balda 0.0.64 → 0.0.65

package/lib/index.d.cts

@@ -193,6 +193,118 @@ type FilePluginOptions = {
     allowedMimeTypes?: (FileAllowedMimeType | (string & {}))[];
 };
 
+type SessionStore = {
+    get: (sid: string) => Promise<Record<string, any> | undefined>;
+    set: (sid: string, value: Record<string, any>, ttlSeconds?: number) => Promise<void>;
+    destroy: (sid: string) => Promise<void>;
+};
+type SessionOptions = {
+    /** Cookie name used for session id */
+    name?: string;
+    /**
+     * Secret for signing the session cookie (sets `signed: true` on the session cookie).
+     * Requires `cookie({ sign: true, secret })` with the same secret.
+     */
+    secret?: string;
+    /** TTL seconds for session */
+    ttl?: number;
+    /** Custom store, default is in-memory */
+    store?: SessionStore;
+    /** Whether to set HttpOnly secure flags */
+    cookie?: {
+        path?: string;
+        httpOnly?: boolean;
+        secure?: boolean;
+        sameSite?: "Strict" | "Lax" | "None";
+        domain?: string;
+    };
+};
+
+/**
+ * Cookie options for setting cookies
+ */
+type CookieOptions = {
+    /**
+     * Domain for the cookie.
+     * ⚠️ Must not contain CR, LF, semicolons, or other control chars.
+     */
+    domain?: string;
+    /**
+     * Path for the cookie.
+     * ⚠️ Must not contain CR, LF, or semicolons.
+     */
+    path?: string;
+    /**
+     * Expiration date for the cookie.
+     * ⚠️ Will throw if the Date is invalid (NaN getTime).
+     */
+    expires?: Date;
+    /**
+     * Max age in seconds for the cookie. Must be a non-negative integer.
+     * Falsy values (including 0) are only skipped if undefined;
+     * pass maxAge: 0 to immediately expire.
+     */
+    maxAge?: number;
+    /**
+     * Whether the cookie is secure (HTTPS only)
+     * @default true
+     *
+     * ⚠️ Must be `true` when `sameSite` is `"None"`.
+     */
+    secure?: boolean;
+    /**
+     * Whether the cookie is HTTP only (prevents JavaScript access)
+     * @default true
+     */
+    httpOnly?: boolean;
+    /**
+     * SameSite attribute for the cookie
+     *
+     * - "Strict": Most secure, cookie not sent on cross-site requests
+     * - "Lax": Balanced, cookie sent on top-level navigation
+     * - "None": Least secure, requires secure=true
+     *
+     * ⚠️ "None" requires `secure: true`; combination is rejected at runtime.
+     */
+    sameSite?: "Strict" | "Lax" | "None";
+    /**
+     * Whether this individual cookie should be signed.
+     * The middleware must have `sign: true` and a `secret` set for this to work.
+     * Overrides the global `sign` option for this cookie only.
+     */
+    signed?: boolean;
+    /**
+     * Priority for the cookie
+     */
+    priority?: "Low" | "Medium" | "High";
+};
+/**
+ * Options for the cookie middleware
+ */
+type CookieMiddlewareOptions = {
+    /**
+     * Secret key(s) for signing cookies.
+     * - Provide a single string for static signing.
+     * - Provide an array for key rotation: signing uses `secret[0]`,
+     *   verification accepts any entry in the array.
+     * Required when `sign` is enabled.
+     */
+    secret?: string | string[];
+    /**
+     * Default options applied to all cookies set via `res.cookie()`.
+     */
+    defaults?: CookieOptions;
+    /**
+     * Whether to enable cookie parsing (defaults to true)
+     */
+    parse?: boolean;
+    /**
+     * Whether to enable cookie signing by default for all cookies (defaults to false).
+     * Individual cookies can override this via `CookieOptions.signed`.
+     */
+    sign?: boolean;
+};
+
 /**
  * The request object with type-safe path parameters.
  * This is the main object that is passed to the handler function.
@@ -379,6 +491,36 @@ declare class Request<Params extends Record<string, string> = Record<string, str
      * @timeout middleware is required
      */
     timeout?: boolean;
+    /**
+     * Session dirty tracking - true if session was modified and needs to be saved.
+     * @internal
+     */
+    _sessionDirty: boolean;
+    /**
+     * Session ID for the current request.
+     * @internal
+     */
+    _sessionId?: string;
+    /**
+     * Session TTL in seconds.
+     * @internal
+     */
+    _sessionTtl?: number;
+    /**
+     * Session store instance.
+     * @internal
+     */
+    _sessionStore?: SessionStore;
+    /**
+     * Session cookie name.
+     * @internal
+     */
+    _sessionCookieName?: string;
+    /**
+     * Session cookie defaults.
+     * @internal
+     */
+    _sessionCookieDefaults?: CookieOptions;
     get session(): Record<string, any> | undefined;
     set session(value: Record<string, any> | undefined);
     /**
@@ -1125,91 +1267,6 @@ type OpenIdConnectOptions = {
  */
 declare const controller: (path?: string, swaggerOptions?: SwaggerRouteOptions) => (target: any) => void;
 
-/**
- * Cookie options for setting cookies
- */
-type CookieOptions = {
-    /**
-     * Domain for the cookie.
-     * ⚠️ Must not contain CR, LF, semicolons, or other control chars.
-     */
-    domain?: string;
-    /**
-     * Path for the cookie.
-     * ⚠️ Must not contain CR, LF, or semicolons.
-     */
-    path?: string;
-    /**
-     * Expiration date for the cookie.
-     * ⚠️ Will throw if the Date is invalid (NaN getTime).
-     */
-    expires?: Date;
-    /**
-     * Max age in seconds for the cookie. Must be a non-negative integer.
-     * Falsy values (including 0) are only skipped if undefined;
-     * pass maxAge: 0 to immediately expire.
-     */
-    maxAge?: number;
-    /**
-     * Whether the cookie is secure (HTTPS only)
-     * @default true
-     *
-     * ⚠️ Must be `true` when `sameSite` is `"None"`.
-     */
-    secure?: boolean;
-    /**
-     * Whether the cookie is HTTP only (prevents JavaScript access)
-     * @default true
-     */
-    httpOnly?: boolean;
-    /**
-     * SameSite attribute for the cookie
-     *
-     * - "Strict": Most secure, cookie not sent on cross-site requests
-     * - "Lax": Balanced, cookie sent on top-level navigation
-     * - "None": Least secure, requires secure=true
-     *
-     * ⚠️ "None" requires `secure: true`; combination is rejected at runtime.
-     */
-    sameSite?: "Strict" | "Lax" | "None";
-    /**
-     * Whether this individual cookie should be signed.
-     * The middleware must have `sign: true` and a `secret` set for this to work.
-     * Overrides the global `sign` option for this cookie only.
-     */
-    signed?: boolean;
-    /**
-     * Priority for the cookie
-     */
-    priority?: "Low" | "Medium" | "High";
-};
-/**
- * Options for the cookie middleware
- */
-type CookieMiddlewareOptions = {
-    /**
-     * Secret key(s) for signing cookies.
-     * - Provide a single string for static signing.
-     * - Provide an array for key rotation: signing uses `secret[0]`,
-     *   verification accepts any entry in the array.
-     * Required when `sign` is enabled.
-     */
-    secret?: string | string[];
-    /**
-     * Default options applied to all cookies set via `res.cookie()`.
-     */
-    defaults?: CookieOptions;
-    /**
-     * Whether to enable cookie parsing (defaults to true)
-     */
-    parse?: boolean;
-    /**
-     * Whether to enable cookie signing by default for all cookies (defaults to false).
-     * Individual cookies can override this via `CookieOptions.signed`.
-     */
-    sign?: boolean;
-};
-
 /**
  * The response object with per-status-code type-safe response bodies.
  * When response schemas are provided (e.g. via the `responses` route option), each shorthand
@@ -2635,33 +2692,6 @@ type StorageOptions$1 = MemoryStorageStrategy | CustomStorageStrategy;
  */
 type RateLimiterKeyOptions = IpRateLimiterOptions | CustomRateLimiterOptions;
 
-type SessionStore = {
-    get: (sid: string) => Promise<Record<string, any> | undefined>;
-    set: (sid: string, value: Record<string, any>, ttlSeconds?: number) => Promise<void>;
-    destroy: (sid: string) => Promise<void>;
-};
-type SessionOptions = {
-    /** Cookie name used for session id */
-    name?: string;
-    /**
-     * Secret for signing the session cookie (sets `signed: true` on the session cookie).
-     * Requires `cookie({ sign: true, secret })` with the same secret.
-     */
-    secret?: string;
-    /** TTL seconds for session */
-    ttl?: number;
-    /** Custom store, default is in-memory */
-    store?: SessionStore;
-    /** Whether to set HttpOnly secure flags */
-    cookie?: {
-        path?: string;
-        httpOnly?: boolean;
-        secure?: boolean;
-        sameSite?: "Strict" | "Lax" | "None";
-        domain?: string;
-    };
-};
-
 /**
  * Swagger plugin that serves the swagger UI and JSON specification, by default the UI will be available at /docs and the JSON specification at /docs/json
  * @warning The json specification is always available at /${globalOptions.path}/json

package/lib/index.d.ts

@@ -193,6 +193,118 @@ type FilePluginOptions = {
     allowedMimeTypes?: (FileAllowedMimeType | (string & {}))[];
 };
 
+type SessionStore = {
+    get: (sid: string) => Promise<Record<string, any> | undefined>;
+    set: (sid: string, value: Record<string, any>, ttlSeconds?: number) => Promise<void>;
+    destroy: (sid: string) => Promise<void>;
+};
+type SessionOptions = {
+    /** Cookie name used for session id */
+    name?: string;
+    /**
+     * Secret for signing the session cookie (sets `signed: true` on the session cookie).
+     * Requires `cookie({ sign: true, secret })` with the same secret.
+     */
+    secret?: string;
+    /** TTL seconds for session */
+    ttl?: number;
+    /** Custom store, default is in-memory */
+    store?: SessionStore;
+    /** Whether to set HttpOnly secure flags */
+    cookie?: {
+        path?: string;
+        httpOnly?: boolean;
+        secure?: boolean;
+        sameSite?: "Strict" | "Lax" | "None";
+        domain?: string;
+    };
+};
+
+/**
+ * Cookie options for setting cookies
+ */
+type CookieOptions = {
+    /**
+     * Domain for the cookie.
+     * ⚠️ Must not contain CR, LF, semicolons, or other control chars.
+     */
+    domain?: string;
+    /**
+     * Path for the cookie.
+     * ⚠️ Must not contain CR, LF, or semicolons.
+     */
+    path?: string;
+    /**
+     * Expiration date for the cookie.
+     * ⚠️ Will throw if the Date is invalid (NaN getTime).
+     */
+    expires?: Date;
+    /**
+     * Max age in seconds for the cookie. Must be a non-negative integer.
+     * Falsy values (including 0) are only skipped if undefined;
+     * pass maxAge: 0 to immediately expire.
+     */
+    maxAge?: number;
+    /**
+     * Whether the cookie is secure (HTTPS only)
+     * @default true
+     *
+     * ⚠️ Must be `true` when `sameSite` is `"None"`.
+     */
+    secure?: boolean;
+    /**
+     * Whether the cookie is HTTP only (prevents JavaScript access)
+     * @default true
+     */
+    httpOnly?: boolean;
+    /**
+     * SameSite attribute for the cookie
+     *
+     * - "Strict": Most secure, cookie not sent on cross-site requests
+     * - "Lax": Balanced, cookie sent on top-level navigation
+     * - "None": Least secure, requires secure=true
+     *
+     * ⚠️ "None" requires `secure: true`; combination is rejected at runtime.
+     */
+    sameSite?: "Strict" | "Lax" | "None";
+    /**
+     * Whether this individual cookie should be signed.
+     * The middleware must have `sign: true` and a `secret` set for this to work.
+     * Overrides the global `sign` option for this cookie only.
+     */
+    signed?: boolean;
+    /**
+     * Priority for the cookie
+     */
+    priority?: "Low" | "Medium" | "High";
+};
+/**
+ * Options for the cookie middleware
+ */
+type CookieMiddlewareOptions = {
+    /**
+     * Secret key(s) for signing cookies.
+     * - Provide a single string for static signing.
+     * - Provide an array for key rotation: signing uses `secret[0]`,
+     *   verification accepts any entry in the array.
+     * Required when `sign` is enabled.
+     */
+    secret?: string | string[];
+    /**
+     * Default options applied to all cookies set via `res.cookie()`.
+     */
+    defaults?: CookieOptions;
+    /**
+     * Whether to enable cookie parsing (defaults to true)
+     */
+    parse?: boolean;
+    /**
+     * Whether to enable cookie signing by default for all cookies (defaults to false).
+     * Individual cookies can override this via `CookieOptions.signed`.
+     */
+    sign?: boolean;
+};
+
 /**
  * The request object with type-safe path parameters.
  * This is the main object that is passed to the handler function.
@@ -379,6 +491,36 @@ declare class Request<Params extends Record<string, string> = Record<string, str
      * @timeout middleware is required
      */
     timeout?: boolean;
+    /**
+     * Session dirty tracking - true if session was modified and needs to be saved.
+     * @internal
+     */
+    _sessionDirty: boolean;
+    /**
+     * Session ID for the current request.
+     * @internal
+     */
+    _sessionId?: string;
+    /**
+     * Session TTL in seconds.
+     * @internal
+     */
+    _sessionTtl?: number;
+    /**
+     * Session store instance.
+     * @internal
+     */
+    _sessionStore?: SessionStore;
+    /**
+     * Session cookie name.
+     * @internal
+     */
+    _sessionCookieName?: string;
+    /**
+     * Session cookie defaults.
+     * @internal
+     */
+    _sessionCookieDefaults?: CookieOptions;
     get session(): Record<string, any> | undefined;
     set session(value: Record<string, any> | undefined);
     /**
@@ -1125,91 +1267,6 @@ type OpenIdConnectOptions = {
  */
 declare const controller: (path?: string, swaggerOptions?: SwaggerRouteOptions) => (target: any) => void;
 
-/**
- * Cookie options for setting cookies
- */
-type CookieOptions = {
-    /**
-     * Domain for the cookie.
-     * ⚠️ Must not contain CR, LF, semicolons, or other control chars.
-     */
-    domain?: string;
-    /**
-     * Path for the cookie.
-     * ⚠️ Must not contain CR, LF, or semicolons.
-     */
-    path?: string;
-    /**
-     * Expiration date for the cookie.
-     * ⚠️ Will throw if the Date is invalid (NaN getTime).
-     */
-    expires?: Date;
-    /**
-     * Max age in seconds for the cookie. Must be a non-negative integer.
-     * Falsy values (including 0) are only skipped if undefined;
-     * pass maxAge: 0 to immediately expire.
-     */
-    maxAge?: number;
-    /**
-     * Whether the cookie is secure (HTTPS only)
-     * @default true
-     *
-     * ⚠️ Must be `true` when `sameSite` is `"None"`.
-     */
-    secure?: boolean;
-    /**
-     * Whether the cookie is HTTP only (prevents JavaScript access)
-     * @default true
-     */
-    httpOnly?: boolean;
-    /**
-     * SameSite attribute for the cookie
-     *
-     * - "Strict": Most secure, cookie not sent on cross-site requests
-     * - "Lax": Balanced, cookie sent on top-level navigation
-     * - "None": Least secure, requires secure=true
-     *
-     * ⚠️ "None" requires `secure: true`; combination is rejected at runtime.
-     */
-    sameSite?: "Strict" | "Lax" | "None";
-    /**
-     * Whether this individual cookie should be signed.
-     * The middleware must have `sign: true` and a `secret` set for this to work.
-     * Overrides the global `sign` option for this cookie only.
-     */
-    signed?: boolean;
-    /**
-     * Priority for the cookie
-     */
-    priority?: "Low" | "Medium" | "High";
-};
-/**
- * Options for the cookie middleware
- */
-type CookieMiddlewareOptions = {
-    /**
-     * Secret key(s) for signing cookies.
-     * - Provide a single string for static signing.
-     * - Provide an array for key rotation: signing uses `secret[0]`,
-     *   verification accepts any entry in the array.
-     * Required when `sign` is enabled.
-     */
-    secret?: string | string[];
-    /**
-     * Default options applied to all cookies set via `res.cookie()`.
-     */
-    defaults?: CookieOptions;
-    /**
-     * Whether to enable cookie parsing (defaults to true)
-     */
-    parse?: boolean;
-    /**
-     * Whether to enable cookie signing by default for all cookies (defaults to false).
-     * Individual cookies can override this via `CookieOptions.signed`.
-     */
-    sign?: boolean;
-};
-
 /**
  * The response object with per-status-code type-safe response bodies.
  * When response schemas are provided (e.g. via the `responses` route option), each shorthand
@@ -2635,33 +2692,6 @@ type StorageOptions$1 = MemoryStorageStrategy | CustomStorageStrategy;
  */
 type RateLimiterKeyOptions = IpRateLimiterOptions | CustomRateLimiterOptions;
 
-type SessionStore = {
-    get: (sid: string) => Promise<Record<string, any> | undefined>;
-    set: (sid: string, value: Record<string, any>, ttlSeconds?: number) => Promise<void>;
-    destroy: (sid: string) => Promise<void>;
-};
-type SessionOptions = {
-    /** Cookie name used for session id */
-    name?: string;
-    /**
-     * Secret for signing the session cookie (sets `signed: true` on the session cookie).
-     * Requires `cookie({ sign: true, secret })` with the same secret.
-     */
-    secret?: string;
-    /** TTL seconds for session */
-    ttl?: number;
-    /** Custom store, default is in-memory */
-    store?: SessionStore;
-    /** Whether to set HttpOnly secure flags */
-    cookie?: {
-        path?: string;
-        httpOnly?: boolean;
-        secure?: boolean;
-        sameSite?: "Strict" | "Lax" | "None";
-        domain?: string;
-    };
-};
-
 /**
  * Swagger plugin that serves the swagger UI and JSON specification, by default the UI will be available at /docs and the JSON specification at /docs/json
  * @warning The json specification is always available at /${globalOptions.path}/json