hono 4.5.11 → 4.6.0

package/dist/adapter/cloudflare-pages/handler.js

@@ -14,7 +14,7 @@ var handle = (app) => (eventContext) => {
 function handleMiddleware(middleware) {
   return async (executionCtx) => {
     const context = new Context(executionCtx.request, {
-      env: executionCtx.env,
+      env: { ...executionCtx.env, eventContext: executionCtx },
       executionCtx
     });
     let response = void 0;

package/dist/cjs/adapter/cloudflare-pages/handler.js

@@ -38,7 +38,7 @@ const handle = (app) => (eventContext) => {
 function handleMiddleware(middleware) {
   return async (executionCtx) => {
     const context = new import_context.Context(executionCtx.request, {
-      env: executionCtx.env,
+      env: { ...executionCtx.env, eventContext: executionCtx },
       executionCtx
     });
     let response = void 0;

package/dist/cjs/context.js

@@ -82,16 +82,30 @@ class Context {
   set res(_res) {
     this.#isFresh = false;
     if (this.#res && _res) {
-      this.#res.headers.delete("content-type");
-      for (const [k, v] of this.#res.headers.entries()) {
-        if (k === "set-cookie") {
-          const cookies = this.#res.headers.getSetCookie();
-          _res.headers.delete("set-cookie");
-          for (const cookie of cookies) {
-            _res.headers.append("set-cookie", cookie);
+      try {
+        for (const [k, v] of this.#res.headers.entries()) {
+          if (k === "content-type") {
+            continue;
           }
+          if (k === "set-cookie") {
+            const cookies = this.#res.headers.getSetCookie();
+            _res.headers.delete("set-cookie");
+            for (const cookie of cookies) {
+              _res.headers.append("set-cookie", cookie);
+            }
+          } else {
+            _res.headers.set(k, v);
+          }
+        }
+      } catch (e) {
+        if (e instanceof TypeError && e.message.includes("immutable")) {
+          this.res = new Response(_res.body, {
+            headers: _res.headers,
+            status: _res.status
+          });
+          return;
         } else {
-          _res.headers.set(k, v);
+          throw e;
         }
       }
     }
@@ -235,14 +249,9 @@ class Context {
     this.#preparedHeaders ??= {};
     this.#preparedHeaders["content-type"] = "text/html; charset=UTF-8";
     if (typeof html === "object") {
-      if (!(html instanceof Promise)) {
-        html = html.toString();
-      }
-      if (html instanceof Promise) {
-        return html.then((html2) => (0, import_html.resolveCallback)(html2, import_html.HtmlEscapedCallbackPhase.Stringify, false, {})).then((html2) => {
-          return typeof arg === "number" ? this.newResponse(html2, arg, headers) : this.newResponse(html2, arg);
-        });
-      }
+      return (0, import_html.resolveCallback)(html, import_html.HtmlEscapedCallbackPhase.Stringify, false, {}).then((html2) => {
+        return typeof arg === "number" ? this.newResponse(html2, arg, headers) : this.newResponse(html2, arg);
+      });
     }
     return typeof arg === "number" ? this.newResponse(html, arg, headers) : this.newResponse(html, arg);
   };

package/dist/cjs/helper/streaming/sse.js

@@ -23,17 +23,19 @@ __export(sse_exports, {
 });
 module.exports = __toCommonJS(sse_exports);
 var import_stream = require("../../utils/stream");
+var import_html = require("../../utils/html");
 class SSEStreamingApi extends import_stream.StreamingApi {
   constructor(writable, readable) {
     super(writable, readable);
   }
   async writeSSE(message) {
-    const data = message.data.split("\n").map((line) => {
+    const data = await (0, import_html.resolveCallback)(message.data, import_html.HtmlEscapedCallbackPhase.Stringify, false, {});
+    const dataLines = data.split("\n").map((line) => {
       return `data: ${line}`;
     }).join("\n");
     const sseData = [
       message.event && `event: ${message.event}`,
-      data,
+      dataLines,
       message.id && `id: ${message.id}`,
       message.retry && `retry: ${message.retry}`
     ].filter(Boolean).join("\n") + "\n\n";

package/dist/cjs/middleware/basic-auth/index.js

@@ -35,6 +35,9 @@ const basicAuth = (options, ...users) => {
   if (!options.realm) {
     options.realm = "Secure Area";
   }
+  if (!options.invalidUserMessage) {
+    options.invalidUserMessage = "Unauthorized";
+  }
   if (usernamePasswordInOptions) {
     users.unshift({ username: options.username, password: options.password });
   }
@@ -59,13 +62,19 @@ const basicAuth = (options, ...users) => {
         }
       }
     }
-    const res = new Response("Unauthorized", {
-      status: 401,
+    const status = 401;
+    const headers = {
+      "WWW-Authenticate": 'Basic realm="' + options.realm?.replace(/"/g, '\\"') + '"'
+    };
+    const responseMessage = typeof options.invalidUserMessage === "function" ? await options.invalidUserMessage(ctx) : options.invalidUserMessage;
+    const res = typeof responseMessage === "string" ? new Response(responseMessage, { status, headers }) : new Response(JSON.stringify(responseMessage), {
+      status,
       headers: {
-        "WWW-Authenticate": 'Basic realm="' + options.realm?.replace(/"/g, '\\"') + '"'
+        ...headers,
+        "content-type": "application/json; charset=UTF-8"
       }
     });
-    throw new import_http_exception.HTTPException(401, { res });
+    throw new import_http_exception.HTTPException(status, { res });
   };
 };
 // Annotate the CommonJS export names for ESM import in node:

package/dist/cjs/middleware/bearer-auth/index.js

@@ -40,26 +40,38 @@ const bearerAuth = (options) => {
   const prefixRegexStr = options.prefix === "" ? "" : `${options.prefix} +`;
   const regexp = new RegExp(`^${prefixRegexStr}(${TOKEN_STRINGS}) *$`);
   const wwwAuthenticatePrefix = options.prefix === "" ? "" : `${options.prefix} `;
+  const throwHTTPException = async (c, status, wwwAuthenticateHeader, messageOption) => {
+    const headers = {
+      "WWW-Authenticate": wwwAuthenticateHeader
+    };
+    const responseMessage = typeof messageOption === "function" ? await messageOption(c) : messageOption;
+    const res = typeof responseMessage === "string" ? new Response(responseMessage, { status, headers }) : new Response(JSON.stringify(responseMessage), {
+      status,
+      headers: {
+        ...headers,
+        "content-type": "application/json; charset=UTF-8"
+      }
+    });
+    throw new import_http_exception.HTTPException(status, { res });
+  };
   return async function bearerAuth2(c, next) {
     const headerToken = c.req.header(options.headerName || HEADER);
     if (!headerToken) {
-      const res = new Response("Unauthorized", {
-        status: 401,
-        headers: {
-          "WWW-Authenticate": `${wwwAuthenticatePrefix}realm="` + realm + '"'
-        }
-      });
-      throw new import_http_exception.HTTPException(401, { res });
+      await throwHTTPException(
+        c,
+        401,
+        `${wwwAuthenticatePrefix}realm="${realm}"`,
+        options.noAuthenticationHeaderMessage || "Unauthorized"
+      );
     } else {
       const match = regexp.exec(headerToken);
       if (!match) {
-        const res = new Response("Bad Request", {
-          status: 400,
-          headers: {
-            "WWW-Authenticate": `${wwwAuthenticatePrefix}error="invalid_request"`
-          }
-        });
-        throw new import_http_exception.HTTPException(400, { res });
+        await throwHTTPException(
+          c,
+          400,
+          `${wwwAuthenticatePrefix}error="invalid_request"`,
+          options.invalidAuthenticationHeaderMessage || "Bad Request"
+        );
       } else {
         let equal = false;
         if ("verifyToken" in options) {
@@ -75,13 +87,12 @@ const bearerAuth = (options) => {
           }
         }
         if (!equal) {
-          const res = new Response("Unauthorized", {
-            status: 401,
-            headers: {
-              "WWW-Authenticate": `${wwwAuthenticatePrefix}error="invalid_token"`
-            }
-          });
-          throw new import_http_exception.HTTPException(401, { res });
+          await throwHTTPException(
+            c,
+            401,
+            `${wwwAuthenticatePrefix}error="invalid_token"`,
+            options.invalidTokenMessage || "Unauthorized"
+          );
         }
       }
     }

package/dist/cjs/middleware/context-storage/index.js

@@ -0,0 +1,43 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var context_storage_exports = {};
+__export(context_storage_exports, {
+  contextStorage: () => contextStorage,
+  getContext: () => getContext
+});
+module.exports = __toCommonJS(context_storage_exports);
+var import_node_async_hooks = require("node:async_hooks");
+const asyncLocalStorage = new import_node_async_hooks.AsyncLocalStorage();
+const contextStorage = () => {
+  return async function contextStorage2(c, next) {
+    await asyncLocalStorage.run(c, next);
+  };
+};
+const getContext = () => {
+  const context = asyncLocalStorage.getStore();
+  if (!context) {
+    throw new Error("Context is not available");
+  }
+  return context;
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  contextStorage,
+  getContext
+});

package/dist/cjs/middleware/jsx-renderer/index.js

@@ -45,6 +45,7 @@ const createRenderer = (c, Layout, component, options) => (children, props) => {
     if (options.stream === true) {
       c.header("Transfer-Encoding", "chunked");
       c.header("Content-Type", "text/html; charset=UTF-8");
+      c.header("Content-Encoding", "Identity");
     } else {
       for (const [key, value] of Object.entries(options.stream)) {
         c.header(key, value);

package/dist/cjs/middleware/secure-headers/permissions-policy.js

@@ -0,0 +1,16 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var permissions_policy_exports = {};
+module.exports = __toCommonJS(permissions_policy_exports);

package/dist/cjs/middleware/secure-headers/secure-headers.js

@@ -50,7 +50,8 @@ const DEFAULT_OPTIONS = {
   xFrameOptions: true,
   xPermittedCrossDomainPolicies: true,
   xXssProtection: true,
-  removePoweredBy: true
+  removePoweredBy: true,
+  permissionsPolicy: {}
 };
 const generateNonce = () => {
   const buffer = new Uint8Array(16);
@@ -76,6 +77,12 @@ const secureHeaders = (customOptions) => {
     }
     headersToSet.push(["Content-Security-Policy", value]);
   }
+  if (options.permissionsPolicy && Object.keys(options.permissionsPolicy).length > 0) {
+    headersToSet.push([
+      "Permissions-Policy",
+      getPermissionsPolicyDirectives(options.permissionsPolicy)
+    ]);
+  }
   if (options.reportingEndpoints) {
     headersToSet.push(["Reporting-Endpoints", getReportingEndpoints(options.reportingEndpoints)]);
   }
@@ -135,6 +142,28 @@ function getCSPDirectives(contentSecurityPolicy) {
     resultValues
   ];
 }
+function getPermissionsPolicyDirectives(policy) {
+  return Object.entries(policy).map(([directive, value]) => {
+    const kebabDirective = camelToKebab(directive);
+    if (typeof value === "boolean") {
+      return `${kebabDirective}=${value ? "*" : "none"}`;
+    }
+    if (Array.isArray(value)) {
+      if (value.length === 0) {
+        return `${kebabDirective}=()`;
+      }
+      if (value.length === 1 && (value[0] === "*" || value[0] === "none")) {
+        return `${kebabDirective}=${value[0]}`;
+      }
+      const allowlist = value.map((item) => ["self", "src"].includes(item) ? item : `"${item}"`);
+      return `${kebabDirective}=(${allowlist.join(" ")})`;
+    }
+    return "";
+  }).filter(Boolean).join(", ");
+}
+function camelToKebab(str) {
+  return str.replace(/([a-z\d])([A-Z])/g, "$1-$2").toLowerCase();
+}
 function getReportingEndpoints(reportingEndpoints = []) {
   return reportingEndpoints.map((endpoint) => `${endpoint.name}="${endpoint.url}"`).join(", ");
 }

package/dist/cjs/middleware/serve-static/index.js

@@ -23,6 +23,11 @@ __export(serve_static_exports, {
 module.exports = __toCommonJS(serve_static_exports);
 var import_filepath = require("../../utils/filepath");
 var import_mime = require("../../utils/mime");
+const ENCODINGS = {
+  br: ".br",
+  zstd: ".zst",
+  gzip: ".gz"
+};
 const DEFAULT_DOCUMENT = "index.html";
 const defaultPathResolve = (path) => path;
 const serveStatic = (options) => {
@@ -40,7 +45,7 @@ const serveStatic = (options) => {
         root
       });
       if (path2 && await options.isDir(path2)) {
-        filename = filename + "/";
+        filename += "/";
       }
     }
     let path = (0, import_filepath.getFilePath)({
@@ -56,34 +61,46 @@ const serveStatic = (options) => {
     path = pathResolve(path);
     let content = await getContent(path, c);
     if (!content) {
-      let pathWithOutDefaultDocument = (0, import_filepath.getFilePathWithoutDefaultDocument)({
+      let pathWithoutDefaultDocument = (0, import_filepath.getFilePathWithoutDefaultDocument)({
         filename,
         root
       });
-      if (!pathWithOutDefaultDocument) {
+      if (!pathWithoutDefaultDocument) {
         return await next();
       }
-      pathWithOutDefaultDocument = pathResolve(pathWithOutDefaultDocument);
-      if (pathWithOutDefaultDocument !== path) {
-        content = await getContent(pathWithOutDefaultDocument, c);
+      pathWithoutDefaultDocument = pathResolve(pathWithoutDefaultDocument);
+      if (pathWithoutDefaultDocument !== path) {
+        content = await getContent(pathWithoutDefaultDocument, c);
         if (content) {
-          path = pathWithOutDefaultDocument;
+          path = pathWithoutDefaultDocument;
         }
       }
     }
     if (content instanceof Response) {
       return c.newResponse(content.body, content);
     }
+    const mimeType = options.mimes ? (0, import_mime.getMimeType)(path, options.mimes) ?? (0, import_mime.getMimeType)(path) : (0, import_mime.getMimeType)(path);
+    if (mimeType) {
+      c.header("Content-Type", mimeType);
+    }
     if (content) {
-      let mimeType;
-      if (options.mimes) {
-        mimeType = (0, import_mime.getMimeType)(path, options.mimes) ?? (0, import_mime.getMimeType)(path);
-      } else {
-        mimeType = (0, import_mime.getMimeType)(path);
-      }
-      if (mimeType) {
-        c.header("Content-Type", mimeType);
+      if (options.precompressed) {
+        const acceptEncodings = c.req.header("Accept-Encoding")?.split(",").map((encoding) => encoding.trim()).filter(
+          (encoding) => Object.hasOwn(ENCODINGS, encoding)
+        ).sort(
+          (a, b) => Object.keys(ENCODINGS).indexOf(a) - Object.keys(ENCODINGS).indexOf(b)
+        ) ?? [];
+        for (const encoding of acceptEncodings) {
+          const compressedContent = await getContent(path + ENCODINGS[encoding], c);
+          if (compressedContent) {
+            content = compressedContent;
+            c.header("Content-Encoding", encoding);
+            c.header("Vary", "Accept-Encoding", { append: true });
+            break;
+          }
+        }
       }
+      await options.onFound?.(path, c);
       return c.body(content);
     }
     await options.onNotFound?.(path, c);

package/dist/cjs/utils/html.js

@@ -112,6 +112,14 @@ const resolveCallbackSync = (str) => {
   return buffer[0];
 };
 const resolveCallback = async (str, phase, preserveCallbacks, context, buffer) => {
+  if (typeof str === "object" && !(str instanceof String)) {
+    if (!(str instanceof Promise)) {
+      str = str.toString();
+    }
+    if (str instanceof Promise) {
+      str = await str;
+    }
+  }
   const callbacks = str.callbacks;
   if (!callbacks?.length) {
     return Promise.resolve(str);

package/dist/context.js

@@ -59,16 +59,30 @@ var Context = class {
   set res(_res) {
     this.#isFresh = false;
     if (this.#res && _res) {
-      this.#res.headers.delete("content-type");
-      for (const [k, v] of this.#res.headers.entries()) {
-        if (k === "set-cookie") {
-          const cookies = this.#res.headers.getSetCookie();
-          _res.headers.delete("set-cookie");
-          for (const cookie of cookies) {
-            _res.headers.append("set-cookie", cookie);
+      try {
+        for (const [k, v] of this.#res.headers.entries()) {
+          if (k === "content-type") {
+            continue;
           }
+          if (k === "set-cookie") {
+            const cookies = this.#res.headers.getSetCookie();
+            _res.headers.delete("set-cookie");
+            for (const cookie of cookies) {
+              _res.headers.append("set-cookie", cookie);
+            }
+          } else {
+            _res.headers.set(k, v);
+          }
+        }
+      } catch (e) {
+        if (e instanceof TypeError && e.message.includes("immutable")) {
+          this.res = new Response(_res.body, {
+            headers: _res.headers,
+            status: _res.status
+          });
+          return;
         } else {
-          _res.headers.set(k, v);
+          throw e;
         }
       }
     }
@@ -212,14 +226,9 @@ var Context = class {
     this.#preparedHeaders ??= {};
     this.#preparedHeaders["content-type"] = "text/html; charset=UTF-8";
     if (typeof html === "object") {
-      if (!(html instanceof Promise)) {
-        html = html.toString();
-      }
-      if (html instanceof Promise) {
-        return html.then((html2) => resolveCallback(html2, HtmlEscapedCallbackPhase.Stringify, false, {})).then((html2) => {
-          return typeof arg === "number" ? this.newResponse(html2, arg, headers) : this.newResponse(html2, arg);
-        });
-      }
+      return resolveCallback(html, HtmlEscapedCallbackPhase.Stringify, false, {}).then((html2) => {
+        return typeof arg === "number" ? this.newResponse(html2, arg, headers) : this.newResponse(html2, arg);
+      });
     }
     return typeof arg === "number" ? this.newResponse(html, arg, headers) : this.newResponse(html, arg);
   };

package/dist/helper/streaming/sse.js

@@ -1,16 +1,18 @@
 // src/helper/streaming/sse.ts
 import { StreamingApi } from "../../utils/stream.js";
+import { HtmlEscapedCallbackPhase, resolveCallback } from "../../utils/html.js";
 var SSEStreamingApi = class extends StreamingApi {
   constructor(writable, readable) {
     super(writable, readable);
   }
   async writeSSE(message) {
-    const data = message.data.split("\n").map((line) => {
+    const data = await resolveCallback(message.data, HtmlEscapedCallbackPhase.Stringify, false, {});
+    const dataLines = data.split("\n").map((line) => {
       return `data: ${line}`;
     }).join("\n");
     const sseData = [
       message.event && `event: ${message.event}`,
-      data,
+      dataLines,
       message.id && `id: ${message.id}`,
       message.retry && `retry: ${message.retry}`
     ].filter(Boolean).join("\n") + "\n\n";

package/dist/middleware/basic-auth/index.js

@@ -13,6 +13,9 @@ var basicAuth = (options, ...users) => {
   if (!options.realm) {
     options.realm = "Secure Area";
   }
+  if (!options.invalidUserMessage) {
+    options.invalidUserMessage = "Unauthorized";
+  }
   if (usernamePasswordInOptions) {
     users.unshift({ username: options.username, password: options.password });
   }
@@ -37,13 +40,19 @@ var basicAuth = (options, ...users) => {
         }
       }
     }
-    const res = new Response("Unauthorized", {
-      status: 401,
+    const status = 401;
+    const headers = {
+      "WWW-Authenticate": 'Basic realm="' + options.realm?.replace(/"/g, '\\"') + '"'
+    };
+    const responseMessage = typeof options.invalidUserMessage === "function" ? await options.invalidUserMessage(ctx) : options.invalidUserMessage;
+    const res = typeof responseMessage === "string" ? new Response(responseMessage, { status, headers }) : new Response(JSON.stringify(responseMessage), {
+      status,
       headers: {
-        "WWW-Authenticate": 'Basic realm="' + options.realm?.replace(/"/g, '\\"') + '"'
+        ...headers,
+        "content-type": "application/json; charset=UTF-8"
       }
     });
-    throw new HTTPException(401, { res });
+    throw new HTTPException(status, { res });
   };
 };
 export {

package/dist/middleware/bearer-auth/index.js

@@ -18,26 +18,38 @@ var bearerAuth = (options) => {
   const prefixRegexStr = options.prefix === "" ? "" : `${options.prefix} +`;
   const regexp = new RegExp(`^${prefixRegexStr}(${TOKEN_STRINGS}) *$`);
   const wwwAuthenticatePrefix = options.prefix === "" ? "" : `${options.prefix} `;
+  const throwHTTPException = async (c, status, wwwAuthenticateHeader, messageOption) => {
+    const headers = {
+      "WWW-Authenticate": wwwAuthenticateHeader
+    };
+    const responseMessage = typeof messageOption === "function" ? await messageOption(c) : messageOption;
+    const res = typeof responseMessage === "string" ? new Response(responseMessage, { status, headers }) : new Response(JSON.stringify(responseMessage), {
+      status,
+      headers: {
+        ...headers,
+        "content-type": "application/json; charset=UTF-8"
+      }
+    });
+    throw new HTTPException(status, { res });
+  };
   return async function bearerAuth2(c, next) {
     const headerToken = c.req.header(options.headerName || HEADER);
     if (!headerToken) {
-      const res = new Response("Unauthorized", {
-        status: 401,
-        headers: {
-          "WWW-Authenticate": `${wwwAuthenticatePrefix}realm="` + realm + '"'
-        }
-      });
-      throw new HTTPException(401, { res });
+      await throwHTTPException(
+        c,
+        401,
+        `${wwwAuthenticatePrefix}realm="${realm}"`,
+        options.noAuthenticationHeaderMessage || "Unauthorized"
+      );
     } else {
       const match = regexp.exec(headerToken);
       if (!match) {
-        const res = new Response("Bad Request", {
-          status: 400,
-          headers: {
-            "WWW-Authenticate": `${wwwAuthenticatePrefix}error="invalid_request"`
-          }
-        });
-        throw new HTTPException(400, { res });
+        await throwHTTPException(
+          c,
+          400,
+          `${wwwAuthenticatePrefix}error="invalid_request"`,
+          options.invalidAuthenticationHeaderMessage || "Bad Request"
+        );
       } else {
         let equal = false;
         if ("verifyToken" in options) {
@@ -53,13 +65,12 @@ var bearerAuth = (options) => {
           }
         }
         if (!equal) {
-          const res = new Response("Unauthorized", {
-            status: 401,
-            headers: {
-              "WWW-Authenticate": `${wwwAuthenticatePrefix}error="invalid_token"`
-            }
-          });
-          throw new HTTPException(401, { res });
+          await throwHTTPException(
+            c,
+            401,
+            `${wwwAuthenticatePrefix}error="invalid_token"`,
+            options.invalidTokenMessage || "Unauthorized"
+          );
         }
       }
     }

package/dist/middleware/context-storage/index.js

@@ -0,0 +1,19 @@
+// src/middleware/context-storage/index.ts
+import { AsyncLocalStorage } from "node:async_hooks";
+var asyncLocalStorage = new AsyncLocalStorage();
+var contextStorage = () => {
+  return async function contextStorage2(c, next) {
+    await asyncLocalStorage.run(c, next);
+  };
+};
+var getContext = () => {
+  const context = asyncLocalStorage.getStore();
+  if (!context) {
+    throw new Error("Context is not available");
+  }
+  return context;
+};
+export {
+  contextStorage,
+  getContext
+};

package/dist/middleware/jsx-renderer/index.js

@@ -21,6 +21,7 @@ var createRenderer = (c, Layout, component, options) => (children, props) => {
     if (options.stream === true) {
       c.header("Transfer-Encoding", "chunked");
       c.header("Content-Type", "text/html; charset=UTF-8");
+      c.header("Content-Encoding", "Identity");
     } else {
       for (const [key, value] of Object.entries(options.stream)) {
         c.header(key, value);

package/dist/middleware/secure-headers/secure-headers.js

@@ -27,7 +27,8 @@ var DEFAULT_OPTIONS = {
   xFrameOptions: true,
   xPermittedCrossDomainPolicies: true,
   xXssProtection: true,
-  removePoweredBy: true
+  removePoweredBy: true,
+  permissionsPolicy: {}
 };
 var generateNonce = () => {
   const buffer = new Uint8Array(16);
@@ -53,6 +54,12 @@ var secureHeaders = (customOptions) => {
     }
     headersToSet.push(["Content-Security-Policy", value]);
   }
+  if (options.permissionsPolicy && Object.keys(options.permissionsPolicy).length > 0) {
+    headersToSet.push([
+      "Permissions-Policy",
+      getPermissionsPolicyDirectives(options.permissionsPolicy)
+    ]);
+  }
   if (options.reportingEndpoints) {
     headersToSet.push(["Reporting-Endpoints", getReportingEndpoints(options.reportingEndpoints)]);
   }
@@ -112,6 +119,28 @@ function getCSPDirectives(contentSecurityPolicy) {
     resultValues
   ];
 }
+function getPermissionsPolicyDirectives(policy) {
+  return Object.entries(policy).map(([directive, value]) => {
+    const kebabDirective = camelToKebab(directive);
+    if (typeof value === "boolean") {
+      return `${kebabDirective}=${value ? "*" : "none"}`;
+    }
+    if (Array.isArray(value)) {
+      if (value.length === 0) {
+        return `${kebabDirective}=()`;
+      }
+      if (value.length === 1 && (value[0] === "*" || value[0] === "none")) {
+        return `${kebabDirective}=${value[0]}`;
+      }
+      const allowlist = value.map((item) => ["self", "src"].includes(item) ? item : `"${item}"`);
+      return `${kebabDirective}=(${allowlist.join(" ")})`;
+    }
+    return "";
+  }).filter(Boolean).join(", ");
+}
+function camelToKebab(str) {
+  return str.replace(/([a-z\d])([A-Z])/g, "$1-$2").toLowerCase();
+}
 function getReportingEndpoints(reportingEndpoints = []) {
   return reportingEndpoints.map((endpoint) => `${endpoint.name}="${endpoint.url}"`).join(", ");
 }

package/dist/middleware/serve-static/index.js

@@ -1,6 +1,11 @@
 // src/middleware/serve-static/index.ts
 import { getFilePath, getFilePathWithoutDefaultDocument } from "../../utils/filepath.js";
 import { getMimeType } from "../../utils/mime.js";
+var ENCODINGS = {
+  br: ".br",
+  zstd: ".zst",
+  gzip: ".gz"
+};
 var DEFAULT_DOCUMENT = "index.html";
 var defaultPathResolve = (path) => path;
 var serveStatic = (options) => {
@@ -18,7 +23,7 @@ var serveStatic = (options) => {
         root
       });
       if (path2 && await options.isDir(path2)) {
-        filename = filename + "/";
+        filename += "/";
       }
     }
     let path = getFilePath({
@@ -34,34 +39,46 @@ var serveStatic = (options) => {
     path = pathResolve(path);
     let content = await getContent(path, c);
     if (!content) {
-      let pathWithOutDefaultDocument = getFilePathWithoutDefaultDocument({
+      let pathWithoutDefaultDocument = getFilePathWithoutDefaultDocument({
         filename,
         root
       });
-      if (!pathWithOutDefaultDocument) {
+      if (!pathWithoutDefaultDocument) {
         return await next();
       }
-      pathWithOutDefaultDocument = pathResolve(pathWithOutDefaultDocument);
-      if (pathWithOutDefaultDocument !== path) {
-        content = await getContent(pathWithOutDefaultDocument, c);
+      pathWithoutDefaultDocument = pathResolve(pathWithoutDefaultDocument);
+      if (pathWithoutDefaultDocument !== path) {
+        content = await getContent(pathWithoutDefaultDocument, c);
         if (content) {
-          path = pathWithOutDefaultDocument;
+          path = pathWithoutDefaultDocument;
         }
       }
     }
     if (content instanceof Response) {
       return c.newResponse(content.body, content);
     }
+    const mimeType = options.mimes ? getMimeType(path, options.mimes) ?? getMimeType(path) : getMimeType(path);
+    if (mimeType) {
+      c.header("Content-Type", mimeType);
+    }
     if (content) {
-      let mimeType;
-      if (options.mimes) {
-        mimeType = getMimeType(path, options.mimes) ?? getMimeType(path);
-      } else {
-        mimeType = getMimeType(path);
-      }
-      if (mimeType) {
-        c.header("Content-Type", mimeType);
+      if (options.precompressed) {
+        const acceptEncodings = c.req.header("Accept-Encoding")?.split(",").map((encoding) => encoding.trim()).filter(
+          (encoding) => Object.hasOwn(ENCODINGS, encoding)
+        ).sort(
+          (a, b) => Object.keys(ENCODINGS).indexOf(a) - Object.keys(ENCODINGS).indexOf(b)
+        ) ?? [];
+        for (const encoding of acceptEncodings) {
+          const compressedContent = await getContent(path + ENCODINGS[encoding], c);
+          if (compressedContent) {
+            content = compressedContent;
+            c.header("Content-Encoding", encoding);
+            c.header("Vary", "Accept-Encoding", { append: true });
+            break;
+          }
+        }
       }
+      await options.onFound?.(path, c);
       return c.body(content);
     }
     await options.onNotFound?.(path, c);

package/dist/types/adapter/bun/websocket.d.ts

@@ -10,16 +10,14 @@ interface BunWebSocketHandler<T> {
     close(ws: BunServerWebSocket<T>, code?: number, reason?: string): void;
     message(ws: BunServerWebSocket<T>, message: string | Uint8Array): void;
 }
-interface CreateWebSocket {
-    (): {
-        upgradeWebSocket: UpgradeWebSocket;
-        websocket: BunWebSocketHandler<BunWebSocketData>;
-    };
+interface CreateWebSocket<T> {
+    upgradeWebSocket: UpgradeWebSocket<T>;
+    websocket: BunWebSocketHandler<BunWebSocketData>;
 }
 export interface BunWebSocketData {
     connId: number;
     url: URL;
     protocol: string;
 }
-export declare const createBunWebSocket: CreateWebSocket;
+export declare const createBunWebSocket: <T>() => CreateWebSocket<T>;
 export {};

package/dist/types/adapter/cloudflare-pages/handler.d.ts

@@ -1,7 +1,7 @@
 import type { Hono } from '../../hono';
 import type { BlankSchema, Env, Input, MiddlewareHandler, Schema } from '../../types';
 type Params<P extends string = any> = Record<P, string | string[]>;
-export type EventContext<Env = {}, P extends string = any, Data = {}> = {
+export type EventContext<Env = {}, P extends string = any, Data = Record<string, unknown>> = {
     request: Request;
     functionPath: string;
     waitUntil: (promise: Promise<unknown>) => void;
@@ -17,7 +17,11 @@ export type EventContext<Env = {}, P extends string = any, Data = {}> = {
 };
 declare type PagesFunction<Env = unknown, Params extends string = any, Data extends Record<string, unknown> = Record<string, unknown>> = (context: EventContext<Env, Params, Data>) => Response | Promise<Response>;
 export declare const handle: <E extends Env = Env, S extends Schema = BlankSchema, BasePath extends string = "/">(app: Hono<E, S, BasePath>) => PagesFunction<E["Bindings"], any, Record<string, unknown>>;
-export declare function handleMiddleware<E extends Env = any, P extends string = any, I extends Input = {}>(middleware: MiddlewareHandler<E, P, I>): PagesFunction<E['Bindings']>;
+export declare function handleMiddleware<E extends Env = {}, P extends string = any, I extends Input = {}>(middleware: MiddlewareHandler<E & {
+    Bindings: {
+        eventContext: EventContext;
+    };
+}, P, I>): PagesFunction<E['Bindings']>;
 /**
  *
  * @description `serveStatic()` is for advanced mode:

package/dist/types/adapter/cloudflare-workers/websocket.d.ts

@@ -1,2 +1,2 @@
 import type { UpgradeWebSocket } from '../../helper/websocket';
-export declare const upgradeWebSocket: UpgradeWebSocket;
+export declare const upgradeWebSocket: UpgradeWebSocket<WebSocket>;

package/dist/types/adapter/deno/websocket.d.ts

@@ -18,4 +18,4 @@ export interface UpgradeWebSocketOptions {
      */
     idleTimeout?: number;
 }
-export declare const upgradeWebSocket: UpgradeWebSocket<UpgradeWebSocketOptions>;
+export declare const upgradeWebSocket: UpgradeWebSocket<WebSocket, UpgradeWebSocketOptions>;

package/dist/types/helper/streaming/sse.d.ts

@@ -1,7 +1,7 @@
 import type { Context } from '../../context';
 import { StreamingApi } from '../../utils/stream';
 export interface SSEMessage {
-    data: string;
+    data: string | Promise<string>;
     event?: string;
     id?: string;
     retry?: number;

package/dist/types/helper/websocket/index.d.ts

@@ -7,24 +7,24 @@ import type { MiddlewareHandler } from '../../types';
 /**
  * WebSocket Event Listeners type
  */
-export interface WSEvents {
-    onOpen?: (evt: Event, ws: WSContext) => void;
-    onMessage?: (evt: MessageEvent<WSMessageReceive>, ws: WSContext) => void;
-    onClose?: (evt: CloseEvent, ws: WSContext) => void;
-    onError?: (evt: Event, ws: WSContext) => void;
+export interface WSEvents<T = unknown> {
+    onOpen?: (evt: Event, ws: WSContext<T>) => void;
+    onMessage?: (evt: MessageEvent<WSMessageReceive>, ws: WSContext<T>) => void;
+    onClose?: (evt: CloseEvent, ws: WSContext<T>) => void;
+    onError?: (evt: Event, ws: WSContext<T>) => void;
 }
 /**
  * Upgrade WebSocket Type
  */
-export type UpgradeWebSocket<T = any> = (createEvents: (c: Context) => WSEvents | Promise<WSEvents>, options?: T) => MiddlewareHandler<any, string, {
+export type UpgradeWebSocket<T = unknown, U = any> = (createEvents: (c: Context) => WSEvents<T> | Promise<WSEvents<T>>, options?: U) => MiddlewareHandler<any, string, {
     outputFormat: 'ws';
 }>;
 export type WSReadyState = 0 | 1 | 2 | 3;
-export type WSContext = {
+export type WSContext<T = unknown> = {
     send(source: string | ArrayBuffer | Uint8Array, options?: {
         compress: boolean;
     }): void;
-    raw?: unknown;
+    raw?: T;
     binaryType: BinaryType;
     readyState: WSReadyState;
     url: URL | null;

package/dist/types/middleware/basic-auth/index.d.ts

@@ -4,15 +4,18 @@
  */
 import type { Context } from '../../context';
 import type { MiddlewareHandler } from '../../types';
+type MessageFunction = (c: Context) => string | object | Promise<string | object>;
 type BasicAuthOptions = {
     username: string;
     password: string;
     realm?: string;
     hashFunction?: Function;
+    invalidUserMessage?: string | object | MessageFunction;
 } | {
     verifyUser: (username: string, password: string, c: Context) => boolean | Promise<boolean>;
     realm?: string;
     hashFunction?: Function;
+    invalidUserMessage?: string | object | MessageFunction;
 };
 /**
  * Basic Auth Middleware for Hono.
@@ -25,6 +28,7 @@ type BasicAuthOptions = {
  * @param {string} [options.realm="Secure Area"] - The realm attribute for the WWW-Authenticate header.
  * @param {Function} [options.hashFunction] - The hash function used for secure comparison.
  * @param {Function} [options.verifyUser] - The function to verify user credentials.
+ * @param {string | object | MessageFunction} [options.invalidUserMessage="Unauthorized"] - The invalid user message.
  * @returns {MiddlewareHandler} The middleware handler function.
  * @throws {HTTPException} If neither "username and password" nor "verifyUser" options are provided.
  *

package/dist/types/middleware/bearer-auth/index.d.ts

@@ -4,18 +4,25 @@
  */
 import type { Context } from '../../context';
 import type { MiddlewareHandler } from '../../types';
+type MessageFunction = (c: Context) => string | object | Promise<string | object>;
 type BearerAuthOptions = {
     token: string | string[];
     realm?: string;
     prefix?: string;
     headerName?: string;
     hashFunction?: Function;
+    noAuthenticationHeaderMessage?: string | object | MessageFunction;
+    invalidAuthenticationHeaderMessage?: string | object | MessageFunction;
+    invalidTokenMessage?: string | object | MessageFunction;
 } | {
     realm?: string;
     prefix?: string;
     headerName?: string;
     verifyToken: (token: string, c: Context) => boolean | Promise<boolean>;
     hashFunction?: Function;
+    noAuthenticationHeaderMessage?: string | object | MessageFunction;
+    invalidAuthenticationHeaderMessage?: string | object | MessageFunction;
+    invalidTokenMessage?: string | object | MessageFunction;
 };
 /**
  * Bearer Auth Middleware for Hono.
@@ -29,6 +36,9 @@ type BearerAuthOptions = {
  * @param {string} [options.prefix="Bearer"] - The prefix (or known as `schema`) for the Authorization header value. If set to the empty string, no prefix is expected.
  * @param {string} [options.headerName=Authorization] - The header name.
  * @param {Function} [options.hashFunction] - A function to handle hashing for safe comparison of authentication tokens.
+ * @param {string | object | MessageFunction} [options.noAuthenticationHeaderMessage="Unauthorized"] - The no authentication header message.
+ * @param {string | object | MessageFunction} [options.invalidAuthenticationHeaderMeasage="Bad Request"] - The invalid authentication header message.
+ * @param {string | object | MessageFunction} [options.invalidTokenMessage="Unauthorized"] - The invalid token message.
  * @returns {MiddlewareHandler} The middleware handler function.
  * @throws {Error} If neither "token" nor "verifyToken" options are provided.
  * @throws {HTTPException} If authentication fails, with 401 status code for missing or invalid token, or 400 status code for invalid request.

package/dist/types/middleware/context-storage/index.d.ts

@@ -0,0 +1,39 @@
+/**
+ * @module
+ * Context Storage Middleware for Hono.
+ */
+import type { Context } from '../../context';
+import type { Env, MiddlewareHandler } from '../../types';
+/**
+ * Context Storage Middleware for Hono.
+ *
+ * @see {@link https://hono.dev/docs/middleware/builtin/context-storage}
+ *
+ * @returns {MiddlewareHandler} The middleware handler function.
+ *
+ * @example
+ * ```ts
+ * type Env = {
+ *   Variables: {
+ *     message: string
+ *   }
+ * }
+ *
+ * const app = new Hono<Env>()
+ *
+ * app.use(contextStorage())
+ *
+ * app.use(async (c, next) => {
+ *   c.set('message', 'Hono is cool!!)
+ *   await next()
+ * })
+ *
+ * app.get('/', async (c) => { c.text(getMessage()) })
+ *
+ * const getMessage = () => {
+ *   return getContext<Env>().var.message
+ * }
+ * ```
+ */
+export declare const contextStorage: () => MiddlewareHandler;
+export declare const getContext: <E extends Env = Env>() => Context<E, any, {}>;

package/dist/types/middleware/jsx-renderer/index.d.ts

@@ -1,6 +1,6 @@
 /**
  * @module
- * JSR Renderer Middleware for Hono.
+ * JSX Renderer Middleware for Hono.
  */
 import type { Context, PropsForRenderer } from '../../context';
 import type { FC, Context as JSXContext, PropsWithChildren } from '../../jsx';

package/dist/types/middleware/secure-headers/permissions-policy.d.ts

@@ -0,0 +1,14 @@
+export type PermissionsPolicyDirective = StandardizedFeatures | ProposedFeatures | ExperimentalFeatures;
+/**
+ * These features have been declared in a published version of the respective specification.
+ */
+type StandardizedFeatures = 'accelerometer' | 'ambientLightSensor' | 'attributionReporting' | 'autoplay' | 'battery' | 'bluetooth' | 'camera' | 'chUa' | 'chUaArch' | 'chUaBitness' | 'chUaFullVersion' | 'chUaFullVersionList' | 'chUaMobile' | 'chUaModel' | 'chUaPlatform' | 'chUaPlatformVersion' | 'chUaWow64' | 'computePressure' | 'crossOriginIsolated' | 'directSockets' | 'displayCapture' | 'encryptedMedia' | 'executionWhileNotRendered' | 'executionWhileOutOfViewport' | 'fullscreen' | 'geolocation' | 'gyroscope' | 'hid' | 'identityCredentialsGet' | 'idleDetection' | 'keyboardMap' | 'magnetometer' | 'microphone' | 'midi' | 'navigationOverride' | 'payment' | 'pictureInPicture' | 'publickeyCredentialsGet' | 'screenWakeLock' | 'serial' | 'storageAccess' | 'syncXhr' | 'usb' | 'webShare' | 'windowManagement' | 'xrSpatialTracking';
+/**
+ * These features have been proposed, but the definitions have not yet been integrated into their respective specs.
+ */
+type ProposedFeatures = 'clipboardRead' | 'clipboardWrite' | 'gemepad' | 'sharedAutofill' | 'speakerSelection';
+/**
+ * These features generally have an explainer only, but may be available for experimentation by web developers.
+ */
+type ExperimentalFeatures = 'allScreensCapture' | 'browsingTopics' | 'capturedSurfaceControl' | 'conversionMeasurement' | 'digitalCredentialsGet' | 'focusWithoutUserActivation' | 'joinAdInterestGroup' | 'localFonts' | 'runAdAuction' | 'smartCard' | 'syncScript' | 'trustTokenRedemption' | 'unload' | 'verticalScroll';
+export {};

package/dist/types/middleware/secure-headers/secure-headers.d.ts

@@ -4,6 +4,7 @@
  */
 import type { Context } from '../../context';
 import type { MiddlewareHandler } from '../../types';
+import type { PermissionsPolicyDirective } from './permissions-policy';
 export type SecureHeadersVariables = {
     secureHeadersNonce?: string;
 };
@@ -45,6 +46,8 @@ interface ReportingEndpointOptions {
     name: string;
     url: string;
 }
+type PermissionsPolicyValue = '*' | 'self' | 'src' | 'none' | string;
+type PermissionsPolicyOptions = Partial<Record<PermissionsPolicyDirective, PermissionsPolicyValue[] | boolean>>;
 type overridableHeader = boolean | string;
 interface SecureHeadersOptions {
     contentSecurityPolicy?: ContentSecurityPolicyOptions;
@@ -63,6 +66,7 @@ interface SecureHeadersOptions {
     xPermittedCrossDomainPolicies?: overridableHeader;
     xXssProtection?: overridableHeader;
     removePoweredBy?: boolean;
+    permissionsPolicy?: PermissionsPolicyOptions;
 }
 export declare const NONCE: ContentSecurityPolicyOptionHandler;
 /**
@@ -87,6 +91,7 @@ export declare const NONCE: ContentSecurityPolicyOptionHandler;
  * @param {overridableHeader} [customOptions.xPermittedCrossDomainPolicies=true] - Settings for the X-Permitted-Cross-Domain-Policies header.
  * @param {overridableHeader} [customOptions.xXssProtection=true] - Settings for the X-XSS-Protection header.
  * @param {boolean} [customOptions.removePoweredBy=true] - Settings for remove X-Powered-By header.
+ * @param {PermissionsPolicyOptions} [customOptions.permissionsPolicy] - Settings for the Permissions-Policy header.
  * @returns {MiddlewareHandler} The middleware handler function.
  *
  * @example

package/dist/types/middleware/serve-static/index.d.ts

@@ -7,8 +7,10 @@ import type { Env, MiddlewareHandler } from '../../types';
 export type ServeStaticOptions<E extends Env = Env> = {
     root?: string;
     path?: string;
+    precompressed?: boolean;
     mimes?: Record<string, string>;
     rewriteRequestPath?: (path: string) => string;
+    onFound?: (path: string, c: Context<E>) => void | Promise<void>;
     onNotFound?: (path: string, c: Context<E>) => void | Promise<void>;
 };
 /**

package/dist/types/utils/html.d.ts

@@ -40,5 +40,5 @@ export declare const raw: (value: unknown, callbacks?: HtmlEscapedCallback[]) =>
 export declare const stringBufferToString: (buffer: StringBuffer, callbacks: HtmlEscapedCallback[] | undefined) => Promise<HtmlEscapedString>;
 export declare const escapeToBuffer: (str: string, buffer: StringBuffer) => void;
 export declare const resolveCallbackSync: (str: string | HtmlEscapedString) => string;
-export declare const resolveCallback: (str: string | HtmlEscapedString, phase: (typeof HtmlEscapedCallbackPhase)[keyof typeof HtmlEscapedCallbackPhase], preserveCallbacks: boolean, context: object, buffer?: [string]) => Promise<string>;
+export declare const resolveCallback: (str: string | HtmlEscapedString | Promise<string>, phase: (typeof HtmlEscapedCallbackPhase)[keyof typeof HtmlEscapedCallbackPhase], preserveCallbacks: boolean, context: object, buffer?: [string]) => Promise<string>;
 export {};

package/dist/utils/html.js

@@ -85,6 +85,14 @@ var resolveCallbackSync = (str) => {
   return buffer[0];
 };
 var resolveCallback = async (str, phase, preserveCallbacks, context, buffer) => {
+  if (typeof str === "object" && !(str instanceof String)) {
+    if (!(str instanceof Promise)) {
+      str = str.toString();
+    }
+    if (str instanceof Promise) {
+      str = await str;
+    }
+  }
   const callbacks = str.callbacks;
   if (!callbacks?.length) {
     return Promise.resolve(str);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hono",
-  "version": "4.5.11",
+  "version": "4.6.0",
   "description": "Web framework built on Web Standards",
   "main": "dist/cjs/index.js",
   "type": "module",
@@ -104,6 +104,11 @@
       "import": "./dist/middleware/compress/index.js",
       "require": "./dist/cjs/middleware/compress/index.js"
     },
+    "./context-storage": {
+      "types": "./dist/types/middleware/context-storage/index.d.ts",
+      "import": "./dist/middleware/context-storage/index.js",
+      "require": "./dist/cjs/middleware/context-storage/index.js"
+    },
     "./cors": {
       "types": "./dist/types/middleware/cors/index.d.ts",
       "import": "./dist/middleware/cors/index.js",
@@ -421,6 +426,9 @@
       "compress": [
         "./dist/types/middleware/compress"
       ],
+      "context-storage": [
+        "./dist/types/middleware/context-storage"
+      ],
       "cors": [
         "./dist/types/middleware/cors"
       ],