h3 1.10.0 → 1.10.2

package/README.md

@@ -222,7 +222,7 @@ H3 has a concept of composable utilities that accept `event` (from `eventHandler
 - `getMethod(event, default?)`
 - `isMethod(event, expected, allowHead?)`
 - `assertMethod(event, expected, allowHead?)`
-- `getRequestHeaders(event, headers)` (alias: `getHeaders`)
+- `getRequestHeaders(event)` (alias: `getHeaders`)
 - `getRequestHeader(event, name)` (alias: `getHeader`)
 - `getRequestURL(event)`
 - `getRequestHost(event)`

package/dist/index.cjs

@@ -2,6 +2,7 @@
 
 const ufo = require('ufo');
 const cookieEs = require('cookie-es');
+const ohash = require('ohash');
 const radix3 = require('radix3');
 const destr = require('destr');
 const defu = require('defu');
@@ -363,7 +364,7 @@ function getRequestIP(event, opts = {}) {
     return event.context.clientAddress;
   }
   if (opts.xForwardedFor) {
-    const xForwardedFor = getRequestHeader(event, "x-forwarded-for")?.split(",")?.pop();
+    const xForwardedFor = getRequestHeader(event, "x-forwarded-for")?.split(",").shift()?.trim();
     if (xForwardedFor) {
       return xForwardedFor;
     }
@@ -482,7 +483,23 @@ function getRequestWebStream(event) {
   if (!PayloadMethods$1.includes(event.method)) {
     return;
   }
-  return event.web?.request?.body || event._requestBody || new ReadableStream({
+  const bodyStream = event.web?.request?.body || event._requestBody;
+  if (bodyStream) {
+    return bodyStream;
+  }
+  const _hasRawBody = RawBodySymbol in event.node.req || "rawBody" in event.node.req || "body" in event.node.req || "__unenv__" in event.node.req;
+  if (_hasRawBody) {
+    return new ReadableStream({
+      async start(controller) {
+        const _rawBody = await readRawBody(event, false);
+        if (_rawBody) {
+          controller.enqueue(_rawBody);
+        }
+        controller.close();
+      }
+    });
+  }
+  return new ReadableStream({
     start: (controller) => {
       event.node.req.on("data", (chunk) => {
         controller.enqueue(chunk);
@@ -587,16 +604,15 @@ function getCookie(event, name) {
   return parseCookies(event)[name];
 }
 function setCookie(event, name, value, serializeOptions) {
-  const cookieStr = cookieEs.serialize(name, value, {
-    path: "/",
-    ...serializeOptions
-  });
+  serializeOptions = { path: "/", ...serializeOptions };
+  const cookieStr = cookieEs.serialize(name, value, serializeOptions);
   let setCookies = event.node.res.getHeader("set-cookie");
   if (!Array.isArray(setCookies)) {
     setCookies = [setCookies];
   }
+  const _optionsHash = ohash.objectHash(serializeOptions);
   setCookies = setCookies.filter((cookieValue) => {
-    return cookieValue && !cookieValue.startsWith(name + "=");
+    return cookieValue && _optionsHash !== ohash.objectHash(cookieEs.parse(cookieValue));
   });
   event.node.res.setHeader("set-cookie", [...setCookies, cookieStr]);
 }
@@ -708,7 +724,7 @@ function getResponseStatusText(event) {
   return event.node.res.statusMessage;
 }
 function defaultContentType(event, type) {
-  if (type && !event.node.res.getHeader("content-type")) {
+  if (type && event.node.res.statusCode !== 304 && !event.node.res.getHeader("content-type")) {
     event.node.res.setHeader("content-type", type);
   }
 }
@@ -1053,7 +1069,8 @@ const ignoredHeaders = /* @__PURE__ */ new Set([
   "keep-alive",
   "upgrade",
   "expect",
-  "host"
+  "host",
+  "accept"
 ]);
 async function proxyRequest(event, target, opts = {}) {
   let body;
@@ -1215,6 +1232,7 @@ function mergeHeaders(defaults, ...inputs) {
   return merged;
 }
 
+const getSessionPromise = Symbol("getSession");
 const DEFAULT_NAME = "h3";
 const DEFAULT_COOKIE = {
   path: "/",
@@ -1247,8 +1265,9 @@ async function getSession(event, config) {
   if (!event.context.sessions) {
     event.context.sessions = /* @__PURE__ */ Object.create(null);
   }
-  if (event.context.sessions[sessionName]) {
-    return event.context.sessions[sessionName];
+  const existingSession = event.context.sessions[sessionName];
+  if (existingSession) {
+    return existingSession[getSessionPromise] || existingSession;
   }
   const session = {
     id: "",
@@ -1268,11 +1287,14 @@ async function getSession(event, config) {
     sealedSession = getCookie(event, sessionName);
   }
   if (sealedSession) {
-    const unsealed = await unsealSession(event, config, sealedSession).catch(
-      () => {
-      }
-    );
-    Object.assign(session, unsealed);
+    const promise = unsealSession(event, config, sealedSession).catch(() => {
+    }).then((unsealed) => {
+      Object.assign(session, unsealed);
+      delete event.context.sessions[sessionName][getSessionPromise];
+      return session;
+    });
+    event.context.sessions[sessionName][getSessionPromise] = promise;
+    await promise;
   }
   if (!session.id) {
     session.id = config.generateId?.() ?? (config.crypto || crypto__default).randomUUID();

package/dist/index.d.cts

@@ -107,10 +107,12 @@ declare const H3Response: {
 
 type SessionDataT = Record<string, any>;
 type SessionData<T extends SessionDataT = SessionDataT> = T;
+declare const getSessionPromise: unique symbol;
 interface Session<T extends SessionDataT = SessionDataT> {
     id: string;
     createdAt: number;
     data: SessionData<T>;
+    [getSessionPromise]?: Promise<Session<T>>;
 }
 interface SessionConfig {
     /** Private key used to encrypt session tokens */
@@ -580,9 +582,9 @@ declare function getResponseStatus(event: H3Event): number;
 declare function getResponseStatusText(event: H3Event): string;
 declare function defaultContentType(event: H3Event, type?: string): void;
 declare function sendRedirect(event: H3Event, location: string, code?: number): Promise<void>;
-declare function getResponseHeaders(event: H3Event): ReturnType<H3Event["res"]["getHeaders"]>;
-declare function getResponseHeader(event: H3Event, name: HTTPHeaderName): ReturnType<H3Event["res"]["getHeader"]>;
-declare function setResponseHeaders(event: H3Event, headers: Record<HTTPHeaderName, Parameters<OutgoingMessage["setHeader"]>[1]>): void;
+declare function getResponseHeaders(event: H3Event): ReturnType<H3Event["node"]["res"]["getHeaders"]>;
+declare function getResponseHeader(event: H3Event, name: HTTPHeaderName): ReturnType<H3Event["node"]["res"]["getHeader"]>;
+declare function setResponseHeaders(event: H3Event, headers: Partial<Record<HTTPHeaderName, Parameters<OutgoingMessage["setHeader"]>[1]>>): void;
 declare const setHeaders: typeof setResponseHeaders;
 declare function setResponseHeader(event: H3Event, name: HTTPHeaderName, value: Parameters<OutgoingMessage["setHeader"]>[1]): void;
 declare const setHeader: typeof setResponseHeader;

package/dist/index.d.mts

@@ -107,10 +107,12 @@ declare const H3Response: {
 
 type SessionDataT = Record<string, any>;
 type SessionData<T extends SessionDataT = SessionDataT> = T;
+declare const getSessionPromise: unique symbol;
 interface Session<T extends SessionDataT = SessionDataT> {
     id: string;
     createdAt: number;
     data: SessionData<T>;
+    [getSessionPromise]?: Promise<Session<T>>;
 }
 interface SessionConfig {
     /** Private key used to encrypt session tokens */
@@ -580,9 +582,9 @@ declare function getResponseStatus(event: H3Event): number;
 declare function getResponseStatusText(event: H3Event): string;
 declare function defaultContentType(event: H3Event, type?: string): void;
 declare function sendRedirect(event: H3Event, location: string, code?: number): Promise<void>;
-declare function getResponseHeaders(event: H3Event): ReturnType<H3Event["res"]["getHeaders"]>;
-declare function getResponseHeader(event: H3Event, name: HTTPHeaderName): ReturnType<H3Event["res"]["getHeader"]>;
-declare function setResponseHeaders(event: H3Event, headers: Record<HTTPHeaderName, Parameters<OutgoingMessage["setHeader"]>[1]>): void;
+declare function getResponseHeaders(event: H3Event): ReturnType<H3Event["node"]["res"]["getHeaders"]>;
+declare function getResponseHeader(event: H3Event, name: HTTPHeaderName): ReturnType<H3Event["node"]["res"]["getHeader"]>;
+declare function setResponseHeaders(event: H3Event, headers: Partial<Record<HTTPHeaderName, Parameters<OutgoingMessage["setHeader"]>[1]>>): void;
 declare const setHeaders: typeof setResponseHeaders;
 declare function setResponseHeader(event: H3Event, name: HTTPHeaderName, value: Parameters<OutgoingMessage["setHeader"]>[1]): void;
 declare const setHeader: typeof setResponseHeader;

package/dist/index.d.ts

@@ -107,10 +107,12 @@ declare const H3Response: {
 
 type SessionDataT = Record<string, any>;
 type SessionData<T extends SessionDataT = SessionDataT> = T;
+declare const getSessionPromise: unique symbol;
 interface Session<T extends SessionDataT = SessionDataT> {
     id: string;
     createdAt: number;
     data: SessionData<T>;
+    [getSessionPromise]?: Promise<Session<T>>;
 }
 interface SessionConfig {
     /** Private key used to encrypt session tokens */
@@ -580,9 +582,9 @@ declare function getResponseStatus(event: H3Event): number;
 declare function getResponseStatusText(event: H3Event): string;
 declare function defaultContentType(event: H3Event, type?: string): void;
 declare function sendRedirect(event: H3Event, location: string, code?: number): Promise<void>;
-declare function getResponseHeaders(event: H3Event): ReturnType<H3Event["res"]["getHeaders"]>;
-declare function getResponseHeader(event: H3Event, name: HTTPHeaderName): ReturnType<H3Event["res"]["getHeader"]>;
-declare function setResponseHeaders(event: H3Event, headers: Record<HTTPHeaderName, Parameters<OutgoingMessage["setHeader"]>[1]>): void;
+declare function getResponseHeaders(event: H3Event): ReturnType<H3Event["node"]["res"]["getHeaders"]>;
+declare function getResponseHeader(event: H3Event, name: HTTPHeaderName): ReturnType<H3Event["node"]["res"]["getHeader"]>;
+declare function setResponseHeaders(event: H3Event, headers: Partial<Record<HTTPHeaderName, Parameters<OutgoingMessage["setHeader"]>[1]>>): void;
 declare const setHeaders: typeof setResponseHeaders;
 declare function setResponseHeader(event: H3Event, name: HTTPHeaderName, value: Parameters<OutgoingMessage["setHeader"]>[1]): void;
 declare const setHeader: typeof setResponseHeader;

package/dist/index.mjs

@@ -1,5 +1,6 @@
 import { withoutTrailingSlash, withoutBase, getQuery as getQuery$1, decode, decodePath, withLeadingSlash, parseURL } from 'ufo';
 import { parse as parse$1, serialize } from 'cookie-es';
+import { objectHash } from 'ohash';
 import { createRouter as createRouter$1, toRouteMatcher } from 'radix3';
 import destr from 'destr';
 import { defu } from 'defu';
@@ -356,7 +357,7 @@ function getRequestIP(event, opts = {}) {
     return event.context.clientAddress;
   }
   if (opts.xForwardedFor) {
-    const xForwardedFor = getRequestHeader(event, "x-forwarded-for")?.split(",")?.pop();
+    const xForwardedFor = getRequestHeader(event, "x-forwarded-for")?.split(",").shift()?.trim();
     if (xForwardedFor) {
       return xForwardedFor;
     }
@@ -475,7 +476,23 @@ function getRequestWebStream(event) {
   if (!PayloadMethods$1.includes(event.method)) {
     return;
   }
-  return event.web?.request?.body || event._requestBody || new ReadableStream({
+  const bodyStream = event.web?.request?.body || event._requestBody;
+  if (bodyStream) {
+    return bodyStream;
+  }
+  const _hasRawBody = RawBodySymbol in event.node.req || "rawBody" in event.node.req || "body" in event.node.req || "__unenv__" in event.node.req;
+  if (_hasRawBody) {
+    return new ReadableStream({
+      async start(controller) {
+        const _rawBody = await readRawBody(event, false);
+        if (_rawBody) {
+          controller.enqueue(_rawBody);
+        }
+        controller.close();
+      }
+    });
+  }
+  return new ReadableStream({
     start: (controller) => {
       event.node.req.on("data", (chunk) => {
         controller.enqueue(chunk);
@@ -580,16 +597,15 @@ function getCookie(event, name) {
   return parseCookies(event)[name];
 }
 function setCookie(event, name, value, serializeOptions) {
-  const cookieStr = serialize(name, value, {
-    path: "/",
-    ...serializeOptions
-  });
+  serializeOptions = { path: "/", ...serializeOptions };
+  const cookieStr = serialize(name, value, serializeOptions);
   let setCookies = event.node.res.getHeader("set-cookie");
   if (!Array.isArray(setCookies)) {
     setCookies = [setCookies];
   }
+  const _optionsHash = objectHash(serializeOptions);
   setCookies = setCookies.filter((cookieValue) => {
-    return cookieValue && !cookieValue.startsWith(name + "=");
+    return cookieValue && _optionsHash !== objectHash(parse$1(cookieValue));
   });
   event.node.res.setHeader("set-cookie", [...setCookies, cookieStr]);
 }
@@ -701,7 +717,7 @@ function getResponseStatusText(event) {
   return event.node.res.statusMessage;
 }
 function defaultContentType(event, type) {
-  if (type && !event.node.res.getHeader("content-type")) {
+  if (type && event.node.res.statusCode !== 304 && !event.node.res.getHeader("content-type")) {
     event.node.res.setHeader("content-type", type);
   }
 }
@@ -1046,7 +1062,8 @@ const ignoredHeaders = /* @__PURE__ */ new Set([
   "keep-alive",
   "upgrade",
   "expect",
-  "host"
+  "host",
+  "accept"
 ]);
 async function proxyRequest(event, target, opts = {}) {
   let body;
@@ -1208,6 +1225,7 @@ function mergeHeaders(defaults, ...inputs) {
   return merged;
 }
 
+const getSessionPromise = Symbol("getSession");
 const DEFAULT_NAME = "h3";
 const DEFAULT_COOKIE = {
   path: "/",
@@ -1240,8 +1258,9 @@ async function getSession(event, config) {
   if (!event.context.sessions) {
     event.context.sessions = /* @__PURE__ */ Object.create(null);
   }
-  if (event.context.sessions[sessionName]) {
-    return event.context.sessions[sessionName];
+  const existingSession = event.context.sessions[sessionName];
+  if (existingSession) {
+    return existingSession[getSessionPromise] || existingSession;
   }
   const session = {
     id: "",
@@ -1261,11 +1280,14 @@ async function getSession(event, config) {
     sealedSession = getCookie(event, sessionName);
   }
   if (sealedSession) {
-    const unsealed = await unsealSession(event, config, sealedSession).catch(
-      () => {
-      }
-    );
-    Object.assign(session, unsealed);
+    const promise = unsealSession(event, config, sealedSession).catch(() => {
+    }).then((unsealed) => {
+      Object.assign(session, unsealed);
+      delete event.context.sessions[sessionName][getSessionPromise];
+      return session;
+    });
+    event.context.sessions[sessionName][getSessionPromise] = promise;
+    await promise;
   }
   if (!session.id) {
     session.id = config.generateId?.() ?? (config.crypto || crypto).randomUUID();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "h3",
-  "version": "1.10.0",
+  "version": "1.10.2",
   "description": "Minimal H(TTP) framework built for high performance and portability.",
   "repository": "unjs/h3",
   "license": "MIT",
@@ -21,40 +21,41 @@
   ],
   "dependencies": {
     "cookie-es": "^1.0.0",
-    "defu": "^6.1.3",
+    "defu": "^6.1.4",
     "destr": "^2.0.2",
     "iron-webcrypto": "^1.0.0",
+    "ohash": "^1.1.3",
     "radix3": "^1.1.0",
     "ufo": "^1.3.2",
     "uncrypto": "^0.1.3",
-    "unenv": "^1.8.0"
+    "unenv": "^1.9.0"
   },
   "devDependencies": {
     "0x": "^5.7.0",
     "@types/express": "^4.17.21",
-    "@types/node": "^20.10.4",
+    "@types/node": "^20.11.6",
     "@types/supertest": "^6.0.2",
-    "@vitest/coverage-v8": "^1.0.2",
+    "@vitest/coverage-v8": "^1.2.1",
     "autocannon": "^7.14.0",
     "changelogen": "^0.5.5",
     "connect": "^3.7.0",
-    "eslint": "^8.55.0",
+    "eslint": "^8.56.0",
     "eslint-config-unjs": "^0.2.1",
     "express": "^4.18.2",
     "get-port": "^7.0.0",
     "jiti": "^1.21.0",
-    "listhen": "^1.5.5",
-    "node-fetch-native": "^1.4.1",
-    "prettier": "^3.1.0",
+    "listhen": "^1.5.6",
+    "node-fetch-native": "^1.6.1",
+    "prettier": "^3.2.4",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
-    "supertest": "^6.3.3",
+    "supertest": "^6.3.4",
     "typescript": "^5.3.3",
     "unbuild": "^2.0.0",
-    "vitest": "^1.0.2",
+    "vitest": "^1.2.1",
     "zod": "^3.22.4"
   },
-  "packageManager": "pnpm@8.11.0",
+  "packageManager": "pnpm@8.14.3",
   "scripts": {
     "build": "unbuild",
     "dev": "vitest",