h3 1.0.2 → 1.2.0

package/README.md

@@ -39,28 +39,32 @@ pnpm add h3
 ## Usage
 
 ```ts
-import { createServer } from 'http'
-import { createApp, eventHandler, toNodeListener } from 'h3'
+import { createServer } from "node:http";
+import { createApp, eventHandler, toNodeListener } from "h3";
 
-const app = createApp()
-app.use('/', eventHandler(() => 'Hello world!'))
+const app = createApp();
+app.use(
+  "/",
+  eventHandler(() => "Hello world!")
+);
 
-createServer(toNodeListener(app)).listen(process.env.PORT || 3000)
+createServer(toNodeListener(app)).listen(process.env.PORT || 3000);
 ```
 
-<details>
- <summary>Example using <a href="https://github.com/unjs/listhen">listhen</a> for an elegant listener.</summary>
+Example using <a href="https://github.com/unjs/listhen">listhen</a> for an elegant listener:
 
 ```ts
-import { createApp, toNodeListener } from 'h3'
-import { listen } from 'listhen'
+import { createApp, eventHandler, toNodeListener } from "h3";
+import { listen } from "listhen";
 
-const app = createApp()
-app.use('/', eventHandler(() => 'Hello world!'))
+const app = createApp();
+app.use(
+  "/",
+  eventHandler(() => "Hello world!")
+);
 
-listen(toNodeListener(app))
+listen(toNodeListener(app));
 ```
-</details>
 
 ## Router
 
@@ -69,18 +73,24 @@ The `app` instance created by `h3` uses a middleware stack (see [how it works](#
 To opt-in using a more advanced and convenient routing system, we can create a router instance and register it to app instance.
 
 ```ts
-import { createApp, eventHandler, createRouter } from 'h3'
+import { createApp, eventHandler, createRouter } from "h3";
 
-const app = createApp()
+const app = createApp();
 
 const router = createRouter()
- .get('/', eventHandler(() => 'Hello World!'))
- .get('/hello/:name', eventHandler(event => `Hello ${event.context.params.name}!`))
-
-app.use(router)
+  .get(
+    "/",
+    eventHandler(() => "Hello World!")
+  )
+  .get(
+    "/hello/:name",
+    eventHandler((event) => `Hello ${event.context.params.name}!`)
+  );
+
+app.use(router);
 ```
 
-**Tip:** We can register same route more than once with different methods.
+**Tip:** We can register the same route more than once with different methods.
 
 Routes are internally stored in a [Radix Tree](https://en.wikipedia.org/wiki/Radix_tree) and matched using [unjs/radix3](https://github.com/unjs/radix3).
 
@@ -109,7 +119,7 @@ app.use('/big', () => import('./big-handler'), { lazy: true })
 
 ## Utilities
 
-H3 has concept of compasable utilities that accept `event` (from `eventHandler((event) => {})`) as their first argument. This has several performance benefits over injecting them to `event` or `app` instances and global middleware commonly used in Node.js frameworks such as Express, which Only required code is evaluated and bundled and rest of utils can be tree-shaken when not used.
+H3 has a concept of composable utilities that accept `event` (from `eventHandler((event) => {})`) as their first argument. This has several performance benefits over injecting them to `event` or `app` instances in global middleware commonly used in Node.js frameworks, such as Express. This concept means only required code is evaluated and bundled, and the rest of the utilities can be tree-shaken when not used.
 
 ### Built-in
 
@@ -138,12 +148,21 @@ H3 has concept of compasable utilities that accept `event` (from `eventHandler((
 - `createError({ statusCode, statusMessage, data? })`
 - `sendProxy(event, { target, headers?, fetchOptions?, fetch?, sendStream? })`
 - `proxyRequest(event, { target, headers?, fetchOptions?, fetch?, sendStream? })`
+- `sendNoContent(event, code = 204)`
+- `setResponseStatus(event, status)`
+- `getResponseStatus(event)`
+- `getResponseStatusText(event)`
+- `readMultipartFormData(event)`
+- `useSession(event, { password, name?, cookie?, seal?, crypto? })`
+- `getSession(event, { password, name?, cookie?, seal?, crypto? })`
+- `updateSession(event, { password, name?, cookie?, seal?, crypto? }), update)`
+- `clearSession(event, { password, name?, cookie?, seal?, crypto? }))`
 
 👉 You can learn more about usage in [JSDocs Documentation](https://www.jsdocs.io/package/h3#package-functions).
 
 ## Community Packages
 
-You can use more h3 event utilities made by the community.
+You can use more H3 event utilities made by the community.
 
 Please check their READMEs for more details.
 

package/dist/index.cjs

@@ -4,6 +4,8 @@ const ufo = require('ufo');
 const radix3 = require('radix3');
 const destr = require('destr');
 const cookieEs = require('cookie-es');
+const ironWebcrypto = require('iron-webcrypto');
+const crypto = require('uncrypto');
 
 function useBase(base, handler) {
   base = ufo.withoutTrailingSlash(base);
@@ -17,6 +19,83 @@ function useBase(base, handler) {
   });
 }
 
+function parse(multipartBodyBuffer, boundary) {
+  let lastline = "";
+  let state = 0 /* INIT */;
+  let buffer = [];
+  const allParts = [];
+  let currentPartHeaders = [];
+  for (let i = 0; i < multipartBodyBuffer.length; i++) {
+    const prevByte = i > 0 ? multipartBodyBuffer[i - 1] : null;
+    const currByte = multipartBodyBuffer[i];
+    const newLineChar = currByte === 10 || currByte === 13;
+    if (!newLineChar) {
+      lastline += String.fromCodePoint(currByte);
+    }
+    const newLineDetected = currByte === 10 && prevByte === 13;
+    if (0 /* INIT */ === state && newLineDetected) {
+      if ("--" + boundary === lastline) {
+        state = 1 /* READING_HEADERS */;
+      }
+      lastline = "";
+    } else if (1 /* READING_HEADERS */ === state && newLineDetected) {
+      if (lastline.length > 0) {
+        const i2 = lastline.indexOf(":");
+        if (i2 > 0) {
+          const name = lastline.slice(0, i2).toLowerCase();
+          const value = lastline.slice(i2 + 1).trim();
+          currentPartHeaders.push([name, value]);
+        }
+      } else {
+        state = 2 /* READING_DATA */;
+        buffer = [];
+      }
+      lastline = "";
+    } else if (2 /* READING_DATA */ === state) {
+      if (lastline.length > boundary.length + 4) {
+        lastline = "";
+      }
+      if ("--" + boundary === lastline) {
+        const j = buffer.length - lastline.length;
+        const part = buffer.slice(0, j - 1);
+        allParts.push(process(part, currentPartHeaders));
+        buffer = [];
+        currentPartHeaders = [];
+        lastline = "";
+        state = 3 /* READING_PART_SEPARATOR */;
+      } else {
+        buffer.push(currByte);
+      }
+      if (newLineDetected) {
+        lastline = "";
+      }
+    } else if (3 /* READING_PART_SEPARATOR */ === state && newLineDetected) {
+      state = 1 /* READING_HEADERS */;
+    }
+  }
+  return allParts;
+}
+function process(data, headers) {
+  const dataObj = {};
+  const contentDispositionHeader = headers.find((h) => h[0] === "content-disposition")?.[1] || "";
+  for (const i of contentDispositionHeader.split(";")) {
+    const s = i.split("=");
+    if (s.length !== 2) {
+      continue;
+    }
+    const key = (s[0] || "").trim();
+    if (key === "name" || key === "filename") {
+      dataObj[key] = (s[1] || "").trim().replace(/"/g, "");
+    }
+  }
+  const contentType = headers.find((h) => h[0] === "content-type")?.[1] || "";
+  if (contentType) {
+    dataObj.type = contentType;
+  }
+  dataObj.data = Buffer.from(data);
+  return dataObj;
+}
+
 class H3Error extends Error {
   constructor() {
     super(...arguments);
@@ -49,6 +128,7 @@ function createError(input) {
   }
   const err = new H3Error(
     input.message ?? input.statusMessage,
+    // @ts-ignore
     input.cause ? { cause: input.cause } : void 0
   );
   if ("stack" in input) {
@@ -222,6 +302,21 @@ async function readBody(event) {
   event.node.req[ParsedBodySymbol] = json;
   return json;
 }
+async function readMultipartFormData(event) {
+  const contentType = getRequestHeader(event, "content-type");
+  if (!contentType || !contentType.startsWith("multipart/form-data")) {
+    return;
+  }
+  const boundary = contentType.match(/boundary=([^;]*)(;|$)/i)?.[1];
+  if (!boundary) {
+    return;
+  }
+  const body = await readRawBody(event, false);
+  if (!body) {
+    return;
+  }
+  return parse(body, boundary);
+}
 
 function handleCacheHeaders(event, opts) {
   const cacheControls = ["public", ...opts.cacheControls || []];
@@ -258,6 +353,111 @@ const MIMES = {
   json: "application/json"
 };
 
+function parseCookies(event) {
+  return cookieEs.parse(event.node.req.headers.cookie || "");
+}
+function getCookie(event, name) {
+  return parseCookies(event)[name];
+}
+function setCookie(event, name, value, serializeOptions) {
+  const cookieStr = cookieEs.serialize(name, value, {
+    path: "/",
+    ...serializeOptions
+  });
+  let setCookies = event.node.res.getHeader("set-cookie");
+  if (!Array.isArray(setCookies)) {
+    setCookies = [setCookies];
+  }
+  setCookies = setCookies.filter((cookieValue) => {
+    return cookieValue && !cookieValue.startsWith(name + "=");
+  });
+  event.node.res.setHeader("set-cookie", [...setCookies, cookieStr]);
+}
+function deleteCookie(event, name, serializeOptions) {
+  setCookie(event, name, "", {
+    ...serializeOptions,
+    maxAge: 0
+  });
+}
+
+const PayloadMethods = /* @__PURE__ */ new Set(["PATCH", "POST", "PUT", "DELETE"]);
+const ignoredHeaders = /* @__PURE__ */ new Set([
+  "transfer-encoding",
+  "connection",
+  "keep-alive",
+  "upgrade",
+  "expect",
+  "host"
+]);
+async function proxyRequest(event, target, opts = {}) {
+  const method = getMethod(event);
+  let body;
+  if (PayloadMethods.has(method)) {
+    body = await readRawBody(event).catch(() => void 0);
+  }
+  const headers = /* @__PURE__ */ Object.create(null);
+  const reqHeaders = getRequestHeaders(event);
+  for (const name in reqHeaders) {
+    if (!ignoredHeaders.has(name)) {
+      headers[name] = reqHeaders[name];
+    }
+  }
+  if (opts.fetchOptions?.headers) {
+    Object.assign(headers, opts.fetchOptions.headers);
+  }
+  if (opts.headers) {
+    Object.assign(headers, opts.headers);
+  }
+  return sendProxy(event, target, {
+    ...opts,
+    fetchOptions: {
+      headers,
+      method,
+      body,
+      ...opts.fetchOptions
+    }
+  });
+}
+async function sendProxy(event, target, opts = {}) {
+  const _fetch = opts.fetch || globalThis.fetch;
+  if (!_fetch) {
+    throw new Error(
+      "fetch is not available. Try importing `node-fetch-native/polyfill` for Node.js."
+    );
+  }
+  const response = await _fetch(target, {
+    headers: opts.headers,
+    ...opts.fetchOptions
+  });
+  event.node.res.statusCode = response.status;
+  event.node.res.statusMessage = response.statusText;
+  for (const [key, value] of response.headers.entries()) {
+    if (key === "content-encoding") {
+      continue;
+    }
+    if (key === "content-length") {
+      continue;
+    }
+    event.node.res.setHeader(key, value);
+  }
+  try {
+    if (response.body) {
+      if (opts.sendStream === false) {
+        const data = new Uint8Array(await response.arrayBuffer());
+        event.node.res.end(data);
+      } else {
+        for await (const chunk of response.body) {
+          event.node.res.write(chunk);
+        }
+        event.node.res.end();
+      }
+    }
+  } catch (error) {
+    event.node.res.end();
+    throw error;
+  }
+}
+
 const defer = typeof setImmediate !== "undefined" ? setImmediate : (fn) => fn();
 function send(event, data, type) {
   if (type) {
@@ -270,6 +470,25 @@ function send(event, data, type) {
     });
   });
 }
+function sendNoContent(event, code = 204) {
+  event.node.res.statusCode = code;
+  if (event.node.res.statusCode === 204) {
+    event.node.res.removeHeader("content-length");
+  }
+  event.node.res.end();
+}
+function setResponseStatus(event, code, text) {
+  event.node.res.statusCode = code;
+  if (text) {
+    event.node.res.statusMessage = text;
+  }
+}
+function getResponseStatus(event) {
+  return event.node.res.statusCode;
+}
+function getResponseStatusText(event) {
+  return event.node.res.statusMessage;
+}
 function defaultContentType(event, type) {
   if (type && !event.node.res.getHeader("content-type")) {
     event.node.res.setHeader("content-type", type);
@@ -371,101 +590,82 @@ ${header}: ${value}`;
   }
 }
 
-function parseCookies(event) {
-  return cookieEs.parse(event.node.req.headers.cookie || "");
-}
-function getCookie(event, name) {
-  return parseCookies(event)[name];
-}
-function setCookie(event, name, value, serializeOptions) {
-  const cookieStr = cookieEs.serialize(name, value, {
-    path: "/",
-    ...serializeOptions
-  });
-  appendHeader(event, "Set-Cookie", cookieStr);
-}
-function deleteCookie(event, name, serializeOptions) {
-  setCookie(event, name, "", {
-    ...serializeOptions,
-    maxAge: 0
-  });
-}
-
-const PayloadMethods = /* @__PURE__ */ new Set(["PATCH", "POST", "PUT", "DELETE"]);
-const ignoredHeaders = /* @__PURE__ */ new Set([
-  "transfer-encoding",
-  "connection",
-  "keep-alive",
-  "upgrade",
-  "expect"
-]);
-async function proxyRequest(event, target, opts = {}) {
-  const method = getMethod(event);
-  let body;
-  if (PayloadMethods.has(method)) {
-    body = await readRawBody(event).catch(() => void 0);
-  }
-  const headers = /* @__PURE__ */ Object.create(null);
-  const reqHeaders = getRequestHeaders(event);
-  for (const name in reqHeaders) {
-    if (!ignoredHeaders.has(name)) {
-      headers[name] = reqHeaders[name];
-    }
-  }
-  if (opts.fetchOptions?.headers) {
-    Object.assign(headers, opts.fetchOptions.headers);
-  }
-  if (opts.headers) {
-    Object.assign(headers, opts.headers);
-  }
-  return sendProxy(event, target, {
-    ...opts,
-    fetchOptions: {
-      headers,
-      method,
-      body,
-      ...opts.fetchOptions
+const DEFAULT_NAME = "h3";
+const DEFAULT_COOKIE = {
+  path: "/",
+  secure: true,
+  httpOnly: true
+};
+async function useSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  await getSession(event, config);
+  const sessionManager = {
+    get id() {
+      return event.context.sessions?.[sessionName]?.id;
+    },
+    get data() {
+      return event.context.sessions?.[sessionName]?.data || {};
+    },
+    update: async (update) => {
+      await updateSession(event, config, update);
+      return sessionManager;
+    },
+    clear: async () => {
+      await clearSession(event, config);
+      return sessionManager;
     }
-  });
+  };
+  return sessionManager;
 }
-async function sendProxy(event, target, opts = {}) {
-  const _fetch = opts.fetch || globalThis.fetch;
-  if (!_fetch) {
-    throw new Error(
-      "fetch is not available. Try importing `node-fetch-native/polyfill` for Node.js."
+async function getSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  if (!event.context.sessions) {
+    event.context.sessions = /* @__PURE__ */ Object.create(null);
+  }
+  if (event.context.sessions[sessionName]) {
+    return event.context.sessions[sessionName];
+  }
+  const session = { id: "", data: /* @__PURE__ */ Object.create(null) };
+  event.context.sessions[sessionName] = session;
+  const reqCookie = getCookie(event, sessionName);
+  if (!reqCookie) {
+    session.id = (config.crypto || crypto).randomUUID();
+    await updateSession(event, config);
+  } else {
+    const unsealed = await ironWebcrypto.unseal(
+      config.crypto || crypto,
+      reqCookie,
+      config.password,
+      config.seal || ironWebcrypto.defaults
     );
+    Object.assign(session, unsealed);
   }
-  const response = await _fetch(target, {
-    headers: opts.headers,
-    ...opts.fetchOptions
-  });
-  event.node.res.statusCode = response.status;
-  event.node.res.statusMessage = response.statusText;
-  for (const [key, value] of response.headers.entries()) {
-    if (key === "content-encoding") {
-      continue;
-    }
-    if (key === "content-length") {
-      continue;
-    }
-    event.node.res.setHeader(key, value);
-  }
-  try {
-    if (response.body) {
-      if (opts.sendStream === false) {
-        const data = new Uint8Array(await response.arrayBuffer());
-        event.node.res.end(data);
-      } else {
-        for await (const chunk of response.body) {
-          event.node.res.write(chunk);
-        }
-        event.node.res.end();
-      }
-    }
-  } catch (error) {
-    event.node.res.end();
-    throw error;
+  return session;
+}
+async function updateSession(event, config, update) {
+  const sessionName = config.name || DEFAULT_NAME;
+  const session = event.context.sessions?.[sessionName] || await getSession(event, config);
+  if (typeof update === "function") {
+    update = update(session.data);
+  }
+  if (update) {
+    Object.assign(session.data, update);
+  }
+  const sealed = await ironWebcrypto.seal(
+    config.crypto || crypto,
+    session,
+    config.password,
+    config.seal || ironWebcrypto.defaults
+  );
+  setCookie(event, sessionName, sealed, config.cookie || DEFAULT_COOKIE);
+  return session;
+}
+async function clearSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  if (event.context.sessions?.[sessionName]) {
+    delete event.context.sessions[sessionName];
   }
+  await setCookie(event, sessionName, "", config.cookie || DEFAULT_COOKIE);
 }
 
 class H3Headers {
@@ -521,6 +721,7 @@ class H3Headers {
 
 class H3Response {
   constructor(body = null, init = {}) {
+    // TODO: yet to implement
     this.body = null;
     this.type = "default";
     this.bodyUsed = false;
@@ -565,12 +766,15 @@ class H3Event {
   get path() {
     return this.req.url;
   }
+  /** @deprecated Please use `event.node.req` instead. **/
   get req() {
     return this.node.req;
   }
+  /** @deprecated Please use `event.node.res` instead. **/
   get res() {
     return this.node.res;
   }
+  // Implementation of FetchEvent
   respondWith(r) {
     Promise.resolve(r).then((_response) => {
       if (this.res.writableEnded) {
@@ -676,6 +880,7 @@ function createApp(options = {}) {
   const stack = [];
   const handler = createAppEventHandler(stack, options);
   const app = {
+    // @ts-ignore
     use: (arg1, arg2, arg3) => use(app, arg1, arg2, arg3),
     handler,
     stack,
@@ -923,6 +1128,7 @@ exports.appendResponseHeader = appendResponseHeader;
 exports.appendResponseHeaders = appendResponseHeaders;
 exports.assertMethod = assertMethod;
 exports.callNodeListener = callNodeListener;
+exports.clearSession = clearSession;
 exports.createApp = createApp;
 exports.createAppEventHandler = createAppEventHandler;
 exports.createError = createError;
@@ -946,8 +1152,11 @@ exports.getRequestHeader = getRequestHeader;
 exports.getRequestHeaders = getRequestHeaders;
 exports.getResponseHeader = getResponseHeader;
 exports.getResponseHeaders = getResponseHeaders;
+exports.getResponseStatus = getResponseStatus;
+exports.getResponseStatusText = getResponseStatusText;
 exports.getRouterParam = getRouterParam;
 exports.getRouterParams = getRouterParams;
+exports.getSession = getSession;
 exports.handleCacheHeaders = handleCacheHeaders;
 exports.isError = isError;
 exports.isEvent = isEvent;
@@ -959,9 +1168,11 @@ exports.parseCookies = parseCookies;
 exports.promisifyNodeListener = promisifyNodeListener;
 exports.proxyRequest = proxyRequest;
 exports.readBody = readBody;
+exports.readMultipartFormData = readMultipartFormData;
 exports.readRawBody = readRawBody;
 exports.send = send;
 exports.sendError = sendError;
+exports.sendNoContent = sendNoContent;
 exports.sendProxy = sendProxy;
 exports.sendRedirect = sendRedirect;
 exports.sendStream = sendStream;
@@ -970,8 +1181,11 @@ exports.setHeader = setHeader;
 exports.setHeaders = setHeaders;
 exports.setResponseHeader = setResponseHeader;
 exports.setResponseHeaders = setResponseHeaders;
+exports.setResponseStatus = setResponseStatus;
 exports.toEventHandler = toEventHandler;
 exports.toNodeListener = toNodeListener;
+exports.updateSession = updateSession;
 exports.use = use;
 exports.useBase = useBase;
+exports.useSession = useSession;
 exports.writeEarlyHints = writeEarlyHints;

package/dist/index.d.ts

@@ -1,11 +1,38 @@
+import { SealOptions } from 'iron-webcrypto';
+import { CookieSerializeOptions } from 'cookie-es';
 import { IncomingMessage, ServerResponse, OutgoingMessage } from 'node:http';
 export { IncomingMessage as NodeIncomingMessage, ServerResponse as NodeServerResponse } from 'node:http';
-import { CookieSerializeOptions } from 'cookie-es';
 import * as ufo from 'ufo';
 
+type SessionDataT = Record<string, string | number | boolean>;
+type SessionData<T extends SessionDataT = SessionDataT> = T;
+interface Session<T extends SessionDataT = SessionDataT> {
+    id: string;
+    data: SessionData<T>;
+}
+interface SessionConfig {
+    password: string;
+    name?: string;
+    cookie?: CookieSerializeOptions;
+    seal?: SealOptions;
+    crypto?: Crypto;
+}
+declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig): Promise<{
+    readonly id: string | undefined;
+    readonly data: SessionDataT;
+    update: (update: SessionUpdate<T>) => Promise<any>;
+    clear: () => Promise<any>;
+}>;
+declare function getSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig): Promise<Session<T>>;
+type SessionUpdate<T extends SessionDataT = SessionDataT> = Partial<SessionData<T>> | ((oldData: SessionData<T>) => Partial<SessionData<T>> | undefined);
+declare function updateSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig, update?: SessionUpdate<T>): Promise<Session<T>>;
+declare function clearSession(event: H3Event, config: SessionConfig): Promise<void>;
+
 type HTTPMethod = "GET" | "HEAD" | "PATCH" | "POST" | "PUT" | "DELETE" | "CONNECT" | "OPTIONS" | "TRACE";
 type Encoding = false | "ascii" | "utf8" | "utf-8" | "utf16le" | "ucs2" | "ucs-2" | "base64" | "latin1" | "binary" | "hex";
 interface H3EventContext extends Record<string, any> {
+    params?: Record<string, string>;
+    sessions?: Record<string, Session>;
 }
 type EventHandlerResponse<T = any> = T | Promise<T>;
 interface EventHandler<T = any> {
@@ -139,7 +166,7 @@ declare function createAppEventHandler(stack: Stack, options: AppOptions): Event
  */
 declare class H3Error extends Error {
     static __h3_error__: boolean;
-    toJSON(): Pick<H3Error, "statusCode" | "statusMessage" | "data" | "message">;
+    toJSON(): Pick<H3Error, "data" | "statusCode" | "statusMessage" | "message">;
     statusCode: number;
     fatal: boolean;
     unhandled: boolean;
@@ -171,6 +198,13 @@ declare function isError(input: any): input is H3Error;
 
 declare function useBase(base: string, handler: EventHandler): EventHandler;
 
+interface MultiPartData {
+    data: Buffer;
+    name?: string;
+    filename?: string;
+    type?: string;
+}
+
 /**
  * Reads body of the request and returns encoded raw string (default) or `Buffer` if encoding if falsy.
  * @param event {H3Event} H3 event or req passed by h3 handler
@@ -191,6 +225,7 @@ declare function readRawBody<E extends Encoding = "utf8">(event: H3Event, encodi
  * ```
  */
 declare function readBody<T = any>(event: H3Event): Promise<T>;
+declare function readMultipartFormData(event: H3Event): Promise<MultiPartData[] | undefined>;
 
 interface CacheConditions {
     modifiedTime?: string | Date;
@@ -272,6 +307,17 @@ declare function getRequestHeader(event: H3Event, name: string): RequestHeaders[
 declare const getHeader: typeof getRequestHeader;
 
 declare function send(event: H3Event, data?: any, type?: string): Promise<void>;
+/**
+ * Respond with an empty payload.<br>
+ * Note that calling this function will close the connection and no other data can be sent to the client afterwards.
+ *
+ * @param event H3 event
+ * @param code status code to be send. By default, it is `204 No Content`.
+ */
+declare function sendNoContent(event: H3Event, code?: number): void;
+declare function setResponseStatus(event: H3Event, code: number, text?: string): void;
+declare function getResponseStatus(event: H3Event): number;
+declare function getResponseStatusText(event: H3Event): string;
 declare function defaultContentType(event: H3Event, type?: string): void;
 declare function sendRedirect(event: H3Event, location: string, code?: number): Promise<void>;
 declare function getResponseHeaders(event: H3Event): ReturnType<H3Event["res"]["getHeaders"]>;
@@ -303,4 +349,4 @@ interface CreateRouterOptions {
 }
 declare function createRouter(opts?: CreateRouterOptions): Router;
 
-export { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, DynamicEventHandler, Encoding, EventHandler, EventHandlerResponse, H3Error, H3Event, H3EventContext, H3Headers, H3Response, HTTPMethod, InputLayer, InputStack, Layer, LazyEventHandler, MIMES, Matcher, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, ProxyOptions, RequestHeaders, Router, RouterMethod, RouterUse, Stack, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, createApp, createAppEventHandler, createError, createEvent, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, deleteCookie, dynamicEventHandler, eventHandler, fromNodeMiddleware, getCookie, getHeader, getHeaders, getMethod, getQuery, getRequestHeader, getRequestHeaders, getResponseHeader, getResponseHeaders, getRouterParam, getRouterParams, handleCacheHeaders, isError, isEvent, isEventHandler, isMethod, isStream, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readRawBody, send, sendError, sendProxy, sendRedirect, sendStream, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, toEventHandler, toNodeListener, use, useBase, writeEarlyHints };
+export { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, DynamicEventHandler, Encoding, EventHandler, EventHandlerResponse, H3Error, H3Event, H3EventContext, H3Headers, H3Response, HTTPMethod, InputLayer, InputStack, Layer, LazyEventHandler, MIMES, Matcher, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, ProxyOptions, RequestHeaders, Router, RouterMethod, RouterUse, Session, SessionConfig, SessionData, Stack, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, clearSession, createApp, createAppEventHandler, createError, createEvent, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, deleteCookie, dynamicEventHandler, eventHandler, fromNodeMiddleware, getCookie, getHeader, getHeaders, getMethod, getQuery, getRequestHeader, getRequestHeaders, getResponseHeader, getResponseHeaders, getResponseStatus, getResponseStatusText, getRouterParam, getRouterParams, getSession, handleCacheHeaders, isError, isEvent, isEventHandler, isMethod, isStream, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readMultipartFormData, readRawBody, send, sendError, sendNoContent, sendProxy, sendRedirect, sendStream, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, setResponseStatus, toEventHandler, toNodeListener, updateSession, use, useBase, useSession, writeEarlyHints };

package/dist/index.mjs

@@ -1,7 +1,9 @@
 import { withoutTrailingSlash, withoutBase, getQuery as getQuery$1 } from 'ufo';
 import { createRouter as createRouter$1 } from 'radix3';
 import destr from 'destr';
-import { parse, serialize } from 'cookie-es';
+import { parse as parse$1, serialize } from 'cookie-es';
+import { unseal, defaults, seal } from 'iron-webcrypto';
+import crypto from 'uncrypto';
 
 function useBase(base, handler) {
   base = withoutTrailingSlash(base);
@@ -15,6 +17,83 @@ function useBase(base, handler) {
   });
 }
 
+function parse(multipartBodyBuffer, boundary) {
+  let lastline = "";
+  let state = 0 /* INIT */;
+  let buffer = [];
+  const allParts = [];
+  let currentPartHeaders = [];
+  for (let i = 0; i < multipartBodyBuffer.length; i++) {
+    const prevByte = i > 0 ? multipartBodyBuffer[i - 1] : null;
+    const currByte = multipartBodyBuffer[i];
+    const newLineChar = currByte === 10 || currByte === 13;
+    if (!newLineChar) {
+      lastline += String.fromCodePoint(currByte);
+    }
+    const newLineDetected = currByte === 10 && prevByte === 13;
+    if (0 /* INIT */ === state && newLineDetected) {
+      if ("--" + boundary === lastline) {
+        state = 1 /* READING_HEADERS */;
+      }
+      lastline = "";
+    } else if (1 /* READING_HEADERS */ === state && newLineDetected) {
+      if (lastline.length > 0) {
+        const i2 = lastline.indexOf(":");
+        if (i2 > 0) {
+          const name = lastline.slice(0, i2).toLowerCase();
+          const value = lastline.slice(i2 + 1).trim();
+          currentPartHeaders.push([name, value]);
+        }
+      } else {
+        state = 2 /* READING_DATA */;
+        buffer = [];
+      }
+      lastline = "";
+    } else if (2 /* READING_DATA */ === state) {
+      if (lastline.length > boundary.length + 4) {
+        lastline = "";
+      }
+      if ("--" + boundary === lastline) {
+        const j = buffer.length - lastline.length;
+        const part = buffer.slice(0, j - 1);
+        allParts.push(process(part, currentPartHeaders));
+        buffer = [];
+        currentPartHeaders = [];
+        lastline = "";
+        state = 3 /* READING_PART_SEPARATOR */;
+      } else {
+        buffer.push(currByte);
+      }
+      if (newLineDetected) {
+        lastline = "";
+      }
+    } else if (3 /* READING_PART_SEPARATOR */ === state && newLineDetected) {
+      state = 1 /* READING_HEADERS */;
+    }
+  }
+  return allParts;
+}
+function process(data, headers) {
+  const dataObj = {};
+  const contentDispositionHeader = headers.find((h) => h[0] === "content-disposition")?.[1] || "";
+  for (const i of contentDispositionHeader.split(";")) {
+    const s = i.split("=");
+    if (s.length !== 2) {
+      continue;
+    }
+    const key = (s[0] || "").trim();
+    if (key === "name" || key === "filename") {
+      dataObj[key] = (s[1] || "").trim().replace(/"/g, "");
+    }
+  }
+  const contentType = headers.find((h) => h[0] === "content-type")?.[1] || "";
+  if (contentType) {
+    dataObj.type = contentType;
+  }
+  dataObj.data = Buffer.from(data);
+  return dataObj;
+}
+
 class H3Error extends Error {
   constructor() {
     super(...arguments);
@@ -47,6 +126,7 @@ function createError(input) {
   }
   const err = new H3Error(
     input.message ?? input.statusMessage,
+    // @ts-ignore
     input.cause ? { cause: input.cause } : void 0
   );
   if ("stack" in input) {
@@ -220,6 +300,21 @@ async function readBody(event) {
   event.node.req[ParsedBodySymbol] = json;
   return json;
 }
+async function readMultipartFormData(event) {
+  const contentType = getRequestHeader(event, "content-type");
+  if (!contentType || !contentType.startsWith("multipart/form-data")) {
+    return;
+  }
+  const boundary = contentType.match(/boundary=([^;]*)(;|$)/i)?.[1];
+  if (!boundary) {
+    return;
+  }
+  const body = await readRawBody(event, false);
+  if (!body) {
+    return;
+  }
+  return parse(body, boundary);
+}
 
 function handleCacheHeaders(event, opts) {
   const cacheControls = ["public", ...opts.cacheControls || []];
@@ -256,6 +351,111 @@ const MIMES = {
   json: "application/json"
 };
 
+function parseCookies(event) {
+  return parse$1(event.node.req.headers.cookie || "");
+}
+function getCookie(event, name) {
+  return parseCookies(event)[name];
+}
+function setCookie(event, name, value, serializeOptions) {
+  const cookieStr = serialize(name, value, {
+    path: "/",
+    ...serializeOptions
+  });
+  let setCookies = event.node.res.getHeader("set-cookie");
+  if (!Array.isArray(setCookies)) {
+    setCookies = [setCookies];
+  }
+  setCookies = setCookies.filter((cookieValue) => {
+    return cookieValue && !cookieValue.startsWith(name + "=");
+  });
+  event.node.res.setHeader("set-cookie", [...setCookies, cookieStr]);
+}
+function deleteCookie(event, name, serializeOptions) {
+  setCookie(event, name, "", {
+    ...serializeOptions,
+    maxAge: 0
+  });
+}
+
+const PayloadMethods = /* @__PURE__ */ new Set(["PATCH", "POST", "PUT", "DELETE"]);
+const ignoredHeaders = /* @__PURE__ */ new Set([
+  "transfer-encoding",
+  "connection",
+  "keep-alive",
+  "upgrade",
+  "expect",
+  "host"
+]);
+async function proxyRequest(event, target, opts = {}) {
+  const method = getMethod(event);
+  let body;
+  if (PayloadMethods.has(method)) {
+    body = await readRawBody(event).catch(() => void 0);
+  }
+  const headers = /* @__PURE__ */ Object.create(null);
+  const reqHeaders = getRequestHeaders(event);
+  for (const name in reqHeaders) {
+    if (!ignoredHeaders.has(name)) {
+      headers[name] = reqHeaders[name];
+    }
+  }
+  if (opts.fetchOptions?.headers) {
+    Object.assign(headers, opts.fetchOptions.headers);
+  }
+  if (opts.headers) {
+    Object.assign(headers, opts.headers);
+  }
+  return sendProxy(event, target, {
+    ...opts,
+    fetchOptions: {
+      headers,
+      method,
+      body,
+      ...opts.fetchOptions
+    }
+  });
+}
+async function sendProxy(event, target, opts = {}) {
+  const _fetch = opts.fetch || globalThis.fetch;
+  if (!_fetch) {
+    throw new Error(
+      "fetch is not available. Try importing `node-fetch-native/polyfill` for Node.js."
+    );
+  }
+  const response = await _fetch(target, {
+    headers: opts.headers,
+    ...opts.fetchOptions
+  });
+  event.node.res.statusCode = response.status;
+  event.node.res.statusMessage = response.statusText;
+  for (const [key, value] of response.headers.entries()) {
+    if (key === "content-encoding") {
+      continue;
+    }
+    if (key === "content-length") {
+      continue;
+    }
+    event.node.res.setHeader(key, value);
+  }
+  try {
+    if (response.body) {
+      if (opts.sendStream === false) {
+        const data = new Uint8Array(await response.arrayBuffer());
+        event.node.res.end(data);
+      } else {
+        for await (const chunk of response.body) {
+          event.node.res.write(chunk);
+        }
+        event.node.res.end();
+      }
+    }
+  } catch (error) {
+    event.node.res.end();
+    throw error;
+  }
+}
+
 const defer = typeof setImmediate !== "undefined" ? setImmediate : (fn) => fn();
 function send(event, data, type) {
   if (type) {
@@ -268,6 +468,25 @@ function send(event, data, type) {
     });
   });
 }
+function sendNoContent(event, code = 204) {
+  event.node.res.statusCode = code;
+  if (event.node.res.statusCode === 204) {
+    event.node.res.removeHeader("content-length");
+  }
+  event.node.res.end();
+}
+function setResponseStatus(event, code, text) {
+  event.node.res.statusCode = code;
+  if (text) {
+    event.node.res.statusMessage = text;
+  }
+}
+function getResponseStatus(event) {
+  return event.node.res.statusCode;
+}
+function getResponseStatusText(event) {
+  return event.node.res.statusMessage;
+}
 function defaultContentType(event, type) {
   if (type && !event.node.res.getHeader("content-type")) {
     event.node.res.setHeader("content-type", type);
@@ -369,101 +588,82 @@ ${header}: ${value}`;
   }
 }
 
-function parseCookies(event) {
-  return parse(event.node.req.headers.cookie || "");
-}
-function getCookie(event, name) {
-  return parseCookies(event)[name];
-}
-function setCookie(event, name, value, serializeOptions) {
-  const cookieStr = serialize(name, value, {
-    path: "/",
-    ...serializeOptions
-  });
-  appendHeader(event, "Set-Cookie", cookieStr);
-}
-function deleteCookie(event, name, serializeOptions) {
-  setCookie(event, name, "", {
-    ...serializeOptions,
-    maxAge: 0
-  });
-}
-
-const PayloadMethods = /* @__PURE__ */ new Set(["PATCH", "POST", "PUT", "DELETE"]);
-const ignoredHeaders = /* @__PURE__ */ new Set([
-  "transfer-encoding",
-  "connection",
-  "keep-alive",
-  "upgrade",
-  "expect"
-]);
-async function proxyRequest(event, target, opts = {}) {
-  const method = getMethod(event);
-  let body;
-  if (PayloadMethods.has(method)) {
-    body = await readRawBody(event).catch(() => void 0);
-  }
-  const headers = /* @__PURE__ */ Object.create(null);
-  const reqHeaders = getRequestHeaders(event);
-  for (const name in reqHeaders) {
-    if (!ignoredHeaders.has(name)) {
-      headers[name] = reqHeaders[name];
-    }
-  }
-  if (opts.fetchOptions?.headers) {
-    Object.assign(headers, opts.fetchOptions.headers);
-  }
-  if (opts.headers) {
-    Object.assign(headers, opts.headers);
-  }
-  return sendProxy(event, target, {
-    ...opts,
-    fetchOptions: {
-      headers,
-      method,
-      body,
-      ...opts.fetchOptions
+const DEFAULT_NAME = "h3";
+const DEFAULT_COOKIE = {
+  path: "/",
+  secure: true,
+  httpOnly: true
+};
+async function useSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  await getSession(event, config);
+  const sessionManager = {
+    get id() {
+      return event.context.sessions?.[sessionName]?.id;
+    },
+    get data() {
+      return event.context.sessions?.[sessionName]?.data || {};
+    },
+    update: async (update) => {
+      await updateSession(event, config, update);
+      return sessionManager;
+    },
+    clear: async () => {
+      await clearSession(event, config);
+      return sessionManager;
     }
-  });
+  };
+  return sessionManager;
 }
-async function sendProxy(event, target, opts = {}) {
-  const _fetch = opts.fetch || globalThis.fetch;
-  if (!_fetch) {
-    throw new Error(
-      "fetch is not available. Try importing `node-fetch-native/polyfill` for Node.js."
+async function getSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  if (!event.context.sessions) {
+    event.context.sessions = /* @__PURE__ */ Object.create(null);
+  }
+  if (event.context.sessions[sessionName]) {
+    return event.context.sessions[sessionName];
+  }
+  const session = { id: "", data: /* @__PURE__ */ Object.create(null) };
+  event.context.sessions[sessionName] = session;
+  const reqCookie = getCookie(event, sessionName);
+  if (!reqCookie) {
+    session.id = (config.crypto || crypto).randomUUID();
+    await updateSession(event, config);
+  } else {
+    const unsealed = await unseal(
+      config.crypto || crypto,
+      reqCookie,
+      config.password,
+      config.seal || defaults
     );
+    Object.assign(session, unsealed);
   }
-  const response = await _fetch(target, {
-    headers: opts.headers,
-    ...opts.fetchOptions
-  });
-  event.node.res.statusCode = response.status;
-  event.node.res.statusMessage = response.statusText;
-  for (const [key, value] of response.headers.entries()) {
-    if (key === "content-encoding") {
-      continue;
-    }
-    if (key === "content-length") {
-      continue;
-    }
-    event.node.res.setHeader(key, value);
-  }
-  try {
-    if (response.body) {
-      if (opts.sendStream === false) {
-        const data = new Uint8Array(await response.arrayBuffer());
-        event.node.res.end(data);
-      } else {
-        for await (const chunk of response.body) {
-          event.node.res.write(chunk);
-        }
-        event.node.res.end();
-      }
-    }
-  } catch (error) {
-    event.node.res.end();
-    throw error;
+  return session;
+}
+async function updateSession(event, config, update) {
+  const sessionName = config.name || DEFAULT_NAME;
+  const session = event.context.sessions?.[sessionName] || await getSession(event, config);
+  if (typeof update === "function") {
+    update = update(session.data);
+  }
+  if (update) {
+    Object.assign(session.data, update);
+  }
+  const sealed = await seal(
+    config.crypto || crypto,
+    session,
+    config.password,
+    config.seal || defaults
+  );
+  setCookie(event, sessionName, sealed, config.cookie || DEFAULT_COOKIE);
+  return session;
+}
+async function clearSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  if (event.context.sessions?.[sessionName]) {
+    delete event.context.sessions[sessionName];
   }
+  await setCookie(event, sessionName, "", config.cookie || DEFAULT_COOKIE);
 }
 
 class H3Headers {
@@ -519,6 +719,7 @@ class H3Headers {
 
 class H3Response {
   constructor(body = null, init = {}) {
+    // TODO: yet to implement
     this.body = null;
     this.type = "default";
     this.bodyUsed = false;
@@ -563,12 +764,15 @@ class H3Event {
   get path() {
     return this.req.url;
   }
+  /** @deprecated Please use `event.node.req` instead. **/
   get req() {
     return this.node.req;
   }
+  /** @deprecated Please use `event.node.res` instead. **/
   get res() {
     return this.node.res;
   }
+  // Implementation of FetchEvent
   respondWith(r) {
     Promise.resolve(r).then((_response) => {
       if (this.res.writableEnded) {
@@ -674,6 +878,7 @@ function createApp(options = {}) {
   const stack = [];
   const handler = createAppEventHandler(stack, options);
   const app = {
+    // @ts-ignore
     use: (arg1, arg2, arg3) => use(app, arg1, arg2, arg3),
     handler,
     stack,
@@ -910,4 +1115,4 @@ function createRouter(opts = {}) {
   return router;
 }
 
-export { H3Error, H3Event, H3Headers, H3Response, MIMES, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, createApp, createAppEventHandler, createError, createEvent, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, deleteCookie, dynamicEventHandler, eventHandler, fromNodeMiddleware, getCookie, getHeader, getHeaders, getMethod, getQuery, getRequestHeader, getRequestHeaders, getResponseHeader, getResponseHeaders, getRouterParam, getRouterParams, handleCacheHeaders, isError, isEvent, isEventHandler, isMethod, isStream, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readRawBody, send, sendError, sendProxy, sendRedirect, sendStream, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, toEventHandler, toNodeListener, use, useBase, writeEarlyHints };
+export { H3Error, H3Event, H3Headers, H3Response, MIMES, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, clearSession, createApp, createAppEventHandler, createError, createEvent, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, deleteCookie, dynamicEventHandler, eventHandler, fromNodeMiddleware, getCookie, getHeader, getHeaders, getMethod, getQuery, getRequestHeader, getRequestHeaders, getResponseHeader, getResponseHeaders, getResponseStatus, getResponseStatusText, getRouterParam, getRouterParams, getSession, handleCacheHeaders, isError, isEvent, isEventHandler, isMethod, isStream, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readMultipartFormData, readRawBody, send, sendError, sendNoContent, sendProxy, sendRedirect, sendStream, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, setResponseStatus, toEventHandler, toNodeListener, updateSession, use, useBase, useSession, writeEarlyHints };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "h3",
-  "version": "1.0.2",
+  "version": "1.2.0",
   "description": "Tiny JavaScript Server",
   "repository": "unjs/h3",
   "license": "MIT",
@@ -22,32 +22,34 @@
   "dependencies": {
     "cookie-es": "^0.5.0",
     "destr": "^1.2.2",
+    "iron-webcrypto": "^0.2.7",
     "radix3": "^1.0.0",
-    "ufo": "^1.0.1"
+    "ufo": "^1.0.1",
+    "uncrypto": "^0.1.2"
   },
   "devDependencies": {
     "0x": "^5.4.1",
-    "@types/express": "^4.17.14",
-    "@types/node": "^18.11.14",
+    "@types/express": "^4.17.16",
+    "@types/node": "^18.11.18",
     "@types/supertest": "^2.0.12",
-    "@vitest/coverage-c8": "^0.25.8",
+    "@vitest/coverage-c8": "^0.28.3",
     "autocannon": "^7.10.0",
-    "changelogen": "^0.4.0",
+    "changelogen": "^0.4.1",
     "connect": "^3.7.0",
-    "eslint": "^8.29.0",
-    "eslint-config-unjs": "^0.0.3",
+    "eslint": "^8.33.0",
+    "eslint-config-unjs": "^0.1.0",
     "express": "^4.18.2",
     "get-port": "^6.1.2",
-    "jiti": "^1.16.0",
-    "listhen": "^1.0.1",
+    "jiti": "^1.16.2",
+    "listhen": "^1.0.2",
     "node-fetch-native": "^1.0.1",
-    "prettier": "^2.8.1",
+    "prettier": "^2.8.3",
     "supertest": "^6.3.3",
-    "typescript": "^4.9.4",
-    "unbuild": "^1.0.2",
-    "vitest": "^0.25.8"
+    "typescript": "^4.9.5",
+    "unbuild": "^1.1.1",
+    "vitest": "^0.28.3"
   },
-  "packageManager": "pnpm@7.18.2",
+  "packageManager": "pnpm@7.26.3",
   "scripts": {
     "build": "unbuild",
     "dev": "vitest",