@wooksjs/event-http 0.6.1 → 0.6.3

package/dist/index.mjs

@@ -9,6 +9,7 @@ import { WooksAdapterBase } from "wooks";
 import { Readable as Readable$1 } from "stream";
 
 //#region packages/event-http/src/event-http.ts
+/** Creates an async event context for an incoming HTTP request/response pair. */
 function createHttpContext(data, options) {
 	return createAsyncEventContext({
 		event: {
@@ -34,7 +35,7 @@ function escapeRegex(s) {
 function safeDecode(f, v) {
 	try {
 		return f(v);
-	} catch (error) {
+	} catch {
 		return v;
 	}
 }
@@ -66,7 +67,12 @@ const units = {
 
 //#endregion
 //#region packages/event-http/src/utils/set-cookie.ts
+const COOKIE_NAME_RE = /^[\w!#$%&'*+\-.^`|~]+$/;
+function sanitizeCookieAttrValue(v) {
+	return v.replace(/[;\r\n]/g, "");
+}
 function renderCookie(key, data) {
+	if (!COOKIE_NAME_RE.test(key)) throw new TypeError(`Invalid cookie name "${key}"`);
 	let attrs = "";
 	for (const [a, v] of Object.entries(data.attrs)) {
 		const func = cookieAttrFunc[a];
@@ -80,8 +86,8 @@ function renderCookie(key, data) {
 const cookieAttrFunc = {
 	expires: (v) => `Expires=${typeof v === "string" || typeof v === "number" ? new Date(v).toUTCString() : v.toUTCString()}`,
 	maxAge: (v) => `Max-Age=${convertTime(v, "s").toString()}`,
-	domain: (v) => `Domain=${v}`,
-	path: (v) => `Path=${v}`,
+	domain: (v) => `Domain=${sanitizeCookieAttrValue(String(v))}`,
+	path: (v) => `Path=${sanitizeCookieAttrValue(String(v))}`,
 	secure: (v) => v ? "Secure" : "",
 	httpOnly: (v) => v ? "HttpOnly" : "",
 	sameSite: (v) => v ? `SameSite=${typeof v === "string" ? v : "Strict"}` : ""
@@ -102,7 +108,7 @@ function encodingSupportsStream(encodings) {
 }
 async function uncompressBody(encodings, compressed) {
 	let buf = compressed;
-	for (const enc of encodings.slice().reverse()) {
+	for (const enc of encodings.slice().toReversed()) {
 		const c = compressors[enc];
 		if (!c) throw new Error(`Unsupported compression type "${enc}".`);
 		buf = await c.uncompress(buf);
@@ -112,7 +118,7 @@ async function uncompressBody(encodings, compressed) {
 async function uncompressBodyStream(encodings, src) {
 	if (!encodingSupportsStream(encodings)) throw new Error("Some encodings lack a streaming decompressor");
 	let out = src;
-	for (const enc of Array.from(encodings).reverse()) out = await compressors[enc].stream.uncompress(out);
+	for (const enc of Array.from(encodings).toReversed()) out = await compressors[enc].stream.uncompress(out);
 	return out;
 }
 
@@ -315,24 +321,395 @@ let EHttpStatusCode = /* @__PURE__ */ function(EHttpStatusCode$1) {
 	return EHttpStatusCode$1;
 }({});
 
+//#endregion
+//#region packages/event-http/src/errors/403.tl.svg
+function _403_tl_default(ctx) {
+	return `<svg height="64" viewBox="0 4 100 96" fill="none" xmlns="http://www.w3.org/2000/svg" stroke="#888888" stroke-width="2">
+  <path d="M50 90.625C64.4042 87.1875 83.5751 69.8667 83.5751 48.6937V24.0854L50 9.375L16.425 24.0833V48.6937C16.425 69.8667 35.5959 87.1875 50 90.625Z" fill="#ff000050">
+    <animate attributeName="fill" dur="2s" repeatCount="indefinite"
+             values="#ff000000;#ff000050;#ff000000" />
+  </path>
+
+  <path d="M61.5395 46.0812H38.4604C37.1061 46.0812 36.0083 47.1791 36.0083 48.5333V65.075C36.0083 66.4292 37.1061 67.5271 38.4604 67.5271H61.5395C62.8938 67.5271 63.9916 66.4292 63.9916 65.075V48.5333C63.9916 47.1791 62.8938 46.0812 61.5395 46.0812Z" />
+
+  <path d="M41.7834 46.0834V39.6813C41.7834 37.5021 42.6491 35.4121 44.1901 33.8712C45.731 32.3303 47.8209 31.4646 50.0001 31.4646C52.1793 31.4646 54.2693 32.3303 55.8102 33.8712C57.3511 35.4121 58.2168 37.5021 58.2168 39.6813V46.0813" />
+</svg>
+`;
+}
+
+//#endregion
+//#region packages/event-http/src/errors/404.tl.svg
+function _404_tl_default(ctx) {
+	return `<svg height="64" viewBox="0 20 100 64" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <defs>
+    <path id="sheet" d="M86.5 36.5V47.5H97.5V92.5H52.5V36.5H86.5ZM63 68.5H87V67.5H63V68.5ZM63 63.5H87V62.5H63V63.5ZM63 58.5H87V57.5H63V58.5ZM96.793 46.5H87.5V37.207L96.793 46.5Z" fill="#88888833" stroke="#888888aa"/>
+  </defs>
+
+  <g id="queue" transform="translate(-5 -10)">
+    <use href="#sheet" opacity="0">
+      <animateTransform attributeName="transform" type="translate"
+                        dur="3s" repeatCount="indefinite"
+                        keyTimes="0;0.1;0.32;0.42;1"
+                        values="30 0; -20 0; -20 0; -70 0; -70 0" />
+      <animate attributeName="opacity"
+               dur="3s" repeatCount="indefinite"
+                        keyTimes="0;0.1;0.32;0.42;1"
+               values="0;1;1;0;0" />
+    </use>
+
+    <use href="#sheet" opacity="0">
+      <animateTransform attributeName="transform" type="translate"
+                        dur="3s" begin="1s" repeatCount="indefinite"
+                        keyTimes="0;0.1;0.32;0.42;1"
+                        values="30 0; -20 0; -20 0; -70 0; -70 0" />
+      <animate attributeName="opacity"
+               dur="3s" begin="1s" repeatCount="indefinite"
+                        keyTimes="0;0.1;0.32;0.42;1"
+               values="0;1;1;0;0" />
+    </use>
+
+    <use href="#sheet" opacity="0">
+      <animateTransform attributeName="transform" type="translate"
+                        dur="3s" begin="2s" repeatCount="indefinite"
+                        keyTimes="0;0.1;0.32;0.42;1"
+                        values="30 0; -20 0; -20 0; -70 0; -70 0" />
+      <animate attributeName="opacity"
+               dur="3s" begin="2s" repeatCount="indefinite"
+                        keyTimes="0;0.1;0.32;0.42;1"
+               values="0;1;1;0;0" />
+    </use>
+  </g>
+
+  <g>
+    <path d="M49.5 32.5C58.3366 32.5 65.5 39.6634 65.5 48.5C65.5 54.4781 62.222 59.6923 57.3584 62.4404C55.0386 63.7512 52.3591 64.5 49.5 64.5C40.6634 64.5 33.5 57.3366 33.5 48.5C33.5 39.6634 40.6634 32.5 49.5 32.5Z" fill="#ffffff50" stroke="#888888" stroke-width="3"/>
+
+    <path d="M62.7101 74.5691C63.117 75.2907 64.0318 75.5459 64.7534 75.139C65.4751 74.7321 65.7302 73.8173 65.3233 73.0957L62.7101 74.5691ZM58.05 63.25L56.7434 63.9867L62.7101 74.5691L64.0167 73.8324L65.3233 73.0957L59.3567 62.5133L58.05 63.25Z" fill="#888888"/>
+  </g>
+</svg>
+
+`;
+}
+
+//#endregion
+//#region packages/event-http/src/errors/500.tl.svg
+function _500_tl_default(ctx) {
+	return `<svg  height="64" viewBox="0 0 120 100" xmlns="http://www.w3.org/2000/svg">
+
+  <g id="server">
+
+<g fill="#88888888" stroke="#88888888" stroke-width="2" >
+<path d="M18 90C13.5817 90 10 86.4182 10 82V38C10 33.5817 13.5817 30 18 30H50.5L58 43L52.5 53L56 68.5L49.0098 89.97L61.2141 71.4358L58.363 54.315L64.7769 43.5511L58.2763 30.2943L104.243 32.0434C108.658 32.2114 112.101 35.9267 111.933 40.3418L110.26 84.31C110.092 88.725 106.377 92.168 101.962 92L49 90H18Z" />
+</g>
+    <circle cx="30" cy="60" r="6" fill="red">
+      <animate attributeName="fill" dur="0.8s"
+               values="red;#2d0000;red" repeatCount="indefinite"/>
+    </circle>
+
+  </g>
+
+  <g fill="lightgray" opacity="0.75">
+    <circle cx="50" cy="35" r="6">
+      <animate attributeName="cy" from="35" to="15" dur="2s"
+               repeatCount="indefinite"/>
+      <animate attributeName="opacity" values="0.75;0" dur="2s"
+               repeatCount="indefinite"/>
+    </circle>
+    <circle cx="60" cy="40" r="4">
+      <animate attributeName="cy" from="40" to="20" dur="2s"
+               begin="0.4s" repeatCount="indefinite"/>
+      <animate attributeName="opacity" values="0.75;0" dur="2s"
+               begin="0.4s" repeatCount="indefinite"/>
+    </circle>
+  </g>
+
+</svg>
+`;
+}
+
+//#endregion
+//#region packages/event-http/src/errors/error.tl.html
+function error_tl_default(ctx) {
+	const { statusCode, statusMessage, icon, message, details, link, image, version } = ctx;
+	return `<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>${statusCode} ${statusMessage}</title>
+    <style>
+      body {
+        font-family:
+          -apple-system, BlinkMacMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell,
+          'Open Sans', 'Helvetica Neue', sans-serif;
+        display: flex;
+        justify-content: center;
+        align-items: flex-start;
+        min-height: 100vh;
+        margin: 0;
+        padding: 0 20px;
+        box-sizing: border-box;
+        transition:
+          background-color 0.3s ease,
+          color 0.3s ease;
+      }
+
+      .error-container {
+        padding: 48px;
+        padding-bottom: 12px !important;
+        background-color: #ffffff;
+        border-radius: 0 0 12px 12px;
+        box-shadow: 0 8px 20px rgba(0, 0, 0, 0.08);
+        text-align: center;
+        max-width: 650px;
+        width: 100%;
+        transition:
+          background-color 0.3s ease,
+          border-color 0.3s ease,
+          box-shadow 0.3s ease;
+      }
+
+      .status-code {
+        font-size: 5rem;
+        font-weight: 900;
+        margin-bottom: 5px;
+        line-height: 1;
+        transition: color 0.3s ease;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        gap: 1rem;
+        position: relative;
+        margin-right: 24px;
+      }
+
+      .status-text {
+        font-size: 2.25rem;
+        font-weight: 700;
+        margin-bottom: 25px;
+        transition: color 0.3s ease;
+      }
+
+      .error-message {
+        font-size: 1.25rem;
+        margin-bottom: 40px;
+        line-height: 1.7;
+        transition: color 0.3s ease;
+      }
+
+      .json-details-container {
+        padding: 20px;
+        border-radius: 8px;
+        text-align: left;
+        overflow-x: auto;
+        font-family: 'SFMono-Regular', Consolas, 'Liberation Mono', Menlo, Courier, monospace;
+        font-size: 0.9rem;
+        border: 1px solid;
+        transition:
+          background-color 0.3s ease,
+          color 0.3s ease,
+          border-color 0.3s ease;
+      }
+
+      .json-details-container pre {
+        margin: 0;
+        white-space: pre-wrap;
+        word-break: break-all;
+      }
+
+      .json-details-container code {
+        display: block;
+      }
+
+      body {
+        background-color: #f8fafc;
+        color: #1f2937;
+      }
+      .error-container {
+        background-color: #ffffff;
+        box-shadow: 0 8px 20px rgba(0, 0, 0, 0.08);
+      }
+      .status-code {
+        color: #dc2626;
+      }
+      .status-text {
+        color: #1f2937;
+      }
+      .error-message {
+        color: #4b5563;
+      }
+      .json-details-container {
+        background-color: #f0f4f8;
+        color: #374151;
+        border-color: #d1d5db;
+      }
+      .json-details-container p {
+        color: #6b7280;
+      }
+
+      @media (prefers-color-scheme: dark) {
+        body {
+          background-color: #2d3748;
+          color: #e2e8f0;
+        }
+        .error-container {
+          background-color: #1a202c;
+          box-shadow: 0 8px 20px rgba(0, 0, 0, 0.4);
+        }
+        .status-code {
+          color: #f56565;
+        }
+        .status-text {
+          color: #cbd5e1;
+        }
+        .error-message {
+          color: #a0aec0;
+        }
+        .json-details-container {
+          background-color: #2d3748;
+          color: #e2e8f0;
+          border-color: #4a5568;
+        }
+        .json-details-container p {
+          color: #a0aec0;
+        }
+      }
+
+      .footer {
+        display: flex;
+        gap: 0.25rem;
+        font-size: 0.6em;
+        justify-content: flex-end;
+        align-items: center;
+        margin-top: 12px;
+        opacity: 0.5;
+        transition: 0.25s ease-in-out;
+      }
+
+      .footer img {
+        filter: grayscale(0.5);
+        transition: 0.25s ease-in-out;
+      }
+
+      .footer:hover {
+        opacity: 1;
+      }
+      .footer:hover img {
+        filter: grayscale(0);
+      }
+
+      @media (max-width: 768px) {
+        body {
+          padding: 15px;
+        }
+        .error-container {
+          padding: 32px;
+        }
+        .status-code {
+          font-size: 4rem;
+        }
+        .status-text {
+          font-size: 1.8rem;
+        }
+        .error-message {
+          font-size: 1.1rem;
+          margin-bottom: 30px;
+        }
+        .json-details-container {
+          font-size: 0.85rem;
+        }
+      }
+
+      @media (max-width: 480px) {
+        body {
+          padding: 10px;
+        }
+        .error-container {
+          padding: 24px;
+          border-radius: 8px;
+        }
+        .status-code {
+          font-size: 3rem;
+        }
+        .status-text {
+          font-size: 1.5rem;
+          margin-bottom: 20px;
+        }
+        .error-message {
+          font-size: 1rem;
+          margin-bottom: 25px;
+        }
+        .json-details-container {
+          padding: 15px;
+          font-size: 0.8rem;
+        }
+      }
+    </style>
+  </head>
+  <body>
+    <div class="error-container">
+      <div id="statusCode" class="status-code">${icon} ${statusCode}</div>
+
+      <div id="statusText" class="status-text">${statusMessage}</div>
+
+      <p id="errorMessage" class="error-message">${message}</p>
+
+      <!-- prettier-ignore -->
+      <div class="json-details-container"style="display: ${details ? "block" : "none"};">
+        <p class="text-sm">Technical Details:</p>
+        <pre><code id="jsonDetails">${details}</code></pre>
+      </div>
+      <div class="footer">
+        Powered by
+        <a href="${link}" target="_blank">
+          <img height="20" alt="%{poweredBy}" src="${image}" />
+        </a>
+        v${version}
+      </div>
+    </div>
+  </body>
+</html>
+`;
+}
+
 //#endregion
 //#region packages/event-http/src/errors/error-renderer.ts
-const preStyles = "font-family: monospace;width: 100%;max-width: 900px;padding: 10px;margin: 20px auto;border-radius: 8px;background-color: #494949;box-shadow: 0px 0px 3px 2px rgb(255 255 255 / 20%);";
+let framework = {
+	version: "0.6.2",
+	poweredBy: `wooksjs`,
+	link: `https://wooks.moost.org/`,
+	image: `https://wooks.moost.org/wooks-full-logo.png`
+};
+/** Renders HTTP error responses in HTML, JSON, or plain text based on the Accept header. */
 var HttpErrorRenderer = class extends BaseHttpResponseRenderer {
+	constructor(opts) {
+		super();
+		this.opts = opts;
+	}
+	icons = {
+		401: typeof _403_tl_default === "function" ? _403_tl_default({}) : "",
+		403: typeof _403_tl_default === "function" ? _403_tl_default({}) : "",
+		404: typeof _404_tl_default === "function" ? _404_tl_default({}) : "",
+		500: typeof _500_tl_default === "function" ? _500_tl_default({}) : ""
+	};
+	static registerFramework(opts) {
+		framework = opts;
+	}
 	renderHtml(response) {
 		const data = response.body || {};
 		response.setContentType("text/html");
-		const keys = Object.keys(data).filter((key) => ![
-			"statusCode",
-			"error",
-			"message"
-		].includes(key));
-		return `<html style="background-color: #333; color: #bbb;"><head><title>${data.statusCode} ${httpStatusCodes[data.statusCode]}</title></head><body><center><h1>${data.statusCode} ${httpStatusCodes[data.statusCode]}</h1></center><center><h4>${data.message}</h1></center><hr color="#666"><center style="color: #666;"> Wooks v0.6.0 </center>${keys.length > 0 ? `<pre style="${preStyles}">${JSON.stringify({
-			...data,
-			statusCode: void 0,
-			message: void 0,
-			error: void 0
-		}, null, "  ")}</pre>` : ""}</body></html>`;
+		const hasDetails = Object.keys(data).length > 3;
+		const icon = data.statusCode >= 500 ? this.icons[500] : this.icons[data.statusCode] || "";
+		return typeof error_tl_default === "function" ? error_tl_default({
+			icon,
+			statusCode: data.statusCode,
+			statusMessage: httpStatusCodes[data.statusCode],
+			message: data.message,
+			details: hasDetails ? JSON.stringify(data, null, "  ") : "",
+			version: (this.opts || framework).version,
+			poweredBy: (this.opts || framework).poweredBy,
+			link: (this.opts || framework).link,
+			image: (this.opts || framework).image
+		}) : JSON.stringify(data, null, "  ");
 	}
 	renderText(response) {
 		const data = response.body || {};
@@ -374,6 +751,7 @@ function escapeQuotes(s) {
 
 //#endregion
 //#region packages/event-http/src/errors/http-error.ts
+/** Represents an HTTP error with a status code and optional structured body. */
 var HttpError = class extends Error {
 	name = "HttpError";
 	constructor(code = 500, _body = "") {
@@ -405,15 +783,24 @@ var HttpError = class extends Error {
 //#endregion
 //#region packages/event-http/src/composables/request.ts
 const xForwardedFor = "x-forwarded-for";
+/** Default safety limits for request body reading (size, ratio, timeout). */
 const DEFAULT_LIMITS = {
 	maxCompressed: 1 * 1024 * 1024,
 	maxInflated: 10 * 1024 * 1024,
 	maxRatio: 100,
 	readTimeoutMs: 1e4
 };
+/**
+* Provides access to the incoming HTTP request (method, url, headers, body, IP).
+* @example
+* ```ts
+* const { method, url, rawBody, getIp } = useRequest()
+* const body = await rawBody()
+* ```
+*/
 function useRequest() {
 	const { store } = useHttpContext();
-	const { init, get, set } = store("request");
+	const { init } = store("request");
 	const event = store("event");
 	const req = event.get("req");
 	const contentEncoding = req.headers["content-encoding"];
@@ -427,18 +814,33 @@ function useRequest() {
 		].includes(p)) return true;
 		return false;
 	});
-	const getMaxCompressed = () => get("maxCompressed") ?? DEFAULT_LIMITS.maxCompressed;
-	const setMaxCompressed = (limit) => set("maxCompressed", limit);
-	const getReadTimeoutMs = () => get("readTimeoutMs") ?? DEFAULT_LIMITS.readTimeoutMs;
-	const setReadTimeoutMs = (limit) => set("readTimeoutMs", limit);
-	const getMaxInflated = () => get("maxInflated") ?? DEFAULT_LIMITS.maxInflated;
-	const setMaxInflated = (limit) => set("maxInflated", limit);
+	const limits = () => event.get("requestLimits");
+	const setLimit = (key, value) => {
+		let obj = limits();
+		if (!obj?.perRequest) {
+			obj = {
+				...obj,
+				perRequest: true
+			};
+			event.set("requestLimits", obj);
+		}
+		obj[key] = value;
+	};
+	const getMaxCompressed = () => limits()?.maxCompressed ?? DEFAULT_LIMITS.maxCompressed;
+	const setMaxCompressed = (limit) => setLimit("maxCompressed", limit);
+	const getMaxInflated = () => limits()?.maxInflated ?? DEFAULT_LIMITS.maxInflated;
+	const setMaxInflated = (limit) => setLimit("maxInflated", limit);
+	const getMaxRatio = () => limits()?.maxRatio ?? DEFAULT_LIMITS.maxRatio;
+	const setMaxRatio = (limit) => setLimit("maxRatio", limit);
+	const getReadTimeoutMs = () => limits()?.readTimeoutMs ?? DEFAULT_LIMITS.readTimeoutMs;
+	const setReadTimeoutMs = (limit) => setLimit("readTimeoutMs", limit);
 	const rawBody = () => init("rawBody", async () => {
 		const encs = contentEncodings();
 		const isZip = isCompressed();
 		const streamable = isZip && encodingSupportsStream(encs);
 		const maxCompressed = getMaxCompressed();
 		const maxInflated = getMaxInflated();
+		const maxRatio = getMaxRatio();
 		const timeoutMs = getReadTimeoutMs();
 		const cl = Number(req.headers["content-length"] ?? 0);
 		const upfrontLimit = isZip ? maxCompressed : maxInflated;
@@ -496,6 +898,7 @@ function useRequest() {
 			inflatedBytes = body.byteLength;
 			if (inflatedBytes > maxInflated) throw new HttpError(413, "Inflated body too large");
 		}
+		if (isZip && rawBytes > 0 && inflatedBytes / rawBytes > maxRatio) throw new HttpError(413, "Compression ratio too high");
 		return body;
 	});
 	const reqId = useEventId().getId;
@@ -527,15 +930,32 @@ function useRequest() {
 		getReadTimeoutMs,
 		setReadTimeoutMs,
 		getMaxInflated,
-		setMaxInflated
+		setMaxInflated,
+		getMaxRatio,
+		setMaxRatio
 	};
 }
 
 //#endregion
 //#region packages/event-http/src/composables/headers.ts
+/**
+* Returns the incoming request headers.
+* @example
+* ```ts
+* const { host, authorization } = useHeaders()
+* ```
+*/
 function useHeaders() {
 	return useRequest().headers;
 }
+/**
+* Provides methods to set, get, and remove outgoing response headers.
+* @example
+* ```ts
+* const { setHeader, setContentType, enableCors } = useSetHeaders()
+* setHeader('x-request-id', '123')
+* ```
+*/
 function useSetHeaders() {
 	const { store } = useHttpContext();
 	const setHeaderStore = store("setHeader");
@@ -557,6 +977,7 @@ function useSetHeaders() {
 		enableCors
 	};
 }
+/** Returns a hookable accessor for a single outgoing response header by name. */
 function useSetHeader(name) {
 	const { store } = useHttpContext();
 	const { hook } = store("setHeader");
@@ -565,6 +986,14 @@ function useSetHeader(name) {
 
 //#endregion
 //#region packages/event-http/src/composables/cookies.ts
+/**
+* Provides access to parsed request cookies.
+* @example
+* ```ts
+* const { getCookie, rawCookies } = useCookies()
+* const sessionId = getCookie('session_id')
+* ```
+*/
 function useCookies() {
 	const { store } = useHttpContext();
 	const { cookie } = useHeaders();
@@ -580,6 +1009,7 @@ function useCookies() {
 		getCookie
 	};
 }
+/** Provides methods to set, get, remove, and clear outgoing response cookies. */
 function useSetCookies() {
 	const { store } = useHttpContext();
 	const cookiesStore = store("setCookies");
@@ -600,6 +1030,7 @@ function useSetCookies() {
 		cookies
 	};
 }
+/** Returns a hookable accessor for a single outgoing cookie by name. */
 function useSetCookie(name) {
 	const { setCookie, getCookie } = useSetCookies();
 	const valueHook = attachHook({
@@ -621,6 +1052,7 @@ function useSetCookie(name) {
 
 //#endregion
 //#region packages/event-http/src/composables/header-accept.ts
+/** Provides helpers to check the request's Accept header for supported MIME types. */
 function useAccept() {
 	const { store } = useHttpContext();
 	const { accept } = useHeaders();
@@ -641,6 +1073,14 @@ function useAccept() {
 
 //#endregion
 //#region packages/event-http/src/composables/header-authorization.ts
+/**
+* Provides parsed access to the Authorization header (type, credentials, Basic decoding).
+* @example
+* ```ts
+* const { isBearer, authRawCredentials, basicCredentials } = useAuthorization()
+* if (isBearer()) { const token = authRawCredentials() }
+* ```
+*/
 function useAuthorization() {
 	const { store } = useHttpContext();
 	const { authorization } = useHeaders();
@@ -713,6 +1153,7 @@ const cacheControlFunc = {
 const renderAge = (v) => convertTime(v, "s").toString();
 const renderExpires = (v) => typeof v === "string" || typeof v === "number" ? new Date(v).toUTCString() : v.toUTCString();
 const renderPragmaNoCache = (v) => v ? "no-cache" : "";
+/** Provides helpers to set cache-related response headers (Cache-Control, Expires, Age, Pragma). */
 function useSetCacheControl() {
 	const { setHeader } = useSetHeaders();
 	const setAge = (value) => {
@@ -737,6 +1178,14 @@ function useSetCacheControl() {
 
 //#endregion
 //#region packages/event-http/src/composables/response.ts
+/**
+* Provides access to the raw HTTP response and status code management.
+* @example
+* ```ts
+* const { status, rawResponse, hasResponded } = useResponse()
+* status(200)
+* ```
+*/
 function useResponse() {
 	const { store } = useHttpContext();
 	const event = store("event");
@@ -759,6 +1208,7 @@ function useResponse() {
 		})
 	};
 }
+/** Returns a hookable accessor for the response status code. */
 function useStatus() {
 	const { store } = useHttpContext();
 	return store("status").hook("code");
@@ -766,6 +1216,11 @@ function useStatus() {
 
 //#endregion
 //#region packages/event-http/src/utils/url-search-params.ts
+const ILLEGAL_KEYS = new Set([
+	"__proto__",
+	"constructor",
+	"prototype"
+]);
 var WooksURLSearchParams = class extends URLSearchParams {
 	toJson() {
 		const json = Object.create(null);
@@ -773,7 +1228,7 @@ var WooksURLSearchParams = class extends URLSearchParams {
 			const a = json[key] = json[key] || [];
 			a.push(value);
 		} else {
-			if (key === "__proto__") throw new HttpError(400, `Illegal key name "${key}"`);
+			if (ILLEGAL_KEYS.has(key)) throw new HttpError(400, `Illegal key name "${key}"`);
 			if (key in json) throw new HttpError(400, `Duplicate key "${key}"`);
 			json[key] = value;
 		}
@@ -786,6 +1241,14 @@ function isArrayParam(name) {
 
 //#endregion
 //#region packages/event-http/src/composables/search-params.ts
+/**
+* Provides access to URL search (query) parameters from the request.
+* @example
+* ```ts
+* const { urlSearchParams, jsonSearchParams } = useSearchParams()
+* const page = urlSearchParams().get('page')
+* ```
+*/
 function useSearchParams() {
 	const { store } = useHttpContext();
 	const url = useRequest().url || "";
@@ -960,7 +1423,7 @@ var BaseHttpResponse = class {
 async function respondWithFetch(fetchBody, res) {
 	if (fetchBody) try {
 		for await (const chunk of fetchBody) res.write(chunk);
-	} catch (error) {}
+	} catch {}
 	res.end();
 }
 
@@ -988,6 +1451,7 @@ function createWooksResponder(renderer = new BaseHttpResponseRenderer(), errorRe
 
 //#endregion
 //#region packages/event-http/src/http-adapter.ts
+/** HTTP adapter for Wooks that provides route registration, server lifecycle, and request handling. */
 var WooksHttp = class extends WooksAdapterBase {
 	logger;
 	constructor(opts, wooks) {
@@ -995,27 +1459,35 @@ var WooksHttp = class extends WooksAdapterBase {
 		this.opts = opts;
 		this.logger = opts?.logger || this.getLogger(`[wooks-http]`);
 	}
+	/** Registers a handler for all HTTP methods on the given path. */
 	all(path, handler) {
 		return this.on("*", path, handler);
 	}
+	/** Registers a GET route handler. */
 	get(path, handler) {
 		return this.on("GET", path, handler);
 	}
+	/** Registers a POST route handler. */
 	post(path, handler) {
 		return this.on("POST", path, handler);
 	}
+	/** Registers a PUT route handler. */
 	put(path, handler) {
 		return this.on("PUT", path, handler);
 	}
+	/** Registers a PATCH route handler. */
 	patch(path, handler) {
 		return this.on("PATCH", path, handler);
 	}
+	/** Registers a DELETE route handler. */
 	delete(path, handler) {
 		return this.on("DELETE", path, handler);
 	}
+	/** Registers a HEAD route handler. */
 	head(path, handler) {
 		return this.on("HEAD", path, handler);
 	}
+	/** Registers an OPTIONS route handler. */
 	options(path, handler) {
 		return this.on("OPTIONS", path, handler);
 	}
@@ -1073,8 +1545,8 @@ var WooksHttp = class extends WooksAdapterBase {
 	}
 	responder = createWooksResponder();
 	respond(data) {
-		this.responder.respond(data)?.catch((e) => {
-			this.logger.error("Uncaught response exception", e);
+		this.responder.respond(data)?.catch((error) => {
+			this.logger.error("Uncaught response exception", error);
 		});
 	}
 	/**
@@ -1093,7 +1565,8 @@ var WooksHttp = class extends WooksAdapterBase {
 		return (req, res) => {
 			const runInContext = createHttpContext({
 				req,
-				res
+				res,
+				requestLimits: this.opts?.requestLimits
 			}, this.mergeEventOptions(this.opts?.eventOptions));
 			runInContext(async () => {
 				const { handlers } = this.wooks.lookup(req.method, req.url);
@@ -1133,10 +1606,13 @@ var WooksHttp = class extends WooksAdapterBase {
 	}
 };
 /**
-* Factory for WooksHttp App
-* @param opts TWooksHttpOptions
-* @param wooks Wooks | WooksAdapterBase
-* @returns WooksHttp
+* Creates a new WooksHttp application instance.
+* @example
+* ```ts
+* const app = createHttpApp()
+* app.get('/hello', () => 'Hello World!')
+* app.listen(3000)
+* ```
 */
 function createHttpApp(opts, wooks) {
 	return new WooksHttp(opts, wooks);