@vafast/cors 0.0.4 → 0.0.6

package/README.md

@@ -5,7 +5,7 @@ CORS middleware plugin for [Vafast](https://github.com/vafastjs/vafast) framewor
 ## Installation
 
 ```bash
-bun add @vafast/cors
+npm install @vafast/cors
 # or
 npm install @vafast/cors
 ```

package/dist/index.d.mts

@@ -0,0 +1,116 @@
+import * as vafast0 from "vafast";
+
+//#region src/index.d.ts
+type Origin = string | RegExp | ((request: Request) => boolean | void);
+type HTTPMethod = 'ACL' | 'BIND' | 'CHECKOUT' | 'CONNECT' | 'COPY' | 'DELETE' | 'GET' | 'HEAD' | 'LINK' | 'LOCK' | 'M-SEARCH' | 'MERGE' | 'MKACTIVITY' | 'MKCALENDAR' | 'MKCOL' | 'MOVE' | 'NOTIFY' | 'OPTIONS' | 'PATCH' | 'POST' | 'PROPFIND' | 'PROPPATCH' | 'PURGE' | 'PUT' | 'REBIND' | 'REPORT' | 'SEARCH' | 'SOURCE' | 'SUBSCRIBE' | 'TRACE' | 'UNBIND' | 'UNLINK' | 'UNLOCK' | 'UNSUBSCRIBE';
+type MaybeArray<T> = T | T[];
+interface CORSConfig {
+  /**
+   * @default `true`
+   *
+   * Assign the **Access-Control-Allow-Origin** header.
+   *
+   * Value can be one of the following:
+   * - `string` - String of origin which will be directly assign to `Access-Control-Allow-Origin`
+   *
+   * - `boolean` - If set to true, `Access-Control-Allow-Origin` will be set to `*` (accept all origin)
+   *
+   * - `RegExp` - Pattern to use to test with request's url, will accept origin if matched.
+   *
+   * - `Function` - Custom logic to validate origin acceptance or not. will accept origin if `true` is returned.
+   *   - Function will accepts `Request` as parameter
+   *
+   *   ```typescript
+   *   // ? Example usage
+   *   const corsMiddleware = cors({
+   *      origin: (request) => true
+   *   })
+   *
+   *   // Type Definition
+   *   type CORSOriginFn = (request: Request) => boolean | void
+   *   ```
+   *
+   * - `Array<string | RegExp | Function>` - Will try to find truthy value of all options above. Will accept request if one is `true`.
+   */
+  origin?: Origin | boolean | Origin[];
+  /**
+   * @default `*`
+   *
+   * Assign **Access-Control-Allow-Methods** header.
+   *
+   * Value can be one of the following:
+   * Accept:
+   * - `undefined | null | ''` - Ignore all methods.
+   *
+   * - `*` - Accept all methods.
+   *
+   * - `HTTPMethod` - Will be directly set to **Access-Control-Allow-Methods**.
+   * - Expects either a single method or a comma-delimited string (eg: 'GET, PUT, POST')
+   *
+   * - `HTTPMethod[]` - Allow multiple HTTP methods.
+   * - eg: ['GET', 'PUT', 'POST']
+   */
+  methods?: boolean | undefined | null | '' | '*' | MaybeArray<HTTPMethod | (string & {})>;
+  /**
+   * @default `*`
+   *
+   * Assign **Access-Control-Allow-Headers** header.
+   *
+   * Allow incoming request with the specified headers.
+   *
+   * Value can be one of the following:
+   * - `string`
+   *     - Expects either a single method or a comma-delimited string (eg: 'Content-Type, Authorization').
+   *
+   * - `string[]` - Allow multiple HTTP methods.
+   *     - eg: ['Content-Type', 'Authorization']
+   */
+  allowedHeaders?: true | string | string[];
+  /**
+   * @default `*`
+   *
+   * Assign **Access-Control-Expose-Headers** header.
+   *
+   * Return the specified headers to request in CORS mode.
+   *
+   * Value can be one of the following:
+   * - `string`
+   *     - Expects either a single method or a comma-delimited string (eg: 'Content-Type, 'X-Powered-By').
+   *
+   * - `string[]` - Allow multiple HTTP methods.
+   *     - eg: ['Content-Type', 'X-Powered-By']
+   */
+  exposeHeaders?: true | string | string[];
+  /**
+   * @default `true`
+   *
+   * Assign **Access-Control-Allow-Credentials** header.
+   *
+   * Allow incoming requests to send `credentials` header.
+   *
+   * - `boolean` - Available if set to `true`.
+   */
+  credentials?: boolean;
+  /**
+   * @default `5`
+   *
+   * Assign **Access-Control-Max-Age** header.
+   *
+   * Allow incoming requests to send `credentials` header.
+   *
+   * - `number` - Duration in seconds to indicates how long the results of a preflight request can be cached.
+   */
+  maxAge?: number;
+  /**
+   * @default `true`
+   *
+   * Add `[OPTIONS] /*` handler to handle preflight request which response with `HTTP 204` and CORS hints.
+   *
+   * - `boolean` - Available if set to `true`.
+   */
+  preflight?: boolean;
+}
+declare const cors: (config?: CORSConfig) => vafast0.TypedMiddleware<object>;
+//#endregion
+export { HTTPMethod, cors, cors as default };
+//# sourceMappingURL=index.d.mts.map

package/dist/index.mjs

@@ -0,0 +1,108 @@
+import { defineMiddleware, empty } from "vafast";
+
+//#region src/index.ts
+new Headers()?.toJSON;
+/**
+* This function is use when headers config is true.
+* Attempts to process headers based on request headers.
+*/
+const processHeaders = (headers) => {
+	if ("toJSON" in headers && typeof headers.toJSON === "function") return Object.keys(headers.toJSON()).join(", ");
+	let keys = "";
+	let i = 0;
+	headers.forEach((_, key) => {
+		if (i) keys = keys + ", " + key;
+		else keys = key;
+		i++;
+	});
+	return keys;
+};
+const cors = (config) => {
+	let { origin = true, methods = true, allowedHeaders = true, exposeHeaders = true, credentials = true, maxAge = 5, preflight = true } = config ?? {};
+	if (Array.isArray(allowedHeaders)) allowedHeaders = allowedHeaders.join(", ");
+	if (Array.isArray(exposeHeaders)) exposeHeaders = exposeHeaders.join(", ");
+	const origins = typeof origin === "boolean" ? void 0 : Array.isArray(origin) ? origin : [origin];
+	const anyOrigin = origins?.some((o) => o === "*");
+	const originMap = {};
+	if (origins) {
+		for (const origin$1 of origins) if (typeof origin$1 === "string") originMap[origin$1] = true;
+	}
+	const processOrigin = (origin$1, request, from) => {
+		if (Array.isArray(origin$1)) return origin$1.some((o) => processOrigin(o, request, from));
+		switch (typeof origin$1) {
+			case "string":
+				if (from in originMap) return true;
+				const fromProtocol = from.indexOf("://");
+				if (fromProtocol !== -1) from = from.slice(fromProtocol + 3);
+				return origin$1 === from;
+			case "function": return origin$1(request) === true;
+			case "object": if (origin$1 instanceof RegExp) return origin$1.test(from);
+		}
+		return false;
+	};
+	const handleOrigin = (response, request) => {
+		if (origin === true) {
+			response.headers.set("vary", "*");
+			response.headers.set("access-control-allow-origin", request.headers.get("Origin") || "*");
+			return;
+		}
+		if (anyOrigin) {
+			response.headers.set("vary", "*");
+			response.headers.set("access-control-allow-origin", "*");
+			return;
+		}
+		if (!origins?.length) return;
+		const headers = [];
+		if (origins.length) {
+			const from = request.headers.get("Origin") ?? "";
+			for (let i = 0; i < origins.length; i++) if (processOrigin(origins[i], request, from) === true) {
+				response.headers.set("vary", origin ? "Origin" : "*");
+				response.headers.set("access-control-allow-origin", from || "*");
+				return;
+			}
+		}
+		response.headers.set("vary", "Origin");
+		if (headers.length) response.headers.set("access-control-allow-origin", headers.join(", "));
+	};
+	const handleMethod = (response, method) => {
+		if (!method) return;
+		if (methods === true) return response.headers.set("access-control-allow-methods", method ?? "*");
+		if (methods === false || !methods?.length) return;
+		if (methods === "*") return response.headers.set("access-control-allow-methods", "*");
+		if (!Array.isArray(methods)) return response.headers.set("access-control-allow-methods", methods);
+		response.headers.set("access-control-allow-methods", methods.join(", "));
+	};
+	const setDefaultHeaders = (response) => {
+		if (typeof exposeHeaders === "string") response.headers.set("access-control-expose-headers", exposeHeaders);
+		if (typeof allowedHeaders === "string") response.headers.set("access-control-allow-headers", allowedHeaders);
+		if (credentials === true) response.headers.set("access-control-allow-credentials", "true");
+	};
+	return defineMiddleware(async (request, next) => {
+		if (preflight && request.method === "OPTIONS") {
+			const response$1 = empty(204);
+			handleOrigin(response$1, request);
+			handleMethod(response$1, request.headers.get("access-control-request-method"));
+			if (allowedHeaders === true || exposeHeaders === true) {
+				if (allowedHeaders === true) response$1.headers.set("access-control-allow-headers", request.headers.get("access-control-request-headers") || "");
+				if (exposeHeaders === true) response$1.headers.set("access-control-expose-headers", processHeaders(request.headers));
+			}
+			if (maxAge) response$1.headers.set("access-control-max-age", maxAge.toString());
+			return response$1;
+		}
+		const response = await next();
+		handleOrigin(response, request);
+		handleMethod(response, request.method);
+		setDefaultHeaders(response);
+		if (allowedHeaders === true || exposeHeaders === true) {
+			const headers = processHeaders(request.headers);
+			if (allowedHeaders === true) response.headers.set("access-control-allow-headers", headers);
+			if (exposeHeaders === true) response.headers.set("access-control-expose-headers", headers);
+		}
+		return response;
+	});
+};
+var src_default = cors;
+
+//#endregion
+export { cors, src_default as default };
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":["origin","response"],"sources":["../src/index.ts"],"sourcesContent":["/* eslint-disable no-case-declarations */\nimport { defineMiddleware } from 'vafast'\nimport { empty } from 'vafast'\n\ntype Origin = string | RegExp | ((request: Request) => boolean | void)\n\nexport type HTTPMethod =\n\t| 'ACL'\n\t| 'BIND'\n\t| 'CHECKOUT'\n\t| 'CONNECT'\n\t| 'COPY'\n\t| 'DELETE'\n\t| 'GET'\n\t| 'HEAD'\n\t| 'LINK'\n\t| 'LOCK'\n\t| 'M-SEARCH'\n\t| 'MERGE'\n\t| 'MKACTIVITY'\n\t| 'MKCALENDAR'\n\t| 'MKCOL'\n\t| 'MOVE'\n\t| 'NOTIFY'\n\t| 'OPTIONS'\n\t| 'PATCH'\n\t| 'POST'\n\t| 'PROPFIND'\n\t| 'PROPPATCH'\n\t| 'PURGE'\n\t| 'PUT'\n\t| 'REBIND'\n\t| 'REPORT'\n\t| 'SEARCH'\n\t| 'SOURCE'\n\t| 'SUBSCRIBE'\n\t| 'TRACE'\n\t| 'UNBIND'\n\t| 'UNLINK'\n\t| 'UNLOCK'\n\t| 'UNSUBSCRIBE'\n\ntype MaybeArray<T> = T | T[]\n\ninterface CORSConfig {\n\t/**\n\t * @default `true`\n\t *\n\t * Assign the **Access-Control-Allow-Origin** header.\n\t *\n\t * Value can be one of the following:\n\t * - `string` - String of origin which will be directly assign to `Access-Control-Allow-Origin`\n\t *\n\t * - `boolean` - If set to true, `Access-Control-Allow-Origin` will be set to `*` (accept all origin)\n\t *\n\t * - `RegExp` - Pattern to use to test with request's url, will accept origin if matched.\n\t *\n\t * - `Function` - Custom logic to validate origin acceptance or not. will accept origin if `true` is returned.\n\t *   - Function will accepts `Request` as parameter\n\t *\n\t *   ```typescript\n\t *   // ? Example usage\n\t *   const corsMiddleware = cors({\n\t *      origin: (request) => true\n\t *   })\n\t *\n\t *   // Type Definition\n\t *   type CORSOriginFn = (request: Request) => boolean | void\n\t *   ```\n\t *\n\t * - `Array<string | RegExp | Function>` - Will try to find truthy value of all options above. Will accept request if one is `true`.\n\t */\n\torigin?: Origin | boolean | Origin[]\n\t/**\n\t * @default `*`\n\t *\n\t * Assign **Access-Control-Allow-Methods** header.\n\t *\n\t * Value can be one of the following:\n\t * Accept:\n\t * - `undefined | null | ''` - Ignore all methods.\n\t *\n\t * - `*` - Accept all methods.\n\t *\n\t * - `HTTPMethod` - Will be directly set to **Access-Control-Allow-Methods**.\n\t * - Expects either a single method or a comma-delimited string (eg: 'GET, PUT, POST')\n\t *\n\t * - `HTTPMethod[]` - Allow multiple HTTP methods.\n\t * - eg: ['GET', 'PUT', 'POST']\n\t */\n\tmethods?:\n\t\t| boolean\n\t\t| undefined\n\t\t| null\n\t\t| ''\n\t\t| '*'\n\t\t| MaybeArray<HTTPMethod | (string & {})>\n\t/**\n\t * @default `*`\n\t *\n\t * Assign **Access-Control-Allow-Headers** header.\n\t *\n\t * Allow incoming request with the specified headers.\n\t *\n\t * Value can be one of the following:\n\t * - `string`\n\t *     - Expects either a single method or a comma-delimited string (eg: 'Content-Type, Authorization').\n\t *\n\t * - `string[]` - Allow multiple HTTP methods.\n\t *     - eg: ['Content-Type', 'Authorization']\n\t */\n\tallowedHeaders?: true | string | string[]\n\t/**\n\t * @default `*`\n\t *\n\t * Assign **Access-Control-Expose-Headers** header.\n\t *\n\t * Return the specified headers to request in CORS mode.\n\t *\n\t * Value can be one of the following:\n\t * - `string`\n\t *     - Expects either a single method or a comma-delimited string (eg: 'Content-Type, 'X-Powered-By').\n\t *\n\t * - `string[]` - Allow multiple HTTP methods.\n\t *     - eg: ['Content-Type', 'X-Powered-By']\n\t */\n\texposeHeaders?: true | string | string[]\n\t/**\n\t * @default `true`\n\t *\n\t * Assign **Access-Control-Allow-Credentials** header.\n\t *\n\t * Allow incoming requests to send `credentials` header.\n\t *\n\t * - `boolean` - Available if set to `true`.\n\t */\n\tcredentials?: boolean\n\t/**\n\t * @default `5`\n\t *\n\t * Assign **Access-Control-Max-Age** header.\n\t *\n\t * Allow incoming requests to send `credentials` header.\n\t *\n\t * - `number` - Duration in seconds to indicates how long the results of a preflight request can be cached.\n\t */\n\tmaxAge?: number\n\t/**\n\t * @default `true`\n\t *\n\t * Add `[OPTIONS] /*` handler to handle preflight request which response with `HTTP 204` and CORS hints.\n\t *\n\t * - `boolean` - Available if set to `true`.\n\t */\n\tpreflight?: boolean\n}\n\n// @ts-ignore\nconst isBun = typeof new Headers()?.toJSON === 'function'\n\n/**\n * This function is use when headers config is true.\n * Attempts to process headers based on request headers.\n */\nconst processHeaders = (headers: any) => {\n\t// Check if toJSON method exists (Bun specific)\n\tif ('toJSON' in headers && typeof headers.toJSON === 'function') {\n\t\treturn Object.keys(headers.toJSON()).join(', ')\n\t}\n\n\tlet keys = ''\n\n\tlet i = 0\n\theaders.forEach((_: any, key: string) => {\n\t\tif (i) keys = keys + ', ' + key\n\t\telse keys = key\n\n\t\ti++\n\t})\n\n\treturn keys\n}\n\nexport const cors = (config?: CORSConfig) => {\n\tlet {\n\t\torigin = true,\n\t\tmethods = true,\n\t\tallowedHeaders = true,\n\t\texposeHeaders = true,\n\t\tcredentials = true,\n\t\tmaxAge = 5,\n\t\tpreflight = true\n\t} = config ?? {}\n\n\tif (Array.isArray(allowedHeaders))\n\t\tallowedHeaders = allowedHeaders.join(', ')\n\n\tif (Array.isArray(exposeHeaders)) exposeHeaders = exposeHeaders.join(', ')\n\n\tconst origins =\n\t\ttypeof origin === 'boolean'\n\t\t\t? undefined\n\t\t\t: Array.isArray(origin)\n\t\t\t? origin\n\t\t\t: [origin]\n\n\tconst anyOrigin = origins?.some((o) => o === '*')\n\n\tconst originMap = <Record<string, true>>{}\n\tif (origins)\n\t\tfor (const origin of origins)\n\t\t\tif (typeof origin === 'string') originMap[origin] = true\n\n\tconst processOrigin = (\n\t\torigin: Origin,\n\t\trequest: Request,\n\t\tfrom: string\n\t): boolean => {\n\t\tif (Array.isArray(origin))\n\t\t\treturn origin.some((o) => processOrigin(o, request, from))\n\n\t\tswitch (typeof origin) {\n\t\t\tcase 'string':\n\t\t\t\tif (from in originMap) return true\n\n\t\t\t\tconst fromProtocol = from.indexOf('://')\n\t\t\t\tif (fromProtocol !== -1) from = from.slice(fromProtocol + 3)\n\n\t\t\t\treturn origin === from\n\n\t\t\tcase 'function':\n\t\t\t\treturn origin(request) === true\n\n\t\t\tcase 'object':\n\t\t\t\tif (origin instanceof RegExp) return origin.test(from)\n\t\t}\n\n\t\treturn false\n\t}\n\n\tconst handleOrigin = (response: Response, request: Request) => {\n\t\t// origin === `true` means any origin\n\t\tif (origin === true) {\n\t\t\tresponse.headers.set('vary', '*')\n\t\t\tresponse.headers.set(\n\t\t\t\t'access-control-allow-origin',\n\t\t\t\trequest.headers.get('Origin') || '*'\n\t\t\t)\n\n\t\t\treturn\n\t\t}\n\n\t\tif (anyOrigin) {\n\t\t\tresponse.headers.set('vary', '*')\n\t\t\tresponse.headers.set('access-control-allow-origin', '*')\n\n\t\t\treturn\n\t\t}\n\n\t\tif (!origins?.length) return\n\n\t\tconst headers: string[] = []\n\n\t\tif (origins.length) {\n\t\t\tconst from = request.headers.get('Origin') ?? ''\n\t\t\tfor (let i = 0; i < origins.length; i++) {\n\t\t\t\tconst value = processOrigin(origins[i]!, request, from)\n\t\t\t\tif (value === true) {\n\t\t\t\t\tresponse.headers.set('vary', origin ? 'Origin' : '*')\n\t\t\t\t\tresponse.headers.set(\n\t\t\t\t\t\t'access-control-allow-origin',\n\t\t\t\t\t\tfrom || '*'\n\t\t\t\t\t)\n\n\t\t\t\t\treturn\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tresponse.headers.set('vary', 'Origin')\n\t\tif (headers.length)\n\t\t\tresponse.headers.set(\n\t\t\t\t'access-control-allow-origin',\n\t\t\t\theaders.join(', ')\n\t\t\t)\n\t}\n\n\tconst handleMethod = (response: Response, method?: string | null) => {\n\t\tif (!method) return\n\n\t\tif (methods === true)\n\t\t\treturn response.headers.set(\n\t\t\t\t'access-control-allow-methods',\n\t\t\t\tmethod ?? '*'\n\t\t\t)\n\n\t\tif (methods === false || !methods?.length) return\n\n\t\tif (methods === '*')\n\t\t\treturn response.headers.set('access-control-allow-methods', '*')\n\n\t\tif (!Array.isArray(methods))\n\t\t\treturn response.headers.set('access-control-allow-methods', methods)\n\n\t\tresponse.headers.set('access-control-allow-methods', methods.join(', '))\n\t}\n\n\tconst setDefaultHeaders = (response: Response) => {\n\t\tif (typeof exposeHeaders === 'string')\n\t\t\tresponse.headers.set('access-control-expose-headers', exposeHeaders)\n\n\t\tif (typeof allowedHeaders === 'string')\n\t\t\tresponse.headers.set('access-control-allow-headers', allowedHeaders)\n\n\t\tif (credentials === true)\n\t\t\tresponse.headers.set('access-control-allow-credentials', 'true')\n\t}\n\n\tconst handlePreflight = async (request: Request): Promise<Response> => {\n\t\tconst response = empty(204)\n\n\t\thandleOrigin(response, request)\n\t\thandleMethod(\n\t\t\tresponse,\n\t\t\trequest.headers.get('access-control-request-method')\n\t\t)\n\n\t\tif (allowedHeaders === true || exposeHeaders === true) {\n\t\t\tif (allowedHeaders === true)\n\t\t\t\tresponse.headers.set(\n\t\t\t\t\t'access-control-allow-headers',\n\t\t\t\t\trequest.headers.get('access-control-request-headers') || ''\n\t\t\t\t)\n\n\t\t\tif (exposeHeaders === true)\n\t\t\t\tresponse.headers.set(\n\t\t\t\t\t'access-control-expose-headers',\n\t\t\t\t\tprocessHeaders(request.headers)\n\t\t\t\t)\n\t\t}\n\n\t\tif (maxAge)\n\t\t\tresponse.headers.set('access-control-max-age', maxAge.toString())\n\n\t\treturn response\n\t}\n\n\treturn defineMiddleware(async (request, next) => {\n\t\t// Handle preflight requests\n\t\tif (preflight && request.method === 'OPTIONS') {\n\t\t\tconst response = empty(204)\n\n\t\t\thandleOrigin(response, request)\n\t\t\thandleMethod(\n\t\t\t\tresponse,\n\t\t\t\trequest.headers.get('access-control-request-method')\n\t\t\t)\n\n\t\t\tif (allowedHeaders === true || exposeHeaders === true) {\n\t\t\t\tif (allowedHeaders === true)\n\t\t\t\t\tresponse.headers.set(\n\t\t\t\t\t\t'access-control-allow-headers',\n\t\t\t\t\t\trequest.headers.get('access-control-request-headers') ||\n\t\t\t\t\t\t\t''\n\t\t\t\t\t)\n\n\t\t\t\tif (exposeHeaders === true)\n\t\t\t\t\tresponse.headers.set(\n\t\t\t\t\t\t'access-control-expose-headers',\n\t\t\t\t\t\tprocessHeaders(request.headers)\n\t\t\t\t\t)\n\t\t\t}\n\n\t\t\tif (maxAge)\n\t\t\t\tresponse.headers.set(\n\t\t\t\t\t'access-control-max-age',\n\t\t\t\t\tmaxAge.toString()\n\t\t\t\t)\n\n\t\t\treturn response\n\t\t}\n\n\t\t// Process CORS for actual requests\n\t\tconst response = await next()\n\n\t\thandleOrigin(response, request)\n\t\thandleMethod(response, request.method)\n\t\tsetDefaultHeaders(response)\n\n\t\tif (allowedHeaders === true || exposeHeaders === true) {\n\t\t\tconst headers = processHeaders(request.headers)\n\n\t\t\tif (allowedHeaders === true)\n\t\t\t\tresponse.headers.set('access-control-allow-headers', headers)\n\n\t\t\tif (exposeHeaders === true)\n\t\t\t\tresponse.headers.set('access-control-expose-headers', headers)\n\t\t}\n\n\t\treturn response\n\t})\n}\n\nexport default cors\n"],"mappings":";;;AA8JqB,IAAI,SAAS,EAAE;;;;;AAMpC,MAAM,kBAAkB,YAAiB;AAExC,KAAI,YAAY,WAAW,OAAO,QAAQ,WAAW,WACpD,QAAO,OAAO,KAAK,QAAQ,QAAQ,CAAC,CAAC,KAAK,KAAK;CAGhD,IAAI,OAAO;CAEX,IAAI,IAAI;AACR,SAAQ,SAAS,GAAQ,QAAgB;AACxC,MAAI,EAAG,QAAO,OAAO,OAAO;MACvB,QAAO;AAEZ;GACC;AAEF,QAAO;;AAGR,MAAa,QAAQ,WAAwB;CAC5C,IAAI,EACH,SAAS,MACT,UAAU,MACV,iBAAiB,MACjB,gBAAgB,MAChB,cAAc,MACd,SAAS,GACT,YAAY,SACT,UAAU,EAAE;AAEhB,KAAI,MAAM,QAAQ,eAAe,CAChC,kBAAiB,eAAe,KAAK,KAAK;AAE3C,KAAI,MAAM,QAAQ,cAAc,CAAE,iBAAgB,cAAc,KAAK,KAAK;CAE1E,MAAM,UACL,OAAO,WAAW,YACf,SACA,MAAM,QAAQ,OAAO,GACrB,SACA,CAAC,OAAO;CAEZ,MAAM,YAAY,SAAS,MAAM,MAAM,MAAM,IAAI;CAEjD,MAAM,YAAkC,EAAE;AAC1C,KAAI,SACH;OAAK,MAAMA,YAAU,QACpB,KAAI,OAAOA,aAAW,SAAU,WAAUA,YAAU;;CAEtD,MAAM,iBACL,UACA,SACA,SACa;AACb,MAAI,MAAM,QAAQA,SAAO,CACxB,QAAOA,SAAO,MAAM,MAAM,cAAc,GAAG,SAAS,KAAK,CAAC;AAE3D,UAAQ,OAAOA,UAAf;GACC,KAAK;AACJ,QAAI,QAAQ,UAAW,QAAO;IAE9B,MAAM,eAAe,KAAK,QAAQ,MAAM;AACxC,QAAI,iBAAiB,GAAI,QAAO,KAAK,MAAM,eAAe,EAAE;AAE5D,WAAOA,aAAW;GAEnB,KAAK,WACJ,QAAOA,SAAO,QAAQ,KAAK;GAE5B,KAAK,SACJ,KAAIA,oBAAkB,OAAQ,QAAOA,SAAO,KAAK,KAAK;;AAGxD,SAAO;;CAGR,MAAM,gBAAgB,UAAoB,YAAqB;AAE9D,MAAI,WAAW,MAAM;AACpB,YAAS,QAAQ,IAAI,QAAQ,IAAI;AACjC,YAAS,QAAQ,IAChB,+BACA,QAAQ,QAAQ,IAAI,SAAS,IAAI,IACjC;AAED;;AAGD,MAAI,WAAW;AACd,YAAS,QAAQ,IAAI,QAAQ,IAAI;AACjC,YAAS,QAAQ,IAAI,+BAA+B,IAAI;AAExD;;AAGD,MAAI,CAAC,SAAS,OAAQ;EAEtB,MAAM,UAAoB,EAAE;AAE5B,MAAI,QAAQ,QAAQ;GACnB,MAAM,OAAO,QAAQ,QAAQ,IAAI,SAAS,IAAI;AAC9C,QAAK,IAAI,IAAI,GAAG,IAAI,QAAQ,QAAQ,IAEnC,KADc,cAAc,QAAQ,IAAK,SAAS,KAAK,KACzC,MAAM;AACnB,aAAS,QAAQ,IAAI,QAAQ,SAAS,WAAW,IAAI;AACrD,aAAS,QAAQ,IAChB,+BACA,QAAQ,IACR;AAED;;;AAKH,WAAS,QAAQ,IAAI,QAAQ,SAAS;AACtC,MAAI,QAAQ,OACX,UAAS,QAAQ,IAChB,+BACA,QAAQ,KAAK,KAAK,CAClB;;CAGH,MAAM,gBAAgB,UAAoB,WAA2B;AACpE,MAAI,CAAC,OAAQ;AAEb,MAAI,YAAY,KACf,QAAO,SAAS,QAAQ,IACvB,gCACA,UAAU,IACV;AAEF,MAAI,YAAY,SAAS,CAAC,SAAS,OAAQ;AAE3C,MAAI,YAAY,IACf,QAAO,SAAS,QAAQ,IAAI,gCAAgC,IAAI;AAEjE,MAAI,CAAC,MAAM,QAAQ,QAAQ,CAC1B,QAAO,SAAS,QAAQ,IAAI,gCAAgC,QAAQ;AAErE,WAAS,QAAQ,IAAI,gCAAgC,QAAQ,KAAK,KAAK,CAAC;;CAGzE,MAAM,qBAAqB,aAAuB;AACjD,MAAI,OAAO,kBAAkB,SAC5B,UAAS,QAAQ,IAAI,iCAAiC,cAAc;AAErE,MAAI,OAAO,mBAAmB,SAC7B,UAAS,QAAQ,IAAI,gCAAgC,eAAe;AAErE,MAAI,gBAAgB,KACnB,UAAS,QAAQ,IAAI,oCAAoC,OAAO;;AAgClE,QAAO,iBAAiB,OAAO,SAAS,SAAS;AAEhD,MAAI,aAAa,QAAQ,WAAW,WAAW;GAC9C,MAAMC,aAAW,MAAM,IAAI;AAE3B,gBAAaA,YAAU,QAAQ;AAC/B,gBACCA,YACA,QAAQ,QAAQ,IAAI,gCAAgC,CACpD;AAED,OAAI,mBAAmB,QAAQ,kBAAkB,MAAM;AACtD,QAAI,mBAAmB,KACtB,YAAS,QAAQ,IAChB,gCACA,QAAQ,QAAQ,IAAI,iCAAiC,IACpD,GACD;AAEF,QAAI,kBAAkB,KACrB,YAAS,QAAQ,IAChB,iCACA,eAAe,QAAQ,QAAQ,CAC/B;;AAGH,OAAI,OACH,YAAS,QAAQ,IAChB,0BACA,OAAO,UAAU,CACjB;AAEF,UAAOA;;EAIR,MAAM,WAAW,MAAM,MAAM;AAE7B,eAAa,UAAU,QAAQ;AAC/B,eAAa,UAAU,QAAQ,OAAO;AACtC,oBAAkB,SAAS;AAE3B,MAAI,mBAAmB,QAAQ,kBAAkB,MAAM;GACtD,MAAM,UAAU,eAAe,QAAQ,QAAQ;AAE/C,OAAI,mBAAmB,KACtB,UAAS,QAAQ,IAAI,gCAAgC,QAAQ;AAE9D,OAAI,kBAAkB,KACrB,UAAS,QAAQ,IAAI,iCAAiC,QAAQ;;AAGhE,SAAO;GACN;;AAGH,kBAAe"}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@vafast/cors",
-	"version": "0.0.4",
+	"version": "0.0.6",
 	"description": "CORS middleware plugin for Vafast framework",
 	"type": "module",
 	"author": {
@@ -12,14 +12,14 @@
 		"type": "git",
 		"url": "https://github.com/gaurishhs/@vafast/cors"
 	},
-	"main": "./dist/index.js",
-	"module": "./dist/index.js",
-	"types": "./dist/index.d.ts",
+	"main": "./dist/index.mjs",
+	"module": "./dist/index.mjs",
+	"types": "./dist/index.d.mts",
 	"exports": {
 		".": {
-			"types": "./dist/index.d.ts",
-			"import": "./dist/index.js",
-			"default": "./dist/index.js"
+			"types": "./dist/index.d.mts",
+			"import": "./dist/index.mjs",
+			"default": "./dist/index.mjs"
 		}
 	},
 	"bugs": "https://github.com/gaurishhs/@vafast/cors/issues",
@@ -30,7 +30,7 @@
 		"cors"
 	],
 	"scripts": {
-		"build": "tsup",
+		"build": "tsdown",
 		"dev": "npx tsx watch example/index.ts",
 		"test": "npx vitest run",
 		"release": "npm run build && npm run test && npx bumpp && npm publish --access=public"
@@ -45,12 +45,12 @@
 		"@types/debug": "^4.1.12",
 		"@types/node": "^24.3.0",
 		"rimraf": "^6.0.1",
-		"tsup": "^8.5.1",
+		"tsdown": "^0.19.0-beta.4",
 		"typescript": "^5.4.5",
-		"vafast": ">=0.3.11",
+		"vafast": "^0.5.1",
 		"vitest": "^4.0.16"
 	},
 	"peerDependencies": {
-		"vafast": ">=0.3.11"
+		"vafast": "^0.5.1"
 	}
 }

package/dist/index.d.ts

@@ -1,114 +0,0 @@
-import { Middleware } from 'vafast';
-
-type Origin = string | RegExp | ((request: Request) => boolean | void);
-type HTTPMethod = 'ACL' | 'BIND' | 'CHECKOUT' | 'CONNECT' | 'COPY' | 'DELETE' | 'GET' | 'HEAD' | 'LINK' | 'LOCK' | 'M-SEARCH' | 'MERGE' | 'MKACTIVITY' | 'MKCALENDAR' | 'MKCOL' | 'MOVE' | 'NOTIFY' | 'OPTIONS' | 'PATCH' | 'POST' | 'PROPFIND' | 'PROPPATCH' | 'PURGE' | 'PUT' | 'REBIND' | 'REPORT' | 'SEARCH' | 'SOURCE' | 'SUBSCRIBE' | 'TRACE' | 'UNBIND' | 'UNLINK' | 'UNLOCK' | 'UNSUBSCRIBE';
-type MaybeArray<T> = T | T[];
-interface CORSConfig {
-    /**
-     * @default `true`
-     *
-     * Assign the **Access-Control-Allow-Origin** header.
-     *
-     * Value can be one of the following:
-     * - `string` - String of origin which will be directly assign to `Access-Control-Allow-Origin`
-     *
-     * - `boolean` - If set to true, `Access-Control-Allow-Origin` will be set to `*` (accept all origin)
-     *
-     * - `RegExp` - Pattern to use to test with request's url, will accept origin if matched.
-     *
-     * - `Function` - Custom logic to validate origin acceptance or not. will accept origin if `true` is returned.
-     *   - Function will accepts `Request` as parameter
-     *
-     *   ```typescript
-     *   // ? Example usage
-     *   const corsMiddleware = cors({
-     *      origin: (request) => true
-     *   })
-     *
-     *   // Type Definition
-     *   type CORSOriginFn = (request: Request) => boolean | void
-     *   ```
-     *
-     * - `Array<string | RegExp | Function>` - Will try to find truthy value of all options above. Will accept request if one is `true`.
-     */
-    origin?: Origin | boolean | Origin[];
-    /**
-     * @default `*`
-     *
-     * Assign **Access-Control-Allow-Methods** header.
-     *
-     * Value can be one of the following:
-     * Accept:
-     * - `undefined | null | ''` - Ignore all methods.
-     *
-     * - `*` - Accept all methods.
-     *
-     * - `HTTPMethod` - Will be directly set to **Access-Control-Allow-Methods**.
-     * - Expects either a single method or a comma-delimited string (eg: 'GET, PUT, POST')
-     *
-     * - `HTTPMethod[]` - Allow multiple HTTP methods.
-     * - eg: ['GET', 'PUT', 'POST']
-     */
-    methods?: boolean | undefined | null | '' | '*' | MaybeArray<HTTPMethod | (string & {})>;
-    /**
-     * @default `*`
-     *
-     * Assign **Access-Control-Allow-Headers** header.
-     *
-     * Allow incoming request with the specified headers.
-     *
-     * Value can be one of the following:
-     * - `string`
-     *     - Expects either a single method or a comma-delimited string (eg: 'Content-Type, Authorization').
-     *
-     * - `string[]` - Allow multiple HTTP methods.
-     *     - eg: ['Content-Type', 'Authorization']
-     */
-    allowedHeaders?: true | string | string[];
-    /**
-     * @default `*`
-     *
-     * Assign **Access-Control-Expose-Headers** header.
-     *
-     * Return the specified headers to request in CORS mode.
-     *
-     * Value can be one of the following:
-     * - `string`
-     *     - Expects either a single method or a comma-delimited string (eg: 'Content-Type, 'X-Powered-By').
-     *
-     * - `string[]` - Allow multiple HTTP methods.
-     *     - eg: ['Content-Type', 'X-Powered-By']
-     */
-    exposeHeaders?: true | string | string[];
-    /**
-     * @default `true`
-     *
-     * Assign **Access-Control-Allow-Credentials** header.
-     *
-     * Allow incoming requests to send `credentials` header.
-     *
-     * - `boolean` - Available if set to `true`.
-     */
-    credentials?: boolean;
-    /**
-     * @default `5`
-     *
-     * Assign **Access-Control-Max-Age** header.
-     *
-     * Allow incoming requests to send `credentials` header.
-     *
-     * - `number` - Duration in seconds to indicates how long the results of a preflight request can be cached.
-     */
-    maxAge?: number;
-    /**
-     * @default `true`
-     *
-     * Add `[OPTIONS] /*` handler to handle preflight request which response with `HTTP 204` and CORS hints.
-     *
-     * - `boolean` - Available if set to `true`.
-     */
-    preflight?: boolean;
-}
-declare const cors: (config?: CORSConfig) => Middleware;
-
-export { type HTTPMethod, cors, cors as default };

package/dist/index.js

@@ -1,181 +0,0 @@
-// src/index.ts
-import { empty } from "vafast";
-var isBun = typeof new Headers()?.toJSON === "function";
-var processHeaders = (headers) => {
-  if ("toJSON" in headers && typeof headers.toJSON === "function") {
-    return Object.keys(headers.toJSON()).join(", ");
-  }
-  let keys = "";
-  let i = 0;
-  headers.forEach((_, key) => {
-    if (i) keys = keys + ", " + key;
-    else keys = key;
-    i++;
-  });
-  return keys;
-};
-var cors = (config) => {
-  let {
-    origin = true,
-    methods = true,
-    allowedHeaders = true,
-    exposeHeaders = true,
-    credentials = true,
-    maxAge = 5,
-    preflight = true
-  } = config ?? {};
-  if (Array.isArray(allowedHeaders))
-    allowedHeaders = allowedHeaders.join(", ");
-  if (Array.isArray(exposeHeaders)) exposeHeaders = exposeHeaders.join(", ");
-  const origins = typeof origin === "boolean" ? void 0 : Array.isArray(origin) ? origin : [origin];
-  const anyOrigin = origins?.some((o) => o === "*");
-  const originMap = {};
-  if (origins) {
-    for (const origin2 of origins)
-      if (typeof origin2 === "string") originMap[origin2] = true;
-  }
-  const processOrigin = (origin2, request, from) => {
-    if (Array.isArray(origin2))
-      return origin2.some((o) => processOrigin(o, request, from));
-    switch (typeof origin2) {
-      case "string":
-        if (from in originMap) return true;
-        const fromProtocol = from.indexOf("://");
-        if (fromProtocol !== -1) from = from.slice(fromProtocol + 3);
-        return origin2 === from;
-      case "function":
-        return origin2(request) === true;
-      case "object":
-        if (origin2 instanceof RegExp) return origin2.test(from);
-    }
-    return false;
-  };
-  const handleOrigin = (response, request) => {
-    if (origin === true) {
-      response.headers.set("vary", "*");
-      response.headers.set(
-        "access-control-allow-origin",
-        request.headers.get("Origin") || "*"
-      );
-      return;
-    }
-    if (anyOrigin) {
-      response.headers.set("vary", "*");
-      response.headers.set("access-control-allow-origin", "*");
-      return;
-    }
-    if (!origins?.length) return;
-    const headers = [];
-    if (origins.length) {
-      const from = request.headers.get("Origin") ?? "";
-      for (let i = 0; i < origins.length; i++) {
-        const value = processOrigin(origins[i], request, from);
-        if (value === true) {
-          response.headers.set("vary", origin ? "Origin" : "*");
-          response.headers.set(
-            "access-control-allow-origin",
-            from || "*"
-          );
-          return;
-        }
-      }
-    }
-    response.headers.set("vary", "Origin");
-    if (headers.length)
-      response.headers.set(
-        "access-control-allow-origin",
-        headers.join(", ")
-      );
-  };
-  const handleMethod = (response, method) => {
-    if (!method) return;
-    if (methods === true)
-      return response.headers.set(
-        "access-control-allow-methods",
-        method ?? "*"
-      );
-    if (methods === false || !methods?.length) return;
-    if (methods === "*")
-      return response.headers.set("access-control-allow-methods", "*");
-    if (!Array.isArray(methods))
-      return response.headers.set("access-control-allow-methods", methods);
-    response.headers.set("access-control-allow-methods", methods.join(", "));
-  };
-  const setDefaultHeaders = (response) => {
-    if (typeof exposeHeaders === "string")
-      response.headers.set("access-control-expose-headers", exposeHeaders);
-    if (typeof allowedHeaders === "string")
-      response.headers.set("access-control-allow-headers", allowedHeaders);
-    if (credentials === true)
-      response.headers.set("access-control-allow-credentials", "true");
-  };
-  const handlePreflight = async (request) => {
-    const response = empty(204);
-    handleOrigin(response, request);
-    handleMethod(
-      response,
-      request.headers.get("access-control-request-method")
-    );
-    if (allowedHeaders === true || exposeHeaders === true) {
-      if (allowedHeaders === true)
-        response.headers.set(
-          "access-control-allow-headers",
-          request.headers.get("access-control-request-headers") || ""
-        );
-      if (exposeHeaders === true)
-        response.headers.set(
-          "access-control-expose-headers",
-          processHeaders(request.headers)
-        );
-    }
-    if (maxAge)
-      response.headers.set("access-control-max-age", maxAge.toString());
-    return response;
-  };
-  return async (request, next) => {
-    if (preflight && request.method === "OPTIONS") {
-      const response2 = empty(204);
-      handleOrigin(response2, request);
-      handleMethod(
-        response2,
-        request.headers.get("access-control-request-method")
-      );
-      if (allowedHeaders === true || exposeHeaders === true) {
-        if (allowedHeaders === true)
-          response2.headers.set(
-            "access-control-allow-headers",
-            request.headers.get("access-control-request-headers") || ""
-          );
-        if (exposeHeaders === true)
-          response2.headers.set(
-            "access-control-expose-headers",
-            processHeaders(request.headers)
-          );
-      }
-      if (maxAge)
-        response2.headers.set(
-          "access-control-max-age",
-          maxAge.toString()
-        );
-      return response2;
-    }
-    const response = await next();
-    handleOrigin(response, request);
-    handleMethod(response, request.method);
-    setDefaultHeaders(response);
-    if (allowedHeaders === true || exposeHeaders === true) {
-      const headers = processHeaders(request.headers);
-      if (allowedHeaders === true)
-        response.headers.set("access-control-allow-headers", headers);
-      if (exposeHeaders === true)
-        response.headers.set("access-control-expose-headers", headers);
-    }
-    return response;
-  };
-};
-var index_default = cors;
-export {
-  cors,
-  index_default as default
-};
-//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/index.ts"],"sourcesContent":["/* eslint-disable no-case-declarations */\nimport type { Middleware } from 'vafast'\nimport { empty } from 'vafast'\n\ntype Origin = string | RegExp | ((request: Request) => boolean | void)\n\nexport type HTTPMethod =\n\t| 'ACL'\n\t| 'BIND'\n\t| 'CHECKOUT'\n\t| 'CONNECT'\n\t| 'COPY'\n\t| 'DELETE'\n\t| 'GET'\n\t| 'HEAD'\n\t| 'LINK'\n\t| 'LOCK'\n\t| 'M-SEARCH'\n\t| 'MERGE'\n\t| 'MKACTIVITY'\n\t| 'MKCALENDAR'\n\t| 'MKCOL'\n\t| 'MOVE'\n\t| 'NOTIFY'\n\t| 'OPTIONS'\n\t| 'PATCH'\n\t| 'POST'\n\t| 'PROPFIND'\n\t| 'PROPPATCH'\n\t| 'PURGE'\n\t| 'PUT'\n\t| 'REBIND'\n\t| 'REPORT'\n\t| 'SEARCH'\n\t| 'SOURCE'\n\t| 'SUBSCRIBE'\n\t| 'TRACE'\n\t| 'UNBIND'\n\t| 'UNLINK'\n\t| 'UNLOCK'\n\t| 'UNSUBSCRIBE'\n\ntype MaybeArray<T> = T | T[]\n\ninterface CORSConfig {\n\t/**\n\t * @default `true`\n\t *\n\t * Assign the **Access-Control-Allow-Origin** header.\n\t *\n\t * Value can be one of the following:\n\t * - `string` - String of origin which will be directly assign to `Access-Control-Allow-Origin`\n\t *\n\t * - `boolean` - If set to true, `Access-Control-Allow-Origin` will be set to `*` (accept all origin)\n\t *\n\t * - `RegExp` - Pattern to use to test with request's url, will accept origin if matched.\n\t *\n\t * - `Function` - Custom logic to validate origin acceptance or not. will accept origin if `true` is returned.\n\t *   - Function will accepts `Request` as parameter\n\t *\n\t *   ```typescript\n\t *   // ? Example usage\n\t *   const corsMiddleware = cors({\n\t *      origin: (request) => true\n\t *   })\n\t *\n\t *   // Type Definition\n\t *   type CORSOriginFn = (request: Request) => boolean | void\n\t *   ```\n\t *\n\t * - `Array<string | RegExp | Function>` - Will try to find truthy value of all options above. Will accept request if one is `true`.\n\t */\n\torigin?: Origin | boolean | Origin[]\n\t/**\n\t * @default `*`\n\t *\n\t * Assign **Access-Control-Allow-Methods** header.\n\t *\n\t * Value can be one of the following:\n\t * Accept:\n\t * - `undefined | null | ''` - Ignore all methods.\n\t *\n\t * - `*` - Accept all methods.\n\t *\n\t * - `HTTPMethod` - Will be directly set to **Access-Control-Allow-Methods**.\n\t * - Expects either a single method or a comma-delimited string (eg: 'GET, PUT, POST')\n\t *\n\t * - `HTTPMethod[]` - Allow multiple HTTP methods.\n\t * - eg: ['GET', 'PUT', 'POST']\n\t */\n\tmethods?:\n\t\t| boolean\n\t\t| undefined\n\t\t| null\n\t\t| ''\n\t\t| '*'\n\t\t| MaybeArray<HTTPMethod | (string & {})>\n\t/**\n\t * @default `*`\n\t *\n\t * Assign **Access-Control-Allow-Headers** header.\n\t *\n\t * Allow incoming request with the specified headers.\n\t *\n\t * Value can be one of the following:\n\t * - `string`\n\t *     - Expects either a single method or a comma-delimited string (eg: 'Content-Type, Authorization').\n\t *\n\t * - `string[]` - Allow multiple HTTP methods.\n\t *     - eg: ['Content-Type', 'Authorization']\n\t */\n\tallowedHeaders?: true | string | string[]\n\t/**\n\t * @default `*`\n\t *\n\t * Assign **Access-Control-Expose-Headers** header.\n\t *\n\t * Return the specified headers to request in CORS mode.\n\t *\n\t * Value can be one of the following:\n\t * - `string`\n\t *     - Expects either a single method or a comma-delimited string (eg: 'Content-Type, 'X-Powered-By').\n\t *\n\t * - `string[]` - Allow multiple HTTP methods.\n\t *     - eg: ['Content-Type', 'X-Powered-By']\n\t */\n\texposeHeaders?: true | string | string[]\n\t/**\n\t * @default `true`\n\t *\n\t * Assign **Access-Control-Allow-Credentials** header.\n\t *\n\t * Allow incoming requests to send `credentials` header.\n\t *\n\t * - `boolean` - Available if set to `true`.\n\t */\n\tcredentials?: boolean\n\t/**\n\t * @default `5`\n\t *\n\t * Assign **Access-Control-Max-Age** header.\n\t *\n\t * Allow incoming requests to send `credentials` header.\n\t *\n\t * - `number` - Duration in seconds to indicates how long the results of a preflight request can be cached.\n\t */\n\tmaxAge?: number\n\t/**\n\t * @default `true`\n\t *\n\t * Add `[OPTIONS] /*` handler to handle preflight request which response with `HTTP 204` and CORS hints.\n\t *\n\t * - `boolean` - Available if set to `true`.\n\t */\n\tpreflight?: boolean\n}\n\n// @ts-ignore\nconst isBun = typeof new Headers()?.toJSON === 'function'\n\n/**\n * This function is use when headers config is true.\n * Attempts to process headers based on request headers.\n */\nconst processHeaders = (headers: any) => {\n\t// Check if toJSON method exists (Bun specific)\n\tif ('toJSON' in headers && typeof headers.toJSON === 'function') {\n\t\treturn Object.keys(headers.toJSON()).join(', ')\n\t}\n\n\tlet keys = ''\n\n\tlet i = 0\n\theaders.forEach((_: any, key: string) => {\n\t\tif (i) keys = keys + ', ' + key\n\t\telse keys = key\n\n\t\ti++\n\t})\n\n\treturn keys\n}\n\nexport const cors = (config?: CORSConfig): Middleware => {\n\tlet {\n\t\torigin = true,\n\t\tmethods = true,\n\t\tallowedHeaders = true,\n\t\texposeHeaders = true,\n\t\tcredentials = true,\n\t\tmaxAge = 5,\n\t\tpreflight = true\n\t} = config ?? {}\n\n\tif (Array.isArray(allowedHeaders))\n\t\tallowedHeaders = allowedHeaders.join(', ')\n\n\tif (Array.isArray(exposeHeaders)) exposeHeaders = exposeHeaders.join(', ')\n\n\tconst origins =\n\t\ttypeof origin === 'boolean'\n\t\t\t? undefined\n\t\t\t: Array.isArray(origin)\n\t\t\t? origin\n\t\t\t: [origin]\n\n\tconst anyOrigin = origins?.some((o) => o === '*')\n\n\tconst originMap = <Record<string, true>>{}\n\tif (origins)\n\t\tfor (const origin of origins)\n\t\t\tif (typeof origin === 'string') originMap[origin] = true\n\n\tconst processOrigin = (\n\t\torigin: Origin,\n\t\trequest: Request,\n\t\tfrom: string\n\t): boolean => {\n\t\tif (Array.isArray(origin))\n\t\t\treturn origin.some((o) => processOrigin(o, request, from))\n\n\t\tswitch (typeof origin) {\n\t\t\tcase 'string':\n\t\t\t\tif (from in originMap) return true\n\n\t\t\t\tconst fromProtocol = from.indexOf('://')\n\t\t\t\tif (fromProtocol !== -1) from = from.slice(fromProtocol + 3)\n\n\t\t\t\treturn origin === from\n\n\t\t\tcase 'function':\n\t\t\t\treturn origin(request) === true\n\n\t\t\tcase 'object':\n\t\t\t\tif (origin instanceof RegExp) return origin.test(from)\n\t\t}\n\n\t\treturn false\n\t}\n\n\tconst handleOrigin = (response: Response, request: Request) => {\n\t\t// origin === `true` means any origin\n\t\tif (origin === true) {\n\t\t\tresponse.headers.set('vary', '*')\n\t\t\tresponse.headers.set(\n\t\t\t\t'access-control-allow-origin',\n\t\t\t\trequest.headers.get('Origin') || '*'\n\t\t\t)\n\n\t\t\treturn\n\t\t}\n\n\t\tif (anyOrigin) {\n\t\t\tresponse.headers.set('vary', '*')\n\t\t\tresponse.headers.set('access-control-allow-origin', '*')\n\n\t\t\treturn\n\t\t}\n\n\t\tif (!origins?.length) return\n\n\t\tconst headers: string[] = []\n\n\t\tif (origins.length) {\n\t\t\tconst from = request.headers.get('Origin') ?? ''\n\t\t\tfor (let i = 0; i < origins.length; i++) {\n\t\t\t\tconst value = processOrigin(origins[i]!, request, from)\n\t\t\t\tif (value === true) {\n\t\t\t\t\tresponse.headers.set('vary', origin ? 'Origin' : '*')\n\t\t\t\t\tresponse.headers.set(\n\t\t\t\t\t\t'access-control-allow-origin',\n\t\t\t\t\t\tfrom || '*'\n\t\t\t\t\t)\n\n\t\t\t\t\treturn\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tresponse.headers.set('vary', 'Origin')\n\t\tif (headers.length)\n\t\t\tresponse.headers.set(\n\t\t\t\t'access-control-allow-origin',\n\t\t\t\theaders.join(', ')\n\t\t\t)\n\t}\n\n\tconst handleMethod = (response: Response, method?: string | null) => {\n\t\tif (!method) return\n\n\t\tif (methods === true)\n\t\t\treturn response.headers.set(\n\t\t\t\t'access-control-allow-methods',\n\t\t\t\tmethod ?? '*'\n\t\t\t)\n\n\t\tif (methods === false || !methods?.length) return\n\n\t\tif (methods === '*')\n\t\t\treturn response.headers.set('access-control-allow-methods', '*')\n\n\t\tif (!Array.isArray(methods))\n\t\t\treturn response.headers.set('access-control-allow-methods', methods)\n\n\t\tresponse.headers.set('access-control-allow-methods', methods.join(', '))\n\t}\n\n\tconst setDefaultHeaders = (response: Response) => {\n\t\tif (typeof exposeHeaders === 'string')\n\t\t\tresponse.headers.set('access-control-expose-headers', exposeHeaders)\n\n\t\tif (typeof allowedHeaders === 'string')\n\t\t\tresponse.headers.set('access-control-allow-headers', allowedHeaders)\n\n\t\tif (credentials === true)\n\t\t\tresponse.headers.set('access-control-allow-credentials', 'true')\n\t}\n\n\tconst handlePreflight = async (request: Request): Promise<Response> => {\n\t\tconst response = empty(204)\n\n\t\thandleOrigin(response, request)\n\t\thandleMethod(\n\t\t\tresponse,\n\t\t\trequest.headers.get('access-control-request-method')\n\t\t)\n\n\t\tif (allowedHeaders === true || exposeHeaders === true) {\n\t\t\tif (allowedHeaders === true)\n\t\t\t\tresponse.headers.set(\n\t\t\t\t\t'access-control-allow-headers',\n\t\t\t\t\trequest.headers.get('access-control-request-headers') || ''\n\t\t\t\t)\n\n\t\t\tif (exposeHeaders === true)\n\t\t\t\tresponse.headers.set(\n\t\t\t\t\t'access-control-expose-headers',\n\t\t\t\t\tprocessHeaders(request.headers)\n\t\t\t\t)\n\t\t}\n\n\t\tif (maxAge)\n\t\t\tresponse.headers.set('access-control-max-age', maxAge.toString())\n\n\t\treturn response\n\t}\n\n\treturn async (request: Request, next: () => Promise<Response>) => {\n\t\t// Handle preflight requests\n\t\tif (preflight && request.method === 'OPTIONS') {\n\t\t\tconst response = empty(204)\n\n\t\t\thandleOrigin(response, request)\n\t\t\thandleMethod(\n\t\t\t\tresponse,\n\t\t\t\trequest.headers.get('access-control-request-method')\n\t\t\t)\n\n\t\t\tif (allowedHeaders === true || exposeHeaders === true) {\n\t\t\t\tif (allowedHeaders === true)\n\t\t\t\t\tresponse.headers.set(\n\t\t\t\t\t\t'access-control-allow-headers',\n\t\t\t\t\t\trequest.headers.get('access-control-request-headers') ||\n\t\t\t\t\t\t\t''\n\t\t\t\t\t)\n\n\t\t\t\tif (exposeHeaders === true)\n\t\t\t\t\tresponse.headers.set(\n\t\t\t\t\t\t'access-control-expose-headers',\n\t\t\t\t\t\tprocessHeaders(request.headers)\n\t\t\t\t\t)\n\t\t\t}\n\n\t\t\tif (maxAge)\n\t\t\t\tresponse.headers.set(\n\t\t\t\t\t'access-control-max-age',\n\t\t\t\t\tmaxAge.toString()\n\t\t\t\t)\n\n\t\t\treturn response\n\t\t}\n\n\t\t// Process CORS for actual requests\n\t\tconst response = await next()\n\n\t\thandleOrigin(response, request)\n\t\thandleMethod(response, request.method)\n\t\tsetDefaultHeaders(response)\n\n\t\tif (allowedHeaders === true || exposeHeaders === true) {\n\t\t\tconst headers = processHeaders(request.headers)\n\n\t\t\tif (allowedHeaders === true)\n\t\t\t\tresponse.headers.set('access-control-allow-headers', headers)\n\n\t\t\tif (exposeHeaders === true)\n\t\t\t\tresponse.headers.set('access-control-expose-headers', headers)\n\t\t}\n\n\t\treturn response\n\t}\n}\n\nexport default cors\n"],"mappings":";AAEA,SAAS,aAAa;AA4JtB,IAAM,QAAQ,OAAO,IAAI,QAAQ,GAAG,WAAW;AAM/C,IAAM,iBAAiB,CAAC,YAAiB;AAExC,MAAI,YAAY,WAAW,OAAO,QAAQ,WAAW,YAAY;AAChE,WAAO,OAAO,KAAK,QAAQ,OAAO,CAAC,EAAE,KAAK,IAAI;AAAA,EAC/C;AAEA,MAAI,OAAO;AAEX,MAAI,IAAI;AACR,UAAQ,QAAQ,CAAC,GAAQ,QAAgB;AACxC,QAAI,EAAG,QAAO,OAAO,OAAO;AAAA,QACvB,QAAO;AAEZ;AAAA,EACD,CAAC;AAED,SAAO;AACR;AAEO,IAAM,OAAO,CAAC,WAAoC;AACxD,MAAI;AAAA,IACH,SAAS;AAAA,IACT,UAAU;AAAA,IACV,iBAAiB;AAAA,IACjB,gBAAgB;AAAA,IAChB,cAAc;AAAA,IACd,SAAS;AAAA,IACT,YAAY;AAAA,EACb,IAAI,UAAU,CAAC;AAEf,MAAI,MAAM,QAAQ,cAAc;AAC/B,qBAAiB,eAAe,KAAK,IAAI;AAE1C,MAAI,MAAM,QAAQ,aAAa,EAAG,iBAAgB,cAAc,KAAK,IAAI;AAEzE,QAAM,UACL,OAAO,WAAW,YACf,SACA,MAAM,QAAQ,MAAM,IACpB,SACA,CAAC,MAAM;AAEX,QAAM,YAAY,SAAS,KAAK,CAAC,MAAM,MAAM,GAAG;AAEhD,QAAM,YAAkC,CAAC;AACzC,MAAI;AACH,eAAWA,WAAU;AACpB,UAAI,OAAOA,YAAW,SAAU,WAAUA,OAAM,IAAI;AAAA;AAEtD,QAAM,gBAAgB,CACrBA,SACA,SACA,SACa;AACb,QAAI,MAAM,QAAQA,OAAM;AACvB,aAAOA,QAAO,KAAK,CAAC,MAAM,cAAc,GAAG,SAAS,IAAI,CAAC;AAE1D,YAAQ,OAAOA,SAAQ;AAAA,MACtB,KAAK;AACJ,YAAI,QAAQ,UAAW,QAAO;AAE9B,cAAM,eAAe,KAAK,QAAQ,KAAK;AACvC,YAAI,iBAAiB,GAAI,QAAO,KAAK,MAAM,eAAe,CAAC;AAE3D,eAAOA,YAAW;AAAA,MAEnB,KAAK;AACJ,eAAOA,QAAO,OAAO,MAAM;AAAA,MAE5B,KAAK;AACJ,YAAIA,mBAAkB,OAAQ,QAAOA,QAAO,KAAK,IAAI;AAAA,IACvD;AAEA,WAAO;AAAA,EACR;AAEA,QAAM,eAAe,CAAC,UAAoB,YAAqB;AAE9D,QAAI,WAAW,MAAM;AACpB,eAAS,QAAQ,IAAI,QAAQ,GAAG;AAChC,eAAS,QAAQ;AAAA,QAChB;AAAA,QACA,QAAQ,QAAQ,IAAI,QAAQ,KAAK;AAAA,MAClC;AAEA;AAAA,IACD;AAEA,QAAI,WAAW;AACd,eAAS,QAAQ,IAAI,QAAQ,GAAG;AAChC,eAAS,QAAQ,IAAI,+BAA+B,GAAG;AAEvD;AAAA,IACD;AAEA,QAAI,CAAC,SAAS,OAAQ;AAEtB,UAAM,UAAoB,CAAC;AAE3B,QAAI,QAAQ,QAAQ;AACnB,YAAM,OAAO,QAAQ,QAAQ,IAAI,QAAQ,KAAK;AAC9C,eAAS,IAAI,GAAG,IAAI,QAAQ,QAAQ,KAAK;AACxC,cAAM,QAAQ,cAAc,QAAQ,CAAC,GAAI,SAAS,IAAI;AACtD,YAAI,UAAU,MAAM;AACnB,mBAAS,QAAQ,IAAI,QAAQ,SAAS,WAAW,GAAG;AACpD,mBAAS,QAAQ;AAAA,YAChB;AAAA,YACA,QAAQ;AAAA,UACT;AAEA;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAEA,aAAS,QAAQ,IAAI,QAAQ,QAAQ;AACrC,QAAI,QAAQ;AACX,eAAS,QAAQ;AAAA,QAChB;AAAA,QACA,QAAQ,KAAK,IAAI;AAAA,MAClB;AAAA,EACF;AAEA,QAAM,eAAe,CAAC,UAAoB,WAA2B;AACpE,QAAI,CAAC,OAAQ;AAEb,QAAI,YAAY;AACf,aAAO,SAAS,QAAQ;AAAA,QACvB;AAAA,QACA,UAAU;AAAA,MACX;AAED,QAAI,YAAY,SAAS,CAAC,SAAS,OAAQ;AAE3C,QAAI,YAAY;AACf,aAAO,SAAS,QAAQ,IAAI,gCAAgC,GAAG;AAEhE,QAAI,CAAC,MAAM,QAAQ,OAAO;AACzB,aAAO,SAAS,QAAQ,IAAI,gCAAgC,OAAO;AAEpE,aAAS,QAAQ,IAAI,gCAAgC,QAAQ,KAAK,IAAI,CAAC;AAAA,EACxE;AAEA,QAAM,oBAAoB,CAAC,aAAuB;AACjD,QAAI,OAAO,kBAAkB;AAC5B,eAAS,QAAQ,IAAI,iCAAiC,aAAa;AAEpE,QAAI,OAAO,mBAAmB;AAC7B,eAAS,QAAQ,IAAI,gCAAgC,cAAc;AAEpE,QAAI,gBAAgB;AACnB,eAAS,QAAQ,IAAI,oCAAoC,MAAM;AAAA,EACjE;AAEA,QAAM,kBAAkB,OAAO,YAAwC;AACtE,UAAM,WAAW,MAAM,GAAG;AAE1B,iBAAa,UAAU,OAAO;AAC9B;AAAA,MACC;AAAA,MACA,QAAQ,QAAQ,IAAI,+BAA+B;AAAA,IACpD;AAEA,QAAI,mBAAmB,QAAQ,kBAAkB,MAAM;AACtD,UAAI,mBAAmB;AACtB,iBAAS,QAAQ;AAAA,UAChB;AAAA,UACA,QAAQ,QAAQ,IAAI,gCAAgC,KAAK;AAAA,QAC1D;AAED,UAAI,kBAAkB;AACrB,iBAAS,QAAQ;AAAA,UAChB;AAAA,UACA,eAAe,QAAQ,OAAO;AAAA,QAC/B;AAAA,IACF;AAEA,QAAI;AACH,eAAS,QAAQ,IAAI,0BAA0B,OAAO,SAAS,CAAC;AAEjE,WAAO;AAAA,EACR;AAEA,SAAO,OAAO,SAAkB,SAAkC;AAEjE,QAAI,aAAa,QAAQ,WAAW,WAAW;AAC9C,YAAMC,YAAW,MAAM,GAAG;AAE1B,mBAAaA,WAAU,OAAO;AAC9B;AAAA,QACCA;AAAA,QACA,QAAQ,QAAQ,IAAI,+BAA+B;AAAA,MACpD;AAEA,UAAI,mBAAmB,QAAQ,kBAAkB,MAAM;AACtD,YAAI,mBAAmB;AACtB,UAAAA,UAAS,QAAQ;AAAA,YAChB;AAAA,YACA,QAAQ,QAAQ,IAAI,gCAAgC,KACnD;AAAA,UACF;AAED,YAAI,kBAAkB;AACrB,UAAAA,UAAS,QAAQ;AAAA,YAChB;AAAA,YACA,eAAe,QAAQ,OAAO;AAAA,UAC/B;AAAA,MACF;AAEA,UAAI;AACH,QAAAA,UAAS,QAAQ;AAAA,UAChB;AAAA,UACA,OAAO,SAAS;AAAA,QACjB;AAED,aAAOA;AAAA,IACR;AAGA,UAAM,WAAW,MAAM,KAAK;AAE5B,iBAAa,UAAU,OAAO;AAC9B,iBAAa,UAAU,QAAQ,MAAM;AACrC,sBAAkB,QAAQ;AAE1B,QAAI,mBAAmB,QAAQ,kBAAkB,MAAM;AACtD,YAAM,UAAU,eAAe,QAAQ,OAAO;AAE9C,UAAI,mBAAmB;AACtB,iBAAS,QAAQ,IAAI,gCAAgC,OAAO;AAE7D,UAAI,kBAAkB;AACrB,iBAAS,QAAQ,IAAI,iCAAiC,OAAO;AAAA,IAC/D;AAEA,WAAO;AAAA,EACR;AACD;AAEA,IAAO,gBAAQ;","names":["origin","response"]}