ipx 0.9.3 → 0.9.7

package/dist/chunks/middleware.cjs

@@ -0,0 +1,589 @@
+'use strict';
+
+const defu = require('defu');
+const imageMeta = require('image-meta');
+const ufo = require('ufo');
+const fs = require('fs');
+const pathe = require('pathe');
+const http = require('http');
+const https = require('https');
+const ohmyfetch = require('ohmyfetch');
+const destr = require('destr');
+const getEtag = require('etag');
+const xss = require('xss');
+
+function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e["default"] : e; }
+
+const defu__default = /*#__PURE__*/_interopDefaultLegacy(defu);
+const http__default = /*#__PURE__*/_interopDefaultLegacy(http);
+const https__default = /*#__PURE__*/_interopDefaultLegacy(https);
+const destr__default = /*#__PURE__*/_interopDefaultLegacy(destr);
+const getEtag__default = /*#__PURE__*/_interopDefaultLegacy(getEtag);
+const xss__default = /*#__PURE__*/_interopDefaultLegacy(xss);
+
+const Handlers = {
+  __proto__: null,
+  get quality () { return quality; },
+  get fit () { return fit; },
+  get position () { return position; },
+  get background () { return background; },
+  get enlarge () { return enlarge; },
+  get width () { return width; },
+  get height () { return height; },
+  get resize () { return resize; },
+  get trim () { return trim; },
+  get extend () { return extend; },
+  get extract () { return extract; },
+  get rotate () { return rotate; },
+  get flip () { return flip; },
+  get flop () { return flop; },
+  get sharpen () { return sharpen; },
+  get median () { return median; },
+  get blur () { return blur; },
+  get flatten () { return flatten; },
+  get gamma () { return gamma; },
+  get negate () { return negate; },
+  get normalize () { return normalize; },
+  get threshold () { return threshold; },
+  get modulate () { return modulate; },
+  get tint () { return tint; },
+  get grayscale () { return grayscale; },
+  get crop () { return crop; },
+  get q () { return q; },
+  get b () { return b; },
+  get w () { return w; },
+  get h () { return h; },
+  get s () { return s; },
+  get pos () { return pos; }
+};
+
+function getEnv(name, defaultValue) {
+  return destr__default(process.env[name]) ?? defaultValue;
+}
+function cachedPromise(fn) {
+  let p;
+  return (...args) => {
+    if (p) {
+      return p;
+    }
+    p = Promise.resolve(fn(...args));
+    return p;
+  };
+}
+class IPXError extends Error {
+}
+function createError(statusMessage, statusCode, trace) {
+  const err = new IPXError(statusMessage + (trace ? ` (${trace})` : ""));
+  err.statusMessage = "IPX: " + statusMessage;
+  err.statusCode = statusCode;
+  return err;
+}
+
+const createFilesystemSource = (options) => {
+  const rootDir = pathe.resolve(options.dir);
+  return async (id) => {
+    const fsPath = pathe.resolve(pathe.join(rootDir, id));
+    if (!isValidPath(fsPath) || !fsPath.startsWith(rootDir)) {
+      throw createError("Forbidden path", 403, id);
+    }
+    let stats;
+    try {
+      stats = await fs.promises.stat(fsPath);
+    } catch (err) {
+      if (err.code === "ENOENT") {
+        throw createError("File not found", 404, fsPath);
+      } else {
+        throw createError("File access error " + err.code, 403, fsPath);
+      }
+    }
+    if (!stats.isFile()) {
+      throw createError("Path should be a file", 400, fsPath);
+    }
+    return {
+      mtime: stats.mtime,
+      maxAge: options.maxAge,
+      getData: cachedPromise(() => fs.promises.readFile(fsPath))
+    };
+  };
+};
+const isWindows = process.platform === "win32";
+function isValidPath(fp) {
+  if (isWindows) {
+    fp = fp.slice(pathe.parse(fp).root.length);
+  }
+  if (/[<>:"|?*]/.test(fp)) {
+    return false;
+  }
+  return true;
+}
+
+const createHTTPSource = (options) => {
+  const httpsAgent = new https__default.Agent({ keepAlive: true });
+  const httpAgent = new http__default.Agent({ keepAlive: true });
+  let domains = options.domains || [];
+  if (typeof domains === "string") {
+    domains = domains.split(",").map((s) => s.trim());
+  }
+  const hosts = domains.map((domain) => ufo.parseURL(domain, "https://").host);
+  return async (id, reqOptions) => {
+    const url = new URL(id);
+    if (!url.hostname) {
+      throw createError("Hostname is missing", 403, id);
+    }
+    if (!reqOptions?.bypassDomain && !hosts.find((host) => url.hostname === host)) {
+      throw createError("Forbidden host", 403, url.hostname);
+    }
+    const response = await ohmyfetch.fetch(id, {
+      agent: id.startsWith("https") ? httpsAgent : httpAgent,
+      ...options.fetchOptions
+    });
+    if (!response.ok) {
+      throw createError("Fetch error", response.status || 500, response.statusText);
+    }
+    let maxAge = options.maxAge;
+    const _cacheControl = response.headers.get("cache-control");
+    if (_cacheControl) {
+      const m = _cacheControl.match(/max-age=(\d+)/);
+      if (m && m[1]) {
+        maxAge = parseInt(m[1]);
+      }
+    }
+    let mtime;
+    const _lastModified = response.headers.get("last-modified");
+    if (_lastModified) {
+      mtime = new Date(_lastModified);
+    }
+    return {
+      mtime,
+      maxAge,
+      getData: cachedPromise(() => response.arrayBuffer().then((ab) => Buffer.from(ab)))
+    };
+  };
+};
+
+function VArg(arg) {
+  return destr__default(arg);
+}
+function parseArgs(args, mappers) {
+  const vargs = args.split("_");
+  return mappers.map((v, i) => v(vargs[i]));
+}
+function getHandler(key) {
+  return Handlers[key];
+}
+function applyHandler(ctx, pipe, handler, argsStr) {
+  const args = handler.args ? parseArgs(argsStr, handler.args) : [];
+  return handler.apply(ctx, pipe, ...args);
+}
+function clampDimensionsPreservingAspectRatio(sourceDimensions, desiredDimensions) {
+  const desiredAspectRatio = desiredDimensions.width / desiredDimensions.height;
+  let { width, height } = desiredDimensions;
+  if (width > sourceDimensions.width) {
+    width = sourceDimensions.width;
+    height = Math.round(sourceDimensions.width / desiredAspectRatio);
+  }
+  if (height > sourceDimensions.height) {
+    height = sourceDimensions.height;
+    width = Math.round(sourceDimensions.height * desiredAspectRatio);
+  }
+  return { width, height };
+}
+
+const quality = {
+  args: [VArg],
+  order: -1,
+  apply: (context, _pipe, quality2) => {
+    context.quality = quality2;
+  }
+};
+const fit = {
+  args: [VArg],
+  order: -1,
+  apply: (context, _pipe, fit2) => {
+    context.fit = fit2;
+  }
+};
+const position = {
+  args: [VArg],
+  order: -1,
+  apply: (context, _pipe, position2) => {
+    context.position = position2;
+  }
+};
+const HEX_RE = /^([a-f\d]{2})([a-f\d]{2})([a-f\d]{2})$/i;
+const SHORTHEX_RE = /^([a-f\d])([a-f\d])([a-f\d])$/i;
+const background = {
+  args: [VArg],
+  order: -1,
+  apply: (context, _pipe, background2) => {
+    background2 = String(background2);
+    if (!background2.startsWith("#") && (HEX_RE.test(background2) || SHORTHEX_RE.test(background2))) {
+      background2 = "#" + background2;
+    }
+    context.background = background2;
+  }
+};
+const enlarge = {
+  args: [],
+  apply: (context) => {
+    context.enlarge = true;
+  }
+};
+const width = {
+  args: [VArg],
+  apply: (context, pipe, width2) => {
+    return pipe.resize(width2, null, { withoutEnlargement: !context.enlarge });
+  }
+};
+const height = {
+  args: [VArg],
+  apply: (context, pipe, height2) => {
+    return pipe.resize(null, height2, { withoutEnlargement: !context.enlarge });
+  }
+};
+const resize = {
+  args: [VArg, VArg, VArg],
+  apply: (context, pipe, size) => {
+    let [width2, height2] = String(size).split("x").map((v) => Number(v));
+    if (!width2) {
+      return;
+    }
+    if (!height2) {
+      height2 = width2;
+    }
+    if (!context.enlarge) {
+      const clamped = clampDimensionsPreservingAspectRatio(context.meta, { width: width2, height: height2 });
+      width2 = clamped.width;
+      height2 = clamped.height;
+    }
+    return pipe.resize(width2, height2, {
+      fit: context.fit,
+      position: context.position,
+      background: context.background
+    });
+  }
+};
+const trim = {
+  args: [VArg],
+  apply: (_context, pipe, threshold2) => {
+    return pipe.trim(threshold2);
+  }
+};
+const extend = {
+  args: [VArg, VArg, VArg, VArg],
+  apply: (context, pipe, top, right, bottom, left) => {
+    return pipe.extend({
+      top,
+      left,
+      bottom,
+      right,
+      background: context.background
+    });
+  }
+};
+const extract = {
+  args: [VArg, VArg, VArg, VArg],
+  apply: (context, pipe, top, right, bottom, left) => {
+    return pipe.extend({
+      top,
+      left,
+      bottom,
+      right,
+      background: context.background
+    });
+  }
+};
+const rotate = {
+  args: [VArg],
+  apply: (context, pipe, angel) => {
+    return pipe.rotate(angel, {
+      background: context.background
+    });
+  }
+};
+const flip = {
+  args: [],
+  apply: (_context, pipe) => {
+    return pipe.flip();
+  }
+};
+const flop = {
+  args: [],
+  apply: (_context, pipe) => {
+    return pipe.flop();
+  }
+};
+const sharpen = {
+  args: [VArg, VArg, VArg],
+  apply: (_context, pipe, sigma, flat, jagged) => {
+    return pipe.sharpen(sigma, flat, jagged);
+  }
+};
+const median = {
+  args: [VArg, VArg, VArg],
+  apply: (_context, pipe, size) => {
+    return pipe.median(size);
+  }
+};
+const blur = {
+  args: [VArg, VArg, VArg],
+  apply: (_context, pipe) => {
+    return pipe.blur();
+  }
+};
+const flatten = {
+  args: [VArg, VArg, VArg],
+  apply: (context, pipe) => {
+    return pipe.flatten({
+      background: context.background
+    });
+  }
+};
+const gamma = {
+  args: [VArg, VArg, VArg],
+  apply: (_context, pipe, gamma2, gammaOut) => {
+    return pipe.gamma(gamma2, gammaOut);
+  }
+};
+const negate = {
+  args: [VArg, VArg, VArg],
+  apply: (_context, pipe) => {
+    return pipe.negate();
+  }
+};
+const normalize = {
+  args: [VArg, VArg, VArg],
+  apply: (_context, pipe) => {
+    return pipe.normalize();
+  }
+};
+const threshold = {
+  args: [VArg],
+  apply: (_context, pipe, threshold2) => {
+    return pipe.threshold(threshold2);
+  }
+};
+const modulate = {
+  args: [VArg],
+  apply: (_context, pipe, brightness, saturation, hue) => {
+    return pipe.modulate({
+      brightness,
+      saturation,
+      hue
+    });
+  }
+};
+const tint = {
+  args: [VArg],
+  apply: (_context, pipe, rgb) => {
+    return pipe.tint(rgb);
+  }
+};
+const grayscale = {
+  args: [VArg],
+  apply: (_context, pipe) => {
+    return pipe.grayscale();
+  }
+};
+const crop = extract;
+const q = quality;
+const b = background;
+const w = width;
+const h = height;
+const s = resize;
+const pos = position;
+
+const SUPPORTED_FORMATS = ["jpeg", "png", "webp", "avif", "tiff", "gif"];
+function createIPX(userOptions) {
+  const defaults = {
+    dir: getEnv("IPX_DIR", "."),
+    domains: getEnv("IPX_DOMAINS", []),
+    alias: getEnv("IPX_ALIAS", {}),
+    fetchOptions: getEnv("IPX_FETCH_OPTIONS", {}),
+    maxAge: getEnv("IPX_MAX_AGE", 300),
+    sharp: {}
+  };
+  const options = defu__default(userOptions, defaults);
+  options.alias = Object.fromEntries(Object.entries(options.alias).map((e) => [ufo.withLeadingSlash(e[0]), e[1]]));
+  const ctx = {
+    sources: {}
+  };
+  if (options.dir) {
+    ctx.sources.filesystem = createFilesystemSource({
+      dir: options.dir,
+      maxAge: options.maxAge
+    });
+  }
+  if (options.domains) {
+    ctx.sources.http = createHTTPSource({
+      domains: options.domains,
+      fetchOptions: options.fetchOptions,
+      maxAge: options.maxAge
+    });
+  }
+  return function ipx(id, modifiers = {}, reqOptions = {}) {
+    if (!id) {
+      throw createError("resource id is missing", 400);
+    }
+    id = ufo.hasProtocol(id) ? id : ufo.withLeadingSlash(id);
+    for (const base in options.alias) {
+      if (id.startsWith(base)) {
+        id = ufo.joinURL(options.alias[base], id.substr(base.length));
+      }
+    }
+    const getSrc = cachedPromise(() => {
+      const source = ufo.hasProtocol(id) ? "http" : "filesystem";
+      if (!ctx.sources[source]) {
+        throw createError("Unknown source", 400, source);
+      }
+      return ctx.sources[source](id, reqOptions);
+    });
+    const getData = cachedPromise(async () => {
+      const src = await getSrc();
+      const data = await src.getData();
+      const meta = imageMeta.imageMeta(data);
+      const mFormat = modifiers.f || modifiers.format;
+      let format = mFormat || meta.type;
+      if (format === "jpg") {
+        format = "jpeg";
+      }
+      if (meta.type === "svg" && !mFormat) {
+        return {
+          data,
+          format: "svg+xml",
+          meta
+        };
+      }
+      const animated = modifiers.animated !== void 0 || modifiers.a !== void 0 || format === "gif";
+      const Sharp = await import('sharp').then((r) => r.default || r);
+      let sharp = Sharp(data, { animated });
+      Object.assign(sharp.options, options.sharp);
+      const handlers = Object.entries(modifiers).map(([name, args]) => ({ handler: getHandler(name), name, args })).filter((h) => h.handler).sort((a, b) => {
+        const aKey = (a.handler.order || a.name || "").toString();
+        const bKey = (b.handler.order || b.name || "").toString();
+        return aKey.localeCompare(bKey);
+      });
+      const handlerCtx = { meta };
+      for (const h of handlers) {
+        sharp = applyHandler(handlerCtx, sharp, h.handler, h.args) || sharp;
+      }
+      if (SUPPORTED_FORMATS.includes(format)) {
+        sharp = sharp.toFormat(format, {
+          quality: handlerCtx.quality,
+          progressive: format === "jpeg"
+        });
+      }
+      const newData = await sharp.toBuffer();
+      return {
+        data: newData,
+        format,
+        meta
+      };
+    });
+    return {
+      src: getSrc,
+      data: getData
+    };
+  };
+}
+
+const MODIFIER_SEP = /[,&]/g;
+const MODIFIER_VAL_SEP = /[_=:]/g;
+async function _handleRequest(req, ipx) {
+  const res = {
+    statusCode: 200,
+    statusMessage: "",
+    headers: {},
+    body: ""
+  };
+  const [modifiersStr = "", ...idSegments] = req.url.substring(1).split("/");
+  const id = safeString(ufo.decode(idSegments.join("/")));
+  if (!modifiersStr) {
+    throw createError("Modifiers are missing", 400, req.url);
+  }
+  if (!id || id === "/") {
+    throw createError("Resource id is missing", 400, req.url);
+  }
+  const modifiers = /* @__PURE__ */ Object.create(null);
+  if (modifiersStr !== "_") {
+    for (const p of modifiersStr.split(MODIFIER_SEP)) {
+      const [key, value = ""] = p.split(MODIFIER_VAL_SEP);
+      modifiers[safeString(key)] = safeString(ufo.decode(value));
+    }
+  }
+  const img = ipx(id, modifiers, req.options);
+  const src = await img.src();
+  if (src.mtime) {
+    if (req.headers["if-modified-since"]) {
+      if (new Date(req.headers["if-modified-since"]) >= src.mtime) {
+        res.statusCode = 304;
+        return res;
+      }
+    }
+    res.headers["Last-Modified"] = +src.mtime + "";
+  }
+  if (typeof src.maxAge === "number") {
+    res.headers["Cache-Control"] = `max-age=${+src.maxAge}, public, s-maxage=${+src.maxAge}`;
+  }
+  const { data, format } = await img.data();
+  const etag = getEtag__default(data);
+  res.headers.ETag = etag;
+  if (etag && req.headers["if-none-match"] === etag) {
+    res.statusCode = 304;
+    return res;
+  }
+  if (format) {
+    res.headers["Content-Type"] = `image/${format}`;
+  }
+  res.body = data;
+  return sanetizeReponse(res);
+}
+function handleRequest(req, ipx) {
+  return _handleRequest(req, ipx).catch((err) => {
+    const statusCode = parseInt(err.statusCode) || 500;
+    const statusMessage = err.statusMessage ? err.statusMessage : `IPX Error (${statusCode})`;
+    if (process.env.NODE_ENV !== "production" && statusCode === 500) {
+      console.error(err);
+    }
+    return sanetizeReponse({
+      statusCode,
+      statusMessage,
+      body: "IPX Error: " + err,
+      headers: {}
+    });
+  });
+}
+function createIPXMiddleware(ipx) {
+  return function IPXMiddleware(req, res) {
+    handleRequest({ url: req.url, headers: req.headers }, ipx).then((_res) => {
+      res.statusCode = _res.statusCode;
+      res.statusMessage = _res.statusMessage;
+      for (const name in _res.headers) {
+        res.setHeader(name, _res.headers[name]);
+      }
+      res.end(_res.body);
+    });
+  };
+}
+function sanetizeReponse(res) {
+  return {
+    statusCode: res.statusCode || 200,
+    statusMessage: res.statusMessage ? safeString(res.statusMessage) : "OK",
+    headers: safeStringObject(res.headers || {}),
+    body: typeof res.body === "string" ? xss__default(safeString(res.body)) : res.body || ""
+  };
+}
+function safeString(input) {
+  return JSON.stringify(input).replace(/^"|"$/g, "");
+}
+function safeStringObject(input) {
+  const dst = {};
+  for (const key in input) {
+    dst[key] = safeString(input[key]);
+  }
+  return dst;
+}
+
+exports.createIPX = createIPX;
+exports.createIPXMiddleware = createIPXMiddleware;
+exports.handleRequest = handleRequest;

package/dist/chunks/middleware.mjs

@@ -2,8 +2,7 @@ import defu from 'defu';
 import { imageMeta } from 'image-meta';
 import { parseURL, withLeadingSlash, hasProtocol, joinURL, decode } from 'ufo';
 import { promises } from 'fs';
-import { resolve, join } from 'pathe';
-import isValidPath from 'is-valid-path';
+import { resolve, join, parse } from 'pathe';
 import http from 'http';
 import https from 'https';
 import { fetch } from 'ohmyfetch';
@@ -62,9 +61,9 @@ function cachedPromise(fn) {
 }
 class IPXError extends Error {
 }
-function createError(message, statusCode) {
-  const err = new IPXError(message);
-  err.statusMessage = "IPX: " + message;
+function createError(statusMessage, statusCode, trace) {
+  const err = new IPXError(statusMessage + (trace ? ` (${trace})` : ""));
+  err.statusMessage = "IPX: " + statusMessage;
   err.statusCode = statusCode;
   return err;
 }
@@ -73,29 +72,39 @@ const createFilesystemSource = (options) => {
   const rootDir = resolve(options.dir);
   return async (id) => {
     const fsPath = resolve(join(rootDir, id));
-    if (!isValidPath(id) || id.includes("..") || !fsPath.startsWith(rootDir)) {
-      throw createError("Forbidden path:" + id, 403);
+    if (!isValidPath(fsPath) || !fsPath.startsWith(rootDir)) {
+      throw createError("Forbidden path", 403, id);
     }
     let stats;
     try {
       stats = await promises.stat(fsPath);
     } catch (err) {
       if (err.code === "ENOENT") {
-        throw createError("File not found: " + fsPath, 404);
+        throw createError("File not found", 404, fsPath);
       } else {
-        throw createError("File access error for " + fsPath + ":" + err.code, 403);
+        throw createError("File access error " + err.code, 403, fsPath);
       }
     }
     if (!stats.isFile()) {
-      throw createError("Path should be a file: " + fsPath, 400);
+      throw createError("Path should be a file", 400, fsPath);
     }
     return {
       mtime: stats.mtime,
-      maxAge: options.maxAge || 300,
+      maxAge: options.maxAge,
       getData: cachedPromise(() => promises.readFile(fsPath))
     };
   };
 };
+const isWindows = process.platform === "win32";
+function isValidPath(fp) {
+  if (isWindows) {
+    fp = fp.slice(parse(fp).root.length);
+  }
+  if (/[<>:"|?*]/.test(fp)) {
+    return false;
+  }
+  return true;
+}
 
 const createHTTPSource = (options) => {
   const httpsAgent = new https.Agent({ keepAlive: true });
@@ -108,18 +117,19 @@ const createHTTPSource = (options) => {
   return async (id, reqOptions) => {
     const url = new URL(id);
     if (!url.hostname) {
-      throw createError("Hostname is missing: " + id, 403);
+      throw createError("Hostname is missing", 403, id);
     }
     if (!reqOptions?.bypassDomain && !hosts.find((host) => url.hostname === host)) {
-      throw createError("Forbidden host: " + url.hostname, 403);
+      throw createError("Forbidden host", 403, url.hostname);
     }
     const response = await fetch(id, {
-      agent: id.startsWith("https") ? httpsAgent : httpAgent
+      agent: id.startsWith("https") ? httpsAgent : httpAgent,
+      ...options.fetchOptions
     });
     if (!response.ok) {
-      throw createError(response.statusText || "fetch error", response.status || 500);
+      throw createError("Fetch error", response.status || 500, response.statusText);
     }
-    let maxAge = options.maxAge || 300;
+    let maxAge = options.maxAge;
     const _cacheControl = response.headers.get("cache-control");
     if (_cacheControl) {
       const m = _cacheControl.match(/max-age=(\d+)/);
@@ -135,7 +145,7 @@ const createHTTPSource = (options) => {
     return {
       mtime,
       maxAge,
-      getData: cachedPromise(() => response.buffer())
+      getData: cachedPromise(() => response.arrayBuffer().then((ab) => Buffer.from(ab)))
     };
   };
 };
@@ -372,12 +382,14 @@ const h = height;
 const s = resize;
 const pos = position;
 
-const SUPPORTED_FORMATS = ["jpeg", "png", "webp", "avif", "tiff"];
+const SUPPORTED_FORMATS = ["jpeg", "png", "webp", "avif", "tiff", "gif"];
 function createIPX(userOptions) {
   const defaults = {
     dir: getEnv("IPX_DIR", "."),
     domains: getEnv("IPX_DOMAINS", []),
     alias: getEnv("IPX_ALIAS", {}),
+    fetchOptions: getEnv("IPX_FETCH_OPTIONS", {}),
+    maxAge: getEnv("IPX_MAX_AGE", 300),
     sharp: {}
   };
   const options = defu(userOptions, defaults);
@@ -387,12 +399,15 @@ function createIPX(userOptions) {
   };
   if (options.dir) {
     ctx.sources.filesystem = createFilesystemSource({
-      dir: options.dir
+      dir: options.dir,
+      maxAge: options.maxAge
     });
   }
   if (options.domains) {
     ctx.sources.http = createHTTPSource({
-      domains: options.domains
+      domains: options.domains,
+      fetchOptions: options.fetchOptions,
+      maxAge: options.maxAge
     });
   }
   return function ipx(id, modifiers = {}, reqOptions = {}) {
@@ -408,7 +423,7 @@ function createIPX(userOptions) {
     const getSrc = cachedPromise(() => {
       const source = hasProtocol(id) ? "http" : "filesystem";
       if (!ctx.sources[source]) {
-        throw createError("Unknown source: " + source, 400);
+        throw createError("Unknown source", 400, source);
       }
       return ctx.sources[source](id, reqOptions);
     });
@@ -428,10 +443,7 @@ function createIPX(userOptions) {
           meta
         };
       }
-      const animated = modifiers.animated !== void 0 || modifiers.a !== void 0;
-      if (animated) {
-        format = "webp";
-      }
+      const animated = modifiers.animated !== void 0 || modifiers.a !== void 0 || format === "gif";
       const Sharp = await import('sharp').then((r) => r.default || r);
       let sharp = Sharp(data, { animated });
       Object.assign(sharp.options, options.sharp);
@@ -464,6 +476,8 @@ function createIPX(userOptions) {
   };
 }
 
+const MODIFIER_SEP = /[,&]/g;
+const MODIFIER_VAL_SEP = /[_=:]/g;
 async function _handleRequest(req, ipx) {
   const res = {
     statusCode: 200,
@@ -471,19 +485,19 @@ async function _handleRequest(req, ipx) {
     headers: {},
     body: ""
   };
-  const [modifiersStr = "", ...idSegments] = req.url.substr(1).split("/");
-  const id = decode(idSegments.join("/"));
+  const [modifiersStr = "", ...idSegments] = req.url.substring(1).split("/");
+  const id = safeString(decode(idSegments.join("/")));
   if (!modifiersStr) {
-    throw createError("Modifiers is missing in path: " + req.url, 400);
+    throw createError("Modifiers are missing", 400, req.url);
   }
   if (!id || id === "/") {
-    throw createError("Resource id is missing: " + req.url, 400);
+    throw createError("Resource id is missing", 400, req.url);
   }
   const modifiers = /* @__PURE__ */ Object.create(null);
   if (modifiersStr !== "_") {
-    for (const p of modifiersStr.split(",")) {
-      const [key, value = ""] = p.split("_");
-      modifiers[key] = decode(value);
+    for (const p of modifiersStr.split(MODIFIER_SEP)) {
+      const [key, value = ""] = p.split(MODIFIER_VAL_SEP);
+      modifiers[safeString(key)] = safeString(decode(value));
     }
   }
   const img = ipx(id, modifiers, req.options);
@@ -497,7 +511,7 @@ async function _handleRequest(req, ipx) {
     }
     res.headers["Last-Modified"] = +src.mtime + "";
   }
-  if (src.maxAge !== void 0) {
+  if (typeof src.maxAge === "number") {
     res.headers["Cache-Control"] = `max-age=${+src.maxAge}, public, s-maxage=${+src.maxAge}`;
   }
   const { data, format } = await img.data();
@@ -511,21 +525,21 @@ async function _handleRequest(req, ipx) {
     res.headers["Content-Type"] = `image/${format}`;
   }
   res.body = data;
-  return res;
+  return sanetizeReponse(res);
 }
 function handleRequest(req, ipx) {
   return _handleRequest(req, ipx).catch((err) => {
     const statusCode = parseInt(err.statusCode) || 500;
-    const statusMessage = err.statusMessage ? xss(err.statusMessage) : `IPX Error (${statusCode})`;
+    const statusMessage = err.statusMessage ? err.statusMessage : `IPX Error (${statusCode})`;
     if (process.env.NODE_ENV !== "production" && statusCode === 500) {
       console.error(err);
     }
-    return {
+    return sanetizeReponse({
       statusCode,
       statusMessage,
-      body: statusMessage,
+      body: "IPX Error: " + err,
       headers: {}
-    };
+    });
   });
 }
 function createIPXMiddleware(ipx) {
@@ -540,5 +554,23 @@ function createIPXMiddleware(ipx) {
     });
   };
 }
+function sanetizeReponse(res) {
+  return {
+    statusCode: res.statusCode || 200,
+    statusMessage: res.statusMessage ? safeString(res.statusMessage) : "OK",
+    headers: safeStringObject(res.headers || {}),
+    body: typeof res.body === "string" ? xss(safeString(res.body)) : res.body || ""
+  };
+}
+function safeString(input) {
+  return JSON.stringify(input).replace(/^"|"$/g, "");
+}
+function safeStringObject(input) {
+  const dst = {};
+  for (const key in input) {
+    dst[key] = safeString(input[key]);
+  }
+  return dst;
+}
 
 export { createIPXMiddleware as a, createIPX as c, handleRequest as h };

package/dist/cli.cjs

@@ -0,0 +1,32 @@
+'use strict';
+
+const consola = require('consola');
+const listhen = require('listhen');
+const middleware = require('./chunks/middleware.cjs');
+require('defu');
+require('image-meta');
+require('ufo');
+require('fs');
+require('pathe');
+require('http');
+require('https');
+require('ohmyfetch');
+require('destr');
+require('etag');
+require('xss');
+
+function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e["default"] : e; }
+
+const consola__default = /*#__PURE__*/_interopDefaultLegacy(consola);
+
+async function main() {
+  const ipx = middleware.createIPX({});
+  const middleware$1 = middleware.createIPXMiddleware(ipx);
+  await listhen.listen(middleware$1, {
+    clipboard: false
+  });
+}
+main().catch((err) => {
+  consola__default.error(err);
+  process.exit(1);
+});

package/dist/cli.mjs

@@ -6,7 +6,6 @@ import 'image-meta';
 import 'ufo';
 import 'fs';
 import 'pathe';
-import 'is-valid-path';
 import 'http';
 import 'https';
 import 'ohmyfetch';

package/dist/index.cjs

@@ -0,0 +1,22 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+const middleware = require('./chunks/middleware.cjs');
+require('defu');
+require('image-meta');
+require('ufo');
+require('fs');
+require('pathe');
+require('http');
+require('https');
+require('ohmyfetch');
+require('destr');
+require('etag');
+require('xss');
+
+
+
+exports.createIPX = middleware.createIPX;
+exports.createIPXMiddleware = middleware.createIPXMiddleware;
+exports.handleRequest = middleware.handleRequest;

package/dist/index.d.ts

@@ -6,7 +6,7 @@ interface SourceData {
     getData: () => Promise<Buffer>;
 }
 declare type Source = (src: string, reqOptions?: any) => Promise<SourceData>;
-declare type SourceFactory = (options?: any) => Source;
+declare type SourceFactory<T = Record<string, any>> = (options: T) => Source;
 
 interface ImageMeta {
     width: number;
@@ -27,8 +27,10 @@ declare type IPX = (id: string, modifiers?: Record<string, string>, reqOptions?:
 };
 interface IPXOptions {
     dir?: false | string;
+    maxAge?: number;
     domains?: false | string[];
     alias: Record<string, string>;
+    fetchOptions: RequestInit;
     sharp?: {
         [key: string]: any;
     };

package/dist/index.mjs

@@ -4,7 +4,6 @@ import 'image-meta';
 import 'ufo';
 import 'fs';
 import 'pathe';
-import 'is-valid-path';
 import 'http';
 import 'https';
 import 'ohmyfetch';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ipx",
-  "version": "0.9.3",
+  "version": "0.9.7",
   "repository": "unjs/ipx",
   "license": "MIT",
   "exports": {
@@ -9,51 +9,50 @@
       "import": "./dist/index.mjs"
     }
   },
-  "main": "dist/index.cjs",
-  "module": "dist/index.mjs",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.mjs",
   "types": "./dist/index.d.ts",
   "bin": "./bin/ipx.mjs",
   "files": [
     "dist",
     "bin"
   ],
-  "scripts": {
-    "build": "unbuild",
-    "dev": "nodemon",
-    "lint": "eslint --ext .ts .",
-    "prepack": "yarn build",
-    "release": "yarn test && standard-version && git push --follow-tags && npm publish",
-    "start": "node bin/ipx.js",
-    "test": "yarn lint && jest"
-  },
   "dependencies": {
     "consola": "^2.15.3",
-    "defu": "^5.0.1",
-    "destr": "^1.1.0",
+    "defu": "^6.0.0",
+    "destr": "^1.1.1",
     "etag": "^1.8.1",
     "image-meta": "^0.1.1",
-    "is-valid-path": "^0.1.1",
-    "listhen": "^0.2.6",
-    "ohmyfetch": "^0.4.15",
-    "pathe": "^0.2.0",
-    "sharp": "^0.30.1",
-    "ufo": "^0.7.10",
-    "xss": "^1.0.10"
+    "listhen": "^0.2.13",
+    "ohmyfetch": "^0.4.18",
+    "pathe": "^0.3.0",
+    "sharp": "^0.30.7",
+    "ufo": "^0.8.4",
+    "xss": "^1.0.13"
   },
   "devDependencies": {
     "@nuxtjs/eslint-config-typescript": "latest",
     "@types/etag": "latest",
     "@types/is-valid-path": "latest",
-    "@types/jest": "latest",
     "@types/node-fetch": "latest",
     "@types/sharp": "latest",
+    "c8": "latest",
     "eslint": "latest",
-    "jest": "latest",
     "jiti": "latest",
     "nodemon": "latest",
+    "serve-handler": "^6.1.3",
     "standard-version": "latest",
-    "ts-jest": "latest",
     "typescript": "latest",
-    "unbuild": "latest"
+    "unbuild": "latest",
+    "vitest": "latest"
+  },
+  "packageManager": "pnpm@7.3.0",
+  "scripts": {
+    "build": "unbuild",
+    "dev": "nodemon",
+    "lint": "eslint --ext .ts .",
+    "release": "pnpm test && standard-version && git push --follow-tags && pnpm publish",
+    "start": "node bin/ipx.js",
+    "test": "pnpm lint && vitest run --coverage"
   }
-}
+}