npm - gorsee - Versions diffs - 0.2.4 → 0.2.6 - Mend

gorsee 0.2.4 → 0.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (532) hide show

package/README.md +283 -212
package/dist-pkg/ai/artifact-lifecycle.d.ts +25 -0
package/dist-pkg/ai/artifact-lifecycle.js +98 -0
package/dist-pkg/ai/bridge.d.ts +26 -0
package/dist-pkg/ai/bridge.js +82 -0
package/dist-pkg/ai/bundle.d.ts +46 -0
package/dist-pkg/ai/bundle.js +247 -0
package/dist-pkg/ai/contracts.d.ts +1 -0
package/dist-pkg/ai/contracts.js +1 -0
package/dist-pkg/ai/ide.d.ts +37 -0
package/dist-pkg/ai/ide.js +56 -0
package/dist-pkg/ai/index.d.ts +85 -0
package/dist-pkg/ai/index.js +267 -0
package/dist-pkg/ai/json.d.ts +6 -0
package/dist-pkg/ai/json.js +14 -0
package/dist-pkg/ai/mcp.d.ts +28 -0
package/dist-pkg/ai/mcp.js +173 -0
package/dist-pkg/ai/session-pack.d.ts +28 -0
package/dist-pkg/ai/session-pack.js +57 -0
package/dist-pkg/ai/store.d.ts +67 -0
package/dist-pkg/ai/store.js +174 -0
package/dist-pkg/ai/summary.d.ts +57 -0
package/dist-pkg/ai/summary.js +148 -0
package/dist-pkg/ai/watch.d.ts +15 -0
package/dist-pkg/ai/watch.js +66 -0
package/dist-pkg/auth/action-tokens.d.ts +50 -0
package/dist-pkg/auth/action-tokens.js +79 -0
package/dist-pkg/auth/index.d.ts +70 -0
package/dist-pkg/auth/index.js +199 -0
package/dist-pkg/auth/redis-session-store.d.ts +7 -0
package/dist-pkg/auth/redis-session-store.js +42 -0
package/dist-pkg/auth/signing.d.ts +4 -0
package/dist-pkg/auth/signing.js +33 -0
package/dist-pkg/auth/sqlite-session-store.d.ts +12 -0
package/dist-pkg/auth/sqlite-session-store.js +83 -0
package/dist-pkg/auth/store-utils.d.ts +2 -0
package/dist-pkg/auth/store-utils.js +20 -0
package/dist-pkg/bin/gorsee.js +2 -0
package/dist-pkg/build/backends/experimental-rolldown.d.ts +6 -0
package/dist-pkg/build/backends/experimental-rolldown.js +9 -0
package/dist-pkg/build/backends/register.d.ts +7 -0
package/dist-pkg/build/backends/register.js +24 -0
package/dist-pkg/build/backends/rolldown.d.ts +16 -0
package/dist-pkg/build/backends/rolldown.js +176 -0
package/dist-pkg/build/client-backend.d.ts +31 -0
package/dist-pkg/build/client-backend.js +97 -0
package/dist-pkg/build/client.d.ts +12 -0
package/dist-pkg/build/client.js +93 -0
package/dist-pkg/build/css-modules.d.ts +10 -0
package/dist-pkg/build/css-modules.js +51 -0
package/dist-pkg/build/devalue-parse.d.ts +1 -0
package/dist-pkg/build/devalue-parse.js +1 -0
package/dist-pkg/build/diagnostics.d.ts +20 -0
package/dist-pkg/build/diagnostics.js +35 -0
package/dist-pkg/build/fixtures.d.ts +7 -0
package/dist-pkg/build/fixtures.js +60 -0
package/dist-pkg/build/framework-imports.d.ts +4 -0
package/dist-pkg/build/framework-imports.js +58 -0
package/dist-pkg/build/init.d.ts +1 -0
package/dist-pkg/build/init.js +6 -0
package/dist-pkg/build/manifest.d.ts +3 -0
package/dist-pkg/build/manifest.js +23 -0
package/dist-pkg/build/parity.d.ts +32 -0
package/dist-pkg/build/parity.js +71 -0
package/dist-pkg/build/plugin.d.ts +11 -0
package/dist-pkg/build/plugin.js +8 -0
package/dist-pkg/build/readiness.d.ts +11 -0
package/dist-pkg/build/readiness.js +18 -0
package/dist-pkg/build/route-client-transform.d.ts +17 -0
package/dist-pkg/build/route-client-transform.js +48 -0
package/dist-pkg/build/route-metadata.d.ts +6 -0
package/dist-pkg/build/route-metadata.js +8 -0
package/dist-pkg/build/rpc-transform.d.ts +1 -0
package/dist-pkg/build/rpc-transform.js +44 -0
package/dist-pkg/build/server-bundle.d.ts +4 -0
package/dist-pkg/build/server-bundle.js +261 -0
package/dist-pkg/build/server-strip.d.ts +2 -0
package/dist-pkg/build/server-strip.js +32 -0
package/dist-pkg/build/ssg.d.ts +12 -0
package/dist-pkg/build/ssg.js +36 -0
package/dist-pkg/cli/bun-plugin.d.ts +2 -0
package/dist-pkg/cli/bun-plugin.js +14 -0
package/dist-pkg/cli/canonical-import-rewrite.d.ts +18 -0
package/dist-pkg/cli/canonical-import-rewrite.js +94 -0
package/dist-pkg/cli/canonical-imports.d.ts +8 -0
package/dist-pkg/cli/canonical-imports.js +131 -0
package/dist-pkg/cli/check-ast.d.ts +20 -0
package/dist-pkg/cli/check-ast.js +126 -0
package/dist-pkg/cli/cmd-ai.d.ts +4 -0
package/dist-pkg/cli/cmd-ai.js +290 -0
package/dist-pkg/cli/cmd-build.d.ts +12 -0
package/dist-pkg/cli/cmd-build.js +198 -0
package/dist-pkg/cli/cmd-check.d.ts +25 -0
package/dist-pkg/cli/cmd-check.js +573 -0
package/dist-pkg/cli/cmd-create.d.ts +6 -0
package/dist-pkg/cli/cmd-create.js +600 -0
package/dist-pkg/cli/cmd-deploy.d.ts +6 -0
package/dist-pkg/cli/cmd-deploy.js +381 -0
package/dist-pkg/cli/cmd-dev.d.ts +5 -0
package/dist-pkg/cli/cmd-dev.js +5 -0
package/dist-pkg/cli/cmd-docs.d.ts +50 -0
package/dist-pkg/cli/cmd-docs.js +122 -0
package/dist-pkg/cli/cmd-generate.d.ts +12 -0
package/dist-pkg/cli/cmd-generate.js +320 -0
package/dist-pkg/cli/cmd-migrate.d.ts +7 -0
package/dist-pkg/cli/cmd-migrate.js +42 -0
package/dist-pkg/cli/cmd-routes.d.ts +6 -0
package/dist-pkg/cli/cmd-routes.js +24 -0
package/dist-pkg/cli/cmd-start.d.ts +13 -0
package/dist-pkg/cli/cmd-start.js +32 -0
package/dist-pkg/cli/cmd-test.d.ts +20 -0
package/dist-pkg/cli/cmd-test.js +103 -0
package/dist-pkg/cli/cmd-typegen.d.ts +7 -0
package/dist-pkg/cli/cmd-typegen.js +66 -0
package/dist-pkg/cli/cmd-upgrade.d.ts +38 -0
package/dist-pkg/cli/cmd-upgrade.js +232 -0
package/dist-pkg/cli/context.d.ts +4 -0
package/dist-pkg/cli/context.js +4 -0
package/dist-pkg/cli/framework-md.d.ts +1 -0
package/dist-pkg/cli/framework-md.js +391 -0
package/dist-pkg/cli/index.d.ts +6 -0
package/dist-pkg/cli/index.js +106 -0
package/dist-pkg/cli/release-version.d.ts +2 -0
package/dist-pkg/cli/release-version.js +33 -0
package/dist-pkg/client.d.ts +16 -0
package/dist-pkg/client.js +71 -0
package/dist-pkg/compat.d.ts +1 -0
package/dist-pkg/compat.js +1 -0
package/dist-pkg/compiler/analysis-backend.d.ts +20 -0
package/dist-pkg/compiler/analysis-backend.js +164 -0
package/dist-pkg/compiler/backends/experimental-oxc.d.ts +6 -0
package/dist-pkg/compiler/backends/experimental-oxc.js +9 -0
package/dist-pkg/compiler/backends/oxc.d.ts +16 -0
package/dist-pkg/compiler/backends/oxc.js +198 -0
package/dist-pkg/compiler/backends/register.d.ts +7 -0
package/dist-pkg/compiler/backends/register.js +22 -0
package/dist-pkg/compiler/fixtures.d.ts +2 -0
package/dist-pkg/compiler/fixtures.js +118 -0
package/dist-pkg/compiler/init.d.ts +1 -0
package/dist-pkg/compiler/init.js +6 -0
package/dist-pkg/compiler/module-analysis.d.ts +13 -0
package/dist-pkg/compiler/module-analysis.js +50 -0
package/dist-pkg/compiler/parity.d.ts +35 -0
package/dist-pkg/compiler/parity.js +89 -0
package/dist-pkg/compiler/readiness.d.ts +11 -0
package/dist-pkg/compiler/readiness.js +18 -0
package/dist-pkg/compiler/route-facts.d.ts +34 -0
package/dist-pkg/compiler/route-facts.js +75 -0
package/dist-pkg/content/index.d.ts +27 -0
package/dist-pkg/content/index.js +287 -0
package/dist-pkg/db/index.d.ts +3 -0
package/dist-pkg/db/index.js +6 -0
package/dist-pkg/db/migrate.d.ts +7 -0
package/dist-pkg/db/migrate.js +53 -0
package/dist-pkg/db/postgres.d.ts +29 -0
package/dist-pkg/db/postgres.js +59 -0
package/dist-pkg/db/sqlite.d.ts +10 -0
package/dist-pkg/db/sqlite.js +22 -0
package/dist-pkg/deploy/cloudflare.d.ts +8 -0
package/{src/deploy/cloudflare.ts → dist-pkg/deploy/cloudflare.js} +44 -28
package/dist-pkg/deploy/conformance.d.ts +21 -0
package/dist-pkg/deploy/conformance.js +98 -0
package/dist-pkg/deploy/dockerfile.d.ts +3 -0
package/{src/deploy/dockerfile.ts → dist-pkg/deploy/dockerfile.js} +8 -10
package/dist-pkg/deploy/fly.d.ts +3 -0
package/{src/deploy/fly.ts → dist-pkg/deploy/fly.js} +11 -12
package/dist-pkg/deploy/index.d.ts +6 -0
package/dist-pkg/deploy/index.js +26 -0
package/dist-pkg/deploy/netlify.d.ts +2 -0
package/{src/deploy/netlify.ts → dist-pkg/deploy/netlify.js} +17 -11
package/dist-pkg/deploy/runtime.d.ts +2 -0
package/dist-pkg/deploy/runtime.js +3 -0
package/dist-pkg/deploy/vercel.d.ts +22 -0
package/dist-pkg/deploy/vercel.js +53 -0
package/dist-pkg/dev/error-overlay.d.ts +1 -0
package/{src/dev/error-overlay.ts → dist-pkg/dev/error-overlay.js} +13 -23
package/dist-pkg/dev/hmr.d.ts +30 -0
package/dist-pkg/dev/hmr.js +86 -0
package/dist-pkg/dev/partial-handler.d.ts +9 -0
package/dist-pkg/dev/partial-handler.js +24 -0
package/dist-pkg/dev/request-handler.d.ts +30 -0
package/dist-pkg/dev/request-handler.js +67 -0
package/dist-pkg/dev/watcher.d.ts +6 -0
package/dist-pkg/dev/watcher.js +34 -0
package/dist-pkg/dev.d.ts +11 -0
package/dist-pkg/dev.js +268 -0
package/dist-pkg/env/index.d.ts +3 -0
package/dist-pkg/env/index.js +57 -0
package/dist-pkg/errors/catalog.d.ts +9 -0
package/{src/errors/catalog.ts → dist-pkg/errors/catalog.js} +8 -24
package/dist-pkg/errors/formatter.d.ts +22 -0
package/dist-pkg/errors/formatter.js +43 -0
package/dist-pkg/errors/index.d.ts +2 -0
package/dist-pkg/errors/index.js +2 -0
package/dist-pkg/forms/action.d.ts +15 -0
package/dist-pkg/forms/action.js +20 -0
package/dist-pkg/forms/index.d.ts +4 -0
package/dist-pkg/forms/index.js +12 -0
package/dist-pkg/i18n/index.d.ts +61 -0
package/dist-pkg/i18n/index.js +147 -0
package/dist-pkg/index-client.d.ts +1 -0
package/dist-pkg/index-client.js +1 -0
package/dist-pkg/index.d.ts +32 -0
package/dist-pkg/index.js +79 -0
package/dist-pkg/jsx-runtime-client.d.ts +8 -0
package/dist-pkg/jsx-runtime-client.js +1 -0
package/dist-pkg/jsx-runtime.d.ts +13 -0
package/dist-pkg/jsx-runtime.js +5 -0
package/dist-pkg/jsx-types-html.d.ts +221 -0
package/dist-pkg/jsx-types-html.js +0 -0
package/dist-pkg/log/index.d.ts +8 -0
package/dist-pkg/log/index.js +55 -0
package/dist-pkg/plugins/drizzle.d.ts +16 -0
package/dist-pkg/plugins/drizzle.js +53 -0
package/dist-pkg/plugins/index.d.ts +62 -0
package/dist-pkg/plugins/index.js +159 -0
package/dist-pkg/plugins/lucia.d.ts +26 -0
package/dist-pkg/plugins/lucia.js +63 -0
package/dist-pkg/plugins/prisma.d.ts +14 -0
package/dist-pkg/plugins/prisma.js +60 -0
package/dist-pkg/plugins/resend.d.ts +21 -0
package/dist-pkg/plugins/resend.js +45 -0
package/dist-pkg/plugins/s3.d.ts +18 -0
package/dist-pkg/plugins/s3.js +63 -0
package/dist-pkg/plugins/stripe.d.ts +32 -0
package/dist-pkg/plugins/stripe.js +69 -0
package/dist-pkg/plugins/tailwind.d.ts +15 -0
package/dist-pkg/plugins/tailwind.js +58 -0
package/dist-pkg/prod.d.ts +21 -0
package/dist-pkg/prod.js +347 -0
package/dist-pkg/reactive/computed.d.ts +3 -0
package/dist-pkg/reactive/computed.js +15 -0
package/dist-pkg/reactive/data.d.ts +25 -0
package/dist-pkg/reactive/data.js +56 -0
package/dist-pkg/reactive/diagnostics.d.ts +100 -0
package/dist-pkg/reactive/diagnostics.js +363 -0
package/dist-pkg/reactive/effect.d.ts +3 -0
package/dist-pkg/reactive/effect.js +6 -0
package/dist-pkg/reactive/index.d.ts +9 -0
package/dist-pkg/reactive/index.js +18 -0
package/dist-pkg/reactive/live.d.ts +15 -0
package/dist-pkg/reactive/live.js +70 -0
package/dist-pkg/reactive/optimistic.d.ts +20 -0
package/dist-pkg/reactive/optimistic.js +67 -0
package/dist-pkg/reactive/resource.d.ts +25 -0
package/dist-pkg/reactive/resource.js +153 -0
package/dist-pkg/reactive/signal.d.ts +4 -0
package/dist-pkg/reactive/signal.js +17 -0
package/dist-pkg/reactive/store.d.ts +6 -0
package/dist-pkg/reactive/store.js +19 -0
package/dist-pkg/router/index.d.ts +2 -0
package/dist-pkg/router/index.js +2 -0
package/dist-pkg/router/matcher.d.ts +7 -0
package/dist-pkg/router/matcher.js +40 -0
package/dist-pkg/router/scanner.d.ts +14 -0
package/dist-pkg/router/scanner.js +141 -0
package/dist-pkg/routes/index.d.ts +1 -0
package/dist-pkg/routes/index.js +10 -0
package/dist-pkg/runtime/app-config.d.ts +26 -0
package/dist-pkg/runtime/app-config.js +69 -0
package/dist-pkg/runtime/client.d.ts +3 -0
package/dist-pkg/runtime/client.js +42 -0
package/dist-pkg/runtime/devtools.d.ts +64 -0
package/dist-pkg/runtime/devtools.js +132 -0
package/dist-pkg/runtime/error-boundary.d.ts +6 -0
package/dist-pkg/runtime/error-boundary.js +17 -0
package/dist-pkg/runtime/event-replay.d.ts +3 -0
package/{src/runtime/event-replay.ts → dist-pkg/runtime/event-replay.js} +20 -22
package/dist-pkg/runtime/event-source.d.ts +7 -0
package/dist-pkg/runtime/event-source.js +24 -0
package/dist-pkg/runtime/form.d.ts +24 -0
package/dist-pkg/runtime/form.js +65 -0
package/dist-pkg/runtime/head.d.ts +7 -0
package/dist-pkg/runtime/head.js +90 -0
package/dist-pkg/runtime/html-escape.d.ts +7 -0
package/dist-pkg/runtime/html-escape.js +39 -0
package/dist-pkg/runtime/hydration.d.ts +15 -0
package/dist-pkg/runtime/hydration.js +103 -0
package/dist-pkg/runtime/image.d.ts +49 -0
package/dist-pkg/runtime/image.js +144 -0
package/dist-pkg/runtime/index.d.ts +17 -0
package/dist-pkg/runtime/index.js +59 -0
package/dist-pkg/runtime/island-hydrator.d.ts +12 -0
package/dist-pkg/runtime/island-hydrator.js +74 -0
package/dist-pkg/runtime/island.d.ts +19 -0
package/dist-pkg/runtime/island.js +36 -0
package/dist-pkg/runtime/jsx-runtime.d.ts +12 -0
package/dist-pkg/runtime/jsx-runtime.js +176 -0
package/dist-pkg/runtime/link.d.ts +16 -0
package/dist-pkg/runtime/link.js +47 -0
package/dist-pkg/runtime/project.d.ts +37 -0
package/dist-pkg/runtime/project.js +36 -0
package/dist-pkg/runtime/renderable.d.ts +6 -0
package/dist-pkg/runtime/renderable.js +0 -0
package/dist-pkg/runtime/router.d.ts +47 -0
package/dist-pkg/runtime/router.js +487 -0
package/dist-pkg/runtime/server.d.ts +8 -0
package/dist-pkg/runtime/server.js +71 -0
package/dist-pkg/runtime/stream.d.ts +29 -0
package/dist-pkg/runtime/stream.js +106 -0
package/dist-pkg/runtime/suspense.d.ts +6 -0
package/dist-pkg/runtime/suspense.js +16 -0
package/dist-pkg/runtime/typed-routes.d.ts +24 -0
package/dist-pkg/runtime/typed-routes.js +77 -0
package/dist-pkg/runtime/validated-form.d.ts +40 -0
package/dist-pkg/runtime/validated-form.js +120 -0
package/dist-pkg/security/cors.d.ts +10 -0
package/dist-pkg/security/cors.js +56 -0
package/dist-pkg/security/csrf.d.ts +9 -0
package/dist-pkg/security/csrf.js +53 -0
package/dist-pkg/security/headers.d.ts +11 -0
package/dist-pkg/security/headers.js +31 -0
package/dist-pkg/security/index.d.ts +5 -0
package/dist-pkg/security/index.js +5 -0
package/dist-pkg/security/rate-limit.d.ts +10 -0
package/dist-pkg/security/rate-limit.js +49 -0
package/dist-pkg/security/redis-rate-limit.d.ts +14 -0
package/dist-pkg/security/redis-rate-limit.js +23 -0
package/dist-pkg/server/action.d.ts +21 -0
package/dist-pkg/server/action.js +64 -0
package/dist-pkg/server/cache-utils.d.ts +2 -0
package/dist-pkg/server/cache-utils.js +26 -0
package/dist-pkg/server/cache.d.ts +33 -0
package/dist-pkg/server/cache.js +236 -0
package/dist-pkg/server/compress.d.ts +2 -0
package/dist-pkg/server/compress.js +77 -0
package/dist-pkg/server/endpoint-execution.d.ts +28 -0
package/dist-pkg/server/endpoint-execution.js +37 -0
package/dist-pkg/server/etag.d.ts +3 -0
package/dist-pkg/server/etag.js +18 -0
package/dist-pkg/server/guard.d.ts +16 -0
package/dist-pkg/server/guard.js +45 -0
package/dist-pkg/server/html-shell.d.ts +12 -0
package/dist-pkg/server/html-shell.js +52 -0
package/dist-pkg/server/index.d.ts +36 -0
package/dist-pkg/server/index.js +170 -0
package/dist-pkg/server/jobs.d.ts +41 -0
package/dist-pkg/server/jobs.js +83 -0
package/dist-pkg/server/manifest.d.ts +19 -0
package/dist-pkg/server/manifest.js +36 -0
package/dist-pkg/server/middleware.d.ts +39 -0
package/dist-pkg/server/middleware.js +127 -0
package/dist-pkg/server/mime.d.ts +1 -0
package/{src/server/mime.ts → dist-pkg/server/mime.js} +6 -17
package/dist-pkg/server/not-found.d.ts +6 -0
package/dist-pkg/server/not-found.js +27 -0
package/dist-pkg/server/page-render.d.ts +29 -0
package/dist-pkg/server/page-render.js +70 -0
package/dist-pkg/server/partial-navigation.d.ts +4 -0
package/dist-pkg/server/partial-navigation.js +16 -0
package/dist-pkg/server/pipe.d.ts +9 -0
package/dist-pkg/server/pipe.js +32 -0
package/dist-pkg/server/redis-cache-store.d.ts +10 -0
package/dist-pkg/server/redis-cache-store.js +73 -0
package/dist-pkg/server/redis-client.d.ts +37 -0
package/dist-pkg/server/redis-client.js +37 -0
package/dist-pkg/server/request-policy.d.ts +55 -0
package/dist-pkg/server/request-policy.js +216 -0
package/dist-pkg/server/request-preflight.d.ts +23 -0
package/dist-pkg/server/request-preflight.js +46 -0
package/dist-pkg/server/request-security-policy.d.ts +17 -0
package/dist-pkg/server/request-security-policy.js +34 -0
package/dist-pkg/server/request-surface.d.ts +8 -0
package/dist-pkg/server/request-surface.js +19 -0
package/dist-pkg/server/route-request.d.ts +31 -0
package/dist-pkg/server/route-request.js +112 -0
package/dist-pkg/server/route-response.d.ts +22 -0
package/dist-pkg/server/route-response.js +61 -0
package/dist-pkg/server/rpc-hash.d.ts +2 -0
package/dist-pkg/server/rpc-hash.js +7 -0
package/dist-pkg/server/rpc-protocol.d.ts +22 -0
package/dist-pkg/server/rpc-protocol.js +28 -0
package/dist-pkg/server/rpc-utils.d.ts +2 -0
package/dist-pkg/server/rpc-utils.js +26 -0
package/dist-pkg/server/rpc.d.ts +20 -0
package/dist-pkg/server/rpc.js +147 -0
package/dist-pkg/server/runtime-dispatch.d.ts +19 -0
package/dist-pkg/server/runtime-dispatch.js +67 -0
package/dist-pkg/server/server-execution.d.ts +22 -0
package/dist-pkg/server/server-execution.js +53 -0
package/dist-pkg/server/sqlite-cache-store.d.ts +13 -0
package/dist-pkg/server/sqlite-cache-store.js +88 -0
package/dist-pkg/server/sse.d.ts +9 -0
package/dist-pkg/server/sse.js +34 -0
package/dist-pkg/server/static-file.d.ts +9 -0
package/dist-pkg/server/static-file.js +43 -0
package/dist-pkg/server/ws.d.ts +18 -0
package/dist-pkg/server/ws.js +40 -0
package/dist-pkg/server-entry.d.ts +19 -0
package/dist-pkg/server-entry.js +93 -0
package/dist-pkg/testing/index.d.ts +98 -0
package/dist-pkg/testing/index.js +257 -0
package/dist-pkg/types/index.d.ts +4 -0
package/dist-pkg/types/index.js +4 -0
package/dist-pkg/types/safe-html.d.ts +7 -0
package/dist-pkg/types/safe-html.js +19 -0
package/dist-pkg/types/safe-sql.d.ts +8 -0
package/dist-pkg/types/safe-sql.js +14 -0
package/dist-pkg/types/safe-url.d.ts +7 -0
package/dist-pkg/types/safe-url.js +20 -0
package/dist-pkg/types/user-input.d.ts +9 -0
package/dist-pkg/types/user-input.js +3 -0
package/dist-pkg/unsafe/index.d.ts +12 -0
package/dist-pkg/unsafe/index.js +6 -0
package/package.json +110 -45
package/bin/gorsee.js +0 -2
package/src/auth/index.ts +0 -178
package/src/auth/redis-session-store.ts +0 -46
package/src/auth/sqlite-session-store.ts +0 -98
package/src/auth/store-utils.ts +0 -21
package/src/build/client.ts +0 -139
package/src/build/css-modules.ts +0 -69
package/src/build/devalue-parse.ts +0 -2
package/src/build/manifest.ts +0 -34
package/src/build/route-metadata.ts +0 -12
package/src/build/rpc-transform.ts +0 -62
package/src/build/server-strip.ts +0 -87
package/src/build/ssg.ts +0 -70
package/src/cli/bun-plugin.ts +0 -58
package/src/cli/cmd-build.ts +0 -153
package/src/cli/cmd-check.ts +0 -239
package/src/cli/cmd-create.ts +0 -328
package/src/cli/cmd-deploy.ts +0 -149
package/src/cli/cmd-dev.ts +0 -13
package/src/cli/cmd-docs.ts +0 -152
package/src/cli/cmd-generate.ts +0 -155
package/src/cli/cmd-migrate.ts +0 -53
package/src/cli/cmd-routes.ts +0 -36
package/src/cli/cmd-start.ts +0 -30
package/src/cli/cmd-test.ts +0 -129
package/src/cli/cmd-typegen.ts +0 -93
package/src/cli/cmd-upgrade.ts +0 -143
package/src/cli/context.ts +0 -12
package/src/cli/framework-md.ts +0 -223
package/src/cli/index.ts +0 -107
package/src/client.ts +0 -26
package/src/db/index.ts +0 -2
package/src/db/migrate.ts +0 -89
package/src/db/sqlite.ts +0 -40
package/src/deploy/index.ts +0 -31
package/src/deploy/vercel.ts +0 -94
package/src/dev/hmr.ts +0 -31
package/src/dev/partial-handler.ts +0 -52
package/src/dev/request-handler.ts +0 -127
package/src/dev/watcher.ts +0 -48
package/src/dev.ts +0 -208
package/src/env/index.ts +0 -74
package/src/errors/formatter.ts +0 -63
package/src/errors/index.ts +0 -2
package/src/i18n/index.ts +0 -72
package/src/index-client.ts +0 -4
package/src/index.ts +0 -43
package/src/jsx-runtime-client.ts +0 -13
package/src/jsx-runtime.ts +0 -20
package/src/jsx-types-html.ts +0 -242
package/src/log/index.ts +0 -44
package/src/plugins/drizzle.ts +0 -84
package/src/plugins/index.ts +0 -86
package/src/plugins/lucia.ts +0 -111
package/src/plugins/prisma.ts +0 -85
package/src/plugins/resend.ts +0 -78
package/src/plugins/s3.ts +0 -102
package/src/plugins/stripe.ts +0 -133
package/src/plugins/tailwind.ts +0 -92
package/src/prod.ts +0 -252
package/src/reactive/computed.ts +0 -7
package/src/reactive/effect.ts +0 -7
package/src/reactive/index.ts +0 -7
package/src/reactive/live.ts +0 -97
package/src/reactive/optimistic.ts +0 -83
package/src/reactive/resource.ts +0 -138
package/src/reactive/signal.ts +0 -20
package/src/reactive/store.ts +0 -36
package/src/router/index.ts +0 -2
package/src/router/matcher.ts +0 -53
package/src/router/scanner.ts +0 -206
package/src/runtime/client.ts +0 -28
package/src/runtime/error-boundary.ts +0 -35
package/src/runtime/form.ts +0 -49
package/src/runtime/head.ts +0 -113
package/src/runtime/html-escape.ts +0 -30
package/src/runtime/hydration.ts +0 -95
package/src/runtime/image.ts +0 -48
package/src/runtime/index.ts +0 -12
package/src/runtime/island-hydrator.ts +0 -84
package/src/runtime/island.ts +0 -88
package/src/runtime/jsx-runtime.ts +0 -167
package/src/runtime/link.ts +0 -45
package/src/runtime/project.ts +0 -73
package/src/runtime/router.ts +0 -224
package/src/runtime/server.ts +0 -102
package/src/runtime/stream.ts +0 -182
package/src/runtime/suspense.ts +0 -37
package/src/runtime/typed-routes.ts +0 -26
package/src/runtime/validated-form.ts +0 -106
package/src/security/cors.ts +0 -80
package/src/security/csrf.ts +0 -85
package/src/security/headers.ts +0 -50
package/src/security/index.ts +0 -4
package/src/security/rate-limit.ts +0 -80
package/src/server/action.ts +0 -48
package/src/server/cache-utils.ts +0 -23
package/src/server/cache.ts +0 -125
package/src/server/compress.ts +0 -60
package/src/server/etag.ts +0 -23
package/src/server/guard.ts +0 -69
package/src/server/html-shell.ts +0 -69
package/src/server/index.ts +0 -57
package/src/server/manifest.ts +0 -36
package/src/server/middleware.ts +0 -159
package/src/server/not-found.ts +0 -35
package/src/server/page-render.ts +0 -123
package/src/server/pipe.ts +0 -46
package/src/server/redis-cache-store.ts +0 -87
package/src/server/redis-client.ts +0 -71
package/src/server/request-preflight.ts +0 -45
package/src/server/route-request.ts +0 -72
package/src/server/rpc-hash.ts +0 -17
package/src/server/rpc-utils.ts +0 -27
package/src/server/rpc.ts +0 -177
package/src/server/sqlite-cache-store.ts +0 -109
package/src/server/sse.ts +0 -96
package/src/server/static-file.ts +0 -63
package/src/server/ws.ts +0 -56
package/src/server-entry.ts +0 -36
package/src/testing/index.ts +0 -74
package/src/types/index.ts +0 -4
package/src/types/safe-html.ts +0 -32
package/src/types/safe-sql.ts +0 -28
package/src/types/safe-url.ts +0 -40
package/src/types/user-input.ts +0 -12
package/src/unsafe/index.ts +0 -18

package/dist-pkg/runtime/stream.js ADDED Viewed

@@ -0,0 +1,106 @@
+import { escapeHTML, escapeAttr, VOID_ELEMENTS, resolveValue } from "./html-escape.js";
+export function streamJsx(type, props) {
+  return { type, props: props ?? {} };
+}
+export const streamJsxs = streamJsx;
+export function StreamSuspense(props) {
+  const node = streamJsx("gorsee-suspense", {
+    fallback: props.fallback,
+    children: props.children
+  });
+  node.__gorsee_suspense = !0;
+  return node;
+}
+function renderAttrs(props) {
+  const parts = [];
+  for (const [key, rawValue] of Object.entries(props)) {
+    if (key === "children" || key === "ref" || key === "fallback" || key.startsWith("on:"))
+      continue;
+    const value = resolveValue(rawValue);
+    if (key === "className" || key === "class") {
+      if (value != null)
+        parts.push(` class="${escapeAttr(String(value))}"`);
+    } else if (typeof value === "boolean") {
+      if (value)
+        parts.push(` ${key}`);
+    } else if (value != null)
+      parts.push(` ${key}="${escapeAttr(String(value))}"`);
+  }
+  return parts.join("");
+}
+function renderShellNode(node, ctx) {
+  if (node == null || typeof node === "boolean")
+    return "";
+  if (Array.isArray(node))
+    return node.map((n) => renderShellNode(n, ctx)).join("");
+  if (typeof node === "object" && node !== null && "type" in node) {
+    const vnode = node;
+    if (vnode.__gorsee_suspense) {
+      const id = `s${ctx.nextId++}`, fallbackHtml = renderShellNode(vnode.props.fallback, ctx);
+      ctx.suspenseSlots.push({
+        id,
+        fallback: vnode.props.fallback,
+        children: vnode.props.children,
+        resolve: async () => {
+          const children = vnode.props.children;
+          if (typeof children === "function")
+            return await children();
+          return children;
+        }
+      });
+      return `<div data-g-suspense="${id}">${fallbackHtml}</div>`;
+    }
+    if (typeof vnode.type === "symbol")
+      return renderShellNode(vnode.props.children, ctx);
+    if (typeof vnode.type === "function") {
+      const result = vnode.type(vnode.props);
+      return renderShellNode(result, ctx);
+    }
+    const tag = vnode.type, attrs = renderAttrs(vnode.props);
+    if (VOID_ELEMENTS.has(tag))
+      return `<${tag}${attrs} />`;
+    const children = renderShellNode(vnode.props.children, ctx);
+    return `<${tag}${attrs}>${children}</${tag}>`;
+  }
+  const resolved = resolveValue(node);
+  if (resolved == null || typeof resolved === "boolean")
+    return "";
+  return escapeHTML(String(resolved));
+}
+export function buildStreamChunkScript(slotId, html) {
+  return [
+    `<template data-g-chunk="${slotId}">${html}</template>`,
+    "<script>",
+    "(function(){",
+    `  var t=document.querySelector('[data-g-chunk="${slotId}"]');`,
+    `  var s=document.querySelector('[data-g-suspense="${slotId}"]');`,
+    "  if(t&&s){var f=t.content.cloneNode(true);s.replaceChildren(...Array.from(f.childNodes));t.remove();s.removeAttribute('data-g-suspense')}",
+    "})();",
+    "</script>"
+  ].join("");
+}
+const defaultShell = (body) => `<!DOCTYPE html>
+<html lang="en">
+<head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>Gorsee App</title></head>
+<body><div id="app">${body}</div>`, STREAM_TAIL = "</body></html>";
+export function renderToStream(root, options) {
+  const shell = options?.shell ?? defaultShell, encoder = new TextEncoder, ctx = { suspenseSlots: [], nextId: 0 };
+  return new ReadableStream({
+    async start(controller) {
+      const shellHtml = renderShellNode(root, ctx);
+      controller.enqueue(encoder.encode(shell(shellHtml)));
+      const promises = ctx.suspenseSlots.map(async (slot) => {
+        try {
+          const resolved = await slot.resolve(), html = renderShellNode(resolved, ctx), script = buildStreamChunkScript(slot.id, html);
+          controller.enqueue(encoder.encode(script));
+        } catch (err) {
+          const message = err instanceof Error ? err.message : String(err), errorHtml = `<div class="error">Error: ${escapeHTML(message)}</div>`, script = buildStreamChunkScript(slot.id, errorHtml);
+          controller.enqueue(encoder.encode(script));
+        }
+      });
+      await Promise.all(promises);
+      controller.enqueue(encoder.encode(STREAM_TAIL));
+      controller.close();
+    }
+  });
+}

package/dist-pkg/runtime/suspense.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import type { GorseeRenderable } from "./renderable.js";
+export interface SuspenseProps {
+    fallback: GorseeRenderable;
+    children: GorseeRenderable;
+}
+export declare function Suspense(props: SuspenseProps): GorseeRenderable;

package/dist-pkg/runtime/suspense.js ADDED Viewed

@@ -0,0 +1,16 @@
+import { createSignal } from "../reactive/signal.js";
+export function Suspense(props) {
+  const children = props.children;
+  if (typeof children === "function") {
+    const asyncFn = children, [resolved, setResolved] = createSignal(null), [pending, setPending] = createSignal(!0);
+    asyncFn().then((result) => {
+      setResolved(result);
+      setPending(!1);
+    }).catch((err) => {
+      setResolved(err instanceof Error ? err.message : String(err));
+      setPending(!1);
+    });
+    return () => pending() ? props.fallback : resolved();
+  }
+  return children;
+}

package/dist-pkg/runtime/typed-routes.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+export type TypedRouteParams = Record<string, string | undefined>;
+export type TypedRouteSearchValue = string | number | boolean | null | undefined | Array<string | number | boolean>;
+export interface TypedRouteOptions {
+    params?: TypedRouteParams;
+    search?: Record<string, TypedRouteSearchValue>;
+    hash?: string;
+}
+export interface TypedRouteDefinition {
+    path: string;
+    params(): string[];
+    build(options?: TypedRouteParams | TypedRouteOptions): string;
+    buildStrict(options: TypedRouteOptions): string;
+    navigate(options?: TypedRouteParams | TypedRouteOptions): Promise<void>;
+    prefetch(options?: TypedRouteParams | TypedRouteOptions): Promise<void>;
+}
+export type TypedRouteTarget = string | TypedRouteDefinition;
+export declare function extractRouteParamKeys(path: string): string[];
+export declare function buildSearchParams(search?: Record<string, TypedRouteSearchValue>): string;
+export declare function buildTypedPath(path: string, params?: TypedRouteParams, strict?: boolean): string;
+export declare function typedLink(target: TypedRouteTarget, paramsOrOptions?: TypedRouteParams | TypedRouteOptions): string;
+export declare function resolveTypedRouteTarget(target: TypedRouteTarget, paramsOrOptions?: TypedRouteParams | TypedRouteOptions): string;
+export declare function createTypedRoute(path: string): TypedRouteDefinition;
+export declare function typedNavigate(target: TypedRouteTarget, paramsOrOptions?: TypedRouteParams | TypedRouteOptions): Promise<void>;
+export declare function typedPrefetch(target: TypedRouteTarget, paramsOrOptions?: TypedRouteParams | TypedRouteOptions): Promise<void>;

package/dist-pkg/runtime/typed-routes.js ADDED Viewed

@@ -0,0 +1,77 @@
+function isTypedRouteOptions(value) {
+  return "params" in value || "search" in value || "hash" in value;
+}
+function isTypedRouteDefinition(value) {
+  return typeof value !== "string" && typeof value.build === "function" && typeof value.path === "string";
+}
+export function extractRouteParamKeys(path) {
+  return [...path.matchAll(/\[\.\.\.(\w+)\]|\[(\w+)\]/g)].map((match) => match[1] ?? match[2]).filter(Boolean);
+}
+export function buildSearchParams(search = {}) {
+  const params = new URLSearchParams;
+  for (const [key, value] of Object.entries(search)) {
+    if (value === void 0 || value === null)
+      continue;
+    if (Array.isArray(value)) {
+      for (const item of value)
+        params.append(key, String(item));
+      continue;
+    }
+    params.set(key, String(value));
+  }
+  const query = params.toString();
+  return query ? `?${query}` : "";
+}
+export function buildTypedPath(path, params = {}, strict = !1) {
+  return path.replace(/\[\.\.\.(\w+)\]/g, (_, key) => {
+    const value = params[key];
+    if (strict && !value)
+      throw Error(`Missing route param: ${key}`);
+    return value ?? "";
+  }).replace(/\[(\w+)\]/g, (_, key) => {
+    const value = params[key];
+    if (strict && !value)
+      throw Error(`Missing route param: ${key}`);
+    return encodeURIComponent(value ?? "");
+  });
+}
+export function typedLink(target, paramsOrOptions = {}) {
+  if (isTypedRouteDefinition(target))
+    return target.build(paramsOrOptions);
+  const options = isTypedRouteOptions(paramsOrOptions) ? paramsOrOptions : { params: paramsOrOptions }, pathname = buildTypedPath(target, options.params ?? {}), search = buildSearchParams(options.search), hash = options.hash ? `#${options.hash.replace(/^#/, "")}` : "";
+  return `${pathname}${search}${hash}`;
+}
+export function resolveTypedRouteTarget(target, paramsOrOptions = {}) {
+  return typedLink(target, paramsOrOptions);
+}
+export function createTypedRoute(path) {
+  return {
+    path,
+    params() {
+      return extractRouteParamKeys(path);
+    },
+    build(options = {}) {
+      return typedLink(path, options);
+    },
+    buildStrict(options) {
+      const pathname = buildTypedPath(path, options.params ?? {}, !0), search = buildSearchParams(options.search), hash = options.hash ? `#${options.hash.replace(/^#/, "")}` : "";
+      return `${pathname}${search}${hash}`;
+    },
+    navigate(options = {}) {
+      return typedNavigate(path, options);
+    },
+    prefetch(options = {}) {
+      return typedPrefetch(path, options);
+    }
+  };
+}
+export function typedNavigate(target, paramsOrOptions = {}) {
+  const url = typedLink(target, paramsOrOptions);
+  return import("./router.js").then((m) => m.navigate(url));
+}
+export function typedPrefetch(target, paramsOrOptions = {}) {
+  const url = typedLink(target, paramsOrOptions);
+  return import("./router.js").then((m) => {
+    m.prefetch(url);
+  });
+}

package/dist-pkg/runtime/validated-form.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+export type FormFieldKind = "string" | "number" | "boolean" | "json";
+export interface FieldRule<T = unknown> {
+    required?: boolean;
+    minLength?: number;
+    maxLength?: number;
+    pattern?: RegExp;
+    min?: number;
+    max?: number;
+    custom?: (value: T, data: Record<string, unknown>) => string | null;
+}
+export interface FormField<TName extends string = string, TValue = string> {
+    name: TName;
+    rules: FieldRule<TValue>;
+    label?: string;
+    kind?: FormFieldKind;
+    coerce?: (value: string | undefined) => TValue;
+}
+export interface FormSchema<TData extends Record<string, unknown> = Record<string, unknown>> {
+    fields: FormField[];
+    formRules?: Array<(data: Partial<TData>) => ValidationError | null>;
+}
+export interface ValidationError {
+    field: string;
+    message: string;
+}
+export interface ValidationResult<T> {
+    valid: boolean;
+    data: T | null;
+    errors: ValidationError[];
+    fieldErrors: Record<string, string[]>;
+    formErrors: string[];
+}
+export interface ActionValidationResult<T> extends ValidationResult<T> {
+    values: Record<string, string>;
+}
+export declare function defineForm<TData extends Record<string, unknown> = Record<string, unknown>>(fields: FormField[], options?: Pick<FormSchema<TData>, "formRules">): FormSchema<TData>;
+export declare function toFieldErrors(errors: ValidationError[]): Record<string, string[]>;
+export declare function validateForm<T extends Record<string, unknown>>(data: Record<string, string>, schema: FormSchema<T>): ValidationResult<T>;
+export declare function validateAction<T extends Record<string, unknown>>(request: Request, schema: FormSchema<T>): Promise<ActionValidationResult<T>>;
+export declare function fieldAttrs(field: FormField): Record<string, unknown>;

package/dist-pkg/runtime/validated-form.js ADDED Viewed

@@ -0,0 +1,120 @@
+export function defineForm(fields, options = {}) {
+  return { fields, formRules: options.formRules ?? [] };
+}
+function coerceFieldValue(field, value) {
+  if (field.coerce)
+    return field.coerce(value);
+  const raw = value ?? "";
+  switch (field.kind ?? (field.rules.min !== void 0 || field.rules.max !== void 0 ? "number" : void 0)) {
+    case "number":
+      return raw === "" ? void 0 : Number(raw);
+    case "boolean":
+      return raw === "true" || raw === "on" || raw === "1";
+    case "json":
+      return raw === "" ? void 0 : JSON.parse(raw);
+    default:
+      return raw;
+  }
+}
+function validateField(rawValue, field, data) {
+  const { rules, label } = field, name = label ?? field.name, raw = rawValue ?? "";
+  if (rules.required && !raw.trim())
+    return { field: field.name, message: `${name} is required` };
+  if (!raw && !rules.required)
+    return null;
+  if (rules.minLength !== void 0 && raw.length < rules.minLength)
+    return { field: field.name, message: `${name} must be at least ${rules.minLength} characters` };
+  if (rules.maxLength !== void 0 && raw.length > rules.maxLength)
+    return { field: field.name, message: `${name} must be at most ${rules.maxLength} characters` };
+  if (rules.pattern && !rules.pattern.test(raw))
+    return { field: field.name, message: `${name} format is invalid` };
+  const coerced = coerceFieldValue(field, rawValue);
+  if (rules.min !== void 0 && typeof coerced === "number" && coerced < rules.min)
+    return { field: field.name, message: `${name} must be at least ${rules.min}` };
+  if (rules.max !== void 0 && typeof coerced === "number" && coerced > rules.max)
+    return { field: field.name, message: `${name} must be at most ${rules.max}` };
+  if (rules.custom) {
+    const message = rules.custom(coerced, data);
+    if (message)
+      return { field: field.name, message };
+  }
+  return null;
+}
+export function toFieldErrors(errors) {
+  const grouped = {};
+  for (const error of errors) {
+    const key = error.field || "$form";
+    grouped[key] ??= [];
+    grouped[key].push(error.message);
+  }
+  return grouped;
+}
+export function validateForm(data, schema) {
+  const errors = [], coercedData = {};
+  for (const field of schema.fields) {
+    const raw = data[field.name], error = validateField(raw, field, coercedData);
+    if (error) {
+      errors.push(error);
+      continue;
+    }
+    const coerced = coerceFieldValue(field, raw);
+    if (coerced !== void 0)
+      coercedData[field.name] = coerced;
+    else if (raw !== void 0 && field.kind === void 0 && field.rules.min === void 0 && field.rules.max === void 0)
+      coercedData[field.name] = raw;
+  }
+  if (errors.length === 0)
+    for (const rule of schema.formRules ?? []) {
+      const error = rule(coercedData);
+      if (error)
+        errors.push(error);
+    }
+  const fieldErrors = toFieldErrors(errors.filter((error) => error.field !== "$form")), formErrors = errors.filter((error) => error.field === "$form").map((error) => error.message);
+  return {
+    valid: errors.length === 0,
+    data: errors.length === 0 ? coercedData : null,
+    errors,
+    fieldErrors,
+    formErrors
+  };
+}
+function normalizeInput(input) {
+  if (input instanceof FormData) {
+    const data = {};
+    input.forEach((value, key) => {
+      data[key] = String(value);
+    });
+    return data;
+  }
+  return input;
+}
+export async function validateAction(request, schema) {
+  const contentType = request.headers.get("content-type") ?? "";
+  let data;
+  if (contentType.includes("application/json")) {
+    const json = await request.json();
+    data = Object.fromEntries(Object.entries(json).map(([key, value]) => [key, String(value ?? "")]));
+  } else
+    data = normalizeInput(await request.formData());
+  return { ...validateForm(data, schema), values: data };
+}
+export function fieldAttrs(field) {
+  const attrs = { name: field.name };
+  if (field.rules.required)
+    attrs.required = !0;
+  if (field.rules.minLength !== void 0)
+    attrs.minlength = field.rules.minLength;
+  if (field.rules.maxLength !== void 0)
+    attrs.maxlength = field.rules.maxLength;
+  if (field.rules.pattern)
+    attrs.pattern = field.rules.pattern.source;
+  if (field.rules.min !== void 0)
+    attrs.min = field.rules.min;
+  if (field.rules.max !== void 0)
+    attrs.max = field.rules.max;
+  if (field.kind === "number" || field.rules.min !== void 0 || field.rules.max !== void 0)
+    attrs.inputmode = "numeric";
+  if (field.kind === "boolean")
+    attrs.value = "true";
+  return attrs;
+}

package/dist-pkg/security/cors.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { MiddlewareFn } from "../server/middleware.js";
+export interface CORSOptions {
+    origin?: string | string[] | ((origin: string) => boolean);
+    methods?: string[];
+    allowHeaders?: string[];
+    exposeHeaders?: string[];
+    credentials?: boolean;
+    maxAge?: number;
+}
+export declare function cors(options?: CORSOptions): MiddlewareFn;

package/dist-pkg/security/cors.js ADDED Viewed

@@ -0,0 +1,56 @@
+const DEFAULT_METHODS = ["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"], DEFAULT_HEADERS = ["Content-Type", "Authorization", "X-Requested-With"];
+function isOriginAllowed(origin, allowed) {
+  if (!allowed)
+    return !1;
+  if (allowed === "*")
+    return !0;
+  if (typeof allowed === "string")
+    return origin === allowed;
+  if (Array.isArray(allowed))
+    return allowed.includes(origin);
+  if (typeof allowed === "function")
+    return allowed(origin);
+  return !1;
+}
+export function cors(options = {}) {
+  const {
+    origin = "*",
+    methods = DEFAULT_METHODS,
+    allowHeaders = DEFAULT_HEADERS,
+    exposeHeaders = [],
+    credentials = !1,
+    maxAge = 86400
+  } = options;
+  return async (ctx, next) => {
+    const requestOrigin = ctx.request.headers.get("origin") ?? "";
+    if (ctx.request.method === "OPTIONS") {
+      const headers = new Headers;
+      if (origin === "*" && !credentials)
+        headers.set("Access-Control-Allow-Origin", "*");
+      else if (isOriginAllowed(requestOrigin, origin)) {
+        headers.set("Access-Control-Allow-Origin", requestOrigin);
+        headers.set("Vary", "Origin");
+      }
+      headers.set("Access-Control-Allow-Methods", methods.join(", "));
+      headers.set("Access-Control-Allow-Headers", allowHeaders.join(", "));
+      if (exposeHeaders.length > 0)
+        headers.set("Access-Control-Expose-Headers", exposeHeaders.join(", "));
+      if (credentials)
+        headers.set("Access-Control-Allow-Credentials", "true");
+      headers.set("Access-Control-Max-Age", String(maxAge));
+      return new Response(null, { status: 204, headers });
+    }
+    const response = await next();
+    if (origin === "*" && !credentials)
+      response.headers.set("Access-Control-Allow-Origin", "*");
+    else if (isOriginAllowed(requestOrigin, origin)) {
+      response.headers.set("Access-Control-Allow-Origin", requestOrigin);
+      response.headers.append("Vary", "Origin");
+    }
+    if (credentials)
+      response.headers.set("Access-Control-Allow-Credentials", "true");
+    if (exposeHeaders.length > 0)
+      response.headers.set("Access-Control-Expose-Headers", exposeHeaders.join(", "));
+    return response;
+  };
+}

package/dist-pkg/security/csrf.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { MiddlewareFn } from "../server/middleware.js";
+export declare function generateCSRFToken(): string;
+export declare function validateCSRFToken(request: Request, secret: string): Promise<boolean>;
+export declare function csrfProtection(secret: string): Promise<{
+    token: string;
+    cookie: string;
+    headerName: string;
+}>;
+export declare function createCSRFMiddleware(secret: string): MiddlewareFn;

package/dist-pkg/security/csrf.js ADDED Viewed

@@ -0,0 +1,53 @@
+import { timingSafeEqual } from "node:crypto";
+const CSRF_COOKIE = "__gorsee_csrf", CSRF_HEADER = "x-gorsee-csrf", TOKEN_LENGTH = 32;
+function randomBytes(length) {
+  const bytes = new Uint8Array(length);
+  crypto.getRandomValues(bytes);
+  return Array.from(bytes, (b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function hmacSign(token, secret) {
+  const key = await crypto.subtle.importKey("raw", new TextEncoder().encode(secret), { name: "HMAC", hash: "SHA-256" }, !1, ["sign"]), sig = await crypto.subtle.sign("HMAC", key, new TextEncoder().encode(token));
+  return Array.from(new Uint8Array(sig), (b) => b.toString(16).padStart(2, "0")).join("");
+}
+export function generateCSRFToken() {
+  return randomBytes(TOKEN_LENGTH);
+}
+export async function validateCSRFToken(request, secret) {
+  if (["GET", "HEAD", "OPTIONS"].includes(request.method))
+    return !0;
+  const cookieHeader = request.headers.get("cookie") ?? "", headerToken = request.headers.get(CSRF_HEADER) ?? "";
+  let cookieToken = "";
+  for (const pair of cookieHeader.split(";")) {
+    const [key, ...rest] = pair.trim().split("=");
+    if (key === CSRF_COOKIE) {
+      cookieToken = rest.join("=");
+      break;
+    }
+  }
+  if (!cookieToken || !headerToken)
+    return !1;
+  const [token, signature] = cookieToken.split(".");
+  if (!token || !signature)
+    return !1;
+  if (headerToken !== token)
+    return !1;
+  const expectedSig = await hmacSign(token, secret);
+  if (signature.length !== expectedSig.length)
+    return !1;
+  return timingSafeEqual(Buffer.from(signature), Buffer.from(expectedSig));
+}
+export async function csrfProtection(secret) {
+  const token = generateCSRFToken(), signature = await hmacSign(token, secret), cookieValue = `${token}.${signature}`;
+  return {
+    token,
+    cookie: `${CSRF_COOKIE}=${cookieValue}; Path=/; SameSite=Lax; Secure`,
+    headerName: CSRF_HEADER
+  };
+}
+export function createCSRFMiddleware(secret) {
+  return async (ctx, next) => {
+    if (!await validateCSRFToken(ctx.request, secret))
+      return new Response("Invalid CSRF token", { status: 403 });
+    return next();
+  };
+}

package/dist-pkg/security/headers.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+export interface SecurityConfig {
+    csp: boolean;
+    hsts: boolean;
+    csrf: boolean;
+    rateLimit: {
+        requests: number;
+        window: string;
+    } | false;
+    nonce?: string;
+}
+export declare function securityHeaders(config?: Partial<SecurityConfig>, nonce?: string): Record<string, string>;

package/dist-pkg/security/headers.js ADDED Viewed

@@ -0,0 +1,31 @@
+const DEFAULT_CONFIG = {
+  csp: !0,
+  hsts: !0,
+  csrf: !0,
+  rateLimit: { requests: 100, window: "1m" }
+};
+export function securityHeaders(config = {}, nonce) {
+  const cfg = { ...DEFAULT_CONFIG, ...config }, headers = {};
+  if (cfg.csp) {
+    const scriptSrc = nonce ? `'nonce-${nonce}'` : "'self'";
+    headers["Content-Security-Policy"] = [
+      "default-src 'self'",
+      `script-src ${scriptSrc}`,
+      "style-src 'self' 'unsafe-inline'",
+      "img-src 'self' data: https:",
+      "font-src 'self'",
+      "connect-src 'self' ws: wss:",
+      "frame-ancestors 'none'",
+      "base-uri 'self'",
+      "form-action 'self'"
+    ].join("; ");
+  }
+  if (cfg.hsts)
+    headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload";
+  headers["X-Content-Type-Options"] = "nosniff";
+  headers["X-Frame-Options"] = "DENY";
+  headers["Referrer-Policy"] = "strict-origin-when-cross-origin";
+  headers["X-XSS-Protection"] = "0";
+  headers["Permissions-Policy"] = "camera=(), microphone=(), geolocation=()";
+  return headers;
+}

package/dist-pkg/security/index.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export { securityHeaders, type SecurityConfig } from "./headers.js";
+export { csrfProtection, createCSRFMiddleware, generateCSRFToken, validateCSRFToken } from "./csrf.js";
+export { createRateLimiter, parseRateLimitWindow, type RateLimiter } from "./rate-limit.js";
+export { createRedisRateLimiter, type AsyncRateLimiter, type AsyncRateLimitResult } from "./redis-rate-limit.js";
+export { cors, type CORSOptions } from "./cors.js";

package/dist-pkg/security/index.js ADDED Viewed

@@ -0,0 +1,5 @@
+export { securityHeaders } from "./headers.js";
+export { csrfProtection, createCSRFMiddleware, generateCSRFToken, validateCSRFToken } from "./csrf.js";
+export { createRateLimiter, parseRateLimitWindow } from "./rate-limit.js";
+export { createRedisRateLimiter } from "./redis-rate-limit.js";
+export { cors } from "./cors.js";

package/dist-pkg/security/rate-limit.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+export interface RateLimiter {
+    check(key: string): {
+        allowed: boolean;
+        remaining: number;
+        resetAt: number;
+    };
+    reset(key: string): void;
+}
+export declare function parseRateLimitWindow(window: string): number;
+export declare function createRateLimiter(maxRequests: number, window: string): RateLimiter;

package/dist-pkg/security/rate-limit.js ADDED Viewed

@@ -0,0 +1,49 @@
+export function parseRateLimitWindow(window) {
+  const match = window.match(/^(\d+)(s|m|h)$/);
+  if (!match)
+    throw Error(`Invalid rate limit window: "${window}"`);
+  const value = Number(match[1]);
+  switch (match[2]) {
+    case "s":
+      return value * 1000;
+    case "m":
+      return value * 60000;
+    case "h":
+      return value * 3600000;
+    default:
+      throw Error(`Invalid unit: ${match[2]}`);
+  }
+}
+export function createRateLimiter(maxRequests, window) {
+  const windowMs = parseRateLimitWindow(window), buckets = new Map, CLEANUP_INTERVAL = Math.max(windowMs * 2, 60000), cleanup = setInterval(() => {
+    const now = Date.now();
+    for (const [key, bucket] of buckets)
+      if (now - bucket.lastRefill > windowMs * 2)
+        buckets.delete(key);
+  }, CLEANUP_INTERVAL);
+  if (typeof cleanup === "object" && "unref" in cleanup)
+    cleanup.unref();
+  return {
+    check(key) {
+      const now = Date.now();
+      let bucket = buckets.get(key);
+      if (!bucket) {
+        bucket = { tokens: maxRequests, lastRefill: now };
+        buckets.set(key, bucket);
+      }
+      if (now - bucket.lastRefill >= windowMs) {
+        bucket.tokens = maxRequests;
+        bucket.lastRefill = now;
+      }
+      const resetAt = bucket.lastRefill + windowMs;
+      if (bucket.tokens > 0) {
+        bucket.tokens--;
+        return { allowed: !0, remaining: bucket.tokens, resetAt };
+      }
+      return { allowed: !1, remaining: 0, resetAt };
+    },
+    reset(key) {
+      buckets.delete(key);
+    }
+  };
+}

package/dist-pkg/security/redis-rate-limit.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import { type RedisLikeClient } from "../server/redis-client.js";
+export interface AsyncRateLimitResult {
+    allowed: boolean;
+    remaining: number;
+    resetAt: number;
+}
+export interface AsyncRateLimiter {
+    check(key: string): Promise<AsyncRateLimitResult>;
+    reset(key: string): Promise<void>;
+}
+export interface RedisRateLimiterOptions {
+    prefix?: string;
+}
+export declare function createRedisRateLimiter(client: RedisLikeClient, maxRequests: number, window: string, options?: RedisRateLimiterOptions): AsyncRateLimiter;