@usetoki/toki 0.1.1

package/dist/cookies.js

@@ -0,0 +1,54 @@
+const COOKIE_NAME = /^[\w!#$%&'*.^`|~+-]+$/;
+/** Parses a `Cookie` header into a name → value map. Duplicate names: first wins. */
+export function parseCookies(header) {
+    const out = {};
+    for (const part of header.split(";")) {
+        const eq = part.indexOf("=");
+        const name = (eq === -1 ? part : part.slice(0, eq)).trim();
+        if (name.length === 0 || name in out) {
+            continue;
+        }
+        let value = eq === -1 ? "" : part.slice(eq + 1).trim();
+        if (value.length >= 2 && value.startsWith('"') && value.endsWith('"')) {
+            value = value.slice(1, -1);
+        }
+        try {
+            out[name] = decodeURIComponent(value);
+        }
+        catch {
+            out[name] = value;
+        }
+    }
+    return Object.freeze(out);
+}
+/** Serializes one `Set-Cookie` header value. Throws on an invalid name. */
+export function serializeCookie(name, value, options = {}) {
+    if (!COOKIE_NAME.test(name)) {
+        throw new TypeError(`Invalid cookie name: ${name}`);
+    }
+    let cookie = `${name}=${encodeURIComponent(value)}`;
+    if (options.maxAge !== undefined) {
+        cookie += `; Max-Age=${Math.trunc(options.maxAge)}`;
+    }
+    if (options.domain) {
+        cookie += `; Domain=${options.domain}`;
+    }
+    cookie += `; Path=${options.path ?? "/"}`;
+    if (options.expires) {
+        cookie += `; Expires=${options.expires.toUTCString()}`;
+    }
+    if (options.httpOnly) {
+        cookie += "; HttpOnly";
+    }
+    if (options.secure) {
+        cookie += "; Secure";
+    }
+    if (options.partitioned) {
+        cookie += "; Partitioned";
+    }
+    if (options.sameSite) {
+        cookie += `; SameSite=${options.sameSite}`;
+    }
+    return cookie;
+}
+//# sourceMappingURL=cookies.js.map

package/dist/cookies.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookies.js","sourceRoot":"","sources":["../ts/cookies.ts"],"names":[],"mappings":"AAcA,MAAM,WAAW,GAAG,uBAAuB,CAAC;AAE5C,qFAAqF;AACrF,MAAM,UAAU,YAAY,CAAC,MAAc;IACzC,MAAM,GAAG,GAAuC,EAAE,CAAC;IACnD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3D,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,IAAI,GAAG,EAAE,CAAC;YACrC,SAAS;QACX,CAAC;QACD,IAAI,KAAK,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACvD,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACtE,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;QACpB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AAC5B,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,eAAe,CAAC,IAAY,EAAE,KAAa,EAAE,UAAyB,EAAE;IACtF,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,SAAS,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC;IACD,IAAI,MAAM,GAAG,GAAG,IAAI,IAAI,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC;IACpD,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,IAAI,aAAa,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;IACtD,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,IAAI,YAAY,OAAO,CAAC,MAAM,EAAE,CAAC;IACzC,CAAC;IACD,MAAM,IAAI,UAAU,OAAO,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;IAC1C,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,aAAa,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;IACzD,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,IAAI,YAAY,CAAC;IACzB,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,IAAI,UAAU,CAAC;IACvB,CAAC;IACD,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,MAAM,IAAI,eAAe,CAAC;IAC5B,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,IAAI,cAAc,OAAO,CAAC,QAAQ,EAAE,CAAC;IAC7C,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/forms.d.ts

@@ -0,0 +1,13 @@
+/** An uploaded file from a multipart form. */
+export interface FormFile {
+    readonly name: string;
+    readonly filename: string;
+    readonly contentType: string;
+    readonly data: Uint8Array;
+}
+export interface ParsedForm {
+    readonly fields: Record<string, string>;
+    readonly files: ReadonlyArray<FormFile>;
+}
+/** Parse a request body by content type; null for unrecognized types. */
+export declare function parseForm(contentType: string, body: Uint8Array): ParsedForm | null;

package/dist/forms.js

@@ -0,0 +1,64 @@
+/** Parse a request body by content type; null for unrecognized types. */
+export function parseForm(contentType, body) {
+    const type = contentType.toLowerCase();
+    if (type.startsWith("application/x-www-form-urlencoded")) {
+        return parseUrlencoded(body);
+    }
+    if (type.startsWith("multipart/form-data")) {
+        const boundary = /boundary=("?)([^";]+)\1/i.exec(contentType)?.[2];
+        return boundary ? parseMultipart(body, boundary) : { fields: {}, files: [] };
+    }
+    return null;
+}
+function parseUrlencoded(body) {
+    const params = new URLSearchParams(Buffer.from(body).toString("utf8"));
+    const fields = {};
+    for (const [name, value] of params) {
+        fields[name] = value;
+    }
+    return { fields, files: [] };
+}
+const DASH_DASH = Buffer.from("--");
+const CRLF = Buffer.from("\r\n");
+const HEADER_END = Buffer.from("\r\n\r\n");
+function parseMultipart(body, boundary) {
+    const buf = Buffer.from(body.buffer, body.byteOffset, body.byteLength);
+    const delimiter = Buffer.from(`--${boundary}`);
+    const fields = {};
+    const files = [];
+    let pos = buf.indexOf(delimiter);
+    while (pos !== -1) {
+        pos += delimiter.length;
+        // trailing `--` marks the final boundary
+        if (buf[pos] === DASH_DASH[0] && buf[pos + 1] === DASH_DASH[1]) {
+            break;
+        }
+        if (buf[pos] === CRLF[0] && buf[pos + 1] === CRLF[1]) {
+            pos += 2;
+        }
+        const headerEnd = buf.indexOf(HEADER_END, pos);
+        if (headerEnd === -1) {
+            break;
+        }
+        const headerText = buf.toString("utf8", pos, headerEnd);
+        const dataStart = headerEnd + HEADER_END.length;
+        const next = buf.indexOf(delimiter, dataStart);
+        if (next === -1) {
+            break;
+        }
+        // data ends just before the CRLF preceding the next delimiter
+        const data = buf.subarray(dataStart, next - CRLF.length);
+        const name = /name="([^"]*)"/i.exec(headerText)?.[1] ?? "";
+        const filename = /filename="([^"]*)"/i.exec(headerText)?.[1];
+        if (filename !== undefined) {
+            const contentType = /content-type:\s*([^\r\n]+)/i.exec(headerText)?.[1] ?? "application/octet-stream";
+            files.push({ name, filename, contentType, data: new Uint8Array(data) });
+        }
+        else {
+            fields[name] = data.toString("utf8");
+        }
+        pos = next;
+    }
+    return { fields, files };
+}
+//# sourceMappingURL=forms.js.map

package/dist/forms.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"forms.js","sourceRoot":"","sources":["../ts/forms.ts"],"names":[],"mappings":"AAcA,yEAAyE;AACzE,MAAM,UAAU,SAAS,CAAC,WAAmB,EAAE,IAAgB;IAC7D,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IACvC,IAAI,IAAI,CAAC,UAAU,CAAC,mCAAmC,CAAC,EAAE,CAAC;QACzD,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC;IACD,IAAI,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAC3C,MAAM,QAAQ,GAAG,0BAA0B,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACnE,OAAO,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IAC/E,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CAAC,IAAgB;IACvC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACvE,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;IACvB,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;AAC/B,CAAC;AAED,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACpC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACjC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;AAE3C,SAAS,cAAc,CAAC,IAAgB,EAAE,QAAgB;IACxD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACvE,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC,CAAC;IAC/C,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,MAAM,KAAK,GAAe,EAAE,CAAC;IAE7B,IAAI,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACjC,OAAO,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;QAClB,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC;QACxB,yCAAyC;QACzC,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/D,MAAM;QACR,CAAC;QACD,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YACrD,GAAG,IAAI,CAAC,CAAC;QACX,CAAC;QACD,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QAC/C,IAAI,SAAS,KAAK,CAAC,CAAC,EAAE,CAAC;YACrB,MAAM;QACR,CAAC;QACD,MAAM,UAAU,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;QACxD,MAAM,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC;QAChD,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAC/C,IAAI,IAAI,KAAK,CAAC,CAAC,EAAE,CAAC;YAChB,MAAM;QACR,CAAC;QACD,8DAA8D;QAC9D,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;QAEzD,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3D,MAAM,QAAQ,GAAG,qBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7D,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,MAAM,WAAW,GACf,6BAA6B,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,0BAA0B,CAAC;YACpF,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC1E,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC;QACD,GAAG,GAAG,IAAI,CAAC;IACb,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AAC3B,CAAC"}

package/dist/group.d.ts

@@ -0,0 +1,19 @@
+import type { Handler, Middleware, RouteMethod } from "./types.js";
+export declare function joinPaths(prefix: string, path: string): string;
+type RegisterRoute = (method: RouteMethod, path: string, handler: Handler, middleware: Middleware[]) => void;
+/** Prefixed route group; its middleware runs after the app's. */
+export declare class RouteGroup {
+    #private;
+    constructor(prefix: string, register: RegisterRoute);
+    /** Add middleware scoped to this group. */
+    use(middleware: Middleware): this;
+    get(path: string, handler: Handler): this;
+    post(path: string, handler: Handler): this;
+    put(path: string, handler: Handler): this;
+    patch(path: string, handler: Handler): this;
+    delete(path: string, handler: Handler): this;
+    head(path: string, handler: Handler): this;
+    options(path: string, handler: Handler): this;
+    route(method: RouteMethod, path: string, handler: Handler): this;
+}
+export {};

package/dist/group.js

@@ -0,0 +1,51 @@
+export function joinPaths(prefix, path) {
+    const left = prefix.endsWith("/") ? prefix.slice(0, -1) : prefix;
+    const right = path.startsWith("/") ? path : `/${path}`;
+    return `${left}${right}` || "/";
+}
+/** Prefixed route group; its middleware runs after the app's. */
+export class RouteGroup {
+    #prefix;
+    #register;
+    // shared by ref with every registered route, so `use` after a route still
+    // applies (resolves at listen)
+    #middleware = [];
+    constructor(prefix, register) {
+        this.#prefix = prefix;
+        this.#register = register;
+    }
+    /** Add middleware scoped to this group. */
+    use(middleware) {
+        this.#middleware.push(middleware);
+        return this;
+    }
+    get(path, handler) {
+        return this.#add("GET", path, handler);
+    }
+    post(path, handler) {
+        return this.#add("POST", path, handler);
+    }
+    put(path, handler) {
+        return this.#add("PUT", path, handler);
+    }
+    patch(path, handler) {
+        return this.#add("PATCH", path, handler);
+    }
+    delete(path, handler) {
+        return this.#add("DELETE", path, handler);
+    }
+    head(path, handler) {
+        return this.#add("HEAD", path, handler);
+    }
+    options(path, handler) {
+        return this.#add("OPTIONS", path, handler);
+    }
+    route(method, path, handler) {
+        return this.#add(method, path, handler);
+    }
+    #add(method, path, handler) {
+        this.#register(method, joinPaths(this.#prefix, path), handler, this.#middleware);
+        return this;
+    }
+}
+//# sourceMappingURL=group.js.map

package/dist/group.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"group.js","sourceRoot":"","sources":["../ts/group.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,SAAS,CAAC,MAAc,EAAE,IAAY;IACpD,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IACjE,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;IACvD,OAAO,GAAG,IAAI,GAAG,KAAK,EAAE,IAAI,GAAG,CAAC;AAClC,CAAC;AASD,iEAAiE;AACjE,MAAM,OAAO,UAAU;IACZ,OAAO,CAAS;IAChB,SAAS,CAAgB;IAClC,0EAA0E;IAC1E,+BAA+B;IACtB,WAAW,GAAiB,EAAE,CAAC;IAExC,YAAY,MAAc,EAAE,QAAuB;QACjD,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;IAC5B,CAAC;IAED,2CAA2C;IAC3C,GAAG,CAAC,UAAsB;QACxB,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,GAAG,CAAC,IAAY,EAAE,OAAgB;QAChC,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,CAAC,IAAY,EAAE,OAAgB;QACjC,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IACD,GAAG,CAAC,IAAY,EAAE,OAAgB;QAChC,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IACD,KAAK,CAAC,IAAY,EAAE,OAAgB;QAClC,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,CAAC;IACD,MAAM,CAAC,IAAY,EAAE,OAAgB;QACnC,OAAO,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,CAAC,IAAY,EAAE,OAAgB;QACjC,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,CAAC,IAAY,EAAE,OAAgB;QACpC,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAC7C,CAAC;IACD,KAAK,CAAC,MAAmB,EAAE,IAAY,EAAE,OAAgB;QACvD,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,CAAC,MAAmB,EAAE,IAAY,EAAE,OAAgB;QACtD,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QACjF,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}

package/dist/index.d.ts

@@ -0,0 +1,19 @@
+export { createApp, Scope, Toki } from "./app.js";
+export type { TokiInstance, TokiPlugin } from "./app.js";
+export { RouteGroup } from "./group.js";
+export type { InjectOptions, InjectResponse } from "./inject.js";
+export { TokiRequest } from "./request.js";
+export { reply } from "./response.js";
+export { parseCookies, serializeCookie } from "./cookies.js";
+export type { CookieOptions } from "./cookies.js";
+export { createConsoleLogger, silentLogger } from "./logger.js";
+export { compression, corsHeaders, corsPreflight, securityHeaders } from "./middleware.js";
+export type { CompressionOptions, CorsOptions, SecurityOptions } from "./middleware.js";
+export { serialize, validate } from "./schema.js";
+export type { ErrorMessages, JSONSchema, RouteSchema } from "./schema.js";
+export { JwtError, jwtAuth, signJwt, verifyJwt } from "./jwt.js";
+export type { JwtAlgorithm, JwtAuthOptions, JwtPayload, SignOptions, VerifyOptions, } from "./jwt.js";
+export type { FormFile, ParsedForm } from "./forms.js";
+export type { StaticOptions } from "./static.js";
+export type { ServerOptions } from "./native.js";
+export type { BodyParser, ContentTypeParserEntry, ErrorHandler, Handler, HandlerResult, HookName, JsonResult, LifecycleHook, ListenHandle, Logger, LogLevel, Middleware, PluginOptions, ResponseHook, RouteMethod, RouteOptions, SerializationHook, StreamResponse, StreamSource, TokiOptions, TokiResponse, } from "./types.js";

package/dist/index.js

@@ -0,0 +1,11 @@
+// Public API surface.
+export { createApp, Scope, Toki } from "./app.js";
+export { RouteGroup } from "./group.js";
+export { TokiRequest } from "./request.js";
+export { reply } from "./response.js";
+export { parseCookies, serializeCookie } from "./cookies.js";
+export { createConsoleLogger, silentLogger } from "./logger.js";
+export { compression, corsHeaders, corsPreflight, securityHeaders } from "./middleware.js";
+export { serialize, validate } from "./schema.js";
+export { JwtError, jwtAuth, signJwt, verifyJwt } from "./jwt.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../ts/index.ts"],"names":[],"mappings":"AAAA,sBAAsB;AACtB,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAElD,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExC,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AACtC,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAE7D,OAAO,EAAE,mBAAmB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAE3F,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAElD,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC"}

package/dist/inject.d.ts

@@ -0,0 +1,19 @@
+/** What to inject. A bare string is shorthand for `{ url }` (a GET). */
+export interface InjectOptions {
+    method?: string;
+    url?: string;
+    headers?: Record<string, string>;
+    payload?: string | Uint8Array | Record<string, unknown> | unknown[];
+}
+/** Captured response, shaped after Fastify's `inject` result. */
+export interface InjectResponse {
+    statusCode: number;
+    statusMessage: string;
+    headers: Record<string, string | string[] | undefined>;
+    body: string;
+    payload: string;
+    rawPayload: Buffer;
+    json<T = unknown>(): T;
+}
+/** Sends one request to `127.0.0.1:port` and resolves the captured response. */
+export declare function inject(port: number, options: InjectOptions | string): Promise<InjectResponse>;

package/dist/inject.js

@@ -0,0 +1,56 @@
+// real HTTP/1.1 over loopback rather than a fake request, so tests hit the actual
+// native path (parse, route, dispatch, stream, rate-limit) end to end.
+import { request as httpRequest } from "node:http";
+function normalize(options) {
+    const opts = typeof options === "string" ? { url: options } : options;
+    const headers = { ...(opts.headers ?? {}) };
+    let payload;
+    if (opts.payload !== undefined) {
+        if (typeof opts.payload === "string" || opts.payload instanceof Uint8Array) {
+            payload = opts.payload;
+        }
+        else {
+            payload = JSON.stringify(opts.payload);
+            if (!hasHeader(headers, "content-type")) {
+                headers["content-type"] = "application/json";
+            }
+        }
+        // engine reads Content-Length, not chunked request bodies — force fixed framing
+        if (!hasHeader(headers, "content-length")) {
+            headers["content-length"] = String(Buffer.byteLength(payload));
+        }
+    }
+    return { method: opts.method ?? "GET", url: opts.url ?? "/", headers, payload };
+}
+function hasHeader(headers, name) {
+    return Object.keys(headers).some((k) => k.toLowerCase() === name);
+}
+/** Sends one request to `127.0.0.1:port` and resolves the captured response. */
+export function inject(port, options) {
+    const { method, url, headers, payload } = normalize(options);
+    return new Promise((resolve, reject) => {
+        const req = httpRequest({ host: "127.0.0.1", port, method, path: url, headers }, (res) => {
+            const chunks = [];
+            res.on("data", (chunk) => chunks.push(chunk));
+            res.on("end", () => {
+                const rawPayload = Buffer.concat(chunks);
+                const body = rawPayload.toString("utf8");
+                resolve({
+                    statusCode: res.statusCode ?? 0,
+                    statusMessage: res.statusMessage ?? "",
+                    headers: res.headers,
+                    body,
+                    payload: body,
+                    rawPayload,
+                    json: () => JSON.parse(body),
+                });
+            });
+        });
+        req.on("error", reject);
+        if (payload !== undefined) {
+            req.write(payload);
+        }
+        req.end();
+    });
+}
+//# sourceMappingURL=inject.js.map

package/dist/inject.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"inject.js","sourceRoot":"","sources":["../ts/inject.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAClF,uEAAuE;AACvE,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,WAAW,CAAC;AA6BnD,SAAS,SAAS,CAAC,OAA+B;IAChD,MAAM,IAAI,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;IACtE,MAAM,OAAO,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,CAAC;IAC5C,IAAI,OAAwC,CAAC;IAC7C,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAC/B,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,YAAY,UAAU,EAAE,CAAC;YAC3E,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QACzB,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACvC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,cAAc,CAAC,EAAE,CAAC;gBACxC,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;YAC/C,CAAC;QACH,CAAC;QACD,gFAAgF;QAChF,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,gBAAgB,CAAC,EAAE,CAAC;YAC1C,OAAO,CAAC,gBAAgB,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,IAAI,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAClF,CAAC;AAED,SAAS,SAAS,CAAC,OAA+B,EAAE,IAAY;IAC9D,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,CAAC;AACpE,CAAC;AAED,gFAAgF;AAChF,MAAM,UAAU,MAAM,CAAC,IAAY,EAAE,OAA+B;IAClE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAC7D,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,CAAC,GAAG,EAAE,EAAE;YACvF,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACtD,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBACzC,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACzC,OAAO,CAAC;oBACN,UAAU,EAAE,GAAG,CAAC,UAAU,IAAI,CAAC;oBAC/B,aAAa,EAAE,GAAG,CAAC,aAAa,IAAI,EAAE;oBACtC,OAAO,EAAE,GAAG,CAAC,OAAO;oBACpB,IAAI;oBACJ,OAAO,EAAE,IAAI;oBACb,UAAU;oBACV,IAAI,EAAE,GAAgB,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAM;iBAC/C,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACxB,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrB,CAAC;QACD,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/jwt.d.ts

@@ -0,0 +1,57 @@
+import type { Middleware } from "./types.js";
+declare const ALGORITHMS: {
+    readonly HS256: "sha256";
+    readonly HS384: "sha384";
+    readonly HS512: "sha512";
+};
+export type JwtAlgorithm = keyof typeof ALGORITHMS;
+/** Decoded payload; registered claims typed, rest open. */
+export interface JwtPayload {
+    iss?: string;
+    sub?: string;
+    aud?: string | string[];
+    exp?: number;
+    nbf?: number;
+    iat?: number;
+    [claim: string]: unknown;
+}
+export declare class JwtError extends Error {
+    constructor(message: string);
+}
+export interface SignOptions {
+    algorithm?: JwtAlgorithm;
+    /** Seconds until the token expires (sets `exp`). */
+    expiresIn?: number;
+    /** Seconds until the token becomes valid (sets `nbf`). */
+    notBefore?: number;
+    issuer?: string;
+    audience?: string | string[];
+    subject?: string;
+}
+export interface VerifyOptions {
+    /** Accepted algs. Defaults to whatever the token claims, restricted to HS*. */
+    algorithms?: JwtAlgorithm[];
+    /** Require this `iss`. */
+    issuer?: string;
+    /** Must equal `aud`, or be in it when `aud` is an array. */
+    audience?: string;
+    /** Clock-skew tolerance in seconds for `exp`/`nbf`. Default 0. */
+    clockTolerance?: number;
+}
+/** Sign `payload` into a compact JWS string. */
+export declare function signJwt(payload: JwtPayload, secret: string, options?: SignOptions): string;
+/** Verify `token`, returning its payload or throwing {@link JwtError}. */
+export declare function verifyJwt(token: string, secret: string, options?: VerifyOptions): JwtPayload;
+export interface JwtAuthOptions extends VerifyOptions {
+    secret: string;
+    /** Custom token extraction (e.g. cookie); null when absent. Defaults to Bearer header. */
+    getToken?: (req: {
+        headers: Headers;
+        cookies: Readonly<Record<string, string | undefined>>;
+    }) => string | null;
+    /** Request property to attach the payload to. Default `"user"`. */
+    decorateAs?: string;
+}
+/** Middleware: verify JWT, attach payload (default `req.user`), or 401. */
+export declare function jwtAuth(options: JwtAuthOptions): Middleware;
+export {};

package/dist/jwt.js

@@ -0,0 +1,128 @@
+// HMAC-SHA JWT (HS256/384/512). signing stays in node:crypto's native C; no win re-doing SHA in Zig
+import { createHmac, timingSafeEqual } from "node:crypto";
+import { reply } from "./response.js";
+const ALGORITHMS = { HS256: "sha256", HS384: "sha384", HS512: "sha512" };
+export class JwtError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "JwtError";
+    }
+}
+function b64urlEncode(input) {
+    return Buffer.from(input, "utf8").toString("base64url");
+}
+function b64urlDecode(input) {
+    return Buffer.from(input, "base64url").toString("utf8");
+}
+function sign(alg, secret, data) {
+    return createHmac(ALGORITHMS[alg], secret).update(data).digest("base64url");
+}
+function nowSeconds() {
+    return Math.floor(Date.now() / 1000);
+}
+/** Sign `payload` into a compact JWS string. */
+export function signJwt(payload, secret, options = {}) {
+    const alg = options.algorithm ?? "HS256";
+    const claims = { iat: nowSeconds(), ...payload };
+    if (options.expiresIn !== undefined)
+        claims.exp = nowSeconds() + options.expiresIn;
+    if (options.notBefore !== undefined)
+        claims.nbf = nowSeconds() + options.notBefore;
+    if (options.issuer !== undefined)
+        claims.iss = options.issuer;
+    if (options.audience !== undefined)
+        claims.aud = options.audience;
+    if (options.subject !== undefined)
+        claims.sub = options.subject;
+    const header = b64urlEncode(JSON.stringify({ alg, typ: "JWT" }));
+    const body = b64urlEncode(JSON.stringify(claims));
+    const data = `${header}.${body}`;
+    return `${data}.${sign(alg, secret, data)}`;
+}
+// constant-time compare; timingSafeEqual throws on length mismatch, so length-check first
+function safeEqual(a, b) {
+    const ba = Buffer.from(a);
+    const bb = Buffer.from(b);
+    if (ba.length !== bb.length) {
+        return false;
+    }
+    return timingSafeEqual(ba, bb);
+}
+/** Verify `token`, returning its payload or throwing {@link JwtError}. */
+export function verifyJwt(token, secret, options = {}) {
+    const parts = token.split(".");
+    if (parts.length !== 3) {
+        throw new JwtError("malformed token");
+    }
+    const [header, body, signature] = parts;
+    let alg;
+    try {
+        alg = JSON.parse(b64urlDecode(header)).alg;
+    }
+    catch {
+        throw new JwtError("malformed header");
+    }
+    if (!(alg in ALGORITHMS)) {
+        throw new JwtError(`unsupported algorithm: ${alg}`);
+    }
+    if (options.algorithms && !options.algorithms.includes(alg)) {
+        throw new JwtError(`algorithm not allowed: ${alg}`);
+    }
+    if (!safeEqual(signature, sign(alg, secret, `${header}.${body}`))) {
+        throw new JwtError("invalid signature");
+    }
+    let payload;
+    try {
+        payload = JSON.parse(b64urlDecode(body));
+    }
+    catch {
+        throw new JwtError("malformed payload");
+    }
+    const skew = options.clockTolerance ?? 0;
+    const now = nowSeconds();
+    if (typeof payload.exp === "number" && now >= payload.exp + skew) {
+        throw new JwtError("token expired");
+    }
+    if (typeof payload.nbf === "number" && now < payload.nbf - skew) {
+        throw new JwtError("token not yet active");
+    }
+    if (options.issuer !== undefined && payload.iss !== options.issuer) {
+        throw new JwtError("issuer mismatch");
+    }
+    if (options.audience !== undefined) {
+        const aud = payload.aud;
+        const ok = Array.isArray(aud) ? aud.includes(options.audience) : aud === options.audience;
+        if (!ok) {
+            throw new JwtError("audience mismatch");
+        }
+    }
+    return payload;
+}
+function bearerToken(req) {
+    const auth = req.headers.get("authorization");
+    if (!auth) {
+        return null;
+    }
+    const match = /^Bearer\s+(.+)$/i.exec(auth);
+    return match ? match[1] : null;
+}
+/** Middleware: verify JWT, attach payload (default `req.user`), or 401. */
+export function jwtAuth(options) {
+    const getToken = options.getToken ?? bearerToken;
+    const property = options.decorateAs ?? "user";
+    return (req) => {
+        const token = getToken(req);
+        if (!token) {
+            return reply.json({ statusCode: 401, error: "Unauthorized", message: "missing token" }, 401);
+        }
+        try {
+            req[property] = verifyJwt(token, options.secret, options);
+            return undefined;
+        }
+        catch (error) {
+            const message = error instanceof JwtError ? error.message : "invalid token";
+            return reply.json({ statusCode: 401, error: "Unauthorized", message }, 401);
+        }
+    };
+}
+//# sourceMappingURL=jwt.js.map

package/dist/jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../ts/jwt.ts"],"names":[],"mappings":"AAAA,oGAAoG;AACpG,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC1D,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAGtC,MAAM,UAAU,GAAG,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAW,CAAC;AAclF,MAAM,OAAO,QAAS,SAAQ,KAAK;IACjC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;IACzB,CAAC;CACF;AAwBD,SAAS,YAAY,CAAC,KAAa;IACjC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,IAAI,CAAC,GAAiB,EAAE,MAAc,EAAE,IAAY;IAC3D,OAAO,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;AACvC,CAAC;AAED,gDAAgD;AAChD,MAAM,UAAU,OAAO,CAAC,OAAmB,EAAE,MAAc,EAAE,UAAuB,EAAE;IACpF,MAAM,GAAG,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC;IACzC,MAAM,MAAM,GAAe,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,GAAG,OAAO,EAAE,CAAC;IAC7D,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS;QAAE,MAAM,CAAC,GAAG,GAAG,UAAU,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC;IACnF,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS;QAAE,MAAM,CAAC,GAAG,GAAG,UAAU,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC;IACnF,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS;QAAE,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9D,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS;QAAE,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClE,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS;QAAE,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC;IAEhE,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACjE,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,GAAG,MAAM,IAAI,IAAI,EAAE,CAAC;IACjC,OAAO,GAAG,IAAI,IAAI,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;AAC9C,CAAC;AAED,0FAA0F;AAC1F,SAAS,SAAS,CAAC,CAAS,EAAE,CAAS;IACrC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1B,IAAI,EAAE,CAAC,MAAM,KAAK,EAAE,CAAC,MAAM,EAAE,CAAC;QAC5B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,eAAe,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;AACjC,CAAC;AAED,0EAA0E;AAC1E,MAAM,UAAU,SAAS,CAAC,KAAa,EAAE,MAAc,EAAE,UAAyB,EAAE;IAClF,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IACxC,CAAC;IACD,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,CAAC,GAAG,KAAiC,CAAC;IAEpE,IAAI,GAAiB,CAAC;IACtB,IAAI,CAAC;QACH,GAAG,GAAI,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,CAA2B,CAAC,GAAG,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,CAAC,CAAC,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,QAAQ,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAC;IACtD,CAAC;IACD,IAAI,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5D,MAAM,IAAI,QAAQ,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAC;IACtD,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,QAAQ,CAAC,mBAAmB,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,OAAmB,CAAC;IACxB,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAe,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,QAAQ,CAAC,mBAAmB,CAAC,CAAC;IAC1C,CAAC;IAED,MAAM,IAAI,GAAG,OAAO,CAAC,cAAc,IAAI,CAAC,CAAC;IACzC,MAAM,GAAG,GAAG,UAAU,EAAE,CAAC;IACzB,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,GAAG,IAAI,OAAO,CAAC,GAAG,GAAG,IAAI,EAAE,CAAC;QACjE,MAAM,IAAI,QAAQ,CAAC,eAAe,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,GAAG,GAAG,OAAO,CAAC,GAAG,GAAG,IAAI,EAAE,CAAC;QAChE,MAAM,IAAI,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC;QACnE,MAAM,IAAI,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IACxC,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACxB,MAAM,EAAE,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,OAAO,CAAC,QAAQ,CAAC;QAC1F,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,MAAM,IAAI,QAAQ,CAAC,mBAAmB,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAaD,SAAS,WAAW,CAAC,GAAyB;IAC5C,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAC9C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5C,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AAClC,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,OAAO,CAAC,OAAuB;IAC7C,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,WAAW,CAAC;IACjD,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,IAAI,MAAM,CAAC;IAC9C,OAAO,CAAC,GAAG,EAAE,EAAE;QACb,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,KAAK,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,eAAe,EAAE,EAAE,GAAG,CAAC,CAAC;QAC/F,CAAC;QACD,IAAI,CAAC;YACF,GAA0C,CAAC,QAAQ,CAAC,GAAG,SAAS,CAC/D,KAAK,EACL,OAAO,CAAC,MAAM,EACd,OAAO,CACR,CAAC;YACF,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC5E,OAAO,KAAK,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/logger.d.ts

@@ -0,0 +1,7 @@
+import type { Logger, LogLevel, TokiOptions } from "./types.js";
+/** no-op logger; default so logging costs nothing unless opted in */
+export declare const silentLogger: Logger;
+/** JSON-per-line logger; drops below `level`, carries `bindings` */
+export declare function createConsoleLogger(level?: LogLevel, bindings?: Record<string, unknown>): Logger;
+/** resolve the `logger` option to a concrete {@link Logger} */
+export declare function resolveLogger(option: TokiOptions["logger"]): Logger;

package/dist/logger.js

@@ -0,0 +1,45 @@
+const LEVELS = { debug: 10, info: 20, warn: 30, error: 40 };
+/** no-op logger; default so logging costs nothing unless opted in */
+export const silentLogger = {
+    debug() { },
+    info() { },
+    warn() { },
+    error() { },
+    child() {
+        return silentLogger;
+    },
+};
+/** JSON-per-line logger; drops below `level`, carries `bindings` */
+export function createConsoleLogger(level = "info", bindings = {}) {
+    const threshold = LEVELS[level];
+    function log(at, message, fields) {
+        if (LEVELS[at] < threshold) {
+            return;
+        }
+        const line = JSON.stringify({ level: at, msg: message, ...bindings, ...fields });
+        if (at === "error" || at === "warn") {
+            process.stderr.write(line + "\n");
+        }
+        else {
+            process.stdout.write(line + "\n");
+        }
+    }
+    return {
+        debug: (m, f) => log("debug", m, f),
+        info: (m, f) => log("info", m, f),
+        warn: (m, f) => log("warn", m, f),
+        error: (m, f) => log("error", m, f),
+        child: (extra) => createConsoleLogger(level, { ...bindings, ...extra }),
+    };
+}
+/** resolve the `logger` option to a concrete {@link Logger} */
+export function resolveLogger(option) {
+    if (option === undefined || option === false) {
+        return silentLogger;
+    }
+    if (typeof option === "string") {
+        return createConsoleLogger(option);
+    }
+    return option;
+}
+//# sourceMappingURL=logger.js.map

package/dist/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../ts/logger.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,GAA6B,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;AAEtF,qEAAqE;AACrE,MAAM,CAAC,MAAM,YAAY,GAAW;IAClC,KAAK,KAAI,CAAC;IACV,IAAI,KAAI,CAAC;IACT,IAAI,KAAI,CAAC;IACT,KAAK,KAAI,CAAC;IACV,KAAK;QACH,OAAO,YAAY,CAAC;IACtB,CAAC;CACF,CAAC;AAEF,oEAAoE;AACpE,MAAM,UAAU,mBAAmB,CACjC,QAAkB,MAAM,EACxB,WAAoC,EAAE;IAEtC,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAEhC,SAAS,GAAG,CAAC,EAAY,EAAE,OAAe,EAAE,MAAgC;QAC1E,IAAI,MAAM,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC;YAC3B,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,QAAQ,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;QACjF,IAAI,EAAE,KAAK,OAAO,IAAI,EAAE,KAAK,MAAM,EAAE,CAAC;YACpC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;QACpC,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;QACnC,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;QACjC,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;QACjC,KAAK,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;QACnC,KAAK,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,mBAAmB,CAAC,KAAK,EAAE,EAAE,GAAG,QAAQ,EAAE,GAAG,KAAK,EAAE,CAAC;KACxE,CAAC;AACJ,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,aAAa,CAAC,MAA6B;IACzD,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;QAC7C,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/middleware.d.ts

@@ -0,0 +1,38 @@
+import type { Handler, Middleware, ResponseHook } from "./types.js";
+export interface CorsOptions {
+    /** `"*"`, a fixed origin, a list, or a predicate. Default `"*"`. */
+    origin?: string | string[] | ((origin: string) => boolean);
+    methods?: string[];
+    /** preflight allow-headers; defaults to reflecting the request's */
+    allowedHeaders?: string[];
+    exposedHeaders?: string[];
+    credentials?: boolean;
+    maxAge?: number;
+}
+/** CORS headers for actual (non-preflight) requests. */
+export declare function corsHeaders(options?: CorsOptions): Middleware;
+/** Answers a CORS preflight `OPTIONS` with `204`. */
+export declare function corsPreflight(options?: CorsOptions): Handler;
+export interface SecurityOptions {
+    /** `X-Frame-Options`. Default `"DENY"`. */
+    frameOptions?: string;
+    /** `Referrer-Policy`. Default `"no-referrer"`. */
+    referrerPolicy?: string;
+    /** HSTS max-age in seconds, or `true` for ~180 days. Off by default. */
+    hsts?: number | true;
+    /** `Content-Security-Policy`. Off by default. */
+    csp?: string;
+}
+/** Defaults favor speed over ratio. */
+export interface CompressionOptions {
+    /** min body bytes to compress. Default 1024. */
+    threshold?: number;
+    /** gzip level 0–9. Default 6. */
+    gzipLevel?: number;
+    /** brotli quality 0–11. Default 5. */
+    brotliQuality?: number;
+}
+/** onResponse hook: brotli/gzip per `Accept-Encoding`, off the event loop (libuv pool). */
+export declare function compression(options?: CompressionOptions): ResponseHook;
+/** Baseline hardening headers on every response. */
+export declare function securityHeaders(options?: SecurityOptions): Middleware;