseConditionFlags(tokens[3] || "")
+  };
+}
+function parseRewriteRule(tokens) {
+  if (tokens.length < 3) {
+    throw new Error("RewriteRule requires at least 2 arguments");
+  }
+  return {
+    type: "rewrite",
+    pattern: tokens[1],
+    target: tokens[2],
+    flags: parseRewriteFlags(tokens[3] || ""),
+    conditions: []
+    // Will be populated by main parser
+  };
+}
+function parseErrorDocument(tokens) {
+  if (tokens.length < 3) {
+    throw new Error("ErrorDocument requires status code and target");
+  }
+  const statusCode = Number.parseInt(tokens[1], 10);
+  if (Number.isNaN(statusCode) || statusCode < 100 || statusCode >= 600) {
+    throw new Error(`Invalid status code: ${tokens[1]}`);
+  }
+  return {
+    statusCode,
+    target: tokens[2]
+  };
+}
+function parseHeader(tokens) {
+  if (tokens.length < 3) {
+    throw new Error("Header requires action and name");
+  }
+  const action = tokens[1].toLowerCase();
+  if (!["set", "append", "unset"].includes(action)) {
+    throw new Error(`Invalid header action: ${action}`);
+  }
+  return {
+    action,
+    name: tokens[2],
+    value: tokens[3] || void 0
+  };
+}
+function parseRedirect(tokens, directive) {
+  let code = 302;
+  let sourceIdx = 1;
+  if (directive === "RedirectPermanent") {
+    code = 301;
+  } else if (directive === "RedirectTemp") {
+    code = 302;
+  } else if (directive === "Redirect") {
+    if (tokens.length === 4) {
+      const maybeCode = Number.parseInt(tokens[1], 10);
+      code = !Number.isNaN(maybeCode) ? maybeCode : 302;
+      sourceIdx = 2;
+    }
+  }
+  if (tokens.length < sourceIdx + 2) {
+    throw new Error(`${directive} requires source and target paths`);
+  }
+  return {
+    type: "redirect",
+    code,
+    source: tokens[sourceIdx],
+    target: tokens[sourceIdx + 1]
+  };
+}
+function parseAuthType(tokens) {
+  if (tokens.length < 2) {
+    throw new Error("AuthType requires a type (Basic or Digest)");
+  }
+  const type = tokens[1];
+  if (type !== "Basic" && type !== "Digest") {
+    throw new Error(`Invalid AuthType: ${type}. Must be Basic or Digest`);
+  }
+  return type;
+}
+function parseRequire(tokens) {
+  if (tokens.length < 2) {
+    throw new Error("Require directive requires at least one argument");
+  }
+  const type = tokens[1];
+  if (type === "valid-user") {
+    return { type: "valid-user" };
+  }
+  if (type === "all") {
+    if (tokens.length < 3) {
+      throw new Error("Require all must specify granted or denied");
+    }
+    const granted = tokens[2] === "granted";
+    return { type: "all", granted };
+  }
+  if (type === "user") {
+    if (tokens.length < 3) {
+      throw new Error("Require user must specify at least one username");
+    }
+    return { type: "user", value: tokens.slice(2) };
+  }
+  if (type === "group") {
+    if (tokens.length < 3) {
+      throw new Error("Require group must specify at least one group name");
+    }
+    return { type: "group", value: tokens.slice(2) };
+  }
+  if (type === "ip") {
+    if (tokens.length < 3) {
+      throw new Error("Require ip must specify at least one IP or CIDR");
+    }
+    return { type: "ip", value: tokens.slice(2) };
+  }
+  if (type === "host") {
+    if (tokens.length < 3) {
+      throw new Error("Require host must specify at least one hostname");
+    }
+    return { type: "host", value: tokens.slice(2) };
+  }
+  throw new Error(`Unknown Require type: ${type}`);
+}
+function parseAccessRule(tokens) {
+  if (tokens.length < 3) {
+    throw new Error(`${tokens[0]} directive requires at least one argument`);
+  }
+  const fromKeyword = tokens[1];
+  if (fromKeyword !== "from") {
+    throw new Error(`${tokens[0]} directive must use 'from' keyword`);
+  }
+  const target = tokens[2];
+  if (target === "all") {
+    return { type: "all" };
+  }
+  if (target.startsWith("env=")) {
+    return { type: "env", value: target.slice(4) };
+  }
+  const isIP = /^[\d./]+$/.test(target) || target.includes(":");
+  if (isIP) {
+    return { type: "ip", value: tokens.slice(2) };
+  }
+  return { type: "host", value: tokens.slice(2) };
+}
+function parseHtaccess(content) {
+  const config = {
+    rewriteRules: [],
+    redirects: [],
+    errorDocuments: [],
+    headers: [],
+    authConfig: void 0,
+    accessControl: void 0
+  };
+  const lines = content.split("\n");
+  const pendingConditions = [];
+  let multiLineBuffer = "";
+  for (let i = 0; i < lines.length; i++) {
+    let line = lines[i].trim();
+    if (!line || line.startsWith("#")) continue;
+    if (line.endsWith("\\")) {
+      multiLineBuffer += line.slice(0, -1) + " ";
+      continue;
+    }
+    if (multiLineBuffer) {
+      line = multiLineBuffer + line;
+      multiLineBuffer = "";
+    }
+    const tokens = tokenize(line);
+    if (tokens.length === 0) continue;
+    const directive = tokens[0];
+    try {
+      switch (directive) {
+        case "RewriteCond":
+          pendingConditions.push(parseRewriteCond(tokens));
+          break;
+        case "RewriteRule": {
+          const rule = parseRewriteRule(tokens);
+          rule.conditions = [...pendingConditions];
+          config.rewriteRules.push(rule);
+          pendingConditions.length = 0;
+          break;
+        }
+        case "Redirect":
+        case "RedirectPermanent":
+        case "RedirectTemp":
+          config.redirects.push(parseRedirect(tokens, directive));
+          pendingConditions.length = 0;
+          break;
+        case "ErrorDocument":
+          config.errorDocuments.push(parseErrorDocument(tokens));
+          break;
+        case "Header":
+          config.headers.push(parseHeader(tokens));
+          break;
+        case "AuthType":
+          if (!config.authConfig) {
+            config.authConfig = {};
+          }
+          config.authConfig.authType = parseAuthType(tokens);
+          break;
+        case "AuthName":
+          if (!config.authConfig) {
+            config.authConfig = {};
+          }
+          if (tokens.length < 2) {
+            throw new Error("AuthName requires a realm name");
+          }
+          config.authConfig.authName = tokens.slice(1).join(" ");
+          break;
+        case "AuthUserFile":
+          if (!config.authConfig) {
+            config.authConfig = {};
+          }
+          if (tokens.length < 2) {
+            throw new Error("AuthUserFile requires a file path");
+          }
+          config.authConfig.authUserFile = tokens[1];
+          break;
+        case "AuthGroupFile":
+          if (!config.authConfig) {
+            config.authConfig = {};
+          }
+          if (tokens.length < 2) {
+            throw new Error("AuthGroupFile requires a file path");
+          }
+          config.authConfig.authGroupFile = tokens[1];
+          break;
+        case "AuthDigestProvider":
+          if (!config.authConfig) {
+            config.authConfig = {};
+          }
+          if (tokens.length < 2) {
+            throw new Error("AuthDigestProvider requires a provider name");
+          }
+          config.authConfig.authDigestProvider = tokens[1];
+          break;
+        case "Require":
+          if (!config.authConfig) {
+            config.authConfig = {};
+          }
+          if (!config.authConfig.require) {
+            config.authConfig.require = [];
+          }
+          config.authConfig.require.push(parseRequire(tokens));
+          break;
+        case "Order": {
+          if (!config.accessControl) {
+            config.accessControl = { allow: [], deny: [] };
+          }
+          if (tokens.length < 2) {
+            throw new Error("Order directive requires an argument");
+          }
+          const orderValue = tokens[1].toLowerCase();
+          if (orderValue !== "allow,deny" && orderValue !== "deny,allow" && orderValue !== "mutual-failure") {
+            throw new Error(`Invalid Order value: ${tokens[1]}`);
+          }
+          config.accessControl.order = orderValue;
+          break;
+        }
+        case "Allow":
+          if (!config.accessControl) {
+            config.accessControl = { allow: [], deny: [] };
+          }
+          config.accessControl.allow.push(parseAccessRule(tokens));
+          break;
+        case "Deny":
+          if (!config.accessControl) {
+            config.accessControl = { allow: [], deny: [] };
+          }
+          config.accessControl.deny.push(parseAccessRule(tokens));
+          break;
+        default:
+          break;
+      }
+    } catch (error) {
+      throw new Error(`Parse error at line ${i + 1}: ${error.message}`, {
+        cause: error
+      });
+    }
+  }
+  if (config.accessControl && !config.accessControl.order) {
+    config.accessControl.order = "allow,deny";
+  }
+  return config;
+}
+export {
+  parseHtaccess
+};

package/dist/htaccess/rewrite.d.ts

@@ -0,0 +1,13 @@
+import { Context } from 'hono';
+import { RewriteRuleConfig, RewriteCondition } from './types.js';
+
+/**
+ * Evaluate all conditions for a rewrite rule
+ */
+declare function evaluateConditions(conditions: RewriteCondition[], context: Context): boolean;
+/**
+ * Create middleware for rewrite rules
+ */
+declare function createRewriteMiddleware(rules: RewriteRuleConfig[], basePath: string): (c: Context, next: () => Promise<void>) => Promise<Response | void>;
+
+export { createRewriteMiddleware, evaluateConditions };

package/dist/htaccess/rewrite.js

@@ -0,0 +1,69 @@
+import {
+  applyRewriteFlags,
+  buildVariableContext,
+  expandVariables,
+  testCondition
+} from "./utils.js";
+function evaluateConditions(conditions, context) {
+  if (conditions.length === 0) return true;
+  let result = true;
+  let nextIsOr = false;
+  for (const condition of conditions) {
+    const varContext = buildVariableContext(context);
+    const match = testCondition(condition, varContext);
+    if (nextIsOr) {
+      result = result || match;
+      nextIsOr = condition.flags.or || false;
+    } else {
+      result = result && match;
+      nextIsOr = condition.flags.or || false;
+    }
+  }
+  return result;
+}
+function createRewriteMiddleware(rules, basePath) {
+  return async (c, next) => {
+    const relPath = c.req.path.replace(basePath, "") || "/";
+    for (const rule of rules) {
+      if (!evaluateConditions(rule.conditions, c)) {
+        continue;
+      }
+      const pattern = new RegExp(rule.pattern, rule.flags.noCase ? "i" : "");
+      const match = relPath.match(pattern);
+      if (!match) continue;
+      let target = rule.target;
+      for (let i = 0; i < match.length; i++) {
+        target = target.replace(new RegExp(`\\$${i}`, "g"), match[i] || "");
+      }
+      const varContext = buildVariableContext(c);
+      target = expandVariables(target, varContext);
+      if (target !== "-" && !target.startsWith("/") && !target.startsWith("http://") && !target.startsWith("https://")) {
+        target = basePath === "" ? `/${target}` : `${basePath}/${target}`;
+      }
+      const result = applyRewriteFlags(target, rule.flags, c);
+      switch (result.type) {
+        case "redirect":
+          return new Response(null, {
+            status: result.status,
+            headers: {
+              Location: result.url
+            }
+          });
+        case "forbidden":
+          return c.text("Forbidden", 403);
+        case "gone":
+          return c.text("Gone", 410);
+        case "rewrite":
+          break;
+      }
+      if (rule.flags.last) {
+        break;
+      }
+    }
+    await next();
+  };
+}
+export {
+  createRewriteMiddleware,
+  evaluateConditions
+};

package/dist/htaccess/types.d.ts

@@ -0,0 +1,156 @@
+import { Context } from 'hono';
+
+/**
+ * Main configuration type for .htaccess files (replaces RewriteMap)
+ * Maps directory paths to their respective configurations
+ */
+type HtaccessConfig = Record<string, DirectoryConfig>;
+/**
+ * Configuration for a single directory
+ */
+interface DirectoryConfig {
+    rewriteRules: RewriteRuleConfig[];
+    redirects: RedirectConfig[];
+    errorDocuments: ErrorDocumentConfig[];
+    headers: HeaderConfig[];
+    authConfig?: AuthConfig;
+    accessControl?: AccessControlConfig;
+}
+/**
+ * RewriteRule configuration
+ */
+interface RewriteRuleConfig {
+    type: "rewrite";
+    pattern: string;
+    target: string;
+    flags: RewriteFlags;
+    conditions: RewriteCondition[];
+}
+/**
+ * RewriteCond configuration
+ */
+interface RewriteCondition {
+    testString: string;
+    pattern: string;
+    flags: ConditionFlags;
+}
+/**
+ * RewriteRule flags
+ */
+interface RewriteFlags {
+    last?: boolean;
+    redirect?: number;
+    forbidden?: boolean;
+    gone?: boolean;
+    noCase?: boolean;
+    qsAppend?: boolean;
+    qsDiscard?: boolean;
+    noEscape?: boolean;
+}
+/**
+ * RewriteCond flags
+ */
+interface ConditionFlags {
+    noCase?: boolean;
+    or?: boolean;
+}
+/**
+ * ErrorDocument configuration
+ */
+interface ErrorDocumentConfig {
+    statusCode: number;
+    target: string;
+}
+/**
+ * Header directive configuration
+ */
+interface HeaderConfig {
+    action: "set" | "append" | "unset";
+    name: string;
+    value?: string;
+}
+/**
+ * Redirect configuration (legacy support)
+ */
+interface RedirectConfig {
+    type: "redirect";
+    code: number;
+    source: string;
+    target: string;
+}
+/**
+ * Authentication configuration
+ */
+interface AuthConfig {
+    authType?: "Basic" | "Digest";
+    authName?: string;
+    authUserFile?: string;
+    authGroupFile?: string;
+    authDigestProvider?: string;
+    require?: RequireConfig[];
+}
+/**
+ * Require directive configuration
+ */
+interface RequireConfig {
+    type: "valid-user" | "user" | "group" | "ip" | "host" | "all";
+    value?: string | string[];
+    granted?: boolean;
+}
+/**
+ * Access Control configuration (Apache 2.2 style - Order/Allow/Deny)
+ */
+interface AccessControlConfig {
+    order?: "allow,deny" | "deny,allow" | "mutual-failure";
+    allow: AccessRule[];
+    deny: AccessRule[];
+}
+/**
+ * Access rule for Allow/Deny directives
+ */
+interface AccessRule {
+    type: "all" | "ip" | "host" | "env";
+    value?: string | string[];
+}
+/**
+ * Variable context for RewriteCond evaluation
+ */
+interface VariableContext {
+    HTTP_HOST: string;
+    HTTP_USER_AGENT: string;
+    REQUEST_URI: string;
+    QUERY_STRING: string;
+    HTTPS: string;
+    REMOTE_ADDR: string;
+    REQUEST_METHOD: string;
+    HTTP_REFERER: string;
+    HTTP_ACCEPT: string;
+    HTTP_COOKIE: string;
+    SERVER_NAME: string;
+    SERVER_PORT: string;
+    DOCUMENT_ROOT: string;
+    REQUEST_FILENAME: string;
+}
+/**
+ * Result of applying rewrite flags
+ */
+type RewriteResult = {
+    type: "continue";
+} | {
+    type: "redirect";
+    url: string;
+    status: number;
+} | {
+    type: "forbidden";
+} | {
+    type: "gone";
+} | {
+    type: "rewrite";
+    path: string;
+};
+/**
+ * Hono Context (for type compatibility)
+ */
+type HonoContext = Context;
+
+export type { AccessControlConfig, AccessRule, AuthConfig, ConditionFlags, DirectoryConfig, ErrorDocumentConfig, HeaderConfig, HonoContext, HtaccessConfig, RedirectConfig, RequireConfig, RewriteCondition, RewriteFlags, RewriteResult, RewriteRuleConfig, VariableContext };

package/dist/htaccess/utils.d.ts

@@ -0,0 +1,21 @@
+import { Context } from 'hono';
+import { VariableContext, RewriteFlags, RewriteResult, RewriteCondition } from './types.js';
+
+/**
+ * Build variable context from Hono context
+ */
+declare function buildVariableContext(c: Context): VariableContext;
+/**
+ * Expand variables like %{HTTP_HOST} in test strings
+ */
+declare function expandVariables(testString: string, context: VariableContext): string;
+/**
+ * Test a single RewriteCond
+ */
+declare function testCondition(condition: RewriteCondition, context: VariableContext): boolean;
+/**
+ * Apply rewrite flags to determine result
+ */
+declare function applyRewriteFlags(target: string, flags: RewriteFlags, context: Context): RewriteResult;
+
+export { applyRewriteFlags, buildVariableContext, expandVariables, testCondition };

package/dist/htaccess/utils.js

@@ -0,0 +1,69 @@
+function buildVariableContext(c) {
+  const url = new URL(c.req.url);
+  return {
+    HTTP_HOST: c.req.header("host") || "",
+    HTTP_USER_AGENT: c.req.header("user-agent") || "",
+    REQUEST_URI: c.req.path,
+    QUERY_STRING: url.search.slice(1),
+    HTTPS: url.protocol === "https:" ? "on" : "off",
+    REMOTE_ADDR: c.req.header("x-forwarded-for")?.split(",")[0].trim() || "127.0.0.1",
+    REQUEST_METHOD: c.req.method,
+    HTTP_REFERER: c.req.header("referer") || "",
+    HTTP_ACCEPT: c.req.header("accept") || "",
+    HTTP_COOKIE: c.req.header("cookie") || "",
+    SERVER_NAME: c.req.header("host")?.split(":")[0] || "localhost",
+    SERVER_PORT: url.port || (url.protocol === "https:" ? "443" : "80"),
+    DOCUMENT_ROOT: "",
+    REQUEST_FILENAME: c.req.path
+  };
+}
+function expandVariables(testString, context) {
+  return testString.replace(/%\{([^}]+)\}/g, (match, varName) => {
+    const value = context[varName];
+    return value !== void 0 ? String(value) : match;
+  });
+}
+function testCondition(condition, context) {
+  const testValue = expandVariables(condition.testString, context);
+  const pattern = new RegExp(condition.pattern, condition.flags.noCase ? "i" : "");
+  return pattern.test(testValue);
+}
+function applyRewriteFlags(target, flags, context) {
+  if (flags.forbidden) {
+    return { type: "forbidden" };
+  }
+  if (flags.gone) {
+    return { type: "gone" };
+  }
+  if (flags.redirect) {
+    let finalTarget = target;
+    if (flags.qsAppend) {
+      const currentQs = new URL(context.req.url).search.slice(1);
+      if (currentQs) {
+        const separator = finalTarget.includes("?") ? "&" : "?";
+        finalTarget += separator + currentQs;
+      }
+    }
+    if (flags.qsDiscard) {
+      const qsIndex = finalTarget.indexOf("?");
+      if (qsIndex !== -1) {
+        finalTarget = finalTarget.slice(0, qsIndex);
+      }
+    }
+    return {
+      type: "redirect",
+      url: finalTarget,
+      status: flags.redirect
+    };
+  }
+  return {
+    type: "rewrite",
+    path: target
+  };
+}
+export {
+  applyRewriteFlags,
+  buildVariableContext,
+  expandVariables,
+  testCondition
+};

package/dist/html.d.ts

@@ -2,6 +2,7 @@ import * as hono_utils_html from 'hono/utils/html';
 import { CgiContext } from './cgi.js';
 import 'hono/types';
 import 'hono';
+import './htaccess/types.js';
 
 declare const generateCgiInfo: ({ $_SERVER, $_SESSION, $_REQUEST, config, }: Pick<CgiContext, "$_SERVER" | "$_SESSION" | "$_REQUEST" | "config">) => () => hono_utils_html.HtmlEscapedString | Promise<hono_utils_html.HtmlEscapedString>;
 declare const generateCgiError: ({ error, $_SERVER, }: {