h3 1.1.0 → 1.2.0

package/README.md

@@ -90,7 +90,7 @@ const router = createRouter()
 app.use(router);
 ```
 
-**Tip:** We can register same route more than once with different methods.
+**Tip:** We can register the same route more than once with different methods.
 
 Routes are internally stored in a [Radix Tree](https://en.wikipedia.org/wiki/Radix_tree) and matched using [unjs/radix3](https://github.com/unjs/radix3).
 
@@ -119,7 +119,7 @@ app.use('/big', () => import('./big-handler'), { lazy: true })
 
 ## Utilities
 
-H3 has concept of compasable utilities that accept `event` (from `eventHandler((event) => {})`) as their first argument. This has several performance benefits over injecting them to `event` or `app` instances and global middleware commonly used in Node.js frameworks such as Express, which Only required code is evaluated and bundled and rest of utils can be tree-shaken when not used.
+H3 has a concept of composable utilities that accept `event` (from `eventHandler((event) => {})`) as their first argument. This has several performance benefits over injecting them to `event` or `app` instances in global middleware commonly used in Node.js frameworks, such as Express. This concept means only required code is evaluated and bundled, and the rest of the utilities can be tree-shaken when not used.
 
 ### Built-in
 
@@ -153,12 +153,16 @@ H3 has concept of compasable utilities that accept `event` (from `eventHandler((
 - `getResponseStatus(event)`
 - `getResponseStatusText(event)`
 - `readMultipartFormData(event)`
+- `useSession(event, { password, name?, cookie?, seal?, crypto? })`
+- `getSession(event, { password, name?, cookie?, seal?, crypto? })`
+- `updateSession(event, { password, name?, cookie?, seal?, crypto? }), update)`
+- `clearSession(event, { password, name?, cookie?, seal?, crypto? }))`
 
 👉 You can learn more about usage in [JSDocs Documentation](https://www.jsdocs.io/package/h3#package-functions).
 
 ## Community Packages
 
-You can use more h3 event utilities made by the community.
+You can use more H3 event utilities made by the community.
 
 Please check their READMEs for more details.
 

package/dist/index.cjs

@@ -4,6 +4,8 @@ const ufo = require('ufo');
 const radix3 = require('radix3');
 const destr = require('destr');
 const cookieEs = require('cookie-es');
+const ironWebcrypto = require('iron-webcrypto');
+const crypto = require('uncrypto');
 
 function useBase(base, handler) {
   base = ufo.withoutTrailingSlash(base);
@@ -351,6 +353,111 @@ const MIMES = {
   json: "application/json"
 };
 
+function parseCookies(event) {
+  return cookieEs.parse(event.node.req.headers.cookie || "");
+}
+function getCookie(event, name) {
+  return parseCookies(event)[name];
+}
+function setCookie(event, name, value, serializeOptions) {
+  const cookieStr = cookieEs.serialize(name, value, {
+    path: "/",
+    ...serializeOptions
+  });
+  let setCookies = event.node.res.getHeader("set-cookie");
+  if (!Array.isArray(setCookies)) {
+    setCookies = [setCookies];
+  }
+  setCookies = setCookies.filter((cookieValue) => {
+    return cookieValue && !cookieValue.startsWith(name + "=");
+  });
+  event.node.res.setHeader("set-cookie", [...setCookies, cookieStr]);
+}
+function deleteCookie(event, name, serializeOptions) {
+  setCookie(event, name, "", {
+    ...serializeOptions,
+    maxAge: 0
+  });
+}
+
+const PayloadMethods = /* @__PURE__ */ new Set(["PATCH", "POST", "PUT", "DELETE"]);
+const ignoredHeaders = /* @__PURE__ */ new Set([
+  "transfer-encoding",
+  "connection",
+  "keep-alive",
+  "upgrade",
+  "expect",
+  "host"
+]);
+async function proxyRequest(event, target, opts = {}) {
+  const method = getMethod(event);
+  let body;
+  if (PayloadMethods.has(method)) {
+    body = await readRawBody(event).catch(() => void 0);
+  }
+  const headers = /* @__PURE__ */ Object.create(null);
+  const reqHeaders = getRequestHeaders(event);
+  for (const name in reqHeaders) {
+    if (!ignoredHeaders.has(name)) {
+      headers[name] = reqHeaders[name];
+    }
+  }
+  if (opts.fetchOptions?.headers) {
+    Object.assign(headers, opts.fetchOptions.headers);
+  }
+  if (opts.headers) {
+    Object.assign(headers, opts.headers);
+  }
+  return sendProxy(event, target, {
+    ...opts,
+    fetchOptions: {
+      headers,
+      method,
+      body,
+      ...opts.fetchOptions
+    }
+  });
+}
+async function sendProxy(event, target, opts = {}) {
+  const _fetch = opts.fetch || globalThis.fetch;
+  if (!_fetch) {
+    throw new Error(
+      "fetch is not available. Try importing `node-fetch-native/polyfill` for Node.js."
+    );
+  }
+  const response = await _fetch(target, {
+    headers: opts.headers,
+    ...opts.fetchOptions
+  });
+  event.node.res.statusCode = response.status;
+  event.node.res.statusMessage = response.statusText;
+  for (const [key, value] of response.headers.entries()) {
+    if (key === "content-encoding") {
+      continue;
+    }
+    if (key === "content-length") {
+      continue;
+    }
+    event.node.res.setHeader(key, value);
+  }
+  try {
+    if (response.body) {
+      if (opts.sendStream === false) {
+        const data = new Uint8Array(await response.arrayBuffer());
+        event.node.res.end(data);
+      } else {
+        for await (const chunk of response.body) {
+          event.node.res.write(chunk);
+        }
+        event.node.res.end();
+      }
+    }
+  } catch (error) {
+    event.node.res.end();
+    throw error;
+  }
+}
+
 const defer = typeof setImmediate !== "undefined" ? setImmediate : (fn) => fn();
 function send(event, data, type) {
   if (type) {
@@ -483,101 +590,82 @@ ${header}: ${value}`;
   }
 }
 
-function parseCookies(event) {
-  return cookieEs.parse(event.node.req.headers.cookie || "");
-}
-function getCookie(event, name) {
-  return parseCookies(event)[name];
-}
-function setCookie(event, name, value, serializeOptions) {
-  const cookieStr = cookieEs.serialize(name, value, {
-    path: "/",
-    ...serializeOptions
-  });
-  appendHeader(event, "Set-Cookie", cookieStr);
-}
-function deleteCookie(event, name, serializeOptions) {
-  setCookie(event, name, "", {
-    ...serializeOptions,
-    maxAge: 0
-  });
-}
-
-const PayloadMethods = /* @__PURE__ */ new Set(["PATCH", "POST", "PUT", "DELETE"]);
-const ignoredHeaders = /* @__PURE__ */ new Set([
-  "transfer-encoding",
-  "connection",
-  "keep-alive",
-  "upgrade",
-  "expect"
-]);
-async function proxyRequest(event, target, opts = {}) {
-  const method = getMethod(event);
-  let body;
-  if (PayloadMethods.has(method)) {
-    body = await readRawBody(event).catch(() => void 0);
-  }
-  const headers = /* @__PURE__ */ Object.create(null);
-  const reqHeaders = getRequestHeaders(event);
-  for (const name in reqHeaders) {
-    if (!ignoredHeaders.has(name)) {
-      headers[name] = reqHeaders[name];
-    }
-  }
-  if (opts.fetchOptions?.headers) {
-    Object.assign(headers, opts.fetchOptions.headers);
-  }
-  if (opts.headers) {
-    Object.assign(headers, opts.headers);
-  }
-  return sendProxy(event, target, {
-    ...opts,
-    fetchOptions: {
-      headers,
-      method,
-      body,
-      ...opts.fetchOptions
+const DEFAULT_NAME = "h3";
+const DEFAULT_COOKIE = {
+  path: "/",
+  secure: true,
+  httpOnly: true
+};
+async function useSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  await getSession(event, config);
+  const sessionManager = {
+    get id() {
+      return event.context.sessions?.[sessionName]?.id;
+    },
+    get data() {
+      return event.context.sessions?.[sessionName]?.data || {};
+    },
+    update: async (update) => {
+      await updateSession(event, config, update);
+      return sessionManager;
+    },
+    clear: async () => {
+      await clearSession(event, config);
+      return sessionManager;
     }
-  });
+  };
+  return sessionManager;
 }
-async function sendProxy(event, target, opts = {}) {
-  const _fetch = opts.fetch || globalThis.fetch;
-  if (!_fetch) {
-    throw new Error(
-      "fetch is not available. Try importing `node-fetch-native/polyfill` for Node.js."
+async function getSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  if (!event.context.sessions) {
+    event.context.sessions = /* @__PURE__ */ Object.create(null);
+  }
+  if (event.context.sessions[sessionName]) {
+    return event.context.sessions[sessionName];
+  }
+  const session = { id: "", data: /* @__PURE__ */ Object.create(null) };
+  event.context.sessions[sessionName] = session;
+  const reqCookie = getCookie(event, sessionName);
+  if (!reqCookie) {
+    session.id = (config.crypto || crypto).randomUUID();
+    await updateSession(event, config);
+  } else {
+    const unsealed = await ironWebcrypto.unseal(
+      config.crypto || crypto,
+      reqCookie,
+      config.password,
+      config.seal || ironWebcrypto.defaults
     );
+    Object.assign(session, unsealed);
   }
-  const response = await _fetch(target, {
-    headers: opts.headers,
-    ...opts.fetchOptions
-  });
-  event.node.res.statusCode = response.status;
-  event.node.res.statusMessage = response.statusText;
-  for (const [key, value] of response.headers.entries()) {
-    if (key === "content-encoding") {
-      continue;
-    }
-    if (key === "content-length") {
-      continue;
-    }
-    event.node.res.setHeader(key, value);
-  }
-  try {
-    if (response.body) {
-      if (opts.sendStream === false) {
-        const data = new Uint8Array(await response.arrayBuffer());
-        event.node.res.end(data);
-      } else {
-        for await (const chunk of response.body) {
-          event.node.res.write(chunk);
-        }
-        event.node.res.end();
-      }
-    }
-  } catch (error) {
-    event.node.res.end();
-    throw error;
+  return session;
+}
+async function updateSession(event, config, update) {
+  const sessionName = config.name || DEFAULT_NAME;
+  const session = event.context.sessions?.[sessionName] || await getSession(event, config);
+  if (typeof update === "function") {
+    update = update(session.data);
+  }
+  if (update) {
+    Object.assign(session.data, update);
+  }
+  const sealed = await ironWebcrypto.seal(
+    config.crypto || crypto,
+    session,
+    config.password,
+    config.seal || ironWebcrypto.defaults
+  );
+  setCookie(event, sessionName, sealed, config.cookie || DEFAULT_COOKIE);
+  return session;
+}
+async function clearSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  if (event.context.sessions?.[sessionName]) {
+    delete event.context.sessions[sessionName];
   }
+  await setCookie(event, sessionName, "", config.cookie || DEFAULT_COOKIE);
 }
 
 class H3Headers {
@@ -1040,6 +1128,7 @@ exports.appendResponseHeader = appendResponseHeader;
 exports.appendResponseHeaders = appendResponseHeaders;
 exports.assertMethod = assertMethod;
 exports.callNodeListener = callNodeListener;
+exports.clearSession = clearSession;
 exports.createApp = createApp;
 exports.createAppEventHandler = createAppEventHandler;
 exports.createError = createError;
@@ -1067,6 +1156,7 @@ exports.getResponseStatus = getResponseStatus;
 exports.getResponseStatusText = getResponseStatusText;
 exports.getRouterParam = getRouterParam;
 exports.getRouterParams = getRouterParams;
+exports.getSession = getSession;
 exports.handleCacheHeaders = handleCacheHeaders;
 exports.isError = isError;
 exports.isEvent = isEvent;
@@ -1094,6 +1184,8 @@ exports.setResponseHeaders = setResponseHeaders;
 exports.setResponseStatus = setResponseStatus;
 exports.toEventHandler = toEventHandler;
 exports.toNodeListener = toNodeListener;
+exports.updateSession = updateSession;
 exports.use = use;
 exports.useBase = useBase;
+exports.useSession = useSession;
 exports.writeEarlyHints = writeEarlyHints;

package/dist/index.d.ts

@@ -1,11 +1,38 @@
+import { SealOptions } from 'iron-webcrypto';
+import { CookieSerializeOptions } from 'cookie-es';
 import { IncomingMessage, ServerResponse, OutgoingMessage } from 'node:http';
 export { IncomingMessage as NodeIncomingMessage, ServerResponse as NodeServerResponse } from 'node:http';
-import { CookieSerializeOptions } from 'cookie-es';
 import * as ufo from 'ufo';
 
+type SessionDataT = Record<string, string | number | boolean>;
+type SessionData<T extends SessionDataT = SessionDataT> = T;
+interface Session<T extends SessionDataT = SessionDataT> {
+    id: string;
+    data: SessionData<T>;
+}
+interface SessionConfig {
+    password: string;
+    name?: string;
+    cookie?: CookieSerializeOptions;
+    seal?: SealOptions;
+    crypto?: Crypto;
+}
+declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig): Promise<{
+    readonly id: string | undefined;
+    readonly data: SessionDataT;
+    update: (update: SessionUpdate<T>) => Promise<any>;
+    clear: () => Promise<any>;
+}>;
+declare function getSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig): Promise<Session<T>>;
+type SessionUpdate<T extends SessionDataT = SessionDataT> = Partial<SessionData<T>> | ((oldData: SessionData<T>) => Partial<SessionData<T>> | undefined);
+declare function updateSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig, update?: SessionUpdate<T>): Promise<Session<T>>;
+declare function clearSession(event: H3Event, config: SessionConfig): Promise<void>;
+
 type HTTPMethod = "GET" | "HEAD" | "PATCH" | "POST" | "PUT" | "DELETE" | "CONNECT" | "OPTIONS" | "TRACE";
 type Encoding = false | "ascii" | "utf8" | "utf-8" | "utf16le" | "ucs2" | "ucs-2" | "base64" | "latin1" | "binary" | "hex";
 interface H3EventContext extends Record<string, any> {
+    params?: Record<string, string>;
+    sessions?: Record<string, Session>;
 }
 type EventHandlerResponse<T = any> = T | Promise<T>;
 interface EventHandler<T = any> {
@@ -322,4 +349,4 @@ interface CreateRouterOptions {
 }
 declare function createRouter(opts?: CreateRouterOptions): Router;
 
-export { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, DynamicEventHandler, Encoding, EventHandler, EventHandlerResponse, H3Error, H3Event, H3EventContext, H3Headers, H3Response, HTTPMethod, InputLayer, InputStack, Layer, LazyEventHandler, MIMES, Matcher, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, ProxyOptions, RequestHeaders, Router, RouterMethod, RouterUse, Stack, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, createApp, createAppEventHandler, createError, createEvent, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, deleteCookie, dynamicEventHandler, eventHandler, fromNodeMiddleware, getCookie, getHeader, getHeaders, getMethod, getQuery, getRequestHeader, getRequestHeaders, getResponseHeader, getResponseHeaders, getResponseStatus, getResponseStatusText, getRouterParam, getRouterParams, handleCacheHeaders, isError, isEvent, isEventHandler, isMethod, isStream, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readMultipartFormData, readRawBody, send, sendError, sendNoContent, sendProxy, sendRedirect, sendStream, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, setResponseStatus, toEventHandler, toNodeListener, use, useBase, writeEarlyHints };
+export { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, DynamicEventHandler, Encoding, EventHandler, EventHandlerResponse, H3Error, H3Event, H3EventContext, H3Headers, H3Response, HTTPMethod, InputLayer, InputStack, Layer, LazyEventHandler, MIMES, Matcher, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, ProxyOptions, RequestHeaders, Router, RouterMethod, RouterUse, Session, SessionConfig, SessionData, Stack, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, clearSession, createApp, createAppEventHandler, createError, createEvent, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, deleteCookie, dynamicEventHandler, eventHandler, fromNodeMiddleware, getCookie, getHeader, getHeaders, getMethod, getQuery, getRequestHeader, getRequestHeaders, getResponseHeader, getResponseHeaders, getResponseStatus, getResponseStatusText, getRouterParam, getRouterParams, getSession, handleCacheHeaders, isError, isEvent, isEventHandler, isMethod, isStream, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readMultipartFormData, readRawBody, send, sendError, sendNoContent, sendProxy, sendRedirect, sendStream, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, setResponseStatus, toEventHandler, toNodeListener, updateSession, use, useBase, useSession, writeEarlyHints };

package/dist/index.mjs

@@ -2,6 +2,8 @@ import { withoutTrailingSlash, withoutBase, getQuery as getQuery$1 } from 'ufo';
 import { createRouter as createRouter$1 } from 'radix3';
 import destr from 'destr';
 import { parse as parse$1, serialize } from 'cookie-es';
+import { unseal, defaults, seal } from 'iron-webcrypto';
+import crypto from 'uncrypto';
 
 function useBase(base, handler) {
   base = withoutTrailingSlash(base);
@@ -349,6 +351,111 @@ const MIMES = {
   json: "application/json"
 };
 
+function parseCookies(event) {
+  return parse$1(event.node.req.headers.cookie || "");
+}
+function getCookie(event, name) {
+  return parseCookies(event)[name];
+}
+function setCookie(event, name, value, serializeOptions) {
+  const cookieStr = serialize(name, value, {
+    path: "/",
+    ...serializeOptions
+  });
+  let setCookies = event.node.res.getHeader("set-cookie");
+  if (!Array.isArray(setCookies)) {
+    setCookies = [setCookies];
+  }
+  setCookies = setCookies.filter((cookieValue) => {
+    return cookieValue && !cookieValue.startsWith(name + "=");
+  });
+  event.node.res.setHeader("set-cookie", [...setCookies, cookieStr]);
+}
+function deleteCookie(event, name, serializeOptions) {
+  setCookie(event, name, "", {
+    ...serializeOptions,
+    maxAge: 0
+  });
+}
+
+const PayloadMethods = /* @__PURE__ */ new Set(["PATCH", "POST", "PUT", "DELETE"]);
+const ignoredHeaders = /* @__PURE__ */ new Set([
+  "transfer-encoding",
+  "connection",
+  "keep-alive",
+  "upgrade",
+  "expect",
+  "host"
+]);
+async function proxyRequest(event, target, opts = {}) {
+  const method = getMethod(event);
+  let body;
+  if (PayloadMethods.has(method)) {
+    body = await readRawBody(event).catch(() => void 0);
+  }
+  const headers = /* @__PURE__ */ Object.create(null);
+  const reqHeaders = getRequestHeaders(event);
+  for (const name in reqHeaders) {
+    if (!ignoredHeaders.has(name)) {
+      headers[name] = reqHeaders[name];
+    }
+  }
+  if (opts.fetchOptions?.headers) {
+    Object.assign(headers, opts.fetchOptions.headers);
+  }
+  if (opts.headers) {
+    Object.assign(headers, opts.headers);
+  }
+  return sendProxy(event, target, {
+    ...opts,
+    fetchOptions: {
+      headers,
+      method,
+      body,
+      ...opts.fetchOptions
+    }
+  });
+}
+async function sendProxy(event, target, opts = {}) {
+  const _fetch = opts.fetch || globalThis.fetch;
+  if (!_fetch) {
+    throw new Error(
+      "fetch is not available. Try importing `node-fetch-native/polyfill` for Node.js."
+    );
+  }
+  const response = await _fetch(target, {
+    headers: opts.headers,
+    ...opts.fetchOptions
+  });
+  event.node.res.statusCode = response.status;
+  event.node.res.statusMessage = response.statusText;
+  for (const [key, value] of response.headers.entries()) {
+    if (key === "content-encoding") {
+      continue;
+    }
+    if (key === "content-length") {
+      continue;
+    }
+    event.node.res.setHeader(key, value);
+  }
+  try {
+    if (response.body) {
+      if (opts.sendStream === false) {
+        const data = new Uint8Array(await response.arrayBuffer());
+        event.node.res.end(data);
+      } else {
+        for await (const chunk of response.body) {
+          event.node.res.write(chunk);
+        }
+        event.node.res.end();
+      }
+    }
+  } catch (error) {
+    event.node.res.end();
+    throw error;
+  }
+}
+
 const defer = typeof setImmediate !== "undefined" ? setImmediate : (fn) => fn();
 function send(event, data, type) {
   if (type) {
@@ -481,101 +588,82 @@ ${header}: ${value}`;
   }
 }
 
-function parseCookies(event) {
-  return parse$1(event.node.req.headers.cookie || "");
-}
-function getCookie(event, name) {
-  return parseCookies(event)[name];
-}
-function setCookie(event, name, value, serializeOptions) {
-  const cookieStr = serialize(name, value, {
-    path: "/",
-    ...serializeOptions
-  });
-  appendHeader(event, "Set-Cookie", cookieStr);
-}
-function deleteCookie(event, name, serializeOptions) {
-  setCookie(event, name, "", {
-    ...serializeOptions,
-    maxAge: 0
-  });
-}
-
-const PayloadMethods = /* @__PURE__ */ new Set(["PATCH", "POST", "PUT", "DELETE"]);
-const ignoredHeaders = /* @__PURE__ */ new Set([
-  "transfer-encoding",
-  "connection",
-  "keep-alive",
-  "upgrade",
-  "expect"
-]);
-async function proxyRequest(event, target, opts = {}) {
-  const method = getMethod(event);
-  let body;
-  if (PayloadMethods.has(method)) {
-    body = await readRawBody(event).catch(() => void 0);
-  }
-  const headers = /* @__PURE__ */ Object.create(null);
-  const reqHeaders = getRequestHeaders(event);
-  for (const name in reqHeaders) {
-    if (!ignoredHeaders.has(name)) {
-      headers[name] = reqHeaders[name];
-    }
-  }
-  if (opts.fetchOptions?.headers) {
-    Object.assign(headers, opts.fetchOptions.headers);
-  }
-  if (opts.headers) {
-    Object.assign(headers, opts.headers);
-  }
-  return sendProxy(event, target, {
-    ...opts,
-    fetchOptions: {
-      headers,
-      method,
-      body,
-      ...opts.fetchOptions
+const DEFAULT_NAME = "h3";
+const DEFAULT_COOKIE = {
+  path: "/",
+  secure: true,
+  httpOnly: true
+};
+async function useSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  await getSession(event, config);
+  const sessionManager = {
+    get id() {
+      return event.context.sessions?.[sessionName]?.id;
+    },
+    get data() {
+      return event.context.sessions?.[sessionName]?.data || {};
+    },
+    update: async (update) => {
+      await updateSession(event, config, update);
+      return sessionManager;
+    },
+    clear: async () => {
+      await clearSession(event, config);
+      return sessionManager;
     }
-  });
+  };
+  return sessionManager;
 }
-async function sendProxy(event, target, opts = {}) {
-  const _fetch = opts.fetch || globalThis.fetch;
-  if (!_fetch) {
-    throw new Error(
-      "fetch is not available. Try importing `node-fetch-native/polyfill` for Node.js."
+async function getSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  if (!event.context.sessions) {
+    event.context.sessions = /* @__PURE__ */ Object.create(null);
+  }
+  if (event.context.sessions[sessionName]) {
+    return event.context.sessions[sessionName];
+  }
+  const session = { id: "", data: /* @__PURE__ */ Object.create(null) };
+  event.context.sessions[sessionName] = session;
+  const reqCookie = getCookie(event, sessionName);
+  if (!reqCookie) {
+    session.id = (config.crypto || crypto).randomUUID();
+    await updateSession(event, config);
+  } else {
+    const unsealed = await unseal(
+      config.crypto || crypto,
+      reqCookie,
+      config.password,
+      config.seal || defaults
     );
+    Object.assign(session, unsealed);
   }
-  const response = await _fetch(target, {
-    headers: opts.headers,
-    ...opts.fetchOptions
-  });
-  event.node.res.statusCode = response.status;
-  event.node.res.statusMessage = response.statusText;
-  for (const [key, value] of response.headers.entries()) {
-    if (key === "content-encoding") {
-      continue;
-    }
-    if (key === "content-length") {
-      continue;
-    }
-    event.node.res.setHeader(key, value);
-  }
-  try {
-    if (response.body) {
-      if (opts.sendStream === false) {
-        const data = new Uint8Array(await response.arrayBuffer());
-        event.node.res.end(data);
-      } else {
-        for await (const chunk of response.body) {
-          event.node.res.write(chunk);
-        }
-        event.node.res.end();
-      }
-    }
-  } catch (error) {
-    event.node.res.end();
-    throw error;
+  return session;
+}
+async function updateSession(event, config, update) {
+  const sessionName = config.name || DEFAULT_NAME;
+  const session = event.context.sessions?.[sessionName] || await getSession(event, config);
+  if (typeof update === "function") {
+    update = update(session.data);
+  }
+  if (update) {
+    Object.assign(session.data, update);
+  }
+  const sealed = await seal(
+    config.crypto || crypto,
+    session,
+    config.password,
+    config.seal || defaults
+  );
+  setCookie(event, sessionName, sealed, config.cookie || DEFAULT_COOKIE);
+  return session;
+}
+async function clearSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  if (event.context.sessions?.[sessionName]) {
+    delete event.context.sessions[sessionName];
   }
+  await setCookie(event, sessionName, "", config.cookie || DEFAULT_COOKIE);
 }
 
 class H3Headers {
@@ -1027,4 +1115,4 @@ function createRouter(opts = {}) {
   return router;
 }
 
-export { H3Error, H3Event, H3Headers, H3Response, MIMES, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, createApp, createAppEventHandler, createError, createEvent, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, deleteCookie, dynamicEventHandler, eventHandler, fromNodeMiddleware, getCookie, getHeader, getHeaders, getMethod, getQuery, getRequestHeader, getRequestHeaders, getResponseHeader, getResponseHeaders, getResponseStatus, getResponseStatusText, getRouterParam, getRouterParams, handleCacheHeaders, isError, isEvent, isEventHandler, isMethod, isStream, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readMultipartFormData, readRawBody, send, sendError, sendNoContent, sendProxy, sendRedirect, sendStream, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, setResponseStatus, toEventHandler, toNodeListener, use, useBase, writeEarlyHints };
+export { H3Error, H3Event, H3Headers, H3Response, MIMES, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, clearSession, createApp, createAppEventHandler, createError, createEvent, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, deleteCookie, dynamicEventHandler, eventHandler, fromNodeMiddleware, getCookie, getHeader, getHeaders, getMethod, getQuery, getRequestHeader, getRequestHeaders, getResponseHeader, getResponseHeaders, getResponseStatus, getResponseStatusText, getRouterParam, getRouterParams, getSession, handleCacheHeaders, isError, isEvent, isEventHandler, isMethod, isStream, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readMultipartFormData, readRawBody, send, sendError, sendNoContent, sendProxy, sendRedirect, sendStream, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, setResponseStatus, toEventHandler, toNodeListener, updateSession, use, useBase, useSession, writeEarlyHints };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "h3",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "Tiny JavaScript Server",
   "repository": "unjs/h3",
   "license": "MIT",
@@ -22,19 +22,21 @@
   "dependencies": {
     "cookie-es": "^0.5.0",
     "destr": "^1.2.2",
+    "iron-webcrypto": "^0.2.7",
     "radix3": "^1.0.0",
-    "ufo": "^1.0.1"
+    "ufo": "^1.0.1",
+    "uncrypto": "^0.1.2"
   },
   "devDependencies": {
     "0x": "^5.4.1",
     "@types/express": "^4.17.16",
     "@types/node": "^18.11.18",
     "@types/supertest": "^2.0.12",
-    "@vitest/coverage-c8": "^0.28.2",
+    "@vitest/coverage-c8": "^0.28.3",
     "autocannon": "^7.10.0",
     "changelogen": "^0.4.1",
     "connect": "^3.7.0",
-    "eslint": "^8.32.0",
+    "eslint": "^8.33.0",
     "eslint-config-unjs": "^0.1.0",
     "express": "^4.18.2",
     "get-port": "^6.1.2",
@@ -43,11 +45,11 @@
     "node-fetch-native": "^1.0.1",
     "prettier": "^2.8.3",
     "supertest": "^6.3.3",
-    "typescript": "^4.9.4",
+    "typescript": "^4.9.5",
     "unbuild": "^1.1.1",
-    "vitest": "^0.28.2"
+    "vitest": "^0.28.3"
   },
-  "packageManager": "pnpm@7.26.0",
+  "packageManager": "pnpm@7.26.3",
   "scripts": {
     "build": "unbuild",
     "dev": "vitest",