hono 4.12.9 → 4.12.12

package/dist/types/middleware/ip-restriction/index.d.ts

@@ -20,9 +20,45 @@ export interface IPRestrictionRules {
     allowList?: IPRestrictionRule[];
 }
 /**
- * IP Restriction Middleware
+ * IP Restriction Middleware for Hono.
  *
- * @param getIP function to get IP Address
+ * @see {@link https://hono.dev/docs/middleware/builtin/ip-restriction}
+ *
+ * @param {GetConnInfo | ((c: Context) => string)} getIP - A function to retrieve the client IP address. Use `getConnInfo` from the appropriate runtime adapter.
+ * @param {IPRestrictionRules} rules - An object with optional `denyList` and `allowList` arrays of IP rules. Each rule can be a static IP, a CIDR range, or a custom function.
+ * @param {(remote: { addr: string; type: AddressType }, c: Context) => Response | Promise<Response>} [onError] - Optional custom handler invoked when a request is blocked. Defaults to returning a 403 Forbidden response.
+ * @returns {MiddlewareHandler} The middleware handler function.
+ *
+ * @example
+ * ```ts
+ * import { Hono } from 'hono'
+ * import { ipRestriction } from 'hono/ip-restriction'
+ * import { getConnInfo } from 'hono/cloudflare-workers'
+ *
+ * const app = new Hono()
+ *
+ * app.use(
+ *   '*',
+ *   ipRestriction(getConnInfo, {
+ *     // Block a specific IP and an entire subnet
+ *     denyList: ['192.168.0.5', '10.0.0.0/8'],
+ *     // Only allow requests from localhost and a private range
+ *     allowList: ['127.0.0.1', '::1', '192.168.1.0/24'],
+ *   })
+ * )
+ *
+ * // With a custom error handler
+ * app.use(
+ *   '/admin/*',
+ *   ipRestriction(
+ *     getConnInfo,
+ *     { allowList: ['203.0.113.0/24'] },
+ *     (remote, c) => c.text(`Access denied for ${remote.addr}`, 403)
+ *   )
+ * )
+ *
+ * app.get('/', (c) => c.text('Hello!'))
+ * ```
  */
 export declare const ipRestriction: (getIP: GetIPAddr, { denyList, allowList }: IPRestrictionRules, onError?: (remote: {
     addr: string;

package/dist/types/utils/ipaddr.d.ts

@@ -32,6 +32,18 @@ export declare const convertIPv6ToBinary: (ipv6: string) => bigint;
  * @return IPv4 Address in string
  */
 export declare const convertIPv4BinaryToString: (ipV4: bigint) => string;
+/**
+ * Check if a binary IPv6 address is an IPv4-mapped IPv6 address (::ffff:x.x.x.x)
+ * @param ipv6binary binary IPv6 Address
+ * @return true if the address is an IPv4-mapped IPv6 address
+ */
+export declare const isIPv4MappedIPv6: (ipv6binary: bigint) => boolean;
+/**
+ * Extract the IPv4 portion from an IPv4-mapped IPv6 address
+ * @param ipv6binary binary IPv4-mapped IPv6 Address
+ * @return binary IPv4 Address
+ */
+export declare const convertIPv4MappedIPv6ToIPv4: (ipv6binary: bigint) => bigint;
 /**
  * Convert a binary representation of an IPv6 address to a string.
  * @param ipV6 binary IPv6 Address

package/dist/utils/cookie.js

@@ -24,23 +24,41 @@ var verifySignature = async (base64Signature, value, secret) => {
 };
 var validCookieNameRegEx = /^[\w!#$%&'*.^`|~+-]+$/;
 var validCookieValueRegEx = /^[ !#-:<-[\]-~]*$/;
+var trimCookieWhitespace = (value) => {
+  let start = 0;
+  let end = value.length;
+  while (start < end) {
+    const charCode = value.charCodeAt(start);
+    if (charCode !== 32 && charCode !== 9) {
+      break;
+    }
+    start++;
+  }
+  while (end > start) {
+    const charCode = value.charCodeAt(end - 1);
+    if (charCode !== 32 && charCode !== 9) {
+      break;
+    }
+    end--;
+  }
+  return start === 0 && end === value.length ? value : value.slice(start, end);
+};
 var parse = (cookie, name) => {
   if (name && cookie.indexOf(name) === -1) {
     return {};
   }
-  const pairs = cookie.trim().split(";");
+  const pairs = cookie.split(";");
   const parsedCookie = {};
-  for (let pairStr of pairs) {
-    pairStr = pairStr.trim();
+  for (const pairStr of pairs) {
     const valueStartPos = pairStr.indexOf("=");
     if (valueStartPos === -1) {
       continue;
     }
-    const cookieName = pairStr.substring(0, valueStartPos).trim();
+    const cookieName = trimCookieWhitespace(pairStr.substring(0, valueStartPos));
     if (name && name !== cookieName || !validCookieNameRegEx.test(cookieName)) {
       continue;
     }
-    let cookieValue = pairStr.substring(valueStartPos + 1).trim();
+    let cookieValue = trimCookieWhitespace(pairStr.substring(valueStartPos + 1));
     if (cookieValue.startsWith('"') && cookieValue.endsWith('"')) {
       cookieValue = cookieValue.slice(1, -1);
     }
@@ -72,6 +90,9 @@ var parseSigned = async (cookie, secret, name) => {
   return parsedCookie;
 };
 var _serialize = (name, value, opt = {}) => {
+  if (!validCookieNameRegEx.test(name)) {
+    throw new Error("Invalid cookie name");
+  }
   let cookie = `${name}=${value}`;
   if (name.startsWith("__Secure-") && !opt.secure) {
     throw new Error("__Secure- Cookie must have Secure attributes");

package/dist/utils/ipaddr.js

@@ -55,9 +55,11 @@ var convertIPv4BinaryToString = (ipV4) => {
   }
   return sections.join(".");
 };
+var isIPv4MappedIPv6 = (ipv6binary) => ipv6binary >> 32n === 0xffffn;
+var convertIPv4MappedIPv6ToIPv4 = (ipv6binary) => ipv6binary & 0xffffffffn;
 var convertIPv6BinaryToString = (ipV6) => {
-  if (ipV6 >> 32n === 0xffffn) {
-    return `::ffff:${convertIPv4BinaryToString(ipV6 & 0xffffffffn)}`;
+  if (isIPv4MappedIPv6(ipV6)) {
+    return `::ffff:${convertIPv4BinaryToString(convertIPv4MappedIPv6ToIPv4(ipV6))}`;
   }
   const sections = [];
   for (let i = 0; i < 8; i++) {
@@ -94,9 +96,11 @@ var convertIPv6BinaryToString = (ipV6) => {
 };
 export {
   convertIPv4BinaryToString,
+  convertIPv4MappedIPv6ToIPv4,
   convertIPv4ToBinary,
   convertIPv6BinaryToString,
   convertIPv6ToBinary,
   distinctRemoteAddr,
-  expandIPv6
+  expandIPv6,
+  isIPv4MappedIPv6
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hono",
-  "version": "4.12.9",
+  "version": "4.12.12",
   "description": "Web framework built on Web Standards",
   "main": "dist/cjs/index.js",
   "type": "module",