better-call 1.0.27 → 1.0.28-beta.2

package/README.md

@@ -231,6 +231,93 @@ const createItem = createEndpoint("/item", {
 })
 ```
 
+#### Allowed Media Types
+
+You can restrict which media types (MIME types) are allowed for request bodies using the `allowedMediaTypes` option. This can be configured at both the router level and the endpoint level, with endpoint-level configuration taking precedence.
+
+When a request is made with a disallowed media type, the endpoint will return a `415 Unsupported Media Type` error.
+
+**Router-level configuration:**
+
+```ts
+const router = createRouter({
+    createItem,
+    updateItem
+}, {
+    // All endpoints in this router will only accept JSON
+    allowedMediaTypes: ["application/json"]
+})
+```
+
+**Endpoint-level configuration:**
+
+```ts
+const uploadFile = createEndpoint("/upload", {
+    method: "POST",
+    metadata: {
+        // This endpoint will only accept form data
+        allowedMediaTypes: ["multipart/form-data"]
+    }
+}, async (ctx) => {
+    return { success: true }
+})
+```
+
+**Multiple media types:**
+
+```ts
+const createItem = createEndpoint("/item", {
+    method: "POST",
+    body: z.object({
+        id: z.string()
+    }),
+    metadata: {
+        // Accept both JSON and form-urlencoded
+        allowedMediaTypes: [
+            "application/json",
+            "application/x-www-form-urlencoded"
+        ]
+    }
+}, async (ctx) => {
+    return {
+        item: {
+            id: ctx.body.id
+        }
+    }
+})
+```
+
+**Endpoint overriding router:**
+
+```ts
+const router = createRouter({
+    createItem,
+    uploadFile
+}, {
+    // Default: only accept JSON
+    allowedMediaTypes: ["application/json"]
+})
+
+const uploadFile = createEndpoint("/upload", {
+    method: "POST",
+    metadata: {
+        // This endpoint overrides the router setting
+        allowedMediaTypes: ["multipart/form-data", "application/octet-stream"]
+    }
+}, async (ctx) => {
+    return { success: true }
+})
+```
+
+Common media types:
+- `application/json` - JSON data
+- `application/x-www-form-urlencoded` - Form data
+- `multipart/form-data` - File uploads
+- `text/plain` - Plain text
+- `application/octet-stream` - Binary data
+
+> **Note:** The validation is case-insensitive and handles charset parameters automatically (e.g., `application/json; charset=utf-8` will match `application/json`).
+
 #### Require Headers
 
 The `requireHeaders` option is used to require the request to have headers. If the request doesn't have headers, the endpoint will throw an error. This is only useful when you call the endpoint as a function.

package/dist/client.d.cts

@@ -1,4 +1,4 @@
-import { Endpoint, HasRequiredKeys, Router, UnionToIntersection } from "./router-DxWRTWmk.cjs";
+import { Endpoint, HasRequiredKeys, Router, UnionToIntersection } from "./router-rGV6mTr8.cjs";
 import { BetterFetchOption, BetterFetchResponse } from "@better-fetch/fetch";
 
 //#region src/client.d.ts

package/dist/client.d.ts

@@ -1,4 +1,4 @@
-import { Endpoint, HasRequiredKeys, Router, UnionToIntersection } from "./router-D1f_-c2B.js";
+import { Endpoint, HasRequiredKeys, Router, UnionToIntersection } from "./router-NaFkuy-s.js";
 import { BetterFetchOption, BetterFetchResponse } from "@better-fetch/fetch";
 
 //#region src/client.d.ts

package/dist/index.cjs

@@ -127,11 +127,22 @@ const APIError = makeErrorForHideStackFrame(InternalAPIError, Error);
 
 //#endregion
 //#region src/utils.ts
-async function getBody(request) {
+async function getBody(request, allowedMediaTypes) {
 	const contentType = request.headers.get("content-type") || "";
+	const normalizedContentType = contentType.toLowerCase();
 	if (!request.body) return;
-	if (contentType.includes("application/json")) return await request.json();
-	if (contentType.includes("application/x-www-form-urlencoded")) {
+	if (allowedMediaTypes && allowedMediaTypes.length > 0) {
+		if (!allowedMediaTypes.some((allowed) => {
+			const normalizedContentTypeBase = normalizedContentType.split(";")[0].trim();
+			const normalizedAllowed = allowed.toLowerCase().trim();
+			return normalizedContentTypeBase === normalizedAllowed || normalizedContentTypeBase.includes(normalizedAllowed);
+		})) throw new APIError(415, {
+			message: `Content-Type "${contentType}" is not allowed. Allowed types: ${allowedMediaTypes.join(", ")}`,
+			code: "UNSUPPORTED_MEDIA_TYPE"
+		});
+	}
+	if (normalizedContentType.includes("application/json")) return await request.json();
+	if (normalizedContentType.includes("application/x-www-form-urlencoded")) {
 		const formData = await request.formData();
 		const result = {};
 		formData.forEach((value, key) => {
@@ -139,7 +150,7 @@ async function getBody(request) {
 		});
 		return result;
 	}
-	if (contentType.includes("multipart/form-data")) {
+	if (normalizedContentType.includes("multipart/form-data")) {
 		const formData = await request.formData();
 		const result = {};
 		formData.forEach((value, key) => {
@@ -147,10 +158,10 @@ async function getBody(request) {
 		});
 		return result;
 	}
-	if (contentType.includes("text/plain")) return await request.text();
-	if (contentType.includes("application/octet-stream")) return await request.arrayBuffer();
-	if (contentType.includes("application/pdf") || contentType.includes("image/") || contentType.includes("video/")) return await request.blob();
-	if (contentType.includes("application/stream") || request.body instanceof ReadableStream) return request.body;
+	if (normalizedContentType.includes("text/plain")) return await request.text();
+	if (normalizedContentType.includes("application/octet-stream")) return await request.arrayBuffer();
+	if (normalizedContentType.includes("application/pdf") || normalizedContentType.includes("image/") || normalizedContentType.includes("video/")) return await request.blob();
+	if (normalizedContentType.includes("application/stream") || request.body instanceof ReadableStream) return request.body;
 	return await request.text();
 }
 function isAPIError(error) {
@@ -2491,19 +2502,20 @@ const createRouter = (endpoints, config$1) => {
 			else query[key] = value;
 		});
 		const handler = route.data;
-		const context = {
-			path,
-			method: request.method,
-			headers: request.headers,
-			params: route.params ? JSON.parse(JSON.stringify(route.params)) : {},
-			request,
-			body: handler.options.disableBody ? void 0 : await getBody(handler.options.cloneRequest ? request.clone() : request),
-			query,
-			_flag: "router",
-			asResponse: true,
-			context: config$1?.routerContext
-		};
 		try {
+			const allowedMediaTypes = handler.options.metadata?.allowedMediaTypes || config$1?.allowedMediaTypes;
+			const context = {
+				path,
+				method: request.method,
+				headers: request.headers,
+				params: route.params ? JSON.parse(JSON.stringify(route.params)) : {},
+				request,
+				body: handler.options.disableBody ? void 0 : await getBody(handler.options.cloneRequest ? request.clone() : request, allowedMediaTypes),
+				query,
+				_flag: "router",
+				asResponse: true,
+				context: config$1?.routerContext
+			};
 			const middlewareRoutes = (0, rou3.findAllRoutes)(middlewareRouter, "*", path);
 			if (middlewareRoutes?.length) for (const { data: middleware, params } of middlewareRoutes) {
 				const res = await middleware({