hono 4.10.2 → 4.10.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/adapter/aws-lambda/handler.js +1 -1
  2. package/dist/cjs/adapter/aws-lambda/handler.js +1 -1
  3. package/dist/cjs/middleware/cors/index.js +6 -8
  4. package/dist/cjs/middleware/request-id/request-id.js +1 -1
  5. package/dist/cjs/utils/jwt/jwt.js +24 -38
  6. package/dist/middleware/cors/index.js +6 -8
  7. package/dist/middleware/request-id/request-id.js +1 -1
  8. package/dist/utils/jwt/jwt.js +24 -38
  9. package/package.json +1 -1
package/dist/adapter/aws-lambda/handler.js CHANGED
@@ -282,7 +282,7 @@ var isProxyEventV2 = (event) => {
282
282
  return Object.hasOwn(event, "rawPath");
283
283
  };
284
284
  var defaultIsContentTypeBinary = (contentType) => {
285
- return !/^(text\/(plain|html|css|javascript|csv).*|application\/(.*json|.*xml).*|image\/svg\+xml.*)$/.test(
285
+ return !/^text\/(?:plain|html|css|javascript|csv)|(?:\/|\+)(?:json|xml)\s*(?:;|$)/.test(
286
286
  contentType
287
287
  );
288
288
  };
package/dist/cjs/adapter/aws-lambda/handler.js CHANGED
@@ -312,7 +312,7 @@ const isProxyEventV2 = (event) => {
312
312
  return Object.hasOwn(event, "rawPath");
313
313
  };
314
314
  const defaultIsContentTypeBinary = (contentType) => {
315
- return !/^(text\/(plain|html|css|javascript|csv).*|application\/(.*json|.*xml).*|image\/svg\+xml.*)$/.test(
315
+ return !/^text\/(?:plain|html|css|javascript|csv)|(?:\/|\+)(?:json|xml)\s*(?:;|$)/.test(
316
316
  contentType
317
317
  );
318
318
  };
package/dist/cjs/middleware/cors/index.js CHANGED
@@ -62,14 +62,6 @@ const cors = (options) => {
62
62
  if (allowOrigin) {
63
63
  set("Access-Control-Allow-Origin", allowOrigin);
64
64
  }
65
- if (opts.origin !== "*") {
66
- const existingVary = c.req.header("Vary");
67
- if (existingVary) {
68
- set("Vary", existingVary);
69
- } else {
70
- set("Vary", "Origin");
71
- }
72
- }
73
65
  if (opts.credentials) {
74
66
  set("Access-Control-Allow-Credentials", "true");
75
67
  }
@@ -77,6 +69,9 @@ const cors = (options) => {
77
69
  set("Access-Control-Expose-Headers", opts.exposeHeaders.join(","));
78
70
  }
79
71
  if (c.req.method === "OPTIONS") {
72
+ if (opts.origin !== "*") {
73
+ set("Vary", "Origin");
74
+ }
80
75
  if (opts.maxAge != null) {
81
76
  set("Access-Control-Max-Age", opts.maxAge.toString());
82
77
  }
@@ -104,6 +99,9 @@ const cors = (options) => {
104
99
  });
105
100
  }
106
101
  await next();
102
+ if (opts.origin !== "*") {
103
+ c.header("Vary", "Origin", { append: true });
104
+ }
107
105
  };
108
106
  };
109
107
  // Annotate the CommonJS export names for ESM import in node:
package/dist/cjs/middleware/request-id/request-id.js CHANGED
@@ -28,7 +28,7 @@ const requestId = ({
28
28
  } = {}) => {
29
29
  return async function requestId2(c, next) {
30
30
  let reqId = headerName ? c.req.header(headerName) : void 0;
31
- if (!reqId || reqId.length > limitLength || /[^\w\-]/.test(reqId)) {
31
+ if (!reqId || reqId.length > limitLength || /[^\w\-=]/.test(reqId)) {
32
32
  reqId = generator(c);
33
33
  }
34
34
  c.set("requestId", reqId);
package/dist/cjs/utils/jwt/jwt.js CHANGED
@@ -56,15 +56,14 @@ const sign = async (payload, privateKey, alg = "HS256") => {
56
56
  return `${partialToken}.${signature}`;
57
57
  };
58
58
  const verify = async (token, publicKey, algOrOptions) => {
59
- const optsIn = typeof algOrOptions === "string" ? { alg: algOrOptions } : algOrOptions || {};
60
- const opts = {
61
- alg: optsIn.alg ?? "HS256",
62
- iss: optsIn.iss,
63
- nbf: optsIn.nbf ?? true,
64
- exp: optsIn.exp ?? true,
65
- iat: optsIn.iat ?? true,
66
- aud: optsIn.aud
67
- };
59
+ const {
60
+ alg = "HS256",
61
+ iss,
62
+ nbf = true,
63
+ exp = true,
64
+ iat = true,
65
+ aud
66
+ } = typeof algOrOptions === "string" ? { alg: algOrOptions } : algOrOptions || {};
68
67
  const tokenParts = token.split(".");
69
68
  if (tokenParts.length !== 3) {
70
69
  throw new import_types.JwtTokenInvalid(token);
@@ -74,55 +73,42 @@ const verify = async (token, publicKey, algOrOptions) => {
74
73
  throw new import_types.JwtHeaderInvalid(header);
75
74
  }
76
75
  const now = Date.now() / 1e3 | 0;
77
- if (opts.nbf && payload.nbf && payload.nbf > now) {
76
+ if (nbf && payload.nbf && payload.nbf > now) {
78
77
  throw new import_types.JwtTokenNotBefore(token);
79
78
  }
80
- if (opts.exp && payload.exp && payload.exp <= now) {
79
+ if (exp && payload.exp && payload.exp <= now) {
81
80
  throw new import_types.JwtTokenExpired(token);
82
81
  }
83
- if (opts.iat && payload.iat && now < payload.iat) {
82
+ if (iat && payload.iat && now < payload.iat) {
84
83
  throw new import_types.JwtTokenIssuedAt(now, payload.iat);
85
84
  }
86
- if (opts.iss) {
85
+ if (iss) {
87
86
  if (!payload.iss) {
88
- throw new import_types.JwtTokenIssuer(opts.iss, null);
87
+ throw new import_types.JwtTokenIssuer(iss, null);
89
88
  }
90
- if (typeof opts.iss === "string" && payload.iss !== opts.iss) {
91
- throw new import_types.JwtTokenIssuer(opts.iss, payload.iss);
89
+ if (typeof iss === "string" && payload.iss !== iss) {
90
+ throw new import_types.JwtTokenIssuer(iss, payload.iss);
92
91
  }
93
- if (opts.iss instanceof RegExp && !opts.iss.test(payload.iss)) {
94
- throw new import_types.JwtTokenIssuer(opts.iss, payload.iss);
92
+ if (iss instanceof RegExp && !iss.test(payload.iss)) {
93
+ throw new import_types.JwtTokenIssuer(iss, payload.iss);
95
94
  }
96
95
  }
97
- if (opts.aud) {
96
+ if (aud) {
98
97
  if (!payload.aud) {
99
98
  throw new import_types.JwtPayloadRequiresAud(payload);
100
99
  }
101
- }
102
- if (payload.aud) {
103
100
  const audiences = Array.isArray(payload.aud) ? payload.aud : [payload.aud];
104
- const matched = audiences.some((aud) => {
105
- if (opts.aud instanceof RegExp && opts.aud.test(aud)) {
106
- return true;
107
- } else if (typeof opts.aud === "string") {
108
- if (aud === opts.aud) {
109
- return true;
110
- }
111
- } else if (Array.isArray(opts.aud)) {
112
- if (opts.aud.includes(aud)) {
113
- return true;
114
- }
115
- }
116
- return false;
117
- });
118
- if (opts.aud && !matched) {
119
- throw new import_types.JwtTokenAudience(opts.aud, payload.aud);
101
+ const matched = audiences.some(
102
+ (payloadAud) => aud instanceof RegExp ? aud.test(payloadAud) : typeof aud === "string" ? payloadAud === aud : Array.isArray(aud) && aud.includes(payloadAud)
103
+ );
104
+ if (!matched) {
105
+ throw new import_types.JwtTokenAudience(aud, payload.aud);
120
106
  }
121
107
  }
122
108
  const headerPayload = token.substring(0, token.lastIndexOf("."));
123
109
  const verified = await (0, import_jws.verifying)(
124
110
  publicKey,
125
- opts.alg,
111
+ alg,
126
112
  (0, import_encode.decodeBase64Url)(tokenParts[2]),
127
113
  import_utf8.utf8Encoder.encode(headerPayload)
128
114
  );
package/dist/middleware/cors/index.js CHANGED
@@ -40,14 +40,6 @@ var cors = (options) => {
40
40
  if (allowOrigin) {
41
41
  set("Access-Control-Allow-Origin", allowOrigin);
42
42
  }
43
- if (opts.origin !== "*") {
44
- const existingVary = c.req.header("Vary");
45
- if (existingVary) {
46
- set("Vary", existingVary);
47
- } else {
48
- set("Vary", "Origin");
49
- }
50
- }
51
43
  if (opts.credentials) {
52
44
  set("Access-Control-Allow-Credentials", "true");
53
45
  }
@@ -55,6 +47,9 @@ var cors = (options) => {
55
47
  set("Access-Control-Expose-Headers", opts.exposeHeaders.join(","));
56
48
  }
57
49
  if (c.req.method === "OPTIONS") {
50
+ if (opts.origin !== "*") {
51
+ set("Vary", "Origin");
52
+ }
58
53
  if (opts.maxAge != null) {
59
54
  set("Access-Control-Max-Age", opts.maxAge.toString());
60
55
  }
@@ -82,6 +77,9 @@ var cors = (options) => {
82
77
  });
83
78
  }
84
79
  await next();
80
+ if (opts.origin !== "*") {
81
+ c.header("Vary", "Origin", { append: true });
82
+ }
85
83
  };
86
84
  };
87
85
  export {
package/dist/middleware/request-id/request-id.js CHANGED
@@ -6,7 +6,7 @@ var requestId = ({
6
6
  } = {}) => {
7
7
  return async function requestId2(c, next) {
8
8
  let reqId = headerName ? c.req.header(headerName) : void 0;
9
- if (!reqId || reqId.length > limitLength || /[^\w\-]/.test(reqId)) {
9
+ if (!reqId || reqId.length > limitLength || /[^\w\-=]/.test(reqId)) {
10
10
  reqId = generator(c);
11
11
  }
12
12
  c.set("requestId", reqId);
package/dist/utils/jwt/jwt.js CHANGED
@@ -40,15 +40,14 @@ var sign = async (payload, privateKey, alg = "HS256") => {
40
40
  return `${partialToken}.${signature}`;
41
41
  };
42
42
  var verify = async (token, publicKey, algOrOptions) => {
43
- const optsIn = typeof algOrOptions === "string" ? { alg: algOrOptions } : algOrOptions || {};
44
- const opts = {
45
- alg: optsIn.alg ?? "HS256",
46
- iss: optsIn.iss,
47
- nbf: optsIn.nbf ?? true,
48
- exp: optsIn.exp ?? true,
49
- iat: optsIn.iat ?? true,
50
- aud: optsIn.aud
51
- };
43
+ const {
44
+ alg = "HS256",
45
+ iss,
46
+ nbf = true,
47
+ exp = true,
48
+ iat = true,
49
+ aud
50
+ } = typeof algOrOptions === "string" ? { alg: algOrOptions } : algOrOptions || {};
52
51
  const tokenParts = token.split(".");
53
52
  if (tokenParts.length !== 3) {
54
53
  throw new JwtTokenInvalid(token);
@@ -58,55 +57,42 @@ var verify = async (token, publicKey, algOrOptions) => {
58
57
  throw new JwtHeaderInvalid(header);
59
58
  }
60
59
  const now = Date.now() / 1e3 | 0;
61
- if (opts.nbf && payload.nbf && payload.nbf > now) {
60
+ if (nbf && payload.nbf && payload.nbf > now) {
62
61
  throw new JwtTokenNotBefore(token);
63
62
  }
64
- if (opts.exp && payload.exp && payload.exp <= now) {
63
+ if (exp && payload.exp && payload.exp <= now) {
65
64
  throw new JwtTokenExpired(token);
66
65
  }
67
- if (opts.iat && payload.iat && now < payload.iat) {
66
+ if (iat && payload.iat && now < payload.iat) {
68
67
  throw new JwtTokenIssuedAt(now, payload.iat);
69
68
  }
70
- if (opts.iss) {
69
+ if (iss) {
71
70
  if (!payload.iss) {
72
- throw new JwtTokenIssuer(opts.iss, null);
71
+ throw new JwtTokenIssuer(iss, null);
73
72
  }
74
- if (typeof opts.iss === "string" && payload.iss !== opts.iss) {
75
- throw new JwtTokenIssuer(opts.iss, payload.iss);
73
+ if (typeof iss === "string" && payload.iss !== iss) {
74
+ throw new JwtTokenIssuer(iss, payload.iss);
76
75
  }
77
- if (opts.iss instanceof RegExp && !opts.iss.test(payload.iss)) {
78
- throw new JwtTokenIssuer(opts.iss, payload.iss);
76
+ if (iss instanceof RegExp && !iss.test(payload.iss)) {
77
+ throw new JwtTokenIssuer(iss, payload.iss);
79
78
  }
80
79
  }
81
- if (opts.aud) {
80
+ if (aud) {
82
81
  if (!payload.aud) {
83
82
  throw new JwtPayloadRequiresAud(payload);
84
83
  }
85
- }
86
- if (payload.aud) {
87
84
  const audiences = Array.isArray(payload.aud) ? payload.aud : [payload.aud];
88
- const matched = audiences.some((aud) => {
89
- if (opts.aud instanceof RegExp && opts.aud.test(aud)) {
90
- return true;
91
- } else if (typeof opts.aud === "string") {
92
- if (aud === opts.aud) {
93
- return true;
94
- }
95
- } else if (Array.isArray(opts.aud)) {
96
- if (opts.aud.includes(aud)) {
97
- return true;
98
- }
99
- }
100
- return false;
101
- });
102
- if (opts.aud && !matched) {
103
- throw new JwtTokenAudience(opts.aud, payload.aud);
85
+ const matched = audiences.some(
86
+ (payloadAud) => aud instanceof RegExp ? aud.test(payloadAud) : typeof aud === "string" ? payloadAud === aud : Array.isArray(aud) && aud.includes(payloadAud)
87
+ );
88
+ if (!matched) {
89
+ throw new JwtTokenAudience(aud, payload.aud);
104
90
  }
105
91
  }
106
92
  const headerPayload = token.substring(0, token.lastIndexOf("."));
107
93
  const verified = await verifying(
108
94
  publicKey,
109
- opts.alg,
95
+ alg,
110
96
  decodeBase64Url(tokenParts[2]),
111
97
  utf8Encoder.encode(headerPayload)
112
98
  );
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "hono",
3
- "version": "4.10.2",
3
+ "version": "4.10.3",
4
4
  "description": "Web framework built on Web Standards",
5
5
  "main": "dist/cjs/index.js",
6
6
  "type": "module",