hono 4.12.16 → 4.12.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/cjs/helper/ssg/ssg.js +2 -0
  2. package/dist/cjs/jsx/base.js +1 -1
  3. package/dist/cjs/jsx/utils.js +95 -5
  4. package/dist/cjs/middleware/cache/index.js +5 -2
  5. package/dist/cjs/middleware/cors/index.js +2 -5
  6. package/dist/cjs/utils/jwt/jwt.js +12 -6
  7. package/dist/helper/ssg/ssg.js +2 -0
  8. package/dist/jsx/base.js +1 -1
  9. package/dist/jsx/utils.js +95 -5
  10. package/dist/middleware/cache/index.js +5 -2
  11. package/dist/middleware/cors/index.js +2 -5
  12. package/dist/tsconfig.build.tsbuildinfo +1 -1
  13. package/dist/types/jsx/utils.d.ts +1 -1
  14. package/dist/types/middleware/cors/index.d.ts +1 -1
  15. package/dist/types/types.d.ts +116 -116
  16. package/dist/utils/jwt/jwt.js +12 -6
  17. package/package.json +1 -1
package/dist/cjs/helper/ssg/ssg.js CHANGED
@@ -69,6 +69,8 @@ const defaultExtensionMap = {
69
69
  "text/html": "html",
70
70
  "text/xml": "xml",
71
71
  "application/xml": "xml",
72
+ "application/atom+xml": "xml",
73
+ "application/rss+xml": "xml",
72
74
  "application/yaml": "yaml"
73
75
  };
74
76
  const determineExtension = (mimeType, userExtensionMap) => {
package/dist/cjs/jsx/base.js CHANGED
@@ -161,7 +161,7 @@ class JSXNode {
161
161
  const props = this.props;
162
162
  let { children } = this;
163
163
  buffer[0] += `<${tag}`;
164
- const normalizeKey = nameSpaceContext && (0, import_context.useContext)(nameSpaceContext) === "svg" ? (key) => toSVGAttributeName((0, import_utils.normalizeIntrinsicElementKey)(key)) : (key) => (0, import_utils.normalizeIntrinsicElementKey)(key);
164
+ const normalizeKey = tag === "svg" || nameSpaceContext && (0, import_context.useContext)(nameSpaceContext) === "svg" ? (key) => toSVGAttributeName((0, import_utils.normalizeIntrinsicElementKey)(key)) : (key) => (0, import_utils.normalizeIntrinsicElementKey)(key);
165
165
  for (let [key, v] of Object.entries(props)) {
166
166
  key = normalizeKey(key);
167
167
  if (!(0, import_utils.isValidAttributeName)(key)) {
package/dist/cjs/jsx/utils.js CHANGED
@@ -90,15 +90,105 @@ const isValidAttributeName = (name) => {
90
90
  cacheValidName(validAttributeNameCache, validAttributeNameCacheMax, name);
91
91
  return true;
92
92
  };
93
+ const invalidStylePropertyNameCharRe = /[\s"'():;\\/\[\]{}\x00-\x1f\x7f-\x9f]/;
94
+ const validStylePropertyNameCache = /* @__PURE__ */ new Set();
95
+ const validStylePropertyNameCacheMax = 1024;
96
+ const isValidStylePropertyName = (name) => {
97
+ if (validStylePropertyNameCache.has(name)) {
98
+ return true;
99
+ }
100
+ const len = name.length;
101
+ if (len === 0) {
102
+ return false;
103
+ }
104
+ for (let i = 0; i < len; i++) {
105
+ const c = name.charCodeAt(i);
106
+ if (!(c >= 97 && c <= 122 || // a-z
107
+ c >= 65 && c <= 90 || // A-Z
108
+ c >= 48 && c <= 57 || // 0-9
109
+ c === 45 || // -
110
+ c === 95)) {
111
+ if (!invalidStylePropertyNameCharRe.test(name)) {
112
+ cacheValidName(validStylePropertyNameCache, validStylePropertyNameCacheMax, name);
113
+ return true;
114
+ } else {
115
+ return false;
116
+ }
117
+ }
118
+ }
119
+ cacheValidName(validStylePropertyNameCache, validStylePropertyNameCacheMax, name);
120
+ return true;
121
+ };
122
+ const unsafeStyleValueCharRe = /[;"'\\/\[\](){}]/;
123
+ const hasUnsafeStyleValue = (value) => {
124
+ if (!unsafeStyleValueCharRe.test(value)) {
125
+ return false;
126
+ }
127
+ let quote = 0;
128
+ const blockStack = [];
129
+ for (let i = 0, len = value.length; i < len; i++) {
130
+ const c = value.charCodeAt(i);
131
+ if (c === 92) {
132
+ if (i === len - 1) {
133
+ return true;
134
+ }
135
+ i++;
136
+ } else if (quote !== 0) {
137
+ if (c === 10 || c === 12 || c === 13) {
138
+ return true;
139
+ }
140
+ if (c === quote) {
141
+ quote = 0;
142
+ }
143
+ } else if (c === 47 && value.charCodeAt(i + 1) === 42) {
144
+ const end = value.indexOf("*/", i + 2);
145
+ if (end === -1) {
146
+ return true;
147
+ }
148
+ i = end + 1;
149
+ } else if (c === 34 || c === 39) {
150
+ quote = c;
151
+ } else if (c === 40) {
152
+ blockStack.push(41);
153
+ } else if (c === 91) {
154
+ blockStack.push(93);
155
+ } else if (c === 123 || c === 125) {
156
+ return true;
157
+ } else if (c === 41 || c === 93) {
158
+ if (blockStack[blockStack.length - 1] !== c) {
159
+ return true;
160
+ }
161
+ blockStack.pop();
162
+ } else if (c === 59 && blockStack.length === 0) {
163
+ return true;
164
+ }
165
+ }
166
+ return quote !== 0 || blockStack.length !== 0;
167
+ };
93
168
  const styleObjectForEach = (style, fn) => {
94
169
  for (const [k, v] of Object.entries(style)) {
95
170
  const key = k[0] === "-" || !/[A-Z]/.test(k) ? k : k.replace(/[A-Z]/g, (m) => `-${m.toLowerCase()}`);
96
- fn(
97
- key,
98
- v == null ? null : typeof v === "number" ? !key.match(
171
+ if (!isValidStylePropertyName(key)) {
172
+ continue;
173
+ }
174
+ if (v == null) {
175
+ fn(key, null);
176
+ continue;
177
+ }
178
+ let value;
179
+ if (typeof v === "number") {
180
+ value = !key.match(
99
181
  /^(?:a|border-im|column(?:-c|s)|flex(?:$|-[^b])|grid-(?:ar|[^a])|font-w|li|or|sca|st|ta|wido|z)|ty$/
100
- ) ? `${v}px` : `${v}` : v
101
- );
182
+ ) ? `${v}px` : `${v}`;
183
+ } else if (typeof v === "string") {
184
+ if (hasUnsafeStyleValue(v)) {
185
+ continue;
186
+ }
187
+ value = v;
188
+ } else {
189
+ continue;
190
+ }
191
+ fn(key, value);
102
192
  }
103
193
  };
104
194
  // Annotate the CommonJS export names for ESM import in node:
package/dist/cjs/middleware/cache/index.js CHANGED
@@ -22,8 +22,7 @@ __export(cache_exports, {
22
22
  module.exports = __toCommonJS(cache_exports);
23
23
  const defaultCacheableStatusCodes = [200];
24
24
  const shouldSkipCache = (res) => {
25
- const vary = res.headers.get("Vary");
26
- if (vary && vary.includes("*")) {
25
+ if (res.headers.has("Vary")) {
27
26
  return true;
28
27
  }
29
28
  const cacheControl = res.headers.get("Cache-Control");
@@ -84,6 +83,10 @@ const cache = (options) => {
84
83
  }
85
84
  };
86
85
  return async function cache2(c, next) {
86
+ if (c.req.method !== "GET" || c.req.raw.headers.has("Authorization")) {
87
+ await next();
88
+ return;
89
+ }
87
90
  let key = c.req.url;
88
91
  if (options.keyGenerator) {
89
92
  key = await options.keyGenerator(c);
package/dist/cjs/middleware/cors/index.js CHANGED
@@ -21,14 +21,11 @@ __export(cors_exports, {
21
21
  });
22
22
  module.exports = __toCommonJS(cors_exports);
23
23
  const cors = (options) => {
24
- const defaults = {
24
+ const opts = {
25
25
  origin: "*",
26
26
  allowMethods: ["GET", "HEAD", "PUT", "POST", "DELETE", "PATCH"],
27
27
  allowHeaders: [],
28
- exposeHeaders: []
29
- };
30
- const opts = {
31
- ...defaults,
28
+ exposeHeaders: [],
32
29
  ...options
33
30
  };
34
31
  const findAllowOrigin = ((optsOrigin) => {
package/dist/cjs/utils/jwt/jwt.js CHANGED
@@ -81,14 +81,20 @@ const verify = async (token, publicKey, algOrOptions) => {
81
81
  throw new import_types.JwtAlgorithmMismatch(alg, header.alg);
82
82
  }
83
83
  const now = Math.floor(Date.now() / 1e3);
84
- if (nbf && payload.nbf && payload.nbf > now) {
85
- throw new import_types.JwtTokenNotBefore(token);
84
+ if (nbf && payload.nbf !== void 0) {
85
+ if (typeof payload.nbf !== "number" || !Number.isFinite(payload.nbf) || payload.nbf > now) {
86
+ throw new import_types.JwtTokenNotBefore(token);
87
+ }
86
88
  }
87
- if (exp && payload.exp && payload.exp <= now) {
88
- throw new import_types.JwtTokenExpired(token);
89
+ if (exp && payload.exp !== void 0) {
90
+ if (typeof payload.exp !== "number" || !Number.isFinite(payload.exp) || payload.exp <= now) {
91
+ throw new import_types.JwtTokenExpired(token);
92
+ }
89
93
  }
90
- if (iat && payload.iat && now < payload.iat) {
91
- throw new import_types.JwtTokenIssuedAt(now, payload.iat);
94
+ if (iat && payload.iat !== void 0) {
95
+ if (typeof payload.iat !== "number" || !Number.isFinite(payload.iat) || now < payload.iat) {
96
+ throw new import_types.JwtTokenIssuedAt(now, payload.iat);
97
+ }
92
98
  }
93
99
  if (iss) {
94
100
  if (!payload.iss) {
package/dist/helper/ssg/ssg.js CHANGED
@@ -47,6 +47,8 @@ var defaultExtensionMap = {
47
47
  "text/html": "html",
48
48
  "text/xml": "xml",
49
49
  "application/xml": "xml",
50
+ "application/atom+xml": "xml",
51
+ "application/rss+xml": "xml",
50
52
  "application/yaml": "yaml"
51
53
  };
52
54
  var determineExtension = (mimeType, userExtensionMap) => {
package/dist/jsx/base.js CHANGED
@@ -124,7 +124,7 @@ var JSXNode = class {
124
124
  const props = this.props;
125
125
  let { children } = this;
126
126
  buffer[0] += `<${tag}`;
127
- const normalizeKey = nameSpaceContext && useContext(nameSpaceContext) === "svg" ? (key) => toSVGAttributeName(normalizeIntrinsicElementKey(key)) : (key) => normalizeIntrinsicElementKey(key);
127
+ const normalizeKey = tag === "svg" || nameSpaceContext && useContext(nameSpaceContext) === "svg" ? (key) => toSVGAttributeName(normalizeIntrinsicElementKey(key)) : (key) => normalizeIntrinsicElementKey(key);
128
128
  for (let [key, v] of Object.entries(props)) {
129
129
  key = normalizeKey(key);
130
130
  if (!isValidAttributeName(key)) {
package/dist/jsx/utils.js CHANGED
@@ -66,15 +66,105 @@ var isValidAttributeName = (name) => {
66
66
  cacheValidName(validAttributeNameCache, validAttributeNameCacheMax, name);
67
67
  return true;
68
68
  };
69
+ var invalidStylePropertyNameCharRe = /[\s"'():;\\/\[\]{}\x00-\x1f\x7f-\x9f]/;
70
+ var validStylePropertyNameCache = /* @__PURE__ */ new Set();
71
+ var validStylePropertyNameCacheMax = 1024;
72
+ var isValidStylePropertyName = (name) => {
73
+ if (validStylePropertyNameCache.has(name)) {
74
+ return true;
75
+ }
76
+ const len = name.length;
77
+ if (len === 0) {
78
+ return false;
79
+ }
80
+ for (let i = 0; i < len; i++) {
81
+ const c = name.charCodeAt(i);
82
+ if (!(c >= 97 && c <= 122 || // a-z
83
+ c >= 65 && c <= 90 || // A-Z
84
+ c >= 48 && c <= 57 || // 0-9
85
+ c === 45 || // -
86
+ c === 95)) {
87
+ if (!invalidStylePropertyNameCharRe.test(name)) {
88
+ cacheValidName(validStylePropertyNameCache, validStylePropertyNameCacheMax, name);
89
+ return true;
90
+ } else {
91
+ return false;
92
+ }
93
+ }
94
+ }
95
+ cacheValidName(validStylePropertyNameCache, validStylePropertyNameCacheMax, name);
96
+ return true;
97
+ };
98
+ var unsafeStyleValueCharRe = /[;"'\\/\[\](){}]/;
99
+ var hasUnsafeStyleValue = (value) => {
100
+ if (!unsafeStyleValueCharRe.test(value)) {
101
+ return false;
102
+ }
103
+ let quote = 0;
104
+ const blockStack = [];
105
+ for (let i = 0, len = value.length; i < len; i++) {
106
+ const c = value.charCodeAt(i);
107
+ if (c === 92) {
108
+ if (i === len - 1) {
109
+ return true;
110
+ }
111
+ i++;
112
+ } else if (quote !== 0) {
113
+ if (c === 10 || c === 12 || c === 13) {
114
+ return true;
115
+ }
116
+ if (c === quote) {
117
+ quote = 0;
118
+ }
119
+ } else if (c === 47 && value.charCodeAt(i + 1) === 42) {
120
+ const end = value.indexOf("*/", i + 2);
121
+ if (end === -1) {
122
+ return true;
123
+ }
124
+ i = end + 1;
125
+ } else if (c === 34 || c === 39) {
126
+ quote = c;
127
+ } else if (c === 40) {
128
+ blockStack.push(41);
129
+ } else if (c === 91) {
130
+ blockStack.push(93);
131
+ } else if (c === 123 || c === 125) {
132
+ return true;
133
+ } else if (c === 41 || c === 93) {
134
+ if (blockStack[blockStack.length - 1] !== c) {
135
+ return true;
136
+ }
137
+ blockStack.pop();
138
+ } else if (c === 59 && blockStack.length === 0) {
139
+ return true;
140
+ }
141
+ }
142
+ return quote !== 0 || blockStack.length !== 0;
143
+ };
69
144
  var styleObjectForEach = (style, fn) => {
70
145
  for (const [k, v] of Object.entries(style)) {
71
146
  const key = k[0] === "-" || !/[A-Z]/.test(k) ? k : k.replace(/[A-Z]/g, (m) => `-${m.toLowerCase()}`);
72
- fn(
73
- key,
74
- v == null ? null : typeof v === "number" ? !key.match(
147
+ if (!isValidStylePropertyName(key)) {
148
+ continue;
149
+ }
150
+ if (v == null) {
151
+ fn(key, null);
152
+ continue;
153
+ }
154
+ let value;
155
+ if (typeof v === "number") {
156
+ value = !key.match(
75
157
  /^(?:a|border-im|column(?:-c|s)|flex(?:$|-[^b])|grid-(?:ar|[^a])|font-w|li|or|sca|st|ta|wido|z)|ty$/
76
- ) ? `${v}px` : `${v}` : v
77
- );
158
+ ) ? `${v}px` : `${v}`;
159
+ } else if (typeof v === "string") {
160
+ if (hasUnsafeStyleValue(v)) {
161
+ continue;
162
+ }
163
+ value = v;
164
+ } else {
165
+ continue;
166
+ }
167
+ fn(key, value);
78
168
  }
79
169
  };
80
170
  export {
package/dist/middleware/cache/index.js CHANGED
@@ -1,8 +1,7 @@
1
1
  // src/middleware/cache/index.ts
2
2
  var defaultCacheableStatusCodes = [200];
3
3
  var shouldSkipCache = (res) => {
4
- const vary = res.headers.get("Vary");
5
- if (vary && vary.includes("*")) {
4
+ if (res.headers.has("Vary")) {
6
5
  return true;
7
6
  }
8
7
  const cacheControl = res.headers.get("Cache-Control");
@@ -63,6 +62,10 @@ var cache = (options) => {
63
62
  }
64
63
  };
65
64
  return async function cache2(c, next) {
65
+ if (c.req.method !== "GET" || c.req.raw.headers.has("Authorization")) {
66
+ await next();
67
+ return;
68
+ }
66
69
  let key = c.req.url;
67
70
  if (options.keyGenerator) {
68
71
  key = await options.keyGenerator(c);
package/dist/middleware/cors/index.js CHANGED
@@ -1,13 +1,10 @@
1
1
  // src/middleware/cors/index.ts
2
2
  var cors = (options) => {
3
- const defaults = {
3
+ const opts = {
4
4
  origin: "*",
5
5
  allowMethods: ["GET", "HEAD", "PUT", "POST", "DELETE", "PATCH"],
6
6
  allowHeaders: [],
7
- exposeHeaders: []
8
- };
9
- const opts = {
10
- ...defaults,
7
+ exposeHeaders: [],
11
8
  ...options
12
9
  };
13
10
  const findAllowOrigin = ((optsOrigin) => {