npm - @wooksjs/event-http - Versions diffs - 0.5.25 → 0.6.1 - Mend

@wooksjs/event-http 0.5.25 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.cjs CHANGED Viewed

@@ -1,4 +1,3 @@
-"use strict";
 //#region rolldown:runtime
 var __create = Object.create;
 var __defProp = Object.defineProperty;
@@ -24,6 +23,9 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 //#endregion
 const __wooksjs_event_core = __toESM(require("@wooksjs/event-core"));
 const buffer = __toESM(require("buffer"));
+const node_stream = __toESM(require("node:stream"));
+const node_util = __toESM(require("node:util"));
+const node_zlib = __toESM(require("node:zlib"));
 const url = __toESM(require("url"));
 const http = __toESM(require("http"));
 const wooks = __toESM(require("wooks"));
@@ -39,6 +41,10 @@ function createHttpContext(data, options) {
 		options
 	});
 }
+/**
+* Wrapper on useEventContext with HTTP event types
+* @returns set of hooks { getCtx, restoreCtx, clearCtx, hookStore, getStore, setStore }
+*/
 function useHttpContext() {
 	return (0, __wooksjs_event_core.useAsyncEventContext)("HTTP");
 }
@@ -73,12 +79,12 @@ function convertTime(time, unit = "ms") {
 const units = {
 	ms: 1,
 	s: 1e3,
-	m: 6e4,
-	h: 36e5,
-	d: 864e5,
-	w: 6048e5,
-	M: 2592e6,
-	Y: 31536e6
+	m: 1e3 * 60,
+	h: 1e3 * 60 * 60,
+	d: 1e3 * 60 * 60 * 24,
+	w: 1e3 * 60 * 60 * 24 * 7,
+	M: 1e3 * 60 * 60 * 24 * 30,
+	Y: 1e3 * 60 * 60 * 24 * 365
 };
 //#endregion
@@ -104,35 +110,426 @@ const cookieAttrFunc = {
 	sameSite: (v) => v ? `SameSite=${typeof v === "string" ? v : "Strict"}` : ""
 };
+//#endregion
+//#region packages/event-http/src/compressor/body-compressor.ts
+const compressors = { identity: {
+	compress: (v) => v,
+	uncompress: (v) => v,
+	stream: {
+		compress: (data) => data,
+		uncompress: (data) => data
+	}
+} };
+function encodingSupportsStream(encodings) {
+	return encodings.every((enc) => compressors[enc]?.stream);
+}
+async function uncompressBody(encodings, compressed) {
+	let buf = compressed;
+	for (const enc of encodings.slice().reverse()) {
+		const c = compressors[enc];
+		if (!c) throw new Error(`Unsupported compression type "${enc}".`);
+		buf = await c.uncompress(buf);
+	}
+	return buf;
+}
+async function uncompressBodyStream(encodings, src) {
+	if (!encodingSupportsStream(encodings)) throw new Error("Some encodings lack a streaming decompressor");
+	let out = src;
+	for (const enc of Array.from(encodings).reverse()) out = await compressors[enc].stream.uncompress(out);
+	return out;
+}
+//#endregion
+//#region packages/event-http/src/compressor/zlib-compressors.ts
+const pipeline = node_stream.pipeline;
+function iterableToReadable(src) {
+	return node_stream.Readable.from(src, { objectMode: false });
+}
+function pump(src, transform) {
+	pipeline(iterableToReadable(src), transform, (err) => {
+		if (err) transform.destroy(err);
+	});
+	return transform;
+}
+function addStreamCodec(name, createDeflater, createInflater) {
+	const c = compressors[name] ?? (compressors[name] = {
+		compress: (v) => v,
+		uncompress: (v) => v
+	});
+	c.stream = {
+		compress: async (src) => pump(src, createDeflater()),
+		uncompress: async (src) => pump(src, createInflater())
+	};
+}
+addStreamCodec("gzip", node_zlib.createGzip, node_zlib.createGunzip);
+addStreamCodec("deflate", node_zlib.createDeflate, node_zlib.createInflate);
+addStreamCodec("br", node_zlib.createBrotliCompress, node_zlib.createBrotliDecompress);
+let zp;
+async function zlib() {
+	if (!zp) {
+		const { gzip, gunzip, deflate, inflate, brotliCompress, brotliDecompress } = await import("node:zlib");
+		zp = {
+			gzip: (0, node_util.promisify)(gzip),
+			gunzip: (0, node_util.promisify)(gunzip),
+			deflate: (0, node_util.promisify)(deflate),
+			inflate: (0, node_util.promisify)(inflate),
+			brotliCompress: (0, node_util.promisify)(brotliCompress),
+			brotliDecompress: (0, node_util.promisify)(brotliDecompress)
+		};
+	}
+	return zp;
+}
+compressors.gzip.compress = async (b) => (await zlib()).gzip(b);
+compressors.gzip.uncompress = async (b) => (await zlib()).gunzip(b);
+compressors.deflate.compress = async (b) => (await zlib()).deflate(b);
+compressors.deflate.uncompress = async (b) => (await zlib()).inflate(b);
+compressors.br.compress = async (b) => (await zlib()).brotliCompress(b);
+compressors.br.uncompress = async (b) => (await zlib()).brotliDecompress(b);
+//#endregion
+//#region packages/event-http/src/response/renderer.ts
+var BaseHttpResponseRenderer = class {
+	render(response) {
+		if (typeof response.body === "string" || typeof response.body === "boolean" || typeof response.body === "number") {
+			if (!response.getContentType()) response.setContentType("text/plain");
+			return response.body.toString();
+		}
+		if (response.body === void 0) return "";
+		if (response.body instanceof Uint8Array) return response.body;
+		if (typeof response.body === "object") {
+			if (!response.getContentType()) response.setContentType("application/json");
+			return JSON.stringify(response.body);
+		}
+		throw new Error(`Unsupported body format "${typeof response.body}"`);
+	}
+};
+//#endregion
+//#region packages/event-http/src/utils/status-codes.ts
+const httpStatusCodes = {
+	100: "Continue",
+	101: "Switching protocols",
+	102: "Processing",
+	103: "Early Hints",
+	200: "OK",
+	201: "Created",
+	202: "Accepted",
+	203: "Non-Authoritative Information",
+	204: "No Content",
+	205: "Reset Content",
+	206: "Partial Content",
+	207: "Multi-Status",
+	208: "Already Reported",
+	226: "IM Used",
+	300: "Multiple Choices",
+	301: "Moved Permanently",
+	302: "Found (Previously \"Moved Temporarily\")",
+	303: "See Other",
+	304: "Not Modified",
+	305: "Use Proxy",
+	306: "Switch Proxy",
+	307: "Temporary Redirect",
+	308: "Permanent Redirect",
+	400: "Bad Request",
+	401: "Unauthorized",
+	402: "Payment Required",
+	403: "Forbidden",
+	404: "Not Found",
+	405: "Method Not Allowed",
+	406: "Not Acceptable",
+	407: "Proxy Authentication Required",
+	408: "Request Timeout",
+	409: "Conflict",
+	410: "Gone",
+	411: "Length Required",
+	412: "Precondition Failed",
+	413: "Payload Too Large",
+	414: "URI Too Long",
+	415: "Unsupported Media Type",
+	416: "Range Not Satisfiable",
+	417: "Expectation Failed",
+	418: "I'm a Teapot",
+	421: "Misdirected Request",
+	422: "Unprocessable Entity",
+	423: "Locked",
+	424: "Failed Dependency",
+	425: "Too Early",
+	426: "Upgrade Required",
+	428: "Precondition Required",
+	429: "Too Many Requests",
+	431: "Request Header Fields Too Large",
+	451: "Unavailable For Legal Reasons",
+	500: "Internal Server Error",
+	501: "Not Implemented",
+	502: "Bad Gateway",
+	503: "Service Unavailable",
+	504: "Gateway Timeout",
+	505: "HTTP Version Not Supported",
+	506: "Variant Also Negotiates",
+	507: "Insufficient Storage",
+	508: "Loop Detected",
+	510: "Not Extended",
+	511: "Network Authentication Required"
+};
+let EHttpStatusCode = /* @__PURE__ */ function(EHttpStatusCode$1) {
+	EHttpStatusCode$1[EHttpStatusCode$1["Continue"] = 100] = "Continue";
+	EHttpStatusCode$1[EHttpStatusCode$1["SwitchingProtocols"] = 101] = "SwitchingProtocols";
+	EHttpStatusCode$1[EHttpStatusCode$1["Processing"] = 102] = "Processing";
+	EHttpStatusCode$1[EHttpStatusCode$1["EarlyHints"] = 103] = "EarlyHints";
+	EHttpStatusCode$1[EHttpStatusCode$1["OK"] = 200] = "OK";
+	EHttpStatusCode$1[EHttpStatusCode$1["Created"] = 201] = "Created";
+	EHttpStatusCode$1[EHttpStatusCode$1["Accepted"] = 202] = "Accepted";
+	EHttpStatusCode$1[EHttpStatusCode$1["NonAuthoritativeInformation"] = 203] = "NonAuthoritativeInformation";
+	EHttpStatusCode$1[EHttpStatusCode$1["NoContent"] = 204] = "NoContent";
+	EHttpStatusCode$1[EHttpStatusCode$1["ResetContent"] = 205] = "ResetContent";
+	EHttpStatusCode$1[EHttpStatusCode$1["PartialContent"] = 206] = "PartialContent";
+	EHttpStatusCode$1[EHttpStatusCode$1["MultiStatus"] = 207] = "MultiStatus";
+	EHttpStatusCode$1[EHttpStatusCode$1["AlreadyReported"] = 208] = "AlreadyReported";
+	EHttpStatusCode$1[EHttpStatusCode$1["IMUsed"] = 226] = "IMUsed";
+	EHttpStatusCode$1[EHttpStatusCode$1["MultipleChoices"] = 300] = "MultipleChoices";
+	EHttpStatusCode$1[EHttpStatusCode$1["MovedPermanently"] = 301] = "MovedPermanently";
+	EHttpStatusCode$1[EHttpStatusCode$1["Found"] = 302] = "Found";
+	EHttpStatusCode$1[EHttpStatusCode$1["SeeOther"] = 303] = "SeeOther";
+	EHttpStatusCode$1[EHttpStatusCode$1["NotModified"] = 304] = "NotModified";
+	EHttpStatusCode$1[EHttpStatusCode$1["UseProxy"] = 305] = "UseProxy";
+	EHttpStatusCode$1[EHttpStatusCode$1["SwitchProxy"] = 306] = "SwitchProxy";
+	EHttpStatusCode$1[EHttpStatusCode$1["TemporaryRedirect"] = 307] = "TemporaryRedirect";
+	EHttpStatusCode$1[EHttpStatusCode$1["PermanentRedirect"] = 308] = "PermanentRedirect";
+	EHttpStatusCode$1[EHttpStatusCode$1["BadRequest"] = 400] = "BadRequest";
+	EHttpStatusCode$1[EHttpStatusCode$1["Unauthorized"] = 401] = "Unauthorized";
+	EHttpStatusCode$1[EHttpStatusCode$1["PaymentRequired"] = 402] = "PaymentRequired";
+	EHttpStatusCode$1[EHttpStatusCode$1["Forbidden"] = 403] = "Forbidden";
+	EHttpStatusCode$1[EHttpStatusCode$1["NotFound"] = 404] = "NotFound";
+	EHttpStatusCode$1[EHttpStatusCode$1["MethodNotAllowed"] = 405] = "MethodNotAllowed";
+	EHttpStatusCode$1[EHttpStatusCode$1["NotAcceptable"] = 406] = "NotAcceptable";
+	EHttpStatusCode$1[EHttpStatusCode$1["ProxyAuthenticationRequired"] = 407] = "ProxyAuthenticationRequired";
+	EHttpStatusCode$1[EHttpStatusCode$1["RequestTimeout"] = 408] = "RequestTimeout";
+	EHttpStatusCode$1[EHttpStatusCode$1["Conflict"] = 409] = "Conflict";
+	EHttpStatusCode$1[EHttpStatusCode$1["Gone"] = 410] = "Gone";
+	EHttpStatusCode$1[EHttpStatusCode$1["LengthRequired"] = 411] = "LengthRequired";
+	EHttpStatusCode$1[EHttpStatusCode$1["PreconditionFailed"] = 412] = "PreconditionFailed";
+	EHttpStatusCode$1[EHttpStatusCode$1["PayloadTooLarge"] = 413] = "PayloadTooLarge";
+	EHttpStatusCode$1[EHttpStatusCode$1["URITooLong"] = 414] = "URITooLong";
+	EHttpStatusCode$1[EHttpStatusCode$1["UnsupportedMediaType"] = 415] = "UnsupportedMediaType";
+	EHttpStatusCode$1[EHttpStatusCode$1["RangeNotSatisfiable"] = 416] = "RangeNotSatisfiable";
+	EHttpStatusCode$1[EHttpStatusCode$1["ExpectationFailed"] = 417] = "ExpectationFailed";
+	EHttpStatusCode$1[EHttpStatusCode$1["ImATeapot"] = 418] = "ImATeapot";
+	EHttpStatusCode$1[EHttpStatusCode$1["MisdirectedRequest"] = 421] = "MisdirectedRequest";
+	EHttpStatusCode$1[EHttpStatusCode$1["UnprocessableEntity"] = 422] = "UnprocessableEntity";
+	EHttpStatusCode$1[EHttpStatusCode$1["Locked"] = 423] = "Locked";
+	EHttpStatusCode$1[EHttpStatusCode$1["FailedDependency"] = 424] = "FailedDependency";
+	EHttpStatusCode$1[EHttpStatusCode$1["TooEarly"] = 425] = "TooEarly";
+	EHttpStatusCode$1[EHttpStatusCode$1["UpgradeRequired"] = 426] = "UpgradeRequired";
+	EHttpStatusCode$1[EHttpStatusCode$1["PreconditionRequired"] = 428] = "PreconditionRequired";
+	EHttpStatusCode$1[EHttpStatusCode$1["TooManyRequests"] = 429] = "TooManyRequests";
+	EHttpStatusCode$1[EHttpStatusCode$1["RequestHeaderFieldsTooLarge"] = 431] = "RequestHeaderFieldsTooLarge";
+	EHttpStatusCode$1[EHttpStatusCode$1["UnavailableForLegalReasons"] = 451] = "UnavailableForLegalReasons";
+	EHttpStatusCode$1[EHttpStatusCode$1["InternalServerError"] = 500] = "InternalServerError";
+	EHttpStatusCode$1[EHttpStatusCode$1["NotImplemented"] = 501] = "NotImplemented";
+	EHttpStatusCode$1[EHttpStatusCode$1["BadGateway"] = 502] = "BadGateway";
+	EHttpStatusCode$1[EHttpStatusCode$1["ServiceUnavailable"] = 503] = "ServiceUnavailable";
+	EHttpStatusCode$1[EHttpStatusCode$1["GatewayTimeout"] = 504] = "GatewayTimeout";
+	EHttpStatusCode$1[EHttpStatusCode$1["HTTPVersionNotSupported"] = 505] = "HTTPVersionNotSupported";
+	EHttpStatusCode$1[EHttpStatusCode$1["VariantAlsoNegotiates"] = 506] = "VariantAlsoNegotiates";
+	EHttpStatusCode$1[EHttpStatusCode$1["InsufficientStorage"] = 507] = "InsufficientStorage";
+	EHttpStatusCode$1[EHttpStatusCode$1["LoopDetected"] = 508] = "LoopDetected";
+	EHttpStatusCode$1[EHttpStatusCode$1["NotExtended"] = 510] = "NotExtended";
+	EHttpStatusCode$1[EHttpStatusCode$1["NetworkAuthenticationRequired"] = 511] = "NetworkAuthenticationRequired";
+	return EHttpStatusCode$1;
+}({});
+//#endregion
+//#region packages/event-http/src/errors/error-renderer.ts
+const preStyles = "font-family: monospace;width: 100%;max-width: 900px;padding: 10px;margin: 20px auto;border-radius: 8px;background-color: #494949;box-shadow: 0px 0px 3px 2px rgb(255 255 255 / 20%);";
+var HttpErrorRenderer = class extends BaseHttpResponseRenderer {
+	renderHtml(response) {
+		const data = response.body || {};
+		response.setContentType("text/html");
+		const keys = Object.keys(data).filter((key) => ![
+			"statusCode",
+			"error",
+			"message"
+		].includes(key));
+		return `<html style="background-color: #333; color: #bbb;"><head><title>${data.statusCode} ${httpStatusCodes[data.statusCode]}</title></head><body><center><h1>${data.statusCode} ${httpStatusCodes[data.statusCode]}</h1></center><center><h4>${data.message}</h1></center><hr color="#666"><center style="color: #666;"> Wooks v0.6.0 </center>${keys.length > 0 ? `<pre style="${preStyles}">${JSON.stringify({
+			...data,
+			statusCode: void 0,
+			message: void 0,
+			error: void 0
+		}, null, "  ")}</pre>` : ""}</body></html>`;
+	}
+	renderText(response) {
+		const data = response.body || {};
+		response.setContentType("text/plain");
+		const keys = Object.keys(data).filter((key) => ![
+			"statusCode",
+			"error",
+			"message"
+		].includes(key));
+		return `${data.statusCode} ${httpStatusCodes[data.statusCode]}\n${data.message}\n\n${keys.length > 0 ? `${JSON.stringify({
+			...data,
+			statusCode: void 0,
+			message: void 0,
+			error: void 0
+		}, null, "  ")}` : ""}`;
+	}
+	renderJson(response) {
+		const data = response.body || {};
+		response.setContentType("application/json");
+		const keys = Object.keys(data).filter((key) => ![
+			"statusCode",
+			"error",
+			"message"
+		].includes(key));
+		return `{"statusCode":${escapeQuotes(data.statusCode)},"error":"${escapeQuotes(data.error)}","message":"${escapeQuotes(data.message)}"${keys.length > 0 ? `,${keys.map((k) => `"${escapeQuotes(k)}":${JSON.stringify(data[k])}`).join(",")}` : ""}}`;
+	}
+	render(response) {
+		const { acceptsJson, acceptsText, acceptsHtml } = useAccept();
+		response.status = response.body?.statusCode || 500;
+		if (acceptsJson()) return this.renderJson(response);
+		else if (acceptsHtml()) return this.renderHtml(response);
+		else if (acceptsText()) return this.renderText(response);
+		else return this.renderJson(response);
+	}
+};
+function escapeQuotes(s) {
+	return (typeof s === "number" ? s : s || "").toString().replace(/"/gu, "\\\"");
+}
+//#endregion
+//#region packages/event-http/src/errors/http-error.ts
+var HttpError = class extends Error {
+	name = "HttpError";
+	constructor(code = 500, _body = "") {
+		super(typeof _body === "string" ? _body : _body.message);
+		this.code = code;
+		this._body = _body;
+	}
+	get body() {
+		return typeof this._body === "string" ? {
+			statusCode: this.code,
+			message: this.message,
+			error: httpStatusCodes[this.code]
+		} : {
+			...this._body,
+			statusCode: this.code,
+			message: this.message,
+			error: httpStatusCodes[this.code]
+		};
+	}
+	renderer;
+	attachRenderer(renderer) {
+		this.renderer = renderer;
+	}
+	getRenderer() {
+		return this.renderer;
+	}
+};
 //#endregion
 //#region packages/event-http/src/composables/request.ts
 const xForwardedFor = "x-forwarded-for";
+const DEFAULT_LIMITS = {
+	maxCompressed: 1 * 1024 * 1024,
+	maxInflated: 10 * 1024 * 1024,
+	maxRatio: 100,
+	readTimeoutMs: 1e4
+};
 function useRequest() {
 	const { store } = useHttpContext();
-	const { init } = store("request");
+	const { init, get, set } = store("request");
 	const event = store("event");
 	const req = event.get("req");
-	const rawBody = () => init("rawBody", () => new Promise((resolve, reject) => {
-		let body = buffer.Buffer.from("");
-		req.on("data", (chunk) => {
-			body = buffer.Buffer.concat([body, chunk]);
-		});
-		req.on("error", (err) => {
-			reject(err);
-		});
-		req.on("end", () => {
-			resolve(body);
-		});
-	}));
+	const contentEncoding = req.headers["content-encoding"];
+	const contentEncodings = () => init("contentEncodings", () => (contentEncoding || "").split(",").map((p) => p.trim()).filter((p) => !!p));
+	const isCompressed = () => init("isCompressed", () => {
+		const parts = contentEncodings();
+		for (const p of parts) if ([
+			"deflate",
+			"gzip",
+			"br"
+		].includes(p)) return true;
+		return false;
+	});
+	const getMaxCompressed = () => get("maxCompressed") ?? DEFAULT_LIMITS.maxCompressed;
+	const setMaxCompressed = (limit) => set("maxCompressed", limit);
+	const getReadTimeoutMs = () => get("readTimeoutMs") ?? DEFAULT_LIMITS.readTimeoutMs;
+	const setReadTimeoutMs = (limit) => set("readTimeoutMs", limit);
+	const getMaxInflated = () => get("maxInflated") ?? DEFAULT_LIMITS.maxInflated;
+	const setMaxInflated = (limit) => set("maxInflated", limit);
+	const rawBody = () => init("rawBody", async () => {
+		const encs = contentEncodings();
+		const isZip = isCompressed();
+		const streamable = isZip && encodingSupportsStream(encs);
+		const maxCompressed = getMaxCompressed();
+		const maxInflated = getMaxInflated();
+		const timeoutMs = getReadTimeoutMs();
+		const cl = Number(req.headers["content-length"] ?? 0);
+		const upfrontLimit = isZip ? maxCompressed : maxInflated;
+		if (cl && cl > upfrontLimit) throw new HttpError(413, "Payload Too Large");
+		for (const enc of encs) if (!compressors[enc]) throw new HttpError(415, `Unsupported Content-Encoding "${enc}"`);
+		let timer = null;
+		function resetTimer() {
+			if (timeoutMs === 0) return;
+			clearTimer();
+			timer = setTimeout(() => {
+				clearTimer();
+				req.destroy();
+			}, timeoutMs);
+		}
+		function clearTimer() {
+			if (timer) {
+				clearTimeout(timer);
+				timer = null;
+			}
+		}
+		let rawBytes = 0;
+		async function* limitedCompressed() {
+			resetTimer();
+			try {
+				for await (const chunk of req) {
+					rawBytes += chunk.length;
+					if (rawBytes > upfrontLimit) {
+						req.destroy();
+						throw new HttpError(413, "Payload Too Large");
+					}
+					resetTimer();
+					yield chunk;
+				}
+			} finally {
+				clearTimer();
+			}
+		}
+		let stream$1 = limitedCompressed();
+		if (streamable) stream$1 = await uncompressBodyStream(encs, stream$1);
+		const chunks = [];
+		let inflatedBytes = 0;
+		try {
+			for await (const chunk of stream$1) {
+				inflatedBytes += chunk.length;
+				if (inflatedBytes > maxInflated) throw new HttpError(413, "Inflated body too large");
+				chunks.push(chunk);
+			}
+		} catch (error) {
+			if (error instanceof HttpError) throw error;
+			throw new HttpError(408, "Request body timeout");
+		}
+		let body = buffer.Buffer.concat(chunks);
+		if (!streamable && isZip) {
+			body = await uncompressBody(encs, body);
+			inflatedBytes = body.byteLength;
+			if (inflatedBytes > maxInflated) throw new HttpError(413, "Inflated body too large");
+		}
+		return body;
+	});
 	const reqId = (0, __wooksjs_event_core.useEventId)().getId;
 	const forwardedIp = () => init("forwardedIp", () => {
 		if (typeof req.headers[xForwardedFor] === "string" && req.headers[xForwardedFor]) return req.headers[xForwardedFor].split(",").shift()?.trim();
-else return "";
+		else return "";
 	});
 	const remoteIp = () => init("remoteIp", () => req.socket.remoteAddress || req.connection.remoteAddress || "");
 	function getIp(options) {
 		if (options?.trustProxy) return forwardedIp() || getIp();
-else return remoteIp();
+		else return remoteIp();
 	}
 	const getIpList = () => init("ipList", () => ({
 		remoteIp: req.socket.remoteAddress || req.connection.remoteAddress || "",
@@ -146,7 +543,14 @@ else return remoteIp();
 		rawBody,
 		reqId,
 		getIp,
-		getIpList
+		getIpList,
+		isCompressed,
+		getMaxCompressed,
+		setMaxCompressed,
+		getReadTimeoutMs,
+		setReadTimeoutMs,
+		getMaxInflated,
+		setMaxInflated
 	};
 }
@@ -306,7 +710,7 @@ function useAuthorization() {
 function renderCacheControl(data) {
 	let attrs = "";
 	for (const [a, v] of Object.entries(data)) {
-		if (v === undefined) continue;
+		if (v === void 0) continue;
 		const func = cacheControlFunc[a];
 		if (typeof func === "function") {
 			const val = func(v);
@@ -387,11 +791,15 @@ function useStatus() {
 //#region packages/event-http/src/utils/url-search-params.ts
 var WooksURLSearchParams = class extends url.URLSearchParams {
 	toJson() {
-		const json = {};
+		const json = Object.create(null);
 		for (const [key, value] of this.entries()) if (isArrayParam(key)) {
 			const a = json[key] = json[key] || [];
 			a.push(value);
-		} else json[key] = value;
+		} else {
+			if (key === "__proto__") throw new HttpError(400, `Illegal key name "${key}"`);
+			if (key in json) throw new HttpError(400, `Duplicate key "${key}"`);
+			json[key] = value;
+		}
 		return json;
 	}
 };
@@ -417,245 +825,6 @@ function useSearchParams() {
 	};
 }
-//#endregion
-//#region packages/event-http/src/response/renderer.ts
-var BaseHttpResponseRenderer = class {
-	render(response) {
-		if (typeof response.body === "string" || typeof response.body === "boolean" || typeof response.body === "number") {
-			if (!response.getContentType()) response.setContentType("text/plain");
-			return response.body.toString();
-		}
-		if (response.body === undefined) return "";
-		if (response.body instanceof Uint8Array) return response.body;
-		if (typeof response.body === "object") {
-			if (!response.getContentType()) response.setContentType("application/json");
-			return JSON.stringify(response.body);
-		}
-		throw new Error(`Unsupported body format "${typeof response.body}"`);
-	}
-};
-//#endregion
-//#region packages/event-http/src/utils/status-codes.ts
-const httpStatusCodes = {
-	100: "Continue",
-	101: "Switching protocols",
-	102: "Processing",
-	103: "Early Hints",
-	200: "OK",
-	201: "Created",
-	202: "Accepted",
-	203: "Non-Authoritative Information",
-	204: "No Content",
-	205: "Reset Content",
-	206: "Partial Content",
-	207: "Multi-Status",
-	208: "Already Reported",
-	226: "IM Used",
-	300: "Multiple Choices",
-	301: "Moved Permanently",
-	302: "Found (Previously \"Moved Temporarily\")",
-	303: "See Other",
-	304: "Not Modified",
-	305: "Use Proxy",
-	306: "Switch Proxy",
-	307: "Temporary Redirect",
-	308: "Permanent Redirect",
-	400: "Bad Request",
-	401: "Unauthorized",
-	402: "Payment Required",
-	403: "Forbidden",
-	404: "Not Found",
-	405: "Method Not Allowed",
-	406: "Not Acceptable",
-	407: "Proxy Authentication Required",
-	408: "Request Timeout",
-	409: "Conflict",
-	410: "Gone",
-	411: "Length Required",
-	412: "Precondition Failed",
-	413: "Payload Too Large",
-	414: "URI Too Long",
-	415: "Unsupported Media Type",
-	416: "Range Not Satisfiable",
-	417: "Expectation Failed",
-	418: "I'm a Teapot",
-	421: "Misdirected Request",
-	422: "Unprocessable Entity",
-	423: "Locked",
-	424: "Failed Dependency",
-	425: "Too Early",
-	426: "Upgrade Required",
-	428: "Precondition Required",
-	429: "Too Many Requests",
-	431: "Request Header Fields Too Large",
-	451: "Unavailable For Legal Reasons",
-	500: "Internal Server Error",
-	501: "Not Implemented",
-	502: "Bad Gateway",
-	503: "Service Unavailable",
-	504: "Gateway Timeout",
-	505: "HTTP Version Not Supported",
-	506: "Variant Also Negotiates",
-	507: "Insufficient Storage",
-	508: "Loop Detected",
-	510: "Not Extended",
-	511: "Network Authentication Required"
-};
-let EHttpStatusCode = function(EHttpStatusCode$1) {
-	EHttpStatusCode$1[EHttpStatusCode$1["Continue"] = 100] = "Continue";
-	EHttpStatusCode$1[EHttpStatusCode$1["SwitchingProtocols"] = 101] = "SwitchingProtocols";
-	EHttpStatusCode$1[EHttpStatusCode$1["Processing"] = 102] = "Processing";
-	EHttpStatusCode$1[EHttpStatusCode$1["EarlyHints"] = 103] = "EarlyHints";
-	EHttpStatusCode$1[EHttpStatusCode$1["OK"] = 200] = "OK";
-	EHttpStatusCode$1[EHttpStatusCode$1["Created"] = 201] = "Created";
-	EHttpStatusCode$1[EHttpStatusCode$1["Accepted"] = 202] = "Accepted";
-	EHttpStatusCode$1[EHttpStatusCode$1["NonAuthoritativeInformation"] = 203] = "NonAuthoritativeInformation";
-	EHttpStatusCode$1[EHttpStatusCode$1["NoContent"] = 204] = "NoContent";
-	EHttpStatusCode$1[EHttpStatusCode$1["ResetContent"] = 205] = "ResetContent";
-	EHttpStatusCode$1[EHttpStatusCode$1["PartialContent"] = 206] = "PartialContent";
-	EHttpStatusCode$1[EHttpStatusCode$1["MultiStatus"] = 207] = "MultiStatus";
-	EHttpStatusCode$1[EHttpStatusCode$1["AlreadyReported"] = 208] = "AlreadyReported";
-	EHttpStatusCode$1[EHttpStatusCode$1["IMUsed"] = 226] = "IMUsed";
-	EHttpStatusCode$1[EHttpStatusCode$1["MultipleChoices"] = 300] = "MultipleChoices";
-	EHttpStatusCode$1[EHttpStatusCode$1["MovedPermanently"] = 301] = "MovedPermanently";
-	EHttpStatusCode$1[EHttpStatusCode$1["Found"] = 302] = "Found";
-	EHttpStatusCode$1[EHttpStatusCode$1["SeeOther"] = 303] = "SeeOther";
-	EHttpStatusCode$1[EHttpStatusCode$1["NotModified"] = 304] = "NotModified";
-	EHttpStatusCode$1[EHttpStatusCode$1["UseProxy"] = 305] = "UseProxy";
-	EHttpStatusCode$1[EHttpStatusCode$1["SwitchProxy"] = 306] = "SwitchProxy";
-	EHttpStatusCode$1[EHttpStatusCode$1["TemporaryRedirect"] = 307] = "TemporaryRedirect";
-	EHttpStatusCode$1[EHttpStatusCode$1["PermanentRedirect"] = 308] = "PermanentRedirect";
-	EHttpStatusCode$1[EHttpStatusCode$1["BadRequest"] = 400] = "BadRequest";
-	EHttpStatusCode$1[EHttpStatusCode$1["Unauthorized"] = 401] = "Unauthorized";
-	EHttpStatusCode$1[EHttpStatusCode$1["PaymentRequired"] = 402] = "PaymentRequired";
-	EHttpStatusCode$1[EHttpStatusCode$1["Forbidden"] = 403] = "Forbidden";
-	EHttpStatusCode$1[EHttpStatusCode$1["NotFound"] = 404] = "NotFound";
-	EHttpStatusCode$1[EHttpStatusCode$1["MethodNotAllowed"] = 405] = "MethodNotAllowed";
-	EHttpStatusCode$1[EHttpStatusCode$1["NotAcceptable"] = 406] = "NotAcceptable";
-	EHttpStatusCode$1[EHttpStatusCode$1["ProxyAuthenticationRequired"] = 407] = "ProxyAuthenticationRequired";
-	EHttpStatusCode$1[EHttpStatusCode$1["RequestTimeout"] = 408] = "RequestTimeout";
-	EHttpStatusCode$1[EHttpStatusCode$1["Conflict"] = 409] = "Conflict";
-	EHttpStatusCode$1[EHttpStatusCode$1["Gone"] = 410] = "Gone";
-	EHttpStatusCode$1[EHttpStatusCode$1["LengthRequired"] = 411] = "LengthRequired";
-	EHttpStatusCode$1[EHttpStatusCode$1["PreconditionFailed"] = 412] = "PreconditionFailed";
-	EHttpStatusCode$1[EHttpStatusCode$1["PayloadTooLarge"] = 413] = "PayloadTooLarge";
-	EHttpStatusCode$1[EHttpStatusCode$1["URITooLong"] = 414] = "URITooLong";
-	EHttpStatusCode$1[EHttpStatusCode$1["UnsupportedMediaType"] = 415] = "UnsupportedMediaType";
-	EHttpStatusCode$1[EHttpStatusCode$1["RangeNotSatisfiable"] = 416] = "RangeNotSatisfiable";
-	EHttpStatusCode$1[EHttpStatusCode$1["ExpectationFailed"] = 417] = "ExpectationFailed";
-	EHttpStatusCode$1[EHttpStatusCode$1["ImATeapot"] = 418] = "ImATeapot";
-	EHttpStatusCode$1[EHttpStatusCode$1["MisdirectedRequest"] = 421] = "MisdirectedRequest";
-	EHttpStatusCode$1[EHttpStatusCode$1["UnprocessableEntity"] = 422] = "UnprocessableEntity";
-	EHttpStatusCode$1[EHttpStatusCode$1["Locked"] = 423] = "Locked";
-	EHttpStatusCode$1[EHttpStatusCode$1["FailedDependency"] = 424] = "FailedDependency";
-	EHttpStatusCode$1[EHttpStatusCode$1["TooEarly"] = 425] = "TooEarly";
-	EHttpStatusCode$1[EHttpStatusCode$1["UpgradeRequired"] = 426] = "UpgradeRequired";
-	EHttpStatusCode$1[EHttpStatusCode$1["PreconditionRequired"] = 428] = "PreconditionRequired";
-	EHttpStatusCode$1[EHttpStatusCode$1["TooManyRequests"] = 429] = "TooManyRequests";
-	EHttpStatusCode$1[EHttpStatusCode$1["RequestHeaderFieldsTooLarge"] = 431] = "RequestHeaderFieldsTooLarge";
-	EHttpStatusCode$1[EHttpStatusCode$1["UnavailableForLegalReasons"] = 451] = "UnavailableForLegalReasons";
-	EHttpStatusCode$1[EHttpStatusCode$1["InternalServerError"] = 500] = "InternalServerError";
-	EHttpStatusCode$1[EHttpStatusCode$1["NotImplemented"] = 501] = "NotImplemented";
-	EHttpStatusCode$1[EHttpStatusCode$1["BadGateway"] = 502] = "BadGateway";
-	EHttpStatusCode$1[EHttpStatusCode$1["ServiceUnavailable"] = 503] = "ServiceUnavailable";
-	EHttpStatusCode$1[EHttpStatusCode$1["GatewayTimeout"] = 504] = "GatewayTimeout";
-	EHttpStatusCode$1[EHttpStatusCode$1["HTTPVersionNotSupported"] = 505] = "HTTPVersionNotSupported";
-	EHttpStatusCode$1[EHttpStatusCode$1["VariantAlsoNegotiates"] = 506] = "VariantAlsoNegotiates";
-	EHttpStatusCode$1[EHttpStatusCode$1["InsufficientStorage"] = 507] = "InsufficientStorage";
-	EHttpStatusCode$1[EHttpStatusCode$1["LoopDetected"] = 508] = "LoopDetected";
-	EHttpStatusCode$1[EHttpStatusCode$1["NotExtended"] = 510] = "NotExtended";
-	EHttpStatusCode$1[EHttpStatusCode$1["NetworkAuthenticationRequired"] = 511] = "NetworkAuthenticationRequired";
-	return EHttpStatusCode$1;
-}({});
-//#endregion
-//#region packages/event-http/src/errors/error-renderer.ts
-const preStyles = "font-family: monospace;width: 100%;max-width: 900px;padding: 10px;margin: 20px auto;border-radius: 8px;background-color: #494949;box-shadow: 0px 0px 3px 2px rgb(255 255 255 / 20%);";
-var HttpErrorRenderer = class extends BaseHttpResponseRenderer {
-	renderHtml(response) {
-		const data = response.body || {};
-		response.setContentType("text/html");
-		const keys = Object.keys(data).filter((key) => ![
-			"statusCode",
-			"error",
-			"message"
-		].includes(key));
-		return "<html style=\"background-color: #333; color: #bbb;\">" + `<head><title>${data.statusCode} ${httpStatusCodes[data.statusCode]}</title></head>` + `<body><center><h1>${data.statusCode} ${httpStatusCodes[data.statusCode]}</h1></center>` + `<center><h4>${data.message}</h1></center><hr color="#666">` + `<center style="color: #666;"> Wooks v${"0.5.24"} </center>` + `${keys.length > 0 ? `<pre style="${preStyles}">${JSON.stringify({
-			...data,
-			statusCode: undefined,
-			message: undefined,
-			error: undefined
-		}, null, "  ")}</pre>` : ""}` + "</body></html>";
-	}
-	renderText(response) {
-		const data = response.body || {};
-		response.setContentType("text/plain");
-		const keys = Object.keys(data).filter((key) => ![
-			"statusCode",
-			"error",
-			"message"
-		].includes(key));
-		return `${data.statusCode} ${httpStatusCodes[data.statusCode]}\n${data.message}` + `\n\n${keys.length > 0 ? `${JSON.stringify({
-			...data,
-			statusCode: undefined,
-			message: undefined,
-			error: undefined
-		}, null, "  ")}` : ""}`;
-	}
-	renderJson(response) {
-		const data = response.body || {};
-		response.setContentType("application/json");
-		const keys = Object.keys(data).filter((key) => ![
-			"statusCode",
-			"error",
-			"message"
-		].includes(key));
-		return `{"statusCode":${escapeQuotes(data.statusCode)},` + `"error":"${escapeQuotes(data.error)}",` + `"message":"${escapeQuotes(data.message)}"` + `${keys.length > 0 ? `,${keys.map((k) => `"${escapeQuotes(k)}":${JSON.stringify(data[k])}`).join(",")}` : ""}}`;
-	}
-	render(response) {
-		const { acceptsJson, acceptsText, acceptsHtml } = useAccept();
-		response.status = response.body?.statusCode || 500;
-		if (acceptsJson()) return this.renderJson(response);
-else if (acceptsHtml()) return this.renderHtml(response);
-else if (acceptsText()) return this.renderText(response);
-else return this.renderJson(response);
-	}
-};
-function escapeQuotes(s) {
-	return (typeof s === "number" ? s : s || "").toString().replace(/"/gu, "\\\"");
-}
-//#endregion
-//#region packages/event-http/src/errors/http-error.ts
-var HttpError = class extends Error {
-	name = "HttpError";
-	constructor(code = 500, _body = "") {
-		super(typeof _body === "string" ? _body : _body.message);
-		this.code = code;
-		this._body = _body;
-	}
-	get body() {
-		return typeof this._body === "string" ? {
-			statusCode: this.code,
-			message: this.message,
-			error: httpStatusCodes[this.code]
-		} : {
-			...this._body,
-			statusCode: this.code,
-			message: this.message,
-			error: httpStatusCodes[this.code]
-		};
-	}
-	renderer;
-	attachRenderer(renderer) {
-		this.renderer = renderer;
-	}
-	getRenderer() {
-		return this.renderer;
-	}
-};
 //#endregion
 //#region packages/event-http/src/response/core.ts
 const defaultStatus = {
@@ -784,14 +953,14 @@ var BaseHttpResponse = class {
 				});
 				stream$1.on("close", () => {
 					stream$1.destroy();
-					resolve(undefined);
+					resolve(void 0);
 				});
 				stream$1.pipe(res);
 			});
 		} else if (globalThis.Response && this.body instanceof Response) {
 			this.mergeFetchStatus(this.body.status);
 			if (method === "HEAD") res.end();
-else {
+			else {
 				const additionalHeaders = {};
 				if (this.body.headers.get("content-length")) additionalHeaders["content-length"] = this.body.headers.get("content-length");
 				if (this.body.headers.get("content-type")) additionalHeaders["content-type"] = this.body.headers.get("content-type");
@@ -828,11 +997,11 @@ function createWooksResponder(renderer = new BaseHttpResponseRenderer(), errorRe
 			const r = new BaseHttpResponse(errorRenderer);
 			let httpError;
 			if (data instanceof HttpError) httpError = data;
-else httpError = new HttpError(500, data.message);
+			else httpError = new HttpError(500, data.message);
 			r.setBody(httpError.body);
 			return r;
 		} else if (data instanceof BaseHttpResponse) return data;
-else return new BaseHttpResponse(renderer).setBody(data);
+		else return new BaseHttpResponse(renderer).setBody(data);
 	}
 	return {
 		createResponse,
@@ -847,7 +1016,7 @@ var WooksHttp = class extends wooks.WooksAdapterBase {
 	constructor(opts, wooks$1) {
 		super(wooks$1, opts?.logger, opts?.router);
 		this.opts = opts;
-		this.logger = opts?.logger || this.getLogger(`${"\x1B[96m"}[wooks-http]`);
+		this.logger = opts?.logger || this.getLogger(`[96m[wooks-http]`);
 	}
 	all(path, handler) {
 		return this.on("*", path, handler);
@@ -885,7 +1054,7 @@ var WooksHttp = class extends wooks.WooksAdapterBase {
 				backlog,
 				listeningListener
 			];
-			const ui = args.indexOf(undefined);
+			const ui = args.indexOf(void 0);
 			if (ui >= 0) args = args.slice(0, ui);
 			server.listen(...args);
 		});
@@ -927,7 +1096,7 @@ var WooksHttp = class extends wooks.WooksAdapterBase {
 	}
 	responder = createWooksResponder();
 	respond(data) {
-		void this.responder.respond(data)?.catch((e) => {
+		this.responder.respond(data)?.catch((e) => {
 			this.logger.error("Uncaught response exception", e);
 		});
 	}
@@ -958,7 +1127,7 @@ var WooksHttp = class extends wooks.WooksAdapterBase {
 					this.respond(error);
 					return error;
 				}
-else {
+				else {
 					this.logger.debug(`404 Not found (${req.method})${req.url}`);
 					const error = new HttpError(404);
 					this.respond(error);
@@ -986,46 +1155,53 @@ else {
 		}
 	}
 };
+/**
+* Factory for WooksHttp App
+* @param opts TWooksHttpOptions
+* @param wooks Wooks | WooksAdapterBase
+* @returns WooksHttp
+*/
 function createHttpApp(opts, wooks$1) {
 	return new WooksHttp(opts, wooks$1);
 }
 //#endregion
-exports.BaseHttpResponse = BaseHttpResponse
-exports.BaseHttpResponseRenderer = BaseHttpResponseRenderer
-exports.EHttpStatusCode = EHttpStatusCode
-exports.HttpError = HttpError
-exports.HttpErrorRenderer = HttpErrorRenderer
-exports.WooksHttp = WooksHttp
-exports.WooksURLSearchParams = WooksURLSearchParams
-exports.createHttpApp = createHttpApp
-exports.createHttpContext = createHttpContext
-exports.createWooksResponder = createWooksResponder
-exports.httpStatusCodes = httpStatusCodes
-exports.renderCacheControl = renderCacheControl
-exports.useAccept = useAccept
-exports.useAuthorization = useAuthorization
-exports.useCookies = useCookies
+exports.BaseHttpResponse = BaseHttpResponse;
+exports.BaseHttpResponseRenderer = BaseHttpResponseRenderer;
+exports.DEFAULT_LIMITS = DEFAULT_LIMITS;
+exports.EHttpStatusCode = EHttpStatusCode;
+exports.HttpError = HttpError;
+exports.HttpErrorRenderer = HttpErrorRenderer;
+exports.WooksHttp = WooksHttp;
+exports.WooksURLSearchParams = WooksURLSearchParams;
+exports.createHttpApp = createHttpApp;
+exports.createHttpContext = createHttpContext;
+exports.createWooksResponder = createWooksResponder;
+exports.httpStatusCodes = httpStatusCodes;
+exports.renderCacheControl = renderCacheControl;
+exports.useAccept = useAccept;
+exports.useAuthorization = useAuthorization;
+exports.useCookies = useCookies;
 Object.defineProperty(exports, 'useEventLogger', {
   enumerable: true,
   get: function () {
     return __wooksjs_event_core.useEventLogger;
   }
 });
-exports.useHeaders = useHeaders
-exports.useHttpContext = useHttpContext
-exports.useRequest = useRequest
-exports.useResponse = useResponse
+exports.useHeaders = useHeaders;
+exports.useHttpContext = useHttpContext;
+exports.useRequest = useRequest;
+exports.useResponse = useResponse;
 Object.defineProperty(exports, 'useRouteParams', {
   enumerable: true,
   get: function () {
     return __wooksjs_event_core.useRouteParams;
   }
 });
-exports.useSearchParams = useSearchParams
-exports.useSetCacheControl = useSetCacheControl
-exports.useSetCookie = useSetCookie
-exports.useSetCookies = useSetCookies
-exports.useSetHeader = useSetHeader
-exports.useSetHeaders = useSetHeaders
-exports.useStatus = useStatus
+exports.useSearchParams = useSearchParams;
+exports.useSetCacheControl = useSetCacheControl;
+exports.useSetCookie = useSetCookie;
+exports.useSetCookies = useSetCookies;
+exports.useSetHeader = useSetHeader;
+exports.useSetHeaders = useSetHeaders;
+exports.useStatus = useStatus;