gorsee 0.2.4 → 0.2.6

package/dist-pkg/security/redis-rate-limit.js

@@ -0,0 +1,23 @@
+import { buildRedisKey } from "../server/redis-client.js";
+import { parseRateLimitWindow } from "./rate-limit.js";
+export function createRedisRateLimiter(client, maxRequests, window, options = {}) {
+  if (!client.incr || !client.expire)
+    throw Error("Redis rate limiter requires incr() and expire() support on the Redis client.");
+  const prefix = options.prefix ?? "gorsee:rate-limit", windowMs = parseRateLimitWindow(window);
+  return {
+    async check(key) {
+      const redisKey = buildRedisKey(prefix, key), now = Date.now(), count = await client.incr(redisKey);
+      if (count === 1)
+        await client.expire(redisKey, Math.max(1, Math.ceil(windowMs / 1000)));
+      const ttlMs = client.pttl ? Math.max(0, await client.pttl(redisKey)) : windowMs;
+      return {
+        allowed: count <= maxRequests,
+        remaining: Math.max(0, maxRequests - count),
+        resetAt: now + ttlMs
+      };
+    },
+    async reset(key) {
+      await client.del(buildRedisKey(prefix, key));
+    }
+  };
+}

package/dist-pkg/server/action.d.ts

@@ -0,0 +1,21 @@
+import type { Context } from "./middleware.js";
+export interface ActionResult<T = unknown> {
+    ok: boolean;
+    status: number;
+    data?: T;
+    error?: string;
+    fieldErrors?: Record<string, string[]>;
+    formErrors?: string[];
+    values?: Record<string, string>;
+}
+export type ActionReturn<T = unknown> = T | Response | ActionResult<T>;
+export type ActionFn<T = unknown> = (ctx: Context) => Promise<ActionReturn<T>>;
+export declare function actionSuccess<T>(data?: T, init?: Omit<Partial<ActionResult<T>>, "ok" | "data"> & {
+    status?: number;
+}): ActionResult<T>;
+export declare function actionFailure<T = never>(error: string, init?: Omit<Partial<ActionResult<T>>, "ok" | "error"> & {
+    status?: number;
+}): ActionResult<T>;
+export declare function defineAction<T = unknown>(fn: ActionFn<T>): ActionFn<T>;
+export declare function handleAction<T>(actionFn: ActionFn<T>, ctx: Context): Promise<ActionResult<T>>;
+export declare function parseFormData(request: Request): Promise<Record<string, string>>;

package/dist-pkg/server/action.js

@@ -0,0 +1,64 @@
+function isActionResult(value) {
+  if (!value || typeof value !== "object" || Array.isArray(value))
+    return !1;
+  if ("status" in value || "error" in value || "fieldErrors" in value || "formErrors" in value || "values" in value)
+    return !0;
+  return "ok" in value && value.ok === !1;
+}
+export function actionSuccess(data, init = {}) {
+  return {
+    ok: !0,
+    status: init.status ?? 200,
+    data,
+    error: init.error,
+    fieldErrors: init.fieldErrors,
+    formErrors: init.formErrors,
+    values: init.values
+  };
+}
+export function actionFailure(error, init = {}) {
+  return {
+    ok: !1,
+    status: init.status ?? 400,
+    data: init.data,
+    error,
+    fieldErrors: init.fieldErrors,
+    formErrors: init.formErrors,
+    values: init.values
+  };
+}
+function normalizeActionResult(result) {
+  const status = result.status ?? (result.ok === !1 || result.error ? 400 : 200);
+  return {
+    ok: result.ok ?? (status < 400 && !result.error),
+    status,
+    data: result.data,
+    error: result.error,
+    fieldErrors: result.fieldErrors,
+    formErrors: result.formErrors,
+    values: result.values
+  };
+}
+export function defineAction(fn) {
+  return fn;
+}
+export async function handleAction(actionFn, ctx) {
+  try {
+    const result = await actionFn(ctx);
+    if (result instanceof Response)
+      return { ok: result.ok, status: result.status };
+    if (isActionResult(result))
+      return normalizeActionResult(result);
+    return actionSuccess(result);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return actionFailure(message, { status: 500 });
+  }
+}
+export async function parseFormData(request) {
+  const formData = await request.formData(), result = {};
+  for (const [key, value] of formData.entries())
+    if (typeof value === "string")
+      result[key] = value;
+  return result;
+}

package/dist-pkg/server/cache-utils.d.ts

@@ -0,0 +1,2 @@
+import type { CacheStore } from "./cache.js";
+export declare function createNamespacedCacheStore(store: CacheStore, namespace: string): CacheStore;

package/dist-pkg/server/cache-utils.js

@@ -0,0 +1,26 @@
+export function createNamespacedCacheStore(store, namespace) {
+  const prefix = `${namespace}:`;
+  return {
+    get: (key) => store.get(prefix + key),
+    set: async (key, entry) => {
+      await store.set(prefix + key, entry);
+    },
+    delete: async (key) => {
+      await store.delete(prefix + key);
+    },
+    clear: async () => {
+      const keys = await store.keys();
+      for await (const key of keys)
+        if (key.startsWith(prefix))
+          await store.delete(key);
+    },
+    keys: async function* () {
+      const keys = await store.keys();
+      for await (const key of keys) {
+        if (!key.startsWith(prefix))
+          continue;
+        yield key.slice(prefix.length);
+      }
+    }
+  };
+}

package/dist-pkg/server/cache.d.ts

@@ -0,0 +1,33 @@
+import type { MiddlewareFn } from "./middleware.js";
+export type CacheMode = "private" | "public" | "shared" | "no-store";
+export interface CacheOptions {
+    maxAge: number;
+    staleWhileRevalidate?: number;
+    mode?: CacheMode;
+    vary?: string[];
+    includeAuthHeaders?: boolean;
+    key?: (url: URL) => string;
+    store?: CacheStore;
+}
+type Awaitable<T> = T | Promise<T>;
+export interface CacheEntry {
+    body: string;
+    headers: Record<string, string>;
+    status: number;
+    createdAt: number;
+    revalidating?: boolean;
+}
+export interface CacheStore {
+    get(key: string): Awaitable<CacheEntry | undefined>;
+    set(key: string, entry: CacheEntry): Awaitable<void>;
+    delete(key: string): Awaitable<void>;
+    clear(): Awaitable<void>;
+    keys(): Awaitable<Iterable<string> | AsyncIterable<string>>;
+}
+export declare function createMemoryCacheStore(): CacheStore;
+export declare function resolveCacheMode(options: CacheOptions): CacheMode;
+export declare function shouldIncludeAuthHeadersForCache(options: CacheOptions, mode?: CacheMode): boolean;
+export declare function routeCache(options: CacheOptions): MiddlewareFn;
+export declare function invalidateCache(path: string): Promise<void>;
+export declare function clearCache(): Promise<void>;
+export {};

package/dist-pkg/server/cache.js

@@ -0,0 +1,236 @@
+import { emitAIEvent } from "../ai/index.js";
+export function createMemoryCacheStore() {
+  const store = new Map;
+  return {
+    get: (key) => store.get(key),
+    set: (key, entry) => {
+      store.set(key, entry);
+    },
+    delete: (key) => {
+      store.delete(key);
+    },
+    clear: () => {
+      store.clear();
+    },
+    keys: () => store.keys()
+  };
+}
+const defaultCacheStore = createMemoryCacheStore(), DEFAULT_AUTH_VARY = ["Cookie", "Authorization"], DEFAULT_SURFACE_VARY = ["Accept", "X-Gorsee-Navigate"];
+export function resolveCacheMode(options) {
+  if (options.mode)
+    return options.mode;
+  if (options.includeAuthHeaders === !1)
+    return "public";
+  return "private";
+}
+export function shouldIncludeAuthHeadersForCache(options, mode = resolveCacheMode(options)) {
+  if (typeof options.includeAuthHeaders === "boolean")
+    return options.includeAuthHeaders;
+  return mode === "private";
+}
+function buildKey(url, vary, request, customKey) {
+  const base = customKey ? customKey(url) : url.pathname + url.search;
+  if (vary.length === 0)
+    return base;
+  const varyParts = vary.map((h) => `${h}=${request.headers.get(h) ?? ""}`).join("&");
+  return `${base}?__vary=${varyParts}`;
+}
+export function routeCache(options) {
+  const {
+    maxAge,
+    staleWhileRevalidate = 0,
+    vary = [],
+    key: customKey,
+    store = defaultCacheStore
+  } = options, mode = resolveCacheMode(options), includeAuthHeaders = shouldIncludeAuthHeadersForCache(options, mode), normalizedVary = normalizeVaryHeaders([
+    ...DEFAULT_SURFACE_VARY,
+    ...includeAuthHeaders ? DEFAULT_AUTH_VARY : [],
+    ...vary
+  ]);
+  return async (ctx, next) => {
+    if (ctx.request.method !== "GET")
+      return next();
+    if (mode === "no-store") {
+      const response = await next(), headers = new Headers(response.headers);
+      headers.set("Cache-Control", "no-store");
+      setVaryHeaderObject(headers, normalizedVary);
+      return new Response(response.body, {
+        status: response.status,
+        statusText: response.statusText,
+        headers
+      });
+    }
+    const cacheKey = buildKey(ctx.url, normalizedVary, ctx.request, customKey), entry = await store.get(cacheKey), now = Date.now();
+    if (entry) {
+      const age = (now - entry.createdAt) / 1000;
+      if (age < maxAge) {
+        emitAIEvent({
+          kind: "cache.hit",
+          severity: "info",
+          source: "runtime",
+          message: "cache hit",
+          requestId: typeof ctx.locals.requestId === "string" ? ctx.locals.requestId : void 0,
+          traceId: typeof ctx.locals.traceId === "string" ? ctx.locals.traceId : void 0,
+          spanId: typeof ctx.locals.spanId === "string" ? ctx.locals.spanId : void 0,
+          route: ctx.url.pathname,
+          data: { cacheKey, ageSeconds: Math.floor(age), mode }
+        });
+        return new Response(entry.body, {
+          status: entry.status,
+          headers: withVaryHeaders(entry.headers, normalizedVary, {
+            "X-Cache": "HIT",
+            Age: String(Math.floor(age))
+          })
+        });
+      }
+      if (age < maxAge + staleWhileRevalidate && !entry.revalidating) {
+        entry.revalidating = !0;
+        emitAIEvent({
+          kind: "cache.stale",
+          severity: "warn",
+          source: "runtime",
+          message: "stale cache entry served",
+          requestId: typeof ctx.locals.requestId === "string" ? ctx.locals.requestId : void 0,
+          traceId: typeof ctx.locals.traceId === "string" ? ctx.locals.traceId : void 0,
+          spanId: typeof ctx.locals.spanId === "string" ? ctx.locals.spanId : void 0,
+          route: ctx.url.pathname,
+          data: { cacheKey, ageSeconds: Math.floor(age), mode }
+        });
+        revalidate(cacheKey, store, next);
+        return new Response(entry.body, {
+          status: entry.status,
+          headers: withVaryHeaders(entry.headers, normalizedVary, {
+            "X-Cache": "STALE",
+            Age: String(Math.floor(age))
+          })
+        });
+      }
+    }
+    emitAIEvent({
+      kind: "cache.miss",
+      severity: "info",
+      source: "runtime",
+      message: "cache miss",
+      requestId: typeof ctx.locals.requestId === "string" ? ctx.locals.requestId : void 0,
+      traceId: typeof ctx.locals.traceId === "string" ? ctx.locals.traceId : void 0,
+      spanId: typeof ctx.locals.spanId === "string" ? ctx.locals.spanId : void 0,
+      route: ctx.url.pathname,
+      data: { cacheKey, mode }
+    });
+    const response = await next();
+    if (response.status === 200 && isCacheableResponse(response, mode)) {
+      const body = await response.text(), headers = {};
+      response.headers.forEach((v, k) => {
+        headers[k] = v;
+      });
+      setVaryHeader(headers, normalizedVary);
+      setCacheControlHeader(headers, mode, maxAge, staleWhileRevalidate);
+      await store.set(cacheKey, { body, headers, status: response.status, createdAt: now });
+      return new Response(body, {
+        status: response.status,
+        headers: { ...headers, "X-Cache": "MISS" }
+      });
+    }
+    emitAIEvent({
+      kind: "cache.skip",
+      severity: "debug",
+      source: "runtime",
+      message: "response not cached",
+      requestId: typeof ctx.locals.requestId === "string" ? ctx.locals.requestId : void 0,
+      traceId: typeof ctx.locals.traceId === "string" ? ctx.locals.traceId : void 0,
+      spanId: typeof ctx.locals.spanId === "string" ? ctx.locals.spanId : void 0,
+      route: ctx.url.pathname,
+      data: { cacheKey, status: response.status, mode }
+    });
+    return response;
+  };
+}
+async function revalidate(key, store, next) {
+  try {
+    const response = await next();
+    if (response.status === 200) {
+      const body = await response.text(), headers = {};
+      response.headers.forEach((v, k) => {
+        headers[k] = v;
+      });
+      await store.set(key, { body, headers, status: response.status, createdAt: Date.now() });
+    }
+  } catch {
+    const entry = await store.get(key);
+    if (entry)
+      entry.revalidating = !1;
+  }
+}
+export async function invalidateCache(path) {
+  const keys = await defaultCacheStore.keys();
+  for await (const key of keys)
+    if (key.startsWith(path))
+      await defaultCacheStore.delete(key);
+}
+export async function clearCache() {
+  await defaultCacheStore.clear();
+}
+function normalizeVaryHeaders(headers) {
+  const seen = new Set, normalized = [];
+  for (const header of headers) {
+    const trimmed = header.trim();
+    if (!trimmed)
+      continue;
+    const key = trimmed.toLowerCase();
+    if (seen.has(key))
+      continue;
+    seen.add(key);
+    normalized.push(canonicalizeHeaderName(trimmed));
+  }
+  normalized.sort((a, b) => a.localeCompare(b, void 0, { sensitivity: "base" }));
+  return normalized;
+}
+function setVaryHeader(headers, vary) {
+  if (vary.length === 0)
+    return;
+  const existing = headers.vary ?? headers.Vary, merged = normalizeVaryHeaders([
+    ...existing ? existing.split(",") : [],
+    ...vary
+  ]);
+  headers.Vary = merged.join(", ");
+  delete headers.vary;
+}
+function setVaryHeaderObject(headers, vary) {
+  if (vary.length === 0)
+    return;
+  const existing = headers.get("Vary"), merged = normalizeVaryHeaders([
+    ...existing ? existing.split(",") : [],
+    ...vary
+  ]);
+  headers.set("Vary", merged.join(", "));
+}
+function withVaryHeaders(headers, vary, extraHeaders) {
+  const merged = { ...headers, ...extraHeaders };
+  setVaryHeader(merged, vary);
+  return merged;
+}
+function isCacheableResponse(response, mode) {
+  if (response.headers.has("Set-Cookie"))
+    return !1;
+  const cacheControl = response.headers.get("Cache-Control")?.toLowerCase() ?? "";
+  if (cacheControl.includes("no-store"))
+    return !1;
+  if (mode === "public" || mode === "shared")
+    return !cacheControl.includes("private");
+  return !0;
+}
+function setCacheControlHeader(headers, mode, maxAge, staleWhileRevalidate) {
+  if (mode === "no-store") {
+    headers["Cache-Control"] = "no-store";
+    return;
+  }
+  const directives = [mode === "private" ? "private" : "public", `max-age=${maxAge}`];
+  if (mode === "shared")
+    directives.push(`s-maxage=${maxAge}`);
+  if (staleWhileRevalidate > 0)
+    directives.push(`stale-while-revalidate=${staleWhileRevalidate}`);
+  headers["Cache-Control"] = directives.join(", ");
+}
+function canonicalizeHeaderName(header) {
+  return header.toLowerCase().split("-").map((segment) => segment ? segment[0].toUpperCase() + segment.slice(1) : segment).join("-");
+}

package/dist-pkg/server/compress.d.ts

@@ -0,0 +1,2 @@
+import type { MiddlewareFn } from "./middleware.js";
+export declare function compress(): MiddlewareFn;

package/dist-pkg/server/compress.js

@@ -0,0 +1,77 @@
+const COMPRESSIBLE_TYPES = new Set([
+  "text/html",
+  "text/css",
+  "text/javascript",
+  "application/javascript",
+  "application/json",
+  "text/xml",
+  "application/xml",
+  "image/svg+xml"
+]);
+function isCompressible(contentType) {
+  if (!contentType)
+    return !1;
+  const type = contentType.split(";")[0].trim();
+  return COMPRESSIBLE_TYPES.has(type);
+}
+function parseAcceptedEncodings(header) {
+  const accepted = new Map;
+  for (const rawEntry of header.split(",")) {
+    const entry = rawEntry.trim();
+    if (!entry)
+      continue;
+    const [rawName, ...params] = entry.split(";").map((part) => part.trim()), name = rawName?.toLowerCase();
+    if (!name)
+      continue;
+    const qParam = params.find((part) => part.startsWith("q=")), qValue = qParam ? Number(qParam.slice(2)) : 1;
+    if (!Number.isFinite(qValue))
+      continue;
+    accepted.set(name, Math.max(0, Math.min(qValue, 1)));
+  }
+  return accepted;
+}
+function resolveEncoding(header) {
+  const acceptedEncodings = parseAcceptedEncodings(header), wildcardWeight = acceptedEncodings.get("*"), candidates = ["gzip", "deflate"];
+  let best = null;
+  for (const encoding of candidates) {
+    const weight = acceptedEncodings.get(encoding) ?? wildcardWeight ?? 0;
+    if (weight <= 0)
+      continue;
+    if (!best || weight > best.weight)
+      best = { encoding, weight };
+  }
+  return best?.encoding ?? null;
+}
+export function compress() {
+  return async (_ctx, next) => {
+    const response = await next(), contentType = response.headers.get("content-type");
+    if (!isCompressible(contentType))
+      return response;
+    if (response.headers.has("content-encoding"))
+      return response;
+    if (!response.body)
+      return response;
+    const selectedEncoding = resolveEncoding(_ctx.request.headers.get("accept-encoding") ?? "");
+    if (selectedEncoding === "gzip") {
+      const compressed = response.body.pipeThrough(new CompressionStream("gzip")), headers = new Headers(response.headers);
+      headers.set("Content-Encoding", "gzip");
+      headers.delete("Content-Length");
+      return new Response(compressed, {
+        status: response.status,
+        statusText: response.statusText,
+        headers
+      });
+    }
+    if (selectedEncoding === "deflate") {
+      const compressed = response.body.pipeThrough(new CompressionStream("deflate")), headers = new Headers(response.headers);
+      headers.set("Content-Encoding", "deflate");
+      headers.delete("Content-Length");
+      return new Response(compressed, {
+        status: response.status,
+        statusText: response.statusText,
+        headers
+      });
+    }
+    return response;
+  };
+}

package/dist-pkg/server/endpoint-execution.d.ts

@@ -0,0 +1,28 @@
+import { type Context, type MiddlewareFn } from "./middleware.js";
+import { type RequestExecutionKind, type RequestExecutionPolicy, type RequestMetadata } from "./request-policy.js";
+import { type RequestSecurityPolicy } from "./request-security-policy.js";
+export interface EndpointExecutionTrace {
+    requestId?: string;
+    traceId?: string;
+    spanId?: string;
+    parentSpanId?: string;
+}
+export interface EndpointExecutionContext {
+    ctx: Context;
+    metadata: RequestMetadata;
+    requestPolicy: RequestExecutionPolicy;
+    securityPolicy: RequestSecurityPolicy;
+}
+export interface EndpointExecutionOptions {
+    request: Request;
+    kind: RequestExecutionKind;
+    params?: Record<string, string>;
+    trustedOrigin?: string;
+    trustForwardedHeaders?: boolean;
+    trustedForwardedHops?: number;
+    securityPolicy?: RequestSecurityPolicy;
+    middlewares?: MiddlewareFn[];
+    trace?: EndpointExecutionTrace;
+    handler: (context: EndpointExecutionContext) => Promise<Response>;
+}
+export declare function executeEndpointRequest(options: EndpointExecutionOptions): Promise<Response>;

package/dist-pkg/server/endpoint-execution.js

@@ -0,0 +1,37 @@
+import { createContext, runMiddlewareChain } from "./middleware.js";
+import {
+  attachRequestMetadata,
+  resolveRequestExecutionPolicy,
+  resolveRequestMetadata,
+  validateRequestPolicy
+} from "./request-policy.js";
+import {
+  createRequestSecurityPolicy,
+  validateRequestSecurityPolicy
+} from "./request-security-policy.js";
+import { createTraceIds } from "../ai/index.js";
+export async function executeEndpointRequest(options) {
+  const trace = options.trace?.requestId && options.trace?.traceId && options.trace?.spanId ? options.trace : createTraceIds(options.trace), securityPolicy = options.securityPolicy ?? createRequestSecurityPolicy({
+    trustedOrigin: options.trustedOrigin,
+    trustForwardedHeaders: options.trustForwardedHeaders,
+    trustedForwardedHops: options.trustedForwardedHops
+  }), requestPolicy = resolveRequestExecutionPolicy(options.kind), ctx = createContext(options.request, options.params ?? {}, {
+    trustedOrigin: securityPolicy.trustedOrigin
+  }), metadata = resolveRequestMetadata(options.request, {
+    trustedOrigin: securityPolicy.trustedOrigin,
+    kind: options.kind,
+    visibility: requestPolicy.visibility,
+    trustForwardedHeaders: securityPolicy.trustForwardedHeaders,
+    trustedForwardedHops: securityPolicy.trustedForwardedHops
+  });
+  ctx.locals.requestId = trace.requestId;
+  ctx.locals.traceId = trace.traceId;
+  ctx.locals.spanId = trace.spanId;
+  if (trace.parentSpanId)
+    ctx.locals.parentSpanId = trace.parentSpanId;
+  attachRequestMetadata(ctx.locals, metadata, requestPolicy);
+  const violation = validateRequestSecurityPolicy(metadata, requestPolicy, securityPolicy) ?? validateRequestPolicy(metadata, requestPolicy);
+  if (violation)
+    return violation;
+  return runMiddlewareChain(options.middlewares ?? [], ctx, () => options.handler({ ctx, metadata, requestPolicy, securityPolicy }));
+}

package/dist-pkg/server/etag.d.ts

@@ -0,0 +1,3 @@
+export declare function generateETag(size: number, mtimeMs: number): string;
+export declare function fileETag(filePath: string): Promise<string | null>;
+export declare function isNotModified(request: Request, etag: string): boolean;

package/dist-pkg/server/etag.js

@@ -0,0 +1,18 @@
+import { stat } from "node:fs/promises";
+export function generateETag(size, mtimeMs) {
+  return `W/"${size.toString(16)}-${Math.floor(mtimeMs).toString(16)}"`;
+}
+export async function fileETag(filePath) {
+  try {
+    const s = await stat(filePath);
+    return generateETag(s.size, s.mtimeMs);
+  } catch {
+    return null;
+  }
+}
+export function isNotModified(request, etag) {
+  const ifNoneMatch = request.headers.get("if-none-match");
+  if (!ifNoneMatch)
+    return !1;
+  return ifNoneMatch.split(",").some((t) => t.trim() === etag);
+}

package/dist-pkg/server/guard.d.ts

@@ -0,0 +1,16 @@
+import type { Context, MiddlewareFn } from "./middleware.js";
+type GuardFn = (ctx: Context) => boolean | Promise<boolean>;
+interface GuardOptions {
+    onFail?: (ctx: Context) => Response | Promise<Response>;
+}
+/** Create a guard middleware from a predicate */
+export declare function createGuard(check: GuardFn, options?: GuardOptions): MiddlewareFn;
+/** Guard: require authenticated session */
+export declare function requireAuth(loginPath?: string): MiddlewareFn;
+/** Guard: require specific role (reads from session.data.role) */
+export declare function requireRole(role: string, options?: GuardOptions): MiddlewareFn;
+/** Guard: combine multiple guards (all must pass) */
+export declare function allGuards(...guards: MiddlewareFn[]): MiddlewareFn;
+/** Guard: any one guard passing is sufficient */
+export declare function anyGuard(...guards: MiddlewareFn[]): MiddlewareFn;
+export {};

package/dist-pkg/server/guard.js

@@ -0,0 +1,45 @@
+const DEFAULT_DENY = (_ctx) => new Response("Forbidden", { status: 403 });
+export function createGuard(check, options) {
+  const onFail = options?.onFail ?? DEFAULT_DENY;
+  return async (ctx, next) => {
+    if (!await check(ctx))
+      return onFail(ctx);
+    return next();
+  };
+}
+export function requireAuth(loginPath = "/login") {
+  return createGuard((ctx) => !!ctx.locals.session, { onFail: (ctx) => ctx.redirect(loginPath) });
+}
+export function requireRole(role, options) {
+  return createGuard((ctx) => {
+    return ctx.locals.session?.data?.role === role;
+  }, options);
+}
+export function allGuards(...guards) {
+  return async (ctx, next) => {
+    for (const guard of guards) {
+      let passed = !1;
+      const result = await guard(ctx, async () => {
+        passed = !0;
+        return new Response(null);
+      });
+      if (!passed)
+        return result;
+    }
+    return next();
+  };
+}
+export function anyGuard(...guards) {
+  return async (ctx, next) => {
+    for (const guard of guards) {
+      let passed = !1;
+      await guard(ctx, async () => {
+        passed = !0;
+        return new Response(null);
+      });
+      if (passed)
+        return next();
+    }
+    return new Response("Forbidden", { status: 403 });
+  };
+}

package/dist-pkg/server/html-shell.d.ts

@@ -0,0 +1,12 @@
+export interface HTMLWrapOptions {
+    title?: string;
+    clientScript?: string;
+    loaderData?: unknown;
+    params?: Record<string, string>;
+    cssFiles?: string[];
+    headElements?: string[];
+    bodyPrefix?: string[];
+    bodySuffix?: string[];
+}
+export declare function generateNonce(): string;
+export declare function wrapHTML(body: string, nonce: string | undefined, options?: HTMLWrapOptions): string;