cpeak 2.6.0 → 2.7.0

package/README.md

@@ -28,6 +28,7 @@ This is an educational project that was started as part of the [Understanding No
   - [URL Variables & Parameters](#url-variables--parameters)
   - [Sending Files](#sending-files)
   - [Redirecting](#redirecting)
+  - [Compression](#compression)
   - [Error Handling](#error-handling)
   - [Listening](#listening)
   - [Util Functions](#util-functions)
@@ -37,6 +38,7 @@ This is an educational project that was started as part of the [Understanding No
     - [cookieParser](#cookieparser)
     - [swagger](#swagger)
     - [auth](#auth)
+    - [cors](#cors)
 - [Complete Example](#complete-example)
 - [Versioning Notice](#versioning-notice)
 
@@ -206,6 +208,54 @@ If you want to redirect to a new URL, you can simply do:
 res.redirect("https://whatever.com");
 ```
 
+### Compression
+
+You can enable HTTP response compression at construction time. Once enabled, `serveStatic`, `res.json()` and `res.sendFile()` will compress eligible responses automatically, and you also get a `res.compress()` method on the response for custom payloads.
+
+Fire it up with the defaults like this:
+
+```javascript
+const server = cpeak({ compression: true });
+```
+
+Or pass options to tune the behavior:
+
+```javascript
+const server = cpeak({
+  compression: {
+    threshold: 1024, // bytes — responses smaller than this are sent uncompressed. Default: 1024
+    brotli: {},      // node:zlib BrotliOptions
+    gzip: {},        // node:zlib ZlibOptions
+    deflate: {}      // node:zlib ZlibOptions
+  }
+});
+```
+
+For arbitrary payloads, like a `Buffer`, `string`, or `Readable` stream, use `res.compress`:
+
+```javascript
+server.route("get", "/report", async (req, res) => {
+  const csv = await buildCsvReport();
+  await res.compress("text/csv", csv);
+});
+```
+
+When you're streaming, you can pass a known size as the third argument. Cpeak will use it to decide eligibility against `threshold`, and to set `Content-Length` if the body ends up being sent uncompressed:
+
+```javascript
+import { Readable } from "node:stream";
+
+server.route("get", "/proxy/feed", async (req, res) => {
+  const upstream = await fetch("https://example.com/feed.xml");
+  const size = Number(upstream.headers.get("content-length"));
+  await res.compress("application/xml", Readable.fromWeb(upstream.body), size);
+});
+```
+
+You must first enable compression at construction time to use `res.compress`. 
+
+One thing to keep in mind: when compression is enabled, `res.json()` returns a `Promise` because the work runs through async streams. You don't have to await it, but you can if you want to know when the response has been fully flushed.
+
 ### Error Handling
 
 If anywhere in your route functions or route middleware functions you want to return an error, you can just throw the error and let the automatic error handler catch it:
@@ -273,6 +323,7 @@ The list of utility functions as of now:
 - cookieParser
 - swagger
 - auth
+- cors
 
 Including any one of them is done like this:
 
@@ -571,12 +622,34 @@ For complete working examples, see:
 - [`examples/auth-localstorage.js`](examples/auth-localstorage.js) — token sent via the `Authorization` header (suited for SPAs and mobile clients)
 - [`examples/auth-cookies.js`](examples/auth-cookies.js) — token stored in an `httpOnly` cookie (protects against XSS)
 
+#### cors
+The CORS middleware allows you to enable Cross-Origin Resource Sharing in your application.
+
+```javascript
+server.beforeEach(cors({
+  origin: "http://localhost:3000",  // string, string[], RegExp, boolean, or async (origin) => boolean. Default: "*" (all origins)
+  methods: "GET,POST,PUT,DELETE",   // allowed HTTP methods. Default: "GET,HEAD,PUT,PATCH,POST,DELETE"
+  allowedHeaders: "Content-Type",   // headers the browser may send. Default: echoes request headers for origin:"*", else "Content-Type, Authorization"
+  exposedHeaders: "X-Request-Id",   // response headers the browser may read. Default: none
+  credentials: true,                // adds Access-Control-Allow-Credentials: true. Default: false
+  maxAge: 3600,                     // seconds to cache preflight result in the browser. Default: 86400
+  preflightContinue: false,         // pass OPTIONS preflight to next middleware instead of auto-responding. Default: false
+  optionsSuccessStatus: 204         // status code for successful preflight responses. Default: 204
+}));
+```
+
+Or if you don't care and want to allow everything with the default settings, just do:
+
+```javascript
+server.beforeEach(cors());
+```
+
 ## Complete Example
 
 Here you can see all the features that Cpeak offers (excluding the authentication features), in one small piece of code:
 
 ```javascript
-import cpeak, { serveStatic, parseJSON, render, cookieParser } from "cpeak";
+import cpeak, { serveStatic, parseJSON, render, cookieParser, cors } from "cpeak";
 
 const server = cpeak();
 
@@ -594,6 +667,13 @@ server.beforeEach(parseJSON());
 // For reading and setting cookies
 server.beforeEach(cookieParser({ secret: "your-secret-key" }));
 
+// For enabling CORS
+server.beforeEach(cors({
+  origin: "http://localhost:3000",
+  credentials: true,
+  methods: "GET,POST,PUT,DELETE"
+}));
+
 // Adding custom middleware functions
 server.beforeEach((req, res, next) => {
   req.custom = "This is some string";

package/dist/index.d.ts

@@ -1,6 +1,58 @@
 import * as net from 'net';
 import http, { IncomingMessage, ServerResponse } from 'node:http';
+import { Readable } from 'node:stream';
+import { Buffer } from 'node:buffer';
+import * as node_zlib from 'node:zlib';
 
+interface PbkdfOptions {
+    iterations?: number;
+    keylen?: number;
+    digest?: string;
+    saltSize?: number;
+}
+interface AuthOptions extends PbkdfOptions {
+    secret: string;
+    saveToken: (tokenId: string, userId: string, expiresAt: Date) => Promise<void>;
+    findToken: (tokenId: string) => Promise<{
+        userId: string;
+        expiresAt: Date;
+    } | null>;
+    tokenExpiry?: number;
+    hmacAlgorithm?: string;
+    tokenIdSize?: number;
+    revokeToken?: (tokenId: string) => Promise<void>;
+}
+interface CookieOptions {
+    signed?: boolean;
+    httpOnly?: boolean;
+    secure?: boolean;
+    sameSite?: "strict" | "lax" | "none";
+    maxAge?: number;
+    expires?: Date;
+    path?: string;
+    domain?: string;
+}
+type OriginInput = string | string[] | RegExp | boolean | ((origin: string | undefined) => boolean | Promise<boolean>);
+interface CorsOptions {
+    origin?: OriginInput;
+    methods?: string | string[];
+    allowedHeaders?: string | string[];
+    exposedHeaders?: string | string[];
+    credentials?: boolean;
+    maxAge?: number;
+    preflightContinue?: boolean;
+    optionsSuccessStatus?: number;
+}
+interface CompressionOptions {
+    threshold?: number;
+    brotli?: node_zlib.BrotliOptions;
+    gzip?: node_zlib.ZlibOptions;
+    deflate?: node_zlib.ZlibOptions;
+}
+
+interface CpeakOptions {
+    compression?: boolean | CompressionOptions;
+}
 type StringMap = Record<string, string>;
 interface CpeakRequest<ReqBody = any, ReqQueries = any> extends IncomingMessage {
     params: StringMap;
@@ -16,7 +68,8 @@ interface CpeakResponse extends ServerResponse {
     attachment: (filename?: string) => CpeakResponse;
     cookie: (name: string, value: string, options?: any) => CpeakResponse;
     redirect: (location: string) => void;
-    json: (data: any) => void;
+    json: (data: any) => void | Promise<void>;
+    compress: (mime: string, body: Buffer | string | Readable, size?: number) => Promise<void>;
     [key: string]: any;
 }
 type Next = (err?: any) => void;
@@ -44,44 +97,18 @@ declare const serveStatic: (folderPath: string, newMimeTypes?: StringMap, option
 
 declare const render: () => (req: CpeakRequest, res: CpeakResponse, next: Next) => void;
 
-declare const swagger: (spec: object, prefix?: string) => (req: CpeakRequest, res: CpeakResponse, next: Next) => void;
+declare const swagger: (spec: object, prefix?: string) => (req: CpeakRequest, res: CpeakResponse, next: Next) => void | Promise<void>;
 
-interface PbkdfOptions {
-    iterations?: number;
-    keylen?: number;
-    digest?: string;
-    saltSize?: number;
-}
-interface AuthOptions extends PbkdfOptions {
-    secret: string;
-    saveToken: (tokenId: string, userId: string, expiresAt: Date) => Promise<void>;
-    findToken: (tokenId: string) => Promise<{
-        userId: string;
-        expiresAt: Date;
-    } | null>;
-    tokenExpiry?: number;
-    hmacAlgorithm?: string;
-    tokenIdSize?: number;
-    revokeToken?: (tokenId: string) => Promise<void>;
-}
 declare function hashPassword(password: string, options?: PbkdfOptions): Promise<string>;
 declare function verifyPassword(password: string, stored: string): Promise<boolean>;
 declare function auth(options: AuthOptions): Middleware;
 
-interface CookieOptions {
-    signed?: boolean;
-    httpOnly?: boolean;
-    secure?: boolean;
-    sameSite?: "strict" | "lax" | "none";
-    maxAge?: number;
-    expires?: Date;
-    path?: string;
-    domain?: string;
-}
 declare function cookieParser(options?: {
     secret?: string;
 }): (req: CpeakRequest, res: CpeakResponse, next: Next) => void;
 
+declare const cors: (options?: CorsOptions) => (req: CpeakRequest, res: CpeakResponse, next: Next) => Promise<void>;
+
 declare function frameworkError(message: string, skipFn: Function, code?: string, status?: number): Error & {
     code?: string;
     cpeak_err?: boolean;
@@ -93,7 +120,8 @@ declare enum ErrorCode {
     SEND_FILE_FAIL = "CPEAK_ERR_SEND_FILE_FAIL",
     INVALID_JSON = "CPEAK_ERR_INVALID_JSON",
     PAYLOAD_TOO_LARGE = "CPEAK_ERR_PAYLOAD_TOO_LARGE",
-    WEAK_SECRET = "CPEAK_ERR_WEAK_SECRET"
+    WEAK_SECRET = "CPEAK_ERR_WEAK_SECRET",
+    COMPRESSION_NOT_ENABLED = "CPEAK_ERR_COMPRESSION_NOT_ENABLED"
 }
 declare class CpeakIncomingMessage extends http.IncomingMessage {
     #private;
@@ -106,11 +134,12 @@ declare class CpeakServerResponse extends http.ServerResponse<CpeakIncomingMessa
     status(code: number): this;
     attachment(filename?: string): this;
     redirect(location: string): void;
-    json(data: any): void;
+    json(data: any): void | Promise<void>;
+    compress(mime: string, body: Buffer | string | Readable, size?: number): Promise<void>;
 }
 declare class Cpeak {
     #private;
-    constructor();
+    constructor(options?: CpeakOptions);
     route(method: string, path: string, ...args: (RouteMiddleware | Handler)[]): void;
     beforeEach(cb: Middleware): void;
     handleErr(cb: (err: unknown, req: CpeakRequest, res: CpeakResponse) => void): void;
@@ -119,6 +148,6 @@ declare class Cpeak {
     close(cb?: (err?: Error) => void): void;
 }
 
-declare function cpeak(): Cpeak;
+declare function cpeak(options?: CpeakOptions): Cpeak;
 
-export { type AuthOptions, type CookieOptions, Cpeak, CpeakIncomingMessage, type CpeakRequest, type CpeakResponse, CpeakServerResponse, ErrorCode, type HandleErr, type Handler, type Middleware, type Next, type PbkdfOptions, type RouteMiddleware, type RoutesMap, auth, cookieParser, cpeak as default, frameworkError, hashPassword, parseJSON, render, serveStatic, swagger, verifyPassword };
+export { type AuthOptions, type CompressionOptions, type CookieOptions, type CorsOptions, Cpeak, CpeakIncomingMessage, type CpeakOptions, type CpeakRequest, type CpeakResponse, CpeakServerResponse, ErrorCode, type HandleErr, type Handler, type Middleware, type Next, type PbkdfOptions, type RouteMiddleware, type RoutesMap, auth, cookieParser, cors, cpeak as default, frameworkError, hashPassword, parseJSON, render, serveStatic, swagger, verifyPassword };

package/dist/index.js

@@ -2,10 +2,120 @@
 import http from "http";
 import fs3 from "fs/promises";
 import { createReadStream } from "fs";
+import { pipeline as pipeline2 } from "stream/promises";
+
+// lib/utils/compression.ts
+import zlib from "zlib";
+import { Readable } from "stream";
+import { Buffer as Buffer2 } from "buffer";
 import { pipeline } from "stream/promises";
+var COMPRESSIBLE_TYPE = /text|json|javascript|css|xml|svg/i;
+var NO_TRANSFORM = /(?:^|,)\s*no-transform\s*(?:,|$)/i;
+function pickEncoding(header) {
+  if (!header) return null;
+  const accepted = {};
+  let wildcard;
+  for (const part of header.split(",")) {
+    const [rawName, ...params] = part.trim().split(";");
+    const name = rawName.trim().toLowerCase();
+    if (!name) continue;
+    let q = 1;
+    for (const p of params) {
+      const m = p.trim().match(/^q=([\d.]+)$/i);
+      if (m) q = Number(m[1]);
+    }
+    if (Number.isNaN(q)) q = 0;
+    if (name === "*") wildcard = q;
+    else accepted[name] = q;
+  }
+  const tryPick = (enc) => {
+    const q = enc in accepted ? accepted[enc] : wildcard;
+    return q !== void 0 && q > 0;
+  };
+  if (tryPick("br")) return "br";
+  if (tryPick("gzip")) return "gzip";
+  if (tryPick("deflate")) return "deflate";
+  return null;
+}
+function appendVary(res, value) {
+  const existing = res.getHeader("Vary");
+  if (!existing) return res.setHeader("Vary", value);
+  const current = String(existing).split(",").map((s) => s.trim()).filter(Boolean);
+  if (current.includes("*") || current.some((v) => v.toLowerCase() === value.toLowerCase()))
+    return;
+  res.setHeader("Vary", [...current, value].join(", "));
+}
+function brotliOptsFor(config) {
+  const userBrotli = config.brotli || {};
+  return {
+    ...userBrotli,
+    params: {
+      [zlib.constants.BROTLI_PARAM_QUALITY]: 4,
+      ...userBrotli.params || {}
+    }
+  };
+}
+function createCompressorStream(encoding, config) {
+  if (encoding === "br")
+    return zlib.createBrotliCompress(brotliOptsFor(config));
+  if (encoding === "gzip") return zlib.createGzip(config.gzip);
+  return zlib.createDeflate(config.deflate);
+}
+function negotiate(res, mime, size, config) {
+  if (!COMPRESSIBLE_TYPE.test(mime)) return { encoding: null, eligible: false };
+  if (res.req?.method === "HEAD") return { encoding: null, eligible: false };
+  const cc = res.getHeader("Cache-Control");
+  if (cc && NO_TRANSFORM.test(String(cc)))
+    return { encoding: null, eligible: false };
+  const existing = res.getHeader("Content-Encoding");
+  if (existing && existing !== "identity")
+    return { encoding: null, eligible: false };
+  if (size < config.threshold) return { encoding: null, eligible: true };
+  const encoding = pickEncoding(
+    String(res.req?.headers["accept-encoding"] || "")
+  );
+  return { encoding, eligible: true };
+}
+function bodyAsReadable(body) {
+  if (Buffer2.isBuffer(body)) return Readable.from([body]);
+  if (typeof body === "string") return Readable.from([Buffer2.from(body)]);
+  return body;
+}
+function resolveCompressionOptions(input) {
+  const options = input === true ? {} : input;
+  return {
+    threshold: options.threshold ?? 1024,
+    brotli: options.brotli ?? {},
+    gzip: options.gzip ?? {},
+    deflate: options.deflate ?? {}
+  };
+}
+async function compressAndSend(res, mime, body, config, size) {
+  res.setHeader("Content-Type", mime);
+  const knownSize = Buffer2.isBuffer(body) ? body.length : typeof body === "string" ? Buffer2.byteLength(body) : size ?? Infinity;
+  const { encoding, eligible } = negotiate(res, mime, knownSize, config);
+  if (!encoding) {
+    if (eligible) appendVary(res, "Accept-Encoding");
+    if (Buffer2.isBuffer(body) || typeof body === "string") {
+      res.setHeader("Content-Length", String(knownSize));
+      res.end(body);
+      return;
+    }
+    if (size !== void 0) res.setHeader("Content-Length", String(size));
+    await pipeline(body, res);
+    return;
+  }
+  res.setHeader("Content-Encoding", encoding);
+  appendVary(res, "Accept-Encoding");
+  await pipeline(
+    bodyAsReadable(body),
+    createCompressorStream(encoding, config),
+    res
+  );
+}
 
 // lib/utils/parseJSON.ts
-import { Buffer as Buffer2 } from "buffer";
+import { Buffer as Buffer3 } from "buffer";
 function isJSON(contentType) {
   if (!contentType) return false;
   if (contentType === "application/json") return true;
@@ -38,7 +148,7 @@ var parseJSON = (options = {}) => {
     };
     const onEnd = () => {
       try {
-        const rawBody = chunks.length === 1 ? chunks[0].toString("utf-8") : Buffer2.concat(chunks).toString("utf-8");
+        const rawBody = chunks.length === 1 ? chunks[0].toString("utf-8") : Buffer3.concat(chunks).toString("utf-8");
         req.body = rawBody ? JSON.parse(rawBody) : {};
         next();
       } catch (err) {
@@ -160,6 +270,11 @@ var render = () => {
       }
       let fileStr = await fs2.readFile(path2, "utf-8");
       const finalStr = renderTemplate(fileStr, data);
+      const config = res.socket?.server?._cpeakCompression;
+      if (config) {
+        await compressAndSend(res, mime, finalStr, config);
+        return;
+      }
       res.setHeader("Content-Type", mime);
       res.end(finalStr);
     };
@@ -424,6 +539,69 @@ function cookieParser(options = {}) {
   };
 }
 
+// lib/utils/cors.ts
+function appendVary2(res, value) {
+  const existing = res.getHeader("Vary");
+  if (!existing) return res.setHeader("Vary", value);
+  const current = String(existing).split(",").map((s) => s.trim()).filter(Boolean);
+  if (current.includes("*") || current.includes(value)) return;
+  res.setHeader("Vary", [...current, value].join(", "));
+}
+async function isAllowed(origin, rule) {
+  if (rule === true || rule === "*") return true;
+  if (rule === false || !origin) return false;
+  if (typeof rule === "string") return rule === origin;
+  if (Array.isArray(rule)) return rule.includes(origin);
+  if (rule instanceof RegExp) return rule.test(origin);
+  if (typeof rule === "function") return await rule(origin);
+  return false;
+}
+var cors = (options = {}) => {
+  const {
+    origin = "*",
+    methods = "GET,HEAD,PUT,PATCH,POST,DELETE",
+    allowedHeaders,
+    exposedHeaders,
+    credentials = false,
+    maxAge = 86400,
+    preflightContinue = false,
+    optionsSuccessStatus = 204
+  } = options;
+  const methodsStr = Array.isArray(methods) ? methods.join(",") : methods;
+  const allowedHeadersStr = Array.isArray(allowedHeaders) ? allowedHeaders.join(",") : allowedHeaders;
+  const exposedHeadersStr = Array.isArray(exposedHeaders) ? exposedHeaders.join(",") : exposedHeaders;
+  return async (req, res, next) => {
+    const requestOrigin = req.headers.origin;
+    if (!requestOrigin) return next();
+    const allowed = await isAllowed(requestOrigin, origin);
+    if (!allowed) return next();
+    const allowOriginValue = origin === "*" && !credentials ? "*" : requestOrigin;
+    res.setHeader("Access-Control-Allow-Origin", allowOriginValue);
+    if (allowOriginValue !== "*") appendVary2(res, "Origin");
+    if (credentials) res.setHeader("Access-Control-Allow-Credentials", "true");
+    if (exposedHeadersStr)
+      res.setHeader("Access-Control-Expose-Headers", exposedHeadersStr);
+    const isPreflight = req.method === "OPTIONS" && req.headers["access-control-request-method"] !== void 0;
+    if (!isPreflight) return next();
+    res.setHeader("Access-Control-Allow-Methods", methodsStr);
+    if (allowedHeadersStr) {
+      res.setHeader("Access-Control-Allow-Headers", allowedHeadersStr);
+    } else if (origin === "*") {
+      const requested = req.headers["access-control-request-headers"];
+      if (requested) res.setHeader("Access-Control-Allow-Headers", requested);
+    } else {
+      res.setHeader(
+        "Access-Control-Allow-Headers",
+        "Content-Type, Authorization"
+      );
+    }
+    res.setHeader("Access-Control-Max-Age", String(maxAge));
+    if (preflightContinue) return next();
+    res.statusCode = optionsSuccessStatus;
+    res.end();
+  };
+};
+
 // lib/index.ts
 function frameworkError(message, skipFn, code, status) {
   const err = new Error(message);
@@ -441,8 +619,12 @@ var ErrorCode = /* @__PURE__ */ ((ErrorCode2) => {
   ErrorCode2["INVALID_JSON"] = "CPEAK_ERR_INVALID_JSON";
   ErrorCode2["PAYLOAD_TOO_LARGE"] = "CPEAK_ERR_PAYLOAD_TOO_LARGE";
   ErrorCode2["WEAK_SECRET"] = "CPEAK_ERR_WEAK_SECRET";
+  ErrorCode2["COMPRESSION_NOT_ENABLED"] = "CPEAK_ERR_COMPRESSION_NOT_ENABLED";
   return ErrorCode2;
 })(ErrorCode || {});
+function compressionConfigFor(res) {
+  return res.socket?.server?._cpeakCompression;
+}
 var CpeakIncomingMessage = class extends http.IncomingMessage {
   // We define body and params here for better V8 optimization (not changing the shape of the object at runtime)
   body = void 0;
@@ -483,9 +665,14 @@ var CpeakServerResponse = class extends http.ServerResponse {
           "CPEAK_ERR_NOT_A_FILE" /* NOT_A_FILE */
         );
       }
+      const config = compressionConfigFor(this);
+      if (config) {
+        await compressAndSend(this, mime, createReadStream(path2), config, stat.size);
+        return;
+      }
       this.setHeader("Content-Type", mime);
       this.setHeader("Content-Length", String(stat.size));
-      await pipeline(createReadStream(path2), this);
+      await pipeline2(createReadStream(path2), this);
     } catch (err) {
       if (err?.code === "ENOENT") {
         throw frameworkError(
@@ -517,10 +704,30 @@ var CpeakServerResponse = class extends http.ServerResponse {
     this.writeHead(302, { Location: location });
     this.end();
   }
-  // Send a json data back to the client (for small json data, less than the highWaterMark)
+  // Send a json data back to the client. Sync hot path when compression is
+  // off — no Promise allocation, no microtask. Branches into compressAndSend
+  // (async) when compression was enabled at cpeak() construction.
   json(data) {
+    const body = JSON.stringify(data);
+    const config = compressionConfigFor(this);
+    if (config) {
+      return compressAndSend(this, "application/json", body, config);
+    }
     this.setHeader("Content-Type", "application/json");
-    this.end(JSON.stringify(data));
+    this.end(body);
+  }
+  // Explicit compression entry point. Throws if compression wasn't configured —
+  // the developer asked to compress but the framework was never told to.
+  compress(mime, body, size) {
+    const config = compressionConfigFor(this);
+    if (!config) {
+      throw frameworkError(
+        "compression is not enabled. Pass `compression` to cpeak({ compression: true | { ... } }) to use res.compress.",
+        this.compress,
+        "CPEAK_ERR_COMPRESSION_NOT_ENABLED" /* COMPRESSION_NOT_ENABLED */
+      );
+    }
+    return compressAndSend(this, mime, body, config, size);
   }
 };
 var Cpeak = class {
@@ -528,13 +735,18 @@ var Cpeak = class {
   #routes;
   #middleware;
   #handleErr;
-  constructor() {
+  constructor(options = {}) {
     this.#server = http.createServer({
       IncomingMessage: CpeakIncomingMessage,
       ServerResponse: CpeakServerResponse
     });
     this.#routes = {};
     this.#middleware = [];
+    if (options.compression) {
+      this.#server._cpeakCompression = resolveCompressionOptions(
+        options.compression
+      );
+    }
     this.#server.on(
       "request",
       async (req, res) => {
@@ -657,8 +869,8 @@ var Cpeak = class {
     return params;
   }
 };
-function cpeak() {
-  return new Cpeak();
+function cpeak(options) {
+  return new Cpeak(options);
 }
 export {
   Cpeak,
@@ -667,6 +879,7 @@ export {
   ErrorCode,
   auth,
   cookieParser,
+  cors,
   cpeak as default,
   frameworkError,
   hashPassword,