h3 1.1.0 → 1.2.1

package/README.md

@@ -90,7 +90,7 @@ const router = createRouter()
 app.use(router);
 ```
 
-**Tip:** We can register same route more than once with different methods.
+**Tip:** We can register the same route more than once with different methods.
 
 Routes are internally stored in a [Radix Tree](https://en.wikipedia.org/wiki/Radix_tree) and matched using [unjs/radix3](https://github.com/unjs/radix3).
 
@@ -119,7 +119,7 @@ app.use('/big', () => import('./big-handler'), { lazy: true })
 
 ## Utilities
 
-H3 has concept of compasable utilities that accept `event` (from `eventHandler((event) => {})`) as their first argument. This has several performance benefits over injecting them to `event` or `app` instances and global middleware commonly used in Node.js frameworks such as Express, which Only required code is evaluated and bundled and rest of utils can be tree-shaken when not used.
+H3 has a concept of composable utilities that accept `event` (from `eventHandler((event) => {})`) as their first argument. This has several performance benefits over injecting them to `event` or `app` instances in global middleware commonly used in Node.js frameworks, such as Express. This concept means only required code is evaluated and bundled, and the rest of the utilities can be tree-shaken when not used.
 
 ### Built-in
 
@@ -153,12 +153,16 @@ H3 has concept of compasable utilities that accept `event` (from `eventHandler((
 - `getResponseStatus(event)`
 - `getResponseStatusText(event)`
 - `readMultipartFormData(event)`
+- `useSession(event, { password, name?, cookie?, seal?, crypto? })`
+- `getSession(event, { password, name?, cookie?, seal?, crypto? })`
+- `updateSession(event, { password, name?, cookie?, seal?, crypto? }), update)`
+- `clearSession(event, { password, name?, cookie?, seal?, crypto? }))`
 
 👉 You can learn more about usage in [JSDocs Documentation](https://www.jsdocs.io/package/h3#package-functions).
 
 ## Community Packages
 
-You can use more h3 event utilities made by the community.
+You can use more H3 event utilities made by the community.
 
 Please check their READMEs for more details.
 

package/dist/index.cjs

@@ -4,6 +4,7 @@ const ufo = require('ufo');
 const radix3 = require('radix3');
 const destr = require('destr');
 const cookieEs = require('cookie-es');
+const crypto = require('uncrypto');
 
 function useBase(base, handler) {
   base = ufo.withoutTrailingSlash(base);
@@ -351,6 +352,111 @@ const MIMES = {
   json: "application/json"
 };
 
+function parseCookies(event) {
+  return cookieEs.parse(event.node.req.headers.cookie || "");
+}
+function getCookie(event, name) {
+  return parseCookies(event)[name];
+}
+function setCookie(event, name, value, serializeOptions) {
+  const cookieStr = cookieEs.serialize(name, value, {
+    path: "/",
+    ...serializeOptions
+  });
+  let setCookies = event.node.res.getHeader("set-cookie");
+  if (!Array.isArray(setCookies)) {
+    setCookies = [setCookies];
+  }
+  setCookies = setCookies.filter((cookieValue) => {
+    return cookieValue && !cookieValue.startsWith(name + "=");
+  });
+  event.node.res.setHeader("set-cookie", [...setCookies, cookieStr]);
+}
+function deleteCookie(event, name, serializeOptions) {
+  setCookie(event, name, "", {
+    ...serializeOptions,
+    maxAge: 0
+  });
+}
+
+const PayloadMethods = /* @__PURE__ */ new Set(["PATCH", "POST", "PUT", "DELETE"]);
+const ignoredHeaders = /* @__PURE__ */ new Set([
+  "transfer-encoding",
+  "connection",
+  "keep-alive",
+  "upgrade",
+  "expect",
+  "host"
+]);
+async function proxyRequest(event, target, opts = {}) {
+  const method = getMethod(event);
+  let body;
+  if (PayloadMethods.has(method)) {
+    body = await readRawBody(event).catch(() => void 0);
+  }
+  const headers = /* @__PURE__ */ Object.create(null);
+  const reqHeaders = getRequestHeaders(event);
+  for (const name in reqHeaders) {
+    if (!ignoredHeaders.has(name)) {
+      headers[name] = reqHeaders[name];
+    }
+  }
+  if (opts.fetchOptions?.headers) {
+    Object.assign(headers, opts.fetchOptions.headers);
+  }
+  if (opts.headers) {
+    Object.assign(headers, opts.headers);
+  }
+  return sendProxy(event, target, {
+    ...opts,
+    fetchOptions: {
+      headers,
+      method,
+      body,
+      ...opts.fetchOptions
+    }
+  });
+}
+async function sendProxy(event, target, opts = {}) {
+  const _fetch = opts.fetch || globalThis.fetch;
+  if (!_fetch) {
+    throw new Error(
+      "fetch is not available. Try importing `node-fetch-native/polyfill` for Node.js."
+    );
+  }
+  const response = await _fetch(target, {
+    headers: opts.headers,
+    ...opts.fetchOptions
+  });
+  event.node.res.statusCode = response.status;
+  event.node.res.statusMessage = response.statusText;
+  for (const [key, value] of response.headers.entries()) {
+    if (key === "content-encoding") {
+      continue;
+    }
+    if (key === "content-length") {
+      continue;
+    }
+    event.node.res.setHeader(key, value);
+  }
+  try {
+    if (response.body) {
+      if (opts.sendStream === false) {
+        const data = new Uint8Array(await response.arrayBuffer());
+        event.node.res.end(data);
+      } else {
+        for await (const chunk of response.body) {
+          event.node.res.write(chunk);
+        }
+        event.node.res.end();
+      }
+    }
+  } catch (error) {
+    event.node.res.end();
+    throw error;
+  }
+}
+
 const defer = typeof setImmediate !== "undefined" ? setImmediate : (fn) => fn();
 function send(event, data, type) {
   if (type) {
@@ -483,101 +589,372 @@ ${header}: ${value}`;
   }
 }
 
-function parseCookies(event) {
-  return cookieEs.parse(event.node.req.headers.cookie || "");
-}
-function getCookie(event, name) {
-  return parseCookies(event)[name];
-}
-function setCookie(event, name, value, serializeOptions) {
-  const cookieStr = cookieEs.serialize(name, value, {
-    path: "/",
-    ...serializeOptions
-  });
-  appendHeader(event, "Set-Cookie", cookieStr);
-}
-function deleteCookie(event, name, serializeOptions) {
-  setCookie(event, name, "", {
-    ...serializeOptions,
-    maxAge: 0
-  });
-}
-
-const PayloadMethods = /* @__PURE__ */ new Set(["PATCH", "POST", "PUT", "DELETE"]);
-const ignoredHeaders = /* @__PURE__ */ new Set([
-  "transfer-encoding",
-  "connection",
-  "keep-alive",
-  "upgrade",
-  "expect"
-]);
-async function proxyRequest(event, target, opts = {}) {
-  const method = getMethod(event);
-  let body;
-  if (PayloadMethods.has(method)) {
-    body = await readRawBody(event).catch(() => void 0);
+const base64urlEncode = (value) => (Buffer.isBuffer(value) ? value : Buffer.from(value)).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+const defaults = {
+  encryption: {
+    saltBits: 256,
+    algorithm: "aes-256-cbc",
+    iterations: 1,
+    minPasswordlength: 32
+  },
+  integrity: {
+    saltBits: 256,
+    algorithm: "sha256",
+    iterations: 1,
+    minPasswordlength: 32
+  },
+  ttl: 0,
+  timestampSkewSec: 60,
+  localtimeOffsetMsec: 0
+};
+const clone = (options) => ({
+  ...options,
+  encryption: { ...options.encryption },
+  integrity: { ...options.integrity }
+});
+const algorithms = {
+  "aes-128-ctr": { keyBits: 128, ivBits: 128, name: "AES-CTR" },
+  "aes-256-cbc": { keyBits: 256, ivBits: 128, name: "AES-CBC" },
+  sha256: { keyBits: 256, name: "SHA-256" }
+};
+const macFormatVersion = "2";
+const macPrefix = `Fe26.${macFormatVersion}`;
+const randomBytes = (_crypto, size) => {
+  const bytes = Buffer.allocUnsafe(size);
+  _crypto.getRandomValues(bytes);
+  return bytes;
+};
+const randomBits = (_crypto, bits) => {
+  if (bits < 1) {
+    throw new Error("Invalid random bits count");
   }
-  const headers = /* @__PURE__ */ Object.create(null);
-  const reqHeaders = getRequestHeaders(event);
-  for (const name in reqHeaders) {
-    if (!ignoredHeaders.has(name)) {
-      headers[name] = reqHeaders[name];
+  const bytes = Math.ceil(bits / 8);
+  return randomBytes(_crypto, bytes);
+};
+const pbkdf2 = async (_crypto, password, salt, iterations, keyLength, hash) => {
+  const textEncoder = new TextEncoder();
+  const passwordBuffer = textEncoder.encode(password);
+  const importedKey = await _crypto.subtle.importKey(
+    "raw",
+    passwordBuffer,
+    "PBKDF2",
+    false,
+    ["deriveBits"]
+  );
+  const saltBuffer = textEncoder.encode(salt);
+  const params = { name: "PBKDF2", hash, salt: saltBuffer, iterations };
+  const derivation = await _crypto.subtle.deriveBits(
+    params,
+    importedKey,
+    keyLength * 8
+  );
+  return Buffer.from(derivation);
+};
+const generateKey = async (_crypto, password, options) => {
+  if (password == null || password.length === 0) {
+    throw new Error("Empty password");
+  }
+  if (options == null || typeof options !== "object") {
+    throw new Error("Bad options");
+  }
+  if (!(options.algorithm in algorithms)) {
+    throw new Error(`Unknown algorithm: ${options.algorithm}`);
+  }
+  const algorithm = algorithms[options.algorithm];
+  const result = {};
+  const hmac = options.hmac ?? false;
+  const id = hmac ? { name: "HMAC", hash: algorithm.name } : { name: algorithm.name };
+  const usage = hmac ? ["sign", "verify"] : ["encrypt", "decrypt"];
+  if (typeof password === "string") {
+    if (password.length < options.minPasswordlength) {
+      throw new Error(
+        `Password string too short (min ${options.minPasswordlength} characters required)`
+      );
     }
+    let { salt = "" } = options;
+    if (!salt) {
+      const { saltBits = 0 } = options;
+      if (!saltBits) {
+        throw new Error("Missing salt and saltBits options");
+      }
+      const randomSalt = randomBits(_crypto, saltBits);
+      salt = randomSalt.toString("hex");
+    }
+    const derivedKey = await pbkdf2(
+      _crypto,
+      password,
+      salt,
+      options.iterations,
+      algorithm.keyBits / 8,
+      "SHA-1"
+    );
+    const importedEncryptionKey = await _crypto.subtle.importKey(
+      "raw",
+      derivedKey,
+      id,
+      false,
+      usage
+    );
+    result.key = importedEncryptionKey;
+    result.salt = salt;
+  } else {
+    if (password.length < algorithm.keyBits / 8) {
+      throw new Error("Key buffer (password) too small");
+    }
+    result.key = await _crypto.subtle.importKey(
+      "raw",
+      password,
+      id,
+      false,
+      usage
+    );
+    result.salt = "";
   }
-  if (opts.fetchOptions?.headers) {
-    Object.assign(headers, opts.fetchOptions.headers);
-  }
-  if (opts.headers) {
-    Object.assign(headers, opts.headers);
+  if (options.iv) {
+    result.iv = options.iv;
+  } else if ("ivBits" in algorithm) {
+    result.iv = randomBits(_crypto, algorithm.ivBits);
   }
-  return sendProxy(event, target, {
-    ...opts,
-    fetchOptions: {
-      headers,
-      method,
-      body,
-      ...opts.fetchOptions
+  return result;
+};
+const encrypt = async (_crypto, password, options, data) => {
+  const key = await generateKey(_crypto, password, options);
+  const textEncoder = new TextEncoder();
+  const textBuffer = textEncoder.encode(data);
+  const encrypted = await _crypto.subtle.encrypt(
+    { name: algorithms[options.algorithm].name, iv: key.iv },
+    key.key,
+    textBuffer
+  );
+  return { encrypted: Buffer.from(encrypted), key };
+};
+const decrypt = async (_crypto, password, options, data) => {
+  const key = await generateKey(_crypto, password, options);
+  const decrypted = await _crypto.subtle.decrypt(
+    { name: algorithms[options.algorithm].name, iv: key.iv },
+    key.key,
+    Buffer.isBuffer(data) ? data : Buffer.from(data)
+  );
+  const textDecoder = new TextDecoder();
+  return textDecoder.decode(decrypted);
+};
+const hmacWithPassword = async (_crypto, password, options, data) => {
+  const key = await generateKey(_crypto, password, { ...options, hmac: true });
+  const textEncoder = new TextEncoder();
+  const textBuffer = textEncoder.encode(data);
+  const signed = await _crypto.subtle.sign(
+    { name: "HMAC" },
+    key.key,
+    textBuffer
+  );
+  const digest = base64urlEncode(Buffer.from(signed));
+  return { digest, salt: key.salt };
+};
+const normalizePassword = (password) => {
+  if (typeof password === "object" && !Buffer.isBuffer(password)) {
+    if ("secret" in password) {
+      return {
+        id: password.id,
+        encryption: password.secret,
+        integrity: password.secret
+      };
     }
-  });
-}
-async function sendProxy(event, target, opts = {}) {
-  const _fetch = opts.fetch || globalThis.fetch;
-  if (!_fetch) {
-    throw new Error(
-      "fetch is not available. Try importing `node-fetch-native/polyfill` for Node.js."
-    );
+    return {
+      id: password.id,
+      encryption: password.encryption,
+      integrity: password.integrity
+    };
   }
-  const response = await _fetch(target, {
-    headers: opts.headers,
-    ...opts.fetchOptions
-  });
-  event.node.res.statusCode = response.status;
-  event.node.res.statusMessage = response.statusText;
-  for (const [key, value] of response.headers.entries()) {
-    if (key === "content-encoding") {
-      continue;
+  return { encryption: password, integrity: password };
+};
+const seal = async (_crypto, object, password, options) => {
+  if (!password) {
+    throw new Error("Empty password");
+  }
+  const opts = clone(options);
+  const now = Date.now() + (opts.localtimeOffsetMsec || 0);
+  const objectString = JSON.stringify(object);
+  const pass = normalizePassword(password);
+  const { id = "" } = pass;
+  if (id && !/^\w+$/.test(id)) {
+    throw new Error("Invalid password id");
+  }
+  const { encrypted, key } = await encrypt(
+    _crypto,
+    pass.encryption,
+    opts.encryption,
+    objectString
+  );
+  const encryptedB64 = base64urlEncode(encrypted);
+  const iv = base64urlEncode(key.iv);
+  const expiration = opts.ttl ? now + opts.ttl : "";
+  const macBaseString = `${macPrefix}*${id}*${key.salt}*${iv}*${encryptedB64}*${expiration}`;
+  const mac = await hmacWithPassword(
+    _crypto,
+    pass.integrity,
+    opts.integrity,
+    macBaseString
+  );
+  const sealed = `${macBaseString}*${mac.salt}*${mac.digest}`;
+  return sealed;
+};
+const fixedTimeComparison = (a, b) => {
+  let mismatch = a.length === b.length ? 0 : 1;
+  if (mismatch) {
+    b = a;
+  }
+  for (let i = 0; i < a.length; i += 1) {
+    mismatch |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return mismatch === 0;
+};
+const unseal = async (_crypto, sealed, password, options) => {
+  if (!password) {
+    throw new Error("Empty password");
+  }
+  const opts = clone(options);
+  const now = Date.now() + (opts.localtimeOffsetMsec || 0);
+  const parts = sealed.split("*");
+  if (parts.length !== 8) {
+    throw new Error("Incorrect number of sealed components");
+  }
+  const prefix = parts[0];
+  const passwordId = parts[1];
+  const encryptionSalt = parts[2];
+  const encryptionIv = parts[3];
+  const encryptedB64 = parts[4];
+  const expiration = parts[5];
+  const hmacSalt = parts[6];
+  const hmac = parts[7];
+  const macBaseString = `${prefix}*${passwordId}*${encryptionSalt}*${encryptionIv}*${encryptedB64}*${expiration}`;
+  if (macPrefix !== prefix) {
+    throw new Error("Wrong mac prefix");
+  }
+  if (expiration) {
+    if (!/^\d+$/.test(expiration)) {
+      throw new Error("Invalid expiration");
     }
-    if (key === "content-length") {
-      continue;
+    const exp = Number.parseInt(expiration, 10);
+    if (exp <= now - opts.timestampSkewSec * 1e3) {
+      throw new Error("Expired seal");
     }
-    event.node.res.setHeader(key, value);
   }
-  try {
-    if (response.body) {
-      if (opts.sendStream === false) {
-        const data = new Uint8Array(await response.arrayBuffer());
-        event.node.res.end(data);
-      } else {
-        for await (const chunk of response.body) {
-          event.node.res.write(chunk);
-        }
-        event.node.res.end();
-      }
+  if (typeof password === "undefined" || typeof password === "string" && password.length === 0) {
+    throw new Error("Empty password");
+  }
+  let pass;
+  if (typeof password === "object" && !Buffer.isBuffer(password)) {
+    if (!((passwordId || "default") in password)) {
+      throw new Error(`Cannot find password: ${passwordId}`);
     }
-  } catch (error) {
-    event.node.res.end();
-    throw error;
+    pass = password[passwordId || "default"];
+  } else {
+    pass = password;
+  }
+  pass = normalizePassword(pass);
+  const macOptions = opts.integrity;
+  macOptions.salt = hmacSalt;
+  const mac = await hmacWithPassword(
+    _crypto,
+    pass.integrity,
+    macOptions,
+    macBaseString
+  );
+  if (!fixedTimeComparison(mac.digest, hmac)) {
+    throw new Error("Bad hmac value");
+  }
+  const encrypted = Buffer.from(encryptedB64, "base64");
+  const decryptOptions = opts.encryption;
+  decryptOptions.salt = encryptionSalt;
+  decryptOptions.iv = Buffer.from(encryptionIv, "base64");
+  const decrypted = await decrypt(
+    _crypto,
+    pass.encryption,
+    decryptOptions,
+    encrypted
+  );
+  if (decrypted) {
+    return JSON.parse(decrypted);
+  }
+  return null;
+};
+
+const DEFAULT_NAME = "h3";
+const DEFAULT_COOKIE = {
+  path: "/",
+  secure: true,
+  httpOnly: true
+};
+async function useSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  await getSession(event, config);
+  const sessionManager = {
+    get id() {
+      return event.context.sessions?.[sessionName]?.id;
+    },
+    get data() {
+      return event.context.sessions?.[sessionName]?.data || {};
+    },
+    update: async (update) => {
+      await updateSession(event, config, update);
+      return sessionManager;
+    },
+    clear: async () => {
+      await clearSession(event, config);
+      return sessionManager;
+    }
+  };
+  return sessionManager;
+}
+async function getSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  if (!event.context.sessions) {
+    event.context.sessions = /* @__PURE__ */ Object.create(null);
+  }
+  if (event.context.sessions[sessionName]) {
+    return event.context.sessions[sessionName];
+  }
+  const session = { id: "", data: /* @__PURE__ */ Object.create(null) };
+  event.context.sessions[sessionName] = session;
+  const reqCookie = getCookie(event, sessionName);
+  if (!reqCookie) {
+    session.id = (config.crypto || crypto).randomUUID();
+    await updateSession(event, config);
+  } else {
+    const unsealed = await unseal(
+      config.crypto || crypto,
+      reqCookie,
+      config.password,
+      config.seal || defaults
+    );
+    Object.assign(session, unsealed);
+  }
+  return session;
+}
+async function updateSession(event, config, update) {
+  const sessionName = config.name || DEFAULT_NAME;
+  const session = event.context.sessions?.[sessionName] || await getSession(event, config);
+  if (typeof update === "function") {
+    update = update(session.data);
+  }
+  if (update) {
+    Object.assign(session.data, update);
+  }
+  const sealed = await seal(
+    config.crypto || crypto,
+    session,
+    config.password,
+    config.seal || defaults
+  );
+  setCookie(event, sessionName, sealed, config.cookie || DEFAULT_COOKIE);
+  return session;
+}
+async function clearSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  if (event.context.sessions?.[sessionName]) {
+    delete event.context.sessions[sessionName];
   }
+  await setCookie(event, sessionName, "", config.cookie || DEFAULT_COOKIE);
 }
 
 class H3Headers {
@@ -1040,6 +1417,7 @@ exports.appendResponseHeader = appendResponseHeader;
 exports.appendResponseHeaders = appendResponseHeaders;
 exports.assertMethod = assertMethod;
 exports.callNodeListener = callNodeListener;
+exports.clearSession = clearSession;
 exports.createApp = createApp;
 exports.createAppEventHandler = createAppEventHandler;
 exports.createError = createError;
@@ -1067,6 +1445,7 @@ exports.getResponseStatus = getResponseStatus;
 exports.getResponseStatusText = getResponseStatusText;
 exports.getRouterParam = getRouterParam;
 exports.getRouterParams = getRouterParams;
+exports.getSession = getSession;
 exports.handleCacheHeaders = handleCacheHeaders;
 exports.isError = isError;
 exports.isEvent = isEvent;
@@ -1094,6 +1473,8 @@ exports.setResponseHeaders = setResponseHeaders;
 exports.setResponseStatus = setResponseStatus;
 exports.toEventHandler = toEventHandler;
 exports.toNodeListener = toNodeListener;
+exports.updateSession = updateSession;
 exports.use = use;
 exports.useBase = useBase;
+exports.useSession = useSession;
 exports.writeEarlyHints = writeEarlyHints;

package/dist/index.d.ts

@@ -1,11 +1,84 @@
+import { CookieSerializeOptions } from 'cookie-es';
 import { IncomingMessage, ServerResponse, OutgoingMessage } from 'node:http';
 export { IncomingMessage as NodeIncomingMessage, ServerResponse as NodeServerResponse } from 'node:http';
-import { CookieSerializeOptions } from 'cookie-es';
 import * as ufo from 'ufo';
 
+/**
+ * seal() method options.
+ */
+interface SealOptionsSub {
+    /**
+     * The length of the salt (random buffer used to ensure that two identical objects will generate a different encrypted result). Defaults to 256.
+     */
+    saltBits: number;
+    /**
+     * The algorithm used. Defaults to 'aes-256-cbc' for encryption and 'sha256' for integrity.
+     */
+    algorithm: "aes-128-ctr" | "aes-256-cbc" | "sha256";
+    /**
+     * The number of iterations used to derive a key from the password. Defaults to 1.
+     */
+    iterations: number;
+    /**
+     * Minimum password size. Defaults to 32.
+     */
+    minPasswordlength: number;
+}
+/**
+ * Options for customizing the key derivation algorithm used to generate encryption and integrity verification keys as well as the algorithms and salt sizes used.
+ */
+interface SealOptions {
+    /**
+     * Encryption step options.
+     */
+    encryption: SealOptionsSub;
+    /**
+     * Integrity step options.
+     */
+    integrity: SealOptionsSub;
+    /**
+     * Sealed object lifetime in milliseconds where 0 means forever. Defaults to 0.
+     */
+    ttl: number;
+    /**
+     * Number of seconds of permitted clock skew for incoming expirations. Defaults to 60 seconds.
+     */
+    timestampSkewSec: number;
+    /**
+     * Local clock time offset, expressed in number of milliseconds (positive or negative). Defaults to 0.
+     */
+    localtimeOffsetMsec: number;
+}
+
+type SessionDataT = Record<string, string | number | boolean>;
+type SessionData<T extends SessionDataT = SessionDataT> = T;
+interface Session<T extends SessionDataT = SessionDataT> {
+    id: string;
+    data: SessionData<T>;
+}
+interface SessionConfig {
+    password: string;
+    name?: string;
+    cookie?: CookieSerializeOptions;
+    seal?: SealOptions;
+    crypto?: Crypto;
+}
+declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig): Promise<{
+    readonly id: string | undefined;
+    readonly data: SessionDataT;
+    update: (update: SessionUpdate<T>) => Promise<any>;
+    clear: () => Promise<any>;
+}>;
+declare function getSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig): Promise<Session<T>>;
+type SessionUpdate<T extends SessionDataT = SessionDataT> = Partial<SessionData<T>> | ((oldData: SessionData<T>) => Partial<SessionData<T>> | undefined);
+declare function updateSession<T extends SessionDataT = SessionDataT>(event: H3Event, config: SessionConfig, update?: SessionUpdate<T>): Promise<Session<T>>;
+declare function clearSession(event: H3Event, config: SessionConfig): Promise<void>;
+
 type HTTPMethod = "GET" | "HEAD" | "PATCH" | "POST" | "PUT" | "DELETE" | "CONNECT" | "OPTIONS" | "TRACE";
 type Encoding = false | "ascii" | "utf8" | "utf-8" | "utf16le" | "ucs2" | "ucs-2" | "base64" | "latin1" | "binary" | "hex";
 interface H3EventContext extends Record<string, any> {
+    params?: Record<string, string>;
+    sessions?: Record<string, Session>;
 }
 type EventHandlerResponse<T = any> = T | Promise<T>;
 interface EventHandler<T = any> {
@@ -322,4 +395,4 @@ interface CreateRouterOptions {
 }
 declare function createRouter(opts?: CreateRouterOptions): Router;
 
-export { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, DynamicEventHandler, Encoding, EventHandler, EventHandlerResponse, H3Error, H3Event, H3EventContext, H3Headers, H3Response, HTTPMethod, InputLayer, InputStack, Layer, LazyEventHandler, MIMES, Matcher, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, ProxyOptions, RequestHeaders, Router, RouterMethod, RouterUse, Stack, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, createApp, createAppEventHandler, createError, createEvent, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, deleteCookie, dynamicEventHandler, eventHandler, fromNodeMiddleware, getCookie, getHeader, getHeaders, getMethod, getQuery, getRequestHeader, getRequestHeaders, getResponseHeader, getResponseHeaders, getResponseStatus, getResponseStatusText, getRouterParam, getRouterParams, handleCacheHeaders, isError, isEvent, isEventHandler, isMethod, isStream, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readMultipartFormData, readRawBody, send, sendError, sendNoContent, sendProxy, sendRedirect, sendStream, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, setResponseStatus, toEventHandler, toNodeListener, use, useBase, writeEarlyHints };
+export { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, DynamicEventHandler, Encoding, EventHandler, EventHandlerResponse, H3Error, H3Event, H3EventContext, H3Headers, H3Response, HTTPMethod, InputLayer, InputStack, Layer, LazyEventHandler, MIMES, Matcher, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, ProxyOptions, RequestHeaders, Router, RouterMethod, RouterUse, Session, SessionConfig, SessionData, Stack, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, clearSession, createApp, createAppEventHandler, createError, createEvent, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, deleteCookie, dynamicEventHandler, eventHandler, fromNodeMiddleware, getCookie, getHeader, getHeaders, getMethod, getQuery, getRequestHeader, getRequestHeaders, getResponseHeader, getResponseHeaders, getResponseStatus, getResponseStatusText, getRouterParam, getRouterParams, getSession, handleCacheHeaders, isError, isEvent, isEventHandler, isMethod, isStream, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readMultipartFormData, readRawBody, send, sendError, sendNoContent, sendProxy, sendRedirect, sendStream, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, setResponseStatus, toEventHandler, toNodeListener, updateSession, use, useBase, useSession, writeEarlyHints };

package/dist/index.mjs

@@ -2,6 +2,7 @@ import { withoutTrailingSlash, withoutBase, getQuery as getQuery$1 } from 'ufo';
 import { createRouter as createRouter$1 } from 'radix3';
 import destr from 'destr';
 import { parse as parse$1, serialize } from 'cookie-es';
+import crypto from 'uncrypto';
 
 function useBase(base, handler) {
   base = withoutTrailingSlash(base);
@@ -349,6 +350,111 @@ const MIMES = {
   json: "application/json"
 };
 
+function parseCookies(event) {
+  return parse$1(event.node.req.headers.cookie || "");
+}
+function getCookie(event, name) {
+  return parseCookies(event)[name];
+}
+function setCookie(event, name, value, serializeOptions) {
+  const cookieStr = serialize(name, value, {
+    path: "/",
+    ...serializeOptions
+  });
+  let setCookies = event.node.res.getHeader("set-cookie");
+  if (!Array.isArray(setCookies)) {
+    setCookies = [setCookies];
+  }
+  setCookies = setCookies.filter((cookieValue) => {
+    return cookieValue && !cookieValue.startsWith(name + "=");
+  });
+  event.node.res.setHeader("set-cookie", [...setCookies, cookieStr]);
+}
+function deleteCookie(event, name, serializeOptions) {
+  setCookie(event, name, "", {
+    ...serializeOptions,
+    maxAge: 0
+  });
+}
+
+const PayloadMethods = /* @__PURE__ */ new Set(["PATCH", "POST", "PUT", "DELETE"]);
+const ignoredHeaders = /* @__PURE__ */ new Set([
+  "transfer-encoding",
+  "connection",
+  "keep-alive",
+  "upgrade",
+  "expect",
+  "host"
+]);
+async function proxyRequest(event, target, opts = {}) {
+  const method = getMethod(event);
+  let body;
+  if (PayloadMethods.has(method)) {
+    body = await readRawBody(event).catch(() => void 0);
+  }
+  const headers = /* @__PURE__ */ Object.create(null);
+  const reqHeaders = getRequestHeaders(event);
+  for (const name in reqHeaders) {
+    if (!ignoredHeaders.has(name)) {
+      headers[name] = reqHeaders[name];
+    }
+  }
+  if (opts.fetchOptions?.headers) {
+    Object.assign(headers, opts.fetchOptions.headers);
+  }
+  if (opts.headers) {
+    Object.assign(headers, opts.headers);
+  }
+  return sendProxy(event, target, {
+    ...opts,
+    fetchOptions: {
+      headers,
+      method,
+      body,
+      ...opts.fetchOptions
+    }
+  });
+}
+async function sendProxy(event, target, opts = {}) {
+  const _fetch = opts.fetch || globalThis.fetch;
+  if (!_fetch) {
+    throw new Error(
+      "fetch is not available. Try importing `node-fetch-native/polyfill` for Node.js."
+    );
+  }
+  const response = await _fetch(target, {
+    headers: opts.headers,
+    ...opts.fetchOptions
+  });
+  event.node.res.statusCode = response.status;
+  event.node.res.statusMessage = response.statusText;
+  for (const [key, value] of response.headers.entries()) {
+    if (key === "content-encoding") {
+      continue;
+    }
+    if (key === "content-length") {
+      continue;
+    }
+    event.node.res.setHeader(key, value);
+  }
+  try {
+    if (response.body) {
+      if (opts.sendStream === false) {
+        const data = new Uint8Array(await response.arrayBuffer());
+        event.node.res.end(data);
+      } else {
+        for await (const chunk of response.body) {
+          event.node.res.write(chunk);
+        }
+        event.node.res.end();
+      }
+    }
+  } catch (error) {
+    event.node.res.end();
+    throw error;
+  }
+}
+
 const defer = typeof setImmediate !== "undefined" ? setImmediate : (fn) => fn();
 function send(event, data, type) {
   if (type) {
@@ -481,101 +587,372 @@ ${header}: ${value}`;
   }
 }
 
-function parseCookies(event) {
-  return parse$1(event.node.req.headers.cookie || "");
-}
-function getCookie(event, name) {
-  return parseCookies(event)[name];
-}
-function setCookie(event, name, value, serializeOptions) {
-  const cookieStr = serialize(name, value, {
-    path: "/",
-    ...serializeOptions
-  });
-  appendHeader(event, "Set-Cookie", cookieStr);
-}
-function deleteCookie(event, name, serializeOptions) {
-  setCookie(event, name, "", {
-    ...serializeOptions,
-    maxAge: 0
-  });
-}
-
-const PayloadMethods = /* @__PURE__ */ new Set(["PATCH", "POST", "PUT", "DELETE"]);
-const ignoredHeaders = /* @__PURE__ */ new Set([
-  "transfer-encoding",
-  "connection",
-  "keep-alive",
-  "upgrade",
-  "expect"
-]);
-async function proxyRequest(event, target, opts = {}) {
-  const method = getMethod(event);
-  let body;
-  if (PayloadMethods.has(method)) {
-    body = await readRawBody(event).catch(() => void 0);
+const base64urlEncode = (value) => (Buffer.isBuffer(value) ? value : Buffer.from(value)).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+const defaults = {
+  encryption: {
+    saltBits: 256,
+    algorithm: "aes-256-cbc",
+    iterations: 1,
+    minPasswordlength: 32
+  },
+  integrity: {
+    saltBits: 256,
+    algorithm: "sha256",
+    iterations: 1,
+    minPasswordlength: 32
+  },
+  ttl: 0,
+  timestampSkewSec: 60,
+  localtimeOffsetMsec: 0
+};
+const clone = (options) => ({
+  ...options,
+  encryption: { ...options.encryption },
+  integrity: { ...options.integrity }
+});
+const algorithms = {
+  "aes-128-ctr": { keyBits: 128, ivBits: 128, name: "AES-CTR" },
+  "aes-256-cbc": { keyBits: 256, ivBits: 128, name: "AES-CBC" },
+  sha256: { keyBits: 256, name: "SHA-256" }
+};
+const macFormatVersion = "2";
+const macPrefix = `Fe26.${macFormatVersion}`;
+const randomBytes = (_crypto, size) => {
+  const bytes = Buffer.allocUnsafe(size);
+  _crypto.getRandomValues(bytes);
+  return bytes;
+};
+const randomBits = (_crypto, bits) => {
+  if (bits < 1) {
+    throw new Error("Invalid random bits count");
   }
-  const headers = /* @__PURE__ */ Object.create(null);
-  const reqHeaders = getRequestHeaders(event);
-  for (const name in reqHeaders) {
-    if (!ignoredHeaders.has(name)) {
-      headers[name] = reqHeaders[name];
+  const bytes = Math.ceil(bits / 8);
+  return randomBytes(_crypto, bytes);
+};
+const pbkdf2 = async (_crypto, password, salt, iterations, keyLength, hash) => {
+  const textEncoder = new TextEncoder();
+  const passwordBuffer = textEncoder.encode(password);
+  const importedKey = await _crypto.subtle.importKey(
+    "raw",
+    passwordBuffer,
+    "PBKDF2",
+    false,
+    ["deriveBits"]
+  );
+  const saltBuffer = textEncoder.encode(salt);
+  const params = { name: "PBKDF2", hash, salt: saltBuffer, iterations };
+  const derivation = await _crypto.subtle.deriveBits(
+    params,
+    importedKey,
+    keyLength * 8
+  );
+  return Buffer.from(derivation);
+};
+const generateKey = async (_crypto, password, options) => {
+  if (password == null || password.length === 0) {
+    throw new Error("Empty password");
+  }
+  if (options == null || typeof options !== "object") {
+    throw new Error("Bad options");
+  }
+  if (!(options.algorithm in algorithms)) {
+    throw new Error(`Unknown algorithm: ${options.algorithm}`);
+  }
+  const algorithm = algorithms[options.algorithm];
+  const result = {};
+  const hmac = options.hmac ?? false;
+  const id = hmac ? { name: "HMAC", hash: algorithm.name } : { name: algorithm.name };
+  const usage = hmac ? ["sign", "verify"] : ["encrypt", "decrypt"];
+  if (typeof password === "string") {
+    if (password.length < options.minPasswordlength) {
+      throw new Error(
+        `Password string too short (min ${options.minPasswordlength} characters required)`
+      );
     }
+    let { salt = "" } = options;
+    if (!salt) {
+      const { saltBits = 0 } = options;
+      if (!saltBits) {
+        throw new Error("Missing salt and saltBits options");
+      }
+      const randomSalt = randomBits(_crypto, saltBits);
+      salt = randomSalt.toString("hex");
+    }
+    const derivedKey = await pbkdf2(
+      _crypto,
+      password,
+      salt,
+      options.iterations,
+      algorithm.keyBits / 8,
+      "SHA-1"
+    );
+    const importedEncryptionKey = await _crypto.subtle.importKey(
+      "raw",
+      derivedKey,
+      id,
+      false,
+      usage
+    );
+    result.key = importedEncryptionKey;
+    result.salt = salt;
+  } else {
+    if (password.length < algorithm.keyBits / 8) {
+      throw new Error("Key buffer (password) too small");
+    }
+    result.key = await _crypto.subtle.importKey(
+      "raw",
+      password,
+      id,
+      false,
+      usage
+    );
+    result.salt = "";
   }
-  if (opts.fetchOptions?.headers) {
-    Object.assign(headers, opts.fetchOptions.headers);
-  }
-  if (opts.headers) {
-    Object.assign(headers, opts.headers);
+  if (options.iv) {
+    result.iv = options.iv;
+  } else if ("ivBits" in algorithm) {
+    result.iv = randomBits(_crypto, algorithm.ivBits);
   }
-  return sendProxy(event, target, {
-    ...opts,
-    fetchOptions: {
-      headers,
-      method,
-      body,
-      ...opts.fetchOptions
+  return result;
+};
+const encrypt = async (_crypto, password, options, data) => {
+  const key = await generateKey(_crypto, password, options);
+  const textEncoder = new TextEncoder();
+  const textBuffer = textEncoder.encode(data);
+  const encrypted = await _crypto.subtle.encrypt(
+    { name: algorithms[options.algorithm].name, iv: key.iv },
+    key.key,
+    textBuffer
+  );
+  return { encrypted: Buffer.from(encrypted), key };
+};
+const decrypt = async (_crypto, password, options, data) => {
+  const key = await generateKey(_crypto, password, options);
+  const decrypted = await _crypto.subtle.decrypt(
+    { name: algorithms[options.algorithm].name, iv: key.iv },
+    key.key,
+    Buffer.isBuffer(data) ? data : Buffer.from(data)
+  );
+  const textDecoder = new TextDecoder();
+  return textDecoder.decode(decrypted);
+};
+const hmacWithPassword = async (_crypto, password, options, data) => {
+  const key = await generateKey(_crypto, password, { ...options, hmac: true });
+  const textEncoder = new TextEncoder();
+  const textBuffer = textEncoder.encode(data);
+  const signed = await _crypto.subtle.sign(
+    { name: "HMAC" },
+    key.key,
+    textBuffer
+  );
+  const digest = base64urlEncode(Buffer.from(signed));
+  return { digest, salt: key.salt };
+};
+const normalizePassword = (password) => {
+  if (typeof password === "object" && !Buffer.isBuffer(password)) {
+    if ("secret" in password) {
+      return {
+        id: password.id,
+        encryption: password.secret,
+        integrity: password.secret
+      };
     }
-  });
-}
-async function sendProxy(event, target, opts = {}) {
-  const _fetch = opts.fetch || globalThis.fetch;
-  if (!_fetch) {
-    throw new Error(
-      "fetch is not available. Try importing `node-fetch-native/polyfill` for Node.js."
-    );
+    return {
+      id: password.id,
+      encryption: password.encryption,
+      integrity: password.integrity
+    };
   }
-  const response = await _fetch(target, {
-    headers: opts.headers,
-    ...opts.fetchOptions
-  });
-  event.node.res.statusCode = response.status;
-  event.node.res.statusMessage = response.statusText;
-  for (const [key, value] of response.headers.entries()) {
-    if (key === "content-encoding") {
-      continue;
+  return { encryption: password, integrity: password };
+};
+const seal = async (_crypto, object, password, options) => {
+  if (!password) {
+    throw new Error("Empty password");
+  }
+  const opts = clone(options);
+  const now = Date.now() + (opts.localtimeOffsetMsec || 0);
+  const objectString = JSON.stringify(object);
+  const pass = normalizePassword(password);
+  const { id = "" } = pass;
+  if (id && !/^\w+$/.test(id)) {
+    throw new Error("Invalid password id");
+  }
+  const { encrypted, key } = await encrypt(
+    _crypto,
+    pass.encryption,
+    opts.encryption,
+    objectString
+  );
+  const encryptedB64 = base64urlEncode(encrypted);
+  const iv = base64urlEncode(key.iv);
+  const expiration = opts.ttl ? now + opts.ttl : "";
+  const macBaseString = `${macPrefix}*${id}*${key.salt}*${iv}*${encryptedB64}*${expiration}`;
+  const mac = await hmacWithPassword(
+    _crypto,
+    pass.integrity,
+    opts.integrity,
+    macBaseString
+  );
+  const sealed = `${macBaseString}*${mac.salt}*${mac.digest}`;
+  return sealed;
+};
+const fixedTimeComparison = (a, b) => {
+  let mismatch = a.length === b.length ? 0 : 1;
+  if (mismatch) {
+    b = a;
+  }
+  for (let i = 0; i < a.length; i += 1) {
+    mismatch |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return mismatch === 0;
+};
+const unseal = async (_crypto, sealed, password, options) => {
+  if (!password) {
+    throw new Error("Empty password");
+  }
+  const opts = clone(options);
+  const now = Date.now() + (opts.localtimeOffsetMsec || 0);
+  const parts = sealed.split("*");
+  if (parts.length !== 8) {
+    throw new Error("Incorrect number of sealed components");
+  }
+  const prefix = parts[0];
+  const passwordId = parts[1];
+  const encryptionSalt = parts[2];
+  const encryptionIv = parts[3];
+  const encryptedB64 = parts[4];
+  const expiration = parts[5];
+  const hmacSalt = parts[6];
+  const hmac = parts[7];
+  const macBaseString = `${prefix}*${passwordId}*${encryptionSalt}*${encryptionIv}*${encryptedB64}*${expiration}`;
+  if (macPrefix !== prefix) {
+    throw new Error("Wrong mac prefix");
+  }
+  if (expiration) {
+    if (!/^\d+$/.test(expiration)) {
+      throw new Error("Invalid expiration");
     }
-    if (key === "content-length") {
-      continue;
+    const exp = Number.parseInt(expiration, 10);
+    if (exp <= now - opts.timestampSkewSec * 1e3) {
+      throw new Error("Expired seal");
     }
-    event.node.res.setHeader(key, value);
   }
-  try {
-    if (response.body) {
-      if (opts.sendStream === false) {
-        const data = new Uint8Array(await response.arrayBuffer());
-        event.node.res.end(data);
-      } else {
-        for await (const chunk of response.body) {
-          event.node.res.write(chunk);
-        }
-        event.node.res.end();
-      }
+  if (typeof password === "undefined" || typeof password === "string" && password.length === 0) {
+    throw new Error("Empty password");
+  }
+  let pass;
+  if (typeof password === "object" && !Buffer.isBuffer(password)) {
+    if (!((passwordId || "default") in password)) {
+      throw new Error(`Cannot find password: ${passwordId}`);
     }
-  } catch (error) {
-    event.node.res.end();
-    throw error;
+    pass = password[passwordId || "default"];
+  } else {
+    pass = password;
+  }
+  pass = normalizePassword(pass);
+  const macOptions = opts.integrity;
+  macOptions.salt = hmacSalt;
+  const mac = await hmacWithPassword(
+    _crypto,
+    pass.integrity,
+    macOptions,
+    macBaseString
+  );
+  if (!fixedTimeComparison(mac.digest, hmac)) {
+    throw new Error("Bad hmac value");
+  }
+  const encrypted = Buffer.from(encryptedB64, "base64");
+  const decryptOptions = opts.encryption;
+  decryptOptions.salt = encryptionSalt;
+  decryptOptions.iv = Buffer.from(encryptionIv, "base64");
+  const decrypted = await decrypt(
+    _crypto,
+    pass.encryption,
+    decryptOptions,
+    encrypted
+  );
+  if (decrypted) {
+    return JSON.parse(decrypted);
+  }
+  return null;
+};
+
+const DEFAULT_NAME = "h3";
+const DEFAULT_COOKIE = {
+  path: "/",
+  secure: true,
+  httpOnly: true
+};
+async function useSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  await getSession(event, config);
+  const sessionManager = {
+    get id() {
+      return event.context.sessions?.[sessionName]?.id;
+    },
+    get data() {
+      return event.context.sessions?.[sessionName]?.data || {};
+    },
+    update: async (update) => {
+      await updateSession(event, config, update);
+      return sessionManager;
+    },
+    clear: async () => {
+      await clearSession(event, config);
+      return sessionManager;
+    }
+  };
+  return sessionManager;
+}
+async function getSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  if (!event.context.sessions) {
+    event.context.sessions = /* @__PURE__ */ Object.create(null);
+  }
+  if (event.context.sessions[sessionName]) {
+    return event.context.sessions[sessionName];
+  }
+  const session = { id: "", data: /* @__PURE__ */ Object.create(null) };
+  event.context.sessions[sessionName] = session;
+  const reqCookie = getCookie(event, sessionName);
+  if (!reqCookie) {
+    session.id = (config.crypto || crypto).randomUUID();
+    await updateSession(event, config);
+  } else {
+    const unsealed = await unseal(
+      config.crypto || crypto,
+      reqCookie,
+      config.password,
+      config.seal || defaults
+    );
+    Object.assign(session, unsealed);
+  }
+  return session;
+}
+async function updateSession(event, config, update) {
+  const sessionName = config.name || DEFAULT_NAME;
+  const session = event.context.sessions?.[sessionName] || await getSession(event, config);
+  if (typeof update === "function") {
+    update = update(session.data);
+  }
+  if (update) {
+    Object.assign(session.data, update);
+  }
+  const sealed = await seal(
+    config.crypto || crypto,
+    session,
+    config.password,
+    config.seal || defaults
+  );
+  setCookie(event, sessionName, sealed, config.cookie || DEFAULT_COOKIE);
+  return session;
+}
+async function clearSession(event, config) {
+  const sessionName = config.name || DEFAULT_NAME;
+  if (event.context.sessions?.[sessionName]) {
+    delete event.context.sessions[sessionName];
   }
+  await setCookie(event, sessionName, "", config.cookie || DEFAULT_COOKIE);
 }
 
 class H3Headers {
@@ -1027,4 +1404,4 @@ function createRouter(opts = {}) {
   return router;
 }
 
-export { H3Error, H3Event, H3Headers, H3Response, MIMES, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, createApp, createAppEventHandler, createError, createEvent, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, deleteCookie, dynamicEventHandler, eventHandler, fromNodeMiddleware, getCookie, getHeader, getHeaders, getMethod, getQuery, getRequestHeader, getRequestHeaders, getResponseHeader, getResponseHeaders, getResponseStatus, getResponseStatusText, getRouterParam, getRouterParams, handleCacheHeaders, isError, isEvent, isEventHandler, isMethod, isStream, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readMultipartFormData, readRawBody, send, sendError, sendNoContent, sendProxy, sendRedirect, sendStream, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, setResponseStatus, toEventHandler, toNodeListener, use, useBase, writeEarlyHints };
+export { H3Error, H3Event, H3Headers, H3Response, MIMES, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, clearSession, createApp, createAppEventHandler, createError, createEvent, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, deleteCookie, dynamicEventHandler, eventHandler, fromNodeMiddleware, getCookie, getHeader, getHeaders, getMethod, getQuery, getRequestHeader, getRequestHeaders, getResponseHeader, getResponseHeaders, getResponseStatus, getResponseStatusText, getRouterParam, getRouterParams, getSession, handleCacheHeaders, isError, isEvent, isEventHandler, isMethod, isStream, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readMultipartFormData, readRawBody, send, sendError, sendNoContent, sendProxy, sendRedirect, sendStream, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, setResponseStatus, toEventHandler, toNodeListener, updateSession, use, useBase, useSession, writeEarlyHints };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "h3",
-  "version": "1.1.0",
+  "version": "1.2.1",
   "description": "Tiny JavaScript Server",
   "repository": "unjs/h3",
   "license": "MIT",
@@ -23,18 +23,19 @@
     "cookie-es": "^0.5.0",
     "destr": "^1.2.2",
     "radix3": "^1.0.0",
-    "ufo": "^1.0.1"
+    "ufo": "^1.0.1",
+    "uncrypto": "^0.1.2"
   },
   "devDependencies": {
     "0x": "^5.4.1",
     "@types/express": "^4.17.16",
     "@types/node": "^18.11.18",
     "@types/supertest": "^2.0.12",
-    "@vitest/coverage-c8": "^0.28.2",
+    "@vitest/coverage-c8": "^0.28.3",
     "autocannon": "^7.10.0",
     "changelogen": "^0.4.1",
     "connect": "^3.7.0",
-    "eslint": "^8.32.0",
+    "eslint": "^8.33.0",
     "eslint-config-unjs": "^0.1.0",
     "express": "^4.18.2",
     "get-port": "^6.1.2",
@@ -43,11 +44,11 @@
     "node-fetch-native": "^1.0.1",
     "prettier": "^2.8.3",
     "supertest": "^6.3.3",
-    "typescript": "^4.9.4",
+    "typescript": "^4.9.5",
     "unbuild": "^1.1.1",
-    "vitest": "^0.28.2"
+    "vitest": "^0.28.3"
   },
-  "packageManager": "pnpm@7.26.0",
+  "packageManager": "pnpm@7.26.3",
   "scripts": {
     "build": "unbuild",
     "dev": "vitest",