hono 4.6.20 → 4.7.1

package/dist/types/utils/accept.d.ts

@@ -0,0 +1,11 @@
+export interface Accept {
+    type: string;
+    params: Record<string, string>;
+    q: number;
+}
+/**
+ * Parse an Accept header into an array of objects with type, parameters, and quality score.
+ * @param acceptHeader The Accept header string
+ * @returns An array of parsed Accept values
+ */
+export declare const parseAccept: (acceptHeader: string) => Accept[];

package/dist/types/utils/cookie.d.ts

@@ -16,7 +16,7 @@ type SecureCookieConstraint = {
 };
 type HostCookieConstraint = {
     secure: true;
-    path: '/';
+    path: "/";
     domain?: undefined;
 };
 export type CookieOptions = {
@@ -27,12 +27,12 @@ export type CookieOptions = {
     path?: string;
     secure?: boolean;
     signingSecret?: string;
-    sameSite?: 'Strict' | 'Lax' | 'None' | 'strict' | 'lax' | 'none';
+    sameSite?: "Strict" | "Lax" | "None" | "strict" | "lax" | "none";
     partitioned?: boolean;
-    priority?: 'Low' | 'Medium' | 'High';
+    priority?: "Low" | "Medium" | "High";
     prefix?: CookiePrefixOptions;
 } & PartitionedCookieConstraint;
-export type CookiePrefixOptions = 'host' | 'secure';
+export type CookiePrefixOptions = "host" | "secure";
 export type CookieConstraint<Name> = Name extends `__Secure-${string}` ? CookieOptions & SecureCookieConstraint : Name extends `__Host-${string}` ? CookieOptions & HostCookieConstraint : CookieOptions;
 export declare const parse: (cookie: string, name?: string) => Cookie;
 export declare const parseSigned: (cookie: string, secret: string | BufferSource, name?: string) => Promise<SignedCookie>;

package/dist/types/utils/headers.d.ts

@@ -2,7 +2,7 @@
  * @module
  * HTTP Headers utility.
  */
-export type RequestHeader = 'A-IM' | 'Accept' | 'Accept-Additions' | 'Accept-CH' | 'Accept-Charset' | 'Accept-Datetime' | 'Accept-Encoding' | 'Accept-Features' | 'Accept-Language' | 'Accept-Patch' | 'Accept-Post' | 'Accept-Ranges' | 'Accept-Signature' | 'Access-Control' | 'Access-Control-Allow-Credentials' | 'Access-Control-Allow-Headers' | 'Access-Control-Allow-Methods' | 'Access-Control-Allow-Origin' | 'Access-Control-Expose-Headers' | 'Access-Control-Max-Age' | 'Access-Control-Request-Headers' | 'Access-Control-Request-Method' | 'Age' | 'Allow' | 'ALPN' | 'Alt-Svc' | 'Alt-Used' | 'Alternates' | 'AMP-Cache-Transform' | 'Apply-To-Redirect-Ref' | 'Authentication-Control' | 'Authentication-Info' | 'Authorization' | 'Available-Dictionary' | 'C-Ext' | 'C-Man' | 'C-Opt' | 'C-PEP' | 'C-PEP-Info' | 'Cache-Control' | 'Cache-Status' | 'Cal-Managed-ID' | 'CalDAV-Timezones' | 'Capsule-Protocol' | 'CDN-Cache-Control' | 'CDN-Loop' | 'Cert-Not-After' | 'Cert-Not-Before' | 'Clear-Site-Data' | 'Client-Cert' | 'Client-Cert-Chain' | 'Close' | 'CMCD-Object' | 'CMCD-Request' | 'CMCD-Session' | 'CMCD-Status' | 'CMSD-Dynamic' | 'CMSD-Static' | 'Concealed-Auth-Export' | 'Configuration-Context' | 'Connection' | 'Content-Base' | 'Content-Digest' | 'Content-Disposition' | 'Content-Encoding' | 'Content-ID' | 'Content-Language' | 'Content-Length' | 'Content-Location' | 'Content-MD5' | 'Content-Range' | 'Content-Script-Type' | 'Content-Security-Policy' | 'Content-Security-Policy-Report-Only' | 'Content-Style-Type' | 'Content-Type' | 'Content-Version' | 'Cookie' | 'Cookie2' | 'Cross-Origin-Embedder-Policy' | 'Cross-Origin-Embedder-Policy-Report-Only' | 'Cross-Origin-Opener-Policy' | 'Cross-Origin-Opener-Policy-Report-Only' | 'Cross-Origin-Resource-Policy' | 'CTA-Common-Access-Token' | 'DASL' | 'Date' | 'DAV' | 'Default-Style' | 'Delta-Base' | 'Deprecation' | 'Depth' | 'Derived-From' | 'Destination' | 'Differential-ID' | 'Dictionary-ID' | 'Digest' | 'DPoP' | 'DPoP-Nonce' | 'Early-Data' | 'EDIINT-Features' | 'ETag' | 'Expect' | 'Expect-CT' | 'Expires' | 'Ext' | 'Forwarded' | 'From' | 'GetProfile' | 'Hobareg' | 'Host' | 'HTTP2-Settings' | 'If' | 'If-Match' | 'If-Modified-Since' | 'If-None-Match' | 'If-Range' | 'If-Schedule-Tag-Match' | 'If-Unmodified-Since' | 'IM' | 'Include-Referred-Token-Binding-ID' | 'Isolation' | 'Keep-Alive' | 'Label' | 'Last-Event-ID' | 'Last-Modified' | 'Link' | 'Link-Template' | 'Location' | 'Lock-Token' | 'Man' | 'Max-Forwards' | 'Memento-Datetime' | 'Meter' | 'Method-Check' | 'Method-Check-Expires' | 'MIME-Version' | 'Negotiate' | 'NEL' | 'OData-EntityId' | 'OData-Isolation' | 'OData-MaxVersion' | 'OData-Version' | 'Opt' | 'Optional-WWW-Authenticate' | 'Ordering-Type' | 'Origin' | 'Origin-Agent-Cluster' | 'OSCORE' | 'OSLC-Core-Version' | 'Overwrite' | 'P3P' | 'PEP' | 'PEP-Info' | 'Permissions-Policy' | 'PICS-Label' | 'Ping-From' | 'Ping-To' | 'Position' | 'Pragma' | 'Prefer' | 'Preference-Applied' | 'Priority' | 'ProfileObject' | 'Protocol' | 'Protocol-Info' | 'Protocol-Query' | 'Protocol-Request' | 'Proxy-Authenticate' | 'Proxy-Authentication-Info' | 'Proxy-Authorization' | 'Proxy-Features' | 'Proxy-Instruction' | 'Proxy-Status' | 'Public' | 'Public-Key-Pins' | 'Public-Key-Pins-Report-Only' | 'Range' | 'Redirect-Ref' | 'Referer' | 'Referer-Root' | 'Referrer-Policy' | 'Refresh' | 'Repeatability-Client-ID' | 'Repeatability-First-Sent' | 'Repeatability-Request-ID' | 'Repeatability-Result' | 'Replay-Nonce' | 'Reporting-Endpoints' | 'Repr-Digest' | 'Retry-After' | 'Safe' | 'Schedule-Reply' | 'Schedule-Tag' | 'Sec-GPC' | 'Sec-Purpose' | 'Sec-Token-Binding' | 'Sec-WebSocket-Accept' | 'Sec-WebSocket-Extensions' | 'Sec-WebSocket-Key' | 'Sec-WebSocket-Protocol' | 'Sec-WebSocket-Version' | 'Security-Scheme' | 'Server' | 'Server-Timing' | 'Set-Cookie' | 'Set-Cookie2' | 'SetProfile' | 'Signature' | 'Signature-Input' | 'SLUG' | 'SoapAction' | 'Status-URI' | 'Strict-Transport-Security' | 'Sunset' | 'Surrogate-Capability' | 'Surrogate-Control' | 'TCN' | 'TE' | 'Timeout' | 'Timing-Allow-Origin' | 'Topic' | 'Traceparent' | 'Tracestate' | 'Trailer' | 'Transfer-Encoding' | 'TTL' | 'Upgrade' | 'Urgency' | 'URI' | 'Use-As-Dictionary' | 'User-Agent' | 'Variant-Vary' | 'Vary' | 'Via' | 'Want-Content-Digest' | 'Want-Digest' | 'Want-Repr-Digest' | 'Warning' | 'WWW-Authenticate' | 'X-Content-Type-Options' | 'X-Frame-Options';
-export type ResponseHeader = 'Access-Control-Allow-Credentials' | 'Access-Control-Allow-Headers' | 'Access-Control-Allow-Methods' | 'Access-Control-Allow-Origin' | 'Access-Control-Expose-Headers' | 'Access-Control-Max-Age' | 'Age' | 'Allow' | 'Cache-Control' | 'Clear-Site-Data' | 'Content-Disposition' | 'Content-Encoding' | 'Content-Language' | 'Content-Length' | 'Content-Location' | 'Content-Range' | 'Content-Security-Policy' | 'Content-Security-Policy-Report-Only' | 'Content-Type' | 'Cookie' | 'Cross-Origin-Embedder-Policy' | 'Cross-Origin-Opener-Policy' | 'Cross-Origin-Resource-Policy' | 'Date' | 'ETag' | 'Expires' | 'Last-Modified' | 'Location' | 'Permissions-Policy' | 'Pragma' | 'Retry-After' | 'Save-Data' | 'Sec-CH-Prefers-Color-Scheme' | 'Sec-CH-Prefers-Reduced-Motion' | 'Sec-CH-UA' | 'Sec-CH-UA-Arch' | 'Sec-CH-UA-Bitness' | 'Sec-CH-UA-Form-Factor' | 'Sec-CH-UA-Full-Version' | 'Sec-CH-UA-Full-Version-List' | 'Sec-CH-UA-Mobile' | 'Sec-CH-UA-Model' | 'Sec-CH-UA-Platform' | 'Sec-CH-UA-Platform-Version' | 'Sec-CH-UA-WoW64' | 'Sec-Fetch-Dest' | 'Sec-Fetch-Mode' | 'Sec-Fetch-Site' | 'Sec-Fetch-User' | 'Sec-GPC' | 'Server' | 'Server-Timing' | 'Service-Worker-Navigation-Preload' | 'Set-Cookie' | 'Strict-Transport-Security' | 'Timing-Allow-Origin' | 'Trailer' | 'Transfer-Encoding' | 'Upgrade' | 'Vary' | 'WWW-Authenticate' | 'Warning' | 'X-Content-Type-Options' | 'X-DNS-Prefetch-Control' | 'X-Frame-Options' | 'X-Permitted-Cross-Domain-Policies' | 'X-Powered-By' | 'X-Robots-Tag' | 'X-XSS-Protection';
-export type AcceptHeader = 'Accept' | 'Accept-Charset' | 'Accept-Encoding' | 'Accept-Language' | 'Accept-Patch' | 'Accept-Post' | 'Accept-Ranges';
+export type RequestHeader = "A-IM" | "Accept" | "Accept-Additions" | "Accept-CH" | "Accept-Charset" | "Accept-Datetime" | "Accept-Encoding" | "Accept-Features" | "Accept-Language" | "Accept-Patch" | "Accept-Post" | "Accept-Ranges" | "Accept-Signature" | "Access-Control" | "Access-Control-Allow-Credentials" | "Access-Control-Allow-Headers" | "Access-Control-Allow-Methods" | "Access-Control-Allow-Origin" | "Access-Control-Expose-Headers" | "Access-Control-Max-Age" | "Access-Control-Request-Headers" | "Access-Control-Request-Method" | "Age" | "Allow" | "ALPN" | "Alt-Svc" | "Alt-Used" | "Alternates" | "AMP-Cache-Transform" | "Apply-To-Redirect-Ref" | "Authentication-Control" | "Authentication-Info" | "Authorization" | "Available-Dictionary" | "C-Ext" | "C-Man" | "C-Opt" | "C-PEP" | "C-PEP-Info" | "Cache-Control" | "Cache-Status" | "Cal-Managed-ID" | "CalDAV-Timezones" | "Capsule-Protocol" | "CDN-Cache-Control" | "CDN-Loop" | "Cert-Not-After" | "Cert-Not-Before" | "Clear-Site-Data" | "Client-Cert" | "Client-Cert-Chain" | "Close" | "CMCD-Object" | "CMCD-Request" | "CMCD-Session" | "CMCD-Status" | "CMSD-Dynamic" | "CMSD-Static" | "Concealed-Auth-Export" | "Configuration-Context" | "Connection" | "Content-Base" | "Content-Digest" | "Content-Disposition" | "Content-Encoding" | "Content-ID" | "Content-Language" | "Content-Length" | "Content-Location" | "Content-MD5" | "Content-Range" | "Content-Script-Type" | "Content-Security-Policy" | "Content-Security-Policy-Report-Only" | "Content-Style-Type" | "Content-Type" | "Content-Version" | "Cookie" | "Cookie2" | "Cross-Origin-Embedder-Policy" | "Cross-Origin-Embedder-Policy-Report-Only" | "Cross-Origin-Opener-Policy" | "Cross-Origin-Opener-Policy-Report-Only" | "Cross-Origin-Resource-Policy" | "CTA-Common-Access-Token" | "DASL" | "Date" | "DAV" | "Default-Style" | "Delta-Base" | "Deprecation" | "Depth" | "Derived-From" | "Destination" | "Differential-ID" | "Dictionary-ID" | "Digest" | "DPoP" | "DPoP-Nonce" | "Early-Data" | "EDIINT-Features" | "ETag" | "Expect" | "Expect-CT" | "Expires" | "Ext" | "Forwarded" | "From" | "GetProfile" | "Hobareg" | "Host" | "HTTP2-Settings" | "If" | "If-Match" | "If-Modified-Since" | "If-None-Match" | "If-Range" | "If-Schedule-Tag-Match" | "If-Unmodified-Since" | "IM" | "Include-Referred-Token-Binding-ID" | "Isolation" | "Keep-Alive" | "Label" | "Last-Event-ID" | "Last-Modified" | "Link" | "Link-Template" | "Location" | "Lock-Token" | "Man" | "Max-Forwards" | "Memento-Datetime" | "Meter" | "Method-Check" | "Method-Check-Expires" | "MIME-Version" | "Negotiate" | "NEL" | "OData-EntityId" | "OData-Isolation" | "OData-MaxVersion" | "OData-Version" | "Opt" | "Optional-WWW-Authenticate" | "Ordering-Type" | "Origin" | "Origin-Agent-Cluster" | "OSCORE" | "OSLC-Core-Version" | "Overwrite" | "P3P" | "PEP" | "PEP-Info" | "Permissions-Policy" | "PICS-Label" | "Ping-From" | "Ping-To" | "Position" | "Pragma" | "Prefer" | "Preference-Applied" | "Priority" | "ProfileObject" | "Protocol" | "Protocol-Info" | "Protocol-Query" | "Protocol-Request" | "Proxy-Authenticate" | "Proxy-Authentication-Info" | "Proxy-Authorization" | "Proxy-Features" | "Proxy-Instruction" | "Proxy-Status" | "Public" | "Public-Key-Pins" | "Public-Key-Pins-Report-Only" | "Range" | "Redirect-Ref" | "Referer" | "Referer-Root" | "Referrer-Policy" | "Refresh" | "Repeatability-Client-ID" | "Repeatability-First-Sent" | "Repeatability-Request-ID" | "Repeatability-Result" | "Replay-Nonce" | "Reporting-Endpoints" | "Repr-Digest" | "Retry-After" | "Safe" | "Schedule-Reply" | "Schedule-Tag" | "Sec-GPC" | "Sec-Purpose" | "Sec-Token-Binding" | "Sec-WebSocket-Accept" | "Sec-WebSocket-Extensions" | "Sec-WebSocket-Key" | "Sec-WebSocket-Protocol" | "Sec-WebSocket-Version" | "Security-Scheme" | "Server" | "Server-Timing" | "Set-Cookie" | "Set-Cookie2" | "SetProfile" | "Signature" | "Signature-Input" | "SLUG" | "SoapAction" | "Status-URI" | "Strict-Transport-Security" | "Sunset" | "Surrogate-Capability" | "Surrogate-Control" | "TCN" | "TE" | "Timeout" | "Timing-Allow-Origin" | "Topic" | "Traceparent" | "Tracestate" | "Trailer" | "Transfer-Encoding" | "TTL" | "Upgrade" | "Urgency" | "URI" | "Use-As-Dictionary" | "User-Agent" | "Variant-Vary" | "Vary" | "Via" | "Want-Content-Digest" | "Want-Digest" | "Want-Repr-Digest" | "Warning" | "WWW-Authenticate" | "X-Content-Type-Options" | "X-Frame-Options";
+export type ResponseHeader = "Access-Control-Allow-Credentials" | "Access-Control-Allow-Headers" | "Access-Control-Allow-Methods" | "Access-Control-Allow-Origin" | "Access-Control-Expose-Headers" | "Access-Control-Max-Age" | "Age" | "Allow" | "Cache-Control" | "Clear-Site-Data" | "Content-Disposition" | "Content-Encoding" | "Content-Language" | "Content-Length" | "Content-Location" | "Content-Range" | "Content-Security-Policy" | "Content-Security-Policy-Report-Only" | "Content-Type" | "Cookie" | "Cross-Origin-Embedder-Policy" | "Cross-Origin-Opener-Policy" | "Cross-Origin-Resource-Policy" | "Date" | "ETag" | "Expires" | "Last-Modified" | "Location" | "Permissions-Policy" | "Pragma" | "Retry-After" | "Save-Data" | "Sec-CH-Prefers-Color-Scheme" | "Sec-CH-Prefers-Reduced-Motion" | "Sec-CH-UA" | "Sec-CH-UA-Arch" | "Sec-CH-UA-Bitness" | "Sec-CH-UA-Form-Factor" | "Sec-CH-UA-Full-Version" | "Sec-CH-UA-Full-Version-List" | "Sec-CH-UA-Mobile" | "Sec-CH-UA-Model" | "Sec-CH-UA-Platform" | "Sec-CH-UA-Platform-Version" | "Sec-CH-UA-WoW64" | "Sec-Fetch-Dest" | "Sec-Fetch-Mode" | "Sec-Fetch-Site" | "Sec-Fetch-User" | "Sec-GPC" | "Server" | "Server-Timing" | "Service-Worker-Navigation-Preload" | "Set-Cookie" | "Strict-Transport-Security" | "Timing-Allow-Origin" | "Trailer" | "Transfer-Encoding" | "Upgrade" | "Vary" | "WWW-Authenticate" | "Warning" | "X-Content-Type-Options" | "X-DNS-Prefetch-Control" | "X-Frame-Options" | "X-Permitted-Cross-Domain-Policies" | "X-Powered-By" | "X-Robots-Tag" | "X-XSS-Protection";
+export type AcceptHeader = "Accept" | "Accept-Charset" | "Accept-Encoding" | "Accept-Language" | "Accept-Patch" | "Accept-Post" | "Accept-Ranges";
 export type CustomHeader = string & {};

package/dist/types/utils/html.d.ts

@@ -8,7 +8,9 @@ export declare const HtmlEscapedCallbackPhase: {
     readonly Stream: 3;
 };
 type HtmlEscapedCallbackOpts = {
-    buffer?: [string];
+    buffer?: [
+        string
+    ];
     phase: (typeof HtmlEscapedCallbackPhase)[keyof typeof HtmlEscapedCallbackPhase];
     context: Readonly<object>;
 };
@@ -40,5 +42,7 @@ export declare const raw: (value: unknown, callbacks?: HtmlEscapedCallback[]) =>
 export declare const stringBufferToString: (buffer: StringBuffer, callbacks: HtmlEscapedCallback[] | undefined) => Promise<HtmlEscapedString>;
 export declare const escapeToBuffer: (str: string, buffer: StringBuffer) => void;
 export declare const resolveCallbackSync: (str: string | HtmlEscapedString) => string;
-export declare const resolveCallback: (str: string | HtmlEscapedString | Promise<string>, phase: (typeof HtmlEscapedCallbackPhase)[keyof typeof HtmlEscapedCallbackPhase], preserveCallbacks: boolean, context: object, buffer?: [string]) => Promise<string>;
+export declare const resolveCallback: (str: string | HtmlEscapedString | Promise<string>, phase: (typeof HtmlEscapedCallbackPhase)[keyof typeof HtmlEscapedCallbackPhase], preserveCallbacks: boolean, context: object, buffer?: [
+    string
+]) => Promise<string>;
 export {};

package/dist/types/utils/jwt/index.d.ts

@@ -9,4 +9,8 @@ export declare const Jwt: {
         header: import("./jwt").TokenHeader;
         payload: import("./types").JWTPayload;
     };
+    verifyFromJwks: (token: string, options: {
+        keys?: import("./jws").HonoJsonWebKey[] | (() => Promise<import("./jws").HonoJsonWebKey[]>);
+        jwks_uri?: string;
+    }, init?: RequestInit) => Promise<import("./types").JWTPayload>;
 };

package/dist/types/utils/jwt/jws.d.ts

@@ -4,6 +4,9 @@
  * https://datatracker.ietf.org/doc/html/rfc7515
  */
 import type { SignatureAlgorithm } from './jwa';
-export type SignatureKey = string | JsonWebKey | CryptoKey;
+export interface HonoJsonWebKey extends JsonWebKey {
+    kid?: string;
+}
+export type SignatureKey = string | HonoJsonWebKey | CryptoKey;
 export declare function signing(privateKey: SignatureKey, alg: SignatureAlgorithm, data: BufferSource): Promise<ArrayBuffer>;
 export declare function verifying(publicKey: SignatureKey, alg: SignatureAlgorithm, signature: BufferSource, data: BufferSource): Promise<boolean>;

package/dist/types/utils/jwt/jwt.d.ts

@@ -4,16 +4,22 @@
  * https://datatracker.ietf.org/doc/html/rfc7519
  */
 import type { SignatureAlgorithm } from './jwa';
-import type { SignatureKey } from './jws';
+import type { HonoJsonWebKey, SignatureKey } from './jws';
 import type { JWTPayload } from './types';
 export interface TokenHeader {
     alg: SignatureAlgorithm;
-    typ?: 'JWT';
+    typ?: "JWT";
+    kid?: string;
 }
 export declare function isTokenHeader(obj: unknown): obj is TokenHeader;
 export declare const sign: (payload: JWTPayload, privateKey: SignatureKey, alg?: SignatureAlgorithm) => Promise<string>;
 export declare const verify: (token: string, publicKey: SignatureKey, alg?: SignatureAlgorithm) => Promise<JWTPayload>;
+export declare const verifyFromJwks: (token: string, options: {
+    keys?: HonoJsonWebKey[] | (() => Promise<HonoJsonWebKey[]>);
+    jwks_uri?: string;
+}, init?: RequestInit) => Promise<JWTPayload>;
 export declare const decode: (token: string) => {
     header: TokenHeader;
     payload: JWTPayload;
 };
+export declare const decodeHeader: (token: string) => TokenHeader;

package/dist/types/utils/jwt/types.d.ts

@@ -20,6 +20,9 @@ export declare class JwtTokenIssuedAt extends Error {
 export declare class JwtHeaderInvalid extends Error {
     constructor(header: object);
 }
+export declare class JwtHeaderRequiresKid extends Error {
+    constructor(header: object);
+}
 export declare class JwtTokenSignatureMismatched extends Error {
     constructor(token: string);
 }
@@ -51,3 +54,4 @@ export type JWTPayload = {
      */
     iat?: number;
 };
+export type { HonoJsonWebKey } from './jws';

package/dist/types/utils/mime.d.ts

@@ -61,8 +61,8 @@ declare const _baseMimes: {
     readonly xhtml: "application/xhtml+xml";
     readonly xml: "application/xml";
     readonly zip: "application/zip";
-    readonly '3gp': "video/3gpp";
-    readonly '3g2': "video/3gpp2";
+    readonly "3gp": "video/3gpp";
+    readonly "3g2": "video/3gpp2";
     readonly gltf: "model/gltf+json";
     readonly glb: "model/gltf-binary";
 };

package/dist/types/utils/stream.d.ts

@@ -3,10 +3,6 @@
  * Stream utility.
  */
 export declare class StreamingApi {
-    private writer;
-    private encoder;
-    private writable;
-    private abortSubscribers;
     responseReadable: ReadableStream;
     /**
      * Whether the stream has been aborted.

package/dist/types/utils/url.d.ts

@@ -2,15 +2,29 @@
  * @module
  * URL utility.
  */
-export type Pattern = readonly [string, string, RegExp | true] | '*';
+export type Pattern = readonly [
+    string,
+    string,
+    RegExp | true
+] | "*";
 export declare const splitPath: (path: string) => string[];
 export declare const splitRoutingPath: (routePath: string) => string[];
-export declare const getPattern: (label: string) => Pattern | null;
+export declare const getPattern: (label: string, next?: string) => Pattern | null;
 type Decoder = (str: string) => string;
 export declare const tryDecode: (str: string, decoder: Decoder) => string;
 export declare const getPath: (request: Request) => string;
 export declare const getQueryStrings: (url: string) => string;
 export declare const getPathNoStrict: (request: Request) => string;
+/**
+ * Merge paths.
+ * @param {string[]} ...paths - The paths to merge.
+ * @returns {string} The merged path.
+ * @example
+ * mergePath('/api', '/users') // '/api/users'
+ * mergePath('/api/', '/users') // '/api/users'
+ * mergePath('/api', '/') // '/api'
+ * mergePath('/api/', '/') // '/api/'
+ */
 export declare const mergePath: (...paths: string[]) => string;
 export declare const checkOptionalParameter: (path: string) => string[] | null;
 export declare const getQueryParam: (url: string, key?: string) => string | undefined | Record<string, string>;

package/dist/types/validator/validator.d.ts

@@ -1,14 +1,26 @@
 import type { Context } from '../context';
 import type { Env, MiddlewareHandler, TypedResponse, ValidationTargets } from '../types';
-type ValidationTargetKeysWithBody = 'form' | 'json';
-type ValidationTargetByMethod<M> = M extends 'get' | 'head' ? Exclude<keyof ValidationTargets, ValidationTargetKeysWithBody> : keyof ValidationTargets;
+type ValidationTargetKeysWithBody = "form" | "json";
+type ValidationTargetByMethod<M> = M extends "get" | "head" ? Exclude<keyof ValidationTargets, ValidationTargetKeysWithBody> : keyof ValidationTargets;
 export type ValidationFunction<InputType, OutputType, E extends Env = {}, P extends string = string> = (value: InputType, c: Context<E, P>) => OutputType | Response | Promise<OutputType> | Promise<Response>;
 type ExcludeResponseType<T> = T extends Response & TypedResponse<any> ? never : T;
 export declare const validator: <InputType, P extends string, M extends string, U extends ValidationTargetByMethod<M>, OutputType = ValidationTargets[U], OutputTypeExcludeResponseType = ExcludeResponseType<OutputType>, P2 extends string = P, V extends {
-    in: { [K in U]: K extends "json" ? unknown extends InputType ? OutputTypeExcludeResponseType : InputType : { [K2 in keyof OutputTypeExcludeResponseType]: ValidationTargets[K][K2]; }; };
-    out: { [K in U]: OutputTypeExcludeResponseType; };
+    in: {
+        [K in U]: K extends "json" ? unknown extends InputType ? OutputTypeExcludeResponseType : InputType : {
+            [K2 in keyof OutputTypeExcludeResponseType]: ValidationTargets[K][K2];
+        };
+    };
+    out: {
+        [K in U]: OutputTypeExcludeResponseType;
+    };
 } = {
-    in: { [K in U]: K extends "json" ? unknown extends InputType ? OutputTypeExcludeResponseType : InputType : { [K2 in keyof OutputTypeExcludeResponseType]: ValidationTargets[K][K2]; }; };
-    out: { [K in U]: OutputTypeExcludeResponseType; };
+    in: {
+        [K in U]: K extends "json" ? unknown extends InputType ? OutputTypeExcludeResponseType : InputType : {
+            [K2 in keyof OutputTypeExcludeResponseType]: ValidationTargets[K][K2];
+        };
+    };
+    out: {
+        [K in U]: OutputTypeExcludeResponseType;
+    };
 }, E extends Env = any>(target: U, validationFunc: ValidationFunction<unknown extends InputType ? ValidationTargets[U] : InputType, OutputType, E, P2>) => MiddlewareHandler<E, P, V>;
 export {};

package/dist/utils/accept.js

@@ -0,0 +1,63 @@
+// src/utils/accept.ts
+var parseAccept = (acceptHeader) => {
+  if (!acceptHeader) {
+    return [];
+  }
+  const acceptValues = acceptHeader.split(",").map((value, index) => ({ value, index }));
+  return acceptValues.map(parseAcceptValue).filter((item) => Boolean(item)).sort(sortByQualityAndIndex).map(({ type, params, q }) => ({ type, params, q }));
+};
+var parseAcceptValueRegex = /;(?=(?:(?:[^"]*"){2})*[^"]*$)/;
+var parseAcceptValue = ({ value, index }) => {
+  const parts = value.trim().split(parseAcceptValueRegex).map((s) => s.trim());
+  const type = parts[0];
+  if (!type) {
+    return null;
+  }
+  const params = parseParams(parts.slice(1));
+  const q = parseQuality(params.q);
+  return { type, params, q, index };
+};
+var parseParams = (paramParts) => {
+  return paramParts.reduce((acc, param) => {
+    const [key, val] = param.split("=").map((s) => s.trim());
+    if (key && val) {
+      acc[key] = val;
+    }
+    return acc;
+  }, {});
+};
+var parseQuality = (qVal) => {
+  if (qVal === void 0) {
+    return 1;
+  }
+  if (qVal === "") {
+    return 1;
+  }
+  if (qVal === "NaN") {
+    return 0;
+  }
+  const num = Number(qVal);
+  if (num === Infinity) {
+    return 1;
+  }
+  if (num === -Infinity) {
+    return 0;
+  }
+  if (Number.isNaN(num)) {
+    return 1;
+  }
+  if (num < 0 || num > 1) {
+    return 1;
+  }
+  return num;
+};
+var sortByQualityAndIndex = (a, b) => {
+  const qDiff = b.q - a.q;
+  if (qDiff !== 0) {
+    return qDiff;
+  }
+  return a.index - b.index;
+};
+export {
+  parseAccept
+};

package/dist/utils/jwt/index.js

@@ -1,6 +1,6 @@
 // src/utils/jwt/index.ts
-import { decode, sign, verify } from "./jwt.js";
-var Jwt = { sign, verify, decode };
+import { decode, sign, verify, verifyFromJwks } from "./jwt.js";
+var Jwt = { sign, verify, decode, verifyFromJwks };
 export {
   Jwt
 };

package/dist/utils/jwt/jwt.js

@@ -4,6 +4,7 @@ import { AlgorithmTypes } from "./jwa.js";
 import { signing, verifying } from "./jws.js";
 import {
   JwtHeaderInvalid,
+  JwtHeaderRequiresKid,
   JwtTokenExpired,
   JwtTokenInvalid,
   JwtTokenIssuedAt,
@@ -23,7 +24,13 @@ function isTokenHeader(obj) {
 }
 var sign = async (payload, privateKey, alg = "HS256") => {
   const encodedPayload = encodeJwtPart(payload);
-  const encodedHeader = encodeJwtPart({ alg, typ: "JWT" });
+  let encodedHeader;
+  if (typeof privateKey === "object" && "alg" in privateKey) {
+    alg = privateKey.alg;
+    encodedHeader = encodeJwtPart({ alg, typ: "JWT", kid: privateKey.kid });
+  } else {
+    encodedHeader = encodeJwtPart({ alg, typ: "JWT" });
+  }
   const partialToken = `${encodedHeader}.${encodedPayload}`;
   const signaturePart = await signing(privateKey, alg, utf8Encoder.encode(partialToken));
   const signature = encodeSignaturePart(signaturePart);
@@ -60,6 +67,41 @@ var verify = async (token, publicKey, alg = "HS256") => {
   }
   return payload;
 };
+var verifyFromJwks = async (token, options, init) => {
+  const header = decodeHeader(token);
+  if (!isTokenHeader(header)) {
+    throw new JwtHeaderInvalid(header);
+  }
+  if (!header.kid) {
+    throw new JwtHeaderRequiresKid(header);
+  }
+  let keys = typeof options.keys === "function" ? await options.keys() : options.keys;
+  if (options.jwks_uri) {
+    const response = await fetch(options.jwks_uri, init);
+    if (!response.ok) {
+      throw new Error(`failed to fetch JWKS from ${options.jwks_uri}`);
+    }
+    const data = await response.json();
+    if (!data.keys) {
+      throw new Error('invalid JWKS response. "keys" field is missing');
+    }
+    if (!Array.isArray(data.keys)) {
+      throw new Error('invalid JWKS response. "keys" field is not an array');
+    }
+    if (keys) {
+      keys.push(...data.keys);
+    } else {
+      keys = data.keys;
+    }
+  } else if (!keys) {
+    throw new Error('verifyFromJwks requires options for either "keys" or "jwks_uri" or both');
+  }
+  const matchingKey = keys.find((key) => key.kid === header.kid);
+  if (!matchingKey) {
+    throw new JwtTokenInvalid(token);
+  }
+  return await verify(token, matchingKey, matchingKey.alg);
+};
 var decode = (token) => {
   try {
     const [h, p] = token.split(".");
@@ -73,9 +115,19 @@ var decode = (token) => {
     throw new JwtTokenInvalid(token);
   }
 };
+var decodeHeader = (token) => {
+  try {
+    const [h] = token.split(".");
+    return decodeJwtPart(h);
+  } catch {
+    throw new JwtTokenInvalid(token);
+  }
+};
 export {
   decode,
+  decodeHeader,
   isTokenHeader,
   sign,
-  verify
+  verify,
+  verifyFromJwks
 };

package/dist/utils/jwt/types.js

@@ -35,6 +35,12 @@ var JwtHeaderInvalid = class extends Error {
     this.name = "JwtHeaderInvalid";
   }
 };
+var JwtHeaderRequiresKid = class extends Error {
+  constructor(header) {
+    super(`required "kid" in jwt header: ${JSON.stringify(header)}`);
+    this.name = "JwtHeaderRequiresKid";
+  }
+};
 var JwtTokenSignatureMismatched = class extends Error {
   constructor(token) {
     super(`token(${token}) signature mismatched`);
@@ -56,6 +62,7 @@ export {
   CryptoKeyUsage,
   JwtAlgorithmNotImplemented,
   JwtHeaderInvalid,
+  JwtHeaderRequiresKid,
   JwtTokenExpired,
   JwtTokenInvalid,
   JwtTokenIssuedAt,

package/dist/utils/url.js

@@ -33,20 +33,21 @@ var replaceGroupMarks = (paths, groups) => {
   return paths;
 };
 var patternCache = {};
-var getPattern = (label) => {
+var getPattern = (label, next) => {
   if (label === "*") {
     return "*";
   }
   const match = label.match(/^\:([^\{\}]+)(?:\{(.+)\})?$/);
   if (match) {
-    if (!patternCache[label]) {
+    const cacheKey = `${label}#${next}`;
+    if (!patternCache[cacheKey]) {
       if (match[2]) {
-        patternCache[label] = [label, match[1], new RegExp("^" + match[2] + "$")];
+        patternCache[cacheKey] = next && next[0] !== ":" && next[0] !== "*" ? [cacheKey, match[1], new RegExp(`^${match[2]}(?=/${next})`)] : [label, match[1], new RegExp(`^${match[2]}$`)];
       } else {
-        patternCache[label] = [label, match[1], true];
+        patternCache[cacheKey] = [label, match[1], true];
       }
     }
-    return patternCache[label];
+    return patternCache[cacheKey];
   }
   return null;
 };
@@ -88,27 +89,11 @@ var getPathNoStrict = (request) => {
   const result = getPath(request);
   return result.length > 1 && result.at(-1) === "/" ? result.slice(0, -1) : result;
 };
-var mergePath = (...paths) => {
-  let p = "";
-  let endsWithSlash = false;
-  for (let path of paths) {
-    if (p.at(-1) === "/") {
-      p = p.slice(0, -1);
-      endsWithSlash = true;
-    }
-    if (path[0] !== "/") {
-      path = `/${path}`;
-    }
-    if (path === "/" && endsWithSlash) {
-      p = `${p}/`;
-    } else if (path !== "/") {
-      p = `${p}${path}`;
-    }
-    if (path === "/" && p === "") {
-      p = "/";
-    }
+var mergePath = (base, sub, ...rest) => {
+  if (rest.length) {
+    sub = mergePath(sub, ...rest);
   }
-  return p;
+  return `${base?.[0] === "/" ? "" : "/"}${base}${sub === "/" ? "" : `${base?.at(-1) === "/" ? "" : "/"}${sub?.[0] === "/" ? sub.slice(1) : sub}`}`;
 };
 var checkOptionalParameter = (path) => {
   if (!path.match(/\:.+\?$/)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hono",
-  "version": "4.6.20",
+  "version": "4.7.1",
   "description": "Web framework built on Web Standards",
   "main": "dist/cjs/index.js",
   "type": "module",
@@ -204,6 +204,11 @@
       "import": "./dist/middleware/jwt/index.js",
       "require": "./dist/cjs/middleware/jwt/index.js"
     },
+    "./jwk": {
+      "types": "./dist/types/middleware/jwk/index.d.ts",
+      "import": "./dist/middleware/jwk/index.js",
+      "require": "./dist/cjs/middleware/jwk/index.js"
+    },
     "./timeout": {
       "types": "./dist/types/middleware/timeout/index.d.ts",
       "import": "./dist/middleware/timeout/index.js",
@@ -239,6 +244,11 @@
       "import": "./dist/middleware/request-id/index.js",
       "require": "./dist/cjs/middleware/request-id/index.js"
     },
+    "./language": {
+      "types": "./dist/types/middleware/language/index.d.ts",
+      "import": "./dist/middleware/language/index.js",
+      "require": "./dist/cjs/middleware/language/index.js"
+    },
     "./secure-headers": {
       "types": "./dist/types/middleware/secure-headers/index.d.ts",
       "import": "./dist/middleware/secure-headers/index.js",
@@ -388,6 +398,11 @@
       "types": "./dist/types/helper/conninfo/index.d.ts",
       "import": "./dist/helper/conninfo/index.js",
       "require": "./dist/cjs/helper/conninfo/index.js"
+    },
+    "./proxy": {
+      "types": "./dist/types/helper/proxy/index.d.ts",
+      "import": "./dist/helper/proxy/index.js",
+      "require": "./dist/cjs/helper/proxy/index.js"
     }
   },
   "typesVersions": {
@@ -506,6 +521,9 @@
       "request-id": [
         "./dist/types/middleware/request-id"
       ],
+      "language": [
+        "./dist/types/middleware/language"
+      ],
       "streaming": [
         "./dist/types/helper/streaming"
       ],
@@ -595,6 +613,9 @@
       ],
       "conninfo": [
         "./dist/types/helper/conninfo"
+      ],
+      "proxy": [
+        "./dist/types/helper/proxy"
       ]
     }
   },
@@ -632,7 +653,7 @@
     "@types/jsdom": "^21.1.7",
     "@types/node": "20.11.4",
     "@types/supertest": "^2.0.16",
-    "@vitest/coverage-v8": "^2.0.5",
+    "@vitest/coverage-v8": "^3.0.5",
     "arg": "^5.0.2",
     "bun-types": "^1.1.39",
     "esbuild": "^0.15.18",
@@ -646,7 +667,7 @@
     "supertest": "^6.3.4",
     "typescript": "^5.3.3",
     "vite-plugin-fastly-js-compute": "^0.4.2",
-    "vitest": "^2.0.5",
+    "vitest": "^3.0.5",
     "wrangler": "3.58.0",
     "ws": "^8.18.0",
     "zod": "^3.23.8"