npm - hono - Versions diffs - 4.12.20 → 4.12.22 - Mend

hono 4.12.20 → 4.12.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/dist/adapter/deno/websocket.js +5 -1
package/dist/cjs/adapter/deno/websocket.js +5 -1
package/dist/cjs/hono-base.js +1 -1
package/dist/cjs/middleware/compress/index.js +21 -1
package/dist/cjs/middleware/ip-restriction/index.js +58 -28
package/dist/cjs/middleware/jwk/jwk.js +1 -1
package/dist/cjs/middleware/jwt/jwt.js +1 -1
package/dist/cjs/utils/compress.js +1 -1
package/dist/cjs/utils/cookie.js +1 -1
package/dist/cjs/utils/ipaddr.js +186 -8
package/dist/cjs/utils/mime.js +15 -17
package/dist/hono-base.js +1 -1
package/dist/middleware/compress/index.js +21 -1
package/dist/middleware/ip-restriction/index.js +60 -29
package/dist/middleware/jwk/jwk.js +1 -1
package/dist/middleware/jwt/jwt.js +1 -1
package/dist/tsconfig.build.tsbuildinfo +1 -1
package/dist/types/middleware/compress/index.d.ts +2 -1
package/dist/types/utils/ipaddr.d.ts +4 -0
package/dist/types/utils/mime.d.ts +11 -11
package/dist/utils/compress.js +1 -1
package/dist/utils/cookie.js +1 -1
package/dist/utils/ipaddr.js +185 -8
package/dist/utils/mime.js +15 -17
package/package.json +3 -3

package/dist/middleware/ip-restriction/index.js CHANGED Viewed

@@ -6,13 +6,48 @@ import {
   convertIPv6BinaryToString,
   convertIPv6ToBinary,
   distinctRemoteAddr,
-  isIPv4MappedIPv6
+  isIPv4MappedIPv6,
+  INVALID_IP_ADDRESS_ERROR_CODE
 } from "../../utils/ipaddr.js";
-var IS_CIDR_NOTATION_REGEX = /\/[0-9]{0,3}$/;
+var IS_CIDR_NOTATION_REGEX = /\/[^/]*$/;
+var parseCidrPrefix = (rule, prefix, max) => {
+  if (!/^[0-9]{1,3}$/.test(prefix)) {
+    throw new TypeError(`Invalid rule: ${rule}`);
+  }
+  const parsedPrefix = parseInt(prefix);
+  if (parsedPrefix > max) {
+    throw new TypeError(`Invalid rule: ${rule}`);
+  }
+  return parsedPrefix;
+};
 var buildMatcher = (rules) => {
   const functionRules = [];
   const staticRules = /* @__PURE__ */ new Set();
+  const staticIPv4Rules = /* @__PURE__ */ new Set();
+  const staticIPv6Rules = /* @__PURE__ */ new Set();
   const cidrRules = [];
+  const registerStaticRule = (rule) => {
+    const type = distinctRemoteAddr(rule);
+    if (type === void 0) {
+      throw new TypeError(`Invalid rule: ${rule}`);
+    }
+    if (type === "IPv4") {
+      const ipv4binary = convertIPv4ToBinary(rule);
+      staticRules.add(rule);
+      staticRules.add(`::ffff:${rule}`);
+      staticIPv4Rules.add(ipv4binary);
+      staticIPv6Rules.add(0xffffn << 32n | ipv4binary);
+    } else {
+      const ipv6binary = convertIPv6ToBinary(rule);
+      const ipv6Addr = convertIPv6BinaryToString(ipv6binary);
+      staticRules.add(ipv6Addr);
+      staticIPv6Rules.add(ipv6binary);
+      if (isIPv4MappedIPv6(ipv6binary)) {
+        staticRules.add(ipv6Addr.substring(7));
+        staticIPv4Rules.add(convertIPv4MappedIPv6ToIPv4(ipv6binary));
+      }
+    }
+  };
   for (let rule of rules) {
     if (rule === "*") {
       return () => true;
@@ -22,17 +57,17 @@ var buildMatcher = (rules) => {
       if (IS_CIDR_NOTATION_REGEX.test(rule)) {
         const separatedRule = rule.split("/");
         const addrStr = separatedRule[0];
-        const type2 = distinctRemoteAddr(addrStr);
-        if (type2 === void 0) {
+        const type = distinctRemoteAddr(addrStr);
+        if (type === void 0) {
           throw new TypeError(`Invalid rule: ${rule}`);
         }
-        let isIPv4 = type2 === "IPv4";
-        let prefix = parseInt(separatedRule[1]);
+        let isIPv4 = type === "IPv4";
+        let prefix = parseCidrPrefix(rule, separatedRule[1], isIPv4 ? 32 : 128);
         if (isIPv4 ? prefix === 32 : prefix === 128) {
           rule = addrStr;
         } else {
           let addr = (isIPv4 ? convertIPv4ToBinary : convertIPv6ToBinary)(addrStr);
-          if (type2 === "IPv6" && isIPv4MappedIPv6(addr) && prefix >= 96) {
+          if (type === "IPv6" && isIPv4MappedIPv6(addr) && prefix >= 96) {
             isIPv4 = true;
             addr = convertIPv4MappedIPv6ToIPv4(addr);
             prefix -= 96;
@@ -42,21 +77,7 @@ var buildMatcher = (rules) => {
           continue;
         }
       }
-      const type = distinctRemoteAddr(rule);
-      if (type === void 0) {
-        throw new TypeError(`Invalid rule: ${rule}`);
-      }
-      if (type === "IPv4") {
-        staticRules.add(rule);
-        staticRules.add(`::ffff:${rule}`);
-      } else {
-        const ipv6binary = convertIPv6ToBinary(rule);
-        const ipv6Addr = convertIPv6BinaryToString(ipv6binary);
-        staticRules.add(ipv6Addr);
-        if (isIPv4MappedIPv6(ipv6binary)) {
-          staticRules.add(ipv6Addr.substring(7));
-        }
-      }
+      registerStaticRule(rule);
     }
   }
   return (remote) => {
@@ -65,6 +86,9 @@ var buildMatcher = (rules) => {
     }
     const remoteAddr = remote.binaryAddr ||= (remote.isIPv4 ? convertIPv4ToBinary : convertIPv6ToBinary)(remote.addr);
     const remoteIPv4Addr = remote.isIPv4 || isIPv4MappedIPv6(remoteAddr) ? remote.isIPv4 ? remoteAddr : convertIPv4MappedIPv6ToIPv4(remoteAddr) : void 0;
+    if ((remote.isIPv4 ? staticIPv4Rules : staticIPv6Rules).has(remoteAddr)) {
+      return true;
+    }
     for (const [isIPv4, addr, mask] of cidrRules) {
       if (isIPv4) {
         if (remoteIPv4Addr === void 0) {
@@ -107,14 +131,21 @@ var ipRestriction = (getIP, { denyList = [], allowList = [] }, onError) => {
     }
     const type = typeof connInfo !== "string" && connInfo.remote.addressType || distinctRemoteAddr(addr);
     const remoteData = { addr, type, isIPv4: type === "IPv4" };
-    if (denyMatcher(remoteData)) {
-      if (onError) {
-        return onError({ addr, type }, c);
+    try {
+      if (denyMatcher(remoteData)) {
+        if (onError) {
+          return onError({ addr, type }, c);
+        }
+        throw blockError(c);
       }
-      throw blockError(c);
-    }
-    if (allowMatcher(remoteData)) {
-      return await next();
+      if (allowMatcher(remoteData)) {
+        return await next();
+      }
+    } catch (e) {
+      if (e instanceof TypeError && e.code === INVALID_IP_ADDRESS_ERROR_CODE) {
+        throw blockError(c);
+      }
+      throw e;
     }
     if (allowLength === 0) {
       return await next();

package/dist/middleware/jwk/jwk.js CHANGED Viewed

@@ -17,7 +17,7 @@ var jwk = (options, init) => {
     let token;
     if (credentials) {
       const parts = credentials.split(/\s+/);
-      if (parts.length !== 2) {
+      if (parts.length !== 2 || parts[0].toLowerCase() !== "bearer") {
         const errDescription = "invalid credentials structure";
         throw new HTTPException(401, {
           message: errDescription,

package/dist/middleware/jwt/jwt.js CHANGED Viewed

@@ -20,7 +20,7 @@ var jwt = (options) => {
     let token;
     if (credentials) {
       const parts = credentials.split(/\s+/);
-      if (parts.length !== 2) {
+      if (parts.length !== 2 || parts[0].toLowerCase() !== "bearer") {
         const errDescription = "invalid credentials structure";
         throw new HTTPException(401, {
           message: errDescription,