hono 1.4.4 → 1.4.5

package/dist/hono.js

@@ -102,6 +102,9 @@ class Hono extends defineDynamicClass() {
         let context;
         try {
             context = await composed(c);
+            if (!context.finalized) {
+                throw new Error('Context is not finalized. You may forget returning Response object or `await next()`');
+            }
         }
         catch (err) {
             if (err instanceof Error) {

package/dist/middleware/bearer-auth/index.d.ts

@@ -0,0 +1,8 @@
+import type { Context } from '../../context';
+import type { Next } from '../../hono';
+export declare const bearerAuth: (options: {
+    token: string;
+    realm?: string;
+    prefix?: string;
+    hashFunction?: Function;
+}) => (c: Context, next: Next) => Promise<void>;

package/dist/middleware/bearer-auth/index.js

@@ -0,0 +1,61 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.bearerAuth = void 0;
+const buffer_1 = require("../../utils/buffer");
+const TOKEN_STRINGS = '[A-Za-z0-9._~+/-]+=*';
+const PREFIX = 'Bearer';
+const bearerAuth = (options) => {
+    if (!options.token) {
+        throw new Error('bearer auth middleware requires options for "token"');
+    }
+    if (!options.realm) {
+        options.realm = '';
+    }
+    if (!options.prefix) {
+        options.prefix = PREFIX;
+    }
+    const realm = options.realm?.replace(/"/g, '\\"');
+    return async (c, next) => {
+        const headerToken = c.req.headers.get('Authorization');
+        if (!headerToken) {
+            // No Authorization header
+            c.res = new Response('Unauthorized', {
+                status: 401,
+                headers: {
+                    'WWW-Authenticate': `${options.prefix} realm="` + realm + '"',
+                },
+            });
+        }
+        else {
+            const regexp = new RegExp('^' + options.prefix + ' +(' + TOKEN_STRINGS + ') *$');
+            const match = regexp.exec(headerToken);
+            if (!match) {
+                // Invalid Request
+                c.res = new Response('Bad Request', {
+                    status: 400,
+                    headers: {
+                        'WWW-Authenticate': `${options.prefix} error="invalid_request"`,
+                    },
+                });
+            }
+            else {
+                const equal = await (0, buffer_1.timingSafeEqual)(options.token, match[1], options.hashFunction);
+                if (!equal) {
+                    // Invalid Token
+                    c.res = new Response('Unauthorized', {
+                        status: 401,
+                        headers: {
+                            'WWW-Authenticate': `${options.prefix} error="invalid_token"`,
+                        },
+                    });
+                }
+                else {
+                    // Authorize OK
+                    await next();
+                    return;
+                }
+            }
+        }
+    };
+};
+exports.bearerAuth = bearerAuth;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hono",
-  "version": "1.4.4",
+  "version": "1.4.5",
   "description": "Ultrafast web framework for Cloudflare Workers.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -18,6 +18,7 @@
   "exports": {
     ".": "./dist/index.js",
     "./basic-auth": "./dist/middleware/basic-auth/index.js",
+    "./bearer-auth": "./dist/middleware/bearer-auth/index.js",
     "./body-parse": "./dist/middleware/body-parse/index.js",
     "./cookie": "./dist/middleware/cookie/index.js",
     "./cors": "./dist/middleware/cors/index.js",
@@ -41,6 +42,9 @@
       "basic-auth": [
         "./dist/middleware/basic-auth"
       ],
+      "bearer-auth": [
+        "./dist/middleware/bearer-auth"
+      ],
       "body-parse": [
         "./dist/middleware/body-parse"
       ],