hono 4.10.5 → 4.10.6

package/dist/adapter/aws-lambda/handler.js

@@ -73,9 +73,25 @@ var handle = (app, { isContentTypeBinary } = { isContentTypeBinary: void 0 }) =>
   };
 };
 var EventProcessor = class {
+  getHeaderValue(headers, key) {
+    const value = headers ? Array.isArray(headers[key]) ? headers[key][0] : headers[key] : void 0;
+    return value;
+  }
+  getDomainName(event) {
+    if (event.requestContext && "domainName" in event.requestContext) {
+      return event.requestContext.domainName;
+    }
+    const hostFromHeaders = this.getHeaderValue(event.headers, "host");
+    if (hostFromHeaders) {
+      return hostFromHeaders;
+    }
+    const multiValueHeaders = "multiValueHeaders" in event ? event.multiValueHeaders : {};
+    const hostFromMultiValueHeaders = this.getHeaderValue(multiValueHeaders, "host");
+    return hostFromMultiValueHeaders;
+  }
   createRequest(event) {
     const queryString = this.getQueryString(event);
-    const domainName = event.requestContext && "domainName" in event.requestContext ? event.requestContext.domainName : event.headers?.["host"] ?? event.multiValueHeaders?.["host"]?.[0];
+    const domainName = this.getDomainName(event);
     const path = this.getPath(event);
     const urlPath = `https://${domainName}${path}`;
     const url = queryString ? `${urlPath}?${queryString}` : urlPath;
@@ -103,7 +119,7 @@ var EventProcessor = class {
       body,
       statusCode: res.status,
       isBase64Encoded,
-      ...event.multiValueHeaders ? {
+      ..."multiValueHeaders" in event && event.multiValueHeaders ? {
         multiValueHeaders: {}
       } : {
         headers: {}
@@ -263,6 +279,41 @@ var ALBProcessor = class extends EventProcessor {
   }
 };
 var albProcessor = new ALBProcessor();
+var LatticeV2Processor = class extends EventProcessor {
+  getPath(event) {
+    return event.path;
+  }
+  getMethod(event) {
+    return event.method;
+  }
+  getQueryString() {
+    return "";
+  }
+  getHeaders(event) {
+    const headers = new Headers();
+    if (event.headers) {
+      for (const [k, values] of Object.entries(event.headers)) {
+        if (values) {
+          const foundK = headers.get(k);
+          values.forEach((v) => {
+            const sanitizedValue = sanitizeHeaderValue(v);
+            return (!foundK || !foundK.includes(sanitizedValue)) && headers.append(k, sanitizedValue);
+          });
+        }
+      }
+    }
+    return headers;
+  }
+  getCookies() {
+  }
+  setCookiesToResult(result, cookies) {
+    result.headers = {
+      ...result.headers,
+      "set-cookie": cookies.join(", ")
+    };
+  }
+};
+var latticeV2Processor = new LatticeV2Processor();
 var getProcessor = (event) => {
   if (isProxyEventALB(event)) {
     return albProcessor;
@@ -270,6 +321,9 @@ var getProcessor = (event) => {
   if (isProxyEventV2(event)) {
     return v2Processor;
   }
+  if (isLatticeEventV2(event)) {
+    return latticeV2Processor;
+  }
   return v1Processor;
 };
 var isProxyEventALB = (event) => {
@@ -281,6 +335,12 @@ var isProxyEventALB = (event) => {
 var isProxyEventV2 = (event) => {
   return Object.hasOwn(event, "rawPath");
 };
+var isLatticeEventV2 = (event) => {
+  if (event.requestContext) {
+    return Object.hasOwn(event.requestContext, "serviceArn");
+  }
+  return false;
+};
 var defaultIsContentTypeBinary = (contentType) => {
   return !/^text\/(?:plain|html|css|javascript|csv)|(?:\/|\+)(?:json|xml)\s*(?:;|$)/.test(
     contentType
@@ -297,6 +357,7 @@ export {
   EventProcessor,
   EventV1Processor,
   EventV2Processor,
+  LatticeV2Processor,
   defaultIsContentTypeBinary,
   getProcessor,
   handle,

package/dist/cjs/adapter/aws-lambda/handler.js

@@ -22,6 +22,7 @@ __export(handler_exports, {
   EventProcessor: () => EventProcessor,
   EventV1Processor: () => EventV1Processor,
   EventV2Processor: () => EventV2Processor,
+  LatticeV2Processor: () => LatticeV2Processor,
   defaultIsContentTypeBinary: () => defaultIsContentTypeBinary,
   getProcessor: () => getProcessor,
   handle: () => handle,
@@ -103,9 +104,25 @@ const handle = (app, { isContentTypeBinary } = { isContentTypeBinary: void 0 })
   };
 };
 class EventProcessor {
+  getHeaderValue(headers, key) {
+    const value = headers ? Array.isArray(headers[key]) ? headers[key][0] : headers[key] : void 0;
+    return value;
+  }
+  getDomainName(event) {
+    if (event.requestContext && "domainName" in event.requestContext) {
+      return event.requestContext.domainName;
+    }
+    const hostFromHeaders = this.getHeaderValue(event.headers, "host");
+    if (hostFromHeaders) {
+      return hostFromHeaders;
+    }
+    const multiValueHeaders = "multiValueHeaders" in event ? event.multiValueHeaders : {};
+    const hostFromMultiValueHeaders = this.getHeaderValue(multiValueHeaders, "host");
+    return hostFromMultiValueHeaders;
+  }
   createRequest(event) {
     const queryString = this.getQueryString(event);
-    const domainName = event.requestContext && "domainName" in event.requestContext ? event.requestContext.domainName : event.headers?.["host"] ?? event.multiValueHeaders?.["host"]?.[0];
+    const domainName = this.getDomainName(event);
     const path = this.getPath(event);
     const urlPath = `https://${domainName}${path}`;
     const url = queryString ? `${urlPath}?${queryString}` : urlPath;
@@ -133,7 +150,7 @@ class EventProcessor {
       body,
       statusCode: res.status,
       isBase64Encoded,
-      ...event.multiValueHeaders ? {
+      ..."multiValueHeaders" in event && event.multiValueHeaders ? {
         multiValueHeaders: {}
       } : {
         headers: {}
@@ -293,6 +310,41 @@ class ALBProcessor extends EventProcessor {
   }
 }
 const albProcessor = new ALBProcessor();
+class LatticeV2Processor extends EventProcessor {
+  getPath(event) {
+    return event.path;
+  }
+  getMethod(event) {
+    return event.method;
+  }
+  getQueryString() {
+    return "";
+  }
+  getHeaders(event) {
+    const headers = new Headers();
+    if (event.headers) {
+      for (const [k, values] of Object.entries(event.headers)) {
+        if (values) {
+          const foundK = headers.get(k);
+          values.forEach((v) => {
+            const sanitizedValue = sanitizeHeaderValue(v);
+            return (!foundK || !foundK.includes(sanitizedValue)) && headers.append(k, sanitizedValue);
+          });
+        }
+      }
+    }
+    return headers;
+  }
+  getCookies() {
+  }
+  setCookiesToResult(result, cookies) {
+    result.headers = {
+      ...result.headers,
+      "set-cookie": cookies.join(", ")
+    };
+  }
+}
+const latticeV2Processor = new LatticeV2Processor();
 const getProcessor = (event) => {
   if (isProxyEventALB(event)) {
     return albProcessor;
@@ -300,6 +352,9 @@ const getProcessor = (event) => {
   if (isProxyEventV2(event)) {
     return v2Processor;
   }
+  if (isLatticeEventV2(event)) {
+    return latticeV2Processor;
+  }
   return v1Processor;
 };
 const isProxyEventALB = (event) => {
@@ -311,6 +366,12 @@ const isProxyEventALB = (event) => {
 const isProxyEventV2 = (event) => {
   return Object.hasOwn(event, "rawPath");
 };
+const isLatticeEventV2 = (event) => {
+  if (event.requestContext) {
+    return Object.hasOwn(event.requestContext, "serviceArn");
+  }
+  return false;
+};
 const defaultIsContentTypeBinary = (contentType) => {
   return !/^text\/(?:plain|html|css|javascript|csv)|(?:\/|\+)(?:json|xml)\s*(?:;|$)/.test(
     contentType
@@ -328,6 +389,7 @@ const isContentEncodingBinary = (contentEncoding) => {
   EventProcessor,
   EventV1Processor,
   EventV2Processor,
+  LatticeV2Processor,
   defaultIsContentTypeBinary,
   getProcessor,
   handle,

package/dist/cjs/middleware/bearer-auth/index.js

@@ -41,8 +41,9 @@ const bearerAuth = (options) => {
   const regexp = new RegExp(`^${prefixRegexStr}(${TOKEN_STRINGS}) *$`);
   const wwwAuthenticatePrefix = options.prefix === "" ? "" : `${options.prefix} `;
   const throwHTTPException = async (c, status, wwwAuthenticateHeader, messageOption) => {
+    const wwwAuthenticateHeaderValue = typeof wwwAuthenticateHeader === "function" ? await wwwAuthenticateHeader(c) : wwwAuthenticateHeader;
     const headers = {
-      "WWW-Authenticate": wwwAuthenticateHeader
+      "WWW-Authenticate": typeof wwwAuthenticateHeaderValue === "string" ? wwwAuthenticateHeaderValue : `${wwwAuthenticatePrefix}${Object.entries(wwwAuthenticateHeaderValue).map(([key, value]) => `${key}="${value}"`).join(",")}`
     };
     const responseMessage = typeof messageOption === "function" ? await messageOption(c) : messageOption;
     const res = typeof responseMessage === "string" ? new Response(responseMessage, { status, headers }) : new Response(JSON.stringify(responseMessage), {
@@ -60,8 +61,8 @@ const bearerAuth = (options) => {
       await throwHTTPException(
         c,
         401,
-        `${wwwAuthenticatePrefix}realm="${realm}"`,
-        options.noAuthenticationHeaderMessage || "Unauthorized"
+        options.noAuthenticationHeader?.wwwAuthenticateHeader || `${wwwAuthenticatePrefix}realm="${realm}"`,
+        options.noAuthenticationHeader?.message || options.noAuthenticationHeaderMessage || "Unauthorized"
       );
     } else {
       const match = regexp.exec(headerToken);
@@ -69,8 +70,8 @@ const bearerAuth = (options) => {
         await throwHTTPException(
           c,
           400,
-          `${wwwAuthenticatePrefix}error="invalid_request"`,
-          options.invalidAuthenticationHeaderMessage || "Bad Request"
+          options.invalidAuthenticationHeader?.wwwAuthenticateHeader || `${wwwAuthenticatePrefix}error="invalid_request"`,
+          options.invalidAuthenticationHeader?.message || options.invalidAuthenticationHeaderMessage || "Bad Request"
         );
       } else {
         let equal = false;
@@ -90,8 +91,8 @@ const bearerAuth = (options) => {
           await throwHTTPException(
             c,
             401,
-            `${wwwAuthenticatePrefix}error="invalid_token"`,
-            options.invalidTokenMessage || "Unauthorized"
+            options.invalidToken?.wwwAuthenticateHeader || `${wwwAuthenticatePrefix}error="invalid_token"`,
+            options.invalidToken?.message || options.invalidTokenMessage || "Unauthorized"
           );
         }
       }

package/dist/middleware/bearer-auth/index.js

@@ -19,8 +19,9 @@ var bearerAuth = (options) => {
   const regexp = new RegExp(`^${prefixRegexStr}(${TOKEN_STRINGS}) *$`);
   const wwwAuthenticatePrefix = options.prefix === "" ? "" : `${options.prefix} `;
   const throwHTTPException = async (c, status, wwwAuthenticateHeader, messageOption) => {
+    const wwwAuthenticateHeaderValue = typeof wwwAuthenticateHeader === "function" ? await wwwAuthenticateHeader(c) : wwwAuthenticateHeader;
     const headers = {
-      "WWW-Authenticate": wwwAuthenticateHeader
+      "WWW-Authenticate": typeof wwwAuthenticateHeaderValue === "string" ? wwwAuthenticateHeaderValue : `${wwwAuthenticatePrefix}${Object.entries(wwwAuthenticateHeaderValue).map(([key, value]) => `${key}="${value}"`).join(",")}`
     };
     const responseMessage = typeof messageOption === "function" ? await messageOption(c) : messageOption;
     const res = typeof responseMessage === "string" ? new Response(responseMessage, { status, headers }) : new Response(JSON.stringify(responseMessage), {
@@ -38,8 +39,8 @@ var bearerAuth = (options) => {
       await throwHTTPException(
         c,
         401,
-        `${wwwAuthenticatePrefix}realm="${realm}"`,
-        options.noAuthenticationHeaderMessage || "Unauthorized"
+        options.noAuthenticationHeader?.wwwAuthenticateHeader || `${wwwAuthenticatePrefix}realm="${realm}"`,
+        options.noAuthenticationHeader?.message || options.noAuthenticationHeaderMessage || "Unauthorized"
       );
     } else {
       const match = regexp.exec(headerToken);
@@ -47,8 +48,8 @@ var bearerAuth = (options) => {
         await throwHTTPException(
           c,
           400,
-          `${wwwAuthenticatePrefix}error="invalid_request"`,
-          options.invalidAuthenticationHeaderMessage || "Bad Request"
+          options.invalidAuthenticationHeader?.wwwAuthenticateHeader || `${wwwAuthenticatePrefix}error="invalid_request"`,
+          options.invalidAuthenticationHeader?.message || options.invalidAuthenticationHeaderMessage || "Bad Request"
         );
       } else {
         let equal = false;
@@ -68,8 +69,8 @@ var bearerAuth = (options) => {
           await throwHTTPException(
             c,
             401,
-            `${wwwAuthenticatePrefix}error="invalid_token"`,
-            options.invalidTokenMessage || "Unauthorized"
+            options.invalidToken?.wwwAuthenticateHeader || `${wwwAuthenticatePrefix}error="invalid_token"`,
+            options.invalidToken?.message || options.invalidTokenMessage || "Unauthorized"
           );
         }
       }

package/dist/types/adapter/aws-lambda/handler.d.ts

@@ -1,7 +1,17 @@
 import type { Hono } from '../../hono';
 import type { Env, Schema } from '../../types';
-import type { ALBRequestContext, ApiGatewayRequestContext, ApiGatewayRequestContextV2, Handler, LambdaContext } from './types';
-export type LambdaEvent = APIGatewayProxyEvent | APIGatewayProxyEventV2 | ALBProxyEvent;
+import type { ALBRequestContext, ApiGatewayRequestContext, ApiGatewayRequestContextV2, Handler, LambdaContext, LatticeRequestContextV2 } from './types';
+export type LambdaEvent = APIGatewayProxyEvent | APIGatewayProxyEventV2 | ALBProxyEvent | LatticeProxyEventV2;
+export interface LatticeProxyEventV2 {
+    version: string;
+    path: string;
+    method: string;
+    headers: Record<string, string[] | undefined>;
+    queryStringParameters: Record<string, string[] | undefined>;
+    body: string | null;
+    isBase64Encoded: boolean;
+    requestContext: LatticeRequestContextV2;
+}
 export interface APIGatewayProxyEventV2 {
     version: string;
     routeKey: string;
@@ -124,6 +134,8 @@ export declare abstract class EventProcessor<E extends LambdaEvent> {
     protected abstract getHeaders(event: E): Headers;
     protected abstract getCookies(event: E, headers: Headers): void;
     protected abstract setCookiesToResult(result: APIGatewayProxyResult, cookies: string[]): void;
+    protected getHeaderValue(headers: E['headers'], key: string): string | undefined;
+    protected getDomainName(event: E): string | undefined;
     createRequest(event: E): Request;
     createResult(event: E, res: Response, options: Pick<HandleOptions, 'isContentTypeBinary'>): Promise<APIGatewayProxyResult>;
     setCookies(event: E, res: Response, result: APIGatewayProxyResult): void;
@@ -136,11 +148,11 @@ export declare class EventV2Processor extends EventProcessor<APIGatewayProxyEven
     protected setCookiesToResult(result: APIGatewayProxyResult, cookies: string[]): void;
     protected getHeaders(event: APIGatewayProxyEventV2): Headers;
 }
-export declare class EventV1Processor extends EventProcessor<Exclude<LambdaEvent, APIGatewayProxyEventV2>> {
-    protected getPath(event: Exclude<LambdaEvent, APIGatewayProxyEventV2>): string;
-    protected getMethod(event: Exclude<LambdaEvent, APIGatewayProxyEventV2>): string;
-    protected getQueryString(event: Exclude<LambdaEvent, APIGatewayProxyEventV2>): string;
-    protected getCookies(event: Exclude<LambdaEvent, APIGatewayProxyEventV2>, headers: Headers): void;
+export declare class EventV1Processor extends EventProcessor<APIGatewayProxyEvent> {
+    protected getPath(event: APIGatewayProxyEvent): string;
+    protected getMethod(event: APIGatewayProxyEvent): string;
+    protected getQueryString(event: APIGatewayProxyEvent): string;
+    protected getCookies(event: APIGatewayProxyEvent, headers: Headers): void;
     protected getHeaders(event: APIGatewayProxyEvent): Headers;
     protected setCookiesToResult(result: APIGatewayProxyResult, cookies: string[]): void;
 }
@@ -152,6 +164,14 @@ export declare class ALBProcessor extends EventProcessor<ALBProxyEvent> {
     protected getCookies(event: ALBProxyEvent, headers: Headers): void;
     protected setCookiesToResult(result: APIGatewayProxyResult, cookies: string[]): void;
 }
+export declare class LatticeV2Processor extends EventProcessor<LatticeProxyEventV2> {
+    protected getPath(event: LatticeProxyEventV2): string;
+    protected getMethod(event: LatticeProxyEventV2): string;
+    protected getQueryString(): string;
+    protected getHeaders(event: LatticeProxyEventV2): Headers;
+    protected getCookies(): void;
+    protected setCookiesToResult(result: APIGatewayProxyResult, cookies: string[]): void;
+}
 export declare const getProcessor: (event: LambdaEvent) => EventProcessor<LambdaEvent>;
 /**
  * Check if the given content type is binary.

package/dist/types/adapter/aws-lambda/types.d.ts

@@ -122,4 +122,23 @@ export interface ALBRequestContext {
         targetGroupArn: string;
     };
 }
+export interface LatticeRequestContextV2 {
+    serviceNetworkArn: string;
+    serviceArn: string;
+    targetGroupArn: string;
+    region: string;
+    timeEpoch: string;
+    identity: {
+        sourceVpcArn?: string;
+        type?: string;
+        principal?: string;
+        principalOrgID?: string;
+        sessionName?: string;
+        x509IssuerOu?: string;
+        x509SanDns?: string;
+        x509SanNameCn?: string;
+        x509SanUri?: string;
+        x509SubjectCn?: string;
+    };
+}
 export {};

package/dist/types/middleware/bearer-auth/index.d.ts

@@ -5,24 +5,52 @@
 import type { Context } from '../../context';
 import type { MiddlewareHandler } from '../../types';
 type MessageFunction = (c: Context) => string | object | Promise<string | object>;
+type CustomizedErrorResponseOptions = {
+    wwwAuthenticateHeader?: string | object | MessageFunction;
+    message?: string | object | MessageFunction;
+};
 type BearerAuthOptions = {
     token: string | string[];
     realm?: string;
     prefix?: string;
     headerName?: string;
     hashFunction?: Function;
+    /**
+     * @deprecated Use noAuthenticationHeader.message instead
+     */
     noAuthenticationHeaderMessage?: string | object | MessageFunction;
+    noAuthenticationHeader?: CustomizedErrorResponseOptions;
+    /**
+     * @deprecated Use invalidAuthenticationHeader.message instead
+     */
     invalidAuthenticationHeaderMessage?: string | object | MessageFunction;
+    invalidAuthenticationHeader?: CustomizedErrorResponseOptions;
+    /**
+     * @deprecated Use invalidToken.message instead
+     */
     invalidTokenMessage?: string | object | MessageFunction;
+    invalidToken?: CustomizedErrorResponseOptions;
 } | {
     realm?: string;
     prefix?: string;
     headerName?: string;
     verifyToken: (token: string, c: Context) => boolean | Promise<boolean>;
     hashFunction?: Function;
+    /**
+     * @deprecated Use noAuthenticationHeader.message instead
+     */
     noAuthenticationHeaderMessage?: string | object | MessageFunction;
+    noAuthenticationHeader?: CustomizedErrorResponseOptions;
+    /**
+     * @deprecated Use invalidAuthenticationHeader.message instead
+     */
     invalidAuthenticationHeaderMessage?: string | object | MessageFunction;
+    invalidAuthenticationHeader?: CustomizedErrorResponseOptions;
+    /**
+     * @deprecated Use invalidToken.message instead
+     */
     invalidTokenMessage?: string | object | MessageFunction;
+    invalidToken?: CustomizedErrorResponseOptions;
 };
 /**
  * Bearer Auth Middleware for Hono.
@@ -36,9 +64,12 @@ type BearerAuthOptions = {
  * @param {string} [options.prefix="Bearer"] - The prefix (or known as `schema`) for the Authorization header value. If set to the empty string, no prefix is expected.
  * @param {string} [options.headerName=Authorization] - The header name.
  * @param {Function} [options.hashFunction] - A function to handle hashing for safe comparison of authentication tokens.
- * @param {string | object | MessageFunction} [options.noAuthenticationHeaderMessage="Unauthorized"] - The no authentication header message.
- * @param {string | object | MessageFunction} [options.invalidAuthenticationHeaderMessage="Bad Request"] - The invalid authentication header message.
- * @param {string | object | MessageFunction} [options.invalidTokenMessage="Unauthorized"] - The invalid token message.
+ * @param {string | object | MessageFunction} [options.noAuthenticationHeader.message="Unauthorized"] - The no authentication header message.
+ * @param {string | object | MessageFunction} [options.noAuthenticationHeader.wwwAuthenticateHeader="Bearer realm=\"\""] - The response header value for the WWW-Authenticate header when no authentication header is provided.
+ * @param {string | object | MessageFunction} [options.invalidAuthenticationHeader.message="Bad Request"] - The invalid authentication header message.
+ * @param {string | object | MessageFunction} [options.invalidAuthenticationHeader.wwwAuthenticateHeader="Bearer error=\"invalid_request\""] - The response header value for the WWW-Authenticate header when authentication header is invalid.
+ * @param {string | object | MessageFunction} [options.invalidToken.message="Unauthorized"] - The invalid token message.
+ * @param {string | object | MessageFunction} [options.invalidToken.wwwAuthenticateHeader="Bearer error=\"invalid_token\""] - The response header value for the WWW-Authenticate header when token is invalid.
  * @returns {MiddlewareHandler} The middleware handler function.
  * @throws {Error} If neither "token" nor "verifyToken" options are provided.
  * @throws {HTTPException} If authentication fails, with 401 status code for missing or invalid token, or 400 status code for invalid request.

package/dist/types/middleware/secure-headers/secure-headers.d.ts

@@ -33,6 +33,8 @@ interface ContentSecurityPolicyOptions {
     styleSrcElem?: ContentSecurityPolicyOptionValue;
     upgradeInsecureRequests?: ContentSecurityPolicyOptionValue;
     workerSrc?: ContentSecurityPolicyOptionValue;
+    requireTrustedTypesFor?: ContentSecurityPolicyOptionValue;
+    trustedTypes?: ContentSecurityPolicyOptionValue;
 }
 interface ReportToOptions {
     group: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hono",
-  "version": "4.10.5",
+  "version": "4.10.6",
   "description": "Web framework built on Web Standards",
   "main": "dist/cjs/index.js",
   "type": "module",