@tknf/matchbox 0.2.6 → 0.3.1

package/dist/htaccess/error-document.d.ts

@@ -0,0 +1,9 @@
+import { Context } from 'hono';
+import { ErrorDocumentConfig } from './types.js';
+
+/**
+ * Create middleware for error documents
+ */
+declare function createErrorDocumentMiddleware(errorDocs: ErrorDocumentConfig[], _basePath: string): (c: Context, next: () => Promise<void>) => Promise<Response | void>;
+
+export { createErrorDocumentMiddleware };

package/dist/htaccess/error-document.js

@@ -0,0 +1,16 @@
+function createErrorDocumentMiddleware(errorDocs, _basePath) {
+  return async (c, next) => {
+    await next();
+    const status = c.res.status;
+    if (status < 400) return;
+    const errorDoc = errorDocs.find((doc) => doc.statusCode === status);
+    if (!errorDoc) return;
+    if (errorDoc.target.startsWith("http://") || errorDoc.target.startsWith("https://")) {
+      return c.redirect(errorDoc.target);
+    }
+    return c.text(`Error ${status}: See ${errorDoc.target}`, status);
+  };
+}
+export {
+  createErrorDocumentMiddleware
+};

package/dist/htaccess/headers.d.ts

@@ -0,0 +1,32 @@
+import { Context } from 'hono';
+import { HeaderConfig } from './types.js';
+
+/**
+ * Create middleware for header directives
+ */
+declare function createHeaderMiddleware(headers: HeaderConfig[]): (c: Context, next: () => Promise<void>) => Promise<void>;
+/**
+ * Predefined security header helpers
+ */
+declare const securityHeaders: {
+    xFrameOptions: (value: "DENY" | "SAMEORIGIN" | string) => HeaderConfig;
+    xContentTypeOptions: () => HeaderConfig;
+    xssProtection: (enabled?: boolean) => HeaderConfig;
+    hsts: (maxAge?: number, includeSubdomains?: boolean) => HeaderConfig;
+    csp: (policy: string) => HeaderConfig;
+    referrerPolicy: (policy: string) => HeaderConfig;
+    permissionsPolicy: (policy: string) => HeaderConfig;
+};
+/**
+ * CORS (Cross-Origin Resource Sharing) header helpers
+ */
+declare const corsHeaders: {
+    allowOrigin: (origin: string) => HeaderConfig;
+    allowMethods: (methods: string[]) => HeaderConfig;
+    allowHeaders: (headers: string[]) => HeaderConfig;
+    allowCredentials: (allow?: boolean) => HeaderConfig;
+    maxAge: (seconds: number) => HeaderConfig;
+    exposeHeaders: (headers: string[]) => HeaderConfig;
+};
+
+export { corsHeaders, createHeaderMiddleware, securityHeaders };

package/dist/htaccess/headers.js

@@ -0,0 +1,98 @@
+function createHeaderMiddleware(headers) {
+  return async (c, next) => {
+    await next();
+    for (const header of headers) {
+      switch (header.action) {
+        case "set":
+          if (header.value) {
+            c.header(header.name, header.value);
+          }
+          break;
+        case "append":
+          if (header.value) {
+            const existing = c.res.headers.get(header.name);
+            const newValue = existing ? `${existing}, ${header.value}` : header.value;
+            c.header(header.name, newValue);
+          }
+          break;
+        case "unset":
+          c.res.headers.delete(header.name);
+          break;
+      }
+    }
+  };
+}
+const securityHeaders = {
+  xFrameOptions: (value) => ({
+    action: "set",
+    name: "X-Frame-Options",
+    value
+  }),
+  xContentTypeOptions: () => ({
+    action: "set",
+    name: "X-Content-Type-Options",
+    value: "nosniff"
+  }),
+  xssProtection: (enabled = true) => ({
+    action: "set",
+    name: "X-XSS-Protection",
+    value: enabled ? "1; mode=block" : "0"
+  }),
+  hsts: (maxAge = 31536e3, includeSubdomains = true) => ({
+    action: "set",
+    name: "Strict-Transport-Security",
+    value: includeSubdomains ? `max-age=${maxAge}; includeSubDomains` : `max-age=${maxAge}`
+  }),
+  csp: (policy) => ({
+    action: "set",
+    name: "Content-Security-Policy",
+    value: policy
+  }),
+  referrerPolicy: (policy) => ({
+    action: "set",
+    name: "Referrer-Policy",
+    value: policy
+  }),
+  permissionsPolicy: (policy) => ({
+    action: "set",
+    name: "Permissions-Policy",
+    value: policy
+  })
+};
+const corsHeaders = {
+  allowOrigin: (origin) => ({
+    action: "set",
+    name: "Access-Control-Allow-Origin",
+    value: origin
+  }),
+  allowMethods: (methods) => ({
+    action: "set",
+    name: "Access-Control-Allow-Methods",
+    value: methods.join(", ")
+  }),
+  allowHeaders: (headers) => ({
+    action: "set",
+    name: "Access-Control-Allow-Headers",
+    value: headers.join(", ")
+  }),
+  allowCredentials: (allow = true) => ({
+    action: "set",
+    name: "Access-Control-Allow-Credentials",
+    value: allow ? "true" : "false"
+  }),
+  maxAge: (seconds) => ({
+    action: "set",
+    name: "Access-Control-Max-Age",
+    value: String(seconds)
+  }),
+  exposeHeaders: (headers) => ({
+    action: "set",
+    name: "Access-Control-Expose-Headers",
+    value: headers.join(", ")
+  })
+};
+export {
+  corsHeaders,
+  createHeaderMiddleware,
+  securityHeaders
+};

package/dist/htaccess/index.d.ts

@@ -0,0 +1,8 @@
+export { AccessControlConfig, AccessRule, AuthConfig, ConditionFlags, DirectoryConfig, ErrorDocumentConfig, HeaderConfig, HonoContext, HtaccessConfig, RedirectConfig, RequireConfig, RewriteCondition, RewriteFlags, RewriteResult, RewriteRuleConfig, VariableContext } from './types.js';
+export { parseHtaccess } from './parser.js';
+export { createRewriteMiddleware, evaluateConditions } from './rewrite.js';
+export { corsHeaders, createHeaderMiddleware, securityHeaders } from './headers.js';
+export { createErrorDocumentMiddleware } from './error-document.js';
+export { createAccessControlMiddleware } from './access-control.js';
+export { applyRewriteFlags, buildVariableContext, expandVariables } from './utils.js';
+import 'hono';

package/dist/htaccess/index.js

@@ -0,0 +1,20 @@
+export * from "./types.js";
+import { parseHtaccess } from "./parser.js";
+import { createRewriteMiddleware, evaluateConditions } from "./rewrite.js";
+import { createHeaderMiddleware, securityHeaders, corsHeaders } from "./headers.js";
+import { createErrorDocumentMiddleware } from "./error-document.js";
+import { createAccessControlMiddleware } from "./access-control.js";
+import { buildVariableContext, expandVariables, applyRewriteFlags } from "./utils.js";
+export {
+  applyRewriteFlags,
+  buildVariableContext,
+  corsHeaders,
+  createAccessControlMiddleware,
+  createErrorDocumentMiddleware,
+  createHeaderMiddleware,
+  createRewriteMiddleware,
+  evaluateConditions,
+  expandVariables,
+  parseHtaccess,
+  securityHeaders
+};

package/dist/htaccess/parser.d.ts

@@ -0,0 +1,9 @@
+import { DirectoryConfig } from './types.js';
+import 'hono';
+
+/**
+ * Main parser for .htaccess files
+ */
+declare function parseHtaccess(content: string): DirectoryConfig;
+
+export { parseHtaccess };

package/dist/htaccess/parser.js

@@ -0,0 +1,365 @@
+function tokenize(line) {
+  const tokens = [];
+  let current = "";
+  let inQuotes = false;
+  let quoteChar = "";
+  let escaped = false;
+  for (let i = 0; i < line.length; i++) {
+    const char = line[i];
+    if (escaped) {
+      current += char;
+      escaped = false;
+      continue;
+    }
+    if (char === "\\") {
+      escaped = true;
+      continue;
+    }
+    if ((char === '"' || char === "'") && !inQuotes) {
+      inQuotes = true;
+      quoteChar = char;
+      continue;
+    }
+    if (char === quoteChar && inQuotes) {
+      inQuotes = false;
+      tokens.push(current);
+      current = "";
+      quoteChar = "";
+      continue;
+    }
+    if (/\s/.test(char) && !inQuotes) {
+      if (current) {
+        tokens.push(current);
+        current = "";
+      }
+      continue;
+    }
+    current += char;
+  }
+  if (current) tokens.push(current);
+  return tokens;
+}
+function parseRewriteFlags(flagString) {
+  const flags = {};
+  const cleaned = flagString.replace(/^\[|\]$/g, "").trim();
+  if (!cleaned) return flags;
+  const parts = cleaned.includes(",") ? cleaned.split(",") : cleaned.split(/\s+/);
+  for (const part of parts) {
+    const trimmed = part.trim();
+    if (!trimmed) continue;
+    if (trimmed === "L") flags.last = true;
+    else if (trimmed === "NC") flags.noCase = true;
+    else if (trimmed === "QSA") flags.qsAppend = true;
+    else if (trimmed === "QSD") flags.qsDiscard = true;
+    else if (trimmed === "NE") flags.noEscape = true;
+    else if (trimmed === "F") flags.forbidden = true;
+    else if (trimmed === "G") flags.gone = true;
+    else if (trimmed === "R" || trimmed.startsWith("R=")) {
+      const match = trimmed.match(/^R(?:=(\d+))?$/);
+      flags.redirect = match?.[1] ? Number.parseInt(match[1], 10) : 302;
+    }
+  }
+  return flags;
+}
+function parseConditionFlags(flagString) {
+  const flags = {};
+  const cleaned = flagString.replace(/^\[|\]$/g, "");
+  if (!cleaned) return flags;
+  const parts = cleaned.split(",");
+  for (const part of parts) {
+    const trimmed = part.trim();
+    if (trimmed === "NC") flags.noCase = true;
+    else if (trimmed === "OR") flags.or = true;
+  }
+  return flags;
+}
+function parseRewriteCond(tokens) {
+  if (tokens.length < 3) {
+    throw new Error("RewriteCond requires at least 2 arguments");
+  }
+  return {
+    testString: tokens[1],
+    pattern: tokens[2],
+    flags: parseConditionFlags(tokens[3] || "")
+  };
+}
+function parseRewriteRule(tokens) {
+  if (tokens.length < 3) {
+    throw new Error("RewriteRule requires at least 2 arguments");
+  }
+  return {
+    type: "rewrite",
+    pattern: tokens[1],
+    target: tokens[2],
+    flags: parseRewriteFlags(tokens[3] || ""),
+    conditions: []
+    // Will be populated by main parser
+  };
+}
+function parseErrorDocument(tokens) {
+  if (tokens.length < 3) {
+    throw new Error("ErrorDocument requires status code and target");
+  }
+  const statusCode = Number.parseInt(tokens[1], 10);
+  if (Number.isNaN(statusCode) || statusCode < 100 || statusCode >= 600) {
+    throw new Error(`Invalid status code: ${tokens[1]}`);
+  }
+  return {
+    statusCode,
+    target: tokens[2]
+  };
+}
+function parseHeader(tokens) {
+  if (tokens.length < 3) {
+    throw new Error("Header requires action and name");
+  }
+  const action = tokens[1].toLowerCase();
+  if (!["set", "append", "unset"].includes(action)) {
+    throw new Error(`Invalid header action: ${action}`);
+  }
+  return {
+    action,
+    name: tokens[2],
+    value: tokens[3] || void 0
+  };
+}
+function parseRedirect(tokens, directive) {
+  let code = 302;
+  let sourceIdx = 1;
+  if (directive === "RedirectPermanent") {
+    code = 301;
+  } else if (directive === "RedirectTemp") {
+    code = 302;
+  } else if (directive === "Redirect") {
+    if (tokens.length === 4) {
+      const maybeCode = Number.parseInt(tokens[1], 10);
+      code = !Number.isNaN(maybeCode) ? maybeCode : 302;
+      sourceIdx = 2;
+    }
+  }
+  if (tokens.length < sourceIdx + 2) {
+    throw new Error(`${directive} requires source and target paths`);
+  }
+  return {
+    type: "redirect",
+    code,
+    source: tokens[sourceIdx],
+    target: tokens[sourceIdx + 1]
+  };
+}
+function parseAuthType(tokens) {
+  if (tokens.length < 2) {
+    throw new Error("AuthType requires a type (Basic or Digest)");
+  }
+  const type = tokens[1];
+  if (type !== "Basic" && type !== "Digest") {
+    throw new Error(`Invalid AuthType: ${type}. Must be Basic or Digest`);
+  }
+  return type;
+}
+function parseRequire(tokens) {
+  if (tokens.length < 2) {
+    throw new Error("Require directive requires at least one argument");
+  }
+  const type = tokens[1];
+  if (type === "valid-user") {
+    return { type: "valid-user" };
+  }
+  if (type === "all") {
+    if (tokens.length < 3) {
+      throw new Error("Require all must specify granted or denied");
+    }
+    const granted = tokens[2] === "granted";
+    return { type: "all", granted };
+  }
+  if (type === "user") {
+    if (tokens.length < 3) {
+      throw new Error("Require user must specify at least one username");
+    }
+    return { type: "user", value: tokens.slice(2) };
+  }
+  if (type === "group") {
+    if (tokens.length < 3) {
+      throw new Error("Require group must specify at least one group name");
+    }
+    return { type: "group", value: tokens.slice(2) };
+  }
+  if (type === "ip") {
+    if (tokens.length < 3) {
+      throw new Error("Require ip must specify at least one IP or CIDR");
+    }
+    return { type: "ip", value: tokens.slice(2) };
+  }
+  if (type === "host") {
+    if (tokens.length < 3) {
+      throw new Error("Require host must specify at least one hostname");
+    }
+    return { type: "host", value: tokens.slice(2) };
+  }
+  throw new Error(`Unknown Require type: ${type}`);
+}
+function parseAccessRule(tokens) {
+  if (tokens.length < 3) {
+    throw new Error(`${tokens[0]} directive requires at least one argument`);
+  }
+  const fromKeyword = tokens[1];
+  if (fromKeyword !== "from") {
+    throw new Error(`${tokens[0]} directive must use 'from' keyword`);
+  }
+  const target = tokens[2];
+  if (target === "all") {
+    return { type: "all" };
+  }
+  if (target.startsWith("env=")) {
+    return { type: "env", value: target.slice(4) };
+  }
+  const isIP = /^[\d./]+$/.test(target) || target.includes(":");
+  if (isIP) {
+    return { type: "ip", value: tokens.slice(2) };
+  }
+  return { type: "host", value: tokens.slice(2) };
+}
+function parseHtaccess(content) {
+  const config = {
+    rewriteRules: [],
+    redirects: [],
+    errorDocuments: [],
+    headers: [],
+    authConfig: void 0,
+    accessControl: void 0
+  };
+  const lines = content.split("\n");
+  const pendingConditions = [];
+  let multiLineBuffer = "";
+  for (let i = 0; i < lines.length; i++) {
+    let line = lines[i].trim();
+    if (!line || line.startsWith("#")) continue;
+    if (line.endsWith("\\")) {
+      multiLineBuffer += line.slice(0, -1) + " ";
+      continue;
+    }
+    if (multiLineBuffer) {
+      line = multiLineBuffer + line;
+      multiLineBuffer = "";
+    }
+    const tokens = tokenize(line);
+    if (tokens.length === 0) continue;
+    const directive = tokens[0];
+    try {
+      switch (directive) {
+        case "RewriteCond":
+          pendingConditions.push(parseRewriteCond(tokens));
+          break;
+        case "RewriteRule": {
+          const rule = parseRewriteRule(tokens);
+          rule.conditions = [...pendingConditions];
+          config.rewriteRules.push(rule);
+          pendingConditions.length = 0;
+          break;
+        }
+        case "Redirect":
+        case "RedirectPermanent":
+        case "RedirectTemp":
+          config.redirects.push(parseRedirect(tokens, directive));
+          pendingConditions.length = 0;
+          break;
+        case "ErrorDocument":
+          config.errorDocuments.push(parseErrorDocument(tokens));
+          break;
+        case "Header":
+          config.headers.push(parseHeader(tokens));
+          break;
+        case "AuthType":
+          if (!config.authConfig) {
+            config.authConfig = {};
+          }
+          config.authConfig.authType = parseAuthType(tokens);
+          break;
+        case "AuthName":
+          if (!config.authConfig) {
+            config.authConfig = {};
+          }
+          if (tokens.length < 2) {
+            throw new Error("AuthName requires a realm name");
+          }
+          config.authConfig.authName = tokens.slice(1).join(" ");
+          break;
+        case "AuthUserFile":
+          if (!config.authConfig) {
+            config.authConfig = {};
+          }
+          if (tokens.length < 2) {
+            throw new Error("AuthUserFile requires a file path");
+          }
+          config.authConfig.authUserFile = tokens[1];
+          break;
+        case "AuthGroupFile":
+          if (!config.authConfig) {
+            config.authConfig = {};
+          }
+          if (tokens.length < 2) {
+            throw new Error("AuthGroupFile requires a file path");
+          }
+          config.authConfig.authGroupFile = tokens[1];
+          break;
+        case "AuthDigestProvider":
+          if (!config.authConfig) {
+            config.authConfig = {};
+          }
+          if (tokens.length < 2) {
+            throw new Error("AuthDigestProvider requires a provider name");
+          }
+          config.authConfig.authDigestProvider = tokens[1];
+          break;
+        case "Require":
+          if (!config.authConfig) {
+            config.authConfig = {};
+          }
+          if (!config.authConfig.require) {
+            config.authConfig.require = [];
+          }
+          config.authConfig.require.push(parseRequire(tokens));
+          break;
+        case "Order": {
+          if (!config.accessControl) {
+            config.accessControl = { allow: [], deny: [] };
+          }
+          if (tokens.length < 2) {
+            throw new Error("Order directive requires an argument");
+          }
+          const orderValue = tokens[1].toLowerCase();
+          if (orderValue !== "allow,deny" && orderValue !== "deny,allow" && orderValue !== "mutual-failure") {
+            throw new Error(`Invalid Order value: ${tokens[1]}`);
+          }
+          config.accessControl.order = orderValue;
+          break;
+        }
+        case "Allow":
+          if (!config.accessControl) {
+            config.accessControl = { allow: [], deny: [] };
+          }
+          config.accessControl.allow.push(parseAccessRule(tokens));
+          break;
+        case "Deny":
+          if (!config.accessControl) {
+            config.accessControl = { allow: [], deny: [] };
+          }
+          config.accessControl.deny.push(parseAccessRule(tokens));
+          break;
+        default:
+          break;
+      }
+    } catch (error) {
+      throw new Error(`Parse error at line ${i + 1}: ${error.message}`, {
+        cause: error
+      });
+    }
+  }
+  if (config.accessControl && !config.accessControl.order) {
+    config.accessControl.order = "allow,deny";
+  }
+  return config;
+}
+export {
+  parseHtaccess
+};

package/dist/htaccess/rewrite.d.ts

@@ -0,0 +1,13 @@
+import { Context } from 'hono';
+import { RewriteRuleConfig, RewriteCondition } from './types.js';
+
+/**
+ * Evaluate all conditions for a rewrite rule
+ */
+declare function evaluateConditions(conditions: RewriteCondition[], context: Context): boolean;
+/**
+ * Create middleware for rewrite rules
+ */
+declare function createRewriteMiddleware(rules: RewriteRuleConfig[], basePath: string): (c: Context, next: () => Promise<void>) => Promise<Response | void>;
+
+export { createRewriteMiddleware, evaluateConditions };

package/dist/htaccess/rewrite.js

@@ -0,0 +1,69 @@
+import {
+  applyRewriteFlags,
+  buildVariableContext,
+  expandVariables,
+  testCondition
+} from "./utils.js";
+function evaluateConditions(conditions, context) {
+  if (conditions.length === 0) return true;
+  let result = true;
+  let nextIsOr = false;
+  for (const condition of conditions) {
+    const varContext = buildVariableContext(context);
+    const match = testCondition(condition, varContext);
+    if (nextIsOr) {
+      result = result || match;
+      nextIsOr = condition.flags.or || false;
+    } else {
+      result = result && match;
+      nextIsOr = condition.flags.or || false;
+    }
+  }
+  return result;
+}
+function createRewriteMiddleware(rules, basePath) {
+  return async (c, next) => {
+    const relPath = c.req.path.replace(basePath, "") || "/";
+    for (const rule of rules) {
+      if (!evaluateConditions(rule.conditions, c)) {
+        continue;
+      }
+      const pattern = new RegExp(rule.pattern, rule.flags.noCase ? "i" : "");
+      const match = relPath.match(pattern);
+      if (!match) continue;
+      let target = rule.target;
+      for (let i = 0; i < match.length; i++) {
+        target = target.replace(new RegExp(`\\$${i}`, "g"), match[i] || "");
+      }
+      const varContext = buildVariableContext(c);
+      target = expandVariables(target, varContext);
+      if (target !== "-" && !target.startsWith("/") && !target.startsWith("http://") && !target.startsWith("https://")) {
+        target = basePath === "" ? `/${target}` : `${basePath}/${target}`;
+      }
+      const result = applyRewriteFlags(target, rule.flags, c);
+      switch (result.type) {
+        case "redirect":
+          return new Response(null, {
+            status: result.status,
+            headers: {
+              Location: result.url
+            }
+          });
+        case "forbidden":
+          return c.text("Forbidden", 403);
+        case "gone":
+          return c.text("Gone", 410);
+        case "rewrite":
+          break;
+      }
+      if (rule.flags.last) {
+        break;
+      }
+    }
+    await next();
+  };
+}
+export {
+  createRewriteMiddleware,
+  evaluateConditions
+};