better-call 1.3.4 → 1.3.6

package/dist/openapi.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"openapi.cjs","names":["ZodObject","ZodOptional"],"sources":["../src/openapi.ts"],"sourcesContent":["import { ZodObject, ZodOptional, ZodType } from \"zod\";\nimport type { Endpoint, EndpointOptions } from \"./endpoint\";\n\nexport type OpenAPISchemaType =\n\t| \"string\"\n\t| \"number\"\n\t| \"integer\"\n\t| \"boolean\"\n\t| \"array\"\n\t| \"object\";\n\nexport interface OpenAPIParameter {\n\tin: \"query\" | \"path\" | \"header\" | \"cookie\";\n\tname?: string;\n\tdescription?: string;\n\trequired?: boolean;\n\tschema?: {\n\t\ttype: OpenAPISchemaType;\n\t\tformat?: string;\n\t\titems?: {\n\t\t\ttype: OpenAPISchemaType;\n\t\t};\n\t\tenum?: string[];\n\t\tminLength?: number;\n\t\tdescription?: string;\n\t\tdefault?: string;\n\t\texample?: string;\n\t};\n}\n\nexport interface Path {\n\tget?: {\n\t\ttags?: string[];\n\t\toperationId?: string;\n\t\tdescription?: string;\n\t\tsecurity?: [{ bearerAuth: string[] }];\n\t\tparameters?: OpenAPIParameter[];\n\t\tresponses?: {\n\t\t\t[key in string]: {\n\t\t\t\tdescription?: string;\n\t\t\t\tcontent: {\n\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\ttype?: OpenAPISchemaType;\n\t\t\t\t\t\t\tproperties?: Record<string, any>;\n\t\t\t\t\t\t\trequired?: string[];\n\t\t\t\t\t\t\t$ref?: string;\n\t\t\t\t\t\t};\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t};\n\t\t};\n\t};\n\tpost?: {\n\t\ttags?: string[];\n\t\toperationId?: string;\n\t\tdescription?: string;\n\t\tsecurity?: [{ bearerAuth: string[] }];\n\t\tparameters?: OpenAPIParameter[];\n\t\trequestBody?: {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype?: OpenAPISchemaType;\n\t\t\t\t\t\tproperties?: Record<string, any>;\n\t\t\t\t\t\trequired?: string[];\n\t\t\t\t\t\t$ref?: string;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t};\n\t\t};\n\t\tresponses?: {\n\t\t\t[key in string]: {\n\t\t\t\tdescription?: string;\n\t\t\t\tcontent: {\n\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\ttype?: OpenAPISchemaType;\n\t\t\t\t\t\t\tproperties?: Record<string, any>;\n\t\t\t\t\t\t\trequired?: string[];\n\t\t\t\t\t\t\t$ref?: string;\n\t\t\t\t\t\t};\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t};\n\t\t};\n\t};\n}\nconst paths: Record<string, Path> = {};\n\nfunction getTypeFromZodType(zodType: ZodType<any>) {\n\tswitch (zodType.constructor.name) {\n\t\tcase \"ZodString\":\n\t\t\treturn \"string\";\n\t\tcase \"ZodNumber\":\n\t\t\treturn \"number\";\n\t\tcase \"ZodBoolean\":\n\t\t\treturn \"boolean\";\n\t\tcase \"ZodObject\":\n\t\t\treturn \"object\";\n\t\tcase \"ZodArray\":\n\t\t\treturn \"array\";\n\t\tdefault:\n\t\t\treturn \"string\";\n\t}\n}\n\nfunction getParameters(options: EndpointOptions) {\n\tconst parameters: OpenAPIParameter[] = [];\n\tif (options.metadata?.openapi?.parameters) {\n\t\tparameters.push(...options.metadata.openapi.parameters);\n\t\treturn parameters;\n\t}\n\tif (options.query instanceof ZodObject) {\n\t\tObject.entries(options.query.shape).forEach(([key, value]) => {\n\t\t\tif (value instanceof ZodObject) {\n\t\t\t\tparameters.push({\n\t\t\t\t\tname: key,\n\t\t\t\t\tin: \"query\",\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: getTypeFromZodType(value),\n\t\t\t\t\t\t...(\"minLength\" in value && value.minLength\n\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\tminLength: value.minLength as number,\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t: {}),\n\t\t\t\t\t\tdescription: value.description,\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t}\n\t\t});\n\t}\n\treturn parameters;\n}\n\nfunction getRequestBody(options: EndpointOptions): any {\n\tif (options.metadata?.openapi?.requestBody) {\n\t\treturn options.metadata.openapi.requestBody;\n\t}\n\tif (!options.body) return undefined;\n\tif (\n\t\toptions.body instanceof ZodObject ||\n\t\toptions.body instanceof ZodOptional\n\t) {\n\t\t// @ts-ignore\n\t\tconst shape = options.body.shape;\n\t\tif (!shape) return undefined;\n\t\tconst properties: Record<string, any> = {};\n\t\tconst required: string[] = [];\n\t\tObject.entries(shape).forEach(([key, value]) => {\n\t\t\tif (value instanceof ZodObject) {\n\t\t\t\tproperties[key] = {\n\t\t\t\t\ttype: getTypeFromZodType(value),\n\t\t\t\t\tdescription: value.description,\n\t\t\t\t};\n\t\t\t\tif (!(value instanceof ZodOptional)) {\n\t\t\t\t\trequired.push(key);\n\t\t\t\t}\n\t\t\t}\n\t\t});\n\t\treturn {\n\t\t\trequired:\n\t\t\t\toptions.body instanceof ZodOptional\n\t\t\t\t\t? false\n\t\t\t\t\t: options.body\n\t\t\t\t\t\t? true\n\t\t\t\t\t\t: false,\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties,\n\t\t\t\t\t\trequired,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t};\n\t}\n\treturn undefined;\n}\n\nfunction getResponse(responses?: Record<string, any>) {\n\treturn {\n\t\t\"400\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\trequired: [\"message\"],\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription:\n\t\t\t\t\"Bad Request. Usually due to missing parameters, or invalid parameters.\",\n\t\t},\n\t\t\"401\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\trequired: [\"message\"],\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription: \"Unauthorized. Due to missing or invalid authentication.\",\n\t\t},\n\t\t\"403\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription:\n\t\t\t\t\"Forbidden. You do not have permission to access this resource or to perform this action.\",\n\t\t},\n\t\t\"404\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription: \"Not Found. The requested resource was not found.\",\n\t\t},\n\t\t\"429\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription:\n\t\t\t\t\"Too Many Requests. You have exceeded the rate limit. Try again later.\",\n\t\t},\n\t\t\"500\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription:\n\t\t\t\t\"Internal Server Error. This is a problem with the server that you cannot fix.\",\n\t\t},\n\t\t...responses,\n\t} as any;\n}\n\nexport async function generator(\n\tendpoints: Record<string, Endpoint>,\n\tconfig?: {\n\t\turl: string;\n\t},\n) {\n\tconst components = {\n\t\tschemas: {},\n\t};\n\n\tObject.entries(endpoints).forEach(([_, value]) => {\n\t\tconst options = value.options as EndpointOptions;\n\t\tif (!value.path || options.metadata?.SERVER_ONLY) return;\n\t\tif (options.method === \"GET\") {\n\t\t\tpaths[value.path] = {\n\t\t\t\tget: {\n\t\t\t\t\ttags: [\"Default\", ...(options.metadata?.openapi?.tags || [])],\n\t\t\t\t\tdescription: options.metadata?.openapi?.description,\n\t\t\t\t\toperationId: options.metadata?.openapi?.operationId,\n\t\t\t\t\tsecurity: [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tbearerAuth: [],\n\t\t\t\t\t\t},\n\t\t\t\t\t],\n\t\t\t\t\tparameters: getParameters(options),\n\t\t\t\t\tresponses: getResponse(options.metadata?.openapi?.responses),\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\n\t\tif (options.method === \"POST\") {\n\t\t\tconst body = getRequestBody(options);\n\t\t\tpaths[value.path] = {\n\t\t\t\tpost: {\n\t\t\t\t\ttags: [\"Default\", ...(options.metadata?.openapi?.tags || [])],\n\t\t\t\t\tdescription: options.metadata?.openapi?.description,\n\t\t\t\t\toperationId: options.metadata?.openapi?.operationId,\n\t\t\t\t\tsecurity: [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tbearerAuth: [],\n\t\t\t\t\t\t},\n\t\t\t\t\t],\n\t\t\t\t\tparameters: getParameters(options),\n\t\t\t\t\t...(body\n\t\t\t\t\t\t? { requestBody: body }\n\t\t\t\t\t\t: {\n\t\t\t\t\t\t\t\trequestBody: {\n\t\t\t\t\t\t\t\t\t//set body none\n\t\t\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\tproperties: {},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t}),\n\t\t\t\t\tresponses: getResponse(options.metadata?.openapi?.responses),\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t});\n\n\tconst res = {\n\t\topenapi: \"3.1.1\",\n\t\tinfo: {\n\t\t\ttitle: \"Better Auth\",\n\t\t\tdescription: \"API Reference for your Better Auth Instance\",\n\t\t\tversion: \"1.1.0\",\n\t\t},\n\t\tcomponents,\n\t\tsecurity: [\n\t\t\t{\n\t\t\t\tapiKeyCookie: [],\n\t\t\t},\n\t\t],\n\t\tservers: [\n\t\t\t{\n\t\t\t\turl: config?.url,\n\t\t\t},\n\t\t],\n\t\ttags: [\n\t\t\t{\n\t\t\t\tname: \"Default\",\n\t\t\t\tdescription:\n\t\t\t\t\t\"Default endpoints that are included with Better Auth by default. These endpoints are not part of any plugin.\",\n\t\t\t},\n\t\t],\n\t\tpaths,\n\t};\n\treturn res;\n}\n\nexport const getHTML = (\n\tapiReference: Record<string, any>,\n\tconfig?: {\n\t\tlogo?: string;\n\t\ttheme?: string;\n\t\ttitle?: string;\n\t\tdescription?: string;\n\t},\n) => `<!doctype html>\n<html>\n  <head>\n    <title>Scalar API Reference</title>\n    <meta charset=\"utf-8\" />\n    <meta\n      name=\"viewport\"\n      content=\"width=device-width, initial-scale=1\" />\n  </head>\n  <body>\n    <script\n      id=\"api-reference\"\n      type=\"application/json\">\n    ${JSON.stringify(apiReference)}\n    </script>\n\t <script>\n      var configuration = {\n\t  \tfavicon: ${config?.logo ? `data:image/svg+xml;utf8,${encodeURIComponent(config.logo)}` : undefined} ,\n\t   \ttheme: ${config?.theme || \"saturn\"},\n        metaData: {\n\t\t\ttitle: ${config?.title || \"Open API Reference\"},\n\t\t\tdescription: ${config?.description || \"Better Call Open API\"},\n\t\t}\n      }\n      document.getElementById('api-reference').dataset.configuration =\n        JSON.stringify(configuration)\n    </script>\n\t  <script src=\"https://cdn.jsdelivr.net/npm/@scalar/api-reference\"></script>\n  </body>\n</html>`;\n"],"mappings":";;;;AAwFA,MAAM,QAA8B,EAAE;AAEtC,SAAS,mBAAmB,SAAuB;AAClD,SAAQ,QAAQ,YAAY,MAA5B;EACC,KAAK,YACJ,QAAO;EACR,KAAK,YACJ,QAAO;EACR,KAAK,aACJ,QAAO;EACR,KAAK,YACJ,QAAO;EACR,KAAK,WACJ,QAAO;EACR,QACC,QAAO;;;AAIV,SAAS,cAAc,SAA0B;CAChD,MAAM,aAAiC,EAAE;AACzC,KAAI,QAAQ,UAAU,SAAS,YAAY;AAC1C,aAAW,KAAK,GAAG,QAAQ,SAAS,QAAQ,WAAW;AACvD,SAAO;;AAER,KAAI,QAAQ,iBAAiBA,cAC5B,QAAO,QAAQ,QAAQ,MAAM,MAAM,CAAC,SAAS,CAAC,KAAK,WAAW;AAC7D,MAAI,iBAAiBA,cACpB,YAAW,KAAK;GACf,MAAM;GACN,IAAI;GACJ,QAAQ;IACP,MAAM,mBAAmB,MAAM;IAC/B,GAAI,eAAe,SAAS,MAAM,YAC/B,EACA,WAAW,MAAM,WACjB,GACA,EAAE;IACL,aAAa,MAAM;IACnB;GACD,CAAC;GAEF;AAEH,QAAO;;AAGR,SAAS,eAAe,SAA+B;AACtD,KAAI,QAAQ,UAAU,SAAS,YAC9B,QAAO,QAAQ,SAAS,QAAQ;AAEjC,KAAI,CAAC,QAAQ,KAAM,QAAO;AAC1B,KACC,QAAQ,gBAAgBA,iBACxB,QAAQ,gBAAgBC,iBACvB;EAED,MAAM,QAAQ,QAAQ,KAAK;AAC3B,MAAI,CAAC,MAAO,QAAO;EACnB,MAAM,aAAkC,EAAE;EAC1C,MAAM,WAAqB,EAAE;AAC7B,SAAO,QAAQ,MAAM,CAAC,SAAS,CAAC,KAAK,WAAW;AAC/C,OAAI,iBAAiBD,eAAW;AAC/B,eAAW,OAAO;KACjB,MAAM,mBAAmB,MAAM;KAC/B,aAAa,MAAM;KACnB;AACD,QAAI,EAAE,iBAAiBC,iBACtB,UAAS,KAAK,IAAI;;IAGnB;AACF,SAAO;GACN,UACC,QAAQ,gBAAgBA,kBACrB,QACA,QAAQ,OACP,OACA;GACL,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN;IACA;IACA,EACD,EACD;GACD;;;AAKH,SAAS,YAAY,WAAiC;AACrD,QAAO;EACN,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,UAAU,CAAC,UAAU;IACrB,EACD,EACD;GACD,aACC;GACD;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,UAAU,CAAC,UAAU;IACrB,EACD,EACD;GACD,aAAa;GACb;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,aACC;GACD;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,aAAa;GACb;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,aACC;GACD;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,aACC;GACD;EACD,GAAG;EACH;;AAGF,eAAsB,UACrB,WACA,QAGC;CACD,MAAM,aAAa,EAClB,SAAS,EAAE,EACX;AAED,QAAO,QAAQ,UAAU,CAAC,SAAS,CAAC,GAAG,WAAW;EACjD,MAAM,UAAU,MAAM;AACtB,MAAI,CAAC,MAAM,QAAQ,QAAQ,UAAU,YAAa;AAClD,MAAI,QAAQ,WAAW,MACtB,OAAM,MAAM,QAAQ,EACnB,KAAK;GACJ,MAAM,CAAC,WAAW,GAAI,QAAQ,UAAU,SAAS,QAAQ,EAAE,CAAE;GAC7D,aAAa,QAAQ,UAAU,SAAS;GACxC,aAAa,QAAQ,UAAU,SAAS;GACxC,UAAU,CACT,EACC,YAAY,EAAE,EACd,CACD;GACD,YAAY,cAAc,QAAQ;GAClC,WAAW,YAAY,QAAQ,UAAU,SAAS,UAAU;GAC5D,EACD;AAGF,MAAI,QAAQ,WAAW,QAAQ;GAC9B,MAAM,OAAO,eAAe,QAAQ;AACpC,SAAM,MAAM,QAAQ,EACnB,MAAM;IACL,MAAM,CAAC,WAAW,GAAI,QAAQ,UAAU,SAAS,QAAQ,EAAE,CAAE;IAC7D,aAAa,QAAQ,UAAU,SAAS;IACxC,aAAa,QAAQ,UAAU,SAAS;IACxC,UAAU,CACT,EACC,YAAY,EAAE,EACd,CACD;IACD,YAAY,cAAc,QAAQ;IAClC,GAAI,OACD,EAAE,aAAa,MAAM,GACrB,EACA,aAAa,EAEZ,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EAAE;KACd,EACD,EACD,EACD,EACD;IACH,WAAW,YAAY,QAAQ,UAAU,SAAS,UAAU;IAC5D,EACD;;GAED;AA6BF,QA3BY;EACX,SAAS;EACT,MAAM;GACL,OAAO;GACP,aAAa;GACb,SAAS;GACT;EACD;EACA,UAAU,CACT,EACC,cAAc,EAAE,EAChB,CACD;EACD,SAAS,CACR,EACC,KAAK,QAAQ,KACb,CACD;EACD,MAAM,CACL;GACC,MAAM;GACN,aACC;GACD,CACD;EACD;EACA;;AAIF,MAAa,WACZ,cACA,WAMI;;;;;;;;;;;;;MAaC,KAAK,UAAU,aAAa,CAAC;;;;eAIpB,QAAQ,OAAO,2BAA2B,mBAAmB,OAAO,KAAK,KAAK,OAAU;cACzF,QAAQ,SAAS,SAAS;;YAE5B,QAAQ,SAAS,qBAAqB;kBAChC,QAAQ,eAAe,uBAAuB"}
+{"version":3,"file":"openapi.cjs","names":["ZodObject","ZodOptional"],"sources":["../src/openapi.ts"],"sourcesContent":["import { ZodObject, ZodOptional, ZodType } from \"zod\";\nimport type { Endpoint, EndpointOptions } from \"./endpoint\";\n\nexport type OpenAPISchemaType =\n\t| \"string\"\n\t| \"number\"\n\t| \"integer\"\n\t| \"boolean\"\n\t| \"array\"\n\t| \"object\";\n\nexport interface OpenAPIParameter {\n\tin: \"query\" | \"path\" | \"header\" | \"cookie\";\n\tname?: string;\n\tdescription?: string;\n\trequired?: boolean;\n\tschema?: {\n\t\ttype: OpenAPISchemaType;\n\t\tformat?: string | undefined;\n\t\titems?: {\n\t\t\ttype: OpenAPISchemaType;\n\t\t};\n\t\tenum?: string[];\n\t\tminLength?: number;\n\t\tdescription?: string | undefined;\n\t\tdefault?: string | undefined;\n\t\texample?: string | undefined;\n\t};\n}\n\nexport interface Path {\n\tget?: {\n\t\ttags?: string[];\n\t\toperationId?: string;\n\t\tdescription?: string;\n\t\tsecurity?: [{ bearerAuth: string[] }];\n\t\tparameters?: OpenAPIParameter[];\n\t\tresponses?: {\n\t\t\t[key in string]: {\n\t\t\t\tdescription?: string;\n\t\t\t\tcontent: {\n\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\ttype?: OpenAPISchemaType;\n\t\t\t\t\t\t\tproperties?: Record<string, any>;\n\t\t\t\t\t\t\trequired?: string[];\n\t\t\t\t\t\t\t$ref?: string;\n\t\t\t\t\t\t};\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t};\n\t\t};\n\t};\n\tpost?: {\n\t\ttags?: string[];\n\t\toperationId?: string;\n\t\tdescription?: string;\n\t\tsecurity?: [{ bearerAuth: string[] }];\n\t\tparameters?: OpenAPIParameter[];\n\t\trequestBody?: {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype?: OpenAPISchemaType;\n\t\t\t\t\t\tproperties?: Record<string, any>;\n\t\t\t\t\t\trequired?: string[];\n\t\t\t\t\t\t$ref?: string;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t};\n\t\t};\n\t\tresponses?: {\n\t\t\t[key in string]: {\n\t\t\t\tdescription?: string;\n\t\t\t\tcontent: {\n\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\ttype?: OpenAPISchemaType;\n\t\t\t\t\t\t\tproperties?: Record<string, any>;\n\t\t\t\t\t\t\trequired?: string[];\n\t\t\t\t\t\t\t$ref?: string;\n\t\t\t\t\t\t};\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t};\n\t\t};\n\t};\n}\nconst paths: Record<string, Path> = {};\n\nfunction getTypeFromZodType(zodType: ZodType<any>) {\n\tswitch (zodType.constructor.name) {\n\t\tcase \"ZodString\":\n\t\t\treturn \"string\";\n\t\tcase \"ZodNumber\":\n\t\t\treturn \"number\";\n\t\tcase \"ZodBoolean\":\n\t\t\treturn \"boolean\";\n\t\tcase \"ZodObject\":\n\t\t\treturn \"object\";\n\t\tcase \"ZodArray\":\n\t\t\treturn \"array\";\n\t\tdefault:\n\t\t\treturn \"string\";\n\t}\n}\n\nfunction getParameters(options: EndpointOptions) {\n\tconst parameters: OpenAPIParameter[] = [];\n\tif (options.metadata?.openapi?.parameters) {\n\t\tparameters.push(...options.metadata.openapi.parameters);\n\t\treturn parameters;\n\t}\n\tif (options.query instanceof ZodObject) {\n\t\tObject.entries(options.query.shape).forEach(([key, value]) => {\n\t\t\tif (value instanceof ZodObject) {\n\t\t\t\tparameters.push({\n\t\t\t\t\tname: key,\n\t\t\t\t\tin: \"query\",\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: getTypeFromZodType(value),\n\t\t\t\t\t\t...(\"minLength\" in value && value.minLength\n\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\tminLength: value.minLength as number,\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t: {}),\n\t\t\t\t\t\tdescription: value.description,\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t}\n\t\t});\n\t}\n\treturn parameters;\n}\n\nfunction getRequestBody(options: EndpointOptions): any {\n\tif (options.metadata?.openapi?.requestBody) {\n\t\treturn options.metadata.openapi.requestBody;\n\t}\n\tif (!options.body) return undefined;\n\tif (\n\t\toptions.body instanceof ZodObject ||\n\t\toptions.body instanceof ZodOptional\n\t) {\n\t\t// @ts-ignore\n\t\tconst shape = options.body.shape;\n\t\tif (!shape) return undefined;\n\t\tconst properties: Record<string, any> = {};\n\t\tconst required: string[] = [];\n\t\tObject.entries(shape).forEach(([key, value]) => {\n\t\t\tif (value instanceof ZodObject) {\n\t\t\t\tproperties[key] = {\n\t\t\t\t\ttype: getTypeFromZodType(value),\n\t\t\t\t\tdescription: value.description,\n\t\t\t\t};\n\t\t\t\tif (!(value instanceof ZodOptional)) {\n\t\t\t\t\trequired.push(key);\n\t\t\t\t}\n\t\t\t}\n\t\t});\n\t\treturn {\n\t\t\trequired:\n\t\t\t\toptions.body instanceof ZodOptional\n\t\t\t\t\t? false\n\t\t\t\t\t: options.body\n\t\t\t\t\t\t? true\n\t\t\t\t\t\t: false,\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties,\n\t\t\t\t\t\trequired,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t};\n\t}\n\treturn undefined;\n}\n\nfunction getResponse(responses?: Record<string, any>) {\n\treturn {\n\t\t\"400\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\trequired: [\"message\"],\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription:\n\t\t\t\t\"Bad Request. Usually due to missing parameters, or invalid parameters.\",\n\t\t},\n\t\t\"401\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\trequired: [\"message\"],\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription: \"Unauthorized. Due to missing or invalid authentication.\",\n\t\t},\n\t\t\"403\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription:\n\t\t\t\t\"Forbidden. You do not have permission to access this resource or to perform this action.\",\n\t\t},\n\t\t\"404\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription: \"Not Found. The requested resource was not found.\",\n\t\t},\n\t\t\"429\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription:\n\t\t\t\t\"Too Many Requests. You have exceeded the rate limit. Try again later.\",\n\t\t},\n\t\t\"500\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription:\n\t\t\t\t\"Internal Server Error. This is a problem with the server that you cannot fix.\",\n\t\t},\n\t\t...responses,\n\t} as any;\n}\n\nexport async function generator(\n\tendpoints: Record<string, Endpoint>,\n\tconfig?: {\n\t\turl: string;\n\t},\n) {\n\tconst components = {\n\t\tschemas: {},\n\t};\n\n\tObject.entries(endpoints).forEach(([_, value]) => {\n\t\tconst options = value.options as EndpointOptions;\n\t\tif (!value.path || options.metadata?.SERVER_ONLY) return;\n\t\tif (options.method === \"GET\") {\n\t\t\tpaths[value.path] = {\n\t\t\t\tget: {\n\t\t\t\t\ttags: [\"Default\", ...(options.metadata?.openapi?.tags || [])],\n\t\t\t\t\tdescription: options.metadata?.openapi?.description,\n\t\t\t\t\toperationId: options.metadata?.openapi?.operationId,\n\t\t\t\t\tsecurity: [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tbearerAuth: [],\n\t\t\t\t\t\t},\n\t\t\t\t\t],\n\t\t\t\t\tparameters: getParameters(options),\n\t\t\t\t\tresponses: getResponse(options.metadata?.openapi?.responses),\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\n\t\tif (options.method === \"POST\") {\n\t\t\tconst body = getRequestBody(options);\n\t\t\tpaths[value.path] = {\n\t\t\t\tpost: {\n\t\t\t\t\ttags: [\"Default\", ...(options.metadata?.openapi?.tags || [])],\n\t\t\t\t\tdescription: options.metadata?.openapi?.description,\n\t\t\t\t\toperationId: options.metadata?.openapi?.operationId,\n\t\t\t\t\tsecurity: [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tbearerAuth: [],\n\t\t\t\t\t\t},\n\t\t\t\t\t],\n\t\t\t\t\tparameters: getParameters(options),\n\t\t\t\t\t...(body\n\t\t\t\t\t\t? { requestBody: body }\n\t\t\t\t\t\t: {\n\t\t\t\t\t\t\t\trequestBody: {\n\t\t\t\t\t\t\t\t\t//set body none\n\t\t\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\tproperties: {},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t}),\n\t\t\t\t\tresponses: getResponse(options.metadata?.openapi?.responses),\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t});\n\n\tconst res = {\n\t\topenapi: \"3.1.1\",\n\t\tinfo: {\n\t\t\ttitle: \"Better Auth\",\n\t\t\tdescription: \"API Reference for your Better Auth Instance\",\n\t\t\tversion: \"1.1.0\",\n\t\t},\n\t\tcomponents,\n\t\tsecurity: [\n\t\t\t{\n\t\t\t\tapiKeyCookie: [],\n\t\t\t},\n\t\t],\n\t\tservers: [\n\t\t\t{\n\t\t\t\turl: config?.url,\n\t\t\t},\n\t\t],\n\t\ttags: [\n\t\t\t{\n\t\t\t\tname: \"Default\",\n\t\t\t\tdescription:\n\t\t\t\t\t\"Default endpoints that are included with Better Auth by default. These endpoints are not part of any plugin.\",\n\t\t\t},\n\t\t],\n\t\tpaths,\n\t};\n\treturn res;\n}\n\nexport const getHTML = (\n\tapiReference: Record<string, any>,\n\tconfig?: {\n\t\tlogo?: string;\n\t\ttheme?: string;\n\t\ttitle?: string;\n\t\tdescription?: string;\n\t},\n) => `<!doctype html>\n<html>\n  <head>\n    <title>Scalar API Reference</title>\n    <meta charset=\"utf-8\" />\n    <meta\n      name=\"viewport\"\n      content=\"width=device-width, initial-scale=1\" />\n  </head>\n  <body>\n    <script\n      id=\"api-reference\"\n      type=\"application/json\">\n    ${JSON.stringify(apiReference)}\n    </script>\n\t <script>\n      var configuration = {\n\t  \tfavicon: ${config?.logo ? `data:image/svg+xml;utf8,${encodeURIComponent(config.logo)}` : undefined} ,\n\t   \ttheme: ${config?.theme || \"saturn\"},\n        metaData: {\n\t\t\ttitle: ${config?.title || \"Open API Reference\"},\n\t\t\tdescription: ${config?.description || \"Better Call Open API\"},\n\t\t}\n      }\n      document.getElementById('api-reference').dataset.configuration =\n        JSON.stringify(configuration)\n    </script>\n\t  <script src=\"https://cdn.jsdelivr.net/npm/@scalar/api-reference\"></script>\n  </body>\n</html>`;\n"],"mappings":";;;;AAwFA,MAAM,QAA8B,EAAE;AAEtC,SAAS,mBAAmB,SAAuB;AAClD,SAAQ,QAAQ,YAAY,MAA5B;EACC,KAAK,YACJ,QAAO;EACR,KAAK,YACJ,QAAO;EACR,KAAK,aACJ,QAAO;EACR,KAAK,YACJ,QAAO;EACR,KAAK,WACJ,QAAO;EACR,QACC,QAAO;;;AAIV,SAAS,cAAc,SAA0B;CAChD,MAAM,aAAiC,EAAE;AACzC,KAAI,QAAQ,UAAU,SAAS,YAAY;AAC1C,aAAW,KAAK,GAAG,QAAQ,SAAS,QAAQ,WAAW;AACvD,SAAO;;AAER,KAAI,QAAQ,iBAAiBA,cAC5B,QAAO,QAAQ,QAAQ,MAAM,MAAM,CAAC,SAAS,CAAC,KAAK,WAAW;AAC7D,MAAI,iBAAiBA,cACpB,YAAW,KAAK;GACf,MAAM;GACN,IAAI;GACJ,QAAQ;IACP,MAAM,mBAAmB,MAAM;IAC/B,GAAI,eAAe,SAAS,MAAM,YAC/B,EACA,WAAW,MAAM,WACjB,GACA,EAAE;IACL,aAAa,MAAM;IACnB;GACD,CAAC;GAEF;AAEH,QAAO;;AAGR,SAAS,eAAe,SAA+B;AACtD,KAAI,QAAQ,UAAU,SAAS,YAC9B,QAAO,QAAQ,SAAS,QAAQ;AAEjC,KAAI,CAAC,QAAQ,KAAM,QAAO;AAC1B,KACC,QAAQ,gBAAgBA,iBACxB,QAAQ,gBAAgBC,iBACvB;EAED,MAAM,QAAQ,QAAQ,KAAK;AAC3B,MAAI,CAAC,MAAO,QAAO;EACnB,MAAM,aAAkC,EAAE;EAC1C,MAAM,WAAqB,EAAE;AAC7B,SAAO,QAAQ,MAAM,CAAC,SAAS,CAAC,KAAK,WAAW;AAC/C,OAAI,iBAAiBD,eAAW;AAC/B,eAAW,OAAO;KACjB,MAAM,mBAAmB,MAAM;KAC/B,aAAa,MAAM;KACnB;AACD,QAAI,EAAE,iBAAiBC,iBACtB,UAAS,KAAK,IAAI;;IAGnB;AACF,SAAO;GACN,UACC,QAAQ,gBAAgBA,kBACrB,QACA,QAAQ,OACP,OACA;GACL,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN;IACA;IACA,EACD,EACD;GACD;;;AAKH,SAAS,YAAY,WAAiC;AACrD,QAAO;EACN,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,UAAU,CAAC,UAAU;IACrB,EACD,EACD;GACD,aACC;GACD;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,UAAU,CAAC,UAAU;IACrB,EACD,EACD;GACD,aAAa;GACb;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,aACC;GACD;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,aAAa;GACb;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,aACC;GACD;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,aACC;GACD;EACD,GAAG;EACH;;AAGF,eAAsB,UACrB,WACA,QAGC;CACD,MAAM,aAAa,EAClB,SAAS,EAAE,EACX;AAED,QAAO,QAAQ,UAAU,CAAC,SAAS,CAAC,GAAG,WAAW;EACjD,MAAM,UAAU,MAAM;AACtB,MAAI,CAAC,MAAM,QAAQ,QAAQ,UAAU,YAAa;AAClD,MAAI,QAAQ,WAAW,MACtB,OAAM,MAAM,QAAQ,EACnB,KAAK;GACJ,MAAM,CAAC,WAAW,GAAI,QAAQ,UAAU,SAAS,QAAQ,EAAE,CAAE;GAC7D,aAAa,QAAQ,UAAU,SAAS;GACxC,aAAa,QAAQ,UAAU,SAAS;GACxC,UAAU,CACT,EACC,YAAY,EAAE,EACd,CACD;GACD,YAAY,cAAc,QAAQ;GAClC,WAAW,YAAY,QAAQ,UAAU,SAAS,UAAU;GAC5D,EACD;AAGF,MAAI,QAAQ,WAAW,QAAQ;GAC9B,MAAM,OAAO,eAAe,QAAQ;AACpC,SAAM,MAAM,QAAQ,EACnB,MAAM;IACL,MAAM,CAAC,WAAW,GAAI,QAAQ,UAAU,SAAS,QAAQ,EAAE,CAAE;IAC7D,aAAa,QAAQ,UAAU,SAAS;IACxC,aAAa,QAAQ,UAAU,SAAS;IACxC,UAAU,CACT,EACC,YAAY,EAAE,EACd,CACD;IACD,YAAY,cAAc,QAAQ;IAClC,GAAI,OACD,EAAE,aAAa,MAAM,GACrB,EACA,aAAa,EAEZ,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EAAE;KACd,EACD,EACD,EACD,EACD;IACH,WAAW,YAAY,QAAQ,UAAU,SAAS,UAAU;IAC5D,EACD;;GAED;AA6BF,QA3BY;EACX,SAAS;EACT,MAAM;GACL,OAAO;GACP,aAAa;GACb,SAAS;GACT;EACD;EACA,UAAU,CACT,EACC,cAAc,EAAE,EAChB,CACD;EACD,SAAS,CACR,EACC,KAAK,QAAQ,KACb,CACD;EACD,MAAM,CACL;GACC,MAAM;GACN,aACC;GACD,CACD;EACD;EACA;;AAIF,MAAa,WACZ,cACA,WAMI;;;;;;;;;;;;;MAaC,KAAK,UAAU,aAAa,CAAC;;;;eAIpB,QAAQ,OAAO,2BAA2B,mBAAmB,OAAO,KAAK,KAAK,OAAU;cACzF,QAAQ,SAAS,SAAS;;YAE5B,QAAQ,SAAS,qBAAqB;kBAChC,QAAQ,eAAe,uBAAuB"}

package/dist/openapi.d.cts

@@ -9,15 +9,15 @@ interface OpenAPIParameter {
   required?: boolean;
   schema?: {
     type: OpenAPISchemaType;
-    format?: string;
+    format?: string | undefined;
     items?: {
       type: OpenAPISchemaType;
     };
     enum?: string[];
     minLength?: number;
-    description?: string;
-    default?: string;
-    example?: string;
+    description?: string | undefined;
+    default?: string | undefined;
+    example?: string | undefined;
   };
 }
 interface Path {

package/dist/openapi.d.mts

@@ -9,15 +9,15 @@ interface OpenAPIParameter {
   required?: boolean;
   schema?: {
     type: OpenAPISchemaType;
-    format?: string;
+    format?: string | undefined;
     items?: {
       type: OpenAPISchemaType;
     };
     enum?: string[];
     minLength?: number;
-    description?: string;
-    default?: string;
-    example?: string;
+    description?: string | undefined;
+    default?: string | undefined;
+    example?: string | undefined;
   };
 }
 interface Path {

package/dist/openapi.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"openapi.mjs","names":[],"sources":["../src/openapi.ts"],"sourcesContent":["import { ZodObject, ZodOptional, ZodType } from \"zod\";\nimport type { Endpoint, EndpointOptions } from \"./endpoint\";\n\nexport type OpenAPISchemaType =\n\t| \"string\"\n\t| \"number\"\n\t| \"integer\"\n\t| \"boolean\"\n\t| \"array\"\n\t| \"object\";\n\nexport interface OpenAPIParameter {\n\tin: \"query\" | \"path\" | \"header\" | \"cookie\";\n\tname?: string;\n\tdescription?: string;\n\trequired?: boolean;\n\tschema?: {\n\t\ttype: OpenAPISchemaType;\n\t\tformat?: string;\n\t\titems?: {\n\t\t\ttype: OpenAPISchemaType;\n\t\t};\n\t\tenum?: string[];\n\t\tminLength?: number;\n\t\tdescription?: string;\n\t\tdefault?: string;\n\t\texample?: string;\n\t};\n}\n\nexport interface Path {\n\tget?: {\n\t\ttags?: string[];\n\t\toperationId?: string;\n\t\tdescription?: string;\n\t\tsecurity?: [{ bearerAuth: string[] }];\n\t\tparameters?: OpenAPIParameter[];\n\t\tresponses?: {\n\t\t\t[key in string]: {\n\t\t\t\tdescription?: string;\n\t\t\t\tcontent: {\n\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\ttype?: OpenAPISchemaType;\n\t\t\t\t\t\t\tproperties?: Record<string, any>;\n\t\t\t\t\t\t\trequired?: string[];\n\t\t\t\t\t\t\t$ref?: string;\n\t\t\t\t\t\t};\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t};\n\t\t};\n\t};\n\tpost?: {\n\t\ttags?: string[];\n\t\toperationId?: string;\n\t\tdescription?: string;\n\t\tsecurity?: [{ bearerAuth: string[] }];\n\t\tparameters?: OpenAPIParameter[];\n\t\trequestBody?: {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype?: OpenAPISchemaType;\n\t\t\t\t\t\tproperties?: Record<string, any>;\n\t\t\t\t\t\trequired?: string[];\n\t\t\t\t\t\t$ref?: string;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t};\n\t\t};\n\t\tresponses?: {\n\t\t\t[key in string]: {\n\t\t\t\tdescription?: string;\n\t\t\t\tcontent: {\n\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\ttype?: OpenAPISchemaType;\n\t\t\t\t\t\t\tproperties?: Record<string, any>;\n\t\t\t\t\t\t\trequired?: string[];\n\t\t\t\t\t\t\t$ref?: string;\n\t\t\t\t\t\t};\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t};\n\t\t};\n\t};\n}\nconst paths: Record<string, Path> = {};\n\nfunction getTypeFromZodType(zodType: ZodType<any>) {\n\tswitch (zodType.constructor.name) {\n\t\tcase \"ZodString\":\n\t\t\treturn \"string\";\n\t\tcase \"ZodNumber\":\n\t\t\treturn \"number\";\n\t\tcase \"ZodBoolean\":\n\t\t\treturn \"boolean\";\n\t\tcase \"ZodObject\":\n\t\t\treturn \"object\";\n\t\tcase \"ZodArray\":\n\t\t\treturn \"array\";\n\t\tdefault:\n\t\t\treturn \"string\";\n\t}\n}\n\nfunction getParameters(options: EndpointOptions) {\n\tconst parameters: OpenAPIParameter[] = [];\n\tif (options.metadata?.openapi?.parameters) {\n\t\tparameters.push(...options.metadata.openapi.parameters);\n\t\treturn parameters;\n\t}\n\tif (options.query instanceof ZodObject) {\n\t\tObject.entries(options.query.shape).forEach(([key, value]) => {\n\t\t\tif (value instanceof ZodObject) {\n\t\t\t\tparameters.push({\n\t\t\t\t\tname: key,\n\t\t\t\t\tin: \"query\",\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: getTypeFromZodType(value),\n\t\t\t\t\t\t...(\"minLength\" in value && value.minLength\n\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\tminLength: value.minLength as number,\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t: {}),\n\t\t\t\t\t\tdescription: value.description,\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t}\n\t\t});\n\t}\n\treturn parameters;\n}\n\nfunction getRequestBody(options: EndpointOptions): any {\n\tif (options.metadata?.openapi?.requestBody) {\n\t\treturn options.metadata.openapi.requestBody;\n\t}\n\tif (!options.body) return undefined;\n\tif (\n\t\toptions.body instanceof ZodObject ||\n\t\toptions.body instanceof ZodOptional\n\t) {\n\t\t// @ts-ignore\n\t\tconst shape = options.body.shape;\n\t\tif (!shape) return undefined;\n\t\tconst properties: Record<string, any> = {};\n\t\tconst required: string[] = [];\n\t\tObject.entries(shape).forEach(([key, value]) => {\n\t\t\tif (value instanceof ZodObject) {\n\t\t\t\tproperties[key] = {\n\t\t\t\t\ttype: getTypeFromZodType(value),\n\t\t\t\t\tdescription: value.description,\n\t\t\t\t};\n\t\t\t\tif (!(value instanceof ZodOptional)) {\n\t\t\t\t\trequired.push(key);\n\t\t\t\t}\n\t\t\t}\n\t\t});\n\t\treturn {\n\t\t\trequired:\n\t\t\t\toptions.body instanceof ZodOptional\n\t\t\t\t\t? false\n\t\t\t\t\t: options.body\n\t\t\t\t\t\t? true\n\t\t\t\t\t\t: false,\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties,\n\t\t\t\t\t\trequired,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t};\n\t}\n\treturn undefined;\n}\n\nfunction getResponse(responses?: Record<string, any>) {\n\treturn {\n\t\t\"400\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\trequired: [\"message\"],\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription:\n\t\t\t\t\"Bad Request. Usually due to missing parameters, or invalid parameters.\",\n\t\t},\n\t\t\"401\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\trequired: [\"message\"],\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription: \"Unauthorized. Due to missing or invalid authentication.\",\n\t\t},\n\t\t\"403\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription:\n\t\t\t\t\"Forbidden. You do not have permission to access this resource or to perform this action.\",\n\t\t},\n\t\t\"404\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription: \"Not Found. The requested resource was not found.\",\n\t\t},\n\t\t\"429\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription:\n\t\t\t\t\"Too Many Requests. You have exceeded the rate limit. Try again later.\",\n\t\t},\n\t\t\"500\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription:\n\t\t\t\t\"Internal Server Error. This is a problem with the server that you cannot fix.\",\n\t\t},\n\t\t...responses,\n\t} as any;\n}\n\nexport async function generator(\n\tendpoints: Record<string, Endpoint>,\n\tconfig?: {\n\t\turl: string;\n\t},\n) {\n\tconst components = {\n\t\tschemas: {},\n\t};\n\n\tObject.entries(endpoints).forEach(([_, value]) => {\n\t\tconst options = value.options as EndpointOptions;\n\t\tif (!value.path || options.metadata?.SERVER_ONLY) return;\n\t\tif (options.method === \"GET\") {\n\t\t\tpaths[value.path] = {\n\t\t\t\tget: {\n\t\t\t\t\ttags: [\"Default\", ...(options.metadata?.openapi?.tags || [])],\n\t\t\t\t\tdescription: options.metadata?.openapi?.description,\n\t\t\t\t\toperationId: options.metadata?.openapi?.operationId,\n\t\t\t\t\tsecurity: [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tbearerAuth: [],\n\t\t\t\t\t\t},\n\t\t\t\t\t],\n\t\t\t\t\tparameters: getParameters(options),\n\t\t\t\t\tresponses: getResponse(options.metadata?.openapi?.responses),\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\n\t\tif (options.method === \"POST\") {\n\t\t\tconst body = getRequestBody(options);\n\t\t\tpaths[value.path] = {\n\t\t\t\tpost: {\n\t\t\t\t\ttags: [\"Default\", ...(options.metadata?.openapi?.tags || [])],\n\t\t\t\t\tdescription: options.metadata?.openapi?.description,\n\t\t\t\t\toperationId: options.metadata?.openapi?.operationId,\n\t\t\t\t\tsecurity: [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tbearerAuth: [],\n\t\t\t\t\t\t},\n\t\t\t\t\t],\n\t\t\t\t\tparameters: getParameters(options),\n\t\t\t\t\t...(body\n\t\t\t\t\t\t? { requestBody: body }\n\t\t\t\t\t\t: {\n\t\t\t\t\t\t\t\trequestBody: {\n\t\t\t\t\t\t\t\t\t//set body none\n\t\t\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\tproperties: {},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t}),\n\t\t\t\t\tresponses: getResponse(options.metadata?.openapi?.responses),\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t});\n\n\tconst res = {\n\t\topenapi: \"3.1.1\",\n\t\tinfo: {\n\t\t\ttitle: \"Better Auth\",\n\t\t\tdescription: \"API Reference for your Better Auth Instance\",\n\t\t\tversion: \"1.1.0\",\n\t\t},\n\t\tcomponents,\n\t\tsecurity: [\n\t\t\t{\n\t\t\t\tapiKeyCookie: [],\n\t\t\t},\n\t\t],\n\t\tservers: [\n\t\t\t{\n\t\t\t\turl: config?.url,\n\t\t\t},\n\t\t],\n\t\ttags: [\n\t\t\t{\n\t\t\t\tname: \"Default\",\n\t\t\t\tdescription:\n\t\t\t\t\t\"Default endpoints that are included with Better Auth by default. These endpoints are not part of any plugin.\",\n\t\t\t},\n\t\t],\n\t\tpaths,\n\t};\n\treturn res;\n}\n\nexport const getHTML = (\n\tapiReference: Record<string, any>,\n\tconfig?: {\n\t\tlogo?: string;\n\t\ttheme?: string;\n\t\ttitle?: string;\n\t\tdescription?: string;\n\t},\n) => `<!doctype html>\n<html>\n  <head>\n    <title>Scalar API Reference</title>\n    <meta charset=\"utf-8\" />\n    <meta\n      name=\"viewport\"\n      content=\"width=device-width, initial-scale=1\" />\n  </head>\n  <body>\n    <script\n      id=\"api-reference\"\n      type=\"application/json\">\n    ${JSON.stringify(apiReference)}\n    </script>\n\t <script>\n      var configuration = {\n\t  \tfavicon: ${config?.logo ? `data:image/svg+xml;utf8,${encodeURIComponent(config.logo)}` : undefined} ,\n\t   \ttheme: ${config?.theme || \"saturn\"},\n        metaData: {\n\t\t\ttitle: ${config?.title || \"Open API Reference\"},\n\t\t\tdescription: ${config?.description || \"Better Call Open API\"},\n\t\t}\n      }\n      document.getElementById('api-reference').dataset.configuration =\n        JSON.stringify(configuration)\n    </script>\n\t  <script src=\"https://cdn.jsdelivr.net/npm/@scalar/api-reference\"></script>\n  </body>\n</html>`;\n"],"mappings":";;;AAwFA,MAAM,QAA8B,EAAE;AAEtC,SAAS,mBAAmB,SAAuB;AAClD,SAAQ,QAAQ,YAAY,MAA5B;EACC,KAAK,YACJ,QAAO;EACR,KAAK,YACJ,QAAO;EACR,KAAK,aACJ,QAAO;EACR,KAAK,YACJ,QAAO;EACR,KAAK,WACJ,QAAO;EACR,QACC,QAAO;;;AAIV,SAAS,cAAc,SAA0B;CAChD,MAAM,aAAiC,EAAE;AACzC,KAAI,QAAQ,UAAU,SAAS,YAAY;AAC1C,aAAW,KAAK,GAAG,QAAQ,SAAS,QAAQ,WAAW;AACvD,SAAO;;AAER,KAAI,QAAQ,iBAAiB,UAC5B,QAAO,QAAQ,QAAQ,MAAM,MAAM,CAAC,SAAS,CAAC,KAAK,WAAW;AAC7D,MAAI,iBAAiB,UACpB,YAAW,KAAK;GACf,MAAM;GACN,IAAI;GACJ,QAAQ;IACP,MAAM,mBAAmB,MAAM;IAC/B,GAAI,eAAe,SAAS,MAAM,YAC/B,EACA,WAAW,MAAM,WACjB,GACA,EAAE;IACL,aAAa,MAAM;IACnB;GACD,CAAC;GAEF;AAEH,QAAO;;AAGR,SAAS,eAAe,SAA+B;AACtD,KAAI,QAAQ,UAAU,SAAS,YAC9B,QAAO,QAAQ,SAAS,QAAQ;AAEjC,KAAI,CAAC,QAAQ,KAAM,QAAO;AAC1B,KACC,QAAQ,gBAAgB,aACxB,QAAQ,gBAAgB,aACvB;EAED,MAAM,QAAQ,QAAQ,KAAK;AAC3B,MAAI,CAAC,MAAO,QAAO;EACnB,MAAM,aAAkC,EAAE;EAC1C,MAAM,WAAqB,EAAE;AAC7B,SAAO,QAAQ,MAAM,CAAC,SAAS,CAAC,KAAK,WAAW;AAC/C,OAAI,iBAAiB,WAAW;AAC/B,eAAW,OAAO;KACjB,MAAM,mBAAmB,MAAM;KAC/B,aAAa,MAAM;KACnB;AACD,QAAI,EAAE,iBAAiB,aACtB,UAAS,KAAK,IAAI;;IAGnB;AACF,SAAO;GACN,UACC,QAAQ,gBAAgB,cACrB,QACA,QAAQ,OACP,OACA;GACL,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN;IACA;IACA,EACD,EACD;GACD;;;AAKH,SAAS,YAAY,WAAiC;AACrD,QAAO;EACN,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,UAAU,CAAC,UAAU;IACrB,EACD,EACD;GACD,aACC;GACD;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,UAAU,CAAC,UAAU;IACrB,EACD,EACD;GACD,aAAa;GACb;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,aACC;GACD;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,aAAa;GACb;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,aACC;GACD;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,aACC;GACD;EACD,GAAG;EACH;;AAGF,eAAsB,UACrB,WACA,QAGC;CACD,MAAM,aAAa,EAClB,SAAS,EAAE,EACX;AAED,QAAO,QAAQ,UAAU,CAAC,SAAS,CAAC,GAAG,WAAW;EACjD,MAAM,UAAU,MAAM;AACtB,MAAI,CAAC,MAAM,QAAQ,QAAQ,UAAU,YAAa;AAClD,MAAI,QAAQ,WAAW,MACtB,OAAM,MAAM,QAAQ,EACnB,KAAK;GACJ,MAAM,CAAC,WAAW,GAAI,QAAQ,UAAU,SAAS,QAAQ,EAAE,CAAE;GAC7D,aAAa,QAAQ,UAAU,SAAS;GACxC,aAAa,QAAQ,UAAU,SAAS;GACxC,UAAU,CACT,EACC,YAAY,EAAE,EACd,CACD;GACD,YAAY,cAAc,QAAQ;GAClC,WAAW,YAAY,QAAQ,UAAU,SAAS,UAAU;GAC5D,EACD;AAGF,MAAI,QAAQ,WAAW,QAAQ;GAC9B,MAAM,OAAO,eAAe,QAAQ;AACpC,SAAM,MAAM,QAAQ,EACnB,MAAM;IACL,MAAM,CAAC,WAAW,GAAI,QAAQ,UAAU,SAAS,QAAQ,EAAE,CAAE;IAC7D,aAAa,QAAQ,UAAU,SAAS;IACxC,aAAa,QAAQ,UAAU,SAAS;IACxC,UAAU,CACT,EACC,YAAY,EAAE,EACd,CACD;IACD,YAAY,cAAc,QAAQ;IAClC,GAAI,OACD,EAAE,aAAa,MAAM,GACrB,EACA,aAAa,EAEZ,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EAAE;KACd,EACD,EACD,EACD,EACD;IACH,WAAW,YAAY,QAAQ,UAAU,SAAS,UAAU;IAC5D,EACD;;GAED;AA6BF,QA3BY;EACX,SAAS;EACT,MAAM;GACL,OAAO;GACP,aAAa;GACb,SAAS;GACT;EACD;EACA,UAAU,CACT,EACC,cAAc,EAAE,EAChB,CACD;EACD,SAAS,CACR,EACC,KAAK,QAAQ,KACb,CACD;EACD,MAAM,CACL;GACC,MAAM;GACN,aACC;GACD,CACD;EACD;EACA;;AAIF,MAAa,WACZ,cACA,WAMI;;;;;;;;;;;;;MAaC,KAAK,UAAU,aAAa,CAAC;;;;eAIpB,QAAQ,OAAO,2BAA2B,mBAAmB,OAAO,KAAK,KAAK,OAAU;cACzF,QAAQ,SAAS,SAAS;;YAE5B,QAAQ,SAAS,qBAAqB;kBAChC,QAAQ,eAAe,uBAAuB"}
+{"version":3,"file":"openapi.mjs","names":[],"sources":["../src/openapi.ts"],"sourcesContent":["import { ZodObject, ZodOptional, ZodType } from \"zod\";\nimport type { Endpoint, EndpointOptions } from \"./endpoint\";\n\nexport type OpenAPISchemaType =\n\t| \"string\"\n\t| \"number\"\n\t| \"integer\"\n\t| \"boolean\"\n\t| \"array\"\n\t| \"object\";\n\nexport interface OpenAPIParameter {\n\tin: \"query\" | \"path\" | \"header\" | \"cookie\";\n\tname?: string;\n\tdescription?: string;\n\trequired?: boolean;\n\tschema?: {\n\t\ttype: OpenAPISchemaType;\n\t\tformat?: string | undefined;\n\t\titems?: {\n\t\t\ttype: OpenAPISchemaType;\n\t\t};\n\t\tenum?: string[];\n\t\tminLength?: number;\n\t\tdescription?: string | undefined;\n\t\tdefault?: string | undefined;\n\t\texample?: string | undefined;\n\t};\n}\n\nexport interface Path {\n\tget?: {\n\t\ttags?: string[];\n\t\toperationId?: string;\n\t\tdescription?: string;\n\t\tsecurity?: [{ bearerAuth: string[] }];\n\t\tparameters?: OpenAPIParameter[];\n\t\tresponses?: {\n\t\t\t[key in string]: {\n\t\t\t\tdescription?: string;\n\t\t\t\tcontent: {\n\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\ttype?: OpenAPISchemaType;\n\t\t\t\t\t\t\tproperties?: Record<string, any>;\n\t\t\t\t\t\t\trequired?: string[];\n\t\t\t\t\t\t\t$ref?: string;\n\t\t\t\t\t\t};\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t};\n\t\t};\n\t};\n\tpost?: {\n\t\ttags?: string[];\n\t\toperationId?: string;\n\t\tdescription?: string;\n\t\tsecurity?: [{ bearerAuth: string[] }];\n\t\tparameters?: OpenAPIParameter[];\n\t\trequestBody?: {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype?: OpenAPISchemaType;\n\t\t\t\t\t\tproperties?: Record<string, any>;\n\t\t\t\t\t\trequired?: string[];\n\t\t\t\t\t\t$ref?: string;\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t};\n\t\t};\n\t\tresponses?: {\n\t\t\t[key in string]: {\n\t\t\t\tdescription?: string;\n\t\t\t\tcontent: {\n\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\ttype?: OpenAPISchemaType;\n\t\t\t\t\t\t\tproperties?: Record<string, any>;\n\t\t\t\t\t\t\trequired?: string[];\n\t\t\t\t\t\t\t$ref?: string;\n\t\t\t\t\t\t};\n\t\t\t\t\t};\n\t\t\t\t};\n\t\t\t};\n\t\t};\n\t};\n}\nconst paths: Record<string, Path> = {};\n\nfunction getTypeFromZodType(zodType: ZodType<any>) {\n\tswitch (zodType.constructor.name) {\n\t\tcase \"ZodString\":\n\t\t\treturn \"string\";\n\t\tcase \"ZodNumber\":\n\t\t\treturn \"number\";\n\t\tcase \"ZodBoolean\":\n\t\t\treturn \"boolean\";\n\t\tcase \"ZodObject\":\n\t\t\treturn \"object\";\n\t\tcase \"ZodArray\":\n\t\t\treturn \"array\";\n\t\tdefault:\n\t\t\treturn \"string\";\n\t}\n}\n\nfunction getParameters(options: EndpointOptions) {\n\tconst parameters: OpenAPIParameter[] = [];\n\tif (options.metadata?.openapi?.parameters) {\n\t\tparameters.push(...options.metadata.openapi.parameters);\n\t\treturn parameters;\n\t}\n\tif (options.query instanceof ZodObject) {\n\t\tObject.entries(options.query.shape).forEach(([key, value]) => {\n\t\t\tif (value instanceof ZodObject) {\n\t\t\t\tparameters.push({\n\t\t\t\t\tname: key,\n\t\t\t\t\tin: \"query\",\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: getTypeFromZodType(value),\n\t\t\t\t\t\t...(\"minLength\" in value && value.minLength\n\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\tminLength: value.minLength as number,\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t: {}),\n\t\t\t\t\t\tdescription: value.description,\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t}\n\t\t});\n\t}\n\treturn parameters;\n}\n\nfunction getRequestBody(options: EndpointOptions): any {\n\tif (options.metadata?.openapi?.requestBody) {\n\t\treturn options.metadata.openapi.requestBody;\n\t}\n\tif (!options.body) return undefined;\n\tif (\n\t\toptions.body instanceof ZodObject ||\n\t\toptions.body instanceof ZodOptional\n\t) {\n\t\t// @ts-ignore\n\t\tconst shape = options.body.shape;\n\t\tif (!shape) return undefined;\n\t\tconst properties: Record<string, any> = {};\n\t\tconst required: string[] = [];\n\t\tObject.entries(shape).forEach(([key, value]) => {\n\t\t\tif (value instanceof ZodObject) {\n\t\t\t\tproperties[key] = {\n\t\t\t\t\ttype: getTypeFromZodType(value),\n\t\t\t\t\tdescription: value.description,\n\t\t\t\t};\n\t\t\t\tif (!(value instanceof ZodOptional)) {\n\t\t\t\t\trequired.push(key);\n\t\t\t\t}\n\t\t\t}\n\t\t});\n\t\treturn {\n\t\t\trequired:\n\t\t\t\toptions.body instanceof ZodOptional\n\t\t\t\t\t? false\n\t\t\t\t\t: options.body\n\t\t\t\t\t\t? true\n\t\t\t\t\t\t: false,\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties,\n\t\t\t\t\t\trequired,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t};\n\t}\n\treturn undefined;\n}\n\nfunction getResponse(responses?: Record<string, any>) {\n\treturn {\n\t\t\"400\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\trequired: [\"message\"],\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription:\n\t\t\t\t\"Bad Request. Usually due to missing parameters, or invalid parameters.\",\n\t\t},\n\t\t\"401\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\trequired: [\"message\"],\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription: \"Unauthorized. Due to missing or invalid authentication.\",\n\t\t},\n\t\t\"403\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription:\n\t\t\t\t\"Forbidden. You do not have permission to access this resource or to perform this action.\",\n\t\t},\n\t\t\"404\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription: \"Not Found. The requested resource was not found.\",\n\t\t},\n\t\t\"429\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription:\n\t\t\t\t\"Too Many Requests. You have exceeded the rate limit. Try again later.\",\n\t\t},\n\t\t\"500\": {\n\t\t\tcontent: {\n\t\t\t\t\"application/json\": {\n\t\t\t\t\tschema: {\n\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\tmessage: {\n\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tdescription:\n\t\t\t\t\"Internal Server Error. This is a problem with the server that you cannot fix.\",\n\t\t},\n\t\t...responses,\n\t} as any;\n}\n\nexport async function generator(\n\tendpoints: Record<string, Endpoint>,\n\tconfig?: {\n\t\turl: string;\n\t},\n) {\n\tconst components = {\n\t\tschemas: {},\n\t};\n\n\tObject.entries(endpoints).forEach(([_, value]) => {\n\t\tconst options = value.options as EndpointOptions;\n\t\tif (!value.path || options.metadata?.SERVER_ONLY) return;\n\t\tif (options.method === \"GET\") {\n\t\t\tpaths[value.path] = {\n\t\t\t\tget: {\n\t\t\t\t\ttags: [\"Default\", ...(options.metadata?.openapi?.tags || [])],\n\t\t\t\t\tdescription: options.metadata?.openapi?.description,\n\t\t\t\t\toperationId: options.metadata?.openapi?.operationId,\n\t\t\t\t\tsecurity: [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tbearerAuth: [],\n\t\t\t\t\t\t},\n\t\t\t\t\t],\n\t\t\t\t\tparameters: getParameters(options),\n\t\t\t\t\tresponses: getResponse(options.metadata?.openapi?.responses),\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\n\t\tif (options.method === \"POST\") {\n\t\t\tconst body = getRequestBody(options);\n\t\t\tpaths[value.path] = {\n\t\t\t\tpost: {\n\t\t\t\t\ttags: [\"Default\", ...(options.metadata?.openapi?.tags || [])],\n\t\t\t\t\tdescription: options.metadata?.openapi?.description,\n\t\t\t\t\toperationId: options.metadata?.openapi?.operationId,\n\t\t\t\t\tsecurity: [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tbearerAuth: [],\n\t\t\t\t\t\t},\n\t\t\t\t\t],\n\t\t\t\t\tparameters: getParameters(options),\n\t\t\t\t\t...(body\n\t\t\t\t\t\t? { requestBody: body }\n\t\t\t\t\t\t: {\n\t\t\t\t\t\t\t\trequestBody: {\n\t\t\t\t\t\t\t\t\t//set body none\n\t\t\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\t\tproperties: {},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t}),\n\t\t\t\t\tresponses: getResponse(options.metadata?.openapi?.responses),\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t});\n\n\tconst res = {\n\t\topenapi: \"3.1.1\",\n\t\tinfo: {\n\t\t\ttitle: \"Better Auth\",\n\t\t\tdescription: \"API Reference for your Better Auth Instance\",\n\t\t\tversion: \"1.1.0\",\n\t\t},\n\t\tcomponents,\n\t\tsecurity: [\n\t\t\t{\n\t\t\t\tapiKeyCookie: [],\n\t\t\t},\n\t\t],\n\t\tservers: [\n\t\t\t{\n\t\t\t\turl: config?.url,\n\t\t\t},\n\t\t],\n\t\ttags: [\n\t\t\t{\n\t\t\t\tname: \"Default\",\n\t\t\t\tdescription:\n\t\t\t\t\t\"Default endpoints that are included with Better Auth by default. These endpoints are not part of any plugin.\",\n\t\t\t},\n\t\t],\n\t\tpaths,\n\t};\n\treturn res;\n}\n\nexport const getHTML = (\n\tapiReference: Record<string, any>,\n\tconfig?: {\n\t\tlogo?: string;\n\t\ttheme?: string;\n\t\ttitle?: string;\n\t\tdescription?: string;\n\t},\n) => `<!doctype html>\n<html>\n  <head>\n    <title>Scalar API Reference</title>\n    <meta charset=\"utf-8\" />\n    <meta\n      name=\"viewport\"\n      content=\"width=device-width, initial-scale=1\" />\n  </head>\n  <body>\n    <script\n      id=\"api-reference\"\n      type=\"application/json\">\n    ${JSON.stringify(apiReference)}\n    </script>\n\t <script>\n      var configuration = {\n\t  \tfavicon: ${config?.logo ? `data:image/svg+xml;utf8,${encodeURIComponent(config.logo)}` : undefined} ,\n\t   \ttheme: ${config?.theme || \"saturn\"},\n        metaData: {\n\t\t\ttitle: ${config?.title || \"Open API Reference\"},\n\t\t\tdescription: ${config?.description || \"Better Call Open API\"},\n\t\t}\n      }\n      document.getElementById('api-reference').dataset.configuration =\n        JSON.stringify(configuration)\n    </script>\n\t  <script src=\"https://cdn.jsdelivr.net/npm/@scalar/api-reference\"></script>\n  </body>\n</html>`;\n"],"mappings":";;;AAwFA,MAAM,QAA8B,EAAE;AAEtC,SAAS,mBAAmB,SAAuB;AAClD,SAAQ,QAAQ,YAAY,MAA5B;EACC,KAAK,YACJ,QAAO;EACR,KAAK,YACJ,QAAO;EACR,KAAK,aACJ,QAAO;EACR,KAAK,YACJ,QAAO;EACR,KAAK,WACJ,QAAO;EACR,QACC,QAAO;;;AAIV,SAAS,cAAc,SAA0B;CAChD,MAAM,aAAiC,EAAE;AACzC,KAAI,QAAQ,UAAU,SAAS,YAAY;AAC1C,aAAW,KAAK,GAAG,QAAQ,SAAS,QAAQ,WAAW;AACvD,SAAO;;AAER,KAAI,QAAQ,iBAAiB,UAC5B,QAAO,QAAQ,QAAQ,MAAM,MAAM,CAAC,SAAS,CAAC,KAAK,WAAW;AAC7D,MAAI,iBAAiB,UACpB,YAAW,KAAK;GACf,MAAM;GACN,IAAI;GACJ,QAAQ;IACP,MAAM,mBAAmB,MAAM;IAC/B,GAAI,eAAe,SAAS,MAAM,YAC/B,EACA,WAAW,MAAM,WACjB,GACA,EAAE;IACL,aAAa,MAAM;IACnB;GACD,CAAC;GAEF;AAEH,QAAO;;AAGR,SAAS,eAAe,SAA+B;AACtD,KAAI,QAAQ,UAAU,SAAS,YAC9B,QAAO,QAAQ,SAAS,QAAQ;AAEjC,KAAI,CAAC,QAAQ,KAAM,QAAO;AAC1B,KACC,QAAQ,gBAAgB,aACxB,QAAQ,gBAAgB,aACvB;EAED,MAAM,QAAQ,QAAQ,KAAK;AAC3B,MAAI,CAAC,MAAO,QAAO;EACnB,MAAM,aAAkC,EAAE;EAC1C,MAAM,WAAqB,EAAE;AAC7B,SAAO,QAAQ,MAAM,CAAC,SAAS,CAAC,KAAK,WAAW;AAC/C,OAAI,iBAAiB,WAAW;AAC/B,eAAW,OAAO;KACjB,MAAM,mBAAmB,MAAM;KAC/B,aAAa,MAAM;KACnB;AACD,QAAI,EAAE,iBAAiB,aACtB,UAAS,KAAK,IAAI;;IAGnB;AACF,SAAO;GACN,UACC,QAAQ,gBAAgB,cACrB,QACA,QAAQ,OACP,OACA;GACL,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN;IACA;IACA,EACD,EACD;GACD;;;AAKH,SAAS,YAAY,WAAiC;AACrD,QAAO;EACN,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,UAAU,CAAC,UAAU;IACrB,EACD,EACD;GACD,aACC;GACD;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,UAAU,CAAC,UAAU;IACrB,EACD,EACD;GACD,aAAa;GACb;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,aACC;GACD;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,aAAa;GACb;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,aACC;GACD;EACD,OAAO;GACN,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,UACN,EACD;IACD,EACD,EACD;GACD,aACC;GACD;EACD,GAAG;EACH;;AAGF,eAAsB,UACrB,WACA,QAGC;CACD,MAAM,aAAa,EAClB,SAAS,EAAE,EACX;AAED,QAAO,QAAQ,UAAU,CAAC,SAAS,CAAC,GAAG,WAAW;EACjD,MAAM,UAAU,MAAM;AACtB,MAAI,CAAC,MAAM,QAAQ,QAAQ,UAAU,YAAa;AAClD,MAAI,QAAQ,WAAW,MACtB,OAAM,MAAM,QAAQ,EACnB,KAAK;GACJ,MAAM,CAAC,WAAW,GAAI,QAAQ,UAAU,SAAS,QAAQ,EAAE,CAAE;GAC7D,aAAa,QAAQ,UAAU,SAAS;GACxC,aAAa,QAAQ,UAAU,SAAS;GACxC,UAAU,CACT,EACC,YAAY,EAAE,EACd,CACD;GACD,YAAY,cAAc,QAAQ;GAClC,WAAW,YAAY,QAAQ,UAAU,SAAS,UAAU;GAC5D,EACD;AAGF,MAAI,QAAQ,WAAW,QAAQ;GAC9B,MAAM,OAAO,eAAe,QAAQ;AACpC,SAAM,MAAM,QAAQ,EACnB,MAAM;IACL,MAAM,CAAC,WAAW,GAAI,QAAQ,UAAU,SAAS,QAAQ,EAAE,CAAE;IAC7D,aAAa,QAAQ,UAAU,SAAS;IACxC,aAAa,QAAQ,UAAU,SAAS;IACxC,UAAU,CACT,EACC,YAAY,EAAE,EACd,CACD;IACD,YAAY,cAAc,QAAQ;IAClC,GAAI,OACD,EAAE,aAAa,MAAM,GACrB,EACA,aAAa,EAEZ,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EAAE;KACd,EACD,EACD,EACD,EACD;IACH,WAAW,YAAY,QAAQ,UAAU,SAAS,UAAU;IAC5D,EACD;;GAED;AA6BF,QA3BY;EACX,SAAS;EACT,MAAM;GACL,OAAO;GACP,aAAa;GACb,SAAS;GACT;EACD;EACA,UAAU,CACT,EACC,cAAc,EAAE,EAChB,CACD;EACD,SAAS,CACR,EACC,KAAK,QAAQ,KACb,CACD;EACD,MAAM,CACL;GACC,MAAM;GACN,aACC;GACD,CACD;EACD;EACA;;AAIF,MAAa,WACZ,cACA,WAMI;;;;;;;;;;;;;MAaC,KAAK,UAAU,aAAa,CAAC;;;;eAIpB,QAAQ,OAAO,2BAA2B,mBAAmB,OAAO,KAAK,KAAK,OAAU;cACzF,QAAQ,SAAS,SAAS;;YAE5B,QAAQ,SAAS,qBAAqB;kBAChC,QAAQ,eAAe,uBAAuB"}

package/dist/to-response.cjs

@@ -11,29 +11,97 @@ function isJSONSerializable(value) {
 	if (value.buffer) return false;
 	return value.constructor && value.constructor.name === "Object" || typeof value.toJSON === "function";
 }
-function safeStringify(obj, replacer, space) {
+function safeStringify(obj) {
+	const parents = /* @__PURE__ */ new WeakMap();
+	const ids = /* @__PURE__ */ new WeakMap();
 	let id = 0;
-	const seen = /* @__PURE__ */ new WeakMap();
-	const safeReplacer = (key, value) => {
+	const isAncestor = (value, holder) => {
+		let curr = holder;
+		while (curr) {
+			if (curr === value) return true;
+			curr = parents.get(curr);
+		}
+		return false;
+	};
+	return JSON.stringify(obj, function(_key, value) {
 		if (typeof value === "bigint") return value.toString();
 		if (typeof value === "object" && value !== null) {
-			if (seen.has(value)) return `[Circular ref-${seen.get(value)}]`;
-			seen.set(value, id++);
+			if (isAncestor(value, this)) return `[Circular ref-${ids.get(value)}]`;
+			parents.set(value, this);
+			if (!ids.has(value)) ids.set(value, id++);
 		}
-		if (replacer) return replacer(key, value);
 		return value;
-	};
-	return JSON.stringify(obj, safeReplacer, space);
+	});
 }
 function isJSONResponse(value) {
 	if (!value || typeof value !== "object") return false;
 	return "_flag" in value && value._flag === "json";
 }
+/**
+* Headers that MUST be stripped when building an HTTP response from
+* arbitrary header input. These are request-only, hop-by-hop, or
+* transport-managed headers that cause protocol violations when present
+* on responses (e.g. Content-Length mismatch → net::ERR_CONTENT_LENGTH_MISMATCH).
+*
+* Sources:
+*   - RFC 9110 §10.1   (Request Context Fields)
+*   - RFC 9110 §7.6.1  (Connection / hop-by-hop)
+*   - RFC 9110 §11.6-7 (Authentication credentials)
+*   - RFC 9110 §12.5   (Content negotiation)
+*   - RFC 9110 §13.1   (Conditional request headers)
+*   - RFC 9110 §14.2   (Range requests)
+*   - RFC 6265 §5.4    (Cookie)
+*   - RFC 6454         (Origin)
+*/
+const REQUEST_ONLY_HEADERS = new Set([
+	"host",
+	"user-agent",
+	"referer",
+	"from",
+	"expect",
+	"authorization",
+	"proxy-authorization",
+	"cookie",
+	"origin",
+	"accept-charset",
+	"accept-encoding",
+	"accept-language",
+	"if-match",
+	"if-none-match",
+	"if-modified-since",
+	"if-unmodified-since",
+	"if-range",
+	"range",
+	"max-forwards",
+	"connection",
+	"keep-alive",
+	"transfer-encoding",
+	"te",
+	"upgrade",
+	"trailer",
+	"proxy-connection",
+	"content-length"
+]);
+function stripRequestOnlyHeaders(headers) {
+	for (const name of REQUEST_ONLY_HEADERS) headers.delete(name);
+}
+/**
+* Copy headers from `source` into `target`. `Set-Cookie` is appended (one
+* header per cookie) because RFC 9110 §5.3 notes it cannot be combined
+* into a single comma-separated value; other headers are set (replace).
+*/
+function copyHeaders(target, source) {
+	if (!source) return;
+	for (const [key, value] of new Headers(source).entries()) if (key.toLowerCase() === "set-cookie") target.append(key, value);
+	else target.set(key, value);
+}
 function toResponse(data, init) {
 	if (data instanceof Response) {
-		if (init?.headers instanceof Headers) init.headers.forEach((value, key) => {
-			data.headers.set(key, value);
-		});
+		if (init?.headers) {
+			const safeHeaders = new Headers(init.headers);
+			stripRequestOnlyHeaders(safeHeaders);
+			copyHeaders(data.headers, safeHeaders);
+		}
 		return data;
 	}
 	if (isJSONResponse(data)) {
@@ -41,12 +109,13 @@ function toResponse(data, init) {
 		const routerResponse = data.routerResponse;
 		if (routerResponse instanceof Response) return routerResponse;
 		const headers = new Headers();
-		if (routerResponse?.headers) {
-			const headers = new Headers(routerResponse.headers);
-			for (const [key, value] of headers.entries()) headers.set(key, value);
+		copyHeaders(headers, routerResponse?.headers);
+		copyHeaders(headers, data.headers);
+		if (init?.headers) {
+			const safeHeaders = new Headers(init.headers);
+			stripRequestOnlyHeaders(safeHeaders);
+			copyHeaders(headers, safeHeaders);
 		}
-		if (data.headers) for (const [key, value] of new Headers(data.headers).entries()) headers.set(key, value);
-		if (init?.headers) for (const [key, value] of new Headers(init.headers).entries()) headers.set(key, value);
 		headers.set("Content-Type", "application/json");
 		return new Response(JSON.stringify(body), {
 			...routerResponse,
@@ -61,7 +130,8 @@ function toResponse(data, init) {
 		headers: init?.headers || data.headers
 	});
 	let body = data;
-	let headers = new Headers(init?.headers);
+	const headers = new Headers(init?.headers);
+	stripRequestOnlyHeaders(headers);
 	if (!data) {
 		if (data === null) body = JSON.stringify(null);
 		headers.set("content-type", "application/json");

package/dist/to-response.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"to-response.cjs","names":["isAPIError"],"sources":["../src/to-response.ts"],"sourcesContent":["import { APIError } from \"./error\";\nimport { isAPIError } from \"./utils\";\n\nfunction isJSONSerializable(value: any) {\n\tif (value === undefined) {\n\t\treturn false;\n\t}\n\tconst t = typeof value;\n\tif (t === \"string\" || t === \"number\" || t === \"boolean\" || t === null) {\n\t\treturn true;\n\t}\n\tif (t !== \"object\") {\n\t\treturn false;\n\t}\n\tif (Array.isArray(value)) {\n\t\treturn true;\n\t}\n\tif (value.buffer) {\n\t\treturn false;\n\t}\n\treturn (\n\t\t(value.constructor && value.constructor.name === \"Object\") ||\n\t\ttypeof value.toJSON === \"function\"\n\t);\n}\n\nfunction safeStringify(\n\tobj: any,\n\treplacer?: (key: string, value: any) => any,\n\tspace?: string | number,\n): string {\n\tlet id = 0;\n\tconst seen = new WeakMap<object, number>(); // ref -> counter\n\n\tconst safeReplacer = (key: string, value: any) => {\n\t\t// Handle bigint first\n\t\tif (typeof value === \"bigint\") {\n\t\t\treturn value.toString();\n\t\t}\n\n\t\t// Then handle circular references\n\t\tif (typeof value === \"object\" && value !== null) {\n\t\t\tif (seen.has(value)) {\n\t\t\t\treturn `[Circular ref-${seen.get(value)}]`;\n\t\t\t}\n\t\t\tseen.set(value, id++);\n\t\t}\n\n\t\t// Finally apply any custom replacer\n\t\tif (replacer) {\n\t\t\treturn replacer(key, value);\n\t\t}\n\n\t\treturn value;\n\t};\n\n\treturn JSON.stringify(obj, safeReplacer, space);\n}\n\nexport type JSONResponse = {\n\tbody: Record<string, any>;\n\trouterResponse: ResponseInit | undefined;\n\tstatus?: number;\n\theaders?: Record<string, string> | Headers;\n\t_flag: \"json\";\n};\n\nfunction isJSONResponse(value: any): value is JSONResponse {\n\tif (!value || typeof value !== \"object\") {\n\t\treturn false;\n\t}\n\treturn \"_flag\" in value && value._flag === \"json\";\n}\n\nexport function toResponse(data?: any, init?: ResponseInit): Response {\n\tif (data instanceof Response) {\n\t\tif (init?.headers instanceof Headers) {\n\t\t\tinit.headers.forEach((value, key) => {\n\t\t\t\tdata.headers.set(key, value);\n\t\t\t});\n\t\t}\n\t\treturn data;\n\t}\n\tconst isJSON = isJSONResponse(data);\n\tif (isJSON) {\n\t\tconst body = data.body;\n\t\tconst routerResponse = data.routerResponse;\n\t\tif (routerResponse instanceof Response) {\n\t\t\treturn routerResponse;\n\t\t}\n\t\tconst headers = new Headers();\n\t\tif (routerResponse?.headers) {\n\t\t\tconst headers = new Headers(routerResponse.headers);\n\t\t\tfor (const [key, value] of headers.entries()) {\n\t\t\t\theaders.set(key, value);\n\t\t\t}\n\t\t}\n\t\tif (data.headers) {\n\t\t\tfor (const [key, value] of new Headers(data.headers).entries()) {\n\t\t\t\theaders.set(key, value);\n\t\t\t}\n\t\t}\n\t\tif (init?.headers) {\n\t\t\tfor (const [key, value] of new Headers(init.headers).entries()) {\n\t\t\t\theaders.set(key, value);\n\t\t\t}\n\t\t}\n\n\t\theaders.set(\"Content-Type\", \"application/json\");\n\t\treturn new Response(JSON.stringify(body), {\n\t\t\t...routerResponse,\n\t\t\theaders,\n\t\t\tstatus: data.status ?? init?.status ?? routerResponse?.status,\n\t\t\tstatusText: init?.statusText ?? routerResponse?.statusText,\n\t\t});\n\t}\n\tif (isAPIError(data)) {\n\t\treturn toResponse(data.body, {\n\t\t\tstatus: init?.status ?? data.statusCode,\n\t\t\tstatusText: data.status.toString(),\n\t\t\theaders: init?.headers || data.headers,\n\t\t});\n\t}\n\tlet body = data;\n\tlet headers = new Headers(init?.headers);\n\tif (!data) {\n\t\tif (data === null) {\n\t\t\tbody = JSON.stringify(null);\n\t\t}\n\t\theaders.set(\"content-type\", \"application/json\");\n\t} else if (typeof data === \"string\") {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", \"text/plain\");\n\t} else if (data instanceof ArrayBuffer || ArrayBuffer.isView(data)) {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", \"application/octet-stream\");\n\t} else if (data instanceof Blob) {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", data.type || \"application/octet-stream\");\n\t} else if (data instanceof FormData) {\n\t\tbody = data;\n\t} else if (data instanceof URLSearchParams) {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", \"application/x-www-form-urlencoded\");\n\t} else if (data instanceof ReadableStream) {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", \"application/octet-stream\");\n\t} else if (isJSONSerializable(data)) {\n\t\tbody = safeStringify(data);\n\t\theaders.set(\"Content-Type\", \"application/json\");\n\t}\n\n\treturn new Response(body, {\n\t\t...init,\n\t\theaders,\n\t});\n}\n"],"mappings":";;;;AAGA,SAAS,mBAAmB,OAAY;AACvC,KAAI,UAAU,OACb,QAAO;CAER,MAAM,IAAI,OAAO;AACjB,KAAI,MAAM,YAAY,MAAM,YAAY,MAAM,aAAa,MAAM,KAChE,QAAO;AAER,KAAI,MAAM,SACT,QAAO;AAER,KAAI,MAAM,QAAQ,MAAM,CACvB,QAAO;AAER,KAAI,MAAM,OACT,QAAO;AAER,QACE,MAAM,eAAe,MAAM,YAAY,SAAS,YACjD,OAAO,MAAM,WAAW;;AAI1B,SAAS,cACR,KACA,UACA,OACS;CACT,IAAI,KAAK;CACT,MAAM,uBAAO,IAAI,SAAyB;CAE1C,MAAM,gBAAgB,KAAa,UAAe;AAEjD,MAAI,OAAO,UAAU,SACpB,QAAO,MAAM,UAAU;AAIxB,MAAI,OAAO,UAAU,YAAY,UAAU,MAAM;AAChD,OAAI,KAAK,IAAI,MAAM,CAClB,QAAO,iBAAiB,KAAK,IAAI,MAAM,CAAC;AAEzC,QAAK,IAAI,OAAO,KAAK;;AAItB,MAAI,SACH,QAAO,SAAS,KAAK,MAAM;AAG5B,SAAO;;AAGR,QAAO,KAAK,UAAU,KAAK,cAAc,MAAM;;AAWhD,SAAS,eAAe,OAAmC;AAC1D,KAAI,CAAC,SAAS,OAAO,UAAU,SAC9B,QAAO;AAER,QAAO,WAAW,SAAS,MAAM,UAAU;;AAG5C,SAAgB,WAAW,MAAY,MAA+B;AACrE,KAAI,gBAAgB,UAAU;AAC7B,MAAI,MAAM,mBAAmB,QAC5B,MAAK,QAAQ,SAAS,OAAO,QAAQ;AACpC,QAAK,QAAQ,IAAI,KAAK,MAAM;IAC3B;AAEH,SAAO;;AAGR,KADe,eAAe,KAAK,EACvB;EACX,MAAM,OAAO,KAAK;EAClB,MAAM,iBAAiB,KAAK;AAC5B,MAAI,0BAA0B,SAC7B,QAAO;EAER,MAAM,UAAU,IAAI,SAAS;AAC7B,MAAI,gBAAgB,SAAS;GAC5B,MAAM,UAAU,IAAI,QAAQ,eAAe,QAAQ;AACnD,QAAK,MAAM,CAAC,KAAK,UAAU,QAAQ,SAAS,CAC3C,SAAQ,IAAI,KAAK,MAAM;;AAGzB,MAAI,KAAK,QACR,MAAK,MAAM,CAAC,KAAK,UAAU,IAAI,QAAQ,KAAK,QAAQ,CAAC,SAAS,CAC7D,SAAQ,IAAI,KAAK,MAAM;AAGzB,MAAI,MAAM,QACT,MAAK,MAAM,CAAC,KAAK,UAAU,IAAI,QAAQ,KAAK,QAAQ,CAAC,SAAS,CAC7D,SAAQ,IAAI,KAAK,MAAM;AAIzB,UAAQ,IAAI,gBAAgB,mBAAmB;AAC/C,SAAO,IAAI,SAAS,KAAK,UAAU,KAAK,EAAE;GACzC,GAAG;GACH;GACA,QAAQ,KAAK,UAAU,MAAM,UAAU,gBAAgB;GACvD,YAAY,MAAM,cAAc,gBAAgB;GAChD,CAAC;;AAEH,KAAIA,yBAAW,KAAK,CACnB,QAAO,WAAW,KAAK,MAAM;EAC5B,QAAQ,MAAM,UAAU,KAAK;EAC7B,YAAY,KAAK,OAAO,UAAU;EAClC,SAAS,MAAM,WAAW,KAAK;EAC/B,CAAC;CAEH,IAAI,OAAO;CACX,IAAI,UAAU,IAAI,QAAQ,MAAM,QAAQ;AACxC,KAAI,CAAC,MAAM;AACV,MAAI,SAAS,KACZ,QAAO,KAAK,UAAU,KAAK;AAE5B,UAAQ,IAAI,gBAAgB,mBAAmB;YACrC,OAAO,SAAS,UAAU;AACpC,SAAO;AACP,UAAQ,IAAI,gBAAgB,aAAa;YAC/B,gBAAgB,eAAe,YAAY,OAAO,KAAK,EAAE;AACnE,SAAO;AACP,UAAQ,IAAI,gBAAgB,2BAA2B;YAC7C,gBAAgB,MAAM;AAChC,SAAO;AACP,UAAQ,IAAI,gBAAgB,KAAK,QAAQ,2BAA2B;YAC1D,gBAAgB,SAC1B,QAAO;UACG,gBAAgB,iBAAiB;AAC3C,SAAO;AACP,UAAQ,IAAI,gBAAgB,oCAAoC;YACtD,gBAAgB,gBAAgB;AAC1C,SAAO;AACP,UAAQ,IAAI,gBAAgB,2BAA2B;YAC7C,mBAAmB,KAAK,EAAE;AACpC,SAAO,cAAc,KAAK;AAC1B,UAAQ,IAAI,gBAAgB,mBAAmB;;AAGhD,QAAO,IAAI,SAAS,MAAM;EACzB,GAAG;EACH;EACA,CAAC"}
+{"version":3,"file":"to-response.cjs","names":["isAPIError"],"sources":["../src/to-response.ts"],"sourcesContent":["import { APIError } from \"./error\";\nimport { isAPIError } from \"./utils\";\n\nfunction isJSONSerializable(value: any) {\n\tif (value === undefined) {\n\t\treturn false;\n\t}\n\tconst t = typeof value;\n\tif (t === \"string\" || t === \"number\" || t === \"boolean\" || t === null) {\n\t\treturn true;\n\t}\n\tif (t !== \"object\") {\n\t\treturn false;\n\t}\n\tif (Array.isArray(value)) {\n\t\treturn true;\n\t}\n\tif (value.buffer) {\n\t\treturn false;\n\t}\n\treturn (\n\t\t(value.constructor && value.constructor.name === \"Object\") ||\n\t\ttypeof value.toJSON === \"function\"\n\t);\n}\n\nfunction safeStringify(obj: unknown): string {\n\tconst parents = new WeakMap<object, object>();\n\tconst ids = new WeakMap<object, number>();\n\tlet id = 0;\n\n\tconst isAncestor = (value: object, holder: object): boolean => {\n\t\tlet curr: object | undefined = holder;\n\t\twhile (curr) {\n\t\t\tif (curr === value) return true;\n\t\t\tcurr = parents.get(curr);\n\t\t}\n\t\treturn false;\n\t};\n\n\treturn JSON.stringify(obj, function (this: any, _key, value) {\n\t\tif (typeof value === \"bigint\") return value.toString();\n\t\tif (typeof value === \"object\" && value !== null) {\n\t\t\tif (isAncestor(value, this)) {\n\t\t\t\treturn `[Circular ref-${ids.get(value)}]`;\n\t\t\t}\n\t\t\tparents.set(value, this);\n\t\t\tif (!ids.has(value)) ids.set(value, id++);\n\t\t}\n\t\treturn value;\n\t});\n}\n\nexport type JSONResponse = {\n\tbody: Record<string, any>;\n\trouterResponse: ResponseInit | undefined;\n\tstatus?: number;\n\theaders?: Record<string, string> | Headers;\n\t_flag: \"json\";\n};\n\nfunction isJSONResponse(value: any): value is JSONResponse {\n\tif (!value || typeof value !== \"object\") {\n\t\treturn false;\n\t}\n\treturn \"_flag\" in value && value._flag === \"json\";\n}\n\n/**\n * Headers that MUST be stripped when building an HTTP response from\n * arbitrary header input. These are request-only, hop-by-hop, or\n * transport-managed headers that cause protocol violations when present\n * on responses (e.g. Content-Length mismatch → net::ERR_CONTENT_LENGTH_MISMATCH).\n *\n * Sources:\n *   - RFC 9110 §10.1   (Request Context Fields)\n *   - RFC 9110 §7.6.1  (Connection / hop-by-hop)\n *   - RFC 9110 §11.6-7 (Authentication credentials)\n *   - RFC 9110 §12.5   (Content negotiation)\n *   - RFC 9110 §13.1   (Conditional request headers)\n *   - RFC 9110 §14.2   (Range requests)\n *   - RFC 6265 §5.4    (Cookie)\n *   - RFC 6454         (Origin)\n */\nconst REQUEST_ONLY_HEADERS = new Set([\n\t// Request context (RFC 9110 §10.1)\n\t\"host\", // §7.2\n\t\"user-agent\", // §10.1.5\n\t\"referer\", // §10.1.3\n\t\"from\", // §10.1.2\n\t\"expect\", // §10.1.1\n\n\t// Authentication credentials (RFC 9110 §11.6-7)\n\t\"authorization\", // §11.6.2\n\t\"proxy-authorization\", // §11.7.2\n\t\"cookie\", // RFC 6265 §5.4\n\t\"origin\", // RFC 6454\n\n\t// Content negotiation (RFC 9110 §12.5)\n\t\"accept-charset\", // §12.5.2 (deprecated)\n\t\"accept-encoding\", // §12.5.3\n\t\"accept-language\", // §12.5.4\n\n\t// Conditional requests (RFC 9110 §13.1)\n\t\"if-match\", // §13.1.1\n\t\"if-none-match\", // §13.1.2\n\t\"if-modified-since\", // §13.1.3\n\t\"if-unmodified-since\", // §13.1.4\n\t\"if-range\", // §13.1.5\n\n\t// Range requests (RFC 9110 §14.2)\n\t\"range\", // §14.2\n\n\t// Forwarding control (RFC 9110 §7.6)\n\t\"max-forwards\", // §7.6.2\n\n\t// Hop-by-hop (RFC 9110 §7.6.1)\n\t\"connection\", // §7.6.1\n\t\"keep-alive\",\n\t\"transfer-encoding\",\n\t\"te\", // §10.1.4\n\t\"upgrade\",\n\t\"trailer\",\n\t\"proxy-connection\", // non-standard\n\n\t// Valid on responses but WRONG if copied from request (RFC 9110 §8.6)\n\t\"content-length\",\n]);\n\nfunction stripRequestOnlyHeaders(headers: Headers): void {\n\tfor (const name of REQUEST_ONLY_HEADERS) {\n\t\theaders.delete(name);\n\t}\n}\n\n/**\n * Copy headers from `source` into `target`. `Set-Cookie` is appended (one\n * header per cookie) because RFC 9110 §5.3 notes it cannot be combined\n * into a single comma-separated value; other headers are set (replace).\n */\nfunction copyHeaders(target: Headers, source: HeadersInit | undefined): void {\n\tif (!source) return;\n\tfor (const [key, value] of new Headers(source).entries()) {\n\t\tif (key.toLowerCase() === \"set-cookie\") {\n\t\t\ttarget.append(key, value);\n\t\t} else {\n\t\t\ttarget.set(key, value);\n\t\t}\n\t}\n}\n\nexport function toResponse(data?: any, init?: ResponseInit): Response {\n\tif (data instanceof Response) {\n\t\tif (init?.headers) {\n\t\t\tconst safeHeaders = new Headers(init.headers);\n\t\t\tstripRequestOnlyHeaders(safeHeaders);\n\t\t\tcopyHeaders(data.headers, safeHeaders);\n\t\t}\n\t\treturn data;\n\t}\n\tconst isJSON = isJSONResponse(data);\n\tif (isJSON) {\n\t\tconst body = data.body;\n\t\tconst routerResponse = data.routerResponse;\n\t\tif (routerResponse instanceof Response) {\n\t\t\treturn routerResponse;\n\t\t}\n\t\tconst headers = new Headers();\n\t\tcopyHeaders(headers, routerResponse?.headers);\n\t\tcopyHeaders(headers, data.headers);\n\t\tif (init?.headers) {\n\t\t\tconst safeHeaders = new Headers(init.headers);\n\t\t\tstripRequestOnlyHeaders(safeHeaders);\n\t\t\tcopyHeaders(headers, safeHeaders);\n\t\t}\n\n\t\theaders.set(\"Content-Type\", \"application/json\");\n\t\treturn new Response(JSON.stringify(body), {\n\t\t\t...routerResponse,\n\t\t\theaders,\n\t\t\tstatus: data.status ?? init?.status ?? routerResponse?.status,\n\t\t\tstatusText: init?.statusText ?? routerResponse?.statusText,\n\t\t});\n\t}\n\tif (isAPIError(data)) {\n\t\treturn toResponse(data.body, {\n\t\t\tstatus: init?.status ?? data.statusCode,\n\t\t\tstatusText: data.status.toString(),\n\t\t\theaders: init?.headers || data.headers,\n\t\t});\n\t}\n\tlet body = data;\n\tconst headers = new Headers(init?.headers);\n\tstripRequestOnlyHeaders(headers);\n\tif (!data) {\n\t\tif (data === null) {\n\t\t\tbody = JSON.stringify(null);\n\t\t}\n\t\theaders.set(\"content-type\", \"application/json\");\n\t} else if (typeof data === \"string\") {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", \"text/plain\");\n\t} else if (data instanceof ArrayBuffer || ArrayBuffer.isView(data)) {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", \"application/octet-stream\");\n\t} else if (data instanceof Blob) {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", data.type || \"application/octet-stream\");\n\t} else if (data instanceof FormData) {\n\t\tbody = data;\n\t} else if (data instanceof URLSearchParams) {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", \"application/x-www-form-urlencoded\");\n\t} else if (data instanceof ReadableStream) {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", \"application/octet-stream\");\n\t} else if (isJSONSerializable(data)) {\n\t\tbody = safeStringify(data);\n\t\theaders.set(\"Content-Type\", \"application/json\");\n\t}\n\n\treturn new Response(body, {\n\t\t...init,\n\t\theaders,\n\t});\n}\n"],"mappings":";;;;AAGA,SAAS,mBAAmB,OAAY;AACvC,KAAI,UAAU,OACb,QAAO;CAER,MAAM,IAAI,OAAO;AACjB,KAAI,MAAM,YAAY,MAAM,YAAY,MAAM,aAAa,MAAM,KAChE,QAAO;AAER,KAAI,MAAM,SACT,QAAO;AAER,KAAI,MAAM,QAAQ,MAAM,CACvB,QAAO;AAER,KAAI,MAAM,OACT,QAAO;AAER,QACE,MAAM,eAAe,MAAM,YAAY,SAAS,YACjD,OAAO,MAAM,WAAW;;AAI1B,SAAS,cAAc,KAAsB;CAC5C,MAAM,0BAAU,IAAI,SAAyB;CAC7C,MAAM,sBAAM,IAAI,SAAyB;CACzC,IAAI,KAAK;CAET,MAAM,cAAc,OAAe,WAA4B;EAC9D,IAAI,OAA2B;AAC/B,SAAO,MAAM;AACZ,OAAI,SAAS,MAAO,QAAO;AAC3B,UAAO,QAAQ,IAAI,KAAK;;AAEzB,SAAO;;AAGR,QAAO,KAAK,UAAU,KAAK,SAAqB,MAAM,OAAO;AAC5D,MAAI,OAAO,UAAU,SAAU,QAAO,MAAM,UAAU;AACtD,MAAI,OAAO,UAAU,YAAY,UAAU,MAAM;AAChD,OAAI,WAAW,OAAO,KAAK,CAC1B,QAAO,iBAAiB,IAAI,IAAI,MAAM,CAAC;AAExC,WAAQ,IAAI,OAAO,KAAK;AACxB,OAAI,CAAC,IAAI,IAAI,MAAM,CAAE,KAAI,IAAI,OAAO,KAAK;;AAE1C,SAAO;GACN;;AAWH,SAAS,eAAe,OAAmC;AAC1D,KAAI,CAAC,SAAS,OAAO,UAAU,SAC9B,QAAO;AAER,QAAO,WAAW,SAAS,MAAM,UAAU;;;;;;;;;;;;;;;;;;AAmB5C,MAAM,uBAAuB,IAAI,IAAI;CAEpC;CACA;CACA;CACA;CACA;CAGA;CACA;CACA;CACA;CAGA;CACA;CACA;CAGA;CACA;CACA;CACA;CACA;CAGA;CAGA;CAGA;CACA;CACA;CACA;CACA;CACA;CACA;CAGA;CACA,CAAC;AAEF,SAAS,wBAAwB,SAAwB;AACxD,MAAK,MAAM,QAAQ,qBAClB,SAAQ,OAAO,KAAK;;;;;;;AAStB,SAAS,YAAY,QAAiB,QAAuC;AAC5E,KAAI,CAAC,OAAQ;AACb,MAAK,MAAM,CAAC,KAAK,UAAU,IAAI,QAAQ,OAAO,CAAC,SAAS,CACvD,KAAI,IAAI,aAAa,KAAK,aACzB,QAAO,OAAO,KAAK,MAAM;KAEzB,QAAO,IAAI,KAAK,MAAM;;AAKzB,SAAgB,WAAW,MAAY,MAA+B;AACrE,KAAI,gBAAgB,UAAU;AAC7B,MAAI,MAAM,SAAS;GAClB,MAAM,cAAc,IAAI,QAAQ,KAAK,QAAQ;AAC7C,2BAAwB,YAAY;AACpC,eAAY,KAAK,SAAS,YAAY;;AAEvC,SAAO;;AAGR,KADe,eAAe,KAAK,EACvB;EACX,MAAM,OAAO,KAAK;EAClB,MAAM,iBAAiB,KAAK;AAC5B,MAAI,0BAA0B,SAC7B,QAAO;EAER,MAAM,UAAU,IAAI,SAAS;AAC7B,cAAY,SAAS,gBAAgB,QAAQ;AAC7C,cAAY,SAAS,KAAK,QAAQ;AAClC,MAAI,MAAM,SAAS;GAClB,MAAM,cAAc,IAAI,QAAQ,KAAK,QAAQ;AAC7C,2BAAwB,YAAY;AACpC,eAAY,SAAS,YAAY;;AAGlC,UAAQ,IAAI,gBAAgB,mBAAmB;AAC/C,SAAO,IAAI,SAAS,KAAK,UAAU,KAAK,EAAE;GACzC,GAAG;GACH;GACA,QAAQ,KAAK,UAAU,MAAM,UAAU,gBAAgB;GACvD,YAAY,MAAM,cAAc,gBAAgB;GAChD,CAAC;;AAEH,KAAIA,yBAAW,KAAK,CACnB,QAAO,WAAW,KAAK,MAAM;EAC5B,QAAQ,MAAM,UAAU,KAAK;EAC7B,YAAY,KAAK,OAAO,UAAU;EAClC,SAAS,MAAM,WAAW,KAAK;EAC/B,CAAC;CAEH,IAAI,OAAO;CACX,MAAM,UAAU,IAAI,QAAQ,MAAM,QAAQ;AAC1C,yBAAwB,QAAQ;AAChC,KAAI,CAAC,MAAM;AACV,MAAI,SAAS,KACZ,QAAO,KAAK,UAAU,KAAK;AAE5B,UAAQ,IAAI,gBAAgB,mBAAmB;YACrC,OAAO,SAAS,UAAU;AACpC,SAAO;AACP,UAAQ,IAAI,gBAAgB,aAAa;YAC/B,gBAAgB,eAAe,YAAY,OAAO,KAAK,EAAE;AACnE,SAAO;AACP,UAAQ,IAAI,gBAAgB,2BAA2B;YAC7C,gBAAgB,MAAM;AAChC,SAAO;AACP,UAAQ,IAAI,gBAAgB,KAAK,QAAQ,2BAA2B;YAC1D,gBAAgB,SAC1B,QAAO;UACG,gBAAgB,iBAAiB;AAC3C,SAAO;AACP,UAAQ,IAAI,gBAAgB,oCAAoC;YACtD,gBAAgB,gBAAgB;AAC1C,SAAO;AACP,UAAQ,IAAI,gBAAgB,2BAA2B;YAC7C,mBAAmB,KAAK,EAAE;AACpC,SAAO,cAAc,KAAK;AAC1B,UAAQ,IAAI,gBAAgB,mBAAmB;;AAGhD,QAAO,IAAI,SAAS,MAAM;EACzB,GAAG;EACH;EACA,CAAC"}

package/dist/to-response.mjs

@@ -11,29 +11,97 @@ function isJSONSerializable(value) {
 	if (value.buffer) return false;
 	return value.constructor && value.constructor.name === "Object" || typeof value.toJSON === "function";
 }
-function safeStringify(obj, replacer, space) {
+function safeStringify(obj) {
+	const parents = /* @__PURE__ */ new WeakMap();
+	const ids = /* @__PURE__ */ new WeakMap();
 	let id = 0;
-	const seen = /* @__PURE__ */ new WeakMap();
-	const safeReplacer = (key, value) => {
+	const isAncestor = (value, holder) => {
+		let curr = holder;
+		while (curr) {
+			if (curr === value) return true;
+			curr = parents.get(curr);
+		}
+		return false;
+	};
+	return JSON.stringify(obj, function(_key, value) {
 		if (typeof value === "bigint") return value.toString();
 		if (typeof value === "object" && value !== null) {
-			if (seen.has(value)) return `[Circular ref-${seen.get(value)}]`;
-			seen.set(value, id++);
+			if (isAncestor(value, this)) return `[Circular ref-${ids.get(value)}]`;
+			parents.set(value, this);
+			if (!ids.has(value)) ids.set(value, id++);
 		}
-		if (replacer) return replacer(key, value);
 		return value;
-	};
-	return JSON.stringify(obj, safeReplacer, space);
+	});
 }
 function isJSONResponse(value) {
 	if (!value || typeof value !== "object") return false;
 	return "_flag" in value && value._flag === "json";
 }
+/**
+* Headers that MUST be stripped when building an HTTP response from
+* arbitrary header input. These are request-only, hop-by-hop, or
+* transport-managed headers that cause protocol violations when present
+* on responses (e.g. Content-Length mismatch → net::ERR_CONTENT_LENGTH_MISMATCH).
+*
+* Sources:
+*   - RFC 9110 §10.1   (Request Context Fields)
+*   - RFC 9110 §7.6.1  (Connection / hop-by-hop)
+*   - RFC 9110 §11.6-7 (Authentication credentials)
+*   - RFC 9110 §12.5   (Content negotiation)
+*   - RFC 9110 §13.1   (Conditional request headers)
+*   - RFC 9110 §14.2   (Range requests)
+*   - RFC 6265 §5.4    (Cookie)
+*   - RFC 6454         (Origin)
+*/
+const REQUEST_ONLY_HEADERS = new Set([
+	"host",
+	"user-agent",
+	"referer",
+	"from",
+	"expect",
+	"authorization",
+	"proxy-authorization",
+	"cookie",
+	"origin",
+	"accept-charset",
+	"accept-encoding",
+	"accept-language",
+	"if-match",
+	"if-none-match",
+	"if-modified-since",
+	"if-unmodified-since",
+	"if-range",
+	"range",
+	"max-forwards",
+	"connection",
+	"keep-alive",
+	"transfer-encoding",
+	"te",
+	"upgrade",
+	"trailer",
+	"proxy-connection",
+	"content-length"
+]);
+function stripRequestOnlyHeaders(headers) {
+	for (const name of REQUEST_ONLY_HEADERS) headers.delete(name);
+}
+/**
+* Copy headers from `source` into `target`. `Set-Cookie` is appended (one
+* header per cookie) because RFC 9110 §5.3 notes it cannot be combined
+* into a single comma-separated value; other headers are set (replace).
+*/
+function copyHeaders(target, source) {
+	if (!source) return;
+	for (const [key, value] of new Headers(source).entries()) if (key.toLowerCase() === "set-cookie") target.append(key, value);
+	else target.set(key, value);
+}
 function toResponse(data, init) {
 	if (data instanceof Response) {
-		if (init?.headers instanceof Headers) init.headers.forEach((value, key) => {
-			data.headers.set(key, value);
-		});
+		if (init?.headers) {
+			const safeHeaders = new Headers(init.headers);
+			stripRequestOnlyHeaders(safeHeaders);
+			copyHeaders(data.headers, safeHeaders);
+		}
 		return data;
 	}
 	if (isJSONResponse(data)) {
@@ -41,12 +109,13 @@ function toResponse(data, init) {
 		const routerResponse = data.routerResponse;
 		if (routerResponse instanceof Response) return routerResponse;
 		const headers = new Headers();
-		if (routerResponse?.headers) {
-			const headers = new Headers(routerResponse.headers);
-			for (const [key, value] of headers.entries()) headers.set(key, value);
+		copyHeaders(headers, routerResponse?.headers);
+		copyHeaders(headers, data.headers);
+		if (init?.headers) {
+			const safeHeaders = new Headers(init.headers);
+			stripRequestOnlyHeaders(safeHeaders);
+			copyHeaders(headers, safeHeaders);
 		}
-		if (data.headers) for (const [key, value] of new Headers(data.headers).entries()) headers.set(key, value);
-		if (init?.headers) for (const [key, value] of new Headers(init.headers).entries()) headers.set(key, value);
 		headers.set("Content-Type", "application/json");
 		return new Response(JSON.stringify(body), {
 			...routerResponse,
@@ -61,7 +130,8 @@ function toResponse(data, init) {
 		headers: init?.headers || data.headers
 	});
 	let body = data;
-	let headers = new Headers(init?.headers);
+	const headers = new Headers(init?.headers);
+	stripRequestOnlyHeaders(headers);
 	if (!data) {
 		if (data === null) body = JSON.stringify(null);
 		headers.set("content-type", "application/json");

package/dist/to-response.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"to-response.mjs","names":[],"sources":["../src/to-response.ts"],"sourcesContent":["import { APIError } from \"./error\";\nimport { isAPIError } from \"./utils\";\n\nfunction isJSONSerializable(value: any) {\n\tif (value === undefined) {\n\t\treturn false;\n\t}\n\tconst t = typeof value;\n\tif (t === \"string\" || t === \"number\" || t === \"boolean\" || t === null) {\n\t\treturn true;\n\t}\n\tif (t !== \"object\") {\n\t\treturn false;\n\t}\n\tif (Array.isArray(value)) {\n\t\treturn true;\n\t}\n\tif (value.buffer) {\n\t\treturn false;\n\t}\n\treturn (\n\t\t(value.constructor && value.constructor.name === \"Object\") ||\n\t\ttypeof value.toJSON === \"function\"\n\t);\n}\n\nfunction safeStringify(\n\tobj: any,\n\treplacer?: (key: string, value: any) => any,\n\tspace?: string | number,\n): string {\n\tlet id = 0;\n\tconst seen = new WeakMap<object, number>(); // ref -> counter\n\n\tconst safeReplacer = (key: string, value: any) => {\n\t\t// Handle bigint first\n\t\tif (typeof value === \"bigint\") {\n\t\t\treturn value.toString();\n\t\t}\n\n\t\t// Then handle circular references\n\t\tif (typeof value === \"object\" && value !== null) {\n\t\t\tif (seen.has(value)) {\n\t\t\t\treturn `[Circular ref-${seen.get(value)}]`;\n\t\t\t}\n\t\t\tseen.set(value, id++);\n\t\t}\n\n\t\t// Finally apply any custom replacer\n\t\tif (replacer) {\n\t\t\treturn replacer(key, value);\n\t\t}\n\n\t\treturn value;\n\t};\n\n\treturn JSON.stringify(obj, safeReplacer, space);\n}\n\nexport type JSONResponse = {\n\tbody: Record<string, any>;\n\trouterResponse: ResponseInit | undefined;\n\tstatus?: number;\n\theaders?: Record<string, string> | Headers;\n\t_flag: \"json\";\n};\n\nfunction isJSONResponse(value: any): value is JSONResponse {\n\tif (!value || typeof value !== \"object\") {\n\t\treturn false;\n\t}\n\treturn \"_flag\" in value && value._flag === \"json\";\n}\n\nexport function toResponse(data?: any, init?: ResponseInit): Response {\n\tif (data instanceof Response) {\n\t\tif (init?.headers instanceof Headers) {\n\t\t\tinit.headers.forEach((value, key) => {\n\t\t\t\tdata.headers.set(key, value);\n\t\t\t});\n\t\t}\n\t\treturn data;\n\t}\n\tconst isJSON = isJSONResponse(data);\n\tif (isJSON) {\n\t\tconst body = data.body;\n\t\tconst routerResponse = data.routerResponse;\n\t\tif (routerResponse instanceof Response) {\n\t\t\treturn routerResponse;\n\t\t}\n\t\tconst headers = new Headers();\n\t\tif (routerResponse?.headers) {\n\t\t\tconst headers = new Headers(routerResponse.headers);\n\t\t\tfor (const [key, value] of headers.entries()) {\n\t\t\t\theaders.set(key, value);\n\t\t\t}\n\t\t}\n\t\tif (data.headers) {\n\t\t\tfor (const [key, value] of new Headers(data.headers).entries()) {\n\t\t\t\theaders.set(key, value);\n\t\t\t}\n\t\t}\n\t\tif (init?.headers) {\n\t\t\tfor (const [key, value] of new Headers(init.headers).entries()) {\n\t\t\t\theaders.set(key, value);\n\t\t\t}\n\t\t}\n\n\t\theaders.set(\"Content-Type\", \"application/json\");\n\t\treturn new Response(JSON.stringify(body), {\n\t\t\t...routerResponse,\n\t\t\theaders,\n\t\t\tstatus: data.status ?? init?.status ?? routerResponse?.status,\n\t\t\tstatusText: init?.statusText ?? routerResponse?.statusText,\n\t\t});\n\t}\n\tif (isAPIError(data)) {\n\t\treturn toResponse(data.body, {\n\t\t\tstatus: init?.status ?? data.statusCode,\n\t\t\tstatusText: data.status.toString(),\n\t\t\theaders: init?.headers || data.headers,\n\t\t});\n\t}\n\tlet body = data;\n\tlet headers = new Headers(init?.headers);\n\tif (!data) {\n\t\tif (data === null) {\n\t\t\tbody = JSON.stringify(null);\n\t\t}\n\t\theaders.set(\"content-type\", \"application/json\");\n\t} else if (typeof data === \"string\") {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", \"text/plain\");\n\t} else if (data instanceof ArrayBuffer || ArrayBuffer.isView(data)) {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", \"application/octet-stream\");\n\t} else if (data instanceof Blob) {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", data.type || \"application/octet-stream\");\n\t} else if (data instanceof FormData) {\n\t\tbody = data;\n\t} else if (data instanceof URLSearchParams) {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", \"application/x-www-form-urlencoded\");\n\t} else if (data instanceof ReadableStream) {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", \"application/octet-stream\");\n\t} else if (isJSONSerializable(data)) {\n\t\tbody = safeStringify(data);\n\t\theaders.set(\"Content-Type\", \"application/json\");\n\t}\n\n\treturn new Response(body, {\n\t\t...init,\n\t\theaders,\n\t});\n}\n"],"mappings":";;;;AAGA,SAAS,mBAAmB,OAAY;AACvC,KAAI,UAAU,OACb,QAAO;CAER,MAAM,IAAI,OAAO;AACjB,KAAI,MAAM,YAAY,MAAM,YAAY,MAAM,aAAa,MAAM,KAChE,QAAO;AAER,KAAI,MAAM,SACT,QAAO;AAER,KAAI,MAAM,QAAQ,MAAM,CACvB,QAAO;AAER,KAAI,MAAM,OACT,QAAO;AAER,QACE,MAAM,eAAe,MAAM,YAAY,SAAS,YACjD,OAAO,MAAM,WAAW;;AAI1B,SAAS,cACR,KACA,UACA,OACS;CACT,IAAI,KAAK;CACT,MAAM,uBAAO,IAAI,SAAyB;CAE1C,MAAM,gBAAgB,KAAa,UAAe;AAEjD,MAAI,OAAO,UAAU,SACpB,QAAO,MAAM,UAAU;AAIxB,MAAI,OAAO,UAAU,YAAY,UAAU,MAAM;AAChD,OAAI,KAAK,IAAI,MAAM,CAClB,QAAO,iBAAiB,KAAK,IAAI,MAAM,CAAC;AAEzC,QAAK,IAAI,OAAO,KAAK;;AAItB,MAAI,SACH,QAAO,SAAS,KAAK,MAAM;AAG5B,SAAO;;AAGR,QAAO,KAAK,UAAU,KAAK,cAAc,MAAM;;AAWhD,SAAS,eAAe,OAAmC;AAC1D,KAAI,CAAC,SAAS,OAAO,UAAU,SAC9B,QAAO;AAER,QAAO,WAAW,SAAS,MAAM,UAAU;;AAG5C,SAAgB,WAAW,MAAY,MAA+B;AACrE,KAAI,gBAAgB,UAAU;AAC7B,MAAI,MAAM,mBAAmB,QAC5B,MAAK,QAAQ,SAAS,OAAO,QAAQ;AACpC,QAAK,QAAQ,IAAI,KAAK,MAAM;IAC3B;AAEH,SAAO;;AAGR,KADe,eAAe,KAAK,EACvB;EACX,MAAM,OAAO,KAAK;EAClB,MAAM,iBAAiB,KAAK;AAC5B,MAAI,0BAA0B,SAC7B,QAAO;EAER,MAAM,UAAU,IAAI,SAAS;AAC7B,MAAI,gBAAgB,SAAS;GAC5B,MAAM,UAAU,IAAI,QAAQ,eAAe,QAAQ;AACnD,QAAK,MAAM,CAAC,KAAK,UAAU,QAAQ,SAAS,CAC3C,SAAQ,IAAI,KAAK,MAAM;;AAGzB,MAAI,KAAK,QACR,MAAK,MAAM,CAAC,KAAK,UAAU,IAAI,QAAQ,KAAK,QAAQ,CAAC,SAAS,CAC7D,SAAQ,IAAI,KAAK,MAAM;AAGzB,MAAI,MAAM,QACT,MAAK,MAAM,CAAC,KAAK,UAAU,IAAI,QAAQ,KAAK,QAAQ,CAAC,SAAS,CAC7D,SAAQ,IAAI,KAAK,MAAM;AAIzB,UAAQ,IAAI,gBAAgB,mBAAmB;AAC/C,SAAO,IAAI,SAAS,KAAK,UAAU,KAAK,EAAE;GACzC,GAAG;GACH;GACA,QAAQ,KAAK,UAAU,MAAM,UAAU,gBAAgB;GACvD,YAAY,MAAM,cAAc,gBAAgB;GAChD,CAAC;;AAEH,KAAI,WAAW,KAAK,CACnB,QAAO,WAAW,KAAK,MAAM;EAC5B,QAAQ,MAAM,UAAU,KAAK;EAC7B,YAAY,KAAK,OAAO,UAAU;EAClC,SAAS,MAAM,WAAW,KAAK;EAC/B,CAAC;CAEH,IAAI,OAAO;CACX,IAAI,UAAU,IAAI,QAAQ,MAAM,QAAQ;AACxC,KAAI,CAAC,MAAM;AACV,MAAI,SAAS,KACZ,QAAO,KAAK,UAAU,KAAK;AAE5B,UAAQ,IAAI,gBAAgB,mBAAmB;YACrC,OAAO,SAAS,UAAU;AACpC,SAAO;AACP,UAAQ,IAAI,gBAAgB,aAAa;YAC/B,gBAAgB,eAAe,YAAY,OAAO,KAAK,EAAE;AACnE,SAAO;AACP,UAAQ,IAAI,gBAAgB,2BAA2B;YAC7C,gBAAgB,MAAM;AAChC,SAAO;AACP,UAAQ,IAAI,gBAAgB,KAAK,QAAQ,2BAA2B;YAC1D,gBAAgB,SAC1B,QAAO;UACG,gBAAgB,iBAAiB;AAC3C,SAAO;AACP,UAAQ,IAAI,gBAAgB,oCAAoC;YACtD,gBAAgB,gBAAgB;AAC1C,SAAO;AACP,UAAQ,IAAI,gBAAgB,2BAA2B;YAC7C,mBAAmB,KAAK,EAAE;AACpC,SAAO,cAAc,KAAK;AAC1B,UAAQ,IAAI,gBAAgB,mBAAmB;;AAGhD,QAAO,IAAI,SAAS,MAAM;EACzB,GAAG;EACH;EACA,CAAC"}
+{"version":3,"file":"to-response.mjs","names":[],"sources":["../src/to-response.ts"],"sourcesContent":["import { APIError } from \"./error\";\nimport { isAPIError } from \"./utils\";\n\nfunction isJSONSerializable(value: any) {\n\tif (value === undefined) {\n\t\treturn false;\n\t}\n\tconst t = typeof value;\n\tif (t === \"string\" || t === \"number\" || t === \"boolean\" || t === null) {\n\t\treturn true;\n\t}\n\tif (t !== \"object\") {\n\t\treturn false;\n\t}\n\tif (Array.isArray(value)) {\n\t\treturn true;\n\t}\n\tif (value.buffer) {\n\t\treturn false;\n\t}\n\treturn (\n\t\t(value.constructor && value.constructor.name === \"Object\") ||\n\t\ttypeof value.toJSON === \"function\"\n\t);\n}\n\nfunction safeStringify(obj: unknown): string {\n\tconst parents = new WeakMap<object, object>();\n\tconst ids = new WeakMap<object, number>();\n\tlet id = 0;\n\n\tconst isAncestor = (value: object, holder: object): boolean => {\n\t\tlet curr: object | undefined = holder;\n\t\twhile (curr) {\n\t\t\tif (curr === value) return true;\n\t\t\tcurr = parents.get(curr);\n\t\t}\n\t\treturn false;\n\t};\n\n\treturn JSON.stringify(obj, function (this: any, _key, value) {\n\t\tif (typeof value === \"bigint\") return value.toString();\n\t\tif (typeof value === \"object\" && value !== null) {\n\t\t\tif (isAncestor(value, this)) {\n\t\t\t\treturn `[Circular ref-${ids.get(value)}]`;\n\t\t\t}\n\t\t\tparents.set(value, this);\n\t\t\tif (!ids.has(value)) ids.set(value, id++);\n\t\t}\n\t\treturn value;\n\t});\n}\n\nexport type JSONResponse = {\n\tbody: Record<string, any>;\n\trouterResponse: ResponseInit | undefined;\n\tstatus?: number;\n\theaders?: Record<string, string> | Headers;\n\t_flag: \"json\";\n};\n\nfunction isJSONResponse(value: any): value is JSONResponse {\n\tif (!value || typeof value !== \"object\") {\n\t\treturn false;\n\t}\n\treturn \"_flag\" in value && value._flag === \"json\";\n}\n\n/**\n * Headers that MUST be stripped when building an HTTP response from\n * arbitrary header input. These are request-only, hop-by-hop, or\n * transport-managed headers that cause protocol violations when present\n * on responses (e.g. Content-Length mismatch → net::ERR_CONTENT_LENGTH_MISMATCH).\n *\n * Sources:\n *   - RFC 9110 §10.1   (Request Context Fields)\n *   - RFC 9110 §7.6.1  (Connection / hop-by-hop)\n *   - RFC 9110 §11.6-7 (Authentication credentials)\n *   - RFC 9110 §12.5   (Content negotiation)\n *   - RFC 9110 §13.1   (Conditional request headers)\n *   - RFC 9110 §14.2   (Range requests)\n *   - RFC 6265 §5.4    (Cookie)\n *   - RFC 6454         (Origin)\n */\nconst REQUEST_ONLY_HEADERS = new Set([\n\t// Request context (RFC 9110 §10.1)\n\t\"host\", // §7.2\n\t\"user-agent\", // §10.1.5\n\t\"referer\", // §10.1.3\n\t\"from\", // §10.1.2\n\t\"expect\", // §10.1.1\n\n\t// Authentication credentials (RFC 9110 §11.6-7)\n\t\"authorization\", // §11.6.2\n\t\"proxy-authorization\", // §11.7.2\n\t\"cookie\", // RFC 6265 §5.4\n\t\"origin\", // RFC 6454\n\n\t// Content negotiation (RFC 9110 §12.5)\n\t\"accept-charset\", // §12.5.2 (deprecated)\n\t\"accept-encoding\", // §12.5.3\n\t\"accept-language\", // §12.5.4\n\n\t// Conditional requests (RFC 9110 §13.1)\n\t\"if-match\", // §13.1.1\n\t\"if-none-match\", // §13.1.2\n\t\"if-modified-since\", // §13.1.3\n\t\"if-unmodified-since\", // §13.1.4\n\t\"if-range\", // §13.1.5\n\n\t// Range requests (RFC 9110 §14.2)\n\t\"range\", // §14.2\n\n\t// Forwarding control (RFC 9110 §7.6)\n\t\"max-forwards\", // §7.6.2\n\n\t// Hop-by-hop (RFC 9110 §7.6.1)\n\t\"connection\", // §7.6.1\n\t\"keep-alive\",\n\t\"transfer-encoding\",\n\t\"te\", // §10.1.4\n\t\"upgrade\",\n\t\"trailer\",\n\t\"proxy-connection\", // non-standard\n\n\t// Valid on responses but WRONG if copied from request (RFC 9110 §8.6)\n\t\"content-length\",\n]);\n\nfunction stripRequestOnlyHeaders(headers: Headers): void {\n\tfor (const name of REQUEST_ONLY_HEADERS) {\n\t\theaders.delete(name);\n\t}\n}\n\n/**\n * Copy headers from `source` into `target`. `Set-Cookie` is appended (one\n * header per cookie) because RFC 9110 §5.3 notes it cannot be combined\n * into a single comma-separated value; other headers are set (replace).\n */\nfunction copyHeaders(target: Headers, source: HeadersInit | undefined): void {\n\tif (!source) return;\n\tfor (const [key, value] of new Headers(source).entries()) {\n\t\tif (key.toLowerCase() === \"set-cookie\") {\n\t\t\ttarget.append(key, value);\n\t\t} else {\n\t\t\ttarget.set(key, value);\n\t\t}\n\t}\n}\n\nexport function toResponse(data?: any, init?: ResponseInit): Response {\n\tif (data instanceof Response) {\n\t\tif (init?.headers) {\n\t\t\tconst safeHeaders = new Headers(init.headers);\n\t\t\tstripRequestOnlyHeaders(safeHeaders);\n\t\t\tcopyHeaders(data.headers, safeHeaders);\n\t\t}\n\t\treturn data;\n\t}\n\tconst isJSON = isJSONResponse(data);\n\tif (isJSON) {\n\t\tconst body = data.body;\n\t\tconst routerResponse = data.routerResponse;\n\t\tif (routerResponse instanceof Response) {\n\t\t\treturn routerResponse;\n\t\t}\n\t\tconst headers = new Headers();\n\t\tcopyHeaders(headers, routerResponse?.headers);\n\t\tcopyHeaders(headers, data.headers);\n\t\tif (init?.headers) {\n\t\t\tconst safeHeaders = new Headers(init.headers);\n\t\t\tstripRequestOnlyHeaders(safeHeaders);\n\t\t\tcopyHeaders(headers, safeHeaders);\n\t\t}\n\n\t\theaders.set(\"Content-Type\", \"application/json\");\n\t\treturn new Response(JSON.stringify(body), {\n\t\t\t...routerResponse,\n\t\t\theaders,\n\t\t\tstatus: data.status ?? init?.status ?? routerResponse?.status,\n\t\t\tstatusText: init?.statusText ?? routerResponse?.statusText,\n\t\t});\n\t}\n\tif (isAPIError(data)) {\n\t\treturn toResponse(data.body, {\n\t\t\tstatus: init?.status ?? data.statusCode,\n\t\t\tstatusText: data.status.toString(),\n\t\t\theaders: init?.headers || data.headers,\n\t\t});\n\t}\n\tlet body = data;\n\tconst headers = new Headers(init?.headers);\n\tstripRequestOnlyHeaders(headers);\n\tif (!data) {\n\t\tif (data === null) {\n\t\t\tbody = JSON.stringify(null);\n\t\t}\n\t\theaders.set(\"content-type\", \"application/json\");\n\t} else if (typeof data === \"string\") {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", \"text/plain\");\n\t} else if (data instanceof ArrayBuffer || ArrayBuffer.isView(data)) {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", \"application/octet-stream\");\n\t} else if (data instanceof Blob) {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", data.type || \"application/octet-stream\");\n\t} else if (data instanceof FormData) {\n\t\tbody = data;\n\t} else if (data instanceof URLSearchParams) {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", \"application/x-www-form-urlencoded\");\n\t} else if (data instanceof ReadableStream) {\n\t\tbody = data;\n\t\theaders.set(\"Content-Type\", \"application/octet-stream\");\n\t} else if (isJSONSerializable(data)) {\n\t\tbody = safeStringify(data);\n\t\theaders.set(\"Content-Type\", \"application/json\");\n\t}\n\n\treturn new Response(body, {\n\t\t...init,\n\t\theaders,\n\t});\n}\n"],"mappings":";;;;AAGA,SAAS,mBAAmB,OAAY;AACvC,KAAI,UAAU,OACb,QAAO;CAER,MAAM,IAAI,OAAO;AACjB,KAAI,MAAM,YAAY,MAAM,YAAY,MAAM,aAAa,MAAM,KAChE,QAAO;AAER,KAAI,MAAM,SACT,QAAO;AAER,KAAI,MAAM,QAAQ,MAAM,CACvB,QAAO;AAER,KAAI,MAAM,OACT,QAAO;AAER,QACE,MAAM,eAAe,MAAM,YAAY,SAAS,YACjD,OAAO,MAAM,WAAW;;AAI1B,SAAS,cAAc,KAAsB;CAC5C,MAAM,0BAAU,IAAI,SAAyB;CAC7C,MAAM,sBAAM,IAAI,SAAyB;CACzC,IAAI,KAAK;CAET,MAAM,cAAc,OAAe,WAA4B;EAC9D,IAAI,OAA2B;AAC/B,SAAO,MAAM;AACZ,OAAI,SAAS,MAAO,QAAO;AAC3B,UAAO,QAAQ,IAAI,KAAK;;AAEzB,SAAO;;AAGR,QAAO,KAAK,UAAU,KAAK,SAAqB,MAAM,OAAO;AAC5D,MAAI,OAAO,UAAU,SAAU,QAAO,MAAM,UAAU;AACtD,MAAI,OAAO,UAAU,YAAY,UAAU,MAAM;AAChD,OAAI,WAAW,OAAO,KAAK,CAC1B,QAAO,iBAAiB,IAAI,IAAI,MAAM,CAAC;AAExC,WAAQ,IAAI,OAAO,KAAK;AACxB,OAAI,CAAC,IAAI,IAAI,MAAM,CAAE,KAAI,IAAI,OAAO,KAAK;;AAE1C,SAAO;GACN;;AAWH,SAAS,eAAe,OAAmC;AAC1D,KAAI,CAAC,SAAS,OAAO,UAAU,SAC9B,QAAO;AAER,QAAO,WAAW,SAAS,MAAM,UAAU;;;;;;;;;;;;;;;;;;AAmB5C,MAAM,uBAAuB,IAAI,IAAI;CAEpC;CACA;CACA;CACA;CACA;CAGA;CACA;CACA;CACA;CAGA;CACA;CACA;CAGA;CACA;CACA;CACA;CACA;CAGA;CAGA;CAGA;CACA;CACA;CACA;CACA;CACA;CACA;CAGA;CACA,CAAC;AAEF,SAAS,wBAAwB,SAAwB;AACxD,MAAK,MAAM,QAAQ,qBAClB,SAAQ,OAAO,KAAK;;;;;;;AAStB,SAAS,YAAY,QAAiB,QAAuC;AAC5E,KAAI,CAAC,OAAQ;AACb,MAAK,MAAM,CAAC,KAAK,UAAU,IAAI,QAAQ,OAAO,CAAC,SAAS,CACvD,KAAI,IAAI,aAAa,KAAK,aACzB,QAAO,OAAO,KAAK,MAAM;KAEzB,QAAO,IAAI,KAAK,MAAM;;AAKzB,SAAgB,WAAW,MAAY,MAA+B;AACrE,KAAI,gBAAgB,UAAU;AAC7B,MAAI,MAAM,SAAS;GAClB,MAAM,cAAc,IAAI,QAAQ,KAAK,QAAQ;AAC7C,2BAAwB,YAAY;AACpC,eAAY,KAAK,SAAS,YAAY;;AAEvC,SAAO;;AAGR,KADe,eAAe,KAAK,EACvB;EACX,MAAM,OAAO,KAAK;EAClB,MAAM,iBAAiB,KAAK;AAC5B,MAAI,0BAA0B,SAC7B,QAAO;EAER,MAAM,UAAU,IAAI,SAAS;AAC7B,cAAY,SAAS,gBAAgB,QAAQ;AAC7C,cAAY,SAAS,KAAK,QAAQ;AAClC,MAAI,MAAM,SAAS;GAClB,MAAM,cAAc,IAAI,QAAQ,KAAK,QAAQ;AAC7C,2BAAwB,YAAY;AACpC,eAAY,SAAS,YAAY;;AAGlC,UAAQ,IAAI,gBAAgB,mBAAmB;AAC/C,SAAO,IAAI,SAAS,KAAK,UAAU,KAAK,EAAE;GACzC,GAAG;GACH;GACA,QAAQ,KAAK,UAAU,MAAM,UAAU,gBAAgB;GACvD,YAAY,MAAM,cAAc,gBAAgB;GAChD,CAAC;;AAEH,KAAI,WAAW,KAAK,CACnB,QAAO,WAAW,KAAK,MAAM;EAC5B,QAAQ,MAAM,UAAU,KAAK;EAC7B,YAAY,KAAK,OAAO,UAAU;EAClC,SAAS,MAAM,WAAW,KAAK;EAC/B,CAAC;CAEH,IAAI,OAAO;CACX,MAAM,UAAU,IAAI,QAAQ,MAAM,QAAQ;AAC1C,yBAAwB,QAAQ;AAChC,KAAI,CAAC,MAAM;AACV,MAAI,SAAS,KACZ,QAAO,KAAK,UAAU,KAAK;AAE5B,UAAQ,IAAI,gBAAgB,mBAAmB;YACrC,OAAO,SAAS,UAAU;AACpC,SAAO;AACP,UAAQ,IAAI,gBAAgB,aAAa;YAC/B,gBAAgB,eAAe,YAAY,OAAO,KAAK,EAAE;AACnE,SAAO;AACP,UAAQ,IAAI,gBAAgB,2BAA2B;YAC7C,gBAAgB,MAAM;AAChC,SAAO;AACP,UAAQ,IAAI,gBAAgB,KAAK,QAAQ,2BAA2B;YAC1D,gBAAgB,SAC1B,QAAO;UACG,gBAAgB,iBAAiB;AAC3C,SAAO;AACP,UAAQ,IAAI,gBAAgB,oCAAoC;YACtD,gBAAgB,gBAAgB;AAC1C,SAAO;AACP,UAAQ,IAAI,gBAAgB,2BAA2B;YAC7C,mBAAmB,KAAK,EAAE;AACpC,SAAO,cAAc,KAAK;AAC1B,UAAQ,IAAI,gBAAgB,mBAAmB;;AAGhD,QAAO,IAAI,SAAS,MAAM;EACzB,GAAG;EACH;EACA,CAAC"}

package/dist/utils.cjs

@@ -22,7 +22,15 @@ async function getBody(request, allowedMediaTypes) {
 			});
 		}
 	}
-	if (jsonContentTypeRegex.test(normalizedContentType)) return await request.json();
+	if (jsonContentTypeRegex.test(normalizedContentType)) try {
+		return await request.json();
+	} catch (e) {
+		if (e instanceof SyntaxError) throw new require_error.APIError(400, {
+			message: "Invalid JSON in request body",
+			code: "BAD_REQUEST"
+		});
+		throw e;
+	}
 	if (normalizedContentType.includes("application/x-www-form-urlencoded")) {
 		const formData = await request.formData();
 		const result = {};

package/dist/utils.cjs.map

@@ -1 +1 @@
-{"version":3,"file":"utils.cjs","names":["APIError"],"sources":["../src/utils.ts"],"sourcesContent":["import { APIError } from \"./error\";\n\nconst jsonContentTypeRegex = /^application\\/([a-z0-9.+-]*\\+)?json/i;\n\nexport async function getBody(request: Request, allowedMediaTypes?: string[]) {\n\tconst contentType = request.headers.get(\"content-type\") || \"\";\n\tconst normalizedContentType = contentType.toLowerCase();\n\n\tif (!request.body) {\n\t\treturn undefined;\n\t}\n\n\t// Validate content-type if allowedMediaTypes is provided\n\tif (allowedMediaTypes && allowedMediaTypes.length > 0) {\n\t\tconst isAllowed = allowedMediaTypes.some((allowed) => {\n\t\t\t// Normalize both content types for comparison\n\t\t\tconst normalizedContentTypeBase = normalizedContentType\n\t\t\t\t.split(\";\")[0]!\n\t\t\t\t.trim();\n\t\t\tconst normalizedAllowed = allowed.toLowerCase().trim();\n\t\t\treturn (\n\t\t\t\tnormalizedContentTypeBase === normalizedAllowed ||\n\t\t\t\tnormalizedContentTypeBase.includes(normalizedAllowed)\n\t\t\t);\n\t\t});\n\n\t\tif (!isAllowed) {\n\t\t\tif (!normalizedContentType) {\n\t\t\t\tthrow new APIError(415, {\n\t\t\t\t\tmessage: `Content-Type is required. Allowed types: ${allowedMediaTypes.join(\", \")}`,\n\t\t\t\t\tcode: \"UNSUPPORTED_MEDIA_TYPE\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tthrow new APIError(415, {\n\t\t\t\tmessage: `Content-Type \"${contentType}\" is not allowed. Allowed types: ${allowedMediaTypes.join(\", \")}`,\n\t\t\t\tcode: \"UNSUPPORTED_MEDIA_TYPE\",\n\t\t\t});\n\t\t}\n\t}\n\n\tif (jsonContentTypeRegex.test(normalizedContentType)) {\n\t\treturn await request.json();\n\t}\n\n\tif (normalizedContentType.includes(\"application/x-www-form-urlencoded\")) {\n\t\tconst formData = await request.formData();\n\t\tconst result: Record<string, string> = {};\n\t\tformData.forEach((value, key) => {\n\t\t\tresult[key] = value.toString();\n\t\t});\n\t\treturn result;\n\t}\n\n\tif (normalizedContentType.includes(\"multipart/form-data\")) {\n\t\tconst formData = await request.formData();\n\t\tconst result: Record<string, any> = {};\n\t\tformData.forEach((value, key) => {\n\t\t\tresult[key] = value;\n\t\t});\n\t\treturn result;\n\t}\n\n\tif (normalizedContentType.includes(\"text/plain\")) {\n\t\treturn await request.text();\n\t}\n\n\tif (normalizedContentType.includes(\"application/octet-stream\")) {\n\t\treturn await request.arrayBuffer();\n\t}\n\n\tif (\n\t\tnormalizedContentType.includes(\"application/pdf\") ||\n\t\tnormalizedContentType.includes(\"image/\") ||\n\t\tnormalizedContentType.includes(\"video/\")\n\t) {\n\t\tconst blob = await request.blob();\n\t\treturn blob;\n\t}\n\n\tif (\n\t\tnormalizedContentType.includes(\"application/stream\") ||\n\t\trequest.body instanceof ReadableStream\n\t) {\n\t\treturn request.body;\n\t}\n\n\treturn await request.text();\n}\n\nexport function isAPIError(error: any): error is APIError {\n\treturn error instanceof APIError || error?.name === \"APIError\";\n}\n\nexport function tryDecode(str: string) {\n\ttry {\n\t\treturn str.includes(\"%\") ? decodeURIComponent(str) : str;\n\t} catch {\n\t\treturn str;\n\t}\n}\n\ntype Success<T> = {\n\tdata: T;\n\terror: null;\n};\n\ntype Failure<E> = {\n\tdata: null;\n\terror: E;\n};\n\ntype Result<T, E = Error> = Success<T> | Failure<E>;\n\nexport async function tryCatch<T, E = Error>(\n\tpromise: Promise<T>,\n): Promise<Result<T, E>> {\n\ttry {\n\t\tconst data = await promise;\n\t\treturn { data, error: null };\n\t} catch (error) {\n\t\treturn { data: null, error: error as E };\n\t}\n}\n\n/**\n * Check if an object is a `Request`\n * - `instanceof`: works for native Request instances\n * - `toString`: handles where instanceof check fails but the object is still a valid Request\n */\nexport function isRequest(obj: unknown): obj is Request {\n\treturn (\n\t\tobj instanceof Request ||\n\t\tObject.prototype.toString.call(obj) === \"[object Request]\"\n\t);\n}\n"],"mappings":";;;AAEA,MAAM,uBAAuB;AAE7B,eAAsB,QAAQ,SAAkB,mBAA8B;CAC7E,MAAM,cAAc,QAAQ,QAAQ,IAAI,eAAe,IAAI;CAC3D,MAAM,wBAAwB,YAAY,aAAa;AAEvD,KAAI,CAAC,QAAQ,KACZ;AAID,KAAI,qBAAqB,kBAAkB,SAAS,GAanD;MAAI,CAZc,kBAAkB,MAAM,YAAY;GAErD,MAAM,4BAA4B,sBAChC,MAAM,IAAI,CAAC,GACX,MAAM;GACR,MAAM,oBAAoB,QAAQ,aAAa,CAAC,MAAM;AACtD,UACC,8BAA8B,qBAC9B,0BAA0B,SAAS,kBAAkB;IAErD,EAEc;AACf,OAAI,CAAC,sBACJ,OAAM,IAAIA,uBAAS,KAAK;IACvB,SAAS,4CAA4C,kBAAkB,KAAK,KAAK;IACjF,MAAM;IACN,CAAC;AAEH,SAAM,IAAIA,uBAAS,KAAK;IACvB,SAAS,iBAAiB,YAAY,mCAAmC,kBAAkB,KAAK,KAAK;IACrG,MAAM;IACN,CAAC;;;AAIJ,KAAI,qBAAqB,KAAK,sBAAsB,CACnD,QAAO,MAAM,QAAQ,MAAM;AAG5B,KAAI,sBAAsB,SAAS,oCAAoC,EAAE;EACxE,MAAM,WAAW,MAAM,QAAQ,UAAU;EACzC,MAAM,SAAiC,EAAE;AACzC,WAAS,SAAS,OAAO,QAAQ;AAChC,UAAO,OAAO,MAAM,UAAU;IAC7B;AACF,SAAO;;AAGR,KAAI,sBAAsB,SAAS,sBAAsB,EAAE;EAC1D,MAAM,WAAW,MAAM,QAAQ,UAAU;EACzC,MAAM,SAA8B,EAAE;AACtC,WAAS,SAAS,OAAO,QAAQ;AAChC,UAAO,OAAO;IACb;AACF,SAAO;;AAGR,KAAI,sBAAsB,SAAS,aAAa,CAC/C,QAAO,MAAM,QAAQ,MAAM;AAG5B,KAAI,sBAAsB,SAAS,2BAA2B,CAC7D,QAAO,MAAM,QAAQ,aAAa;AAGnC,KACC,sBAAsB,SAAS,kBAAkB,IACjD,sBAAsB,SAAS,SAAS,IACxC,sBAAsB,SAAS,SAAS,CAGxC,QADa,MAAM,QAAQ,MAAM;AAIlC,KACC,sBAAsB,SAAS,qBAAqB,IACpD,QAAQ,gBAAgB,eAExB,QAAO,QAAQ;AAGhB,QAAO,MAAM,QAAQ,MAAM;;AAG5B,SAAgB,WAAW,OAA+B;AACzD,QAAO,iBAAiBA,0BAAY,OAAO,SAAS;;AAGrD,SAAgB,UAAU,KAAa;AACtC,KAAI;AACH,SAAO,IAAI,SAAS,IAAI,GAAG,mBAAmB,IAAI,GAAG;SAC9C;AACP,SAAO;;;AAgBT,eAAsB,SACrB,SACwB;AACxB,KAAI;AAEH,SAAO;GAAE,MADI,MAAM;GACJ,OAAO;GAAM;UACpB,OAAO;AACf,SAAO;GAAE,MAAM;GAAa;GAAY;;;;;;;;AAS1C,SAAgB,UAAU,KAA8B;AACvD,QACC,eAAe,WACf,OAAO,UAAU,SAAS,KAAK,IAAI,KAAK"}
+{"version":3,"file":"utils.cjs","names":["APIError"],"sources":["../src/utils.ts"],"sourcesContent":["import { APIError } from \"./error\";\n\nconst jsonContentTypeRegex = /^application\\/([a-z0-9.+-]*\\+)?json/i;\n\nexport async function getBody(request: Request, allowedMediaTypes?: string[]) {\n\tconst contentType = request.headers.get(\"content-type\") || \"\";\n\tconst normalizedContentType = contentType.toLowerCase();\n\n\tif (!request.body) {\n\t\treturn undefined;\n\t}\n\n\t// Validate content-type if allowedMediaTypes is provided\n\tif (allowedMediaTypes && allowedMediaTypes.length > 0) {\n\t\tconst isAllowed = allowedMediaTypes.some((allowed) => {\n\t\t\t// Normalize both content types for comparison\n\t\t\tconst normalizedContentTypeBase = normalizedContentType\n\t\t\t\t.split(\";\")[0]!\n\t\t\t\t.trim();\n\t\t\tconst normalizedAllowed = allowed.toLowerCase().trim();\n\t\t\treturn (\n\t\t\t\tnormalizedContentTypeBase === normalizedAllowed ||\n\t\t\t\tnormalizedContentTypeBase.includes(normalizedAllowed)\n\t\t\t);\n\t\t});\n\n\t\tif (!isAllowed) {\n\t\t\tif (!normalizedContentType) {\n\t\t\t\tthrow new APIError(415, {\n\t\t\t\t\tmessage: `Content-Type is required. Allowed types: ${allowedMediaTypes.join(\", \")}`,\n\t\t\t\t\tcode: \"UNSUPPORTED_MEDIA_TYPE\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tthrow new APIError(415, {\n\t\t\t\tmessage: `Content-Type \"${contentType}\" is not allowed. Allowed types: ${allowedMediaTypes.join(\", \")}`,\n\t\t\t\tcode: \"UNSUPPORTED_MEDIA_TYPE\",\n\t\t\t});\n\t\t}\n\t}\n\n\tif (jsonContentTypeRegex.test(normalizedContentType)) {\n\t\ttry {\n\t\t\treturn await request.json();\n\t\t} catch (e) {\n\t\t\tif (e instanceof SyntaxError) {\n\t\t\t\tthrow new APIError(400, {\n\t\t\t\t\tmessage: \"Invalid JSON in request body\",\n\t\t\t\t\tcode: \"BAD_REQUEST\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tthrow e;\n\t\t}\n\t}\n\n\tif (normalizedContentType.includes(\"application/x-www-form-urlencoded\")) {\n\t\tconst formData = await request.formData();\n\t\tconst result: Record<string, string> = {};\n\t\tformData.forEach((value, key) => {\n\t\t\tresult[key] = value.toString();\n\t\t});\n\t\treturn result;\n\t}\n\n\tif (normalizedContentType.includes(\"multipart/form-data\")) {\n\t\tconst formData = await request.formData();\n\t\tconst result: Record<string, any> = {};\n\t\tformData.forEach((value, key) => {\n\t\t\tresult[key] = value;\n\t\t});\n\t\treturn result;\n\t}\n\n\tif (normalizedContentType.includes(\"text/plain\")) {\n\t\treturn await request.text();\n\t}\n\n\tif (normalizedContentType.includes(\"application/octet-stream\")) {\n\t\treturn await request.arrayBuffer();\n\t}\n\n\tif (\n\t\tnormalizedContentType.includes(\"application/pdf\") ||\n\t\tnormalizedContentType.includes(\"image/\") ||\n\t\tnormalizedContentType.includes(\"video/\")\n\t) {\n\t\tconst blob = await request.blob();\n\t\treturn blob;\n\t}\n\n\tif (\n\t\tnormalizedContentType.includes(\"application/stream\") ||\n\t\trequest.body instanceof ReadableStream\n\t) {\n\t\treturn request.body;\n\t}\n\n\treturn await request.text();\n}\n\nexport function isAPIError(error: any): error is APIError {\n\treturn error instanceof APIError || error?.name === \"APIError\";\n}\n\nexport function tryDecode(str: string) {\n\ttry {\n\t\treturn str.includes(\"%\") ? decodeURIComponent(str) : str;\n\t} catch {\n\t\treturn str;\n\t}\n}\n\ntype Success<T> = {\n\tdata: T;\n\terror: null;\n};\n\ntype Failure<E> = {\n\tdata: null;\n\terror: E;\n};\n\ntype Result<T, E = Error> = Success<T> | Failure<E>;\n\nexport async function tryCatch<T, E = Error>(\n\tpromise: Promise<T>,\n): Promise<Result<T, E>> {\n\ttry {\n\t\tconst data = await promise;\n\t\treturn { data, error: null };\n\t} catch (error) {\n\t\treturn { data: null, error: error as E };\n\t}\n}\n\n/**\n * Check if an object is a `Request`\n * - `instanceof`: works for native Request instances\n * - `toString`: handles where instanceof check fails but the object is still a valid Request\n */\nexport function isRequest(obj: unknown): obj is Request {\n\treturn (\n\t\tobj instanceof Request ||\n\t\tObject.prototype.toString.call(obj) === \"[object Request]\"\n\t);\n}\n"],"mappings":";;;AAEA,MAAM,uBAAuB;AAE7B,eAAsB,QAAQ,SAAkB,mBAA8B;CAC7E,MAAM,cAAc,QAAQ,QAAQ,IAAI,eAAe,IAAI;CAC3D,MAAM,wBAAwB,YAAY,aAAa;AAEvD,KAAI,CAAC,QAAQ,KACZ;AAID,KAAI,qBAAqB,kBAAkB,SAAS,GAanD;MAAI,CAZc,kBAAkB,MAAM,YAAY;GAErD,MAAM,4BAA4B,sBAChC,MAAM,IAAI,CAAC,GACX,MAAM;GACR,MAAM,oBAAoB,QAAQ,aAAa,CAAC,MAAM;AACtD,UACC,8BAA8B,qBAC9B,0BAA0B,SAAS,kBAAkB;IAErD,EAEc;AACf,OAAI,CAAC,sBACJ,OAAM,IAAIA,uBAAS,KAAK;IACvB,SAAS,4CAA4C,kBAAkB,KAAK,KAAK;IACjF,MAAM;IACN,CAAC;AAEH,SAAM,IAAIA,uBAAS,KAAK;IACvB,SAAS,iBAAiB,YAAY,mCAAmC,kBAAkB,KAAK,KAAK;IACrG,MAAM;IACN,CAAC;;;AAIJ,KAAI,qBAAqB,KAAK,sBAAsB,CACnD,KAAI;AACH,SAAO,MAAM,QAAQ,MAAM;UACnB,GAAG;AACX,MAAI,aAAa,YAChB,OAAM,IAAIA,uBAAS,KAAK;GACvB,SAAS;GACT,MAAM;GACN,CAAC;AAEH,QAAM;;AAIR,KAAI,sBAAsB,SAAS,oCAAoC,EAAE;EACxE,MAAM,WAAW,MAAM,QAAQ,UAAU;EACzC,MAAM,SAAiC,EAAE;AACzC,WAAS,SAAS,OAAO,QAAQ;AAChC,UAAO,OAAO,MAAM,UAAU;IAC7B;AACF,SAAO;;AAGR,KAAI,sBAAsB,SAAS,sBAAsB,EAAE;EAC1D,MAAM,WAAW,MAAM,QAAQ,UAAU;EACzC,MAAM,SAA8B,EAAE;AACtC,WAAS,SAAS,OAAO,QAAQ;AAChC,UAAO,OAAO;IACb;AACF,SAAO;;AAGR,KAAI,sBAAsB,SAAS,aAAa,CAC/C,QAAO,MAAM,QAAQ,MAAM;AAG5B,KAAI,sBAAsB,SAAS,2BAA2B,CAC7D,QAAO,MAAM,QAAQ,aAAa;AAGnC,KACC,sBAAsB,SAAS,kBAAkB,IACjD,sBAAsB,SAAS,SAAS,IACxC,sBAAsB,SAAS,SAAS,CAGxC,QADa,MAAM,QAAQ,MAAM;AAIlC,KACC,sBAAsB,SAAS,qBAAqB,IACpD,QAAQ,gBAAgB,eAExB,QAAO,QAAQ;AAGhB,QAAO,MAAM,QAAQ,MAAM;;AAG5B,SAAgB,WAAW,OAA+B;AACzD,QAAO,iBAAiBA,0BAAY,OAAO,SAAS;;AAGrD,SAAgB,UAAU,KAAa;AACtC,KAAI;AACH,SAAO,IAAI,SAAS,IAAI,GAAG,mBAAmB,IAAI,GAAG;SAC9C;AACP,SAAO;;;AAgBT,eAAsB,SACrB,SACwB;AACxB,KAAI;AAEH,SAAO;GAAE,MADI,MAAM;GACJ,OAAO;GAAM;UACpB,OAAO;AACf,SAAO;GAAE,MAAM;GAAa;GAAY;;;;;;;;AAS1C,SAAgB,UAAU,KAA8B;AACvD,QACC,eAAe,WACf,OAAO,UAAU,SAAS,KAAK,IAAI,KAAK"}