hono 4.1.7 → 4.2.0

package/dist/utils/jwt/jws.js

@@ -0,0 +1,188 @@
+// src/utils/jwt/jws.ts
+import { getRuntimeKey } from "../../helper.js";
+import { decodeBase64 } from "../encode.js";
+import { JwtAlgorithmNotImplemented } from "./types.js";
+import { CryptoKeyUsage } from "./types.js";
+import { utf8Encoder } from "./utf8.js";
+async function signing(privateKey, alg, data) {
+  const algorithm = getKeyAlgorithm(alg);
+  const cryptoKey = await importPrivateKey(privateKey, algorithm);
+  return await crypto.subtle.sign(algorithm, cryptoKey, data);
+}
+async function verifying(publicKey, alg, signature, data) {
+  const algorithm = getKeyAlgorithm(alg);
+  const cryptoKey = await importPublicKey(publicKey, algorithm);
+  return await crypto.subtle.verify(algorithm, cryptoKey, signature, data);
+}
+function pemToBinary(pem) {
+  return decodeBase64(pem.replace(/-+(BEGIN|END).*/g, "").replace(/\s/g, ""));
+}
+async function importPrivateKey(key, alg) {
+  if (!crypto.subtle || !crypto.subtle.importKey) {
+    throw new Error("`crypto.subtle.importKey` is undefined. JWT auth middleware requires it.");
+  }
+  if (isCryptoKey(key)) {
+    if (key.type !== "private") {
+      throw new Error(`unexpected non private key: CryptoKey.type is ${key.type}`);
+    }
+    return key;
+  }
+  const usages = [CryptoKeyUsage.Sign];
+  if (typeof key === "object") {
+    return await crypto.subtle.importKey("jwk", key, alg, false, usages);
+  }
+  if (key.includes("PRIVATE")) {
+    return await crypto.subtle.importKey("pkcs8", pemToBinary(key), alg, false, usages);
+  }
+  return await crypto.subtle.importKey("raw", utf8Encoder.encode(key), alg, false, usages);
+}
+async function importPublicKey(key, alg) {
+  if (!crypto.subtle || !crypto.subtle.importKey) {
+    throw new Error("`crypto.subtle.importKey` is undefined. JWT auth middleware requires it.");
+  }
+  if (isCryptoKey(key)) {
+    if (key.type === "public" || key.type === "secret") {
+      return key;
+    }
+    key = await exportPublicJwkFrom(key);
+  }
+  if (typeof key === "string" && key.includes("PRIVATE")) {
+    const privateKey = await crypto.subtle.importKey("pkcs8", pemToBinary(key), alg, true, [
+      CryptoKeyUsage.Sign
+    ]);
+    key = await exportPublicJwkFrom(privateKey);
+  }
+  const usages = [CryptoKeyUsage.Verify];
+  if (typeof key === "object") {
+    return await crypto.subtle.importKey("jwk", key, alg, false, usages);
+  }
+  if (key.includes("PUBLIC")) {
+    return await crypto.subtle.importKey("spki", pemToBinary(key), alg, false, usages);
+  }
+  return await crypto.subtle.importKey("raw", utf8Encoder.encode(key), alg, false, usages);
+}
+async function exportPublicJwkFrom(privateKey) {
+  if (privateKey.type !== "private") {
+    throw new Error(`unexpected key type: ${privateKey.type}`);
+  }
+  if (!privateKey.extractable) {
+    throw new Error("unexpected private key is unextractable");
+  }
+  const jwk = await crypto.subtle.exportKey("jwk", privateKey);
+  const { kty } = jwk;
+  const { alg, e, n } = jwk;
+  const { crv, x, y } = jwk;
+  return { kty, alg, e, n, crv, x, y, key_ops: [CryptoKeyUsage.Verify] };
+}
+function getKeyAlgorithm(name) {
+  switch (name) {
+    case "HS256":
+      return {
+        name: "HMAC",
+        hash: {
+          name: "SHA-256"
+        }
+      };
+    case "HS384":
+      return {
+        name: "HMAC",
+        hash: {
+          name: "SHA-384"
+        }
+      };
+    case "HS512":
+      return {
+        name: "HMAC",
+        hash: {
+          name: "SHA-512"
+        }
+      };
+    case "RS256":
+      return {
+        name: "RSASSA-PKCS1-v1_5",
+        hash: {
+          name: "SHA-256"
+        }
+      };
+    case "RS384":
+      return {
+        name: "RSASSA-PKCS1-v1_5",
+        hash: {
+          name: "SHA-384"
+        }
+      };
+    case "RS512":
+      return {
+        name: "RSASSA-PKCS1-v1_5",
+        hash: {
+          name: "SHA-512"
+        }
+      };
+    case "PS256":
+      return {
+        name: "RSA-PSS",
+        hash: {
+          name: "SHA-256"
+        },
+        saltLength: 32
+      };
+    case "PS384":
+      return {
+        name: "RSA-PSS",
+        hash: {
+          name: "SHA-384"
+        },
+        saltLength: 48
+      };
+    case "PS512":
+      return {
+        name: "RSA-PSS",
+        hash: {
+          name: "SHA-512"
+        },
+        saltLength: 64
+      };
+    case "ES256":
+      return {
+        name: "ECDSA",
+        hash: {
+          name: "SHA-256"
+        },
+        namedCurve: "P-256"
+      };
+    case "ES384":
+      return {
+        name: "ECDSA",
+        hash: {
+          name: "SHA-384"
+        },
+        namedCurve: "P-384"
+      };
+    case "ES512":
+      return {
+        name: "ECDSA",
+        hash: {
+          name: "SHA-512"
+        },
+        namedCurve: "P-521"
+      };
+    case "EdDSA":
+      return {
+        name: "Ed25519",
+        namedCurve: "Ed25519"
+      };
+    default:
+      throw new JwtAlgorithmNotImplemented(name);
+  }
+}
+function isCryptoKey(key) {
+  const runtime = getRuntimeKey();
+  if (runtime === "node" && !!crypto.webcrypto) {
+    return key instanceof crypto.webcrypto.CryptoKey;
+  }
+  return key instanceof CryptoKey;
+}
+export {
+  signing,
+  verifying
+};

package/dist/utils/jwt/jwt.js

@@ -1,73 +1,39 @@
 // src/utils/jwt/jwt.ts
 import { encodeBase64Url, decodeBase64Url } from "../../utils/encode.js";
-import { JwtTokenIssuedAt } from "./types.js";
+import { AlgorithmTypes } from "./jwa.js";
+import { signing, verifying } from "./jws.js";
+import { JwtHeaderInvalid } from "./types.js";
 import {
   JwtTokenInvalid,
   JwtTokenNotBefore,
   JwtTokenExpired,
   JwtTokenSignatureMismatched,
-  JwtAlgorithmNotImplemented
+  JwtTokenIssuedAt
 } from "./types.js";
-var utf8Encoder = new TextEncoder();
-var utf8Decoder = new TextDecoder();
+import { utf8Decoder, utf8Encoder } from "./utf8.js";
 var encodeJwtPart = (part) => encodeBase64Url(utf8Encoder.encode(JSON.stringify(part))).replace(/=/g, "");
 var encodeSignaturePart = (buf) => encodeBase64Url(buf).replace(/=/g, "");
 var decodeJwtPart = (part) => JSON.parse(utf8Decoder.decode(decodeBase64Url(part)));
-var param = (name) => {
-  switch (name.toUpperCase()) {
-    case "HS256":
-      return {
-        name: "HMAC",
-        hash: {
-          name: "SHA-256"
-        }
-      };
-    case "HS384":
-      return {
-        name: "HMAC",
-        hash: {
-          name: "SHA-384"
-        }
-      };
-    case "HS512":
-      return {
-        name: "HMAC",
-        hash: {
-          name: "SHA-512"
-        }
-      };
-    default:
-      throw new JwtAlgorithmNotImplemented(name);
-  }
-};
-var signing = async (data, secret, alg = "HS256") => {
-  if (!crypto.subtle || !crypto.subtle.importKey) {
-    throw new Error("`crypto.subtle.importKey` is undefined. JWT auth middleware requires it.");
-  }
-  const utf8Encoder2 = new TextEncoder();
-  const cryptoKey = await crypto.subtle.importKey(
-    "raw" /* RAW */,
-    utf8Encoder2.encode(secret),
-    param(alg),
-    false,
-    ["sign" /* Sign */]
-  );
-  return await crypto.subtle.sign(param(alg), cryptoKey, utf8Encoder2.encode(data));
-};
-var sign = async (payload, secret, alg = "HS256") => {
+function isTokenHeader(obj) {
+  return typeof obj === "object" && obj !== null && "alg" in obj && Object.values(AlgorithmTypes).includes(obj.alg) && "typ" in obj && obj.typ === "JWT";
+}
+var sign = async (payload, privateKey, alg = "HS256") => {
   const encodedPayload = encodeJwtPart(payload);
   const encodedHeader = encodeJwtPart({ alg, typ: "JWT" });
   const partialToken = `${encodedHeader}.${encodedPayload}`;
-  const signaturePart = await signing(partialToken, secret, alg);
+  const signaturePart = await signing(privateKey, alg, utf8Encoder.encode(partialToken));
   const signature = encodeSignaturePart(signaturePart);
   return `${partialToken}.${signature}`;
 };
-var verify = async (token, secret, alg = "HS256") => {
+var verify = async (token, publicKey, alg = "HS256") => {
   const tokenParts = token.split(".");
   if (tokenParts.length !== 3) {
     throw new JwtTokenInvalid(token);
   }
-  const { payload } = decode(token);
+  const { header, payload } = decode(token);
+  if (!isTokenHeader(header)) {
+    throw new JwtHeaderInvalid(header);
+  }
   const now = Math.floor(Date.now() / 1e3);
   if (payload.nbf && payload.nbf > now) {
     throw new JwtTokenNotBefore(token);
@@ -78,10 +44,14 @@ var verify = async (token, secret, alg = "HS256") => {
   if (payload.iat && now < payload.iat) {
     throw new JwtTokenIssuedAt(now, payload.iat);
   }
-  const signaturePart = tokenParts.slice(0, 2).join(".");
-  const signature = await signing(signaturePart, secret, alg);
-  const encodedSignature = encodeSignaturePart(signature);
-  if (encodedSignature !== tokenParts[2]) {
+  const headerPayload = token.substring(0, token.lastIndexOf("."));
+  const verified = await verifying(
+    publicKey,
+    alg,
+    decodeBase64Url(tokenParts[2]),
+    utf8Encoder.encode(headerPayload)
+  );
+  if (!verified) {
     throw new JwtTokenSignatureMismatched(token);
   }
   return payload;
@@ -101,6 +71,7 @@ var decode = (token) => {
 };
 export {
   decode,
+  isTokenHeader,
   sign,
   verify
 };

package/dist/utils/jwt/types.js

@@ -29,21 +29,33 @@ var JwtTokenIssuedAt = class extends Error {
     this.name = "JwtTokenIssuedAt";
   }
 };
+var JwtHeaderInvalid = class extends Error {
+  constructor(header) {
+    super(`jwt header is invalid: ${JSON.stringify(header)}`);
+    this.name = "JwtHeaderInvalid";
+  }
+};
 var JwtTokenSignatureMismatched = class extends Error {
   constructor(token) {
     super(`token(${token}) signature mismatched`);
     this.name = "JwtTokenSignatureMismatched";
   }
 };
-var AlgorithmTypes = /* @__PURE__ */ ((AlgorithmTypes2) => {
-  AlgorithmTypes2["HS256"] = "HS256";
-  AlgorithmTypes2["HS384"] = "HS384";
-  AlgorithmTypes2["HS512"] = "HS512";
-  return AlgorithmTypes2;
-})(AlgorithmTypes || {});
+var CryptoKeyUsage = /* @__PURE__ */ ((CryptoKeyUsage2) => {
+  CryptoKeyUsage2["Encrypt"] = "encrypt";
+  CryptoKeyUsage2["Decrypt"] = "decrypt";
+  CryptoKeyUsage2["Sign"] = "sign";
+  CryptoKeyUsage2["Verify"] = "verify";
+  CryptoKeyUsage2["DeriveKey"] = "deriveKey";
+  CryptoKeyUsage2["DeriveBits"] = "deriveBits";
+  CryptoKeyUsage2["WrapKey"] = "wrapKey";
+  CryptoKeyUsage2["UnwrapKey"] = "unwrapKey";
+  return CryptoKeyUsage2;
+})(CryptoKeyUsage || {});
 export {
-  AlgorithmTypes,
+  CryptoKeyUsage,
   JwtAlgorithmNotImplemented,
+  JwtHeaderInvalid,
   JwtTokenExpired,
   JwtTokenInvalid,
   JwtTokenIssuedAt,

package/dist/utils/jwt/utf8.js

@@ -0,0 +1,7 @@
+// src/utils/jwt/utf8.ts
+var utf8Encoder = new TextEncoder();
+var utf8Decoder = new TextDecoder();
+export {
+  utf8Decoder,
+  utf8Encoder
+};

package/dist/validator/validator.js

@@ -6,30 +6,14 @@ var validator = (target, validationFunc) => {
   return async (c, next) => {
     let value = {};
     const contentType = c.req.header("Content-Type");
-    const bodyTypes = ["text", "arrayBuffer", "blob"];
     switch (target) {
       case "json":
         if (!contentType || !contentType.startsWith("application/json")) {
           const message = `Invalid HTTP header: Content-Type=${contentType}`;
           throw new HTTPException(400, { message });
         }
-        if (c.req.bodyCache.json) {
-          value = await c.req.bodyCache.json;
-          break;
-        }
         try {
-          let arrayBuffer = void 0;
-          for (const type of bodyTypes) {
-            const body = c.req.bodyCache[type];
-            if (body) {
-              arrayBuffer = await new Response(await body).arrayBuffer();
-              break;
-            }
-          }
-          arrayBuffer ??= await c.req.raw.arrayBuffer();
-          value = await new Response(arrayBuffer).json();
-          c.req.bodyCache.json = value;
-          c.req.bodyCache.arrayBuffer = arrayBuffer;
+          value = await c.req.json();
         } catch {
           const message = "Malformed JSON in request body";
           throw new HTTPException(400, { message });
@@ -44,15 +28,7 @@ var validator = (target, validationFunc) => {
           break;
         }
         try {
-          let arrayBuffer = void 0;
-          for (const type of bodyTypes) {
-            const body = c.req.bodyCache[type];
-            if (body) {
-              arrayBuffer = await new Response(await body).arrayBuffer();
-              break;
-            }
-          }
-          arrayBuffer ??= await c.req.arrayBuffer();
+          const arrayBuffer = await c.req.arrayBuffer();
           const formData = await bufferToFormData(arrayBuffer, contentType);
           const form = {};
           formData.forEach((value2, key) => {
@@ -60,7 +36,6 @@ var validator = (target, validationFunc) => {
           });
           value = form;
           c.req.bodyCache.formData = formData;
-          c.req.bodyCache.arrayBuffer = arrayBuffer;
         } catch (e) {
           let message = "Malformed FormData request.";
           message += e instanceof Error ? ` ${e.message}` : ` ${String(e)}`;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hono",
-  "version": "4.1.7",
+  "version": "4.2.0",
   "description": "Ultrafast web framework for the Edges",
   "main": "dist/cjs/index.js",
   "type": "module",
@@ -114,6 +114,11 @@
       "import": "./dist/middleware/etag/index.js",
       "require": "./dist/cjs/middleware/etag/index.js"
     },
+    "./trailing-slash": {
+      "types": "./dist/types/middleware/trailing-slash/index.d.ts",
+      "import": "./dist/middleware/trailing-slash/index.js",
+      "require": "./dist/cjs/middleware/trailing-slash/index.js"
+    },
     "./html": {
       "types": "./dist/types/helper/html/index.d.ts",
       "import": "./dist/helper/html/index.js",
@@ -184,6 +189,11 @@
       "import": "./dist/middleware/logger/index.js",
       "require": "./dist/cjs/middleware/logger/index.js"
     },
+    "./method-override": {
+      "types": "./dist/types/middleware/method-override/index.d.ts",
+      "import": "./dist/middleware/method-override/index.js",
+      "require": "./dist/cjs/middleware/method-override/index.js"
+    },
     "./powered-by": {
       "types": "./dist/types/middleware/powered-by/index.d.ts",
       "import": "./dist/middleware/powered-by/index.js",
@@ -408,6 +418,9 @@
       "logger": [
         "./dist/types/middleware/logger"
       ],
+      "method-override": [
+        "./dist/types/middleware/method-override"
+      ],
       "powered-by": [
         "./dist/types/middleware/powered-by"
       ],