@tknf/matchbox 0.2.6 → 0.3.1

package/dist/htaccess/types.d.ts

@@ -0,0 +1,156 @@
+import { Context } from 'hono';
+
+/**
+ * Main configuration type for .htaccess files (replaces RewriteMap)
+ * Maps directory paths to their respective configurations
+ */
+type HtaccessConfig = Record<string, DirectoryConfig>;
+/**
+ * Configuration for a single directory
+ */
+interface DirectoryConfig {
+    rewriteRules: RewriteRuleConfig[];
+    redirects: RedirectConfig[];
+    errorDocuments: ErrorDocumentConfig[];
+    headers: HeaderConfig[];
+    authConfig?: AuthConfig;
+    accessControl?: AccessControlConfig;
+}
+/**
+ * RewriteRule configuration
+ */
+interface RewriteRuleConfig {
+    type: "rewrite";
+    pattern: string;
+    target: string;
+    flags: RewriteFlags;
+    conditions: RewriteCondition[];
+}
+/**
+ * RewriteCond configuration
+ */
+interface RewriteCondition {
+    testString: string;
+    pattern: string;
+    flags: ConditionFlags;
+}
+/**
+ * RewriteRule flags
+ */
+interface RewriteFlags {
+    last?: boolean;
+    redirect?: number;
+    forbidden?: boolean;
+    gone?: boolean;
+    noCase?: boolean;
+    qsAppend?: boolean;
+    qsDiscard?: boolean;
+    noEscape?: boolean;
+}
+/**
+ * RewriteCond flags
+ */
+interface ConditionFlags {
+    noCase?: boolean;
+    or?: boolean;
+}
+/**
+ * ErrorDocument configuration
+ */
+interface ErrorDocumentConfig {
+    statusCode: number;
+    target: string;
+}
+/**
+ * Header directive configuration
+ */
+interface HeaderConfig {
+    action: "set" | "append" | "unset";
+    name: string;
+    value?: string;
+}
+/**
+ * Redirect configuration (legacy support)
+ */
+interface RedirectConfig {
+    type: "redirect";
+    code: number;
+    source: string;
+    target: string;
+}
+/**
+ * Authentication configuration
+ */
+interface AuthConfig {
+    authType?: "Basic" | "Digest";
+    authName?: string;
+    authUserFile?: string;
+    authGroupFile?: string;
+    authDigestProvider?: string;
+    require?: RequireConfig[];
+}
+/**
+ * Require directive configuration
+ */
+interface RequireConfig {
+    type: "valid-user" | "user" | "group" | "ip" | "host" | "all";
+    value?: string | string[];
+    granted?: boolean;
+}
+/**
+ * Access Control configuration (Apache 2.2 style - Order/Allow/Deny)
+ */
+interface AccessControlConfig {
+    order?: "allow,deny" | "deny,allow" | "mutual-failure";
+    allow: AccessRule[];
+    deny: AccessRule[];
+}
+/**
+ * Access rule for Allow/Deny directives
+ */
+interface AccessRule {
+    type: "all" | "ip" | "host" | "env";
+    value?: string | string[];
+}
+/**
+ * Variable context for RewriteCond evaluation
+ */
+interface VariableContext {
+    HTTP_HOST: string;
+    HTTP_USER_AGENT: string;
+    REQUEST_URI: string;
+    QUERY_STRING: string;
+    HTTPS: string;
+    REMOTE_ADDR: string;
+    REQUEST_METHOD: string;
+    HTTP_REFERER: string;
+    HTTP_ACCEPT: string;
+    HTTP_COOKIE: string;
+    SERVER_NAME: string;
+    SERVER_PORT: string;
+    DOCUMENT_ROOT: string;
+    REQUEST_FILENAME: string;
+}
+/**
+ * Result of applying rewrite flags
+ */
+type RewriteResult = {
+    type: "continue";
+} | {
+    type: "redirect";
+    url: string;
+    status: number;
+} | {
+    type: "forbidden";
+} | {
+    type: "gone";
+} | {
+    type: "rewrite";
+    path: string;
+};
+/**
+ * Hono Context (for type compatibility)
+ */
+type HonoContext = Context;
+
+export type { AccessControlConfig, AccessRule, AuthConfig, ConditionFlags, DirectoryConfig, ErrorDocumentConfig, HeaderConfig, HonoContext, HtaccessConfig, RedirectConfig, RequireConfig, RewriteCondition, RewriteFlags, RewriteResult, RewriteRuleConfig, VariableContext };

package/dist/htaccess/utils.d.ts

@@ -0,0 +1,21 @@
+import { Context } from 'hono';
+import { VariableContext, RewriteFlags, RewriteResult, RewriteCondition } from './types.js';
+
+/**
+ * Build variable context from Hono context
+ */
+declare function buildVariableContext(c: Context): VariableContext;
+/**
+ * Expand variables like %{HTTP_HOST} in test strings
+ */
+declare function expandVariables(testString: string, context: VariableContext): string;
+/**
+ * Test a single RewriteCond
+ */
+declare function testCondition(condition: RewriteCondition, context: VariableContext): boolean;
+/**
+ * Apply rewrite flags to determine result
+ */
+declare function applyRewriteFlags(target: string, flags: RewriteFlags, context: Context): RewriteResult;
+
+export { applyRewriteFlags, buildVariableContext, expandVariables, testCondition };

package/dist/htaccess/utils.js

@@ -0,0 +1,69 @@
+function buildVariableContext(c) {
+  const url = new URL(c.req.url);
+  return {
+    HTTP_HOST: c.req.header("host") || "",
+    HTTP_USER_AGENT: c.req.header("user-agent") || "",
+    REQUEST_URI: c.req.path,
+    QUERY_STRING: url.search.slice(1),
+    HTTPS: url.protocol === "https:" ? "on" : "off",
+    REMOTE_ADDR: c.req.header("x-forwarded-for")?.split(",")[0].trim() || "127.0.0.1",
+    REQUEST_METHOD: c.req.method,
+    HTTP_REFERER: c.req.header("referer") || "",
+    HTTP_ACCEPT: c.req.header("accept") || "",
+    HTTP_COOKIE: c.req.header("cookie") || "",
+    SERVER_NAME: c.req.header("host")?.split(":")[0] || "localhost",
+    SERVER_PORT: url.port || (url.protocol === "https:" ? "443" : "80"),
+    DOCUMENT_ROOT: "",
+    REQUEST_FILENAME: c.req.path
+  };
+}
+function expandVariables(testString, context) {
+  return testString.replace(/%\{([^}]+)\}/g, (match, varName) => {
+    const value = context[varName];
+    return value !== void 0 ? String(value) : match;
+  });
+}
+function testCondition(condition, context) {
+  const testValue = expandVariables(condition.testString, context);
+  const pattern = new RegExp(condition.pattern, condition.flags.noCase ? "i" : "");
+  return pattern.test(testValue);
+}
+function applyRewriteFlags(target, flags, context) {
+  if (flags.forbidden) {
+    return { type: "forbidden" };
+  }
+  if (flags.gone) {
+    return { type: "gone" };
+  }
+  if (flags.redirect) {
+    let finalTarget = target;
+    if (flags.qsAppend) {
+      const currentQs = new URL(context.req.url).search.slice(1);
+      if (currentQs) {
+        const separator = finalTarget.includes("?") ? "&" : "?";
+        finalTarget += separator + currentQs;
+      }
+    }
+    if (flags.qsDiscard) {
+      const qsIndex = finalTarget.indexOf("?");
+      if (qsIndex !== -1) {
+        finalTarget = finalTarget.slice(0, qsIndex);
+      }
+    }
+    return {
+      type: "redirect",
+      url: finalTarget,
+      status: flags.redirect
+    };
+  }
+  return {
+    type: "rewrite",
+    path: target
+  };
+}
+export {
+  applyRewriteFlags,
+  buildVariableContext,
+  expandVariables,
+  testCondition
+};

package/dist/html.d.ts

@@ -2,6 +2,7 @@ import * as hono_utils_html from 'hono/utils/html';
 import { CgiContext } from './cgi.js';
 import 'hono/types';
 import 'hono';
+import './htaccess/types.js';
 
 declare const generateCgiInfo: ({ $_SERVER, $_SESSION, $_REQUEST, config, }: Pick<CgiContext, "$_SERVER" | "$_SESSION" | "$_REQUEST" | "config">) => () => hono_utils_html.HtmlEscapedString | Promise<hono_utils_html.HtmlEscapedString>;
 declare const generateCgiError: ({ error, $_SERVER, }: {

package/dist/index.d.ts

@@ -1,4 +1,7 @@
 export { CgiContext, ConfigObject, MatchboxOptions, ModuleInfo, Page, SessionCookieOptions } from './cgi.js';
+export { HtaccessConfig } from './htaccess/types.js';
+export { parseHtaccess } from './htaccess/parser.js';
+export { corsHeaders, securityHeaders } from './htaccess/headers.js';
 export { createCgi } from './with-defaults.js';
 import 'hono/types';
 import 'hono';

package/dist/index.js

@@ -1,4 +1,8 @@
+import { corsHeaders, parseHtaccess, securityHeaders } from "./htaccess/index.js";
 import { createCgi } from "./with-defaults.js";
 export {
-  createCgi
+  corsHeaders,
+  createCgi,
+  parseHtaccess,
+  securityHeaders
 };

package/dist/middleware/auth.d.ts

@@ -0,0 +1,8 @@
+import { Hono } from 'hono';
+
+/**
+ * Apply Basic Auth middleware to Hono app for each directory
+ */
+declare function applyBasicAuth(app: Hono, authMap: Record<string, string>): void;
+
+export { applyBasicAuth };

package/dist/middleware/auth.js

@@ -0,0 +1,28 @@
+import { basicAuth } from "hono/basic-auth";
+function createBasicAuthMiddleware(htpasswdContent, realm = "Restricted Area") {
+  const credentials = htpasswdContent.split("\n").map((line) => line.trim()).filter((line) => line && !line.startsWith("#")).map((line) => {
+    const [username, password] = line.split(":");
+    return { username, password };
+  });
+  if (credentials.length === 0) {
+    return async (_c, next) => {
+      await next();
+    };
+  }
+  return async (c, next) => {
+    const handler = basicAuth({
+      verifyUser: (u, p) => credentials.some((cred) => cred.username === u && cred.password === p),
+      realm
+    });
+    return handler(c, next);
+  };
+}
+function applyBasicAuth(app, authMap) {
+  Object.entries(authMap).forEach(([dir, content]) => {
+    const authPath = dir === "/" ? "*" : `${dir.replace(/\/$/, "")}/*`;
+    app.use(authPath, createBasicAuthMiddleware(content));
+  });
+}
+export {
+  applyBasicAuth
+};

package/dist/middleware/htaccess.d.ts

@@ -0,0 +1,13 @@
+import { Hono } from 'hono';
+import { HtaccessConfig } from '../htaccess/types.js';
+
+/**
+ * Apply htaccess middleware to Hono app in the correct order
+ */
+declare function applyHtaccessMiddleware(app: Hono, htaccessConfig: HtaccessConfig): void;
+/**
+ * Apply error document middleware (must be applied last)
+ */
+declare function applyErrorDocumentMiddleware(app: Hono, htaccessConfig: HtaccessConfig): void;
+
+export { applyErrorDocumentMiddleware, applyHtaccessMiddleware };

package/dist/middleware/htaccess.js

@@ -0,0 +1,42 @@
+import { createRewriteMiddleware } from "../htaccess/rewrite.js";
+import { createHeaderMiddleware } from "../htaccess/headers.js";
+import { createErrorDocumentMiddleware } from "../htaccess/error-document.js";
+import { createAccessControlMiddleware } from "../htaccess/access-control.js";
+function applyHtaccessMiddleware(app, htaccessConfig) {
+  Object.entries(htaccessConfig).forEach(([dir, config]) => {
+    if (config.headers.length === 0) return;
+    const basePath = dir === "/" ? "" : dir.replace(/\/$/, "");
+    app.use(`${basePath}/*`, createHeaderMiddleware(config.headers));
+  });
+  Object.entries(htaccessConfig).forEach(([dir, config]) => {
+    const allRules = [
+      ...config.rewriteRules,
+      ...config.redirects.map((r) => ({
+        type: "rewrite",
+        pattern: `^${r.source}$`,
+        target: r.target,
+        flags: { redirect: r.code },
+        conditions: []
+      }))
+    ];
+    if (allRules.length === 0) return;
+    const basePath = dir === "/" ? "" : dir.replace(/\/$/, "");
+    app.use(`${basePath}/*`, createRewriteMiddleware(allRules, basePath));
+  });
+  Object.entries(htaccessConfig).forEach(([dir, config]) => {
+    if (!config.accessControl) return;
+    const basePath = dir === "/" ? "" : dir.replace(/\/$/, "");
+    app.use(`${basePath}/*`, createAccessControlMiddleware(config.accessControl));
+  });
+}
+function applyErrorDocumentMiddleware(app, htaccessConfig) {
+  Object.entries(htaccessConfig).forEach(([dir, config]) => {
+    if (config.errorDocuments.length === 0) return;
+    const basePath = dir === "/" ? "" : dir.replace(/\/$/, "");
+    app.use(`${basePath}/*`, createErrorDocumentMiddleware(config.errorDocuments, basePath));
+  });
+}
+export {
+  applyErrorDocumentMiddleware,
+  applyHtaccessMiddleware
+};

package/dist/middleware/index.d.ts

@@ -0,0 +1,10 @@
+export { applyBasicAuth } from './auth.js';
+export { applyErrorDocumentMiddleware, applyHtaccessMiddleware } from './htaccess.js';
+export { getSessionFromCookie, saveSessionToCookie } from './session.js';
+export { applyProtectedFilesMiddleware } from './protected-files.js';
+export { applyTrailingSlashMiddleware } from './trailing-slash.js';
+import 'hono';
+import '../htaccess/types.js';
+import '../cgi.js';
+import 'hono/types';
+import 'hono/utils/html';

package/dist/middleware/index.js

@@ -0,0 +1,14 @@
+import { applyBasicAuth } from "./auth.js";
+import { applyHtaccessMiddleware, applyErrorDocumentMiddleware } from "./htaccess.js";
+import { getSessionFromCookie, saveSessionToCookie } from "./session.js";
+import { applyProtectedFilesMiddleware } from "./protected-files.js";
+import { applyTrailingSlashMiddleware } from "./trailing-slash.js";
+export {
+  applyBasicAuth,
+  applyErrorDocumentMiddleware,
+  applyHtaccessMiddleware,
+  applyProtectedFilesMiddleware,
+  applyTrailingSlashMiddleware,
+  getSessionFromCookie,
+  saveSessionToCookie
+};

package/dist/middleware/protected-files.d.ts

@@ -0,0 +1,8 @@
+import { Hono } from 'hono';
+
+/**
+ * Apply protected files middleware to prevent access to sensitive configuration files
+ */
+declare function applyProtectedFilesMiddleware(app: Hono): void;
+
+export { applyProtectedFilesMiddleware };

package/dist/middleware/protected-files.js

@@ -0,0 +1,14 @@
+const PROTECTED_FILES = [".htaccess", ".htpasswd", ".htdigest", ".htgroup"];
+function applyProtectedFilesMiddleware(app) {
+  app.use("*", async (c, next) => {
+    const path = c.req.path;
+    const lastSegment = path.slice(path.lastIndexOf("/") + 1);
+    if (PROTECTED_FILES.some((file) => lastSegment === file)) {
+      return c.text("Forbidden", 403);
+    }
+    await next();
+  });
+}
+export {
+  applyProtectedFilesMiddleware
+};

package/dist/middleware/session.d.ts

@@ -0,0 +1,16 @@
+import { Context } from 'hono';
+import { SessionCookieOptions } from '../cgi.js';
+import 'hono/types';
+import 'hono/utils/html';
+import '../htaccess/types.js';
+
+/**
+ * Get session data from cookie
+ */
+declare function getSessionFromCookie(c: Context, sessionCookieName?: string): Record<string, unknown>;
+/**
+ * Save session data to cookie
+ */
+declare function saveSessionToCookie(c: Context, session: Record<string, unknown>, options?: SessionCookieOptions): void;
+
+export { getSessionFromCookie, saveSessionToCookie };

package/dist/middleware/session.js

@@ -0,0 +1,37 @@
+import { getCookie, setCookie } from "hono/cookie";
+const DEFAULT_SESSION_COOKIE_NAME = "_SESSION_ID";
+function getSessionFromCookie(c, sessionCookieName) {
+  const cookieName = sessionCookieName || DEFAULT_SESSION_COOKIE_NAME;
+  const sessionCookie = getCookie(c, cookieName);
+  if (sessionCookie) {
+    try {
+      return JSON.parse(decodeURIComponent(sessionCookie));
+    } catch {
+      return {};
+    }
+  }
+  return {};
+}
+function saveSessionToCookie(c, session, options) {
+  const cookieName = options?.name || DEFAULT_SESSION_COOKIE_NAME;
+  const sessionValue = encodeURIComponent(JSON.stringify(session));
+  const sessionOptions = {
+    path: options?.path || "/",
+    httpOnly: true,
+    sameSite: options?.sameSite || "Lax"
+  };
+  if (options?.secure !== void 0) {
+    sessionOptions.secure = options.secure;
+  }
+  if (options?.domain) {
+    sessionOptions.domain = options.domain;
+  }
+  if (options?.maxAge !== void 0) {
+    sessionOptions.maxAge = options.maxAge;
+  }
+  setCookie(c, cookieName, sessionValue, sessionOptions);
+}
+export {
+  getSessionFromCookie,
+  saveSessionToCookie
+};

package/dist/middleware/trailing-slash.d.ts

@@ -0,0 +1,8 @@
+import { Hono } from 'hono';
+
+/**
+ * Apply trailing slash middleware to enforce trailing slash on URLs
+ */
+declare function applyTrailingSlashMiddleware(app: Hono): void;
+
+export { applyTrailingSlashMiddleware };

package/dist/middleware/trailing-slash.js

@@ -0,0 +1,12 @@
+function applyTrailingSlashMiddleware(app) {
+  app.use("*", async (c, next) => {
+    const path = c.req.path;
+    if (!path.endsWith("/") && !path.includes(".")) {
+      return c.redirect(`${path}/`, 301);
+    }
+    await next();
+  });
+}
+export {
+  applyTrailingSlashMiddleware
+};

package/dist/with-defaults.d.ts

@@ -1,7 +1,8 @@
-import { MatchboxOptions } from './cgi.js';
 import * as hono from 'hono';
 import * as hono_types from 'hono/types';
+import { MatchboxOptions } from './cgi.js';
 import 'hono/utils/html';
+import './htaccess/types.js';
 
 declare const createCgi: (options?: MatchboxOptions) => hono.Hono<hono_types.BlankEnv, hono_types.BlankSchema, "/">;
 

package/dist/with-defaults.js

@@ -1,4 +1,5 @@
 import { createCgiWithPages } from "./cgi.js";
+import { parseHtaccess } from "./htaccess/parser.js";
 const loadPagesFromPublic = () => {
   const modules = import.meta.glob("/public/**/*.cgi.{tsx,jsx}", {
     eager: true
@@ -38,40 +39,28 @@ const loadPagesFromPublic = () => {
     },
     {}
   );
-  const rewriteMap = Object.keys(htaccessFiles).reduce((acc, key) => {
+  const htaccessConfig = Object.keys(htaccessFiles).reduce((acc, key) => {
     const dir = key.replace(basePathRegex, "").replace(/\.htaccess$/, "") || "/";
-    const lines = htaccessFiles[key].split("\n");
-    const rules = lines.map((line) => {
-      const l = line.trim();
-      if (!l || l.startsWith("#")) return null;
-      const parts = l.split(/\s+/);
-      if (parts[0] === "RewriteRule") {
-        return {
-          type: "rewrite",
-          pattern: parts[1],
-          target: parts[2],
-          flags: parts[3] || ""
-        };
-      }
-      if (parts[0] === "Redirect") {
-        return {
-          type: "redirect",
-          code: parts[1],
-          source: parts[2],
-          target: parts[3]
-        };
-      }
-      return null;
-    }).filter(Boolean);
-    acc[dir] = rules;
+    const content = htaccessFiles[key];
+    try {
+      acc[dir] = parseHtaccess(content);
+    } catch (error) {
+      console.error(`Error parsing .htaccess in ${dir}:`, error.message);
+      acc[dir] = {
+        rewriteRules: [],
+        redirects: [],
+        errorDocuments: [],
+        headers: []
+      };
+    }
     return acc;
   }, {});
-  return { pages, authMap, rewriteMap };
+  return { pages, authMap, htaccessConfig };
 };
 const createCgi = (options) => {
   const resolvedConfig = typeof __MATCHBOX_CONFIG__ === "undefined" ? {} : __MATCHBOX_CONFIG__;
-  const { pages, authMap, rewriteMap } = loadPagesFromPublic();
-  return createCgiWithPages(pages, resolvedConfig, authMap, rewriteMap, options);
+  const { pages, authMap, htaccessConfig } = loadPagesFromPublic();
+  return createCgiWithPages(pages, resolvedConfig, authMap, htaccessConfig, options);
 };
 export {
   createCgi

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tknf/matchbox",
-  "version": "0.2.6",
+  "version": "0.3.1",
   "description": "A Simple Web Server Framework",
   "keywords": [
     "cgi",