hono 4.5.0 → 4.5.1

package/dist/cjs/client/client.js

@@ -157,8 +157,15 @@ const hc = (baseUrl, options) => createProxy(function proxyCallback(opts) {
       "ws"
     );
     const targetUrl = new URL(webSocketUrl);
-    for (const key in opts.args[0]?.query) {
-      targetUrl.searchParams.set(key, opts.args[0].query[key]);
+    const queryParams = opts.args[0]?.query;
+    if (queryParams) {
+      Object.entries(queryParams).forEach(([key, value]) => {
+        if (Array.isArray(value)) {
+          value.forEach((item) => targetUrl.searchParams.append(key, item));
+        } else {
+          targetUrl.searchParams.set(key, value);
+        }
+      });
     }
     return new WebSocket(targetUrl.toString());
   }

package/dist/cjs/middleware/bearer-auth/index.js

@@ -33,28 +33,30 @@ const bearerAuth = (options) => {
   if (!options.realm) {
     options.realm = "";
   }
-  if (!options.prefix) {
+  if (options.prefix === void 0) {
     options.prefix = PREFIX;
   }
   const realm = options.realm?.replace(/"/g, '\\"');
+  const prefixRegexStr = options.prefix === "" ? "" : `${options.prefix} +`;
+  const regexp = new RegExp(`^${prefixRegexStr}(${TOKEN_STRINGS}) *$`);
+  const wwwAuthenticatePrefix = options.prefix === "" ? "" : `${options.prefix} `;
   return async function bearerAuth2(c, next) {
     const headerToken = c.req.header(options.headerName || HEADER);
     if (!headerToken) {
       const res = new Response("Unauthorized", {
         status: 401,
         headers: {
-          "WWW-Authenticate": `${options.prefix} realm="` + realm + '"'
+          "WWW-Authenticate": `${wwwAuthenticatePrefix}realm="` + realm + '"'
         }
       });
       throw new import_http_exception.HTTPException(401, { res });
     } else {
-      const regexp = new RegExp("^" + options.prefix + " +(" + TOKEN_STRINGS + ") *$");
       const match = regexp.exec(headerToken);
       if (!match) {
         const res = new Response("Bad Request", {
           status: 400,
           headers: {
-            "WWW-Authenticate": `${options.prefix} error="invalid_request"`
+            "WWW-Authenticate": `${wwwAuthenticatePrefix}error="invalid_request"`
           }
         });
         throw new import_http_exception.HTTPException(400, { res });
@@ -76,7 +78,7 @@ const bearerAuth = (options) => {
           const res = new Response("Unauthorized", {
             status: 401,
             headers: {
-              "WWW-Authenticate": `${options.prefix} error="invalid_token"`
+              "WWW-Authenticate": `${wwwAuthenticatePrefix}error="invalid_token"`
             }
           });
           throw new import_http_exception.HTTPException(401, { res });

package/dist/cjs/validator/validator.js

@@ -24,15 +24,17 @@ module.exports = __toCommonJS(validator_exports);
 var import_cookie = require("../helper/cookie");
 var import_http_exception = require("../http-exception");
 var import_buffer = require("../utils/buffer");
+const jsonRegex = /^application\/([a-z-\.]+\+)?json$/;
+const multipartRegex = /^multipart\/form-data(; boundary=[A-Za-z0-9'()+_,\-./:=?]+)?$/;
+const urlencodedRegex = /^application\/x-www-form-urlencoded$/;
 const validator = (target, validationFunc) => {
   return async (c, next) => {
     let value = {};
     const contentType = c.req.header("Content-Type");
     switch (target) {
       case "json":
-        if (!contentType || !/^application\/([a-z-\.]+\+)?json/.test(contentType)) {
-          const message = `Invalid HTTP header: Content-Type=${contentType}`;
-          throw new import_http_exception.HTTPException(400, { message });
+        if (!contentType || !jsonRegex.test(contentType)) {
+          break;
         }
         try {
           value = await c.req.json();
@@ -42,7 +44,7 @@ const validator = (target, validationFunc) => {
         }
         break;
       case "form": {
-        if (!contentType) {
+        if (!contentType || !(multipartRegex.test(contentType) || urlencodedRegex.test(contentType))) {
           break;
         }
         let formData;

package/dist/client/client.js

@@ -141,8 +141,15 @@ var hc = (baseUrl, options) => createProxy(function proxyCallback(opts) {
       "ws"
     );
     const targetUrl = new URL(webSocketUrl);
-    for (const key in opts.args[0]?.query) {
-      targetUrl.searchParams.set(key, opts.args[0].query[key]);
+    const queryParams = opts.args[0]?.query;
+    if (queryParams) {
+      Object.entries(queryParams).forEach(([key, value]) => {
+        if (Array.isArray(value)) {
+          value.forEach((item) => targetUrl.searchParams.append(key, item));
+        } else {
+          targetUrl.searchParams.set(key, value);
+        }
+      });
     }
     return new WebSocket(targetUrl.toString());
   }

package/dist/middleware/bearer-auth/index.js

@@ -11,28 +11,30 @@ var bearerAuth = (options) => {
   if (!options.realm) {
     options.realm = "";
   }
-  if (!options.prefix) {
+  if (options.prefix === void 0) {
     options.prefix = PREFIX;
   }
   const realm = options.realm?.replace(/"/g, '\\"');
+  const prefixRegexStr = options.prefix === "" ? "" : `${options.prefix} +`;
+  const regexp = new RegExp(`^${prefixRegexStr}(${TOKEN_STRINGS}) *$`);
+  const wwwAuthenticatePrefix = options.prefix === "" ? "" : `${options.prefix} `;
   return async function bearerAuth2(c, next) {
     const headerToken = c.req.header(options.headerName || HEADER);
     if (!headerToken) {
       const res = new Response("Unauthorized", {
         status: 401,
         headers: {
-          "WWW-Authenticate": `${options.prefix} realm="` + realm + '"'
+          "WWW-Authenticate": `${wwwAuthenticatePrefix}realm="` + realm + '"'
         }
       });
       throw new HTTPException(401, { res });
     } else {
-      const regexp = new RegExp("^" + options.prefix + " +(" + TOKEN_STRINGS + ") *$");
       const match = regexp.exec(headerToken);
       if (!match) {
         const res = new Response("Bad Request", {
           status: 400,
           headers: {
-            "WWW-Authenticate": `${options.prefix} error="invalid_request"`
+            "WWW-Authenticate": `${wwwAuthenticatePrefix}error="invalid_request"`
           }
         });
         throw new HTTPException(400, { res });
@@ -54,7 +56,7 @@ var bearerAuth = (options) => {
           const res = new Response("Unauthorized", {
             status: 401,
             headers: {
-              "WWW-Authenticate": `${options.prefix} error="invalid_token"`
+              "WWW-Authenticate": `${wwwAuthenticatePrefix}error="invalid_token"`
             }
           });
           throw new HTTPException(401, { res });

package/dist/types/helper/factory/index.d.ts

@@ -62,10 +62,6 @@ export declare class Factory<E extends Env = any, P extends string = any> {
     constructor(init?: {
         initApp?: InitApp<E>;
     });
-    /**
-     * @experimental
-     * `createApp` is an experimental feature.
-     */
     createApp: () => Hono<E>;
     createMiddleware: <I extends Input = {}>(middleware: MiddlewareHandler<E, P, I>) => MiddlewareHandler<E, P, I>;
     createHandlers: CreateHandlersInterface<E, P>;

package/dist/types/middleware/bearer-auth/index.d.ts

@@ -26,7 +26,7 @@ type BearerAuthOptions = {
  * @param {string | string[]} [options.token] - The string or array of strings to validate the incoming bearer token against.
  * @param {Function} [options.verifyToken] - The function to verify the token.
  * @param {string} [options.realm=""] - The domain name of the realm, as part of the returned WWW-Authenticate challenge header.
- * @param {string} [options.prefix="Bearer"] - The prefix (or known as `schema`) for the Authorization header value.
+ * @param {string} [options.prefix="Bearer"] - The prefix (or known as `schema`) for the Authorization header value. If set to the empty string, no prefix is expected.
  * @param {string} [options.headerName=Authorization] - The header name.
  * @param {Function} [options.hashFunction] - A function to handle hashing for safe comparison of authentication tokens.
  * @returns {MiddlewareHandler} The middleware handler function.

package/dist/types/middleware/jwt/jwt.d.ts

@@ -6,6 +6,7 @@ import type { MiddlewareHandler } from '../../types';
 import type { CookiePrefixOptions } from '../../utils/cookie';
 import '../../context';
 import type { SignatureAlgorithm } from '../../utils/jwt/jwa';
+import type { SignatureKey } from '../../utils/jwt/jws';
 export type JwtVariables = {
     jwtPayload: any;
 };
@@ -15,7 +16,7 @@ export type JwtVariables = {
  * @see {@link https://hono.dev/docs/middleware/builtin/jwt}
  *
  * @param {object} options - The options for the JWT middleware.
- * @param {string} [options.secret] - A value of your secret key.
+ * @param {SignatureKey} [options.secret] - A value of your secret key.
  * @param {string} [options.cookie] - If this value is set, then the value is retrieved from the cookie header using that value as a key, which is then validated as a token.
  * @param {SignatureAlgorithm} [options.alg=HS256] - An algorithm type that is used for verifying. Available types are `HS256` | `HS384` | `HS512` | `RS256` | `RS384` | `RS512` | `PS256` | `PS384` | `PS512` | `ES256` | `ES384` | `ES512` | `EdDSA`.
  * @returns {MiddlewareHandler} The middleware handler function.
@@ -37,7 +38,7 @@ export type JwtVariables = {
  * ```
  */
 export declare const jwt: (options: {
-    secret: string;
+    secret: SignatureKey;
     cookie?: string | {
         key: string;
         secret?: string | BufferSource;
@@ -45,9 +46,9 @@ export declare const jwt: (options: {
     };
     alg?: SignatureAlgorithm;
 }) => MiddlewareHandler;
-export declare const verify: (token: string, publicKey: import("../../utils/jwt/jws").SignatureKey, alg?: "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | "ES256" | "ES384" | "ES512" | "EdDSA") => Promise<import("../../utils/jwt/types").JWTPayload>;
+export declare const verify: (token: string, publicKey: SignatureKey, alg?: "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | "ES256" | "ES384" | "ES512" | "EdDSA") => Promise<import("../../utils/jwt/types").JWTPayload>;
 export declare const decode: (token: string) => {
     header: import("../../utils/jwt/jwt").TokenHeader;
     payload: import("../../utils/jwt/types").JWTPayload;
 };
-export declare const sign: (payload: import("../../utils/jwt/types").JWTPayload, privateKey: import("../../utils/jwt/jws").SignatureKey, alg?: "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | "ES256" | "ES384" | "ES512" | "EdDSA") => Promise<string>;
+export declare const sign: (payload: import("../../utils/jwt/types").JWTPayload, privateKey: SignatureKey, alg?: "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | "PS256" | "PS384" | "PS512" | "ES256" | "ES384" | "ES512" | "EdDSA") => Promise<string>;

package/dist/validator/validator.js

@@ -2,15 +2,17 @@
 import { getCookie } from "../helper/cookie/index.js";
 import { HTTPException } from "../http-exception.js";
 import { bufferToFormData } from "../utils/buffer.js";
+var jsonRegex = /^application\/([a-z-\.]+\+)?json$/;
+var multipartRegex = /^multipart\/form-data(; boundary=[A-Za-z0-9'()+_,\-./:=?]+)?$/;
+var urlencodedRegex = /^application\/x-www-form-urlencoded$/;
 var validator = (target, validationFunc) => {
   return async (c, next) => {
     let value = {};
     const contentType = c.req.header("Content-Type");
     switch (target) {
       case "json":
-        if (!contentType || !/^application\/([a-z-\.]+\+)?json/.test(contentType)) {
-          const message = `Invalid HTTP header: Content-Type=${contentType}`;
-          throw new HTTPException(400, { message });
+        if (!contentType || !jsonRegex.test(contentType)) {
+          break;
         }
         try {
           value = await c.req.json();
@@ -20,7 +22,7 @@ var validator = (target, validationFunc) => {
         }
         break;
       case "form": {
-        if (!contentType) {
+        if (!contentType || !(multipartRegex.test(contentType) || urlencodedRegex.test(contentType))) {
           break;
         }
         let formData;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hono",
-  "version": "4.5.0",
+  "version": "4.5.1",
   "description": "Web framework built on Web Standards",
   "main": "dist/cjs/index.js",
   "type": "module",
@@ -25,12 +25,13 @@
     "format": "prettier --check --cache \"src/**/*.{js,ts,tsx}\" \"runtime_tests/**/*.{js,ts,tsx}\"",
     "format:fix": "prettier --write --cache --cache-strategy metadata \"src/**/*.{js,ts,tsx}\" \"runtime_tests/**/*.{js,ts,tsx}\"",
     "copy:package.cjs.json": "cp ./package.cjs.json ./dist/cjs/package.json && cp ./package.cjs.json ./dist/types/package.json ",
-    "build": "rimraf dist && bun ./build.ts && bun run copy:package.cjs.json",
+    "build": "bun run --shell bun remove-dist && bun ./build.ts && bun run copy:package.cjs.json",
     "postbuild": "publint",
-    "watch": "rimraf dist && bun ./build.ts --watch && bun run copy:package.cjs.json",
+    "watch": "bun run --shell bun remove-dist && bun ./build.ts --watch && bun run copy:package.cjs.json",
     "coverage": "vitest --run --coverage",
     "prerelease": "bun test:deno && bun run build",
-    "release": "np"
+    "release": "np",
+    "remove-dist": "rm -rf dist"
   },
   "exports": {
     ".": {
@@ -627,7 +628,6 @@
     "np": "7.7.0",
     "prettier": "^2.6.2",
     "publint": "^0.1.8",
-    "rimraf": "^3.0.2",
     "supertest": "^6.3.3",
     "typescript": "^5.3.3",
     "vite-plugin-fastly-js-compute": "^0.4.2",

package/dist/cjs/test-utils/setup-vitest.js

@@ -1,49 +0,0 @@
-"use strict";
-var __create = Object.create;
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
-var nodeCrypto = __toESM(require("node:crypto"), 1);
-var import_vitest = require("vitest");
-if (!globalThis.crypto) {
-  import_vitest.vi.stubGlobal("crypto", nodeCrypto);
-  import_vitest.vi.stubGlobal("CryptoKey", nodeCrypto.webcrypto.CryptoKey);
-}
-class MockCache {
-  name;
-  store;
-  constructor(name, store) {
-    this.name = name;
-    this.store = store;
-  }
-  async match(key) {
-    return this.store.get(key) || null;
-  }
-  async keys() {
-    return this.store.keys();
-  }
-  async put(key, response) {
-    this.store.set(key, response);
-  }
-}
-const globalStore = /* @__PURE__ */ new Map();
-const caches = {
-  open: (name) => {
-    return new MockCache(name, globalStore);
-  }
-};
-import_vitest.vi.stubGlobal("caches", caches);

package/dist/test-utils/setup-vitest.js

@@ -1,31 +0,0 @@
-// src/test-utils/setup-vitest.ts
-import * as nodeCrypto from "node:crypto";
-import { vi } from "vitest";
-if (!globalThis.crypto) {
-  vi.stubGlobal("crypto", nodeCrypto);
-  vi.stubGlobal("CryptoKey", nodeCrypto.webcrypto.CryptoKey);
-}
-var MockCache = class {
-  name;
-  store;
-  constructor(name, store) {
-    this.name = name;
-    this.store = store;
-  }
-  async match(key) {
-    return this.store.get(key) || null;
-  }
-  async keys() {
-    return this.store.keys();
-  }
-  async put(key, response) {
-    this.store.set(key, response);
-  }
-};
-var globalStore = /* @__PURE__ */ new Map();
-var caches = {
-  open: (name) => {
-    return new MockCache(name, globalStore);
-  }
-};
-vi.stubGlobal("caches", caches);