alepha 0.21.2 → 0.23.0

package/dist/server/cookies/index.browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.browser.js","names":[],"sources":["../../../src/server/cookies/services/CookieParser.ts","../../../src/server/cookies/primitives/$cookie.browser.ts","../../../src/server/cookies/index.browser.ts"],"sourcesContent":["import type { Cookie } from \"../primitives/$cookie.ts\";\n\nexport class CookieParser {\n  public parseRequestCookies(header: string): Record<string, string> {\n    const cookies: Record<string, string> = {};\n    const parts = header.split(\";\");\n    for (const part of parts) {\n      const eqIndex = part.indexOf(\"=\");\n      if (eqIndex === -1) {\n        continue;\n      }\n\n      const key = part.slice(0, eqIndex).trim();\n      const value = part.slice(eqIndex + 1).trim();\n\n      if (!key || !value) {\n        continue;\n      }\n\n      cookies[key] = value;\n    }\n\n    return cookies;\n  }\n\n  public serializeResponseCookies(\n    cookies: Record<string, Cookie | null>,\n    isHttps: boolean,\n  ): string[] {\n    const headers = [];\n\n    for (const [name, cookie] of Object.entries(cookies)) {\n      // If the cookie is null, we need to delete it\n      if (cookie == null) {\n        headers.push(`${name}=; Path=/; Max-Age=0`);\n        continue;\n      }\n\n      if (!cookie.value) {\n        continue;\n      }\n\n      headers.push(this.cookieToString(name, cookie, isHttps));\n    }\n\n    return headers;\n  }\n\n  public cookieToString(\n    name: string,\n    cookie: Cookie,\n    isHttps?: boolean,\n  ): string {\n    const parts: string[] = [];\n\n    parts.push(`${name}=${cookie.value}`);\n\n    if (cookie.path) {\n      parts.push(`Path=${cookie.path}`);\n    }\n    if (cookie.maxAge) {\n      parts.push(`Max-Age=${cookie.maxAge}`);\n    }\n    if (cookie.secure !== false && isHttps) {\n      parts.push(\"Secure\");\n    }\n    if (cookie.httpOnly) {\n      parts.push(\"HttpOnly\");\n    }\n    if (cookie.sameSite) {\n      parts.push(`SameSite=${cookie.sameSite}`);\n    }\n    if (cookie.domain) {\n      parts.push(`Domain=${cookie.domain}`);\n    }\n\n    return parts.join(\"; \");\n  }\n}\n","import {\n  $inject,\n  Alepha,\n  AlephaError,\n  createPrimitive,\n  KIND,\n  Primitive,\n  type Static,\n  type TSchema,\n} from \"alepha\";\nimport { DateTimeProvider } from \"alepha/datetime\";\nimport { CookieParser } from \"../services/CookieParser.ts\";\nimport type {\n  AbstractCookiePrimitive,\n  Cookie,\n  CookiePrimitiveOptions,\n  Cookies,\n} from \"./$cookie.ts\";\n\n/**\n * Creates a browser-side cookie primitive for client-side cookie management.\n *\n * Browser-specific version of $cookie that uses document.cookie API. Supports type-safe\n * cookie operations with schema validation but excludes encryption/signing (use server-side\n * $cookie for secure operations).\n *\n * **Note**: This is the browser version - encryption, signing, and compression are not supported.\n *\n * @example\n * ```ts\n * class ClientCookies {\n *   preferences = $cookie({\n *     name: \"user-prefs\",\n *     schema: t.object({ theme: t.text(), language: t.text() }),\n *     ttl: [30, \"days\"]\n *   });\n *\n *   savePreferences() {\n *     this.preferences.set({ theme: \"dark\", language: \"en\" });\n *   }\n *\n *   getPreferences() {\n *     return this.preferences.get() ?? { theme: \"light\", language: \"en\" };\n *   }\n * }\n * ```\n */\nexport const $cookie = <T extends TSchema>(\n  options: CookiePrimitiveOptions<T>,\n  extendedOptions?: Omit<CookiePrimitiveOptions<T>, \"schema\">,\n): AbstractCookiePrimitive<T> => {\n  if (extendedOptions) {\n    options = {\n      key: options.key,\n      schema: options.schema,\n      ...extendedOptions,\n    };\n  }\n  return createPrimitive(BrowserCookiePrimitive<T>, options);\n};\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport class BrowserCookiePrimitive<T extends TSchema>\n  extends Primitive<CookiePrimitiveOptions<T>>\n  implements AbstractCookiePrimitive<T>\n{\n  protected cookieParser = $inject(CookieParser);\n  protected alepha = $inject(Alepha);\n  protected dateTimeProvider = $inject(DateTimeProvider);\n  protected cookie?: Cookie;\n\n  protected onInit() {\n    if (this.options.key) {\n      this.alepha.events.on(\"state:mutate\", ({ key, value }) => {\n        if (key === this.options.key) {\n          this.set(value);\n        }\n      });\n      this.alepha.events.on(\"configure\", () => {\n        try {\n          const value = this.get();\n          if (value !== undefined) {\n            this.alepha.set(this.options.key as any, value);\n          }\n        } catch {}\n      });\n    }\n  }\n\n  public get schema(): T {\n    return this.options.schema;\n  }\n\n  public get name(): string {\n    return this.options.name ?? `${this.config.propertyKey}`;\n  }\n\n  public set(data: Static<T>): void {\n    const value = JSON.stringify(this.alepha.codec.decode(this.schema, data));\n    const options = this.options;\n\n    if (options.compress) {\n      throw new AlephaError(\"Compression is not supported in browser cookies.\");\n    }\n\n    if (options.encrypt) {\n      throw new AlephaError(\"Encryption is not supported in browser cookies.\");\n    }\n\n    if (options.sign) {\n      throw new AlephaError(\"Signing is not supported in browser cookies.\");\n    }\n\n    const cookie: Cookie = {\n      value: encodeURIComponent(value),\n      path: options.path ?? \"/\",\n      sameSite: options.sameSite ?? \"lax\",\n      secure: false,\n      httpOnly: false,\n      domain: options.domain,\n    };\n\n    if (options.ttl) {\n      cookie.maxAge = this.dateTimeProvider.duration(options.ttl).as(\"seconds\");\n    }\n\n    // biome-ignore lint/suspicious/noDocumentCookie: ...\n    document.cookie = this.cookieParser.cookieToString(this.name, cookie);\n  }\n\n  public get(options?: { cookies?: Cookies }): Static<T> | undefined {\n    const cookie = this.cookieParser.parseRequestCookies(document.cookie)[\n      this.name\n    ];\n    if (!cookie) {\n      return undefined;\n    }\n\n    const rawValue = decodeURIComponent(cookie);\n\n    if (this.options.compress) {\n      throw new AlephaError(\"Compression is not supported in browser cookies.\");\n    }\n\n    if (this.options.encrypt) {\n      throw new AlephaError(\"Encryption is not supported in browser cookies.\");\n    }\n\n    if (this.options.sign) {\n      throw new AlephaError(\"Signing is not supported in browser cookies.\");\n    }\n\n    return this.alepha.codec.decode(this.schema, JSON.parse(rawValue));\n  }\n\n  public del(): void {\n    const options = this.options;\n    const cookie: Cookie = {\n      value: \"\",\n      path: options.path ?? \"/\",\n      sameSite: options.sameSite ?? \"lax\",\n      secure: false,\n      httpOnly: false,\n      domain: options.domain,\n      maxAge: 0, // Set maxAge to 0 to delete the cookie\n    };\n\n    // biome-ignore lint/suspicious/noDocumentCookie: ...\n    document.cookie = this.cookieParser.cookieToString(this.name, cookie);\n  }\n}\n\n$cookie[KIND] = BrowserCookiePrimitive;\n","import { $module } from \"alepha\";\nimport { AlephaServer } from \"alepha/server\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./primitives/$cookie.browser.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport const AlephaServerCookies = $module({\n  name: \"alepha.server.cookies\",\n  primitives: [],\n  services: [AlephaServer],\n});\n"],"mappings":";;;;AAEA,IAAa,eAAb,MAA0B;CACxB,oBAA2B,QAAwC;EACjE,MAAM,UAAkC,EAAE;EAC1C,MAAM,QAAQ,OAAO,MAAM,IAAI;EAC/B,KAAK,MAAM,QAAQ,OAAO;GACxB,MAAM,UAAU,KAAK,QAAQ,IAAI;GACjC,IAAI,YAAY,IACd;GAGF,MAAM,MAAM,KAAK,MAAM,GAAG,QAAQ,CAAC,MAAM;GACzC,MAAM,QAAQ,KAAK,MAAM,UAAU,EAAE,CAAC,MAAM;GAE5C,IAAI,CAAC,OAAO,CAAC,OACX;GAGF,QAAQ,OAAO;;EAGjB,OAAO;;CAGT,yBACE,SACA,SACU;EACV,MAAM,UAAU,EAAE;EAElB,KAAK,MAAM,CAAC,MAAM,WAAW,OAAO,QAAQ,QAAQ,EAAE;GAEpD,IAAI,UAAU,MAAM;IAClB,QAAQ,KAAK,GAAG,KAAK,sBAAsB;IAC3C;;GAGF,IAAI,CAAC,OAAO,OACV;GAGF,QAAQ,KAAK,KAAK,eAAe,MAAM,QAAQ,QAAQ,CAAC;;EAG1D,OAAO;;CAGT,eACE,MACA,QACA,SACQ;EACR,MAAM,QAAkB,EAAE;EAE1B,MAAM,KAAK,GAAG,KAAK,GAAG,OAAO,QAAQ;EAErC,IAAI,OAAO,MACT,MAAM,KAAK,QAAQ,OAAO,OAAO;EAEnC,IAAI,OAAO,QACT,MAAM,KAAK,WAAW,OAAO,SAAS;EAExC,IAAI,OAAO,WAAW,SAAS,SAC7B,MAAM,KAAK,SAAS;EAEtB,IAAI,OAAO,UACT,MAAM,KAAK,WAAW;EAExB,IAAI,OAAO,UACT,MAAM,KAAK,YAAY,OAAO,WAAW;EAE3C,IAAI,OAAO,QACT,MAAM,KAAK,UAAU,OAAO,SAAS;EAGvC,OAAO,MAAM,KAAK,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AC7B3B,MAAa,WACX,SACA,oBAC+B;CAC/B,IAAI,iBACF,UAAU;EACR,KAAK,QAAQ;EACb,QAAQ,QAAQ;EAChB,GAAG;EACJ;CAEH,OAAO,gBAAgB,wBAA2B,QAAQ;;AAK5D,IAAa,yBAAb,cACU,UAEV;CACE,eAAyB,QAAQ,aAAa;CAC9C,SAAmB,QAAQ,OAAO;CAClC,mBAA6B,QAAQ,iBAAiB;CACtD;CAEA,SAAmB;EACjB,IAAI,KAAK,QAAQ,KAAK;GACpB,KAAK,OAAO,OAAO,GAAG,iBAAiB,EAAE,KAAK,YAAY;IACxD,IAAI,QAAQ,KAAK,QAAQ,KACvB,KAAK,IAAI,MAAM;KAEjB;GACF,KAAK,OAAO,OAAO,GAAG,mBAAmB;IACvC,IAAI;KACF,MAAM,QAAQ,KAAK,KAAK;KACxB,IAAI,UAAU,KAAA,GACZ,KAAK,OAAO,IAAI,KAAK,QAAQ,KAAY,MAAM;YAE3C;KACR;;;CAIN,IAAW,SAAY;EACrB,OAAO,KAAK,QAAQ;;CAGtB,IAAW,OAAe;EACxB,OAAO,KAAK,QAAQ,QAAQ,GAAG,KAAK,OAAO;;CAG7C,IAAW,MAAuB;EAChC,MAAM,QAAQ,KAAK,UAAU,KAAK,OAAO,MAAM,OAAO,KAAK,QAAQ,KAAK,CAAC;EACzE,MAAM,UAAU,KAAK;EAErB,IAAI,QAAQ,UACV,MAAM,IAAI,YAAY,mDAAmD;EAG3E,IAAI,QAAQ,SACV,MAAM,IAAI,YAAY,kDAAkD;EAG1E,IAAI,QAAQ,MACV,MAAM,IAAI,YAAY,+CAA+C;EAGvE,MAAM,SAAiB;GACrB,OAAO,mBAAmB,MAAM;GAChC,MAAM,QAAQ,QAAQ;GACtB,UAAU,QAAQ,YAAY;GAC9B,QAAQ;GACR,UAAU;GACV,QAAQ,QAAQ;GACjB;EAED,IAAI,QAAQ,KACV,OAAO,SAAS,KAAK,iBAAiB,SAAS,QAAQ,IAAI,CAAC,GAAG,UAAU;EAI3E,SAAS,SAAS,KAAK,aAAa,eAAe,KAAK,MAAM,OAAO;;CAGvE,IAAW,SAAwD;EACjE,MAAM,SAAS,KAAK,aAAa,oBAAoB,SAAS,OAAO,CACnE,KAAK;EAEP,IAAI,CAAC,QACH;EAGF,MAAM,WAAW,mBAAmB,OAAO;EAE3C,IAAI,KAAK,QAAQ,UACf,MAAM,IAAI,YAAY,mDAAmD;EAG3E,IAAI,KAAK,QAAQ,SACf,MAAM,IAAI,YAAY,kDAAkD;EAG1E,IAAI,KAAK,QAAQ,MACf,MAAM,IAAI,YAAY,+CAA+C;EAGvE,OAAO,KAAK,OAAO,MAAM,OAAO,KAAK,QAAQ,KAAK,MAAM,SAAS,CAAC;;CAGpE,MAAmB;EACjB,MAAM,UAAU,KAAK;EACrB,MAAM,SAAiB;GACrB,OAAO;GACP,MAAM,QAAQ,QAAQ;GACtB,UAAU,QAAQ,YAAY;GAC9B,QAAQ;GACR,UAAU;GACV,QAAQ,QAAQ;GAChB,QAAQ;GACT;EAGD,SAAS,SAAS,KAAK,aAAa,eAAe,KAAK,MAAM,OAAO;;;AAIzE,QAAQ,QAAQ;;;ACpKhB,MAAa,sBAAsB,QAAQ;CACzC,MAAM;CACN,YAAY,EAAE;CACd,UAAU,CAAC,aAAa;CACzB,CAAC"}
+{"version":3,"file":"index.browser.js","names":[],"sources":["../../../src/server/cookies/services/CookieParser.ts","../../../src/server/cookies/primitives/$cookie.browser.ts","../../../src/server/cookies/index.browser.ts"],"sourcesContent":["import type { Cookie } from \"../primitives/$cookie.ts\";\n\nexport class CookieParser {\n  public parseRequestCookies(header: string): Record<string, string> {\n    const cookies: Record<string, string> = {};\n    const parts = header.split(\";\");\n    for (const part of parts) {\n      const eqIndex = part.indexOf(\"=\");\n      if (eqIndex === -1) {\n        continue;\n      }\n\n      const key = part.slice(0, eqIndex).trim();\n      const value = part.slice(eqIndex + 1).trim();\n\n      if (!key || !value) {\n        continue;\n      }\n\n      cookies[key] = value;\n    }\n\n    return cookies;\n  }\n\n  public serializeResponseCookies(\n    cookies: Record<string, Cookie | null>,\n    isHttps: boolean,\n  ): string[] {\n    const headers = [];\n\n    for (const [name, cookie] of Object.entries(cookies)) {\n      // If the cookie is null, we need to delete it\n      if (cookie == null) {\n        headers.push(`${name}=; Path=/; Max-Age=0`);\n        continue;\n      }\n\n      if (!cookie.value) {\n        continue;\n      }\n\n      headers.push(this.cookieToString(name, cookie, isHttps));\n    }\n\n    return headers;\n  }\n\n  public cookieToString(\n    name: string,\n    cookie: Cookie,\n    isHttps?: boolean,\n  ): string {\n    const parts: string[] = [];\n\n    parts.push(`${name}=${cookie.value}`);\n\n    if (cookie.path) {\n      parts.push(`Path=${cookie.path}`);\n    }\n    if (cookie.maxAge) {\n      parts.push(`Max-Age=${cookie.maxAge}`);\n    }\n    if (cookie.secure !== false && isHttps) {\n      parts.push(\"Secure\");\n    }\n    if (cookie.httpOnly) {\n      parts.push(\"HttpOnly\");\n    }\n    if (cookie.sameSite) {\n      parts.push(`SameSite=${cookie.sameSite}`);\n    }\n    if (cookie.domain) {\n      parts.push(`Domain=${cookie.domain}`);\n    }\n\n    return parts.join(\"; \");\n  }\n}\n","import {\n  $inject,\n  Alepha,\n  AlephaError,\n  createPrimitive,\n  KIND,\n  Primitive,\n  type Static,\n  type TSchema,\n} from \"alepha\";\nimport { DateTimeProvider } from \"alepha/datetime\";\nimport { CookieParser } from \"../services/CookieParser.ts\";\nimport type {\n  AbstractCookiePrimitive,\n  Cookie,\n  CookiePrimitiveOptions,\n  Cookies,\n} from \"./$cookie.ts\";\n\n/**\n * Creates a browser-side cookie primitive for client-side cookie management.\n *\n * Browser-specific version of $cookie that uses document.cookie API. Supports type-safe\n * cookie operations with schema validation but excludes encryption/signing (use server-side\n * $cookie for secure operations).\n *\n * **Note**: This is the browser version - encryption, signing, and compression are not supported.\n *\n * @example\n * ```ts\n * class ClientCookies {\n *   preferences = $cookie({\n *     name: \"user-prefs\",\n *     schema: t.object({ theme: t.text(), language: t.text() }),\n *     ttl: [30, \"days\"]\n *   });\n *\n *   savePreferences() {\n *     this.preferences.set({ theme: \"dark\", language: \"en\" });\n *   }\n *\n *   getPreferences() {\n *     return this.preferences.get() ?? { theme: \"light\", language: \"en\" };\n *   }\n * }\n * ```\n */\nexport const $cookie = <T extends TSchema>(\n  options: CookiePrimitiveOptions<T>,\n  extendedOptions?: Omit<CookiePrimitiveOptions<T>, \"schema\">,\n): AbstractCookiePrimitive<T> => {\n  if (extendedOptions) {\n    options = {\n      key: options.key,\n      schema: options.schema,\n      ...extendedOptions,\n    };\n  }\n  return createPrimitive(BrowserCookiePrimitive<T>, options);\n};\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport class BrowserCookiePrimitive<T extends TSchema>\n  extends Primitive<CookiePrimitiveOptions<T>>\n  implements AbstractCookiePrimitive<T>\n{\n  protected cookieParser = $inject(CookieParser);\n  protected alepha = $inject(Alepha);\n  protected dateTimeProvider = $inject(DateTimeProvider);\n  protected cookie?: Cookie;\n\n  protected onInit() {\n    if (this.options.key) {\n      this.alepha.events.on(\"state:mutate\", ({ key, value }) => {\n        if (key === this.options.key) {\n          this.set(value);\n        }\n      });\n      this.alepha.events.on(\"configure\", () => {\n        try {\n          const value = this.get();\n          if (value !== undefined) {\n            this.alepha.set(this.options.key as any, value);\n          }\n        } catch {}\n      });\n    }\n  }\n\n  public get schema(): T {\n    return this.options.schema;\n  }\n\n  public get name(): string {\n    return this.options.name ?? `${this.config.propertyKey}`;\n  }\n\n  public set(data: Static<T>): void {\n    const value = JSON.stringify(this.alepha.codec.decode(this.schema, data));\n    const options = this.options;\n\n    if (options.compress) {\n      throw new AlephaError(\"Compression is not supported in browser cookies.\");\n    }\n\n    if (options.encrypt) {\n      throw new AlephaError(\"Encryption is not supported in browser cookies.\");\n    }\n\n    if (options.sign) {\n      throw new AlephaError(\"Signing is not supported in browser cookies.\");\n    }\n\n    const cookie: Cookie = {\n      value: encodeURIComponent(value),\n      path: options.path ?? \"/\",\n      sameSite: options.sameSite ?? \"lax\",\n      secure: false,\n      httpOnly: false,\n      domain: options.domain,\n    };\n\n    if (options.ttl) {\n      cookie.maxAge = this.dateTimeProvider.duration(options.ttl).as(\"seconds\");\n    }\n\n    // biome-ignore lint/suspicious/noDocumentCookie: ...\n    document.cookie = this.cookieParser.cookieToString(this.name, cookie);\n  }\n\n  public get(options?: { cookies?: Cookies }): Static<T> | undefined {\n    const cookie = this.cookieParser.parseRequestCookies(document.cookie)[\n      this.name\n    ];\n    if (!cookie) {\n      return undefined;\n    }\n\n    const rawValue = decodeURIComponent(cookie);\n\n    if (this.options.compress) {\n      throw new AlephaError(\"Compression is not supported in browser cookies.\");\n    }\n\n    if (this.options.encrypt) {\n      throw new AlephaError(\"Encryption is not supported in browser cookies.\");\n    }\n\n    if (this.options.sign) {\n      throw new AlephaError(\"Signing is not supported in browser cookies.\");\n    }\n\n    return this.alepha.codec.decode(this.schema, JSON.parse(rawValue));\n  }\n\n  public del(): void {\n    const options = this.options;\n    const cookie: Cookie = {\n      value: \"\",\n      path: options.path ?? \"/\",\n      sameSite: options.sameSite ?? \"lax\",\n      secure: false,\n      httpOnly: false,\n      domain: options.domain,\n      maxAge: 0, // Set maxAge to 0 to delete the cookie\n    };\n\n    // biome-ignore lint/suspicious/noDocumentCookie: ...\n    document.cookie = this.cookieParser.cookieToString(this.name, cookie);\n  }\n}\n\n$cookie[KIND] = BrowserCookiePrimitive;\n","import { $module } from \"alepha\";\nimport { AlephaServer } from \"alepha/server\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./primitives/$cookie.browser.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport const AlephaServerCookies = $module({\n  name: \"alepha.server.cookies\",\n  primitives: [],\n  services: [AlephaServer],\n});\n"],"mappings":";;;;AAEA,IAAa,eAAb,MAA0B;CACxB,oBAA2B,QAAwC;EACjE,MAAM,UAAkC,CAAC;EACzC,MAAM,QAAQ,OAAO,MAAM,GAAG;EAC9B,KAAK,MAAM,QAAQ,OAAO;GACxB,MAAM,UAAU,KAAK,QAAQ,GAAG;GAChC,IAAI,YAAY,IACd;GAGF,MAAM,MAAM,KAAK,MAAM,GAAG,OAAO,EAAE,KAAK;GACxC,MAAM,QAAQ,KAAK,MAAM,UAAU,CAAC,EAAE,KAAK;GAE3C,IAAI,CAAC,OAAO,CAAC,OACX;GAGF,QAAQ,OAAO;EACjB;EAEA,OAAO;CACT;CAEA,yBACE,SACA,SACU;EACV,MAAM,UAAU,CAAC;EAEjB,KAAK,MAAM,CAAC,MAAM,WAAW,OAAO,QAAQ,OAAO,GAAG;GAEpD,IAAI,UAAU,MAAM;IAClB,QAAQ,KAAK,GAAG,KAAK,qBAAqB;IAC1C;GACF;GAEA,IAAI,CAAC,OAAO,OACV;GAGF,QAAQ,KAAK,KAAK,eAAe,MAAM,QAAQ,OAAO,CAAC;EACzD;EAEA,OAAO;CACT;CAEA,eACE,MACA,QACA,SACQ;EACR,MAAM,QAAkB,CAAC;EAEzB,MAAM,KAAK,GAAG,KAAK,GAAG,OAAO,OAAO;EAEpC,IAAI,OAAO,MACT,MAAM,KAAK,QAAQ,OAAO,MAAM;EAElC,IAAI,OAAO,QACT,MAAM,KAAK,WAAW,OAAO,QAAQ;EAEvC,IAAI,OAAO,WAAW,SAAS,SAC7B,MAAM,KAAK,QAAQ;EAErB,IAAI,OAAO,UACT,MAAM,KAAK,UAAU;EAEvB,IAAI,OAAO,UACT,MAAM,KAAK,YAAY,OAAO,UAAU;EAE1C,IAAI,OAAO,QACT,MAAM,KAAK,UAAU,OAAO,QAAQ;EAGtC,OAAO,MAAM,KAAK,IAAI;CACxB;AACF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AC/BA,MAAa,WACX,SACA,oBAC+B;CAC/B,IAAI,iBACF,UAAU;EACR,KAAK,QAAQ;EACb,QAAQ,QAAQ;EAChB,GAAG;CACL;CAEF,OAAO,gBAAgB,wBAA2B,OAAO;AAC3D;AAIA,IAAa,yBAAb,cACU,UAEV;CACE,eAAyB,QAAQ,YAAY;CAC7C,SAAmB,QAAQ,MAAM;CACjC,mBAA6B,QAAQ,gBAAgB;CACrD;CAEA,SAAmB;EACjB,IAAI,KAAK,QAAQ,KAAK;GACpB,KAAK,OAAO,OAAO,GAAG,iBAAiB,EAAE,KAAK,YAAY;IACxD,IAAI,QAAQ,KAAK,QAAQ,KACvB,KAAK,IAAI,KAAK;GAElB,CAAC;GACD,KAAK,OAAO,OAAO,GAAG,mBAAmB;IACvC,IAAI;KACF,MAAM,QAAQ,KAAK,IAAI;KACvB,IAAI,UAAU,KAAA,GACZ,KAAK,OAAO,IAAI,KAAK,QAAQ,KAAY,KAAK;IAElD,QAAQ,CAAC;GACX,CAAC;EACH;CACF;CAEA,IAAW,SAAY;EACrB,OAAO,KAAK,QAAQ;CACtB;CAEA,IAAW,OAAe;EACxB,OAAO,KAAK,QAAQ,QAAQ,GAAG,KAAK,OAAO;CAC7C;CAEA,IAAW,MAAuB;EAChC,MAAM,QAAQ,KAAK,UAAU,KAAK,OAAO,MAAM,OAAO,KAAK,QAAQ,IAAI,CAAC;EACxE,MAAM,UAAU,KAAK;EAErB,IAAI,QAAQ,UACV,MAAM,IAAI,YAAY,kDAAkD;EAG1E,IAAI,QAAQ,SACV,MAAM,IAAI,YAAY,iDAAiD;EAGzE,IAAI,QAAQ,MACV,MAAM,IAAI,YAAY,8CAA8C;EAGtE,MAAM,SAAiB;GACrB,OAAO,mBAAmB,KAAK;GAC/B,MAAM,QAAQ,QAAQ;GACtB,UAAU,QAAQ,YAAY;GAC9B,QAAQ;GACR,UAAU;GACV,QAAQ,QAAQ;EAClB;EAEA,IAAI,QAAQ,KACV,OAAO,SAAS,KAAK,iBAAiB,SAAS,QAAQ,GAAG,EAAE,GAAG,SAAS;EAI1E,SAAS,SAAS,KAAK,aAAa,eAAe,KAAK,MAAM,MAAM;CACtE;CAEA,IAAW,SAAwD;EACjE,MAAM,SAAS,KAAK,aAAa,oBAAoB,SAAS,MAAM,EAClE,KAAK;EAEP,IAAI,CAAC,QACH;EAGF,MAAM,WAAW,mBAAmB,MAAM;EAE1C,IAAI,KAAK,QAAQ,UACf,MAAM,IAAI,YAAY,kDAAkD;EAG1E,IAAI,KAAK,QAAQ,SACf,MAAM,IAAI,YAAY,iDAAiD;EAGzE,IAAI,KAAK,QAAQ,MACf,MAAM,IAAI,YAAY,8CAA8C;EAGtE,OAAO,KAAK,OAAO,MAAM,OAAO,KAAK,QAAQ,KAAK,MAAM,QAAQ,CAAC;CACnE;CAEA,MAAmB;EACjB,MAAM,UAAU,KAAK;EACrB,MAAM,SAAiB;GACrB,OAAO;GACP,MAAM,QAAQ,QAAQ;GACtB,UAAU,QAAQ,YAAY;GAC9B,QAAQ;GACR,UAAU;GACV,QAAQ,QAAQ;GAChB,QAAQ;EACV;EAGA,SAAS,SAAS,KAAK,aAAa,eAAe,KAAK,MAAM,MAAM;CACtE;AACF;AAEA,QAAQ,QAAQ;;;ACpKhB,MAAa,sBAAsB,QAAQ;CACzC,MAAM;CACN,YAAY,CAAC;CACb,UAAU,CAAC,YAAY;AACzB,CAAC"}

package/dist/server/cookies/index.d.ts

@@ -1,8 +1,6 @@
-import * as _$alepha from "alepha";
 import { Alepha, KIND, Primitive, Static, TSchema } from "alepha";
 import { SecretProvider } from "alepha/crypto";
 import { DateTimeProvider, DurationLike } from "alepha/datetime";
-import * as _$alepha_logger0 from "alepha/logger";
 
 //#region ../../src/server/cookies/services/CookieParser.d.ts
 declare class CookieParser {
@@ -14,7 +12,7 @@ declare class CookieParser {
 //#region ../../src/server/cookies/providers/ServerCookiesProvider.d.ts
 declare class ServerCookiesProvider {
   protected readonly alepha: Alepha;
-  protected readonly log: _$alepha_logger0.Logger;
+  protected readonly log: import("alepha/logger").Logger;
   protected readonly cookieParser: CookieParser;
   protected readonly dateTimeProvider: DateTimeProvider;
   protected readonly secretProvider: SecretProvider;
@@ -22,10 +20,25 @@ declare class ServerCookiesProvider {
   protected readonly IV_LENGTH = 16;
   protected readonly AUTH_TAG_LENGTH = 16;
   protected readonly SIGNATURE_LENGTH = 32;
-  readonly onRequest: _$alepha.HookPrimitive<"server:onRequest">;
-  readonly onAction: _$alepha.HookPrimitive<"action:onRequest">;
-  readonly onSend: _$alepha.HookPrimitive<"server:onSend">;
+  readonly onRequest: import("alepha").HookPrimitive<"server:onRequest">;
+  readonly onAction: import("alepha").HookPrimitive<"action:onRequest">;
+  readonly onSend: import("alepha").HookPrimitive<"server:onSend">;
   protected getCookiesFromContext(cookies?: Cookies): Cookies;
+  /**
+   * Namespaces a cookie name with the app's `APP_NAME` (lowercased) so that
+   * two Alepha apps sharing a cookie jar do not collide.
+   *
+   * Cookies are scoped by host + path only — never by port — so two apps on
+   * `localhost:3000` and `localhost:4000` would otherwise both read/write a
+   * cookie literally named `tokens` and silently clobber each other (and,
+   * because each encrypts with its own `APP_SECRET`, the foreign cookie fails
+   * to decrypt and gets deleted, logging the user out).
+   *
+   * When `APP_NAME` is unset the name is returned unchanged, so existing
+   * single-app deployments keep their current cookie names. Same convention as
+   * the `APP_NAME` prefix used by R2 storage and server-timing.
+   */
+  protected prefixName(name: string): string;
   getCookie<T extends TSchema>(name: string, options: CookiePrimitiveOptions<T>, contextCookies?: Cookies): Static<T> | undefined;
   setCookie<T extends TSchema>(name: string, options: CookiePrimitiveOptions<T>, data: Static<T>, contextCookies?: Cookies): void;
   deleteCookie<T extends TSchema>(name: string, contextCookies?: Cookies): void;
@@ -166,7 +179,7 @@ declare module "alepha/server" {
  *
  * @module alepha.server.cookies
  */
-declare const AlephaServerCookies: _$alepha.Service<_$alepha.Module>;
+declare const AlephaServerCookies: import("alepha").Service<import("alepha").Module>;
 //#endregion
 export { $cookie, AbstractCookiePrimitive, AlephaServerCookies, Cookie, CookiePrimitive, CookiePrimitiveOptions, Cookies, ServerCookiesProvider };
 //# sourceMappingURL=index.d.ts.map

package/dist/server/cookies/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","names":[],"sources":["../../../src/server/cookies/services/CookieParser.ts","../../../src/server/cookies/providers/ServerCookiesProvider.ts","../../../src/server/cookies/primitives/$cookie.ts","../../../src/server/cookies/index.ts"],"mappings":";;;;;;;cAEa,YAAA;EACJ,mBAAA,CAAoB,MAAA,WAAiB,MAAA;EAsBrC,wBAAA,CACL,OAAA,EAAS,MAAA,SAAe,MAAA,UACxB,OAAA;EAqBK,cAAA,CACL,IAAA,UACA,MAAA,EAAQ,MAAA,EACR,OAAA;AAAA;;;cCxBS,qBAAA;EAAA,mBACQ,MAAA,EAAM,MAAA;EAAA,mBACN,GAAA,EADM,gBAAA,CACH,MAAA;EAAA,mBACH,YAAA,EAAY,YAAA;EAAA,mBACZ,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,cAAA,EAAc,cAAA;EAAA,mBAGd,SAAA;EAAA,mBACA,SAAA;EAAA,mBACA,eAAA;EAAA,mBACA,gBAAA;EAAA,SAEH,SAAA,EARiB,QAAA,CAQR,aAAA;EAAA,SAYT,QAAA,EAZS,QAAA,CAYD,aAAA;EAAA,SAYR,MAAA,EAZQ,QAAA,CAYF,aAAA;EAAA,UAeZ,qBAAA,CAAsB,OAAA,GAAU,OAAA,GAAU,OAAA;EAW7C,SAAA,WAAoB,OAAA,CAAA,CACzB,IAAA,UACA,OAAA,EAAS,sBAAA,CAAuB,CAAA,GAChC,cAAA,GAAiB,OAAA,GAChB,MAAA,CAAO,CAAA;EA6CH,SAAA,WAAoB,OAAA,CAAA,CACzB,IAAA,UACA,OAAA,EAAS,sBAAA,CAAuB,CAAA,GAChC,IAAA,EAAM,MAAA,CAAO,CAAA,GACb,cAAA,GAAiB,OAAA;EAoCZ,YAAA,WAAuB,OAAA,CAAA,CAC5B,IAAA,UACA,cAAA,GAAiB,OAAA;EAAA,UAQT,OAAA,CAAQ,IAAA;EAAA,UAWR,OAAA,CAAQ,aAAA;EDxJX;;;;EAAA,UCiLG,SAAA,CAAA,GAAa,MAAA;EAAA,UAIb,IAAA,CAAK,IAAA;AAAA;;;;;;;ADnOjB;cEca,OAAA;EAAA,WAAqB,OAAA,EAAO,OAAA,EAC9B,sBAAA,CAAuB,CAAA,GAAE,eAAA,GAChB,IAAA,CAAK,sBAAA,CAAuB,CAAA,eAC7C,uBAAA,CAAwB,CAAA;EAAA;;UAaV,sBAAA,WAAiC,OAAA;EFkBtC;;;EEdV,MAAA,EAAQ,CAAA;EFjCmB;;;EEsC3B,IAAA;EFf0B;;;EEoB1B,IAAA;EFGE;;;EEEF,GAAA,GAAM,YAAA;EFAa;;;EEKnB,MAAA;;AD7BF;;ECkCE,QAAA;EDjCyB;;;ECsCzB,QAAA;EDlCiC;;;ECuCjC,MAAA;EDQ0C;;;ECH1C,QAAA;EDgBW;;;ECXX,OAAA;ED0D2B;;;ECrD3B,IAAA;EDwDQ;;;ECnDR,GAAA;AAAA;AAAA,UAGe,uBAAA,WAAkC,OAAA;EAAA,SACxC,IAAA;EAAA,SACA,OAAA,EAAS,sBAAA,CAAuB,CAAA;EACzC,GAAA,CACE,KAAA,EAAO,MAAA,CAAO,CAAA,GACd,OAAA;IAAY,OAAA,GAAU,OAAA;IAAS,GAAA,GAAM,YAAA;EAAA;EAEvC,GAAA,CAAI,OAAA;IAAY,OAAA,GAAU,OAAA;EAAA,IAAY,MAAA,CAAO,CAAA;EAC7C,GAAA,CAAI,OAAA;IAAY,OAAA,GAAU,OAAA;EAAA;AAAA;AAAA,cAGf,eAAA,WAA0B,OAAA,UAC7B,SAAA,CAAU,sBAAA,CAAuB,CAAA,cAC9B,uBAAA,CAAwB,CAAA;EAAA,mBAEhB,qBAAA,EAAqB,qBAAA;EAAA,UAE9B,MAAA,CAAA;EAAA,IAoBC,MAAA,CAAA,GAAU,CAAA;EAAA,IAIV,IAAA,CAAA;EDnFa;;;EC0FjB,GAAA,CACL,KAAA,EAAO,MAAA,CAAO,CAAA,GACd,OAAA;IAAY,OAAA,GAAU,OAAA;IAAS,GAAA,GAAM,YAAA;EAAA;EDtDhC;;;ECsEA,GAAA,CAAI,OAAA;IAAY,OAAA,GAAU,OAAA;EAAA,IAAY,MAAA,CAAO,CAAA;EDpElD;;;EC+EK,GAAA,CAAI,OAAA;IAAY,OAAA,GAAU,OAAA;EAAA;AAAA;AAAA,UASlB,OAAA;EACf,GAAA,EAAK,MAAA;EACL,GAAA,EAAK,MAAA,SAAe,MAAA;AAAA;AAAA,UAGL,MAAA;EACf,KAAA;EACA,IAAA;EACA,MAAA;EACA,MAAA;EACA,QAAA;EACA,QAAA;EACA,MAAA;AAAA;;;;YClLU,aAAA;IACR,OAAA,EAAS,OAAA;EAAA;AAAA;;;;;;;;;cAYA,mBAAA,EAAmB,QAAA,CAAA,OAAA,CAI9B,QAAA,CAJ8B,MAAA"}
+{"version":3,"file":"index.d.ts","names":[],"sources":["../../../src/server/cookies/services/CookieParser.ts","../../../src/server/cookies/providers/ServerCookiesProvider.ts","../../../src/server/cookies/primitives/$cookie.ts","../../../src/server/cookies/index.ts"],"mappings":";;;;;cAEa,YAAA;EACJ,mBAAA,CAAoB,MAAA,WAAiB,MAAA;EAsBrC,wBAAA,CACL,OAAA,EAAS,MAAA,SAAe,MAAA,UACxB,OAAA;EAqBK,cAAA,CACL,IAAA,UACA,MAAA,EAAQ,MAAA,EACR,OAAA;AAAA;;;cCxBS,qBAAA;EAAA,mBACQ,MAAA,EAAM,MAAA;EAAA,mBACN,GAAA,0BAAG,MAAA;EAAA,mBACH,YAAA,EAAY,YAAA;EAAA,mBACZ,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,cAAA,EAAc,cAAA;EAAA,mBAGd,SAAA;EAAA,mBACA,SAAA;EAAA,mBACA,eAAA;EAAA,mBACA,gBAAA;EAAA,SAEH,SAAA,mBAAS,aAAA;EAAA,SAYT,QAAA,mBAAQ,aAAA;EAAA,SAYR,MAAA,mBAAM,aAAA;EAAA,UAeZ,qBAAA,CAAsB,OAAA,GAAU,OAAA,GAAU,OAAA;EDrD1B;;;;;;;;;AAyBP;;;;ACxBrB;EDD4B,UC8EhB,UAAA,CAAW,IAAA;EAMd,SAAA,WAAoB,OAAA,EACzB,IAAA,UACA,OAAA,EAAS,sBAAA,CAAuB,CAAA,GAChC,cAAA,GAAiB,OAAA,GAChB,MAAA,CAAO,CAAA;EA6CH,SAAA,WAAoB,OAAA,EACzB,IAAA,UACA,OAAA,EAAS,sBAAA,CAAuB,CAAA,GAChC,IAAA,EAAM,MAAA,CAAO,CAAA,GACb,cAAA,GAAiB,OAAA;EAoCZ,YAAA,WAAuB,OAAA,EAC5B,IAAA,UACA,cAAA,GAAiB,OAAA;EAAA,UAQT,OAAA,CAAQ,IAAA;EAAA,UAWR,OAAA,CAAQ,aAAA;EA7IwB;;;;EAAA,UAsKhC,SAAA,IAAa,MAAA;EAAA,UAIb,IAAA,CAAK,IAAA;AAAA;;;;;ADvPjB;;;cEca,OAAA;EAAA,WAAqB,OAAA,EAAO,OAAA,EAC9B,sBAAA,CAAuB,CAAA,GAAE,eAAA,GAChB,IAAA,CAAK,sBAAA,CAAuB,CAAA,eAC7C,uBAAA,CAAwB,CAAA;EAAA;;UAaV,sBAAA,WAAiC,OAAA;EFkBhC;;;EEdhB,MAAA,EAAQ,CAAA;EFXD;;;EEgBP,IAAA;EFdE;;;EEmBF,IAAA;EFIE;;;EECF,GAAA,GAAM,YAAA;;;;EAKN,MAAA;ED7BgC;;;ECkChC,QAAA;ED9BmC;;;ECmCnC,QAAA;ED4C2B;;;ECvC3B,MAAA;ED2CU;;;ECtCV,QAAA;EDqFW;;;EChFX,OAAA;EDsH8B;;;ECjH9B,IAAA;ED+J6B;;;EC1J7B,GAAA;AAAA;AAAA,UAGe,uBAAA,WAAkC,OAAA;EAAA,SACxC,IAAA;EAAA,SACA,OAAA,EAAS,sBAAA,CAAuB,CAAA;EACzC,GAAA,CACE,KAAA,EAAO,MAAA,CAAO,CAAA,GACd,OAAA;IAAY,OAAA,GAAU,OAAA;IAAS,GAAA,GAAM,YAAA;EAAA;EAEvC,GAAA,CAAI,OAAA;IAAY,OAAA,GAAU,OAAA;EAAA,IAAY,MAAA,CAAO,CAAA;EAC7C,GAAA,CAAI,OAAA;IAAY,OAAA,GAAU,OAAA;EAAA;AAAA;AAAA,cAGf,eAAA,WAA0B,OAAA,UAC7B,SAAA,CAAU,sBAAA,CAAuB,CAAA,cAC9B,uBAAA,CAAwB,CAAA;EAAA,mBAEhB,qBAAA,EAAqB,qBAAA;EAAA,UAE9B,MAAA;EAAA,IAoBC,MAAA,IAAU,CAAA;EAAA,IAIV,IAAA;EDxDyC;;;EC+D7C,GAAA,CACL,KAAA,EAAO,MAAA,CAAO,CAAA,GACd,OAAA;IAAY,OAAA,GAAU,OAAA;IAAS,GAAA,GAAM,YAAA;EAAA;EDhC5B;;;ECgDJ,GAAA,CAAI,OAAA;IAAY,OAAA,GAAU,OAAA;EAAA,IAAY,MAAA,CAAO,CAAA;ED9C1C;;;ECyDH,GAAA,CAAI,OAAA;IAAY,OAAA,GAAU,OAAA;EAAA;AAAA;AAAA,UASlB,OAAA;EACf,GAAA,EAAK,MAAA;EACL,GAAA,EAAK,MAAA,SAAe,MAAA;AAAA;AAAA,UAGL,MAAA;EACf,KAAA;EACA,IAAA;EACA,MAAA;EACA,MAAA;EACA,QAAA;EACA,QAAA;EACA,MAAA;AAAA;;;;YClLU,aAAA;IACR,OAAA,EAAS,OAAO;EAAA;AAAA;;;;;;;;;cAYP,mBAAA,mBAAmB,OAAA,kBAAA,MAAA"}

package/dist/server/cookies/index.js

@@ -89,9 +89,28 @@ var ServerCookiesProvider = class {
 		if (contextCookies) return contextCookies;
 		throw new AlephaError("Cookie context is not available. This method must be called within a server request cycle.");
 	}
+	/**
+	* Namespaces a cookie name with the app's `APP_NAME` (lowercased) so that
+	* two Alepha apps sharing a cookie jar do not collide.
+	*
+	* Cookies are scoped by host + path only — never by port — so two apps on
+	* `localhost:3000` and `localhost:4000` would otherwise both read/write a
+	* cookie literally named `tokens` and silently clobber each other (and,
+	* because each encrypts with its own `APP_SECRET`, the foreign cookie fails
+	* to decrypt and gets deleted, logging the user out).
+	*
+	* When `APP_NAME` is unset the name is returned unchanged, so existing
+	* single-app deployments keep their current cookie names. Same convention as
+	* the `APP_NAME` prefix used by R2 storage and server-timing.
+	*/
+	prefixName(name) {
+		const app = this.alepha.env.APP_NAME;
+		if (!app) return name;
+		return `${String(app).toLowerCase()}.${name}`;
+	}
 	getCookie(name, options, contextCookies) {
 		const cookies = this.getCookiesFromContext(contextCookies);
-		let rawValue = cookies.req[name];
+		let rawValue = cookies.req[this.prefixName(name)];
 		if (!rawValue) return void 0;
 		try {
 			rawValue = decodeURIComponent(rawValue);
@@ -129,11 +148,11 @@ var ServerCookiesProvider = class {
 			domain: options.domain
 		};
 		if (options.ttl) cookie.maxAge = this.dateTimeProvider.duration(options.ttl).as("seconds");
-		cookies.res[name] = cookie;
+		cookies.res[this.prefixName(name)] = cookie;
 	}
 	deleteCookie(name, contextCookies) {
 		const cookies = this.getCookiesFromContext(contextCookies);
-		cookies.res[name] = null;
+		cookies.res[this.prefixName(name)] = null;
 	}
 	encrypt(text) {
 		const iv = randomBytes(this.IV_LENGTH);

package/dist/server/cookies/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","names":[],"sources":["../../../src/server/cookies/services/CookieParser.ts","../../../src/server/cookies/providers/ServerCookiesProvider.ts","../../../src/server/cookies/primitives/$cookie.ts","../../../src/server/cookies/index.ts"],"sourcesContent":["import type { Cookie } from \"../primitives/$cookie.ts\";\n\nexport class CookieParser {\n  public parseRequestCookies(header: string): Record<string, string> {\n    const cookies: Record<string, string> = {};\n    const parts = header.split(\";\");\n    for (const part of parts) {\n      const eqIndex = part.indexOf(\"=\");\n      if (eqIndex === -1) {\n        continue;\n      }\n\n      const key = part.slice(0, eqIndex).trim();\n      const value = part.slice(eqIndex + 1).trim();\n\n      if (!key || !value) {\n        continue;\n      }\n\n      cookies[key] = value;\n    }\n\n    return cookies;\n  }\n\n  public serializeResponseCookies(\n    cookies: Record<string, Cookie | null>,\n    isHttps: boolean,\n  ): string[] {\n    const headers = [];\n\n    for (const [name, cookie] of Object.entries(cookies)) {\n      // If the cookie is null, we need to delete it\n      if (cookie == null) {\n        headers.push(`${name}=; Path=/; Max-Age=0`);\n        continue;\n      }\n\n      if (!cookie.value) {\n        continue;\n      }\n\n      headers.push(this.cookieToString(name, cookie, isHttps));\n    }\n\n    return headers;\n  }\n\n  public cookieToString(\n    name: string,\n    cookie: Cookie,\n    isHttps?: boolean,\n  ): string {\n    const parts: string[] = [];\n\n    parts.push(`${name}=${cookie.value}`);\n\n    if (cookie.path) {\n      parts.push(`Path=${cookie.path}`);\n    }\n    if (cookie.maxAge) {\n      parts.push(`Max-Age=${cookie.maxAge}`);\n    }\n    if (cookie.secure !== false && isHttps) {\n      parts.push(\"Secure\");\n    }\n    if (cookie.httpOnly) {\n      parts.push(\"HttpOnly\");\n    }\n    if (cookie.sameSite) {\n      parts.push(`SameSite=${cookie.sameSite}`);\n    }\n    if (cookie.domain) {\n      parts.push(`Domain=${cookie.domain}`);\n    }\n\n    return parts.join(\"; \");\n  }\n}\n","import {\n  createCipheriv,\n  createDecipheriv,\n  createHash,\n  createHmac,\n  randomBytes,\n  timingSafeEqual,\n} from \"node:crypto\";\nimport { deflateRawSync, inflateRawSync } from \"node:zlib\";\nimport {\n  $hook,\n  $inject,\n  Alepha,\n  AlephaError,\n  type Static,\n  type TSchema,\n} from \"alepha\";\nimport { SecretProvider } from \"alepha/crypto\";\nimport { DateTimeProvider } from \"alepha/datetime\";\nimport { $logger } from \"alepha/logger\";\nimport type {\n  Cookie,\n  CookiePrimitiveOptions,\n  Cookies,\n} from \"../primitives/$cookie.ts\";\nimport { CookieParser } from \"../services/CookieParser.ts\";\n\nexport class ServerCookiesProvider {\n  protected readonly alepha = $inject(Alepha);\n  protected readonly log = $logger();\n  protected readonly cookieParser = $inject(CookieParser);\n  protected readonly dateTimeProvider = $inject(DateTimeProvider);\n  protected readonly secretProvider = $inject(SecretProvider);\n\n  // crypto constants\n  protected readonly ALGORITHM = \"aes-256-gcm\";\n  protected readonly IV_LENGTH = 16; // For GCM\n  protected readonly AUTH_TAG_LENGTH = 16;\n  protected readonly SIGNATURE_LENGTH = 32; // For SHA256\n\n  public readonly onRequest = $hook({\n    on: \"server:onRequest\",\n    handler: ({ request }) => {\n      request.cookies = {\n        req: this.cookieParser.parseRequestCookies(\n          request.headers.cookie ?? \"\",\n        ),\n        res: {},\n      };\n    },\n  });\n\n  public readonly onAction = $hook({\n    on: \"action:onRequest\",\n    handler: ({ request }) => {\n      request.cookies = {\n        req: this.cookieParser.parseRequestCookies(\n          request.headers.cookie ?? \"\",\n        ),\n        res: {},\n      };\n    },\n  });\n\n  public readonly onSend = $hook({\n    on: \"server:onSend\",\n    handler: ({ request }) => {\n      if (request.cookies && Object.keys(request.cookies.res).length > 0) {\n        const setCookieHeaders = this.cookieParser.serializeResponseCookies(\n          request.cookies.res,\n          request.url.protocol === \"https:\",\n        );\n        if (setCookieHeaders.length > 0) {\n          request.reply.headers[\"set-cookie\"] = setCookieHeaders;\n        }\n      }\n    },\n  });\n\n  protected getCookiesFromContext(cookies?: Cookies): Cookies {\n    const contextCookies = this.alepha.store.get(\n      \"alepha.http.request\",\n    )?.cookies;\n    if (cookies) return cookies;\n    if (contextCookies) return contextCookies;\n    throw new AlephaError(\n      \"Cookie context is not available. This method must be called within a server request cycle.\",\n    );\n  }\n\n  public getCookie<T extends TSchema>(\n    name: string,\n    options: CookiePrimitiveOptions<T>,\n    contextCookies?: Cookies,\n  ): Static<T> | undefined {\n    const cookies = this.getCookiesFromContext(contextCookies);\n    let rawValue = cookies.req[name];\n\n    if (!rawValue) return undefined;\n\n    try {\n      rawValue = decodeURIComponent(rawValue);\n\n      if (options.sign) {\n        const signature = rawValue.substring(0, this.SIGNATURE_LENGTH * 2);\n        const value = rawValue.substring(this.SIGNATURE_LENGTH * 2);\n        const expectedSignature = this.sign(value);\n\n        if (\n          !timingSafeEqual(\n            Buffer.from(signature, \"hex\"),\n            Buffer.from(expectedSignature, \"hex\"),\n          )\n        ) {\n          this.log.warn(`Invalid signature for cookie \"${name}\".`);\n          return undefined;\n        }\n        rawValue = value;\n      }\n\n      if (options.encrypt) {\n        rawValue = this.decrypt(rawValue);\n      }\n\n      if (options.compress) {\n        rawValue = inflateRawSync(Buffer.from(rawValue, \"base64\")).toString(\n          \"utf8\",\n        );\n      }\n\n      return this.alepha.codec.decode(options.schema, JSON.parse(rawValue));\n    } catch (error) {\n      this.log.warn(`Failed to parse cookie \"${name}\"`, error);\n      // corrupted or invalid cookie, instruct browser to delete it on next response\n      this.deleteCookie(name, cookies);\n      return undefined;\n    }\n  }\n\n  public setCookie<T extends TSchema>(\n    name: string,\n    options: CookiePrimitiveOptions<T>,\n    data: Static<T>,\n    contextCookies?: Cookies,\n  ): void {\n    const cookies = this.getCookiesFromContext(contextCookies);\n    let value = JSON.stringify(this.alepha.codec.decode(options.schema, data));\n\n    if (options.compress) {\n      value = deflateRawSync(value).toString(\"base64\");\n    }\n\n    if (options.encrypt) {\n      value = this.encrypt(value);\n    }\n\n    if (options.sign) {\n      value = this.sign(value) + value;\n    }\n\n    const cookie: Cookie = {\n      value: encodeURIComponent(value),\n      path: options.path ?? \"/\",\n      // \"lax\" is correct here — \"strict\" would break OAuth flows because OAuth callbacks\n      // are top-level redirects from the IdP, and strict cookies are not sent on cross-site\n      // top-level navigations. \"lax\" is Chrome's own default and the industry standard.\n      sameSite: options.sameSite ?? \"lax\",\n      secure: options.secure ?? this.alepha.isProduction(),\n      httpOnly: options.httpOnly,\n      domain: options.domain,\n    };\n\n    if (options.ttl) {\n      cookie.maxAge = this.dateTimeProvider.duration(options.ttl).as(\"seconds\");\n    }\n\n    cookies.res[name] = cookie;\n  }\n\n  public deleteCookie<T extends TSchema>(\n    name: string,\n    contextCookies?: Cookies,\n  ): void {\n    const cookies = this.getCookiesFromContext(contextCookies);\n    cookies.res[name] = null;\n  }\n\n  // --- Crypto & Parsing ---\n\n  protected encrypt(text: string): string {\n    const iv = randomBytes(this.IV_LENGTH);\n    const cipher = createCipheriv(this.ALGORITHM, this.deriveKey(), iv);\n    const encrypted = Buffer.concat([\n      cipher.update(text, \"utf8\"),\n      cipher.final(),\n    ]);\n    const authTag = cipher.getAuthTag();\n    return Buffer.concat([iv, authTag, encrypted]).toString(\"base64\");\n  }\n\n  protected decrypt(encryptedText: string): string {\n    const data = Buffer.from(encryptedText, \"base64\");\n    const iv = data.subarray(0, this.IV_LENGTH);\n    const authTag = data.subarray(\n      this.IV_LENGTH,\n      this.IV_LENGTH + this.AUTH_TAG_LENGTH,\n    );\n\n    const encrypted = data.subarray(this.IV_LENGTH + this.AUTH_TAG_LENGTH);\n    const decipher = createDecipheriv(this.ALGORITHM, this.deriveKey(), iv);\n\n    decipher.setAuthTag(authTag);\n\n    const decrypted = Buffer.concat([\n      decipher.update(encrypted),\n      decipher.final(),\n    ]);\n\n    return decrypted.toString(\"utf8\");\n  }\n\n  /**\n   * Derives a 32-byte key from APP_SECRET via SHA-256.\n   * Accepts any string length — no padding or truncation needed.\n   */\n  protected deriveKey(): Buffer {\n    return createHash(\"sha256\").update(this.secretProvider.secretKey).digest();\n  }\n\n  protected sign(data: string): string {\n    return createHmac(\"sha256\", this.deriveKey()).update(data).digest(\"hex\");\n  }\n}\n","import {\n  $inject,\n  createPrimitive,\n  KIND,\n  Primitive,\n  type Static,\n  type TSchema,\n} from \"alepha\";\nimport type { DurationLike } from \"alepha/datetime\";\nimport { ServerCookiesProvider } from \"../providers/ServerCookiesProvider.ts\";\n\n/**\n * Declares a type-safe, configurable HTTP cookie.\n * This primitive provides methods to get, set, and delete the cookie\n * within the server request/response cycle.\n */\nexport const $cookie = <T extends TSchema>(\n  options: CookiePrimitiveOptions<T>,\n  extendedOptions?: Omit<CookiePrimitiveOptions<T>, \"schema\">,\n): AbstractCookiePrimitive<T> => {\n  if (extendedOptions) {\n    options = {\n      key: options.key,\n      schema: options.schema,\n      ...extendedOptions,\n    };\n  }\n  return createPrimitive(CookiePrimitive<T>, options);\n};\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface CookiePrimitiveOptions<T extends TSchema> {\n  /**\n   * The schema for the cookie's value, used for validation and type safety.\n   */\n  schema: T;\n\n  /**\n   * The name of the cookie.\n   */\n  name?: string;\n\n  /**\n   * The cookie's path. Defaults to \"/\".\n   */\n  path?: string;\n\n  /**\n   * Time-to-live for the cookie. Maps to `Max-Age`.\n   */\n  ttl?: DurationLike;\n\n  /**\n   * If true, the cookie is only sent over HTTPS. Defaults to true in production.\n   */\n  secure?: boolean;\n\n  /**\n   * If true, the cookie cannot be accessed by client-side scripts.\n   */\n  httpOnly?: boolean;\n\n  /**\n   * SameSite policy for the cookie. Defaults to \"lax\".\n   */\n  sameSite?: \"strict\" | \"lax\" | \"none\";\n\n  /**\n   * The domain for the cookie.\n   */\n  domain?: string;\n\n  /**\n   * If true, the cookie value will be compressed using zlib.\n   */\n  compress?: boolean;\n\n  /**\n   * If true, the cookie value will be encrypted. Requires `COOKIE_SECRET` env var.\n   */\n  encrypt?: boolean;\n\n  /**\n   * If true, the cookie will be signed to prevent tampering. Requires `COOKIE_SECRET` env var.\n   */\n  sign?: boolean;\n\n  /**\n   * Optional key to link this cookie to an Atom, enabling automatic synchronization between the cookie and the Atom's state.\n   */\n  key?: string;\n}\n\nexport interface AbstractCookiePrimitive<T extends TSchema> {\n  readonly name: string;\n  readonly options: CookiePrimitiveOptions<T>;\n  set(\n    value: Static<T>,\n    options?: { cookies?: Cookies; ttl?: DurationLike },\n  ): void;\n  get(options?: { cookies?: Cookies }): Static<T> | undefined;\n  del(options?: { cookies?: Cookies }): void;\n}\n\nexport class CookiePrimitive<T extends TSchema>\n  extends Primitive<CookiePrimitiveOptions<T>>\n  implements AbstractCookiePrimitive<T>\n{\n  protected readonly serverCookiesProvider = $inject(ServerCookiesProvider);\n\n  protected onInit() {\n    if (this.options.key) {\n      this.alepha.events.on(\"state:mutate\", ({ key, value }) => {\n        if (key === this.options.key) {\n          this.set(value);\n        }\n      });\n      this.alepha.events.on(\"server:onRequest\", ({ request }) => {\n        try {\n          const value = this.get(request);\n          if (value !== undefined) {\n            this.alepha.store.set(this.options.key as any, value, {\n              skipEvents: true,\n            });\n          }\n        } catch {}\n      });\n    }\n  }\n\n  public get schema(): T {\n    return this.options.schema;\n  }\n\n  public get name(): string {\n    return this.options.name ?? `${this.config.propertyKey}`;\n  }\n\n  /**\n   * Sets the cookie with the given value in the current request's response.\n   */\n  public set(\n    value: Static<T>,\n    options?: { cookies?: Cookies; ttl?: DurationLike },\n  ): void {\n    this.serverCookiesProvider.setCookie(\n      this.name,\n      {\n        ...this.options,\n        ttl: options?.ttl ?? this.options.ttl,\n      },\n      value,\n      options?.cookies,\n    );\n  }\n\n  /**\n   * Gets the cookie value from the current request. Returns undefined if not found or invalid.\n   */\n  public get(options?: { cookies?: Cookies }): Static<T> | undefined {\n    return this.serverCookiesProvider.getCookie(\n      this.name,\n      this.options,\n      options?.cookies,\n    );\n  }\n\n  /**\n   * Deletes the cookie in the current request's response.\n   */\n  public del(options?: { cookies?: Cookies }): void {\n    this.serverCookiesProvider.deleteCookie(this.name, options?.cookies);\n  }\n}\n\n$cookie[KIND] = CookiePrimitive;\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface Cookies {\n  req: Record<string, string>;\n  res: Record<string, Cookie | null>;\n}\n\nexport interface Cookie {\n  value: string;\n  path?: string;\n  maxAge?: number;\n  secure?: boolean;\n  httpOnly?: boolean;\n  sameSite?: \"strict\" | \"lax\" | \"none\";\n  domain?: string;\n}\n","import { $module } from \"alepha\";\nimport { AlephaServer } from \"alepha/server\";\nimport { $cookie, type Cookies } from \"./primitives/$cookie.ts\";\nimport { ServerCookiesProvider } from \"./providers/ServerCookiesProvider.ts\";\nimport { CookieParser } from \"./services/CookieParser.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./primitives/$cookie.ts\";\nexport * from \"./providers/ServerCookiesProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\ndeclare module \"alepha/server\" {\n  interface ServerRequest {\n    cookies: Cookies;\n  }\n}\n\n/**\n * Server and browser-safe cookie handling.\n *\n * **Features:**\n * - Cookie management on server and browser\n *\n * @module alepha.server.cookies\n */\nexport const AlephaServerCookies = $module({\n  name: \"alepha.server.cookies\",\n  primitives: [$cookie],\n  services: [AlephaServer, ServerCookiesProvider, CookieParser],\n});\n"],"mappings":";;;;;;;;AAEA,IAAa,eAAb,MAA0B;CACxB,oBAA2B,QAAwC;EACjE,MAAM,UAAkC,EAAE;EAC1C,MAAM,QAAQ,OAAO,MAAM,IAAI;EAC/B,KAAK,MAAM,QAAQ,OAAO;GACxB,MAAM,UAAU,KAAK,QAAQ,IAAI;GACjC,IAAI,YAAY,IACd;GAGF,MAAM,MAAM,KAAK,MAAM,GAAG,QAAQ,CAAC,MAAM;GACzC,MAAM,QAAQ,KAAK,MAAM,UAAU,EAAE,CAAC,MAAM;GAE5C,IAAI,CAAC,OAAO,CAAC,OACX;GAGF,QAAQ,OAAO;;EAGjB,OAAO;;CAGT,yBACE,SACA,SACU;EACV,MAAM,UAAU,EAAE;EAElB,KAAK,MAAM,CAAC,MAAM,WAAW,OAAO,QAAQ,QAAQ,EAAE;GAEpD,IAAI,UAAU,MAAM;IAClB,QAAQ,KAAK,GAAG,KAAK,sBAAsB;IAC3C;;GAGF,IAAI,CAAC,OAAO,OACV;GAGF,QAAQ,KAAK,KAAK,eAAe,MAAM,QAAQ,QAAQ,CAAC;;EAG1D,OAAO;;CAGT,eACE,MACA,QACA,SACQ;EACR,MAAM,QAAkB,EAAE;EAE1B,MAAM,KAAK,GAAG,KAAK,GAAG,OAAO,QAAQ;EAErC,IAAI,OAAO,MACT,MAAM,KAAK,QAAQ,OAAO,OAAO;EAEnC,IAAI,OAAO,QACT,MAAM,KAAK,WAAW,OAAO,SAAS;EAExC,IAAI,OAAO,WAAW,SAAS,SAC7B,MAAM,KAAK,SAAS;EAEtB,IAAI,OAAO,UACT,MAAM,KAAK,WAAW;EAExB,IAAI,OAAO,UACT,MAAM,KAAK,YAAY,OAAO,WAAW;EAE3C,IAAI,OAAO,QACT,MAAM,KAAK,UAAU,OAAO,SAAS;EAGvC,OAAO,MAAM,KAAK,KAAK;;;;;ACjD3B,IAAa,wBAAb,MAAmC;CACjC,SAA4B,QAAQ,OAAO;CAC3C,MAAyB,SAAS;CAClC,eAAkC,QAAQ,aAAa;CACvD,mBAAsC,QAAQ,iBAAiB;CAC/D,iBAAoC,QAAQ,eAAe;CAG3D,YAA+B;CAC/B,YAA+B;CAC/B,kBAAqC;CACrC,mBAAsC;CAEtC,YAA4B,MAAM;EAChC,IAAI;EACJ,UAAU,EAAE,cAAc;GACxB,QAAQ,UAAU;IAChB,KAAK,KAAK,aAAa,oBACrB,QAAQ,QAAQ,UAAU,GAC3B;IACD,KAAK,EAAE;IACR;;EAEJ,CAAC;CAEF,WAA2B,MAAM;EAC/B,IAAI;EACJ,UAAU,EAAE,cAAc;GACxB,QAAQ,UAAU;IAChB,KAAK,KAAK,aAAa,oBACrB,QAAQ,QAAQ,UAAU,GAC3B;IACD,KAAK,EAAE;IACR;;EAEJ,CAAC;CAEF,SAAyB,MAAM;EAC7B,IAAI;EACJ,UAAU,EAAE,cAAc;GACxB,IAAI,QAAQ,WAAW,OAAO,KAAK,QAAQ,QAAQ,IAAI,CAAC,SAAS,GAAG;IAClE,MAAM,mBAAmB,KAAK,aAAa,yBACzC,QAAQ,QAAQ,KAChB,QAAQ,IAAI,aAAa,SAC1B;IACD,IAAI,iBAAiB,SAAS,GAC5B,QAAQ,MAAM,QAAQ,gBAAgB;;;EAI7C,CAAC;CAEF,sBAAgC,SAA4B;EAC1D,MAAM,iBAAiB,KAAK,OAAO,MAAM,IACvC,sBACD,EAAE;EACH,IAAI,SAAS,OAAO;EACpB,IAAI,gBAAgB,OAAO;EAC3B,MAAM,IAAI,YACR,6FACD;;CAGH,UACE,MACA,SACA,gBACuB;EACvB,MAAM,UAAU,KAAK,sBAAsB,eAAe;EAC1D,IAAI,WAAW,QAAQ,IAAI;EAE3B,IAAI,CAAC,UAAU,OAAO,KAAA;EAEtB,IAAI;GACF,WAAW,mBAAmB,SAAS;GAEvC,IAAI,QAAQ,MAAM;IAChB,MAAM,YAAY,SAAS,UAAU,GAAG,KAAK,mBAAmB,EAAE;IAClE,MAAM,QAAQ,SAAS,UAAU,KAAK,mBAAmB,EAAE;IAC3D,MAAM,oBAAoB,KAAK,KAAK,MAAM;IAE1C,IACE,CAAC,gBACC,OAAO,KAAK,WAAW,MAAM,EAC7B,OAAO,KAAK,mBAAmB,MAAM,CACtC,EACD;KACA,KAAK,IAAI,KAAK,iCAAiC,KAAK,IAAI;KACxD;;IAEF,WAAW;;GAGb,IAAI,QAAQ,SACV,WAAW,KAAK,QAAQ,SAAS;GAGnC,IAAI,QAAQ,UACV,WAAW,eAAe,OAAO,KAAK,UAAU,SAAS,CAAC,CAAC,SACzD,OACD;GAGH,OAAO,KAAK,OAAO,MAAM,OAAO,QAAQ,QAAQ,KAAK,MAAM,SAAS,CAAC;WAC9D,OAAO;GACd,KAAK,IAAI,KAAK,2BAA2B,KAAK,IAAI,MAAM;GAExD,KAAK,aAAa,MAAM,QAAQ;GAChC;;;CAIJ,UACE,MACA,SACA,MACA,gBACM;EACN,MAAM,UAAU,KAAK,sBAAsB,eAAe;EAC1D,IAAI,QAAQ,KAAK,UAAU,KAAK,OAAO,MAAM,OAAO,QAAQ,QAAQ,KAAK,CAAC;EAE1E,IAAI,QAAQ,UACV,QAAQ,eAAe,MAAM,CAAC,SAAS,SAAS;EAGlD,IAAI,QAAQ,SACV,QAAQ,KAAK,QAAQ,MAAM;EAG7B,IAAI,QAAQ,MACV,QAAQ,KAAK,KAAK,MAAM,GAAG;EAG7B,MAAM,SAAiB;GACrB,OAAO,mBAAmB,MAAM;GAChC,MAAM,QAAQ,QAAQ;GAItB,UAAU,QAAQ,YAAY;GAC9B,QAAQ,QAAQ,UAAU,KAAK,OAAO,cAAc;GACpD,UAAU,QAAQ;GAClB,QAAQ,QAAQ;GACjB;EAED,IAAI,QAAQ,KACV,OAAO,SAAS,KAAK,iBAAiB,SAAS,QAAQ,IAAI,CAAC,GAAG,UAAU;EAG3E,QAAQ,IAAI,QAAQ;;CAGtB,aACE,MACA,gBACM;EACN,MAAM,UAAU,KAAK,sBAAsB,eAAe;EAC1D,QAAQ,IAAI,QAAQ;;CAKtB,QAAkB,MAAsB;EACtC,MAAM,KAAK,YAAY,KAAK,UAAU;EACtC,MAAM,SAAS,eAAe,KAAK,WAAW,KAAK,WAAW,EAAE,GAAG;EACnE,MAAM,YAAY,OAAO,OAAO,CAC9B,OAAO,OAAO,MAAM,OAAO,EAC3B,OAAO,OAAO,CACf,CAAC;EACF,MAAM,UAAU,OAAO,YAAY;EACnC,OAAO,OAAO,OAAO;GAAC;GAAI;GAAS;GAAU,CAAC,CAAC,SAAS,SAAS;;CAGnE,QAAkB,eAA+B;EAC/C,MAAM,OAAO,OAAO,KAAK,eAAe,SAAS;EACjD,MAAM,KAAK,KAAK,SAAS,GAAG,KAAK,UAAU;EAC3C,MAAM,UAAU,KAAK,SACnB,KAAK,WACL,KAAK,YAAY,KAAK,gBACvB;EAED,MAAM,YAAY,KAAK,SAAS,KAAK,YAAY,KAAK,gBAAgB;EACtE,MAAM,WAAW,iBAAiB,KAAK,WAAW,KAAK,WAAW,EAAE,GAAG;EAEvE,SAAS,WAAW,QAAQ;EAO5B,OALkB,OAAO,OAAO,CAC9B,SAAS,OAAO,UAAU,EAC1B,SAAS,OAAO,CACjB,CAEe,CAAC,SAAS,OAAO;;;;;;CAOnC,YAA8B;EAC5B,OAAO,WAAW,SAAS,CAAC,OAAO,KAAK,eAAe,UAAU,CAAC,QAAQ;;CAG5E,KAAe,MAAsB;EACnC,OAAO,WAAW,UAAU,KAAK,WAAW,CAAC,CAAC,OAAO,KAAK,CAAC,OAAO,MAAM;;;;;;;;;;ACtN5E,MAAa,WACX,SACA,oBAC+B;CAC/B,IAAI,iBACF,UAAU;EACR,KAAK,QAAQ;EACb,QAAQ,QAAQ;EAChB,GAAG;EACJ;CAEH,OAAO,gBAAgB,iBAAoB,QAAQ;;AA8ErD,IAAa,kBAAb,cACU,UAEV;CACE,wBAA2C,QAAQ,sBAAsB;CAEzE,SAAmB;EACjB,IAAI,KAAK,QAAQ,KAAK;GACpB,KAAK,OAAO,OAAO,GAAG,iBAAiB,EAAE,KAAK,YAAY;IACxD,IAAI,QAAQ,KAAK,QAAQ,KACvB,KAAK,IAAI,MAAM;KAEjB;GACF,KAAK,OAAO,OAAO,GAAG,qBAAqB,EAAE,cAAc;IACzD,IAAI;KACF,MAAM,QAAQ,KAAK,IAAI,QAAQ;KAC/B,IAAI,UAAU,KAAA,GACZ,KAAK,OAAO,MAAM,IAAI,KAAK,QAAQ,KAAY,OAAO,EACpD,YAAY,MACb,CAAC;YAEE;KACR;;;CAIN,IAAW,SAAY;EACrB,OAAO,KAAK,QAAQ;;CAGtB,IAAW,OAAe;EACxB,OAAO,KAAK,QAAQ,QAAQ,GAAG,KAAK,OAAO;;;;;CAM7C,IACE,OACA,SACM;EACN,KAAK,sBAAsB,UACzB,KAAK,MACL;GACE,GAAG,KAAK;GACR,KAAK,SAAS,OAAO,KAAK,QAAQ;GACnC,EACD,OACA,SAAS,QACV;;;;;CAMH,IAAW,SAAwD;EACjE,OAAO,KAAK,sBAAsB,UAChC,KAAK,MACL,KAAK,SACL,SAAS,QACV;;;;;CAMH,IAAW,SAAuC;EAChD,KAAK,sBAAsB,aAAa,KAAK,MAAM,SAAS,QAAQ;;;AAIxE,QAAQ,QAAQ;;;;;;;;;;;ACrJhB,MAAa,sBAAsB,QAAQ;CACzC,MAAM;CACN,YAAY,CAAC,QAAQ;CACrB,UAAU;EAAC;EAAc;EAAuB;EAAa;CAC9D,CAAC"}
+{"version":3,"file":"index.js","names":[],"sources":["../../../src/server/cookies/services/CookieParser.ts","../../../src/server/cookies/providers/ServerCookiesProvider.ts","../../../src/server/cookies/primitives/$cookie.ts","../../../src/server/cookies/index.ts"],"sourcesContent":["import type { Cookie } from \"../primitives/$cookie.ts\";\n\nexport class CookieParser {\n  public parseRequestCookies(header: string): Record<string, string> {\n    const cookies: Record<string, string> = {};\n    const parts = header.split(\";\");\n    for (const part of parts) {\n      const eqIndex = part.indexOf(\"=\");\n      if (eqIndex === -1) {\n        continue;\n      }\n\n      const key = part.slice(0, eqIndex).trim();\n      const value = part.slice(eqIndex + 1).trim();\n\n      if (!key || !value) {\n        continue;\n      }\n\n      cookies[key] = value;\n    }\n\n    return cookies;\n  }\n\n  public serializeResponseCookies(\n    cookies: Record<string, Cookie | null>,\n    isHttps: boolean,\n  ): string[] {\n    const headers = [];\n\n    for (const [name, cookie] of Object.entries(cookies)) {\n      // If the cookie is null, we need to delete it\n      if (cookie == null) {\n        headers.push(`${name}=; Path=/; Max-Age=0`);\n        continue;\n      }\n\n      if (!cookie.value) {\n        continue;\n      }\n\n      headers.push(this.cookieToString(name, cookie, isHttps));\n    }\n\n    return headers;\n  }\n\n  public cookieToString(\n    name: string,\n    cookie: Cookie,\n    isHttps?: boolean,\n  ): string {\n    const parts: string[] = [];\n\n    parts.push(`${name}=${cookie.value}`);\n\n    if (cookie.path) {\n      parts.push(`Path=${cookie.path}`);\n    }\n    if (cookie.maxAge) {\n      parts.push(`Max-Age=${cookie.maxAge}`);\n    }\n    if (cookie.secure !== false && isHttps) {\n      parts.push(\"Secure\");\n    }\n    if (cookie.httpOnly) {\n      parts.push(\"HttpOnly\");\n    }\n    if (cookie.sameSite) {\n      parts.push(`SameSite=${cookie.sameSite}`);\n    }\n    if (cookie.domain) {\n      parts.push(`Domain=${cookie.domain}`);\n    }\n\n    return parts.join(\"; \");\n  }\n}\n","import {\n  createCipheriv,\n  createDecipheriv,\n  createHash,\n  createHmac,\n  randomBytes,\n  timingSafeEqual,\n} from \"node:crypto\";\nimport { deflateRawSync, inflateRawSync } from \"node:zlib\";\nimport {\n  $hook,\n  $inject,\n  Alepha,\n  AlephaError,\n  type Static,\n  type TSchema,\n} from \"alepha\";\nimport { SecretProvider } from \"alepha/crypto\";\nimport { DateTimeProvider } from \"alepha/datetime\";\nimport { $logger } from \"alepha/logger\";\nimport type {\n  Cookie,\n  CookiePrimitiveOptions,\n  Cookies,\n} from \"../primitives/$cookie.ts\";\nimport { CookieParser } from \"../services/CookieParser.ts\";\n\nexport class ServerCookiesProvider {\n  protected readonly alepha = $inject(Alepha);\n  protected readonly log = $logger();\n  protected readonly cookieParser = $inject(CookieParser);\n  protected readonly dateTimeProvider = $inject(DateTimeProvider);\n  protected readonly secretProvider = $inject(SecretProvider);\n\n  // crypto constants\n  protected readonly ALGORITHM = \"aes-256-gcm\";\n  protected readonly IV_LENGTH = 16; // For GCM\n  protected readonly AUTH_TAG_LENGTH = 16;\n  protected readonly SIGNATURE_LENGTH = 32; // For SHA256\n\n  public readonly onRequest = $hook({\n    on: \"server:onRequest\",\n    handler: ({ request }) => {\n      request.cookies = {\n        req: this.cookieParser.parseRequestCookies(\n          request.headers.cookie ?? \"\",\n        ),\n        res: {},\n      };\n    },\n  });\n\n  public readonly onAction = $hook({\n    on: \"action:onRequest\",\n    handler: ({ request }) => {\n      request.cookies = {\n        req: this.cookieParser.parseRequestCookies(\n          request.headers.cookie ?? \"\",\n        ),\n        res: {},\n      };\n    },\n  });\n\n  public readonly onSend = $hook({\n    on: \"server:onSend\",\n    handler: ({ request }) => {\n      if (request.cookies && Object.keys(request.cookies.res).length > 0) {\n        const setCookieHeaders = this.cookieParser.serializeResponseCookies(\n          request.cookies.res,\n          request.url.protocol === \"https:\",\n        );\n        if (setCookieHeaders.length > 0) {\n          request.reply.headers[\"set-cookie\"] = setCookieHeaders;\n        }\n      }\n    },\n  });\n\n  protected getCookiesFromContext(cookies?: Cookies): Cookies {\n    const contextCookies = this.alepha.store.get(\n      \"alepha.http.request\",\n    )?.cookies;\n    if (cookies) return cookies;\n    if (contextCookies) return contextCookies;\n    throw new AlephaError(\n      \"Cookie context is not available. This method must be called within a server request cycle.\",\n    );\n  }\n\n  /**\n   * Namespaces a cookie name with the app's `APP_NAME` (lowercased) so that\n   * two Alepha apps sharing a cookie jar do not collide.\n   *\n   * Cookies are scoped by host + path only — never by port — so two apps on\n   * `localhost:3000` and `localhost:4000` would otherwise both read/write a\n   * cookie literally named `tokens` and silently clobber each other (and,\n   * because each encrypts with its own `APP_SECRET`, the foreign cookie fails\n   * to decrypt and gets deleted, logging the user out).\n   *\n   * When `APP_NAME` is unset the name is returned unchanged, so existing\n   * single-app deployments keep their current cookie names. Same convention as\n   * the `APP_NAME` prefix used by R2 storage and server-timing.\n   */\n  protected prefixName(name: string): string {\n    const app = this.alepha.env.APP_NAME;\n    if (!app) return name;\n    return `${String(app).toLowerCase()}.${name}`;\n  }\n\n  public getCookie<T extends TSchema>(\n    name: string,\n    options: CookiePrimitiveOptions<T>,\n    contextCookies?: Cookies,\n  ): Static<T> | undefined {\n    const cookies = this.getCookiesFromContext(contextCookies);\n    let rawValue = cookies.req[this.prefixName(name)];\n\n    if (!rawValue) return undefined;\n\n    try {\n      rawValue = decodeURIComponent(rawValue);\n\n      if (options.sign) {\n        const signature = rawValue.substring(0, this.SIGNATURE_LENGTH * 2);\n        const value = rawValue.substring(this.SIGNATURE_LENGTH * 2);\n        const expectedSignature = this.sign(value);\n\n        if (\n          !timingSafeEqual(\n            Buffer.from(signature, \"hex\"),\n            Buffer.from(expectedSignature, \"hex\"),\n          )\n        ) {\n          this.log.warn(`Invalid signature for cookie \"${name}\".`);\n          return undefined;\n        }\n        rawValue = value;\n      }\n\n      if (options.encrypt) {\n        rawValue = this.decrypt(rawValue);\n      }\n\n      if (options.compress) {\n        rawValue = inflateRawSync(Buffer.from(rawValue, \"base64\")).toString(\n          \"utf8\",\n        );\n      }\n\n      return this.alepha.codec.decode(options.schema, JSON.parse(rawValue));\n    } catch (error) {\n      this.log.warn(`Failed to parse cookie \"${name}\"`, error);\n      // corrupted or invalid cookie, instruct browser to delete it on next response\n      this.deleteCookie(name, cookies);\n      return undefined;\n    }\n  }\n\n  public setCookie<T extends TSchema>(\n    name: string,\n    options: CookiePrimitiveOptions<T>,\n    data: Static<T>,\n    contextCookies?: Cookies,\n  ): void {\n    const cookies = this.getCookiesFromContext(contextCookies);\n    let value = JSON.stringify(this.alepha.codec.decode(options.schema, data));\n\n    if (options.compress) {\n      value = deflateRawSync(value).toString(\"base64\");\n    }\n\n    if (options.encrypt) {\n      value = this.encrypt(value);\n    }\n\n    if (options.sign) {\n      value = this.sign(value) + value;\n    }\n\n    const cookie: Cookie = {\n      value: encodeURIComponent(value),\n      path: options.path ?? \"/\",\n      // \"lax\" is correct here — \"strict\" would break OAuth flows because OAuth callbacks\n      // are top-level redirects from the IdP, and strict cookies are not sent on cross-site\n      // top-level navigations. \"lax\" is Chrome's own default and the industry standard.\n      sameSite: options.sameSite ?? \"lax\",\n      secure: options.secure ?? this.alepha.isProduction(),\n      httpOnly: options.httpOnly,\n      domain: options.domain,\n    };\n\n    if (options.ttl) {\n      cookie.maxAge = this.dateTimeProvider.duration(options.ttl).as(\"seconds\");\n    }\n\n    cookies.res[this.prefixName(name)] = cookie;\n  }\n\n  public deleteCookie<T extends TSchema>(\n    name: string,\n    contextCookies?: Cookies,\n  ): void {\n    const cookies = this.getCookiesFromContext(contextCookies);\n    cookies.res[this.prefixName(name)] = null;\n  }\n\n  // --- Crypto & Parsing ---\n\n  protected encrypt(text: string): string {\n    const iv = randomBytes(this.IV_LENGTH);\n    const cipher = createCipheriv(this.ALGORITHM, this.deriveKey(), iv);\n    const encrypted = Buffer.concat([\n      cipher.update(text, \"utf8\"),\n      cipher.final(),\n    ]);\n    const authTag = cipher.getAuthTag();\n    return Buffer.concat([iv, authTag, encrypted]).toString(\"base64\");\n  }\n\n  protected decrypt(encryptedText: string): string {\n    const data = Buffer.from(encryptedText, \"base64\");\n    const iv = data.subarray(0, this.IV_LENGTH);\n    const authTag = data.subarray(\n      this.IV_LENGTH,\n      this.IV_LENGTH + this.AUTH_TAG_LENGTH,\n    );\n\n    const encrypted = data.subarray(this.IV_LENGTH + this.AUTH_TAG_LENGTH);\n    const decipher = createDecipheriv(this.ALGORITHM, this.deriveKey(), iv);\n\n    decipher.setAuthTag(authTag);\n\n    const decrypted = Buffer.concat([\n      decipher.update(encrypted),\n      decipher.final(),\n    ]);\n\n    return decrypted.toString(\"utf8\");\n  }\n\n  /**\n   * Derives a 32-byte key from APP_SECRET via SHA-256.\n   * Accepts any string length — no padding or truncation needed.\n   */\n  protected deriveKey(): Buffer {\n    return createHash(\"sha256\").update(this.secretProvider.secretKey).digest();\n  }\n\n  protected sign(data: string): string {\n    return createHmac(\"sha256\", this.deriveKey()).update(data).digest(\"hex\");\n  }\n}\n","import {\n  $inject,\n  createPrimitive,\n  KIND,\n  Primitive,\n  type Static,\n  type TSchema,\n} from \"alepha\";\nimport type { DurationLike } from \"alepha/datetime\";\nimport { ServerCookiesProvider } from \"../providers/ServerCookiesProvider.ts\";\n\n/**\n * Declares a type-safe, configurable HTTP cookie.\n * This primitive provides methods to get, set, and delete the cookie\n * within the server request/response cycle.\n */\nexport const $cookie = <T extends TSchema>(\n  options: CookiePrimitiveOptions<T>,\n  extendedOptions?: Omit<CookiePrimitiveOptions<T>, \"schema\">,\n): AbstractCookiePrimitive<T> => {\n  if (extendedOptions) {\n    options = {\n      key: options.key,\n      schema: options.schema,\n      ...extendedOptions,\n    };\n  }\n  return createPrimitive(CookiePrimitive<T>, options);\n};\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface CookiePrimitiveOptions<T extends TSchema> {\n  /**\n   * The schema for the cookie's value, used for validation and type safety.\n   */\n  schema: T;\n\n  /**\n   * The name of the cookie.\n   */\n  name?: string;\n\n  /**\n   * The cookie's path. Defaults to \"/\".\n   */\n  path?: string;\n\n  /**\n   * Time-to-live for the cookie. Maps to `Max-Age`.\n   */\n  ttl?: DurationLike;\n\n  /**\n   * If true, the cookie is only sent over HTTPS. Defaults to true in production.\n   */\n  secure?: boolean;\n\n  /**\n   * If true, the cookie cannot be accessed by client-side scripts.\n   */\n  httpOnly?: boolean;\n\n  /**\n   * SameSite policy for the cookie. Defaults to \"lax\".\n   */\n  sameSite?: \"strict\" | \"lax\" | \"none\";\n\n  /**\n   * The domain for the cookie.\n   */\n  domain?: string;\n\n  /**\n   * If true, the cookie value will be compressed using zlib.\n   */\n  compress?: boolean;\n\n  /**\n   * If true, the cookie value will be encrypted. Requires `COOKIE_SECRET` env var.\n   */\n  encrypt?: boolean;\n\n  /**\n   * If true, the cookie will be signed to prevent tampering. Requires `COOKIE_SECRET` env var.\n   */\n  sign?: boolean;\n\n  /**\n   * Optional key to link this cookie to an Atom, enabling automatic synchronization between the cookie and the Atom's state.\n   */\n  key?: string;\n}\n\nexport interface AbstractCookiePrimitive<T extends TSchema> {\n  readonly name: string;\n  readonly options: CookiePrimitiveOptions<T>;\n  set(\n    value: Static<T>,\n    options?: { cookies?: Cookies; ttl?: DurationLike },\n  ): void;\n  get(options?: { cookies?: Cookies }): Static<T> | undefined;\n  del(options?: { cookies?: Cookies }): void;\n}\n\nexport class CookiePrimitive<T extends TSchema>\n  extends Primitive<CookiePrimitiveOptions<T>>\n  implements AbstractCookiePrimitive<T>\n{\n  protected readonly serverCookiesProvider = $inject(ServerCookiesProvider);\n\n  protected onInit() {\n    if (this.options.key) {\n      this.alepha.events.on(\"state:mutate\", ({ key, value }) => {\n        if (key === this.options.key) {\n          this.set(value);\n        }\n      });\n      this.alepha.events.on(\"server:onRequest\", ({ request }) => {\n        try {\n          const value = this.get(request);\n          if (value !== undefined) {\n            this.alepha.store.set(this.options.key as any, value, {\n              skipEvents: true,\n            });\n          }\n        } catch {}\n      });\n    }\n  }\n\n  public get schema(): T {\n    return this.options.schema;\n  }\n\n  public get name(): string {\n    return this.options.name ?? `${this.config.propertyKey}`;\n  }\n\n  /**\n   * Sets the cookie with the given value in the current request's response.\n   */\n  public set(\n    value: Static<T>,\n    options?: { cookies?: Cookies; ttl?: DurationLike },\n  ): void {\n    this.serverCookiesProvider.setCookie(\n      this.name,\n      {\n        ...this.options,\n        ttl: options?.ttl ?? this.options.ttl,\n      },\n      value,\n      options?.cookies,\n    );\n  }\n\n  /**\n   * Gets the cookie value from the current request. Returns undefined if not found or invalid.\n   */\n  public get(options?: { cookies?: Cookies }): Static<T> | undefined {\n    return this.serverCookiesProvider.getCookie(\n      this.name,\n      this.options,\n      options?.cookies,\n    );\n  }\n\n  /**\n   * Deletes the cookie in the current request's response.\n   */\n  public del(options?: { cookies?: Cookies }): void {\n    this.serverCookiesProvider.deleteCookie(this.name, options?.cookies);\n  }\n}\n\n$cookie[KIND] = CookiePrimitive;\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface Cookies {\n  req: Record<string, string>;\n  res: Record<string, Cookie | null>;\n}\n\nexport interface Cookie {\n  value: string;\n  path?: string;\n  maxAge?: number;\n  secure?: boolean;\n  httpOnly?: boolean;\n  sameSite?: \"strict\" | \"lax\" | \"none\";\n  domain?: string;\n}\n","import { $module } from \"alepha\";\nimport { AlephaServer } from \"alepha/server\";\nimport { $cookie, type Cookies } from \"./primitives/$cookie.ts\";\nimport { ServerCookiesProvider } from \"./providers/ServerCookiesProvider.ts\";\nimport { CookieParser } from \"./services/CookieParser.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./primitives/$cookie.ts\";\nexport * from \"./providers/ServerCookiesProvider.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\ndeclare module \"alepha/server\" {\n  interface ServerRequest {\n    cookies: Cookies;\n  }\n}\n\n/**\n * Server and browser-safe cookie handling.\n *\n * **Features:**\n * - Cookie management on server and browser\n *\n * @module alepha.server.cookies\n */\nexport const AlephaServerCookies = $module({\n  name: \"alepha.server.cookies\",\n  primitives: [$cookie],\n  services: [AlephaServer, ServerCookiesProvider, CookieParser],\n});\n"],"mappings":";;;;;;;;AAEA,IAAa,eAAb,MAA0B;CACxB,oBAA2B,QAAwC;EACjE,MAAM,UAAkC,CAAC;EACzC,MAAM,QAAQ,OAAO,MAAM,GAAG;EAC9B,KAAK,MAAM,QAAQ,OAAO;GACxB,MAAM,UAAU,KAAK,QAAQ,GAAG;GAChC,IAAI,YAAY,IACd;GAGF,MAAM,MAAM,KAAK,MAAM,GAAG,OAAO,EAAE,KAAK;GACxC,MAAM,QAAQ,KAAK,MAAM,UAAU,CAAC,EAAE,KAAK;GAE3C,IAAI,CAAC,OAAO,CAAC,OACX;GAGF,QAAQ,OAAO;EACjB;EAEA,OAAO;CACT;CAEA,yBACE,SACA,SACU;EACV,MAAM,UAAU,CAAC;EAEjB,KAAK,MAAM,CAAC,MAAM,WAAW,OAAO,QAAQ,OAAO,GAAG;GAEpD,IAAI,UAAU,MAAM;IAClB,QAAQ,KAAK,GAAG,KAAK,qBAAqB;IAC1C;GACF;GAEA,IAAI,CAAC,OAAO,OACV;GAGF,QAAQ,KAAK,KAAK,eAAe,MAAM,QAAQ,OAAO,CAAC;EACzD;EAEA,OAAO;CACT;CAEA,eACE,MACA,QACA,SACQ;EACR,MAAM,QAAkB,CAAC;EAEzB,MAAM,KAAK,GAAG,KAAK,GAAG,OAAO,OAAO;EAEpC,IAAI,OAAO,MACT,MAAM,KAAK,QAAQ,OAAO,MAAM;EAElC,IAAI,OAAO,QACT,MAAM,KAAK,WAAW,OAAO,QAAQ;EAEvC,IAAI,OAAO,WAAW,SAAS,SAC7B,MAAM,KAAK,QAAQ;EAErB,IAAI,OAAO,UACT,MAAM,KAAK,UAAU;EAEvB,IAAI,OAAO,UACT,MAAM,KAAK,YAAY,OAAO,UAAU;EAE1C,IAAI,OAAO,QACT,MAAM,KAAK,UAAU,OAAO,QAAQ;EAGtC,OAAO,MAAM,KAAK,IAAI;CACxB;AACF;;;ACnDA,IAAa,wBAAb,MAAmC;CACjC,SAA4B,QAAQ,MAAM;CAC1C,MAAyB,QAAQ;CACjC,eAAkC,QAAQ,YAAY;CACtD,mBAAsC,QAAQ,gBAAgB;CAC9D,iBAAoC,QAAQ,cAAc;CAG1D,YAA+B;CAC/B,YAA+B;CAC/B,kBAAqC;CACrC,mBAAsC;CAEtC,YAA4B,MAAM;EAChC,IAAI;EACJ,UAAU,EAAE,cAAc;GACxB,QAAQ,UAAU;IAChB,KAAK,KAAK,aAAa,oBACrB,QAAQ,QAAQ,UAAU,EAC5B;IACA,KAAK,CAAC;GACR;EACF;CACF,CAAC;CAED,WAA2B,MAAM;EAC/B,IAAI;EACJ,UAAU,EAAE,cAAc;GACxB,QAAQ,UAAU;IAChB,KAAK,KAAK,aAAa,oBACrB,QAAQ,QAAQ,UAAU,EAC5B;IACA,KAAK,CAAC;GACR;EACF;CACF,CAAC;CAED,SAAyB,MAAM;EAC7B,IAAI;EACJ,UAAU,EAAE,cAAc;GACxB,IAAI,QAAQ,WAAW,OAAO,KAAK,QAAQ,QAAQ,GAAG,EAAE,SAAS,GAAG;IAClE,MAAM,mBAAmB,KAAK,aAAa,yBACzC,QAAQ,QAAQ,KAChB,QAAQ,IAAI,aAAa,QAC3B;IACA,IAAI,iBAAiB,SAAS,GAC5B,QAAQ,MAAM,QAAQ,gBAAgB;GAE1C;EACF;CACF,CAAC;CAED,sBAAgC,SAA4B;EAC1D,MAAM,iBAAiB,KAAK,OAAO,MAAM,IACvC,qBACF,GAAG;EACH,IAAI,SAAS,OAAO;EACpB,IAAI,gBAAgB,OAAO;EAC3B,MAAM,IAAI,YACR,4FACF;CACF;;;;;;;;;;;;;;;CAgBA,WAAqB,MAAsB;EACzC,MAAM,MAAM,KAAK,OAAO,IAAI;EAC5B,IAAI,CAAC,KAAK,OAAO;EACjB,OAAO,GAAG,OAAO,GAAG,EAAE,YAAY,EAAE,GAAG;CACzC;CAEA,UACE,MACA,SACA,gBACuB;EACvB,MAAM,UAAU,KAAK,sBAAsB,cAAc;EACzD,IAAI,WAAW,QAAQ,IAAI,KAAK,WAAW,IAAI;EAE/C,IAAI,CAAC,UAAU,OAAO,KAAA;EAEtB,IAAI;GACF,WAAW,mBAAmB,QAAQ;GAEtC,IAAI,QAAQ,MAAM;IAChB,MAAM,YAAY,SAAS,UAAU,GAAG,KAAK,mBAAmB,CAAC;IACjE,MAAM,QAAQ,SAAS,UAAU,KAAK,mBAAmB,CAAC;IAC1D,MAAM,oBAAoB,KAAK,KAAK,KAAK;IAEzC,IACE,CAAC,gBACC,OAAO,KAAK,WAAW,KAAK,GAC5B,OAAO,KAAK,mBAAmB,KAAK,CACtC,GACA;KACA,KAAK,IAAI,KAAK,iCAAiC,KAAK,GAAG;KACvD;IACF;IACA,WAAW;GACb;GAEA,IAAI,QAAQ,SACV,WAAW,KAAK,QAAQ,QAAQ;GAGlC,IAAI,QAAQ,UACV,WAAW,eAAe,OAAO,KAAK,UAAU,QAAQ,CAAC,EAAE,SACzD,MACF;GAGF,OAAO,KAAK,OAAO,MAAM,OAAO,QAAQ,QAAQ,KAAK,MAAM,QAAQ,CAAC;EACtE,SAAS,OAAO;GACd,KAAK,IAAI,KAAK,2BAA2B,KAAK,IAAI,KAAK;GAEvD,KAAK,aAAa,MAAM,OAAO;GAC/B;EACF;CACF;CAEA,UACE,MACA,SACA,MACA,gBACM;EACN,MAAM,UAAU,KAAK,sBAAsB,cAAc;EACzD,IAAI,QAAQ,KAAK,UAAU,KAAK,OAAO,MAAM,OAAO,QAAQ,QAAQ,IAAI,CAAC;EAEzE,IAAI,QAAQ,UACV,QAAQ,eAAe,KAAK,EAAE,SAAS,QAAQ;EAGjD,IAAI,QAAQ,SACV,QAAQ,KAAK,QAAQ,KAAK;EAG5B,IAAI,QAAQ,MACV,QAAQ,KAAK,KAAK,KAAK,IAAI;EAG7B,MAAM,SAAiB;GACrB,OAAO,mBAAmB,KAAK;GAC/B,MAAM,QAAQ,QAAQ;GAItB,UAAU,QAAQ,YAAY;GAC9B,QAAQ,QAAQ,UAAU,KAAK,OAAO,aAAa;GACnD,UAAU,QAAQ;GAClB,QAAQ,QAAQ;EAClB;EAEA,IAAI,QAAQ,KACV,OAAO,SAAS,KAAK,iBAAiB,SAAS,QAAQ,GAAG,EAAE,GAAG,SAAS;EAG1E,QAAQ,IAAI,KAAK,WAAW,IAAI,KAAK;CACvC;CAEA,aACE,MACA,gBACM;EACN,MAAM,UAAU,KAAK,sBAAsB,cAAc;EACzD,QAAQ,IAAI,KAAK,WAAW,IAAI,KAAK;CACvC;CAIA,QAAkB,MAAsB;EACtC,MAAM,KAAK,YAAY,KAAK,SAAS;EACrC,MAAM,SAAS,eAAe,KAAK,WAAW,KAAK,UAAU,GAAG,EAAE;EAClE,MAAM,YAAY,OAAO,OAAO,CAC9B,OAAO,OAAO,MAAM,MAAM,GAC1B,OAAO,MAAM,CACf,CAAC;EACD,MAAM,UAAU,OAAO,WAAW;EAClC,OAAO,OAAO,OAAO;GAAC;GAAI;GAAS;EAAS,CAAC,EAAE,SAAS,QAAQ;CAClE;CAEA,QAAkB,eAA+B;EAC/C,MAAM,OAAO,OAAO,KAAK,eAAe,QAAQ;EAChD,MAAM,KAAK,KAAK,SAAS,GAAG,KAAK,SAAS;EAC1C,MAAM,UAAU,KAAK,SACnB,KAAK,WACL,KAAK,YAAY,KAAK,eACxB;EAEA,MAAM,YAAY,KAAK,SAAS,KAAK,YAAY,KAAK,eAAe;EACrE,MAAM,WAAW,iBAAiB,KAAK,WAAW,KAAK,UAAU,GAAG,EAAE;EAEtE,SAAS,WAAW,OAAO;EAO3B,OALkB,OAAO,OAAO,CAC9B,SAAS,OAAO,SAAS,GACzB,SAAS,MAAM,CACjB,CAEe,EAAE,SAAS,MAAM;CAClC;;;;;CAMA,YAA8B;EAC5B,OAAO,WAAW,QAAQ,EAAE,OAAO,KAAK,eAAe,SAAS,EAAE,OAAO;CAC3E;CAEA,KAAe,MAAsB;EACnC,OAAO,WAAW,UAAU,KAAK,UAAU,CAAC,EAAE,OAAO,IAAI,EAAE,OAAO,KAAK;CACzE;AACF;;;;;;;;AC5OA,MAAa,WACX,SACA,oBAC+B;CAC/B,IAAI,iBACF,UAAU;EACR,KAAK,QAAQ;EACb,QAAQ,QAAQ;EAChB,GAAG;CACL;CAEF,OAAO,gBAAgB,iBAAoB,OAAO;AACpD;AA6EA,IAAa,kBAAb,cACU,UAEV;CACE,wBAA2C,QAAQ,qBAAqB;CAExE,SAAmB;EACjB,IAAI,KAAK,QAAQ,KAAK;GACpB,KAAK,OAAO,OAAO,GAAG,iBAAiB,EAAE,KAAK,YAAY;IACxD,IAAI,QAAQ,KAAK,QAAQ,KACvB,KAAK,IAAI,KAAK;GAElB,CAAC;GACD,KAAK,OAAO,OAAO,GAAG,qBAAqB,EAAE,cAAc;IACzD,IAAI;KACF,MAAM,QAAQ,KAAK,IAAI,OAAO;KAC9B,IAAI,UAAU,KAAA,GACZ,KAAK,OAAO,MAAM,IAAI,KAAK,QAAQ,KAAY,OAAO,EACpD,YAAY,KACd,CAAC;IAEL,QAAQ,CAAC;GACX,CAAC;EACH;CACF;CAEA,IAAW,SAAY;EACrB,OAAO,KAAK,QAAQ;CACtB;CAEA,IAAW,OAAe;EACxB,OAAO,KAAK,QAAQ,QAAQ,GAAG,KAAK,OAAO;CAC7C;;;;CAKA,IACE,OACA,SACM;EACN,KAAK,sBAAsB,UACzB,KAAK,MACL;GACE,GAAG,KAAK;GACR,KAAK,SAAS,OAAO,KAAK,QAAQ;EACpC,GACA,OACA,SAAS,OACX;CACF;;;;CAKA,IAAW,SAAwD;EACjE,OAAO,KAAK,sBAAsB,UAChC,KAAK,MACL,KAAK,SACL,SAAS,OACX;CACF;;;;CAKA,IAAW,SAAuC;EAChD,KAAK,sBAAsB,aAAa,KAAK,MAAM,SAAS,OAAO;CACrE;AACF;AAEA,QAAQ,QAAQ;;;;;;;;;;;ACrJhB,MAAa,sBAAsB,QAAQ;CACzC,MAAM;CACN,YAAY,CAAC,OAAO;CACpB,UAAU;EAAC;EAAc;EAAuB;CAAY;AAC9D,CAAC"}

package/dist/server/core/index.browser.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.browser.js","names":[],"sources":["../../../src/server/core/errors/HttpError.ts","../../../src/server/core/helpers/isMultipart.ts","../../../src/server/core/schemas/errorSchema.ts","../../../src/server/core/services/HttpClient.ts","../../../src/server/core/constants/routeMethods.ts","../../../src/server/core/errors/BadRequestError.ts","../../../src/server/core/errors/ConflictError.ts","../../../src/server/core/errors/ForbiddenError.ts","../../../src/server/core/errors/NotFoundError.ts","../../../src/server/core/errors/UnauthorizedError.ts","../../../src/server/core/errors/ValidationError.ts","../../../src/server/core/helpers/ServerReply.ts","../../../src/server/core/schemas/okSchema.ts","../../../src/server/core/index.browser.ts"],"sourcesContent":["import { AlephaError } from \"alepha\";\nimport type { ErrorSchema } from \"../schemas/errorSchema.ts\";\n\nexport const isHttpError = (\n  error: unknown,\n  status?: number,\n): error is HttpErrorLike => {\n  const isError =\n    !!error &&\n    typeof error === \"object\" &&\n    \"message\" in error &&\n    typeof error.message === \"string\" &&\n    \"status\" in error &&\n    typeof error.status === \"number\";\n\n  if (!isError) {\n    return false;\n  }\n\n  if (status) {\n    return (error as HttpErrorLike).status === status;\n  }\n\n  return true;\n};\n\nexport class HttpError extends AlephaError {\n  public name = \"HttpError\";\n\n  static is = isHttpError;\n\n  static toJSON(error: HttpError): ErrorSchema {\n    const json: Record<string, unknown> = {\n      error: error.error,\n      status: error.status,\n      message: error.message,\n    };\n\n    if (error.details) json.details = error.details;\n    if (error.requestId) json.requestId = error.requestId;\n    if (error.reason) json.cause = error.reason;\n\n    return json as ErrorSchema;\n  }\n\n  public readonly error: string;\n  public readonly status: number;\n\n  public readonly requestId?: string;\n  public readonly details?: string;\n  public readonly reason?: {\n    name: string;\n    message: string;\n  };\n\n  constructor(options: Partial<ErrorSchema>, cause?: unknown) {\n    super(options.message, {\n      cause,\n    });\n\n    this.status = options.status ?? 500;\n    this.details = options.details;\n    this.requestId = options.requestId;\n\n    if (typeof options.cause === \"object\") {\n      this.reason = {\n        name: (options.cause as { name: string }).name,\n        message: (options.cause as { message: string }).message,\n      };\n    } else if (cause instanceof Error) {\n      this.reason = {\n        name: cause.name,\n        message: cause.message,\n      };\n    }\n\n    if (this.constructor.name === \"HttpError\") {\n      this.error =\n        options.error ?? errorNameByStatus[this.status] ?? \"HttpError\";\n    } else {\n      this.error = this.constructor.name;\n    }\n  }\n}\n\nexport const errorNameByStatus: Record<number, string> = {\n  400: \"BadRequestError\",\n  401: \"UnauthorizedError\",\n  403: \"ForbiddenError\",\n  404: \"NotFoundError\",\n  405: \"MethodNotAllowedError\",\n  409: \"ConflictError\",\n  410: \"GoneError\",\n  413: \"PayloadTooLargeError\",\n  415: \"UnsupportedMediaTypeError\",\n  429: \"TooManyRequestsError\",\n  500: \"InternalServerError\",\n  501: \"NotImplementedError\",\n  502: \"BadGatewayError\",\n  503: \"ServiceUnavailableError\",\n  504: \"GatewayTimeoutError\",\n};\n\nexport interface HttpErrorLike extends Error {\n  status: number;\n}\n","import type { RequestConfigSchema } from \"../interfaces/ServerRequest.ts\";\n\n/**\n * Checks if the route has multipart/form-data request body.\n */\nexport const isMultipart = (options: {\n  schema?: RequestConfigSchema;\n  contentType?: string;\n  requestBodyType?: string;\n}): boolean => {\n  if (\n    options.contentType === \"multipart/form-data\" ||\n    options.requestBodyType === \"multipart/form-data\"\n  ) {\n    return true;\n  }\n\n  if (options.schema?.body && \"properties\" in options.schema.body) {\n    const properties: Record<string, any> = options.schema.body.properties;\n    for (const key in properties) {\n      if (properties[key].format === \"binary\") {\n        return true;\n      }\n    }\n  }\n\n  return false;\n};\n","import { type Static, t } from \"alepha\";\n\nexport const errorSchema = t.object(\n  {\n    error: t.text({ description: \"HTTP error name\" }),\n    status: t.integer({\n      description: \"HTTP status code\",\n    }),\n    message: t.text({\n      description: \"Short text which describe the error\",\n      size: \"rich\",\n    }),\n    details: t.optional(\n      t.text({\n        description: \"Detailed description of the error\",\n        size: \"rich\",\n      }),\n    ),\n    requestId: t.optional(t.text()),\n    cause: t.optional(\n      t.object({\n        name: t.text(),\n        message: t.text({\n          description: \"Cause Error message\",\n          size: \"rich\",\n        }),\n      }),\n    ),\n  },\n  {\n    title: \"HttpError\",\n    description: \"Generic response after a failed operation\",\n  },\n);\n\nexport type ErrorSchema = Static<typeof errorSchema>;\n","import {\n  $inject,\n  Alepha,\n  AlephaError,\n  type FileLike,\n  isFileLike,\n  type Static,\n  type TObject,\n  type TSchema,\n} from \"alepha\";\nimport { $cache } from \"alepha/cache\";\nimport type { DurationLike } from \"alepha/datetime\";\nimport { $logger } from \"alepha/logger\";\nimport { HttpError } from \"../errors/HttpError.ts\";\nimport { isMultipart } from \"../helpers/isMultipart.ts\";\nimport type {\n  ServerRequestConfigEntry,\n  TRequestBody,\n  TResponseBody,\n} from \"../interfaces/ServerRequest.ts\";\nimport type { ClientRequestOptions } from \"../primitives/$action.ts\";\nimport { errorSchema } from \"../schemas/errorSchema.ts\";\n\nexport class HttpClient {\n  protected readonly log = $logger();\n  protected readonly alepha = $inject(Alepha);\n\n  public readonly cache = $cache<HttpClientCache>({\n    provider: \"memory\",\n    name: \"http:client\",\n  });\n\n  protected readonly pendingRequests: HttpClientPendingRequests = {};\n\n  public async fetchAction(args: FetchActionArgs): Promise<FetchResponse> {\n    const route = args.action; // our link to fetch\n    const options = args.options ?? {}; // fetch standard options, cache, etc.\n    const config = args.config ?? {}; // params, query, body, etc.\n    const host = args.host ?? \"\"; // remote host, e.g. \"https://api.example.com\" or empty (for browser)\n\n    const request: RequestInit = {\n      ...options.request,\n    };\n\n    const method = route.method;\n    const headers: Record<string, string> = {};\n    const url = this.url(host, route, config);\n\n    await this.alepha.events.emit(\"client:onRequest\", {\n      route,\n      config,\n      options,\n      headers,\n      request,\n    });\n\n    request.method ??= method;\n\n    await this.body(request, headers, route, config);\n\n    request.headers = {\n      ...config.headers,\n      ...Object.fromEntries(new Headers(request.headers).entries()),\n      ...headers,\n    };\n\n    return await this.fetch(url, {\n      ...request,\n      schema: route.schema,\n      ...options,\n    });\n  }\n\n  public async fetch<T extends TSchema>(\n    url: string,\n    request: RequestInitWithOptions<T> = {}, // standard options\n  ): Promise<FetchResponse<Static<T>>> {\n    const options = {\n      cache: request.localCache,\n      schema: request.schema?.response,\n      key: request.key,\n    };\n\n    request.method ??= \"GET\";\n\n    this.log.trace(\"Request\", {\n      url,\n      method: request.method,\n      body: request.body,\n      headers: request.headers,\n      options,\n    });\n\n    // Only add automatic ETag if user didn't explicitly provide headers\n    const cached = await this.cache.get(url);\n    if (cached && request.method === \"GET\") {\n      if (cached.etag) {\n        request.headers = new Headers(request.headers);\n        if (!request.headers.has(\"if-none-match\")) {\n          request.headers.set(\"if-none-match\", cached.etag);\n        }\n      } else {\n        return {\n          data: cached.data as Static<T>,\n          status: 200,\n          statusText: \"OK\",\n          headers: new Headers(),\n        };\n      }\n    }\n\n    await this.alepha.events.emit(\"client:beforeFetch\", {\n      url,\n      options,\n      request,\n    });\n\n    // Deduplicate concurrent identical requests for idempotent methods only.\n    // Non-idempotent methods (POST, PUT, PATCH, DELETE) must always execute\n    // since each call may produce a different side effect.\n    const isIdempotent =\n      request.method === \"GET\" ||\n      request.method === \"HEAD\" ||\n      request.method === \"OPTIONS\";\n    const key =\n      options.key ??\n      (isIdempotent\n        ? JSON.stringify({ url, method: request.method })\n        : undefined);\n\n    if (key) {\n      const existing = this.pendingRequests[key];\n      if (existing) {\n        this.log.info(\"Request already pending\", key);\n        return existing;\n      }\n    }\n\n    const promise = fetch(url, request)\n      .then(async (response) => {\n        this.log.debug(\"Response\", {\n          url,\n          status: response.status,\n        });\n\n        const fetchResponse: FetchResponse = {\n          data: await this.responseData(response, options),\n          status: response.status,\n          statusText: response.statusText,\n          headers: response.headers,\n          raw: response,\n        };\n\n        if (request.method === \"GET\") {\n          if (options.cache) {\n            await this.cache.set(\n              url,\n              { data: fetchResponse.data },\n              typeof options.cache === \"boolean\" ? undefined : options.cache,\n            );\n          } else if (!this.alepha.isBrowser()) {\n            // only cache etag on server, browser can handle etag itself\n            const etag = response.headers.get(\"etag\") ?? undefined;\n            if (etag) {\n              await this.cache.set(url, { data: fetchResponse.data, etag });\n            }\n          }\n        }\n\n        return fetchResponse;\n      })\n      .finally(() => {\n        if (key) {\n          delete this.pendingRequests[key];\n        }\n      });\n\n    if (key) {\n      this.pendingRequests[key] = promise;\n    }\n\n    return promise;\n  }\n\n  protected url(\n    host: string,\n    action: HttpAction,\n    args: ServerRequestConfigEntry,\n  ) {\n    let url = host;\n\n    if (action.prefix) {\n      url += action.prefix;\n    }\n\n    url += action.path;\n    url = this.pathVariables(url, action, args);\n    url = this.queryParams(url, action, args);\n\n    return url;\n  }\n\n  protected async body(\n    init: RequestInit,\n    headers: Record<string, string>,\n    action: HttpAction,\n    args: ServerRequestConfigEntry = {},\n  ) {\n    const hasHeader =\n      typeof init.headers === \"object\" &&\n      \"content-type\" in init.headers &&\n      init.headers[\"content-type\"] === \"multipart/form-data\";\n\n    if (hasHeader || isMultipart(action)) {\n      if (typeof init.headers === \"object\" && \"content-type\" in init.headers) {\n        delete (init.headers as Record<string, unknown>)[\"content-type\"]; // fetch() will fill this for us\n      }\n\n      const formData = new FormData();\n\n      for (const [key, value] of Object.entries(args.body ?? {})) {\n        if (typeof value === \"string\") {\n          formData.append(key, value);\n          continue;\n        }\n        if (value instanceof Blob) {\n          formData.append(key, value);\n          continue;\n        }\n        if (isFileLike(value)) {\n          // FileLike must be transformed to WebFile\n          formData.append(\n            key,\n            new File([await value.arrayBuffer()], value.name, {\n              type: value.type,\n            }),\n          );\n        }\n      }\n\n      init.body = formData;\n\n      return;\n    }\n\n    if (!init.body && action.schema?.body) {\n      headers[\"content-type\"] = \"application/json\";\n      init.body = this.alepha.codec.encode(action.schema?.body, args.body, {\n        as: \"string\",\n      });\n    }\n  }\n\n  protected async responseData(\n    response: Response,\n    options: FetchOptions,\n  ): Promise<any> {\n    if (response.status === 304) {\n      let cacheKey = response.url;\n      if (typeof window !== \"undefined\") {\n        cacheKey = cacheKey.replace(window.location.origin, \"\");\n      }\n\n      const cached = await this.cache.get(cacheKey);\n      if (cached) {\n        return cached.data;\n      }\n\n      // if no cached data (etag-only routes), return empty string\n      return \"\";\n    }\n\n    if (response.status === 204) {\n      return;\n    }\n\n    if (this.isMaybeFile(response)) {\n      return this.createFileLike(response);\n    }\n\n    if (response.headers.get(\"Content-Type\")?.startsWith(\"text/\")) {\n      return await response.text();\n    }\n\n    if (response.headers.get(\"Content-Type\") === \"application/json\") {\n      const json = await response.json();\n\n      if (response.status >= 400) {\n        const jsonError = this.alepha.codec.decode(errorSchema, json);\n        const error = new HttpError(jsonError);\n\n        await this.alepha.events.emit(\"client:onError\", {\n          error,\n        });\n\n        throw error;\n      }\n\n      if (options.schema) {\n        return this.alepha.codec.decode(options.schema, json);\n      }\n\n      return json;\n    }\n\n    if (response.status >= 400) {\n      const error = new HttpError({\n        status: response.status,\n        message: `An error occurred while fetching the resource. (${response.statusText})`,\n      });\n\n      await this.alepha.events.emit(\"client:onError\", {\n        error,\n      });\n\n      throw error;\n    }\n\n    return response;\n  }\n\n  protected isMaybeFile(response: Response): boolean {\n    const contentType = response.headers.get(\"Content-Type\");\n    if (!contentType) {\n      return false;\n    }\n\n    if (response.headers.get(\"Content-Disposition\")?.includes(\"attachment\")) {\n      return true; // If Content-Disposition indicates an attachment, treat it as a file\n    }\n\n    return (\n      contentType.startsWith(\"application/octet-stream\") ||\n      contentType.startsWith(\"application/pdf\") ||\n      contentType.startsWith(\"application/zip\") ||\n      contentType.startsWith(\"image/\") ||\n      contentType.startsWith(\"video/\") ||\n      contentType.startsWith(\"audio/\")\n    );\n  }\n\n  protected createFileLike(response: Response, defaultFileName = \"\"): FileLike {\n    const match = (response.headers.get(\"Content-Disposition\") ?? \"\").match(\n      /filename=\"(.+)\"/,\n    );\n    return {\n      name: match?.[1] ? match[1] : defaultFileName,\n      type: response.headers.get(\"Content-Type\") ?? \"application/octet-stream\",\n      size: Number(response.headers.get(\"Content-Length\") ?? 0),\n      lastModified: Date.now(),\n      stream: () => {\n        throw new AlephaError(\"Not implemented\");\n      },\n      arrayBuffer: async () => {\n        return await response.arrayBuffer();\n      },\n      text: async () => {\n        return await response.text();\n      },\n    };\n  }\n\n  public pathVariables(\n    url: string,\n    action: { schema?: { params?: TObject } },\n    args: ServerRequestConfigEntry = {},\n  ): string {\n    if (typeof args.params === \"object\") {\n      const params = action.schema?.params\n        ? (this.alepha.codec.decode(\n            action.schema.params,\n            args.params,\n          ) as Record<string, any>)\n        : args.params;\n\n      for (const key of Object.keys(params)) {\n        url = url.replace(`:${key}`, params[key]);\n        url = url.replace(`{${key}}`, params[key]);\n      }\n    }\n\n    return url;\n  }\n\n  public queryParams(\n    url: string,\n    action: { schema?: { query?: TObject } },\n    args: ServerRequestConfigEntry = {},\n  ): string {\n    if (typeof args.query === \"object\") {\n      const query = action.schema?.query\n        ? this.alepha.codec.decode(action.schema.query, args.query ?? {})\n        : args.query;\n\n      for (const key of Object.keys(query)) {\n        if (query[key] === undefined) {\n          delete query[key];\n        }\n        if (typeof query[key] === \"object\") {\n          query[key] = JSON.stringify(query[key]);\n        }\n      }\n\n      const params = new URLSearchParams(\n        query as Record<string, string>,\n      ).toString();\n      return params ? `${url}?${params}` : url;\n    }\n    return url;\n  }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface FetchOptions<T extends TSchema = TSchema> {\n  /**\n   * Key to identify the request in the pending requests.\n   */\n  key?: string;\n\n  /**\n   * The schema to validate the response against.\n   */\n  schema?: {\n    response?: T;\n  };\n\n  /**\n   * Built-in cache options.\n   */\n  localCache?: boolean | number | DurationLike;\n}\n\nexport type RequestInitWithOptions<T extends TSchema = TSchema> = RequestInit &\n  FetchOptions<T>;\n\nexport interface FetchResponse<T = any> {\n  data: T;\n  status: number;\n  statusText: string;\n  headers: Headers;\n  raw?: Response;\n}\n\nexport type HttpClientPendingRequests = Record<\n  string,\n  Promise<any> | undefined\n>;\n\ninterface HttpClientCache {\n  data: any;\n  etag?: string;\n}\n\nexport interface FetchActionArgs {\n  action: HttpAction;\n  host?: string;\n  config?: ServerRequestConfigEntry;\n  options?: ClientRequestOptions;\n}\n\nexport interface HttpAction {\n  method?: string;\n  prefix?: string;\n  path: string;\n  contentType?: string;\n  requestBodyType?: string;\n  schema?: {\n    params?: TObject;\n    query?: TObject;\n    body?: TRequestBody;\n    response?: TResponseBody;\n  };\n}\n","export const routeMethods = [\n  // list of supported http methods\n  \"GET\",\n  \"POST\",\n  \"PUT\",\n  \"PATCH\",\n  \"DELETE\",\n  \"HEAD\",\n  \"OPTIONS\",\n  \"CONNECT\",\n  \"TRACE\",\n] as const;\n\nexport type RouteMethod = (typeof routeMethods)[number];\n","import { HttpError } from \"./HttpError.ts\";\n\nexport class BadRequestError extends HttpError {\n  constructor(message = \"Invalid request body\", cause?: unknown) {\n    super(\n      {\n        message,\n        status: 400,\n      },\n      cause,\n    );\n  }\n}\n","import { HttpError } from \"./HttpError.ts\";\n\nexport class ConflictError extends HttpError {\n  constructor(message = \"Entity already exists\", cause?: unknown) {\n    super(\n      {\n        message,\n        status: 409,\n      },\n      cause,\n    );\n  }\n}\n","import { HttpError } from \"./HttpError.ts\";\n\nexport class ForbiddenError extends HttpError {\n  constructor(\n    message = \"No permission to access this resource\",\n    cause?: unknown,\n  ) {\n    super(\n      {\n        message,\n        status: 403,\n      },\n      cause,\n    );\n  }\n}\n","import { HttpError } from \"./HttpError.ts\";\n\nexport class NotFoundError extends HttpError {\n  constructor(message = \"Resource not found\", cause?: unknown) {\n    super(\n      {\n        message,\n        status: 404,\n      },\n      cause,\n    );\n  }\n}\n","import { HttpError } from \"./HttpError.ts\";\n\nexport class UnauthorizedError extends HttpError {\n  readonly name = \"UnauthorizedError\";\n\n  constructor(\n    message = \"Not allowed to access this resource\",\n    cause?: unknown,\n  ) {\n    super(\n      {\n        message,\n        status: 401,\n      },\n      cause,\n    );\n  }\n}\n","import { TypeBoxError } from \"alepha\";\nimport { HttpError } from \"./HttpError.ts\";\n\nexport class ValidationError extends HttpError {\n  constructor(message = \"Validation has failed\", cause?: unknown) {\n    let fullMessage = message;\n    let details: string | undefined;\n\n    if (cause instanceof TypeBoxError) {\n      fullMessage = `${message}: ${cause.cause.message}`;\n      if (cause.cause.instancePath) {\n        details = cause.cause.instancePath;\n      }\n    }\n\n    super(\n      {\n        message: fullMessage,\n        status: 400,\n        details,\n      },\n      cause,\n    );\n  }\n}\n","/**\n * Helper for building server replies.\n */\nexport class ServerReply {\n  // TODO: make it private\n  public headers: Record<string, string> & {\n    \"set-cookie\"?: string[];\n  } = {};\n\n  public status?: number; // default 200, or 204 (no content)\n\n  public body?: any;\n\n  /**\n   * Redirect to a given URL with optional status code (default 302).\n   */\n  public redirect(url: string, status: number = 302): void {\n    this.status = status;\n    this.headers.location = url;\n  }\n\n  // TODO: check if status / header is already set and throw an error if so (for allow to override with force flag)\n\n  /**\n   * Set the response status code.\n   */\n  public setStatus(status: number): this {\n    this.status = status;\n    return this;\n  }\n\n  /**\n   * Set a response header.\n   */\n  public setHeader(name: string, value: string): this {\n    this.headers[name.toLowerCase()] = value;\n    return this;\n  }\n\n  /**\n   * Set the response body.\n   */\n  public setBody(body: any): this {\n    this.body = body;\n    return this;\n  }\n}\n","import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\n\nexport const okSchema = t.object(\n  {\n    ok: t.boolean({ description: \"True when operation succeed\" }),\n    id: t.optional(t.union([t.text(), t.integer()])),\n    count: t.optional(\n      t.number({ description: \"Number of resources affected\" }),\n    ),\n  },\n  {\n    title: \"Ok\",\n    description: \"Generic response after a successful operation on a resource\",\n  },\n);\n\nexport type Ok = Static<typeof okSchema>;\n","import { $module } from \"alepha\";\nimport { HttpClient } from \"./services/HttpClient.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./index.shared.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport const AlephaServer = $module({\n  name: \"alepha.server\",\n  primitives: [],\n  services: [HttpClient],\n});\n"],"mappings":";;;;AAGA,MAAa,eACX,OACA,WAC2B;CAS3B,IAAI,EAPF,CAAC,CAAC,SACF,OAAO,UAAU,YACjB,aAAa,SACb,OAAO,MAAM,YAAY,YACzB,YAAY,SACZ,OAAO,MAAM,WAAW,WAGxB,OAAO;CAGT,IAAI,QACF,OAAQ,MAAwB,WAAW;CAG7C,OAAO;;AAGT,IAAa,YAAb,cAA+B,YAAY;CACzC,OAAc;CAEd,OAAO,KAAK;CAEZ,OAAO,OAAO,OAA+B;EAC3C,MAAM,OAAgC;GACpC,OAAO,MAAM;GACb,QAAQ,MAAM;GACd,SAAS,MAAM;GAChB;EAED,IAAI,MAAM,SAAS,KAAK,UAAU,MAAM;EACxC,IAAI,MAAM,WAAW,KAAK,YAAY,MAAM;EAC5C,IAAI,MAAM,QAAQ,KAAK,QAAQ,MAAM;EAErC,OAAO;;CAGT;CACA;CAEA;CACA;CACA;CAKA,YAAY,SAA+B,OAAiB;EAC1D,MAAM,QAAQ,SAAS,EACrB,OACD,CAAC;EAEF,KAAK,SAAS,QAAQ,UAAU;EAChC,KAAK,UAAU,QAAQ;EACvB,KAAK,YAAY,QAAQ;EAEzB,IAAI,OAAO,QAAQ,UAAU,UAC3B,KAAK,SAAS;GACZ,MAAO,QAAQ,MAA2B;GAC1C,SAAU,QAAQ,MAA8B;GACjD;OACI,IAAI,iBAAiB,OAC1B,KAAK,SAAS;GACZ,MAAM,MAAM;GACZ,SAAS,MAAM;GAChB;EAGH,IAAI,KAAK,YAAY,SAAS,aAC5B,KAAK,QACH,QAAQ,SAAS,kBAAkB,KAAK,WAAW;OAErD,KAAK,QAAQ,KAAK,YAAY;;;AAKpC,MAAa,oBAA4C;CACvD,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACN;;;;;;AChGD,MAAa,eAAe,YAIb;CACb,IACE,QAAQ,gBAAgB,yBACxB,QAAQ,oBAAoB,uBAE5B,OAAO;CAGT,IAAI,QAAQ,QAAQ,QAAQ,gBAAgB,QAAQ,OAAO,MAAM;EAC/D,MAAM,aAAkC,QAAQ,OAAO,KAAK;EAC5D,KAAK,MAAM,OAAO,YAChB,IAAI,WAAW,KAAK,WAAW,UAC7B,OAAO;;CAKb,OAAO;;;;ACxBT,MAAa,cAAc,EAAE,OAC3B;CACE,OAAO,EAAE,KAAK,EAAE,aAAa,mBAAmB,CAAC;CACjD,QAAQ,EAAE,QAAQ,EAChB,aAAa,oBACd,CAAC;CACF,SAAS,EAAE,KAAK;EACd,aAAa;EACb,MAAM;EACP,CAAC;CACF,SAAS,EAAE,SACT,EAAE,KAAK;EACL,aAAa;EACb,MAAM;EACP,CAAC,CACH;CACD,WAAW,EAAE,SAAS,EAAE,MAAM,CAAC;CAC/B,OAAO,EAAE,SACP,EAAE,OAAO;EACP,MAAM,EAAE,MAAM;EACd,SAAS,EAAE,KAAK;GACd,aAAa;GACb,MAAM;GACP,CAAC;EACH,CAAC,CACH;CACF,EACD;CACE,OAAO;CACP,aAAa;CACd,CACF;;;ACVD,IAAa,aAAb,MAAwB;CACtB,MAAyB,SAAS;CAClC,SAA4B,QAAQ,OAAO;CAE3C,QAAwB,OAAwB;EAC9C,UAAU;EACV,MAAM;EACP,CAAC;CAEF,kBAAgE,EAAE;CAElE,MAAa,YAAY,MAA+C;EACtE,MAAM,QAAQ,KAAK;EACnB,MAAM,UAAU,KAAK,WAAW,EAAE;EAClC,MAAM,SAAS,KAAK,UAAU,EAAE;EAChC,MAAM,OAAO,KAAK,QAAQ;EAE1B,MAAM,UAAuB,EAC3B,GAAG,QAAQ,SACZ;EAED,MAAM,SAAS,MAAM;EACrB,MAAM,UAAkC,EAAE;EAC1C,MAAM,MAAM,KAAK,IAAI,MAAM,OAAO,OAAO;EAEzC,MAAM,KAAK,OAAO,OAAO,KAAK,oBAAoB;GAChD;GACA;GACA;GACA;GACA;GACD,CAAC;EAEF,QAAQ,WAAW;EAEnB,MAAM,KAAK,KAAK,SAAS,SAAS,OAAO,OAAO;EAEhD,QAAQ,UAAU;GAChB,GAAG,OAAO;GACV,GAAG,OAAO,YAAY,IAAI,QAAQ,QAAQ,QAAQ,CAAC,SAAS,CAAC;GAC7D,GAAG;GACJ;EAED,OAAO,MAAM,KAAK,MAAM,KAAK;GAC3B,GAAG;GACH,QAAQ,MAAM;GACd,GAAG;GACJ,CAAC;;CAGJ,MAAa,MACX,KACA,UAAqC,EAAE,EACJ;EACnC,MAAM,UAAU;GACd,OAAO,QAAQ;GACf,QAAQ,QAAQ,QAAQ;GACxB,KAAK,QAAQ;GACd;EAED,QAAQ,WAAW;EAEnB,KAAK,IAAI,MAAM,WAAW;GACxB;GACA,QAAQ,QAAQ;GAChB,MAAM,QAAQ;GACd,SAAS,QAAQ;GACjB;GACD,CAAC;EAGF,MAAM,SAAS,MAAM,KAAK,MAAM,IAAI,IAAI;EACxC,IAAI,UAAU,QAAQ,WAAW,OAC/B,IAAI,OAAO,MAAM;GACf,QAAQ,UAAU,IAAI,QAAQ,QAAQ,QAAQ;GAC9C,IAAI,CAAC,QAAQ,QAAQ,IAAI,gBAAgB,EACvC,QAAQ,QAAQ,IAAI,iBAAiB,OAAO,KAAK;SAGnD,OAAO;GACL,MAAM,OAAO;GACb,QAAQ;GACR,YAAY;GACZ,SAAS,IAAI,SAAS;GACvB;EAIL,MAAM,KAAK,OAAO,OAAO,KAAK,sBAAsB;GAClD;GACA;GACA;GACD,CAAC;EAKF,MAAM,eACJ,QAAQ,WAAW,SACnB,QAAQ,WAAW,UACnB,QAAQ,WAAW;EACrB,MAAM,MACJ,QAAQ,QACP,eACG,KAAK,UAAU;GAAE;GAAK,QAAQ,QAAQ;GAAQ,CAAC,GAC/C,KAAA;EAEN,IAAI,KAAK;GACP,MAAM,WAAW,KAAK,gBAAgB;GACtC,IAAI,UAAU;IACZ,KAAK,IAAI,KAAK,2BAA2B,IAAI;IAC7C,OAAO;;;EAIX,MAAM,UAAU,MAAM,KAAK,QAAQ,CAChC,KAAK,OAAO,aAAa;GACxB,KAAK,IAAI,MAAM,YAAY;IACzB;IACA,QAAQ,SAAS;IAClB,CAAC;GAEF,MAAM,gBAA+B;IACnC,MAAM,MAAM,KAAK,aAAa,UAAU,QAAQ;IAChD,QAAQ,SAAS;IACjB,YAAY,SAAS;IACrB,SAAS,SAAS;IAClB,KAAK;IACN;GAED,IAAI,QAAQ,WAAW;QACjB,QAAQ,OACV,MAAM,KAAK,MAAM,IACf,KACA,EAAE,MAAM,cAAc,MAAM,EAC5B,OAAO,QAAQ,UAAU,YAAY,KAAA,IAAY,QAAQ,MAC1D;SACI,IAAI,CAAC,KAAK,OAAO,WAAW,EAAE;KAEnC,MAAM,OAAO,SAAS,QAAQ,IAAI,OAAO,IAAI,KAAA;KAC7C,IAAI,MACF,MAAM,KAAK,MAAM,IAAI,KAAK;MAAE,MAAM,cAAc;MAAM;MAAM,CAAC;;;GAKnE,OAAO;IACP,CACD,cAAc;GACb,IAAI,KACF,OAAO,KAAK,gBAAgB;IAE9B;EAEJ,IAAI,KACF,KAAK,gBAAgB,OAAO;EAG9B,OAAO;;CAGT,IACE,MACA,QACA,MACA;EACA,IAAI,MAAM;EAEV,IAAI,OAAO,QACT,OAAO,OAAO;EAGhB,OAAO,OAAO;EACd,MAAM,KAAK,cAAc,KAAK,QAAQ,KAAK;EAC3C,MAAM,KAAK,YAAY,KAAK,QAAQ,KAAK;EAEzC,OAAO;;CAGT,MAAgB,KACd,MACA,SACA,QACA,OAAiC,EAAE,EACnC;EAMA,IAJE,OAAO,KAAK,YAAY,YACxB,kBAAkB,KAAK,WACvB,KAAK,QAAQ,oBAAoB,yBAElB,YAAY,OAAO,EAAE;GACpC,IAAI,OAAO,KAAK,YAAY,YAAY,kBAAkB,KAAK,SAC7D,OAAQ,KAAK,QAAoC;GAGnD,MAAM,WAAW,IAAI,UAAU;GAE/B,KAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC,EAAE;IAC1D,IAAI,OAAO,UAAU,UAAU;KAC7B,SAAS,OAAO,KAAK,MAAM;KAC3B;;IAEF,IAAI,iBAAiB,MAAM;KACzB,SAAS,OAAO,KAAK,MAAM;KAC3B;;IAEF,IAAI,WAAW,MAAM,EAEnB,SAAS,OACP,KACA,IAAI,KAAK,CAAC,MAAM,MAAM,aAAa,CAAC,EAAE,MAAM,MAAM,EAChD,MAAM,MAAM,MACb,CAAC,CACH;;GAIL,KAAK,OAAO;GAEZ;;EAGF,IAAI,CAAC,KAAK,QAAQ,OAAO,QAAQ,MAAM;GACrC,QAAQ,kBAAkB;GAC1B,KAAK,OAAO,KAAK,OAAO,MAAM,OAAO,OAAO,QAAQ,MAAM,KAAK,MAAM,EACnE,IAAI,UACL,CAAC;;;CAIN,MAAgB,aACd,UACA,SACc;EACd,IAAI,SAAS,WAAW,KAAK;GAC3B,IAAI,WAAW,SAAS;GACxB,IAAI,OAAO,WAAW,aACpB,WAAW,SAAS,QAAQ,OAAO,SAAS,QAAQ,GAAG;GAGzD,MAAM,SAAS,MAAM,KAAK,MAAM,IAAI,SAAS;GAC7C,IAAI,QACF,OAAO,OAAO;GAIhB,OAAO;;EAGT,IAAI,SAAS,WAAW,KACtB;EAGF,IAAI,KAAK,YAAY,SAAS,EAC5B,OAAO,KAAK,eAAe,SAAS;EAGtC,IAAI,SAAS,QAAQ,IAAI,eAAe,EAAE,WAAW,QAAQ,EAC3D,OAAO,MAAM,SAAS,MAAM;EAG9B,IAAI,SAAS,QAAQ,IAAI,eAAe,KAAK,oBAAoB;GAC/D,MAAM,OAAO,MAAM,SAAS,MAAM;GAElC,IAAI,SAAS,UAAU,KAAK;IAE1B,MAAM,QAAQ,IAAI,UADA,KAAK,OAAO,MAAM,OAAO,aAAa,KACnB,CAAC;IAEtC,MAAM,KAAK,OAAO,OAAO,KAAK,kBAAkB,EAC9C,OACD,CAAC;IAEF,MAAM;;GAGR,IAAI,QAAQ,QACV,OAAO,KAAK,OAAO,MAAM,OAAO,QAAQ,QAAQ,KAAK;GAGvD,OAAO;;EAGT,IAAI,SAAS,UAAU,KAAK;GAC1B,MAAM,QAAQ,IAAI,UAAU;IAC1B,QAAQ,SAAS;IACjB,SAAS,mDAAmD,SAAS,WAAW;IACjF,CAAC;GAEF,MAAM,KAAK,OAAO,OAAO,KAAK,kBAAkB,EAC9C,OACD,CAAC;GAEF,MAAM;;EAGR,OAAO;;CAGT,YAAsB,UAA6B;EACjD,MAAM,cAAc,SAAS,QAAQ,IAAI,eAAe;EACxD,IAAI,CAAC,aACH,OAAO;EAGT,IAAI,SAAS,QAAQ,IAAI,sBAAsB,EAAE,SAAS,aAAa,EACrE,OAAO;EAGT,OACE,YAAY,WAAW,2BAA2B,IAClD,YAAY,WAAW,kBAAkB,IACzC,YAAY,WAAW,kBAAkB,IACzC,YAAY,WAAW,SAAS,IAChC,YAAY,WAAW,SAAS,IAChC,YAAY,WAAW,SAAS;;CAIpC,eAAyB,UAAoB,kBAAkB,IAAc;EAC3E,MAAM,SAAS,SAAS,QAAQ,IAAI,sBAAsB,IAAI,IAAI,MAChE,kBACD;EACD,OAAO;GACL,MAAM,QAAQ,KAAK,MAAM,KAAK;GAC9B,MAAM,SAAS,QAAQ,IAAI,eAAe,IAAI;GAC9C,MAAM,OAAO,SAAS,QAAQ,IAAI,iBAAiB,IAAI,EAAE;GACzD,cAAc,KAAK,KAAK;GACxB,cAAc;IACZ,MAAM,IAAI,YAAY,kBAAkB;;GAE1C,aAAa,YAAY;IACvB,OAAO,MAAM,SAAS,aAAa;;GAErC,MAAM,YAAY;IAChB,OAAO,MAAM,SAAS,MAAM;;GAE/B;;CAGH,cACE,KACA,QACA,OAAiC,EAAE,EAC3B;EACR,IAAI,OAAO,KAAK,WAAW,UAAU;GACnC,MAAM,SAAS,OAAO,QAAQ,SACzB,KAAK,OAAO,MAAM,OACjB,OAAO,OAAO,QACd,KAAK,OACN,GACD,KAAK;GAET,KAAK,MAAM,OAAO,OAAO,KAAK,OAAO,EAAE;IACrC,MAAM,IAAI,QAAQ,IAAI,OAAO,OAAO,KAAK;IACzC,MAAM,IAAI,QAAQ,IAAI,IAAI,IAAI,OAAO,KAAK;;;EAI9C,OAAO;;CAGT,YACE,KACA,QACA,OAAiC,EAAE,EAC3B;EACR,IAAI,OAAO,KAAK,UAAU,UAAU;GAClC,MAAM,QAAQ,OAAO,QAAQ,QACzB,KAAK,OAAO,MAAM,OAAO,OAAO,OAAO,OAAO,KAAK,SAAS,EAAE,CAAC,GAC/D,KAAK;GAET,KAAK,MAAM,OAAO,OAAO,KAAK,MAAM,EAAE;IACpC,IAAI,MAAM,SAAS,KAAA,GACjB,OAAO,MAAM;IAEf,IAAI,OAAO,MAAM,SAAS,UACxB,MAAM,OAAO,KAAK,UAAU,MAAM,KAAK;;GAI3C,MAAM,SAAS,IAAI,gBACjB,MACD,CAAC,UAAU;GACZ,OAAO,SAAS,GAAG,IAAI,GAAG,WAAW;;EAEvC,OAAO;;;;;ACxZX,MAAa,eAAe;CAE1B;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;;;ACTD,IAAa,kBAAb,cAAqC,UAAU;CAC7C,YAAY,UAAU,wBAAwB,OAAiB;EAC7D,MACE;GACE;GACA,QAAQ;GACT,EACD,MACD;;;;;ACRL,IAAa,gBAAb,cAAmC,UAAU;CAC3C,YAAY,UAAU,yBAAyB,OAAiB;EAC9D,MACE;GACE;GACA,QAAQ;GACT,EACD,MACD;;;;;ACRL,IAAa,iBAAb,cAAoC,UAAU;CAC5C,YACE,UAAU,yCACV,OACA;EACA,MACE;GACE;GACA,QAAQ;GACT,EACD,MACD;;;;;ACXL,IAAa,gBAAb,cAAmC,UAAU;CAC3C,YAAY,UAAU,sBAAsB,OAAiB;EAC3D,MACE;GACE;GACA,QAAQ;GACT,EACD,MACD;;;;;ACRL,IAAa,oBAAb,cAAuC,UAAU;CAC/C,OAAgB;CAEhB,YACE,UAAU,uCACV,OACA;EACA,MACE;GACE;GACA,QAAQ;GACT,EACD,MACD;;;;;ACZL,IAAa,kBAAb,cAAqC,UAAU;CAC7C,YAAY,UAAU,yBAAyB,OAAiB;EAC9D,IAAI,cAAc;EAClB,IAAI;EAEJ,IAAI,iBAAiB,cAAc;GACjC,cAAc,GAAG,QAAQ,IAAI,MAAM,MAAM;GACzC,IAAI,MAAM,MAAM,cACd,UAAU,MAAM,MAAM;;EAI1B,MACE;GACE,SAAS;GACT,QAAQ;GACR;GACD,EACD,MACD;;;;;;;;ACnBL,IAAa,cAAb,MAAyB;CAEvB,UAEI,EAAE;CAEN;CAEA;;;;CAKA,SAAgB,KAAa,SAAiB,KAAW;EACvD,KAAK,SAAS;EACd,KAAK,QAAQ,WAAW;;;;;CAQ1B,UAAiB,QAAsB;EACrC,KAAK,SAAS;EACd,OAAO;;;;;CAMT,UAAiB,MAAc,OAAqB;EAClD,KAAK,QAAQ,KAAK,aAAa,IAAI;EACnC,OAAO;;;;;CAMT,QAAe,MAAiB;EAC9B,KAAK,OAAO;EACZ,OAAO;;;;;ACzCX,MAAa,WAAW,EAAE,OACxB;CACE,IAAI,EAAE,QAAQ,EAAE,aAAa,+BAA+B,CAAC;CAC7D,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,EAAE,SAAS,CAAC,CAAC,CAAC;CAChD,OAAO,EAAE,SACP,EAAE,OAAO,EAAE,aAAa,gCAAgC,CAAC,CAC1D;CACF,EACD;CACE,OAAO;CACP,aAAa;CACd,CACF;;;ACND,MAAa,eAAe,QAAQ;CAClC,MAAM;CACN,YAAY,EAAE;CACd,UAAU,CAAC,WAAW;CACvB,CAAC"}
+{"version":3,"file":"index.browser.js","names":[],"sources":["../../../src/server/core/errors/HttpError.ts","../../../src/server/core/helpers/isMultipart.ts","../../../src/server/core/schemas/errorSchema.ts","../../../src/server/core/services/HttpClient.ts","../../../src/server/core/constants/routeMethods.ts","../../../src/server/core/errors/BadRequestError.ts","../../../src/server/core/errors/ConflictError.ts","../../../src/server/core/errors/ForbiddenError.ts","../../../src/server/core/errors/NotFoundError.ts","../../../src/server/core/errors/UnauthorizedError.ts","../../../src/server/core/errors/ValidationError.ts","../../../src/server/core/helpers/ServerReply.ts","../../../src/server/core/schemas/okSchema.ts","../../../src/server/core/index.browser.ts"],"sourcesContent":["import { AlephaError } from \"alepha\";\nimport type { ErrorSchema } from \"../schemas/errorSchema.ts\";\n\nexport const isHttpError = (\n  error: unknown,\n  status?: number,\n): error is HttpErrorLike => {\n  const isError =\n    !!error &&\n    typeof error === \"object\" &&\n    \"message\" in error &&\n    typeof error.message === \"string\" &&\n    \"status\" in error &&\n    typeof error.status === \"number\";\n\n  if (!isError) {\n    return false;\n  }\n\n  if (status) {\n    return (error as HttpErrorLike).status === status;\n  }\n\n  return true;\n};\n\nexport class HttpError extends AlephaError {\n  public name = \"HttpError\";\n\n  static is = isHttpError;\n\n  static toJSON(error: HttpError): ErrorSchema {\n    const json: Record<string, unknown> = {\n      error: error.error,\n      status: error.status,\n      message: error.message,\n    };\n\n    if (error.details) json.details = error.details;\n    if (error.requestId) json.requestId = error.requestId;\n    if (error.reason) json.cause = error.reason;\n\n    return json as ErrorSchema;\n  }\n\n  public readonly error: string;\n  public readonly status: number;\n\n  public readonly requestId?: string;\n  public readonly details?: string;\n  public readonly reason?: {\n    name: string;\n    message: string;\n  };\n\n  constructor(options: Partial<ErrorSchema>, cause?: unknown) {\n    super(options.message, {\n      cause,\n    });\n\n    this.status = options.status ?? 500;\n    this.details = options.details;\n    this.requestId = options.requestId;\n\n    if (typeof options.cause === \"object\") {\n      this.reason = {\n        name: (options.cause as { name: string }).name,\n        message: (options.cause as { message: string }).message,\n      };\n    } else if (cause instanceof Error) {\n      this.reason = {\n        name: cause.name,\n        message: cause.message,\n      };\n    }\n\n    if (this.constructor.name === \"HttpError\") {\n      this.error =\n        options.error ?? errorNameByStatus[this.status] ?? \"HttpError\";\n    } else {\n      this.error = this.constructor.name;\n    }\n  }\n}\n\nexport const errorNameByStatus: Record<number, string> = {\n  400: \"BadRequestError\",\n  401: \"UnauthorizedError\",\n  403: \"ForbiddenError\",\n  404: \"NotFoundError\",\n  405: \"MethodNotAllowedError\",\n  409: \"ConflictError\",\n  410: \"GoneError\",\n  413: \"PayloadTooLargeError\",\n  415: \"UnsupportedMediaTypeError\",\n  429: \"TooManyRequestsError\",\n  500: \"InternalServerError\",\n  501: \"NotImplementedError\",\n  502: \"BadGatewayError\",\n  503: \"ServiceUnavailableError\",\n  504: \"GatewayTimeoutError\",\n};\n\nexport interface HttpErrorLike extends Error {\n  status: number;\n}\n","import type { RequestConfigSchema } from \"../interfaces/ServerRequest.ts\";\n\n/**\n * Checks if the route has multipart/form-data request body.\n */\nexport const isMultipart = (options: {\n  schema?: RequestConfigSchema;\n  contentType?: string;\n  requestBodyType?: string;\n}): boolean => {\n  if (\n    options.contentType === \"multipart/form-data\" ||\n    options.requestBodyType === \"multipart/form-data\"\n  ) {\n    return true;\n  }\n\n  if (options.schema?.body && \"properties\" in options.schema.body) {\n    const properties: Record<string, any> = options.schema.body.properties;\n    for (const key in properties) {\n      if (properties[key].format === \"binary\") {\n        return true;\n      }\n    }\n  }\n\n  return false;\n};\n","import { type Static, t } from \"alepha\";\n\nexport const errorSchema = t.object(\n  {\n    error: t.text({ description: \"HTTP error name\" }),\n    status: t.integer({\n      description: \"HTTP status code\",\n    }),\n    message: t.text({\n      description: \"Short text which describe the error\",\n      size: \"rich\",\n    }),\n    details: t.optional(\n      t.text({\n        description: \"Detailed description of the error\",\n        size: \"rich\",\n      }),\n    ),\n    requestId: t.optional(t.text()),\n    cause: t.optional(\n      t.object({\n        name: t.text(),\n        message: t.text({\n          description: \"Cause Error message\",\n          size: \"rich\",\n        }),\n      }),\n    ),\n  },\n  {\n    title: \"HttpError\",\n    description: \"Generic response after a failed operation\",\n  },\n);\n\nexport type ErrorSchema = Static<typeof errorSchema>;\n","import {\n  $inject,\n  Alepha,\n  AlephaError,\n  type FileLike,\n  isFileLike,\n  type Static,\n  type TObject,\n  type TSchema,\n} from \"alepha\";\nimport { $cache } from \"alepha/cache\";\nimport type { DurationLike } from \"alepha/datetime\";\nimport { $logger } from \"alepha/logger\";\nimport { HttpError } from \"../errors/HttpError.ts\";\nimport { isMultipart } from \"../helpers/isMultipart.ts\";\nimport type {\n  ServerRequestConfigEntry,\n  TRequestBody,\n  TResponseBody,\n} from \"../interfaces/ServerRequest.ts\";\nimport type { ClientRequestOptions } from \"../primitives/$action.ts\";\nimport { errorSchema } from \"../schemas/errorSchema.ts\";\n\nexport class HttpClient {\n  protected readonly log = $logger();\n  protected readonly alepha = $inject(Alepha);\n\n  public readonly cache = $cache<HttpClientCache>({\n    provider: \"memory\",\n    name: \"http:client\",\n  });\n\n  protected readonly pendingRequests: HttpClientPendingRequests = {};\n\n  public async fetchAction(args: FetchActionArgs): Promise<FetchResponse> {\n    const route = args.action; // our link to fetch\n    const options = args.options ?? {}; // fetch standard options, cache, etc.\n    const config = args.config ?? {}; // params, query, body, etc.\n    const host = args.host ?? \"\"; // remote host, e.g. \"https://api.example.com\" or empty (for browser)\n\n    const request: RequestInit = {\n      ...options.request,\n    };\n\n    const method = route.method;\n    const headers: Record<string, string> = {};\n    const url = this.url(host, route, config);\n\n    await this.alepha.events.emit(\"client:onRequest\", {\n      route,\n      config,\n      options,\n      headers,\n      request,\n    });\n\n    request.method ??= method;\n\n    await this.body(request, headers, route, config);\n\n    request.headers = {\n      ...config.headers,\n      ...Object.fromEntries(new Headers(request.headers).entries()),\n      ...headers,\n    };\n\n    return await this.fetch(url, {\n      ...request,\n      schema: route.schema,\n      ...options,\n    });\n  }\n\n  public async fetch<T extends TSchema>(\n    url: string,\n    request: RequestInitWithOptions<T> = {}, // standard options\n  ): Promise<FetchResponse<Static<T>>> {\n    const options = {\n      cache: request.localCache,\n      schema: request.schema?.response,\n      key: request.key,\n    };\n\n    request.method ??= \"GET\";\n\n    this.log.trace(\"Request\", {\n      url,\n      method: request.method,\n      body: request.body,\n      headers: request.headers,\n      options,\n    });\n\n    // Only add automatic ETag if user didn't explicitly provide headers\n    const cached = await this.cache.get(url);\n    if (cached && request.method === \"GET\") {\n      if (cached.etag) {\n        request.headers = new Headers(request.headers);\n        if (!request.headers.has(\"if-none-match\")) {\n          request.headers.set(\"if-none-match\", cached.etag);\n        }\n      } else {\n        return {\n          data: cached.data as Static<T>,\n          status: 200,\n          statusText: \"OK\",\n          headers: new Headers(),\n        };\n      }\n    }\n\n    await this.alepha.events.emit(\"client:beforeFetch\", {\n      url,\n      options,\n      request,\n    });\n\n    // Deduplicate concurrent identical requests for idempotent methods only.\n    // Non-idempotent methods (POST, PUT, PATCH, DELETE) must always execute\n    // since each call may produce a different side effect.\n    const isIdempotent =\n      request.method === \"GET\" ||\n      request.method === \"HEAD\" ||\n      request.method === \"OPTIONS\";\n    const key =\n      options.key ??\n      (isIdempotent\n        ? JSON.stringify({ url, method: request.method })\n        : undefined);\n\n    if (key) {\n      const existing = this.pendingRequests[key];\n      if (existing) {\n        this.log.info(\"Request already pending\", key);\n        return existing;\n      }\n    }\n\n    const promise = fetch(url, request)\n      .then(async (response) => {\n        this.log.debug(\"Response\", {\n          url,\n          status: response.status,\n        });\n\n        const fetchResponse: FetchResponse = {\n          data: await this.responseData(response, options),\n          status: response.status,\n          statusText: response.statusText,\n          headers: response.headers,\n          raw: response,\n        };\n\n        if (request.method === \"GET\") {\n          if (options.cache) {\n            await this.cache.set(\n              url,\n              { data: fetchResponse.data },\n              typeof options.cache === \"boolean\" ? undefined : options.cache,\n            );\n          } else if (!this.alepha.isBrowser()) {\n            // only cache etag on server, browser can handle etag itself\n            const etag = response.headers.get(\"etag\") ?? undefined;\n            if (etag) {\n              await this.cache.set(url, { data: fetchResponse.data, etag });\n            }\n          }\n        }\n\n        return fetchResponse;\n      })\n      .finally(() => {\n        if (key) {\n          delete this.pendingRequests[key];\n        }\n      });\n\n    if (key) {\n      this.pendingRequests[key] = promise;\n    }\n\n    return promise;\n  }\n\n  protected url(\n    host: string,\n    action: HttpAction,\n    args: ServerRequestConfigEntry,\n  ) {\n    let url = host;\n\n    if (action.prefix) {\n      url += action.prefix;\n    }\n\n    url += action.path;\n    url = this.pathVariables(url, action, args);\n    url = this.queryParams(url, action, args);\n\n    return url;\n  }\n\n  protected async body(\n    init: RequestInit,\n    headers: Record<string, string>,\n    action: HttpAction,\n    args: ServerRequestConfigEntry = {},\n  ) {\n    const hasHeader =\n      typeof init.headers === \"object\" &&\n      \"content-type\" in init.headers &&\n      init.headers[\"content-type\"] === \"multipart/form-data\";\n\n    if (hasHeader || isMultipart(action)) {\n      if (typeof init.headers === \"object\" && \"content-type\" in init.headers) {\n        delete (init.headers as Record<string, unknown>)[\"content-type\"]; // fetch() will fill this for us\n      }\n\n      const formData = new FormData();\n\n      for (const [key, value] of Object.entries(args.body ?? {})) {\n        if (typeof value === \"string\") {\n          formData.append(key, value);\n          continue;\n        }\n        if (value instanceof Blob) {\n          formData.append(key, value);\n          continue;\n        }\n        if (isFileLike(value)) {\n          // FileLike must be transformed to WebFile\n          formData.append(\n            key,\n            new File([await value.arrayBuffer()], value.name, {\n              type: value.type,\n            }),\n          );\n        }\n      }\n\n      init.body = formData;\n\n      return;\n    }\n\n    if (!init.body && action.schema?.body) {\n      headers[\"content-type\"] = \"application/json\";\n      init.body = this.alepha.codec.encode(action.schema?.body, args.body, {\n        as: \"string\",\n      });\n    }\n  }\n\n  protected async responseData(\n    response: Response,\n    options: FetchOptions,\n  ): Promise<any> {\n    if (response.status === 304) {\n      let cacheKey = response.url;\n      if (typeof window !== \"undefined\") {\n        cacheKey = cacheKey.replace(window.location.origin, \"\");\n      }\n\n      const cached = await this.cache.get(cacheKey);\n      if (cached) {\n        return cached.data;\n      }\n\n      // if no cached data (etag-only routes), return empty string\n      return \"\";\n    }\n\n    if (response.status === 204) {\n      return;\n    }\n\n    if (this.isMaybeFile(response)) {\n      return this.createFileLike(response);\n    }\n\n    if (response.headers.get(\"Content-Type\")?.startsWith(\"text/\")) {\n      return await response.text();\n    }\n\n    if (response.headers.get(\"Content-Type\") === \"application/json\") {\n      const json = await response.json();\n\n      if (response.status >= 400) {\n        const jsonError = this.alepha.codec.decode(errorSchema, json);\n        const error = new HttpError(jsonError);\n\n        await this.alepha.events.emit(\"client:onError\", {\n          error,\n        });\n\n        throw error;\n      }\n\n      if (options.schema) {\n        return this.alepha.codec.decode(options.schema, json);\n      }\n\n      return json;\n    }\n\n    if (response.status >= 400) {\n      const error = new HttpError({\n        status: response.status,\n        message: `An error occurred while fetching the resource. (${response.statusText})`,\n      });\n\n      await this.alepha.events.emit(\"client:onError\", {\n        error,\n      });\n\n      throw error;\n    }\n\n    return response;\n  }\n\n  protected isMaybeFile(response: Response): boolean {\n    const contentType = response.headers.get(\"Content-Type\");\n    if (!contentType) {\n      return false;\n    }\n\n    if (response.headers.get(\"Content-Disposition\")?.includes(\"attachment\")) {\n      return true; // If Content-Disposition indicates an attachment, treat it as a file\n    }\n\n    return (\n      contentType.startsWith(\"application/octet-stream\") ||\n      contentType.startsWith(\"application/pdf\") ||\n      contentType.startsWith(\"application/zip\") ||\n      contentType.startsWith(\"image/\") ||\n      contentType.startsWith(\"video/\") ||\n      contentType.startsWith(\"audio/\")\n    );\n  }\n\n  protected createFileLike(response: Response, defaultFileName = \"\"): FileLike {\n    const match = (response.headers.get(\"Content-Disposition\") ?? \"\").match(\n      /filename=\"(.+)\"/,\n    );\n    return {\n      name: match?.[1] ? match[1] : defaultFileName,\n      type: response.headers.get(\"Content-Type\") ?? \"application/octet-stream\",\n      size: Number(response.headers.get(\"Content-Length\") ?? 0),\n      lastModified: Date.now(),\n      stream: () => {\n        throw new AlephaError(\"Not implemented\");\n      },\n      arrayBuffer: async () => {\n        return await response.arrayBuffer();\n      },\n      text: async () => {\n        return await response.text();\n      },\n    };\n  }\n\n  public pathVariables(\n    url: string,\n    action: { schema?: { params?: TObject } },\n    args: ServerRequestConfigEntry = {},\n  ): string {\n    if (typeof args.params === \"object\") {\n      const params = action.schema?.params\n        ? (this.alepha.codec.decode(\n            action.schema.params,\n            args.params,\n          ) as Record<string, any>)\n        : args.params;\n\n      for (const key of Object.keys(params)) {\n        url = url.replace(`:${key}`, params[key]);\n        url = url.replace(`{${key}}`, params[key]);\n      }\n    }\n\n    return url;\n  }\n\n  public queryParams(\n    url: string,\n    action: { schema?: { query?: TObject } },\n    args: ServerRequestConfigEntry = {},\n  ): string {\n    if (typeof args.query === \"object\") {\n      const query = action.schema?.query\n        ? this.alepha.codec.decode(action.schema.query, args.query ?? {})\n        : args.query;\n\n      for (const key of Object.keys(query)) {\n        if (query[key] === undefined) {\n          delete query[key];\n        }\n        if (typeof query[key] === \"object\") {\n          query[key] = JSON.stringify(query[key]);\n        }\n      }\n\n      const params = new URLSearchParams(\n        query as Record<string, string>,\n      ).toString();\n      return params ? `${url}?${params}` : url;\n    }\n    return url;\n  }\n}\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport interface FetchOptions<T extends TSchema = TSchema> {\n  /**\n   * Key to identify the request in the pending requests.\n   */\n  key?: string;\n\n  /**\n   * The schema to validate the response against.\n   */\n  schema?: {\n    response?: T;\n  };\n\n  /**\n   * Built-in cache options.\n   */\n  localCache?: boolean | number | DurationLike;\n}\n\nexport type RequestInitWithOptions<T extends TSchema = TSchema> = RequestInit &\n  FetchOptions<T>;\n\nexport interface FetchResponse<T = any> {\n  data: T;\n  status: number;\n  statusText: string;\n  headers: Headers;\n  raw?: Response;\n}\n\nexport type HttpClientPendingRequests = Record<\n  string,\n  Promise<any> | undefined\n>;\n\ninterface HttpClientCache {\n  data: any;\n  etag?: string;\n}\n\nexport interface FetchActionArgs {\n  action: HttpAction;\n  host?: string;\n  config?: ServerRequestConfigEntry;\n  options?: ClientRequestOptions;\n}\n\nexport interface HttpAction {\n  method?: string;\n  prefix?: string;\n  path: string;\n  contentType?: string;\n  requestBodyType?: string;\n  schema?: {\n    params?: TObject;\n    query?: TObject;\n    body?: TRequestBody;\n    response?: TResponseBody;\n  };\n}\n","export const routeMethods = [\n  // list of supported http methods\n  \"GET\",\n  \"POST\",\n  \"PUT\",\n  \"PATCH\",\n  \"DELETE\",\n  \"HEAD\",\n  \"OPTIONS\",\n  \"CONNECT\",\n  \"TRACE\",\n] as const;\n\nexport type RouteMethod = (typeof routeMethods)[number];\n","import { HttpError } from \"./HttpError.ts\";\n\nexport class BadRequestError extends HttpError {\n  constructor(message = \"Invalid request body\", cause?: unknown) {\n    super(\n      {\n        message,\n        status: 400,\n      },\n      cause,\n    );\n  }\n}\n","import { HttpError } from \"./HttpError.ts\";\n\nexport class ConflictError extends HttpError {\n  constructor(message = \"Entity already exists\", cause?: unknown) {\n    super(\n      {\n        message,\n        status: 409,\n      },\n      cause,\n    );\n  }\n}\n","import { HttpError } from \"./HttpError.ts\";\n\nexport class ForbiddenError extends HttpError {\n  constructor(\n    message = \"No permission to access this resource\",\n    cause?: unknown,\n  ) {\n    super(\n      {\n        message,\n        status: 403,\n      },\n      cause,\n    );\n  }\n}\n","import { HttpError } from \"./HttpError.ts\";\n\nexport class NotFoundError extends HttpError {\n  constructor(message = \"Resource not found\", cause?: unknown) {\n    super(\n      {\n        message,\n        status: 404,\n      },\n      cause,\n    );\n  }\n}\n","import { HttpError } from \"./HttpError.ts\";\n\nexport class UnauthorizedError extends HttpError {\n  readonly name = \"UnauthorizedError\";\n\n  constructor(\n    message = \"Not allowed to access this resource\",\n    cause?: unknown,\n  ) {\n    super(\n      {\n        message,\n        status: 401,\n      },\n      cause,\n    );\n  }\n}\n","import { TypeBoxError } from \"alepha\";\nimport { HttpError } from \"./HttpError.ts\";\n\nexport class ValidationError extends HttpError {\n  constructor(message = \"Validation has failed\", cause?: unknown) {\n    let fullMessage = message;\n    let details: string | undefined;\n\n    if (cause instanceof TypeBoxError) {\n      fullMessage = `${message}: ${cause.cause.message}`;\n      if (cause.cause.instancePath) {\n        details = cause.cause.instancePath;\n      }\n    }\n\n    super(\n      {\n        message: fullMessage,\n        status: 400,\n        details,\n      },\n      cause,\n    );\n  }\n}\n","/**\n * Helper for building server replies.\n */\nexport class ServerReply {\n  // TODO: make it private\n  public headers: Record<string, string> & {\n    \"set-cookie\"?: string[];\n  } = {};\n\n  public status?: number; // default 200, or 204 (no content)\n\n  public body?: any;\n\n  /**\n   * Redirect to a given URL with optional status code (default 302).\n   */\n  public redirect(url: string, status: number = 302): void {\n    this.status = status;\n    this.headers.location = url;\n  }\n\n  // TODO: check if status / header is already set and throw an error if so (for allow to override with force flag)\n\n  /**\n   * Set the response status code.\n   */\n  public setStatus(status: number): this {\n    this.status = status;\n    return this;\n  }\n\n  /**\n   * Set a response header.\n   */\n  public setHeader(name: string, value: string): this {\n    this.headers[name.toLowerCase()] = value;\n    return this;\n  }\n\n  /**\n   * Set the response body.\n   */\n  public setBody(body: any): this {\n    this.body = body;\n    return this;\n  }\n}\n","import type { Static } from \"alepha\";\nimport { t } from \"alepha\";\n\nexport const okSchema = t.object(\n  {\n    ok: t.boolean({ description: \"True when operation succeed\" }),\n    id: t.optional(t.union([t.text(), t.integer()])),\n    count: t.optional(\n      t.number({ description: \"Number of resources affected\" }),\n    ),\n  },\n  {\n    title: \"Ok\",\n    description: \"Generic response after a successful operation on a resource\",\n  },\n);\n\nexport type Ok = Static<typeof okSchema>;\n","import { $module } from \"alepha\";\nimport { HttpClient } from \"./services/HttpClient.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport * from \"./index.shared.ts\";\n\n// ---------------------------------------------------------------------------------------------------------------------\n\nexport const AlephaServer = $module({\n  name: \"alepha.server\",\n  primitives: [],\n  services: [HttpClient],\n});\n"],"mappings":";;;;AAGA,MAAa,eACX,OACA,WAC2B;CAS3B,IAAI,EAPF,CAAC,CAAC,SACF,OAAO,UAAU,YACjB,aAAa,SACb,OAAO,MAAM,YAAY,YACzB,YAAY,SACZ,OAAO,MAAM,WAAW,WAGxB,OAAO;CAGT,IAAI,QACF,OAAQ,MAAwB,WAAW;CAG7C,OAAO;AACT;AAEA,IAAa,YAAb,cAA+B,YAAY;CACzC,OAAc;CAEd,OAAO,KAAK;CAEZ,OAAO,OAAO,OAA+B;EAC3C,MAAM,OAAgC;GACpC,OAAO,MAAM;GACb,QAAQ,MAAM;GACd,SAAS,MAAM;EACjB;EAEA,IAAI,MAAM,SAAS,KAAK,UAAU,MAAM;EACxC,IAAI,MAAM,WAAW,KAAK,YAAY,MAAM;EAC5C,IAAI,MAAM,QAAQ,KAAK,QAAQ,MAAM;EAErC,OAAO;CACT;CAEA;CACA;CAEA;CACA;CACA;CAKA,YAAY,SAA+B,OAAiB;EAC1D,MAAM,QAAQ,SAAS,EACrB,MACF,CAAC;EAED,KAAK,SAAS,QAAQ,UAAU;EAChC,KAAK,UAAU,QAAQ;EACvB,KAAK,YAAY,QAAQ;EAEzB,IAAI,OAAO,QAAQ,UAAU,UAC3B,KAAK,SAAS;GACZ,MAAO,QAAQ,MAA2B;GAC1C,SAAU,QAAQ,MAA8B;EAClD;OACK,IAAI,iBAAiB,OAC1B,KAAK,SAAS;GACZ,MAAM,MAAM;GACZ,SAAS,MAAM;EACjB;EAGF,IAAI,KAAK,YAAY,SAAS,aAC5B,KAAK,QACH,QAAQ,SAAS,kBAAkB,KAAK,WAAW;OAErD,KAAK,QAAQ,KAAK,YAAY;CAElC;AACF;AAEA,MAAa,oBAA4C;CACvD,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;CACL,KAAK;AACP;;;;;;AChGA,MAAa,eAAe,YAIb;CACb,IACE,QAAQ,gBAAgB,yBACxB,QAAQ,oBAAoB,uBAE5B,OAAO;CAGT,IAAI,QAAQ,QAAQ,QAAQ,gBAAgB,QAAQ,OAAO,MAAM;EAC/D,MAAM,aAAkC,QAAQ,OAAO,KAAK;EAC5D,KAAK,MAAM,OAAO,YAChB,IAAI,WAAW,KAAK,WAAW,UAC7B,OAAO;CAGb;CAEA,OAAO;AACT;;;ACzBA,MAAa,cAAc,EAAE,OAC3B;CACE,OAAO,EAAE,KAAK,EAAE,aAAa,kBAAkB,CAAC;CAChD,QAAQ,EAAE,QAAQ,EAChB,aAAa,mBACf,CAAC;CACD,SAAS,EAAE,KAAK;EACd,aAAa;EACb,MAAM;CACR,CAAC;CACD,SAAS,EAAE,SACT,EAAE,KAAK;EACL,aAAa;EACb,MAAM;CACR,CAAC,CACH;CACA,WAAW,EAAE,SAAS,EAAE,KAAK,CAAC;CAC9B,OAAO,EAAE,SACP,EAAE,OAAO;EACP,MAAM,EAAE,KAAK;EACb,SAAS,EAAE,KAAK;GACd,aAAa;GACb,MAAM;EACR,CAAC;CACH,CAAC,CACH;AACF,GACA;CACE,OAAO;CACP,aAAa;AACf,CACF;;;ACVA,IAAa,aAAb,MAAwB;CACtB,MAAyB,QAAQ;CACjC,SAA4B,QAAQ,MAAM;CAE1C,QAAwB,OAAwB;EAC9C,UAAU;EACV,MAAM;CACR,CAAC;CAED,kBAAgE,CAAC;CAEjE,MAAa,YAAY,MAA+C;EACtE,MAAM,QAAQ,KAAK;EACnB,MAAM,UAAU,KAAK,WAAW,CAAC;EACjC,MAAM,SAAS,KAAK,UAAU,CAAC;EAC/B,MAAM,OAAO,KAAK,QAAQ;EAE1B,MAAM,UAAuB,EAC3B,GAAG,QAAQ,QACb;EAEA,MAAM,SAAS,MAAM;EACrB,MAAM,UAAkC,CAAC;EACzC,MAAM,MAAM,KAAK,IAAI,MAAM,OAAO,MAAM;EAExC,MAAM,KAAK,OAAO,OAAO,KAAK,oBAAoB;GAChD;GACA;GACA;GACA;GACA;EACF,CAAC;EAED,QAAQ,WAAW;EAEnB,MAAM,KAAK,KAAK,SAAS,SAAS,OAAO,MAAM;EAE/C,QAAQ,UAAU;GAChB,GAAG,OAAO;GACV,GAAG,OAAO,YAAY,IAAI,QAAQ,QAAQ,OAAO,EAAE,QAAQ,CAAC;GAC5D,GAAG;EACL;EAEA,OAAO,MAAM,KAAK,MAAM,KAAK;GAC3B,GAAG;GACH,QAAQ,MAAM;GACd,GAAG;EACL,CAAC;CACH;CAEA,MAAa,MACX,KACA,UAAqC,CAAC,GACH;EACnC,MAAM,UAAU;GACd,OAAO,QAAQ;GACf,QAAQ,QAAQ,QAAQ;GACxB,KAAK,QAAQ;EACf;EAEA,QAAQ,WAAW;EAEnB,KAAK,IAAI,MAAM,WAAW;GACxB;GACA,QAAQ,QAAQ;GAChB,MAAM,QAAQ;GACd,SAAS,QAAQ;GACjB;EACF,CAAC;EAGD,MAAM,SAAS,MAAM,KAAK,MAAM,IAAI,GAAG;EACvC,IAAI,UAAU,QAAQ,WAAW,OAC/B,IAAI,OAAO,MAAM;GACf,QAAQ,UAAU,IAAI,QAAQ,QAAQ,OAAO;GAC7C,IAAI,CAAC,QAAQ,QAAQ,IAAI,eAAe,GACtC,QAAQ,QAAQ,IAAI,iBAAiB,OAAO,IAAI;EAEpD,OACE,OAAO;GACL,MAAM,OAAO;GACb,QAAQ;GACR,YAAY;GACZ,SAAS,IAAI,QAAQ;EACvB;EAIJ,MAAM,KAAK,OAAO,OAAO,KAAK,sBAAsB;GAClD;GACA;GACA;EACF,CAAC;EAKD,MAAM,eACJ,QAAQ,WAAW,SACnB,QAAQ,WAAW,UACnB,QAAQ,WAAW;EACrB,MAAM,MACJ,QAAQ,QACP,eACG,KAAK,UAAU;GAAE;GAAK,QAAQ,QAAQ;EAAO,CAAC,IAC9C,KAAA;EAEN,IAAI,KAAK;GACP,MAAM,WAAW,KAAK,gBAAgB;GACtC,IAAI,UAAU;IACZ,KAAK,IAAI,KAAK,2BAA2B,GAAG;IAC5C,OAAO;GACT;EACF;EAEA,MAAM,UAAU,MAAM,KAAK,OAAO,EAC/B,KAAK,OAAO,aAAa;GACxB,KAAK,IAAI,MAAM,YAAY;IACzB;IACA,QAAQ,SAAS;GACnB,CAAC;GAED,MAAM,gBAA+B;IACnC,MAAM,MAAM,KAAK,aAAa,UAAU,OAAO;IAC/C,QAAQ,SAAS;IACjB,YAAY,SAAS;IACrB,SAAS,SAAS;IAClB,KAAK;GACP;GAEA,IAAI,QAAQ,WAAW;QACjB,QAAQ,OACV,MAAM,KAAK,MAAM,IACf,KACA,EAAE,MAAM,cAAc,KAAK,GAC3B,OAAO,QAAQ,UAAU,YAAY,KAAA,IAAY,QAAQ,KAC3D;SACK,IAAI,CAAC,KAAK,OAAO,UAAU,GAAG;KAEnC,MAAM,OAAO,SAAS,QAAQ,IAAI,MAAM,KAAK,KAAA;KAC7C,IAAI,MACF,MAAM,KAAK,MAAM,IAAI,KAAK;MAAE,MAAM,cAAc;MAAM;KAAK,CAAC;IAEhE;;GAGF,OAAO;EACT,CAAC,EACA,cAAc;GACb,IAAI,KACF,OAAO,KAAK,gBAAgB;EAEhC,CAAC;EAEH,IAAI,KACF,KAAK,gBAAgB,OAAO;EAG9B,OAAO;CACT;CAEA,IACE,MACA,QACA,MACA;EACA,IAAI,MAAM;EAEV,IAAI,OAAO,QACT,OAAO,OAAO;EAGhB,OAAO,OAAO;EACd,MAAM,KAAK,cAAc,KAAK,QAAQ,IAAI;EAC1C,MAAM,KAAK,YAAY,KAAK,QAAQ,IAAI;EAExC,OAAO;CACT;CAEA,MAAgB,KACd,MACA,SACA,QACA,OAAiC,CAAC,GAClC;EAMA,IAJE,OAAO,KAAK,YAAY,YACxB,kBAAkB,KAAK,WACvB,KAAK,QAAQ,oBAAoB,yBAElB,YAAY,MAAM,GAAG;GACpC,IAAI,OAAO,KAAK,YAAY,YAAY,kBAAkB,KAAK,SAC7D,OAAQ,KAAK,QAAoC;GAGnD,MAAM,WAAW,IAAI,SAAS;GAE9B,KAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,KAAK,QAAQ,CAAC,CAAC,GAAG;IAC1D,IAAI,OAAO,UAAU,UAAU;KAC7B,SAAS,OAAO,KAAK,KAAK;KAC1B;IACF;IACA,IAAI,iBAAiB,MAAM;KACzB,SAAS,OAAO,KAAK,KAAK;KAC1B;IACF;IACA,IAAI,WAAW,KAAK,GAElB,SAAS,OACP,KACA,IAAI,KAAK,CAAC,MAAM,MAAM,YAAY,CAAC,GAAG,MAAM,MAAM,EAChD,MAAM,MAAM,KACd,CAAC,CACH;GAEJ;GAEA,KAAK,OAAO;GAEZ;EACF;EAEA,IAAI,CAAC,KAAK,QAAQ,OAAO,QAAQ,MAAM;GACrC,QAAQ,kBAAkB;GAC1B,KAAK,OAAO,KAAK,OAAO,MAAM,OAAO,OAAO,QAAQ,MAAM,KAAK,MAAM,EACnE,IAAI,SACN,CAAC;EACH;CACF;CAEA,MAAgB,aACd,UACA,SACc;EACd,IAAI,SAAS,WAAW,KAAK;GAC3B,IAAI,WAAW,SAAS;GACxB,IAAI,OAAO,WAAW,aACpB,WAAW,SAAS,QAAQ,OAAO,SAAS,QAAQ,EAAE;GAGxD,MAAM,SAAS,MAAM,KAAK,MAAM,IAAI,QAAQ;GAC5C,IAAI,QACF,OAAO,OAAO;GAIhB,OAAO;EACT;EAEA,IAAI,SAAS,WAAW,KACtB;EAGF,IAAI,KAAK,YAAY,QAAQ,GAC3B,OAAO,KAAK,eAAe,QAAQ;EAGrC,IAAI,SAAS,QAAQ,IAAI,cAAc,GAAG,WAAW,OAAO,GAC1D,OAAO,MAAM,SAAS,KAAK;EAG7B,IAAI,SAAS,QAAQ,IAAI,cAAc,MAAM,oBAAoB;GAC/D,MAAM,OAAO,MAAM,SAAS,KAAK;GAEjC,IAAI,SAAS,UAAU,KAAK;IAE1B,MAAM,QAAQ,IAAI,UADA,KAAK,OAAO,MAAM,OAAO,aAAa,IACpB,CAAC;IAErC,MAAM,KAAK,OAAO,OAAO,KAAK,kBAAkB,EAC9C,MACF,CAAC;IAED,MAAM;GACR;GAEA,IAAI,QAAQ,QACV,OAAO,KAAK,OAAO,MAAM,OAAO,QAAQ,QAAQ,IAAI;GAGtD,OAAO;EACT;EAEA,IAAI,SAAS,UAAU,KAAK;GAC1B,MAAM,QAAQ,IAAI,UAAU;IAC1B,QAAQ,SAAS;IACjB,SAAS,mDAAmD,SAAS,WAAW;GAClF,CAAC;GAED,MAAM,KAAK,OAAO,OAAO,KAAK,kBAAkB,EAC9C,MACF,CAAC;GAED,MAAM;EACR;EAEA,OAAO;CACT;CAEA,YAAsB,UAA6B;EACjD,MAAM,cAAc,SAAS,QAAQ,IAAI,cAAc;EACvD,IAAI,CAAC,aACH,OAAO;EAGT,IAAI,SAAS,QAAQ,IAAI,qBAAqB,GAAG,SAAS,YAAY,GACpE,OAAO;EAGT,OACE,YAAY,WAAW,0BAA0B,KACjD,YAAY,WAAW,iBAAiB,KACxC,YAAY,WAAW,iBAAiB,KACxC,YAAY,WAAW,QAAQ,KAC/B,YAAY,WAAW,QAAQ,KAC/B,YAAY,WAAW,QAAQ;CAEnC;CAEA,eAAyB,UAAoB,kBAAkB,IAAc;EAC3E,MAAM,SAAS,SAAS,QAAQ,IAAI,qBAAqB,KAAK,IAAI,MAChE,iBACF;EACA,OAAO;GACL,MAAM,QAAQ,KAAK,MAAM,KAAK;GAC9B,MAAM,SAAS,QAAQ,IAAI,cAAc,KAAK;GAC9C,MAAM,OAAO,SAAS,QAAQ,IAAI,gBAAgB,KAAK,CAAC;GACxD,cAAc,KAAK,IAAI;GACvB,cAAc;IACZ,MAAM,IAAI,YAAY,iBAAiB;GACzC;GACA,aAAa,YAAY;IACvB,OAAO,MAAM,SAAS,YAAY;GACpC;GACA,MAAM,YAAY;IAChB,OAAO,MAAM,SAAS,KAAK;GAC7B;EACF;CACF;CAEA,cACE,KACA,QACA,OAAiC,CAAC,GAC1B;EACR,IAAI,OAAO,KAAK,WAAW,UAAU;GACnC,MAAM,SAAS,OAAO,QAAQ,SACzB,KAAK,OAAO,MAAM,OACjB,OAAO,OAAO,QACd,KAAK,MACP,IACA,KAAK;GAET,KAAK,MAAM,OAAO,OAAO,KAAK,MAAM,GAAG;IACrC,MAAM,IAAI,QAAQ,IAAI,OAAO,OAAO,IAAI;IACxC,MAAM,IAAI,QAAQ,IAAI,IAAI,IAAI,OAAO,IAAI;GAC3C;EACF;EAEA,OAAO;CACT;CAEA,YACE,KACA,QACA,OAAiC,CAAC,GAC1B;EACR,IAAI,OAAO,KAAK,UAAU,UAAU;GAClC,MAAM,QAAQ,OAAO,QAAQ,QACzB,KAAK,OAAO,MAAM,OAAO,OAAO,OAAO,OAAO,KAAK,SAAS,CAAC,CAAC,IAC9D,KAAK;GAET,KAAK,MAAM,OAAO,OAAO,KAAK,KAAK,GAAG;IACpC,IAAI,MAAM,SAAS,KAAA,GACjB,OAAO,MAAM;IAEf,IAAI,OAAO,MAAM,SAAS,UACxB,MAAM,OAAO,KAAK,UAAU,MAAM,IAAI;GAE1C;GAEA,MAAM,SAAS,IAAI,gBACjB,KACF,EAAE,SAAS;GACX,OAAO,SAAS,GAAG,IAAI,GAAG,WAAW;EACvC;EACA,OAAO;CACT;AACF;;;AC1ZA,MAAa,eAAe;CAE1B;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;AACF;;;ACTA,IAAa,kBAAb,cAAqC,UAAU;CAC7C,YAAY,UAAU,wBAAwB,OAAiB;EAC7D,MACE;GACE;GACA,QAAQ;EACV,GACA,KACF;CACF;AACF;;;ACVA,IAAa,gBAAb,cAAmC,UAAU;CAC3C,YAAY,UAAU,yBAAyB,OAAiB;EAC9D,MACE;GACE;GACA,QAAQ;EACV,GACA,KACF;CACF;AACF;;;ACVA,IAAa,iBAAb,cAAoC,UAAU;CAC5C,YACE,UAAU,yCACV,OACA;EACA,MACE;GACE;GACA,QAAQ;EACV,GACA,KACF;CACF;AACF;;;ACbA,IAAa,gBAAb,cAAmC,UAAU;CAC3C,YAAY,UAAU,sBAAsB,OAAiB;EAC3D,MACE;GACE;GACA,QAAQ;EACV,GACA,KACF;CACF;AACF;;;ACVA,IAAa,oBAAb,cAAuC,UAAU;CAC/C,OAAgB;CAEhB,YACE,UAAU,uCACV,OACA;EACA,MACE;GACE;GACA,QAAQ;EACV,GACA,KACF;CACF;AACF;;;ACdA,IAAa,kBAAb,cAAqC,UAAU;CAC7C,YAAY,UAAU,yBAAyB,OAAiB;EAC9D,IAAI,cAAc;EAClB,IAAI;EAEJ,IAAI,iBAAiB,cAAc;GACjC,cAAc,GAAG,QAAQ,IAAI,MAAM,MAAM;GACzC,IAAI,MAAM,MAAM,cACd,UAAU,MAAM,MAAM;EAE1B;EAEA,MACE;GACE,SAAS;GACT,QAAQ;GACR;EACF,GACA,KACF;CACF;AACF;;;;;;ACrBA,IAAa,cAAb,MAAyB;CAEvB,UAEI,CAAC;CAEL;CAEA;;;;CAKA,SAAgB,KAAa,SAAiB,KAAW;EACvD,KAAK,SAAS;EACd,KAAK,QAAQ,WAAW;CAC1B;;;;CAOA,UAAiB,QAAsB;EACrC,KAAK,SAAS;EACd,OAAO;CACT;;;;CAKA,UAAiB,MAAc,OAAqB;EAClD,KAAK,QAAQ,KAAK,YAAY,KAAK;EACnC,OAAO;CACT;;;;CAKA,QAAe,MAAiB;EAC9B,KAAK,OAAO;EACZ,OAAO;CACT;AACF;;;AC3CA,MAAa,WAAW,EAAE,OACxB;CACE,IAAI,EAAE,QAAQ,EAAE,aAAa,8BAA8B,CAAC;CAC5D,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,EAAE,KAAK,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC;CAC/C,OAAO,EAAE,SACP,EAAE,OAAO,EAAE,aAAa,+BAA+B,CAAC,CAC1D;AACF,GACA;CACE,OAAO;CACP,aAAa;AACf,CACF;;;ACNA,MAAa,eAAe,QAAQ;CAClC,MAAM;CACN,YAAY,CAAC;CACb,UAAU,CAAC,UAAU;AACvB,CAAC"}