better-call 1.0.28-beta.1 → 1.0.28-beta.2

package/README.md

@@ -231,6 +231,93 @@ const createItem = createEndpoint("/item", {
 })
 ```
 
+#### Allowed Media Types
+
+You can restrict which media types (MIME types) are allowed for request bodies using the `allowedMediaTypes` option. This can be configured at both the router level and the endpoint level, with endpoint-level configuration taking precedence.
+
+When a request is made with a disallowed media type, the endpoint will return a `415 Unsupported Media Type` error.
+
+**Router-level configuration:**
+
+```ts
+const router = createRouter({
+    createItem,
+    updateItem
+}, {
+    // All endpoints in this router will only accept JSON
+    allowedMediaTypes: ["application/json"]
+})
+```
+
+**Endpoint-level configuration:**
+
+```ts
+const uploadFile = createEndpoint("/upload", {
+    method: "POST",
+    metadata: {
+        // This endpoint will only accept form data
+        allowedMediaTypes: ["multipart/form-data"]
+    }
+}, async (ctx) => {
+    return { success: true }
+})
+```
+
+**Multiple media types:**
+
+```ts
+const createItem = createEndpoint("/item", {
+    method: "POST",
+    body: z.object({
+        id: z.string()
+    }),
+    metadata: {
+        // Accept both JSON and form-urlencoded
+        allowedMediaTypes: [
+            "application/json",
+            "application/x-www-form-urlencoded"
+        ]
+    }
+}, async (ctx) => {
+    return {
+        item: {
+            id: ctx.body.id
+        }
+    }
+})
+```
+
+**Endpoint overriding router:**
+
+```ts
+const router = createRouter({
+    createItem,
+    uploadFile
+}, {
+    // Default: only accept JSON
+    allowedMediaTypes: ["application/json"]
+})
+
+const uploadFile = createEndpoint("/upload", {
+    method: "POST",
+    metadata: {
+        // This endpoint overrides the router setting
+        allowedMediaTypes: ["multipart/form-data", "application/octet-stream"]
+    }
+}, async (ctx) => {
+    return { success: true }
+})
+```
+
+Common media types:
+- `application/json` - JSON data
+- `application/x-www-form-urlencoded` - Form data
+- `multipart/form-data` - File uploads
+- `text/plain` - Plain text
+- `application/octet-stream` - Binary data
+
+> **Note:** The validation is case-insensitive and handles charset parameters automatically (e.g., `application/json; charset=utf-8` will match `application/json`).
+
 #### Require Headers
 
 The `requireHeaders` option is used to require the request to have headers. If the request doesn't have headers, the endpoint will throw an error. This is only useful when you call the endpoint as a function.

package/dist/client.d.cts

@@ -1,4 +1,4 @@
-import { Endpoint, HasRequiredKeys, Router, UnionToIntersection } from "./router-BV-cToj2.cjs";
+import { Endpoint, HasRequiredKeys, Router, UnionToIntersection } from "./router-rGV6mTr8.cjs";
 import { BetterFetchOption, BetterFetchResponse } from "@better-fetch/fetch";
 
 //#region src/client.d.ts

package/dist/client.d.ts

@@ -1,4 +1,4 @@
-import { Endpoint, HasRequiredKeys, Router, UnionToIntersection } from "./router-CuwMJjp1.js";
+import { Endpoint, HasRequiredKeys, Router, UnionToIntersection } from "./router-NaFkuy-s.js";
 import { BetterFetchOption, BetterFetchResponse } from "@better-fetch/fetch";
 
 //#region src/client.d.ts

package/dist/index.cjs

@@ -1,10 +1,181 @@
 const require_chunk = require('./chunk-CUT6urMc.cjs');
-const require_utils = require('./utils-JxxvmTPm.cjs');
 let __better_auth_utils = require("@better-auth/utils");
 __better_auth_utils = require_chunk.__toESM(__better_auth_utils);
 let rou3 = require("rou3");
 rou3 = require_chunk.__toESM(rou3);
 
+//#region src/error.ts
+function isErrorStackTraceLimitWritable() {
+	const desc = Object.getOwnPropertyDescriptor(Error, "stackTraceLimit");
+	if (desc === void 0) return Object.isExtensible(Error);
+	return Object.prototype.hasOwnProperty.call(desc, "writable") ? desc.writable : desc.set !== void 0;
+}
+/**
+* Hide internal stack frames from the error stack trace.
+*/
+function hideInternalStackFrames(stack) {
+	const lines = stack.split("\n    at ");
+	if (lines.length <= 1) return stack;
+	lines.splice(1, 1);
+	return lines.join("\n    at ");
+}
+/**
+* Creates a custom error class that hides stack frames.
+*/
+function makeErrorForHideStackFrame(Base, clazz) {
+	class HideStackFramesError extends Base {
+		#hiddenStack;
+		constructor(...args) {
+			if (isErrorStackTraceLimitWritable()) {
+				const limit = Error.stackTraceLimit;
+				Error.stackTraceLimit = 0;
+				super(...args);
+				Error.stackTraceLimit = limit;
+			} else super(...args);
+			const stack = (/* @__PURE__ */ new Error()).stack;
+			if (stack) this.#hiddenStack = hideInternalStackFrames(stack.replace(/^Error/, this.name));
+		}
+		get errorStack() {
+			return this.#hiddenStack;
+		}
+	}
+	Object.defineProperty(HideStackFramesError.prototype, "constructor", {
+		get() {
+			return clazz;
+		},
+		enumerable: false,
+		configurable: true
+	});
+	return HideStackFramesError;
+}
+const statusCodes = {
+	OK: 200,
+	CREATED: 201,
+	ACCEPTED: 202,
+	NO_CONTENT: 204,
+	MULTIPLE_CHOICES: 300,
+	MOVED_PERMANENTLY: 301,
+	FOUND: 302,
+	SEE_OTHER: 303,
+	NOT_MODIFIED: 304,
+	TEMPORARY_REDIRECT: 307,
+	BAD_REQUEST: 400,
+	UNAUTHORIZED: 401,
+	PAYMENT_REQUIRED: 402,
+	FORBIDDEN: 403,
+	NOT_FOUND: 404,
+	METHOD_NOT_ALLOWED: 405,
+	NOT_ACCEPTABLE: 406,
+	PROXY_AUTHENTICATION_REQUIRED: 407,
+	REQUEST_TIMEOUT: 408,
+	CONFLICT: 409,
+	GONE: 410,
+	LENGTH_REQUIRED: 411,
+	PRECONDITION_FAILED: 412,
+	PAYLOAD_TOO_LARGE: 413,
+	URI_TOO_LONG: 414,
+	UNSUPPORTED_MEDIA_TYPE: 415,
+	RANGE_NOT_SATISFIABLE: 416,
+	EXPECTATION_FAILED: 417,
+	"I'M_A_TEAPOT": 418,
+	MISDIRECTED_REQUEST: 421,
+	UNPROCESSABLE_ENTITY: 422,
+	LOCKED: 423,
+	FAILED_DEPENDENCY: 424,
+	TOO_EARLY: 425,
+	UPGRADE_REQUIRED: 426,
+	PRECONDITION_REQUIRED: 428,
+	TOO_MANY_REQUESTS: 429,
+	REQUEST_HEADER_FIELDS_TOO_LARGE: 431,
+	UNAVAILABLE_FOR_LEGAL_REASONS: 451,
+	INTERNAL_SERVER_ERROR: 500,
+	NOT_IMPLEMENTED: 501,
+	BAD_GATEWAY: 502,
+	SERVICE_UNAVAILABLE: 503,
+	GATEWAY_TIMEOUT: 504,
+	HTTP_VERSION_NOT_SUPPORTED: 505,
+	VARIANT_ALSO_NEGOTIATES: 506,
+	INSUFFICIENT_STORAGE: 507,
+	LOOP_DETECTED: 508,
+	NOT_EXTENDED: 510,
+	NETWORK_AUTHENTICATION_REQUIRED: 511
+};
+var InternalAPIError = class extends Error {
+	constructor(status = "INTERNAL_SERVER_ERROR", body = void 0, headers = {}, statusCode = typeof status === "number" ? status : statusCodes[status]) {
+		super(body?.message, body?.cause ? { cause: body.cause } : void 0);
+		this.status = status;
+		this.body = body;
+		this.headers = headers;
+		this.statusCode = statusCode;
+		this.name = "APIError";
+		this.status = status;
+		this.headers = headers;
+		this.statusCode = statusCode;
+		this.body = body ? {
+			code: body?.message?.toUpperCase().replace(/ /g, "_").replace(/[^A-Z0-9_]/g, ""),
+			...body
+		} : void 0;
+	}
+};
+var BetterCallError = class extends Error {
+	constructor(message) {
+		super(message);
+		this.name = "BetterCallError";
+	}
+};
+const APIError = makeErrorForHideStackFrame(InternalAPIError, Error);
+
+//#endregion
+//#region src/utils.ts
+async function getBody(request, allowedMediaTypes) {
+	const contentType = request.headers.get("content-type") || "";
+	const normalizedContentType = contentType.toLowerCase();
+	if (!request.body) return;
+	if (allowedMediaTypes && allowedMediaTypes.length > 0) {
+		if (!allowedMediaTypes.some((allowed) => {
+			const normalizedContentTypeBase = normalizedContentType.split(";")[0].trim();
+			const normalizedAllowed = allowed.toLowerCase().trim();
+			return normalizedContentTypeBase === normalizedAllowed || normalizedContentTypeBase.includes(normalizedAllowed);
+		})) throw new APIError(415, {
+			message: `Content-Type "${contentType}" is not allowed. Allowed types: ${allowedMediaTypes.join(", ")}`,
+			code: "UNSUPPORTED_MEDIA_TYPE"
+		});
+	}
+	if (normalizedContentType.includes("application/json")) return await request.json();
+	if (normalizedContentType.includes("application/x-www-form-urlencoded")) {
+		const formData = await request.formData();
+		const result = {};
+		formData.forEach((value, key) => {
+			result[key] = value.toString();
+		});
+		return result;
+	}
+	if (normalizedContentType.includes("multipart/form-data")) {
+		const formData = await request.formData();
+		const result = {};
+		formData.forEach((value, key) => {
+			result[key] = value;
+		});
+		return result;
+	}
+	if (normalizedContentType.includes("text/plain")) return await request.text();
+	if (normalizedContentType.includes("application/octet-stream")) return await request.arrayBuffer();
+	if (normalizedContentType.includes("application/pdf") || normalizedContentType.includes("image/") || normalizedContentType.includes("video/")) return await request.blob();
+	if (normalizedContentType.includes("application/stream") || request.body instanceof ReadableStream) return request.body;
+	return await request.text();
+}
+function isAPIError(error) {
+	return error instanceof APIError || error?.name === "APIError";
+}
+function tryDecode(str) {
+	try {
+		return str.includes("%") ? decodeURIComponent(str) : str;
+	} catch {
+		return str;
+	}
+}
+
+//#endregion
 //#region src/to-response.ts
 function isJSONSerializable(value) {
 	if (value === void 0) return false;
@@ -57,7 +228,7 @@ function toResponse(data, init) {
 			statusText: init?.statusText ?? routerResponse?.statusText
 		});
 	}
-	if (require_utils.isAPIError(data)) return toResponse(data.body, {
+	if (isAPIError(data)) return toResponse(data.body, {
 		status: init?.status ?? data.statusCode,
 		statusText: data.status.toString(),
 		headers: init?.headers || data.headers
@@ -208,7 +379,7 @@ function parseCookies(str) {
 		if (!cookies.has(key)) {
 			let val = str.slice(eqIdx + 1, endIdx).trim();
 			if (val.codePointAt(0) === 34) val = val.slice(1, -1);
-			cookies.set(key, require_utils.tryDecode(val));
+			cookies.set(key, tryDecode(val));
 		}
 		index = endIdx + 1;
 	}
@@ -258,28 +429,8 @@ const serializeSignedCookie = async (key, value, secret, opt) => {
 const createInternalContext = async (context, { options, path }) => {
 	const headers = new Headers();
 	let responseStatus = void 0;
-	if (context.request && !context.body && !options.disableBody) {
-		const { getBody: getBody$1 } = await Promise.resolve().then(() => require("./utils-C1kQcShE.cjs"));
-		const allowedContentTypes = options.metadata?.allowedContentTypes;
-		context.body = await getBody$1(context.request, allowedContentTypes);
-	} else if (context.request && options.metadata?.allowedContentTypes) {
-		const allowedContentTypes = options.metadata.allowedContentTypes;
-		if (allowedContentTypes.length > 0) {
-			const contentType = context.request.headers.get("content-type") || "";
-			if (contentType && context.request.body) {
-				if (!allowedContentTypes.some((allowed) => {
-					const normalizedContentType = contentType.toLowerCase().split(";")[0].trim();
-					const normalizedAllowed = allowed.toLowerCase().trim();
-					return normalizedContentType === normalizedAllowed || normalizedContentType.includes(normalizedAllowed);
-				})) throw new require_utils.APIError(415, {
-					message: `Content-Type "${contentType}" is not allowed. Allowed types: ${allowedContentTypes.join(", ")}`,
-					code: "UNSUPPORTED_MEDIA_TYPE"
-				});
-			}
-		}
-	}
 	const { data, error } = await runValidation(options, context);
-	if (error) throw new require_utils.APIError(400, {
+	if (error) throw new APIError(400, {
 		message: error.message,
 		code: "VALIDATION_ERROR"
 	});
@@ -333,10 +484,10 @@ const createInternalContext = async (context, { options, path }) => {
 		},
 		redirect: (url) => {
 			headers.set("location", url);
-			return new require_utils.APIError("FOUND", void 0, headers);
+			return new APIError("FOUND", void 0, headers);
 		},
 		error: (status, body, headers$1) => {
-			return new require_utils.APIError(status, body, headers$1);
+			return new APIError(status, body, headers$1);
 		},
 		setStatus: (status) => {
 			responseStatus = status;
@@ -374,7 +525,7 @@ const createInternalContext = async (context, { options, path }) => {
 //#endregion
 //#region src/endpoint.ts
 const createEndpoint = (path, options, handler) => {
-	if ((options.method === "GET" || options.method === "HEAD") && options.body) throw new require_utils.BetterCallError("Body is not allowed with GET or HEAD methods");
+	if ((options.method === "GET" || options.method === "HEAD") && options.body) throw new BetterCallError("Body is not allowed with GET or HEAD methods");
 	const internalHandler = async (...inputCtx) => {
 		const context = inputCtx[0] || {};
 		const internalContext = await createInternalContext(context, {
@@ -382,7 +533,7 @@ const createEndpoint = (path, options, handler) => {
 			path
 		});
 		const response = await handler(internalContext).catch(async (e) => {
-			if (require_utils.isAPIError(e)) {
+			if (isAPIError(e)) {
 				const onAPIError = options.onAPIError;
 				if (onAPIError) await onAPIError(e);
 				if (context.asResponse) return e;
@@ -2352,14 +2503,14 @@ const createRouter = (endpoints, config$1) => {
 		});
 		const handler = route.data;
 		try {
-			const allowedContentTypes = handler.options.metadata?.allowedContentTypes || config$1?.allowedContentTypes;
+			const allowedMediaTypes = handler.options.metadata?.allowedMediaTypes || config$1?.allowedMediaTypes;
 			const context = {
 				path,
 				method: request.method,
 				headers: request.headers,
 				params: route.params ? JSON.parse(JSON.stringify(route.params)) : {},
 				request,
-				body: handler.options.disableBody ? void 0 : await require_utils.getBody(handler.options.cloneRequest ? request.clone() : request, allowedContentTypes),
+				body: handler.options.disableBody ? void 0 : await getBody(handler.options.cloneRequest ? request.clone() : request, allowedMediaTypes),
 				query,
 				_flag: "router",
 				asResponse: true,
@@ -2380,11 +2531,11 @@ const createRouter = (endpoints, config$1) => {
 				const errorResponse = await config$1.onError(error);
 				if (errorResponse instanceof Response) return toResponse(errorResponse);
 			} catch (error$1) {
-				if (require_utils.isAPIError(error$1)) return toResponse(error$1);
+				if (isAPIError(error$1)) return toResponse(error$1);
 				throw error$1;
 			}
 			if (config$1?.throwError) throw error;
-			if (require_utils.isAPIError(error)) return toResponse(error);
+			if (isAPIError(error)) return toResponse(error);
 			console.error(`# SERVER_ERROR: `, error);
 			return new Response(null, {
 				status: 500,
@@ -2406,8 +2557,8 @@ const createRouter = (endpoints, config$1) => {
 };
 
 //#endregion
-exports.APIError = require_utils.APIError;
-exports.BetterCallError = require_utils.BetterCallError;
+exports.APIError = APIError;
+exports.BetterCallError = BetterCallError;
 exports.createEndpoint = createEndpoint;
 exports.createInternalContext = createInternalContext;
 exports.createMiddleware = createMiddleware;
@@ -2415,11 +2566,11 @@ exports.createRouter = createRouter;
 exports.generator = generator;
 exports.getCookieKey = getCookieKey;
 exports.getHTML = getHTML;
-exports.hideInternalStackFrames = require_utils.hideInternalStackFrames;
-exports.makeErrorForHideStackFrame = require_utils.makeErrorForHideStackFrame;
+exports.hideInternalStackFrames = hideInternalStackFrames;
+exports.makeErrorForHideStackFrame = makeErrorForHideStackFrame;
 exports.parseCookies = parseCookies;
 exports.serializeCookie = serializeCookie;
 exports.serializeSignedCookie = serializeSignedCookie;
-exports.statusCodes = require_utils.statusCodes;
+exports.statusCodes = statusCodes;
 exports.toResponse = toResponse;
 //# sourceMappingURL=index.cjs.map