@tstdl/base 0.93.139 → 0.93.140

package/api/README.md

@@ -0,0 +1,403 @@
+# @tstdl/base/api
+
+A comprehensive, type-safe framework for defining, implementing, and consuming HTTP APIs in TypeScript. It leverages a shared API definition to ensure strict contract adherence between server controllers and client implementations without the need for code generation.
+
+## Table of Contents
+
+- [✨ Features](#-features)
+- [Core Concepts](#core-concepts)
+- [🚀 Basic Usage](#-basic-usage)
+  - [1. Define the API](#1-define-the-api)
+  - [2. Implement the Server](#2-implement-the-server)
+  - [3. Configure the Gateway](#3-configure-the-gateway)
+  - [4. Use the Client](#4-use-the-client)
+- [🔧 Advanced Topics](#-advanced-topics)
+  - [Authentication](#authentication)
+  - [Streaming & Server-Sent Events](#streaming--server-sent-events)
+  - [Error Handling](#error-handling)
+  - [Middleware & CORS](#middleware--cors)
+- [📚 API](#-api)
+
+## ✨ Features
+
+- **Single Source of Truth**: Define your API contract once and use it for both server implementation and client generation.
+- **End-to-End Type Safety**: Parameters, request bodies, and response types are statically typed on both ends.
+- **Runtime Validation**: Integrated with `@tstdl/base/schema` to automatically validate inputs and outputs.
+- **Zero-Boilerplate Client**: Generate a fully functional, typed client class at runtime using `compileClient`.
+- **Dependency Injection**: Server controllers are fully integrated with the `@tstdl/base/injector` system.
+- **Streaming Support**: First-class support for binary streams (`ReadableStream`) and Server-Sent Events (`DataStream`).
+- **Standardized Error Handling**: Automatic serialization and deserialization of errors (e.g., `NotFoundError`, `ForbiddenError`) across the wire.
+
+## Core Concepts
+
+The workflow revolves around three main components:
+
+1.  **API Definition**: A plain TypeScript object created via `defineApi`. It describes resources, endpoints, HTTP methods, and schemas for parameters/results.
+2.  **API Controller**: A class decorated with `@apiController` that implements the logic for the defined endpoints. It implements the `ApiController<Definition>` interface to ensure strict adherence to the contract.
+3.  **API Client**: A class generated via `compileClient(Definition)` that provides methods matching the endpoints. It handles URL construction, serialization, and HTTP requests.
+
+## 🚀 Basic Usage
+
+### 1. Define the API
+
+Create a shared file (e.g., `user.api.ts`) accessible to both your server and client code.
+
+```typescript
+import { defineApi } from '@tstdl/base/api';
+import { array, object, string, optional } from '@tstdl/base/schema';
+
+// Define your data models (usually classes with schema decorators)
+class User {
+  @string() id: string;
+  @string() name: string;
+}
+
+export const userApiDefinition = defineApi({
+  resource: 'users', // Base path: /users
+  endpoints: {
+    // GET /users/:id
+    get: {
+      method: 'GET',
+      resource: ':id',
+      parameters: object({
+        id: string(),
+      }),
+      result: User,
+    },
+    // POST /users
+    create: {
+      method: 'POST',
+      parameters: object({
+        name: string(),
+        role: optional(string()),
+      }),
+      result: User,
+    },
+    // GET /users
+    list: {
+      method: 'GET',
+      result: array(User),
+    },
+  },
+});
+
+export type UserApiDefinition = typeof userApiDefinition;
+```
+
+### 2. Implement the Server
+
+Implement the controller class. The `ApiController` interface ensures you implement every endpoint defined in the contract.
+
+```typescript
+import { apiController, type ApiController, type ApiRequestContext, type ApiServerResult } from '@tstdl/base/api/server';
+import { NotFoundError } from '@tstdl/base/errors';
+import { inject } from '@tstdl/base/injector';
+import { userApiDefinition, type UserApiDefinition } from './user.api.js';
+import { UserService } from './user.service.js'; // Assuming a service exists
+
+@apiController(userApiDefinition)
+export class UserApiController implements ApiController<UserApiDefinition> {
+  readonly #userService = inject(UserService);
+
+  async get({ parameters }: ApiRequestContext<UserApiDefinition, 'get'>): Promise<ApiServerResult<UserApiDefinition, 'get'>> {
+    const user = await this.#userService.findById(parameters.id);
+
+    if (!user) {
+      throw new NotFoundError(`User ${parameters.id} not found`);
+    }
+
+    return user;
+  }
+
+  async create({ parameters }: ApiRequestContext<UserApiDefinition, 'create'>): Promise<ApiServerResult<UserApiDefinition, 'create'>> {
+    return this.#userService.create(parameters);
+  }
+
+  async list(): Promise<ApiServerResult<UserApiDefinition, 'list'>> {
+    return this.#userService.findAll();
+  }
+}
+```
+
+### 3. Configure the Gateway
+
+Register the controller and configure the server gateway in your application bootstrap.
+
+```typescript
+import { configureApiServer } from '@tstdl/base/api/server';
+import { configureNodeHttpServer } from '@tstdl/base/http/server/node';
+import { UserApiController } from './user.controller.js';
+
+// ... inside your bootstrap function
+configureNodeHttpServer(); // Sets up the underlying HTTP server
+
+configureApiServer({
+  controllers: [UserApiController],
+  gatewayOptions: {
+    prefix: 'api', // Global prefix, e.g., /api/users
+    cors: {
+      accessControlAllowOrigin: '*', // Configure CORS as needed
+    },
+    csrf: {
+      trustedHosts: ['myapp.com'], // Enable CSRF protection
+    },
+    supressedErrors: [UnauthorizedError], // Don't log 401s as full errors
+    defaultMaxBytes: 10 * 1024 * 1024, // 10MB default limit
+  },
+});
+```
+
+### 4. Use the Client
+
+On the client side, compile the client and use it.
+
+```typescript
+import { compileClient } from '@tstdl/base/api/client';
+import { configureUndiciHttpClientAdapter } from '@tstdl/base/http/client/adapters/undici.adapter'; // or fetch adapter for browser
+import { configureHttpClient, HttpClient } from '@tstdl/base/http/client';
+import { inject } from '@tstdl/base/injector';
+import { userApiDefinition } from './shared/user.api.js';
+
+// 1. Configure HTTP Client (once per app)
+configureUndiciHttpClientAdapter();
+configureHttpClient({ baseUrl: 'http://localhost:8080/api' });
+
+// 2. Compile the specific API client
+const UserApiClient = compileClient(userApiDefinition);
+
+// 3. Use it
+async function main() {
+  // You can inject it if using the DI system, or instantiate with an HttpClient
+  const client = inject(UserApiClient);
+
+  const newUser = await client.create({ name: 'Alice' });
+  console.log('Created:', newUser);
+
+  const user = await client.get({ id: newUser.id });
+  console.log('Fetched:', user);
+}
+```
+
+## 🔧 Advanced Topics
+
+### Authentication
+
+To handle authentication, implement an `ApiRequestTokenProvider`. This provider extracts token information (like a JWT) from the request.
+
+1.  **Define the Provider:**
+
+    ```typescript
+    import { ApiRequestTokenProvider, type ApiRequestData } from '@tstdl/base/api/server';
+    import { Singleton } from '@tstdl/base/injector';
+    import { UnauthorizedError } from '@tstdl/base/errors';
+
+    export type MyToken = { userId: string; role: string };
+
+    @Singleton()
+    export class MyTokenProvider extends ApiRequestTokenProvider {
+      override async tryGetToken<T>(data: ApiRequestData): Promise<T | null> {
+        const authHeader = data.request.headers.authorization;
+        if (!authHeader) return null;
+
+        // ... validate and decode token ...
+        return { userId: '123', role: 'admin' } as T;
+      }
+    }
+    ```
+
+2.  **Register the Provider:**
+
+    ```typescript
+    configureApiServer({
+      // ...
+      requestTokenProvider: MyTokenProvider,
+    });
+    ```
+
+3.  **Use in Controller:**
+
+    ```typescript
+    // In API definition
+    endpoints: {
+      secureAction: { /* ... */, credentials: true }
+    }
+
+    // In Controller
+    async secureAction({ getToken, getAuditor }: ApiRequestContext<...>) {
+      const token = await getToken<MyToken>(); // Throws if no token
+      console.log(token.userId);
+
+      const auditor = await getAuditor();
+      auditor.log('Action performed', { userId: token.userId });
+    }
+    ```
+
+### Streaming & Server-Sent Events
+
+The framework supports streaming binary data and Server-Sent Events (SSE).
+
+**Binary Stream:**
+
+```typescript
+// Definition
+download: {
+  method: 'GET',
+  result: ReadableStream, // or Uint8Array, or Blob
+}
+
+// Controller
+async download(): Promise<ApiServerResult<...>> {
+  const fileStream = createReadStream('file.txt');
+  // Convert node stream to web ReadableStream if necessary, or return Uint8Array
+  return readableStreamFromNode(fileStream);
+}
+```
+
+**Server-Sent Events (DataStream):**
+
+Use `DataStream` to stream typed objects to the client.
+
+```typescript
+import { DataStream } from '@tstdl/base/sse';
+
+// Definition
+events: {
+  method: 'GET',
+  result: DataStream(MyEventType), // MyEventType is a Schema/Class
+}
+
+// Controller
+async *events(): ApiServerResult<...> {
+  yield { type: 'ping', timestamp: Date.now() };
+  await timeout(1000);
+  yield { type: 'pong', timestamp: Date.now() };
+}
+
+// Client
+const stream$ = await client.events(); // Returns Observable<MyEventType>
+stream$.subscribe(event => console.log(event));
+```
+
+### Manual Response Control
+
+Sometimes you need full control over the HTTP response (e.g., setting custom headers, status codes, or cookies). You can return an `HttpServerResponse` directly from your controller.
+
+```typescript
+import { HttpServerResponse } from '@tstdl/base/api/server';
+
+async customResponse(): Promise<ApiServerResult<...>> {
+  return new HttpServerResponse()
+    .setStatusCode(201)
+    .setHeader('X-Custom-Header', 'Value')
+    .setJsonBody({ message: 'Created' });
+}
+```
+
+### Advanced Endpoint Configuration
+
+Endpoints can be further customized in the `ApiDefinition`.
+
+```typescript
+export const myApi = defineApi({
+  resource: 'files',
+  endpoints: {
+    upload: {
+      method: 'POST',
+      body: ReadableStream, // Expect a binary stream
+      maxBytes: 100 * 1024 * 1024, // 100MB limit for this endpoint
+      credentials: true, // Send/accept cookies
+      cors: {
+        accessControlAllowOrigin: 'https://trusted.com',
+      },
+      data: { auditCategory: 'file-upload' }, // Custom metadata
+    }
+  }
+});
+```
+
+### Error Handling
+
+Standard errors thrown in controllers are automatically mapped to HTTP status codes.
+
+| Error Class             | Status Code |
+| :---------------------- | :---------- |
+| `BadRequestError`       | 400         |
+| `UnauthorizedError`     | 401         |
+| `ForbiddenError`        | 403         |
+| `NotFoundError`         | 404         |
+| `MethodNotAllowedError` | 405         |
+| `NotImplementedError`   | 501         |
+
+You can register custom error handlers using `registerErrorHandler`.
+
+```typescript
+import { registerErrorHandler } from '@tstdl/base/api';
+import { CustomError } from '@tstdl/base/errors';
+
+class MyCustomError extends CustomError {
+  static errorName = 'MyCustomError';
+  constructor(public code: number) {
+    super('Custom error');
+  }
+}
+
+// Register mapping
+registerErrorHandler(
+  MyCustomError,
+  418, // Status code
+  (error) => ({ code: error.code }), // Serializer
+  (data, responseError) => new MyCustomError(data.code), // Deserializer
+);
+```
+
+### Middleware & CORS
+
+The `ApiGateway` uses a middleware pipeline. You can configure default middlewares like CORS via `gatewayOptions`.
+
+```typescript
+configureApiServer({
+  gatewayOptions: {
+    cors: {
+      accessControlAllowOrigin: 'https://myapp.com',
+      accessControlAllowCredentials: true,
+    },
+    // Add custom middlewares
+    middlewares: [
+      async (context, next) => {
+        console.log(`Request: ${context.request.url}`);
+        await next();
+      },
+    ],
+  },
+});
+```
+
+## 📚 API
+
+### Definition & Client
+
+| Symbol                                | Description                                       |
+| :------------------------------------ | :------------------------------------------------ |
+| `defineApi(definition)`               | Helper to create a typed API definition object.   |
+| `compileClient(definition, options?)` | Generates a class constructor for the API client. |
+| `ApiClient<T>`                        | Type representing the generated client class.     |
+
+### Server
+
+| Symbol                        | Description                                                                                |
+| :---------------------------- | :----------------------------------------------------------------------------------------- |
+| `@apiController(definition)`  | Decorator to register a class as an implementation for an API definition.                  |
+| `configureApiServer(options)` | Bootstraps the API server module, registering controllers and gateway options.             |
+| `ApiGateway`                  | The main entry point that handles HTTP requests and routes them to controllers.            |
+| `ApiRequestTokenProvider`     | Abstract class for implementing token extraction logic.                                    |
+| `ApiRequestContext`           | Passed to controller methods; contains `parameters`, `body`, `request`, and `getToken`.    |
+| `HttpServerResponse`          | Class representing the HTTP response; can be returned from controllers for manual control. |
+
+### Types
+
+| Symbol                  | Description                                                                                     |
+| :---------------------- | :---------------------------------------------------------------------------------------------- |
+| `ApiDefinition`         | The structure of the API contract (resource, endpoints, optional prefix).                       |
+| `ApiEndpointDefinition` | Configuration for a single endpoint (method, resource, parameters, body, result, maxBytes, etc). |
+| `ApiServerResult<T, K>` | The expected return type for a server controller method (Typed result or `HttpServerResponse`). |
+| `ApiClientResult<T, K>` | The expected return type for a client method.                                                   |

package/api/client/client.js

@@ -1,4 +1,5 @@
-import { CancellationToken } from '../../cancellation/index.js';
+import { from, takeUntil } from 'rxjs';
+import { CancellationSignal } from '../../cancellation/token.js';
 import { HttpClient, HttpClientRequest } from '../../http/client/index.js';
 import { bustCache, normalizeSingleHttpValue } from '../../http/index.js';
 import { inject } from '../../injector/inject.js';
@@ -109,7 +110,7 @@ export function compileClient(definition, options = defaultOptions) {
                     body: getRequestBody(requestBody),
                     credentials: (endpoint.credentials == true) ? 'include' : undefined,
                     context: { ...context, ...requestOptions?.context },
-                    abortSignal: getCancellationSignal(requestOptions?.abortSignal),
+                    cancellationSignal: requestOptions?.cancellationSignal,
                     timeout: requestOptions?.timeout,
                     headers: requestOptions?.headers,
                     authorization: requestOptions?.authorization,
@@ -172,20 +173,13 @@ function getServerSentEvents(baseUrl, resource, endpoint, parameters, options) {
         }
     }
     const sse = new ServerSentEvents(url.toString(), { withCredentials: endpoint.credentials });
-    if (isDefined(options?.abortSignal)) {
-        options.abortSignal.addEventListener('abort', () => sse.close(), { once: true });
+    if (isDefined(options?.cancellationSignal)) {
+        from(CancellationSignal.from(options.cancellationSignal))
+            .pipe(takeUntil(sse.close$))
+            .subscribe(() => sse.close());
     }
     return sse;
 }
-function getCancellationSignal(signal) {
-    if (isUndefined(signal)) {
-        return undefined;
-    }
-    if (signal instanceof AbortSignal) {
-        return CancellationToken.from(signal).signal;
-    }
-    return signal;
-}
 export function getHttpClientOfApiClient(apiClient) {
     return apiClient[httpClientSymbol];
 }

package/api/client/tests/api-client.test.js

@@ -48,36 +48,36 @@ describe('ApiClient', () => {
         const abortController = new AbortController();
         const cancellationToken = new CancellationToken();
         // 1. No params
-        await client.noParams({ abortSignal: abortController.signal });
+        await client.noParams({ cancellationSignal: abortController.signal });
         expect(mockHttpClient.rawRequest).toHaveBeenLastCalledWith(expect.objectContaining({
             url: expect.stringContaining('no-params'),
         }));
         let lastRequest = mockHttpClient.rawRequest.mock.calls.at(-1)[0];
-        expect(lastRequest.abortSignal.isSet).toBe(false);
+        expect(lastRequest.cancellationSignal.isSet).toBe(false);
         abortController.abort();
-        expect(lastRequest.abortSignal.isSet).toBe(true);
+        expect(lastRequest.cancellationSignal.isSet).toBe(true);
         // 2. Only params
-        await client.onlyParams({ id: '123' }, { abortSignal: cancellationToken.abortSignal });
+        await client.onlyParams({ id: '123' }, { cancellationSignal: cancellationToken.abortSignal });
         expect(mockHttpClient.rawRequest).toHaveBeenLastCalledWith(expect.objectContaining({
             url: expect.stringContaining('only-params'),
             parameters: { id: '123' },
         }));
         lastRequest = mockHttpClient.rawRequest.mock.calls.at(-1)[0];
-        expect(lastRequest.abortSignal.isSet).toBe(false);
+        expect(lastRequest.cancellationSignal.isSet).toBe(false);
         cancellationToken.set();
-        expect(lastRequest.abortSignal.isSet).toBe(true);
+        expect(lastRequest.cancellationSignal.isSet).toBe(true);
         // 3. Params and body
         const abortController3 = new AbortController();
-        await client.paramsAndBody({ id: '456' }, { data: 'val' }, { abortSignal: abortController3.signal });
+        await client.paramsAndBody({ id: '456' }, { data: 'val' }, { cancellationSignal: abortController3.signal });
         expect(mockHttpClient.rawRequest).toHaveBeenLastCalledWith(expect.objectContaining({
             url: expect.stringContaining('params-and-body'),
             parameters: { id: '456' },
             body: { json: { data: 'val' } },
         }));
         lastRequest = mockHttpClient.rawRequest.mock.calls.at(-1)[0];
-        expect(lastRequest.abortSignal.isSet).toBe(false);
+        expect(lastRequest.cancellationSignal.isSet).toBe(false);
         abortController3.abort();
-        expect(lastRequest.abortSignal.isSet).toBe(true);
+        expect(lastRequest.cancellationSignal.isSet).toBe(true);
         // 4. Omitted requestOptions
         await client.onlyParams({ id: '789' });
         expect(mockHttpClient.rawRequest).toHaveBeenLastCalledWith(expect.objectContaining({
@@ -85,7 +85,7 @@ describe('ApiClient', () => {
             parameters: { id: '789' },
         }));
         lastRequest = mockHttpClient.rawRequest.mock.calls.at(-1)[0];
-        expect(lastRequest.abortSignal.isSet).toBe(false);
+        expect(lastRequest.cancellationSignal.isSet).toBe(false);
     });
     it('should handle different HTTP methods', async () => {
         const apiDefinition = defineApi({

package/api/default-error-handlers.js

@@ -10,7 +10,7 @@ export function serializeSchemaError(error) {
 export function serializeInnerSchemaError(error) {
     return {
         message: error.message,
-        ...serializeSchemaError(error)
+        ...serializeSchemaError(error),
     };
 }
 export function deserializeSchemaError(message, data) {

package/api/response.d.ts

@@ -25,8 +25,8 @@ export type ResponseError = {
 export declare function registerErrorHandler<T extends CustomError, TData extends ErrorHandlerData>(constructor: CustomErrorStatic<T>, statusCode: number, serializer: ErrorSerializer<T, TData>, deserializer: ErrorDeserializer<T, TData>): void;
 export declare function hasErrorHandler(typeOrResponseOrName: CustomErrorStatic | ErrorResponse | string): boolean;
 export declare function getErrorStatusCode(error: CustomError, defaultStatusCode?: number): number;
-export declare function createErrorResponse(error: Error, details?: any): ErrorResponse;
-export declare function createErrorResponse(name: string, message: string, details?: any): ErrorResponse;
+export declare function createErrorResponse(error: Error, details?: unknown): ErrorResponse;
+export declare function createErrorResponse(name: string, message: string, details?: unknown): ErrorResponse;
 export declare function logAndGetErrorResponse(logger: Logger, supressedErrors: Set<Type<Error>>, error: unknown): {
     statusCode: number;
     errorResponse: ErrorResponse;

package/api/response.js

@@ -1,6 +1,6 @@
 import { SecretRequirementsError } from '../authentication/errors/secret-requirements.error.js';
-import { SchemaError } from '../schema/schema.error.js';
 import { formatError } from '../errors/index.js';
+import { SchemaError } from '../schema/schema.error.js';
 import { ApiError, BadRequestError, ForbiddenError, InvalidCredentialsError, InvalidTokenError, MaxBytesExceededError, MethodNotAllowedError, NotFoundError, NotImplementedError, NotSupportedError, UnauthorizedError, UnsupportedMediaTypeError } from '../errors/index.js';
 import { assertString, isDefined, isFunction, isObject, isString } from '../utils/type-guards.js';
 import { deserializeSchemaError, serializeSchemaError } from './default-error-handlers.js';
@@ -25,41 +25,28 @@ export function hasErrorHandler(typeOrResponseOrName) {
 export function getErrorStatusCode(error, defaultStatusCode = 500) {
     return errorHandlers.get(error.name)?.statusCode ?? defaultStatusCode;
 }
-export function createErrorResponse(errorOrName, message = '', details) {
-    let response;
-    if (errorOrName instanceof Error) {
-        const handler = errorHandlers.get(errorOrName.name);
-        if (isDefined(handler)) {
-            const data = handler.serializer(errorOrName);
-            response = {
-                error: {
-                    name: errorOrName.name,
-                    message: errorOrName.message,
-                    details,
-                    data,
-                },
-            };
-        }
-        else {
-            response = {
-                error: {
-                    name: errorOrName.name,
-                    message: errorOrName.message,
-                    details,
-                },
-            };
-        }
+export function createErrorResponse(...args) {
+    let name;
+    let message;
+    let details;
+    let data;
+    if (isString(args[0])) {
+        [name, message, details] = args;
     }
     else {
-        response = {
-            error: {
-                name: errorOrName,
-                message,
-                details,
-            },
-        };
+        let error;
+        [error, details] = args;
+        ({ name, message } = error);
+        data = errorHandlers.get(name)?.serializer(error);
     }
-    return response;
+    return {
+        error: {
+            name,
+            message,
+            details,
+            ...(isDefined(data) ? { data } : undefined),
+        },
+    };
 }
 export function logAndGetErrorResponse(logger, supressedErrors, error) {
     if (error instanceof Error) {
@@ -100,6 +87,7 @@ export function parseErrorResponse(response, fallbackToGenericApiError = true) {
 export function isErrorResponse(response) {
     return isObject(response) && isDefined(response.error);
 }
+// biome-ignore-start lint/style/noMagicNumbers: http status codes
 registerErrorHandler(ApiError, 400, ({ response }) => response, (response) => new ApiError(response));
 registerErrorHandler(BadRequestError, 400, () => undefined, (_, error) => new BadRequestError(error.message));
 registerErrorHandler(ForbiddenError, 403, () => undefined, (_, error) => new ForbiddenError(error.message));
@@ -114,3 +102,4 @@ registerErrorHandler(SchemaError, 400, serializeSchemaError, (data, error) => de
 registerErrorHandler(SecretRequirementsError, 403, () => undefined, (_, error) => new SecretRequirementsError(error.message));
 registerErrorHandler(UnauthorizedError, 401, () => undefined, (_, error) => new UnauthorizedError(error.message));
 registerErrorHandler(UnsupportedMediaTypeError, 415, () => undefined, (_, error) => new UnsupportedMediaTypeError(error.message));
+// biome-ignore-end lint/style/noMagicNumbers: http status codes

package/api/server/api-controller.d.ts

@@ -6,6 +6,6 @@ export declare const apiControllerDefinition: unique symbol;
 export declare function getApiControllerDefinition(controller: Type | ApiController): ApiDefinition;
 export declare function isApiController(controller: Type): boolean;
 export declare function ensureApiController(controller: Type): void;
-export declare function apiController<T = Type<ApiController>, A = any>(definition: ApiDefinition | ApiDefinitionProvider, injectableOptions?: InjectableOptionsWithoutLifecycle<T, A>): ClassDecorator;
+export declare function apiController<T = Type<ApiController>, A = unknown>(definition: ApiDefinition | ApiDefinitionProvider, injectableOptions?: InjectableOptionsWithoutLifecycle<T, A>): ClassDecorator;
 export declare function implementApi<T extends ApiDefinition>(definition: T, implementation: ApiController<T>): Constructor<ApiController<T>>;
 export {};

package/api/server/api-controller.js

@@ -21,9 +21,9 @@ export function ensureApiController(controller) {
     }
 }
 export function apiController(definition, injectableOptions = {}) {
-    function apiControllerDecorator(constructor) {
-        registeredApiControllers.set(constructor, definition);
-        Singleton(injectableOptions)(constructor);
+    function apiControllerDecorator(type) {
+        registeredApiControllers.set(type, definition);
+        Singleton(injectableOptions)(type);
     }
     return apiControllerDecorator;
 }

package/api/server/api-request-token.provider.d.ts

@@ -1,3 +1,4 @@
+/** biome-ignore-all lint/nursery/noExcessiveClassesPerFile: ok */
 import type { Token } from '../../authentication/index.js';
 import type { ApiRequestData } from '../types.js';
 export declare abstract class ApiRequestTokenProvider {

package/api/server/api-request-token.provider.js

@@ -1,3 +1,4 @@
+/** biome-ignore-all lint/nursery/noExcessiveClassesPerFile: ok */
 var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
     var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
     if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);

package/api/server/middlewares/allowed-methods.middleware.js

@@ -5,7 +5,8 @@ export async function allowedMethodsMiddleware({ endpoint, api, request, respons
         if (isUndefined(endpoint)) {
             throw new MethodNotAllowedError(`Method ${request.method} for resource ${api.resource} not available.`);
         }
-        return next();
+        await next();
+        return;
     }
     const allowMethods = [...api.endpoints.keys()].join(', ');
     response.statusCode = 204;

package/api/server/middlewares/content-type.middleware.js

@@ -25,6 +25,7 @@ function matchBodyType(bodyType) {
             return 'application/octet-stream';
         case 'events':
             return 'text/event-stream';
+        case 'none':
+            return undefined;
     }
-    throw new Error(`Unsupported body type: ${bodyType}`);
 }