@travetto/web 6.0.1 → 6.0.2

package/README.md

@@ -88,7 +88,7 @@ export class WebResponse<B = unknown> extends BaseWebMessage<B, WebResponseConte
 }
 ```
 
-These objects do not represent the underlying sockets provided by various http servers, but in fact are simple wrappers that track the flow through the call stack of the various [WebInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/types/interceptor.ts#L15)s and the [Endpoint](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L14) handler.  One of the biggest departures here, is that the response is not an entity that is passed around from call-site to call-site, but is is solely a return-value.  This doesn't mean the return value has to be static and pre-allocated, on the contrary streams are still supported.  The difference here is that the streams/asynchronous values will be consumed until the response is sent back to the user. The [CompressInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/compress.ts#L50) is a good reference for transforming a [WebResponse](https://github.com/travetto/travetto/tree/main/module/web/src/types/response.ts#L3) that can either be a stream or a fixed value.
+These objects do not represent the underlying sockets provided by various http servers, but in fact are simple wrappers that track the flow through the call stack of the various [WebInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/types/interceptor.ts#L15)s and the [Endpoint](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/endpoint.ts#L14) handler.  One of the biggest departures here, is that the response is not an entity that is passed around from call-site to call-site, but is is solely a return-value.  This doesn't mean the return value has to be static and pre-allocated, on the contrary streams are still supported.  The difference here is that the streams/asynchronous values will be consumed until the response is sent back to the user. The [CompressInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/compress.ts#L44) is a good reference for transforming a [WebResponse](https://github.com/travetto/travetto/tree/main/module/web/src/types/response.ts#L3) that can either be a stream or a fixed value.
 
 ## Defining a Controller
 To start, we must define a [@Controller](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/controller.ts#L9), which is only allowed on classes. Controllers can be configured with:
@@ -378,8 +378,8 @@ Out of the box, the web framework comes with a few interceptors, and more are co
    1. global - Intended to run outside of the request flow - [AsyncContextInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/context.ts#L13)
    1. terminal - Handles once request and response are finished building - [LoggingInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/logging.ts#L28), [RespondInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/respond.ts#L12)
    1. pre-request - Prepares the request for running - [TrustProxyInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/trust-proxy.ts#L23)
-   1. request - Handles inbound request, validation, and body preparation - [DecompressInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/decompress.ts#L53), [AcceptInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/accept.ts#L34), [BodyInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/body.ts#L57), [CookieInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/cookie.ts#L60) 
-   1. response - Prepares outbound response - [CompressInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/compress.ts#L50), [CorsInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/cors.ts#L51), [EtagInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/etag.ts#L43), [CacheControlInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/cache-control.ts#L23) 
+   1. request - Handles inbound request, validation, and body preparation - [DecompressInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/decompress.ts#L53), [AcceptInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/accept.ts#L33), [BodyInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/body.ts#L58), [CookieInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/cookie.ts#L60) 
+   1. response - Prepares outbound response - [CompressInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/compress.ts#L44), [CorsInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/cors.ts#L51), [EtagInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/etag.ts#L43), [CacheControlInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/cache-control.ts#L23) 
    1. application - Lives outside of the general request/response behavior, [Web Auth](https://github.com/travetto/travetto/tree/main/module/auth-web#readme "Web authentication integration support for the Travetto framework") uses this for login and logout flows.
 
 ### Packaged Interceptors
@@ -425,7 +425,7 @@ export class TrustProxyConfig {
 ```
 
 #### AcceptInterceptor
-[AcceptInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/accept.ts#L34) handles verifying the inbound request matches the allowed content-types. This acts as a standard gate-keeper for spurious input.
+[AcceptInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/accept.ts#L33) handles verifying the inbound request matches the allowed content-types. This acts as a standard gate-keeper for spurious input.
 
 **Code: Accept Config**
 ```typescript
@@ -478,7 +478,7 @@ export class CookieConfig implements CookieSetOptions {
   /**
    * Supported only via http (not in JS)
    */
-  httpOnly = true;
+  httponly = true;
   /**
    * Enforce same site policy
    */
@@ -504,7 +504,7 @@ export class CookieConfig implements CookieSetOptions {
 ```
 
 #### BodyInterceptor
-[BodyInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/body.ts#L57) handles the inbound request, and converting the body payload into an appropriate format.
+[BodyInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/body.ts#L58) handles the inbound request, and converting the body payload into an appropriate format.
 
 **Code: Body Config**
 ```typescript
@@ -532,7 +532,7 @@ export class WebBodyConfig {
 ```
 
 #### CompressInterceptor
-[CompressInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/compress.ts#L50) by default, will compress all valid outbound responses over a certain size, or for streams will cache every response. This relies on Node's [Buffer](https://nodejs.org/api/zlib.html) support for compression.
+[CompressInterceptor](https://github.com/travetto/travetto/tree/main/module/web/src/interceptor/compress.ts#L44) by default, will compress all valid outbound responses over a certain size, or for streams will cache every response. This relies on Node's [Buffer](https://nodejs.org/api/zlib.html) support for compression.
 
 **Code: Compress Config**
 ```typescript
@@ -545,10 +545,6 @@ export class CompressConfig {
    * Raw encoding options
    */
   raw?: (ZlibOptions & BrotliOptions) | undefined;
-  /**
-   * Preferred encodings
-   */
-  preferredEncodings?: WebCompressEncoding[] = ['br', 'gzip', 'identity'];
   /**
    * Supported encodings
    */
@@ -739,14 +735,11 @@ export class SimpleAuthInterceptor implements WebInterceptor {
 ```
 
 ## Cookie Support
-Cookies are a unique element, within the framework, as they sit on the request and response flows.  Ideally we would separate these out, but given the support for key rotation, there is a scenario in which reading a cookie on the request, will result in a cookie needing to be written on the response.  Because of this, cookies are treated as being outside the normal [WebRequest](https://github.com/travetto/travetto/tree/main/module/web/src/types/request.ts#L11) activity, and is exposed as the [@ContextParam](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/param.ts#L61) [CookieJar](https://github.com/travetto/travetto/tree/main/module/web/src/util/cookie.ts#L11).  The [CookieJar](https://github.com/travetto/travetto/tree/main/module/web/src/util/cookie.ts#L11) has a fairly basic contract:
+Cookies are a unique element, within the framework, as they sit on the request and response flows.  Ideally we would separate these out, but given the support for key rotation, there is a scenario in which reading a cookie on the request, will result in a cookie needing to be written on the response.  Because of this, cookies are treated as being outside the normal [WebRequest](https://github.com/travetto/travetto/tree/main/module/web/src/types/request.ts#L11) activity, and is exposed as the [@ContextParam](https://github.com/travetto/travetto/tree/main/module/web/src/decorator/param.ts#L61) [CookieJar](https://github.com/travetto/travetto/tree/main/module/web/src/util/cookie.ts#L12).  The [CookieJar](https://github.com/travetto/travetto/tree/main/module/web/src/util/cookie.ts#L12) has a fairly basic contract:
 
 **Code: CookieJar contract**
 ```typescript
 export class CookieJar {
-  static parseCookieHeader(header: string): Cookie[];
-  static parseSetCookieHeader(header: string): Cookie;
-  static responseSuffix(c: Cookie): string[];
   constructor({ keys, ...options }: CookieJarOptions = {});
   import(cookies: Cookie[]): this;
   has(name: string, opts: CookieGetOptions = {}): boolean;

package/__index__.ts

@@ -38,7 +38,8 @@ export * from './src/interceptor/trust-proxy.ts';
 
 export * from './src/util/body.ts';
 export * from './src/util/endpoint.ts';
-export * from './src/util/mime.ts';
+export * from './src/util/header.ts';
 export * from './src/util/cookie.ts';
 export * from './src/util/common.ts';
+export * from './src/util/keygrip.ts';
 export * from './src/util/net.ts';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@travetto/web",
-  "version": "6.0.1",
+  "version": "6.0.2",
   "description": "Declarative support creating for Web Applications",
   "keywords": [
     "web",
@@ -31,13 +31,7 @@
     "@travetto/registry": "^6.0.0",
     "@travetto/runtime": "^6.0.0",
     "@travetto/schema": "^6.0.0",
-    "@types/fresh": "^0.5.2",
-    "@types/keygrip": "^1.0.6",
-    "@types/negotiator": "^0.6.3",
-    "find-my-way": "^9.3.0",
-    "fresh": "^0.5.2",
-    "keygrip": "^1.1.0",
-    "negotiator": "^1.0.0"
+    "find-my-way": "^9.3.0"
   },
   "peerDependencies": {
     "@travetto/cli": "^6.0.0",

package/src/interceptor/accept.ts

@@ -2,7 +2,6 @@ import { Injectable, Inject } from '@travetto/di';
 import { Config } from '@travetto/config';
 import { Ignore } from '@travetto/schema';
 
-import { MimeUtil } from '../util/mime.ts';
 import { WebCommonUtil } from '../util/common.ts';
 
 import { WebChainedContext } from '../types/filter.ts';
@@ -39,7 +38,7 @@ export class AcceptInterceptor implements WebInterceptor<AcceptConfig> {
   config: AcceptConfig;
 
   finalizeConfig({ config }: WebInterceptorContext<AcceptConfig>): AcceptConfig {
-    config.matcher = MimeUtil.matcher(config.types ?? []);
+    config.matcher = WebCommonUtil.mimeTypeMatcher(config.types ?? []);
     return config;
   }
 

package/src/interceptor/body.ts

@@ -14,6 +14,7 @@ import { ByteSizeInput, WebCommonUtil } from '../util/common.ts';
 import { AcceptInterceptor } from './accept.ts';
 import { DecompressInterceptor } from './decompress.ts';
 import { WebError } from '../types/error.ts';
+import { WebHeaderUtil } from '../util/header.ts';
 
 /**
  * @concrete
@@ -90,12 +91,13 @@ export class BodyInterceptor implements WebInterceptor<WebBodyConfig> {
       throw WebError.for('Request entity too large', 413, { length, limit });
     }
 
-    const contentType = request.headers.getContentType();
-    if (!contentType) {
+    const contentType = WebHeaderUtil.parseHeaderSegment(request.headers.get('Content-Type'));
+    if (!contentType.value) {
       return next();
     }
 
-    const parserType = config.parsingTypes[contentType.full] ?? config.parsingTypes[contentType.type];
+    const [baseType,] = contentType.value.split('/');
+    const parserType = config.parsingTypes[contentType.value] ?? config.parsingTypes[baseType];
     if (!parserType) {
       return next();
     }

package/src/interceptor/cache-control.ts

@@ -35,23 +35,15 @@ export class CacheControlInterceptor implements WebInterceptor {
   async filter({ next }: WebChainedContext<CacheControlConfig>): Promise<WebResponse> {
     const response = await next();
     if (!response.headers.has('Cache-Control')) {
-      const parts: string[] = [];
-      if (response.context.isPrivate !== undefined) {
-        parts.push(response.context.isPrivate ? 'private' : 'public');
-      }
-      if (response.context.cacheableAge !== undefined) {
-        parts.push(
-          ...(response.context.cacheableAge <= 0 ?
-            ['no-store', 'max-age=0'] :
-            [`max-age=${response.context.cacheableAge}`]
-          )
-        );
-      } else if (response.context.isPrivate) { // If private, but no age, don't store
-        parts.push('no-store');
-      }
-      if (parts.length) {
-        response.headers.set('Cache-Control', parts.join(','));
+      const parts: string[] = [response.context.isPrivate ? 'private' : 'public'];
+      const age = response.context.cacheableAge ?? (response.context.isPrivate ? 0 : undefined);
+      if (age !== undefined) {
+        if (age <= 0) {
+          parts.push('no-store');
+        }
+        parts.push(`max-age=${Math.max(age, 0)}`);
       }
+      response.headers.set('Cache-Control', parts.join(','));
     }
     return response;
   }

package/src/interceptor/compress.ts

@@ -1,20 +1,18 @@
 import { buffer } from 'node:stream/consumers';
 import { BrotliOptions, constants, createBrotliCompress, createDeflate, createGzip, ZlibOptions } from 'node:zlib';
 
-// eslint-disable-next-line @typescript-eslint/naming-convention
-import Negotiator from 'negotiator';
-
 import { Injectable, Inject } from '@travetto/di';
 import { Config } from '@travetto/config';
-import { castTo } from '@travetto/runtime';
 
 import { WebInterceptor, WebInterceptorContext } from '../types/interceptor.ts';
 import { WebInterceptorCategory } from '../types/core.ts';
 import { WebChainedContext } from '../types/filter.ts';
 import { WebResponse } from '../types/response.ts';
-import { WebBodyUtil } from '../util/body.ts';
 import { WebError } from '../types/error.ts';
 
+import { WebBodyUtil } from '../util/body.ts';
+import { WebHeaderUtil } from '../util/header.ts';
+
 const COMPRESSORS = {
   gzip: createGzip,
   deflate: createDeflate,
@@ -33,10 +31,6 @@ export class CompressConfig {
    * Raw encoding options
    */
   raw?: (ZlibOptions & BrotliOptions) | undefined;
-  /**
-   * Preferred encodings
-   */
-  preferredEncodings?: WebCompressEncoding[] = ['br', 'gzip', 'identity'];
   /**
    * Supported encodings
    */
@@ -55,10 +49,10 @@ export class CompressInterceptor implements WebInterceptor {
   config: CompressConfig;
 
   async compress(ctx: WebChainedContext, response: WebResponse): Promise<WebResponse> {
-    const { raw = {}, preferredEncodings = [], supportedEncodings } = this.config;
+    const { raw = {}, supportedEncodings } = this.config;
     const { request } = ctx;
 
-    response.headers.vary('Accept-Encoding');
+    response.headers.append('Vary', 'Accept-Encoding');
 
     if (
       !response.body ||
@@ -69,15 +63,13 @@ export class CompressInterceptor implements WebInterceptor {
     }
 
     const accepts = request.headers.get('Accept-Encoding');
-    const type: WebCompressEncoding | undefined =
-      castTo(new Negotiator({ headers: { 'accept-encoding': accepts ?? '*' } })
-        .encoding([...supportedEncodings, ...preferredEncodings]));
+    const type = WebHeaderUtil.negotiateHeader(accepts ?? '*', supportedEncodings);
 
-    if (accepts && (!type || !accepts.includes(type))) {
+    if (!type) {
       throw WebError.for(`Please accept one of: ${supportedEncodings.join(', ')}. ${accepts} is not supported`, 406);
     }
 
-    if (type === 'identity' || !type) {
+    if (type === 'identity') {
       return response;
     }
 

package/src/interceptor/cookie.ts

@@ -29,7 +29,7 @@ export class CookieConfig implements CookieSetOptions {
   /**
    * Supported only via http (not in JS)
    */
-  httpOnly = true;
+  httponly = true;
   /**
    * Enforce same site policy
    */

package/src/interceptor/etag.ts

@@ -1,5 +1,4 @@
 import crypto from 'node:crypto';
-import fresh from 'fresh';
 
 import { Injectable, Inject } from '@travetto/di';
 import { Config } from '@travetto/config';
@@ -13,6 +12,7 @@ import { WebInterceptorCategory } from '../types/core.ts';
 import { CompressInterceptor } from './compress.ts';
 import { WebBodyUtil } from '../util/body.ts';
 import { ByteSizeInput, WebCommonUtil } from '../util/common.ts';
+import { WebHeaderUtil } from '../util/header.ts';
 
 @Config('web.etag')
 export class EtagConfig {
@@ -85,17 +85,7 @@ export class EtagInterceptor implements WebInterceptor {
     const tag = this.computeTag(body);
     binaryResponse.headers.set('ETag', `${ctx.config.weak ? 'W/' : ''}"${tag}"`);
 
-    if (
-      ctx.config.cacheable &&
-      fresh({
-        'if-modified-since': request.headers.get('If-Modified-Since')!,
-        'if-none-match': request.headers.get('If-None-Match')!,
-        'cache-control': request.headers.get('Cache-Control')!,
-      }, {
-        etag: binaryResponse.headers.get('ETag')!,
-        'last-modified': binaryResponse.headers.get('Last-Modified')!
-      })
-    ) {
+    if (ctx.config.cacheable && WebHeaderUtil.isFresh(request.headers, binaryResponse.headers)) {
       // Remove length for the 304
       binaryResponse.headers.delete('Content-Length');
       return new WebResponse({

package/src/types/cookie.ts

@@ -9,7 +9,7 @@ export type Cookie = {
   priority?: 'low' | 'medium' | 'high';
   sameSite?: 'strict' | 'lax' | 'none';
   secure?: boolean;
-  httpOnly?: boolean;
+  httponly?: boolean;
   partitioned?: boolean;
   response?: boolean;
 };

package/src/types/headers.ts

@@ -1,19 +1,14 @@
-import { Any, ByteRange, castTo } from '@travetto/runtime';
-import { MimeType, MimeUtil } from '../util/mime.ts';
+import { Any, castTo } from '@travetto/runtime';
 
 type Prim = number | boolean | string;
 type HeaderValue = Prim | Prim[] | readonly Prim[];
 export type WebHeadersInit = Headers | Record<string, undefined | null | HeaderValue> | [string, HeaderValue][];
 
-const FILENAME_EXTRACT = /filename[*]?=["]?([^";]*)["]?/;
-
 /**
  * Simple Headers wrapper with additional logic for common patterns
  */
 export class WebHeaders extends Headers {
 
-  #parsedType?: MimeType;
-
   constructor(o?: WebHeadersInit) {
     const passed = (o instanceof Headers);
     super(passed ? o : undefined);
@@ -56,42 +51,6 @@ export class WebHeaders extends Headers {
     }
   }
 
-  /**
-   * Vary a value
-   */
-  vary(value: string): void {
-    this.append('Vary', value);
-  }
-
-  /**
-   * Get the fully parsed content type
-   */
-  getContentType(): MimeType | undefined {
-    return this.#parsedType ??= MimeUtil.parse(this.get('Content-Type')!);
-  }
-
-  /**
-   * Read the filename from the content disposition
-   */
-  getFilename(): string | undefined {
-    const [, match] = (this.get('Content-Disposition') ?? '').match(FILENAME_EXTRACT) ?? [];
-    return match;
-  }
-
-  /**
-   * Get requested byte range for a given request
-   */
-  getRange(chunkSize: number = 100 * 1024): ByteRange | undefined {
-    const rangeHeader = this.get('Range');
-    if (rangeHeader) {
-      const [start, end] = rangeHeader.replace(/bytes=/, '').split('-')
-        .map(x => x ? parseInt(x, 10) : undefined);
-      if (start !== undefined) {
-        return { start, end: end ?? (start + chunkSize) };
-      }
-    }
-  }
-
   /**
    * Set header value with a prefix
    */

package/src/util/body.ts

@@ -1,6 +1,5 @@
 import { TextDecoder } from 'node:util';
 import { Readable } from 'node:stream';
-import { buffer as toBuffer } from 'node:stream/consumers';
 
 import { Any, BinaryUtil, castTo, hasToJSON, Util } from '@travetto/runtime';
 
@@ -15,20 +14,6 @@ const WebRawStreamSymbol = Symbol();
  */
 export class WebBodyUtil {
 
-  /**
-   * Convert a node binary input to a buffer
-   */
-  static async toBuffer(src: WebBinaryBody): Promise<Buffer> {
-    return Buffer.isBuffer(src) ? src : toBuffer(src);
-  }
-
-  /**
-   * Convert a node binary input to a readable
-   */
-  static toReadable(src: WebBinaryBody): Readable {
-    return Buffer.isBuffer(src) ? Readable.from(src) : src;
-  }
-
   /**
    * Generate multipart body
    */

package/src/util/common.ts

@@ -1,4 +1,4 @@
-import { AppError, ErrorCategory } from '@travetto/runtime';
+import { AppError, ErrorCategory, Util } from '@travetto/runtime';
 
 import { WebResponse } from '../types/response.ts';
 import { WebRequest } from '../types/request.ts';
@@ -31,6 +31,12 @@ export class WebCommonUtil {
     gb: 2 ** 30,
   };
 
+  static #convert(rule: string): RegExp {
+    const core = (rule.endsWith('/*') || !rule.includes('/')) ?
+      `${rule.replace(/[/].{0,20}$/, '')}\/.*` : rule;
+    return new RegExp(`^${core}[ ]{0,10}(;|$)`);
+  }
+
   static #buildEdgeMap<T, U extends OrderedState<T>>(items: List<U>): Map<T, Set<T>> {
     const edgeMap = new Map(items.map(x => [x.key, new Set(x.after ?? [])]));
 
@@ -49,6 +55,19 @@ export class WebCommonUtil {
     return edgeMap;
   }
 
+
+  /**
+   * Build matcher
+   */
+  static mimeTypeMatcher(rules: string[] | string = []): (contentType: string) => boolean {
+    return Util.allowDeny<RegExp, [string]>(
+      rules,
+      this.#convert.bind(this),
+      (regex, mime) => regex.test(mime),
+      k => k
+    );
+  }
+
   /**
    * Produces a satisfied ordering for a list of orderable elements
    */

package/src/util/cookie.ts

@@ -1,7 +1,8 @@
-import keygrip from 'keygrip';
-import { AppError, castKey, castTo } from '@travetto/runtime';
+import { AppError } from '@travetto/runtime';
 
 import { Cookie, CookieGetOptions, CookieSetOptions } from '../types/cookie.ts';
+import { KeyGrip } from './keygrip.ts';
+import { WebHeaderUtil } from './header.ts';
 
 const pairText = (c: Cookie): string => `${c.name}=${c.value}`;
 const pair = (k: string, v: unknown): string => `${k}=${v}`;
@@ -10,55 +11,13 @@ type CookieJarOptions = { keys?: string[] } & CookieSetOptions;
 
 export class CookieJar {
 
-  static parseCookieHeader(header: string): Cookie[] {
-    return header.split(/\s{0,4};\s{0,4}/g)
-      .map(x => x.trim())
-      .filter(x => !!x)
-      .map(item => {
-        const kv = item.split(/\s{0,4}=\s{0,4}/);
-        return { name: kv[0], value: kv[1] };
-      });
-  }
-
-  static parseSetCookieHeader(header: string): Cookie {
-    const parts = header.split(/\s{0,4};\s{0,4}/g);
-    const [name, value] = parts[0].split(/\s{0,4}=\s{0,4}/);
-    const c: Cookie = { name, value };
-    for (const p of parts.slice(1)) {
-      // eslint-disable-next-line prefer-const
-      let [k, v = ''] = p.split(/\s{0,4}=\s{0,4}/);
-      if (v[0] === '"') {
-        v = v.slice(1, -1);
-      }
-      if (k === 'expires') {
-        c[k] = new Date(v);
-      } else {
-        c[castKey(k)] = castTo(v || true);
-      }
-    }
-    return c;
-  }
-
-  static responseSuffix(c: Cookie): string[] {
-    const parts = [];
-    if (c.path) { parts.push(pair('path', c.path)); }
-    if (c.expires) { parts.push(pair('expires', c.expires.toUTCString())); }
-    if (c.domain) { parts.push(pair('domain', c.domain)); }
-    if (c.priority) { parts.push(pair('priority', c.priority.toLowerCase())); }
-    if (c.sameSite) { parts.push(pair('samesite', c.sameSite.toLowerCase())); }
-    if (c.secure) { parts.push('secure'); }
-    if (c.httpOnly) { parts.push('httponly'); }
-    if (c.partitioned) { parts.push('partitioned'); }
-    return parts;
-  }
-
-  #grip?: keygrip;
+  #grip?: KeyGrip;
   #cookies: Record<string, Cookie> = {};
   #setOptions: CookieSetOptions = {};
   #deleteOptions: CookieSetOptions = { maxAge: 0, expires: undefined };
 
   constructor({ keys, ...options }: CookieJarOptions = {}) {
-    this.#grip = keys?.length ? new keygrip(keys) : undefined;
+    this.#grip = keys?.length ? new KeyGrip(keys) : undefined;
     this.#setOptions = {
       secure: false,
       path: '/',
@@ -68,7 +27,7 @@ export class CookieJar {
   }
 
   #exportCookie(cookie: Cookie, response?: boolean): string[] {
-    const suffix = response ? CookieJar.responseSuffix(cookie) : null;
+    const suffix = response ? WebHeaderUtil.buildCookieSuffix(cookie) : null;
     const payload = pairText(cookie);
     const out = suffix ? [[payload, ...suffix].join(';')] : [payload];
     if (cookie.signed) {
@@ -144,11 +103,11 @@ export class CookieJar {
   }
 
   importCookieHeader(header: string | null | undefined): this {
-    return this.import(CookieJar.parseCookieHeader(header ?? ''));
+    return this.import(WebHeaderUtil.parseCookieHeader(header ?? ''));
   }
 
   importSetCookieHeader(headers: string[] | null | undefined): this {
-    return this.import(headers?.map(CookieJar.parseSetCookieHeader) ?? []);
+    return this.import(headers?.map(WebHeaderUtil.parseSetCookieHeader) ?? []);
   }
 
   exportCookieHeader(): string {

package/src/util/header.ts

@@ -0,0 +1,161 @@
+import { ByteRange, castKey, castTo } from '@travetto/runtime';
+
+import { type Cookie } from '../types/cookie.ts';
+import { WebHeaders } from '../types/headers.ts';
+
+export type WebParsedHeader = { value: string, parameters: Record<string, string>, q?: number };
+
+const SPLIT_EQ = /[ ]{0,10}=[ ]{0,10}/g;
+const SPLIT_COMMA = /[ ]{0,10},[ ]{0,10}/g;
+const SPLIT_SEMI = /[ ]{0,10};[ ]{0,10}/g;
+const QUOTE = '"'.charCodeAt(0);
+
+/**
+ * Web header utils
+ */
+export class WebHeaderUtil {
+
+  /**
+   * Parse cookie header
+   */
+  static parseCookieHeader(header: string): Cookie[] {
+    const val = header.trim();
+    return !val ? [] : val.split(SPLIT_SEMI).map(item => {
+      const [name, value] = item.split(SPLIT_EQ);
+      return { name, value };
+    });
+  }
+
+  /**
+   * Parse cookie set header
+   */
+  static parseSetCookieHeader(header: string): Cookie {
+    const parts = header.split(SPLIT_SEMI);
+    const [name, value] = parts[0].split(SPLIT_EQ);
+    const c: Cookie = { name, value };
+    for (const p of parts.slice(1)) {
+      const [k, pv = ''] = p.toLowerCase().split(SPLIT_EQ);
+      const v = pv.charCodeAt(0) === QUOTE ? pv.slice(1, -1) : pv;
+      if (k === 'expires') {
+        c[k] = new Date(v);
+      } else {
+        c[castKey(k)] = castTo(v || true);
+      }
+    }
+    return c;
+  }
+
+  /**
+   * Parse header segment
+   * @input input
+   */
+  static parseHeaderSegment(input: string | null | undefined): WebParsedHeader {
+    if (!input) {
+      return { value: '', parameters: {} };
+    }
+    const [rv, ...parts] = input.split(SPLIT_SEMI);
+    const item: WebParsedHeader = { value: '', parameters: {} };
+    const value = rv.charCodeAt(0) === QUOTE ? rv.slice(1, -1) : rv;
+    if (value.includes('=')) {
+      parts.unshift(value);
+    } else {
+      item.value = value;
+    }
+    for (const part of parts) {
+      const [k, pv = ''] = part.split(SPLIT_EQ);
+      const v = (pv.charCodeAt(0) === QUOTE) ? pv.slice(1, -1) : pv;
+      item.parameters[k] = v;
+      if (k === 'q') {
+        item.q = parseFloat(v);
+      }
+    }
+    return item;
+  }
+
+  /**
+   * Parse full header
+   */
+  static parseHeader(input: string): WebParsedHeader[] {
+    const v = input.trim();
+    if (!input) { return []; }
+    return v.split(SPLIT_COMMA).map(x => this.parseHeaderSegment(x));
+  }
+
+  /**
+   * Build cookie suffix
+   */
+  static buildCookieSuffix(c: Cookie): string[] {
+    const parts = [];
+    if (c.path) { parts.push(`path=${c.path}`); }
+    if (c.expires) { parts.push(`expires=${c.expires.toUTCString()}`); }
+    if (c.domain) { parts.push(`domain=${c.domain}`); }
+    if (c.priority) { parts.push(`priority=${c.priority.toLowerCase()}`); }
+    if (c.sameSite) { parts.push(`samesite=${c.sameSite.toLowerCase()}`); }
+    if (c.secure) { parts.push('secure'); }
+    if (c.httponly) { parts.push('httponly'); }
+    if (c.partitioned) { parts.push('partitioned'); }
+    return parts;
+  }
+
+  /**
+   * Negotiate header
+   */
+  static negotiateHeader<K extends string>(header: string, values: K[]): K | undefined {
+    if (header === '*' || header === '*/*') {
+      return values[0];
+    }
+    const sorted = this.parseHeader(header.toLowerCase()).filter(x => (x.q ?? 1) > 0).toSorted((a, b) => (b.q ?? 1) - (a.q ?? 1));
+    const set = new Set(values);
+    for (const { value } of sorted) {
+      const vk: K = castKey(value);
+      if (value === '*') {
+        return values[0];
+      } else if (set.has(vk)) {
+        return vk;
+      }
+    }
+    return undefined;
+  }
+
+  /**
+   * Get requested byte range for a given request
+   */
+  static getRange(headers: WebHeaders, chunkSize: number = 100 * 1024): ByteRange | undefined {
+    if (!headers.has('Range')) {
+      return;
+    }
+    const { parameters } = this.parseHeaderSegment(headers.get('Range'));
+    if ('bytes' in parameters) {
+      const [start, end] = parameters.bytes.split('-')
+        .map(x => x ? parseInt(x, 10) : undefined);
+      if (start !== undefined) {
+        return { start, end: end ?? (start + chunkSize) };
+      }
+    }
+  }
+
+  /**
+   * Check freshness of the response using request and response headers.
+   */
+  static isFresh(req: WebHeaders, res: WebHeaders): boolean {
+    const cacheControl = req.get('Cache-Control');
+    if (cacheControl?.includes('no-cache')) {
+      return false;
+    }
+
+    const noneMatch = req.get('If-None-Match');
+    if (noneMatch) {
+      const etag = res.get('ETag');
+      const validTag = (v: string): boolean => v === etag || v === `W/${etag}` || `W/${v}` === etag;
+      return noneMatch === '*' || (!!etag && noneMatch.split(SPLIT_COMMA).some(validTag));
+    } else {
+      const modifiedSince = req.get('If-Modified-Since');
+      const lastModified = res.get('Last-Modified');
+      if (!modifiedSince || !lastModified) {
+        return false;
+      }
+      const [a, b] = [Date.parse(lastModified), Date.parse(modifiedSince)];
+      return !(Number.isNaN(a) || Number.isNaN(b)) && a >= b;
+    }
+  }
+}

package/src/util/keygrip.ts

@@ -0,0 +1,43 @@
+import crypto, { BinaryToTextEncoding } from 'node:crypto';
+import { AppError, castKey } from '@travetto/runtime';
+
+const CHAR_MAPPING = { '/': '_', '+': '-', '=': '' };
+
+function timeSafeCompare(a: string, b: string): boolean {
+  const key = crypto.randomBytes(32);
+  const ah = crypto.createHmac('sha256', key).update(a).digest();
+  const bh = crypto.createHmac('sha256', key).update(b).digest();
+  return ah.length === bh.length && crypto.timingSafeEqual(ah, bh);
+}
+
+export class KeyGrip {
+
+  #keys: string[];
+  #algorithm: string;
+  #encoding: BinaryToTextEncoding;
+
+  constructor(keys: string[], algorithm = 'sha1', encoding: BinaryToTextEncoding = 'base64') {
+    if (!keys.length) {
+      throw new AppError('Keys must be defined');
+    }
+    this.#keys = keys;
+    this.#algorithm = algorithm;
+    this.#encoding = encoding;
+  }
+
+  sign(data: string, key?: string): string {
+    return crypto
+      .createHmac(this.#algorithm, key ?? this.#keys[0])
+      .update(data)
+      .digest(this.#encoding)
+      .replace(/[/+=]/g, x => CHAR_MAPPING[castKey(x)]);
+  }
+
+  verify(data: string, digest: string): boolean {
+    return this.index(data, digest) > -1;
+  }
+
+  index(data: string, digest: string): number {
+    return this.#keys.findIndex(key => timeSafeCompare(digest, this.sign(data, key)));
+  }
+}

package/support/test/dispatch-util.ts

@@ -1,4 +1,5 @@
-import { buffer as toBuffer } from 'node:stream/consumers';
+import { buffer } from 'node:stream/consumers';
+import { Readable } from 'node:stream';
 
 import { AppError, BinaryUtil, castTo } from '@travetto/runtime';
 import { BindUtil } from '@travetto/schema';
@@ -9,6 +10,8 @@ import { DecompressInterceptor } from '../../src/interceptor/decompress.ts';
 import { WebBodyUtil } from '../../src/util/body.ts';
 import { WebCommonUtil } from '../../src/util/common.ts';
 
+const toBuffer = (src: Buffer | Readable) => Buffer.isBuffer(src) ? src : buffer(src);
+
 /**
  * Utilities for supporting custom test dispatchers
  */
@@ -18,7 +21,7 @@ export class WebTestDispatchUtil {
     if (request.body !== undefined) {
       const sample = WebBodyUtil.toBinaryMessage(request);
       sample.headers.forEach((v, k) => request.headers.set(k, Array.isArray(v) ? v.join(',') : v));
-      request.body = WebBodyUtil.markRaw(await WebBodyUtil.toBuffer(sample.body!));
+      request.body = WebBodyUtil.markRaw(await toBuffer(sample.body!));
     }
     Object.assign(request.context, { httpQuery: BindUtil.flattenPaths(request.context.httpQuery ?? {}) });
     return request;
@@ -31,7 +34,7 @@ export class WebTestDispatchUtil {
 
     if (decompress) {
       if (Buffer.isBuffer(result) || BinaryUtil.isReadable(result)) {
-        const bufferResult = result = await WebBodyUtil.toBuffer(result);
+        const bufferResult = result = await toBuffer(result);
         if (bufferResult.length) {
           try {
             result = await DecompressInterceptor.decompress(
@@ -74,7 +77,7 @@ export class WebTestDispatchUtil {
 
     const body: RequestInit['body'] =
       WebBodyUtil.isRaw(request.body) ?
-        Buffer.isBuffer(request.body) ? request.body : await toBuffer(request.body) :
+        await toBuffer(request.body) :
         castTo(request.body);
 
     return { path: finalPath, init: { headers, method, body } };

package/support/test/suite/base.ts

@@ -20,6 +20,9 @@ export class WebTestConfig implements ConfigSource {
           http: {
             ssl: { active: false },
             port: -1,
+          },
+          etag: {
+            minimumSize: 1
           }
         }
       },

package/src/util/mime.ts

@@ -1,36 +0,0 @@
-import { Util } from '@travetto/runtime';
-
-export type MimeType = { type: string, subtype: string, full: string, parameters: Record<string, string> };
-
-/**
- * Utils for checking mime patterns
- */
-export class MimeUtil {
-
-  static #convert(rule: string): RegExp {
-    const core = (rule.endsWith('/*') || !rule.includes('/')) ?
-      `${rule.replace(/[/].{0,20}$/, '')}\/.*` : rule;
-    return new RegExp(`^${core}[ ]{0,10}(;|$)`);
-  }
-
-  static parse(mimeType?: string): MimeType | undefined {
-    if (mimeType) {
-      const [full, ...params] = mimeType.split(/;/).map(x => x.trim());
-      const [type, subtype] = full.split('/');
-      const parameters = Object.fromEntries(params.map(v => v.split('=')).map(([k, v]) => [k.toLowerCase(), v]));
-      return { type, subtype, full, parameters };
-    }
-  }
-
-  /**
-   * Build matcher
-   */
-  static matcher(rules: string[] | string = []): (contentType: string) => boolean {
-    return Util.allowDeny<RegExp, [string]>(
-      rules,
-      this.#convert.bind(this),
-      (regex, mime) => regex.test(mime),
-      k => k
-    );
-  }
-}