next-form-request 0.1.1 → 2.0.0

package/dist/index.mjs

@@ -1,3 +1,5 @@
+import { z } from 'zod';
+
 // src/core/types.ts
 function isAppRouterRequest(request) {
   return "headers" in request && request.headers instanceof Headers;
@@ -62,6 +64,225 @@ var AuthorizationError = class _AuthorizationError extends Error {
   }
 };
 
+// src/utils/rateLimit.ts
+var MemoryRateLimitStore = class {
+  constructor() {
+    this.store = /* @__PURE__ */ new Map();
+  }
+  async get(key) {
+    const state = this.store.get(key);
+    if (!state) return null;
+    if (Date.now() > state.resetAt) {
+      this.store.delete(key);
+      return null;
+    }
+    return state;
+  }
+  async set(key, state, _ttlMs) {
+    this.store.set(key, state);
+    if (this.store.size > 1e3) {
+      this.cleanup();
+    }
+  }
+  async increment(key, windowMs) {
+    const now = Date.now();
+    const existing = this.store.get(key);
+    if (!existing || now > existing.resetAt) {
+      const state = {
+        count: 1,
+        resetAt: now + windowMs
+      };
+      this.store.set(key, state);
+      return state;
+    }
+    existing.count++;
+    return existing;
+  }
+  cleanup() {
+    const now = Date.now();
+    for (const [key, state] of this.store.entries()) {
+      if (now > state.resetAt) {
+        this.store.delete(key);
+      }
+    }
+  }
+};
+var defaultStore = new MemoryRateLimitStore();
+function setDefaultRateLimitStore(store) {
+  defaultStore = store;
+}
+function getClientIp(request) {
+  if ("headers" in request && request.headers instanceof Headers) {
+    return request.headers.get("x-forwarded-for")?.split(",")[0]?.trim() || request.headers.get("x-real-ip") || "unknown";
+  }
+  const req = request;
+  const forwarded = req.headers["x-forwarded-for"];
+  if (typeof forwarded === "string") {
+    return forwarded.split(",")[0]?.trim() || "unknown";
+  }
+  if (Array.isArray(forwarded)) {
+    return forwarded[0]?.split(",")[0]?.trim() || "unknown";
+  }
+  const realIp = req.headers["x-real-ip"];
+  if (typeof realIp === "string") {
+    return realIp;
+  }
+  const socket = req.socket;
+  return socket?.remoteAddress || "unknown";
+}
+async function checkRateLimit(request, config) {
+  const { maxAttempts, windowMs, key, store = defaultStore, skip } = config;
+  if (skip && await skip(request)) {
+    return {
+      allowed: true,
+      remaining: maxAttempts,
+      limit: maxAttempts,
+      resetAt: Date.now() + windowMs,
+      retryAfter: 0
+    };
+  }
+  const rateLimitKey = key ? await key(request) : getClientIp(request);
+  const fullKey = `ratelimit:${rateLimitKey}`;
+  const state = await store.increment(fullKey, windowMs);
+  const allowed = state.count <= maxAttempts;
+  const remaining = Math.max(0, maxAttempts - state.count);
+  const retryAfter = allowed ? 0 : Math.ceil((state.resetAt - Date.now()) / 1e3);
+  return {
+    allowed,
+    remaining,
+    limit: maxAttempts,
+    resetAt: state.resetAt,
+    retryAfter
+  };
+}
+var RateLimitError = class extends Error {
+  constructor(result, message) {
+    super(message || `Rate limit exceeded. Retry after ${result.retryAfter} seconds.`);
+    this.name = "RateLimitError";
+    this.retryAfter = result.retryAfter;
+    this.remaining = result.remaining;
+    this.limit = result.limit;
+    this.resetAt = result.resetAt;
+  }
+  /**
+   * Get headers to send with the rate limit response
+   */
+  getHeaders() {
+    return {
+      "X-RateLimit-Limit": String(this.limit),
+      "X-RateLimit-Remaining": String(this.remaining),
+      "X-RateLimit-Reset": String(this.resetAt),
+      "Retry-After": String(this.retryAfter)
+    };
+  }
+};
+function rateLimit(config) {
+  return {
+    key: getClientIp,
+    ...config
+  };
+}
+
+// src/utils/coerce.ts
+var defaultOptions = {
+  booleans: true,
+  numbers: true,
+  dates: true,
+  nulls: true,
+  emptyStrings: false,
+  json: false
+};
+function isIsoDateString(value) {
+  const isoDateRegex = /^\d{4}-\d{2}-\d{2}(T\d{2}:\d{2}:\d{2}(\.\d{1,3})?(Z|[+-]\d{2}:?\d{2})?)?$/;
+  return isoDateRegex.test(value);
+}
+function isNumericString(value) {
+  if (value === "" || value === null) return false;
+  if (/^0\d/.test(value)) return false;
+  if (value.length > 15) return false;
+  return !isNaN(Number(value)) && isFinite(Number(value));
+}
+function coerceValue(value, options) {
+  if (typeof value !== "string") {
+    return value;
+  }
+  if (options.emptyStrings && value === "") {
+    return void 0;
+  }
+  if (options.nulls && value === "null") {
+    return null;
+  }
+  if (options.booleans) {
+    const lower = value.toLowerCase();
+    if (lower === "true") return true;
+    if (lower === "false") return false;
+  }
+  if (options.dates && isIsoDateString(value)) {
+    const date = new Date(value);
+    if (!isNaN(date.getTime())) {
+      return date;
+    }
+  }
+  if (options.numbers && isNumericString(value)) {
+    return Number(value);
+  }
+  if (options.json) {
+    const trimmed = value.trim();
+    if (trimmed.startsWith("{") && trimmed.endsWith("}") || trimmed.startsWith("[") && trimmed.endsWith("]")) {
+      try {
+        return JSON.parse(value);
+      } catch {
+      }
+    }
+  }
+  return value;
+}
+function coerceObject(data, options, path = "") {
+  const result = {};
+  for (const [key, value] of Object.entries(data)) {
+    const fieldPath = path ? `${path}.${key}` : key;
+    if (options.fields && options.fields[fieldPath]) {
+      result[key] = options.fields[fieldPath](value);
+      continue;
+    }
+    if (Array.isArray(value)) {
+      result[key] = value.map((item, index) => {
+        if (item !== null && typeof item === "object" && !Array.isArray(item)) {
+          return coerceObject(item, options, `${fieldPath}.${index}`);
+        }
+        return coerceValue(item, options);
+      });
+    } else if (value !== null && typeof value === "object") {
+      result[key] = coerceObject(value, options, fieldPath);
+    } else {
+      result[key] = coerceValue(value, options);
+    }
+  }
+  return result;
+}
+function coerceFormData(data, options = {}) {
+  const mergedOptions = { ...defaultOptions, ...options };
+  return coerceObject(data, mergedOptions);
+}
+function zodCoerce(options = {}) {
+  return (data) => {
+    if (data !== null && typeof data === "object" && !Array.isArray(data)) {
+      return coerceFormData(data, options);
+    }
+    return data;
+  };
+}
+var coercionPresets = {
+  /** Coerce all supported types */
+  all: { booleans: true, numbers: true, dates: true, nulls: true, emptyStrings: true, json: true },
+  /** Only coerce booleans and numbers (safest) */
+  safe: { booleans: true, numbers: true, dates: false, nulls: false, emptyStrings: false, json: false },
+  /** Coerce booleans, numbers, and dates */
+  standard: { booleans: true, numbers: true, dates: true, nulls: false, emptyStrings: false, json: false },
+  /** No coercion */
+  none: { booleans: false, numbers: false, dates: false, nulls: false, emptyStrings: false, json: false }
+};
+
 // src/core/FormRequest.ts
 var FormRequest = class {
   constructor() {
@@ -102,6 +323,42 @@ var FormRequest = class {
   authorize() {
     return true;
   }
+  /**
+   * Define rate limiting for this request.
+   * Override this method to add rate limiting.
+   *
+   * @example
+   * ```typescript
+   * rateLimit() {
+   *   return {
+   *     maxAttempts: 5,
+   *     windowMs: 60000, // 1 minute
+   *     key: (req) => this.input('email') || 'anonymous',
+   *   };
+   * }
+   * ```
+   */
+  rateLimit() {
+    return null;
+  }
+  /**
+   * Define coercion options for form data.
+   * Override this method to enable automatic type coercion.
+   *
+   * @example
+   * ```typescript
+   * coercion() {
+   *   return {
+   *     booleans: true,  // "true" → true
+   *     numbers: true,   // "123" → 123
+   *     dates: true,     // "2024-01-01" → Date
+   *   };
+   * }
+   * ```
+   */
+  coercion() {
+    return null;
+  }
   /**
    * Called before validation runs.
    * Use this to normalize or transform input data.
@@ -243,15 +500,27 @@ var FormRequest = class {
    * Run validation and return the validated data.
    * Throws ValidationError if validation fails.
    * Throws AuthorizationError if authorization fails.
+   * Throws RateLimitError if rate limit is exceeded.
    *
    * @returns The validated data with full type inference
    */
   async validate() {
+    const rateLimitConfig = this.rateLimit();
+    if (rateLimitConfig) {
+      const result2 = await checkRateLimit(this.request, rateLimitConfig);
+      if (!result2.allowed) {
+        throw new RateLimitError(result2, rateLimitConfig.message);
+      }
+    }
     const isAuthorized = await this.authorize();
     if (!isAuthorized) {
       await this.onAuthorizationFailed();
       throw new AuthorizationError();
     }
+    const coercionOptions = this.coercion();
+    if (coercionOptions) {
+      this.body = coerceFormData(this.body, coercionOptions);
+    }
     await this.beforeValidation();
     const validator = this.rules();
     const result = await validator.validate(this.getDataForValidation(), {
@@ -430,6 +699,59 @@ function createPagesRouterWrapper(options) {
   };
 }
 
+// src/middleware/withSchema.ts
+async function parseRequestBody(request) {
+  const contentType = request.headers.get("content-type") || "";
+  if (contentType.includes("application/json")) {
+    try {
+      return await request.json();
+    } catch {
+      return {};
+    }
+  }
+  if (contentType.includes("application/x-www-form-urlencoded") || contentType.includes("multipart/form-data")) {
+    try {
+      const formData = await request.formData();
+      const data = {};
+      formData.forEach((value, key) => {
+        if (data[key]) {
+          if (Array.isArray(data[key])) {
+            data[key].push(value);
+          } else {
+            data[key] = [data[key], value];
+          }
+        } else {
+          data[key] = value;
+        }
+      });
+      return data;
+    } catch {
+      return {};
+    }
+  }
+  return {};
+}
+function withSchema(adapter, handler) {
+  return async (request, context) => {
+    const body = await parseRequestBody(request);
+    const result = await adapter.validate(body);
+    if (!result.success) {
+      throw new ValidationError(result.errors || {});
+    }
+    return handler(result.data, request);
+  };
+}
+function withApiSchema(adapter, handler) {
+  return async (req, res) => {
+    const body = req.body;
+    const result = await adapter.validate(body);
+    if (!result.success) {
+      throw new ValidationError(result.errors || {});
+    }
+    await handler(result.data, req, res);
+  };
+}
+
 // src/adapters/validators/ZodAdapter.ts
 var ZodAdapter = class {
   constructor(schema) {
@@ -481,6 +803,641 @@ var ZodAdapter = class {
   }
 };
 
-export { AuthorizationError, FormRequest, ValidationError, ZodAdapter, createAppRouterWrapper, createPagesRouterWrapper, isAppRouterRequest, isPagesRouterRequest, withApiRequest, withRequest };
+// src/adapters/validators/YupAdapter.ts
+var YupAdapter = class {
+  constructor(schema) {
+    this.schema = schema;
+  }
+  async validate(data, config) {
+    try {
+      const validated = await this.schema.validate(data, {
+        abortEarly: false,
+        stripUnknown: true
+      });
+      return {
+        success: true,
+        data: validated
+      };
+    } catch (error) {
+      if (this.isYupValidationError(error)) {
+        const errors = this.formatYupErrors(error, config);
+        return {
+          success: false,
+          errors
+        };
+      }
+      throw error;
+    }
+  }
+  validateSync(data, config) {
+    try {
+      const validated = this.schema.validateSync(data, {
+        abortEarly: false,
+        stripUnknown: true
+      });
+      return {
+        success: true,
+        data: validated
+      };
+    } catch (error) {
+      if (this.isYupValidationError(error)) {
+        const errors = this.formatYupErrors(error, config);
+        return {
+          success: false,
+          errors
+        };
+      }
+      throw error;
+    }
+  }
+  isYupValidationError(error) {
+    return error !== null && typeof error === "object" && "inner" in error && "name" in error && error.name === "ValidationError";
+  }
+  formatYupErrors(error, config) {
+    const errors = {};
+    const customMessages = config?.messages ?? {};
+    const customAttributes = config?.attributes ?? {};
+    const innerErrors = error.inner.length > 0 ? error.inner : [error];
+    for (const issue of innerErrors) {
+      const path = issue.path ?? "_root";
+      const attributeName = customAttributes[path] ?? path;
+      const messageKey = `${path}.${issue.type ?? "invalid"}`;
+      let message;
+      if (customMessages[messageKey]) {
+        message = customMessages[messageKey];
+      } else if (customMessages[path]) {
+        message = customMessages[path];
+      } else {
+        message = issue.message.replace(
+          new RegExp(`\\b${path}\\b`, "gi"),
+          attributeName
+        );
+      }
+      if (!errors[path]) {
+        errors[path] = [];
+      }
+      errors[path].push(message);
+    }
+    return errors;
+  }
+};
+
+// src/adapters/validators/ValibotAdapter.ts
+var ValibotAdapter = class {
+  constructor(schema, safeParse) {
+    this.schema = schema;
+    this.safeParseFunc = safeParse;
+  }
+  async validate(data, config) {
+    return this.validateSync(data, config);
+  }
+  validateSync(data, config) {
+    const result = this.safeParseFunc(this.schema, data);
+    if (result.success) {
+      return {
+        success: true,
+        data: result.output
+      };
+    }
+    const errors = this.formatValibotErrors(result.issues ?? [], config);
+    return {
+      success: false,
+      errors
+    };
+  }
+  formatValibotErrors(issues, config) {
+    const errors = {};
+    const customMessages = config?.messages ?? {};
+    const customAttributes = config?.attributes ?? {};
+    for (const issue of issues) {
+      const pathParts = issue.path?.map((p) => {
+        if (typeof p === "object" && p !== null && "key" in p) {
+          return String(p.key);
+        }
+        return String(p);
+      }) ?? [];
+      const path = pathParts.join(".") || "_root";
+      const attributeName = customAttributes[path] ?? path;
+      const messageKey = `${path}.${issue.type ?? "invalid"}`;
+      let message;
+      if (customMessages[messageKey]) {
+        message = customMessages[messageKey];
+      } else if (customMessages[path]) {
+        message = customMessages[path];
+      } else {
+        message = (issue.message ?? "Validation failed").replace(
+          new RegExp(`\\b${path}\\b`, "gi"),
+          attributeName
+        );
+      }
+      if (!errors[path]) {
+        errors[path] = [];
+      }
+      errors[path].push(message);
+    }
+    return errors;
+  }
+};
+
+// src/adapters/validators/ArkTypeAdapter.ts
+function isArkTypeErrors(result) {
+  return result !== null && typeof result === "object" && "summary" in result && true;
+}
+var ArkTypeAdapter = class {
+  constructor(schema) {
+    this.schema = schema;
+  }
+  async validate(data, config) {
+    return this.validateSync(data, config);
+  }
+  validateSync(data, config) {
+    const result = this.schema(data);
+    if (!isArkTypeErrors(result)) {
+      return {
+        success: true,
+        data: result
+      };
+    }
+    const errors = this.formatArkTypeErrors(result, config);
+    return {
+      success: false,
+      errors
+    };
+  }
+  formatArkTypeErrors(arkErrors, config) {
+    const errors = {};
+    const customMessages = config?.messages ?? {};
+    const customAttributes = config?.attributes ?? {};
+    const errorList = [];
+    if (arkErrors.errors && Array.isArray(arkErrors.errors)) {
+      errorList.push(...arkErrors.errors);
+    } else if (arkErrors[Symbol.iterator]) {
+      const iteratorFn = arkErrors[Symbol.iterator];
+      if (typeof iteratorFn === "function") {
+        const iterator = iteratorFn.call(arkErrors);
+        let result = iterator.next();
+        while (!result.done) {
+          errorList.push(result.value);
+          result = iterator.next();
+        }
+      }
+    } else {
+      errorList.push({
+        path: [],
+        message: arkErrors.summary
+      });
+    }
+    for (const issue of errorList) {
+      const path = issue.path.join(".") || "_root";
+      const attributeName = customAttributes[path] ?? path;
+      const messageKey = `${path}.${issue.code ?? "invalid"}`;
+      let message;
+      if (customMessages[messageKey]) {
+        message = customMessages[messageKey];
+      } else if (customMessages[path]) {
+        message = customMessages[path];
+      } else {
+        message = issue.message.replace(
+          new RegExp(`\\b${path}\\b`, "gi"),
+          attributeName
+        );
+      }
+      if (!errors[path]) {
+        errors[path] = [];
+      }
+      errors[path].push(message);
+    }
+    return errors;
+  }
+};
+function parseSize(size) {
+  if (typeof size === "number") {
+    return size;
+  }
+  const match = size.toLowerCase().match(/^(\d+(?:\.\d+)?)\s*(b|kb|mb|gb)?$/);
+  if (!match) {
+    throw new Error(`Invalid size format: ${size}. Use formats like "5mb", "1024kb", or "1gb"`);
+  }
+  const value = parseFloat(match[1]);
+  const unit = match[2] || "b";
+  const multipliers = {
+    b: 1,
+    kb: 1024,
+    mb: 1024 * 1024,
+    gb: 1024 * 1024 * 1024
+  };
+  return Math.floor(value * multipliers[unit]);
+}
+function mimeTypeMatches(mimeType, pattern) {
+  if (pattern === "*" || pattern === "*/*") {
+    return true;
+  }
+  if (pattern.endsWith("/*")) {
+    const category = pattern.slice(0, -2);
+    return mimeType.startsWith(category + "/");
+  }
+  return mimeType === pattern;
+}
+function createValidatedFile(file) {
+  const extension = file.name.includes(".") ? file.name.split(".").pop()?.toLowerCase() ?? "" : "";
+  return {
+    name: file.name,
+    size: file.size,
+    type: file.type,
+    file,
+    extension,
+    arrayBuffer: () => file.arrayBuffer(),
+    text: () => file.text(),
+    stream: () => file.stream()
+  };
+}
+function formFile(options = {}) {
+  const {
+    maxSize,
+    minSize,
+    types,
+    extensions,
+    required = true
+  } = options;
+  const maxSizeBytes = maxSize ? parseSize(maxSize) : void 0;
+  const minSizeBytes = minSize ? parseSize(minSize) : void 0;
+  const fileSchema = z.instanceof(File, { message: "Expected a file" }).refine(
+    (file) => {
+      if (!required && file.size === 0) return true;
+      return file.size > 0;
+    },
+    { message: "File is required" }
+  ).refine(
+    (file) => {
+      if (!maxSizeBytes) return true;
+      return file.size <= maxSizeBytes;
+    },
+    {
+      message: maxSize ? `File size must not exceed ${typeof maxSize === "string" ? maxSize : `${maxSize} bytes`}` : "File is too large"
+    }
+  ).refine(
+    (file) => {
+      if (!minSizeBytes) return true;
+      return file.size >= minSizeBytes;
+    },
+    {
+      message: minSize ? `File size must be at least ${typeof minSize === "string" ? minSize : `${minSize} bytes`}` : "File is too small"
+    }
+  ).refine(
+    (file) => {
+      if (!types || types.length === 0) return true;
+      return types.some((pattern) => mimeTypeMatches(file.type, pattern));
+    },
+    {
+      message: types ? `File type must be one of: ${types.join(", ")}` : "Invalid file type"
+    }
+  ).refine(
+    (file) => {
+      if (!extensions || extensions.length === 0) return true;
+      const fileExt = file.name.includes(".") ? file.name.split(".").pop()?.toLowerCase() : "";
+      return extensions.some((ext) => ext.toLowerCase() === fileExt);
+    },
+    {
+      message: extensions ? `File extension must be one of: ${extensions.join(", ")}` : "Invalid file extension"
+    }
+  ).transform(createValidatedFile);
+  return fileSchema;
+}
+function formFiles(options = {}) {
+  const { minFiles, maxFiles, ...fileOptions } = options;
+  const singleFileSchema = formFile({ ...fileOptions, required: true });
+  let arraySchema = z.array(singleFileSchema);
+  if (minFiles !== void 0) {
+    arraySchema = arraySchema.min(minFiles, {
+      message: `At least ${minFiles} file(s) required`
+    });
+  }
+  if (maxFiles !== void 0) {
+    arraySchema = arraySchema.max(maxFiles, {
+      message: `Maximum ${maxFiles} file(s) allowed`
+    });
+  }
+  return arraySchema;
+}
+
+// src/utils/errorFormatting.ts
+function parsePath(path) {
+  const segments = [];
+  const parts = path.split(".");
+  for (const part of parts) {
+    const arrayMatch = part.match(/^(.+?)\[(\d+)\]$/);
+    if (arrayMatch) {
+      segments.push(arrayMatch[1]);
+      segments.push(parseInt(arrayMatch[2], 10));
+    } else if (/^\d+$/.test(part)) {
+      segments.push(parseInt(part, 10));
+    } else {
+      segments.push(part);
+    }
+  }
+  return segments;
+}
+function setNestedValue(obj, path, value) {
+  let current = obj;
+  for (let i = 0; i < path.length - 1; i++) {
+    const key = path[i];
+    const nextKey = path[i + 1];
+    const keyStr = String(key);
+    if (!(keyStr in current)) {
+      current[keyStr] = typeof nextKey === "number" ? [] : {};
+    }
+    current = current[keyStr];
+  }
+  const lastKey = String(path[path.length - 1]);
+  current[lastKey] = value;
+}
+function formatErrors(errors, options = {}) {
+  const { maxErrorsPerField } = options;
+  const flat = {};
+  const nested = {};
+  const all = [];
+  for (const [field, messages] of Object.entries(errors)) {
+    const limitedMessages = maxErrorsPerField ? messages.slice(0, maxErrorsPerField) : messages;
+    flat[field] = limitedMessages;
+    all.push(...limitedMessages);
+    const path = parsePath(field);
+    setNestedValue(nested, path, limitedMessages);
+  }
+  return {
+    flat,
+    nested,
+    all,
+    count: all.length,
+    has(field) {
+      return field in flat && flat[field].length > 0;
+    },
+    get(field) {
+      return flat[field] ?? [];
+    },
+    first(field) {
+      return flat[field]?.[0];
+    }
+  };
+}
+function flattenErrors(nested, options = {}) {
+  const { pathSeparator = ".", includeArrayIndices = true } = options;
+  const result = {};
+  function flatten(obj, prefix = "") {
+    if (Array.isArray(obj)) {
+      if (obj.every((item) => typeof item === "string")) {
+        result[prefix] = obj;
+        return;
+      }
+      obj.forEach((item, index) => {
+        const key = includeArrayIndices ? `${prefix}${prefix ? pathSeparator : ""}${index}` : prefix;
+        flatten(item, key);
+      });
+    } else if (obj !== null && typeof obj === "object") {
+      for (const [key, value] of Object.entries(obj)) {
+        const newPrefix = prefix ? `${prefix}${pathSeparator}${key}` : key;
+        flatten(value, newPrefix);
+      }
+    }
+  }
+  flatten(nested);
+  return result;
+}
+function summarizeErrors(errors) {
+  const entries = Object.entries(errors);
+  if (entries.length === 0) {
+    return "No errors";
+  }
+  if (entries.length === 1) {
+    const [field, messages] = entries[0];
+    return `${field}: ${messages[0]}`;
+  }
+  const totalErrors = entries.reduce((sum, [, msgs]) => sum + msgs.length, 0);
+  return `${totalErrors} validation error${totalErrors > 1 ? "s" : ""} in ${entries.length} field${entries.length > 1 ? "s" : ""}`;
+}
+function filterErrors(errors, fields) {
+  const result = {};
+  for (const field of fields) {
+    if (errors[field]) {
+      result[field] = errors[field];
+    }
+    for (const [key, messages] of Object.entries(errors)) {
+      if (key.startsWith(`${field}.`)) {
+        result[key] = messages;
+      }
+    }
+  }
+  return result;
+}
+function mergeErrors(...errorSets) {
+  const result = {};
+  for (const errors of errorSets) {
+    for (const [field, messages] of Object.entries(errors)) {
+      if (!result[field]) {
+        result[field] = [];
+      }
+      result[field].push(...messages);
+    }
+  }
+  return result;
+}
+
+// src/utils/testing.ts
+function createMockRequest(body, options = {}) {
+  const {
+    method = "POST",
+    headers = {},
+    query = {},
+    baseUrl = "http://localhost:3000/api/test"
+  } = options;
+  const url = new URL(baseUrl);
+  for (const [key, value] of Object.entries(query)) {
+    url.searchParams.set(key, value);
+  }
+  const requestHeaders = new Headers(headers);
+  if (["POST", "PUT", "PATCH"].includes(method.toUpperCase())) {
+    if (!requestHeaders.has("content-type")) {
+      requestHeaders.set("content-type", "application/json");
+    }
+  }
+  return new Request(url.toString(), {
+    method,
+    headers: requestHeaders,
+    body: body !== void 0 ? JSON.stringify(body) : void 0
+  });
+}
+async function testFormRequest(RequestClass, body, options = {}) {
+  const request = createMockRequest(body, options);
+  const FormRequestWithStatic = RequestClass;
+  const instance = await FormRequestWithStatic.fromAppRouter(request, options.params);
+  try {
+    const data = await instance.validate();
+    return {
+      success: true,
+      data,
+      instance
+    };
+  } catch (error) {
+    if (error instanceof ValidationError) {
+      return {
+        success: false,
+        errors: error.errors,
+        instance
+      };
+    }
+    if (error instanceof AuthorizationError) {
+      return {
+        success: false,
+        unauthorized: true,
+        instance
+      };
+    }
+    throw error;
+  }
+}
+function addMockMethod(RequestClass) {
+  RequestClass.mock = async (body, options) => testFormRequest(RequestClass, body, options);
+}
+function expectValid(result) {
+  if (!result.success) {
+    const errorDetails = result.errors ? Object.entries(result.errors).map(([field, messages]) => `${field}: ${messages.join(", ")}`).join("\n") : result.unauthorized ? "Authorization denied" : "Unknown error";
+    throw new Error(`Expected validation to pass, but it failed:
+${errorDetails}`);
+  }
+}
+function expectInvalid(result) {
+  if (result.success) {
+    throw new Error(`Expected validation to fail, but it passed with data: ${JSON.stringify(result.data)}`);
+  }
+  if (!result.errors) {
+    throw new Error("Expected validation errors, but got none");
+  }
+}
+function expectFieldError(result, field, messagePattern) {
+  expectInvalid(result);
+  const fieldErrors = result.errors[field];
+  if (!fieldErrors || fieldErrors.length === 0) {
+    throw new Error(
+      `Expected errors for field "${field}", but found none. Errors: ${JSON.stringify(result.errors)}`
+    );
+  }
+  if (messagePattern) {
+    const hasMatch = fieldErrors.some(
+      (msg) => typeof messagePattern === "string" ? msg.includes(messagePattern) : messagePattern.test(msg)
+    );
+    if (!hasMatch) {
+      throw new Error(
+        `Expected error for "${field}" to match "${messagePattern}", but got: ${fieldErrors.join(", ")}`
+      );
+    }
+  }
+}
+
+// src/utils/compose.ts
+function createAuthenticatedRequest(authorizeFn) {
+  class AuthenticatedFormRequest extends FormRequest {
+    async authorize() {
+      return authorizeFn(this);
+    }
+  }
+  return AuthenticatedFormRequest;
+}
+function composeAuthorization(...checks) {
+  return async function() {
+    for (const check of checks) {
+      const result = await check(this);
+      if (!result) return false;
+    }
+    return true;
+  };
+}
+var authHelpers = {
+  /**
+   * Check if request has a specific header
+   */
+  hasHeader: (headerName) => (request) => {
+    return !!request.header(headerName);
+  },
+  /**
+   * Check if request has authorization header
+   */
+  isAuthenticated: (request) => {
+    return !!request.header("authorization");
+  },
+  /**
+   * Check if request has a bearer token
+   */
+  hasBearerToken: (request) => {
+    const auth = request.header("authorization");
+    return typeof auth === "string" && auth.startsWith("Bearer ");
+  },
+  /**
+   * Extract bearer token from request
+   */
+  getBearerToken: (request) => {
+    const auth = request.header("authorization");
+    if (typeof auth === "string" && auth.startsWith("Bearer ")) {
+      return auth.slice(7);
+    }
+    return null;
+  },
+  /**
+   * Check if request has API key
+   */
+  hasApiKey: (headerName = "x-api-key") => (request) => {
+    return !!request.header(headerName);
+  }
+};
+var hookHelpers = {
+  /**
+   * Compose multiple beforeValidation hooks
+   */
+  beforeValidation: (...hooks) => async function() {
+    for (const hook of hooks) {
+      await hook.call(this);
+    }
+  },
+  /**
+   * Compose multiple afterValidation hooks
+   */
+  afterValidation: (...hooks) => async function(data) {
+    for (const hook of hooks) {
+      await hook.call(this, data);
+    }
+  },
+  /**
+   * Common beforeValidation transformations
+   */
+  transforms: {
+    /** Trim all string values */
+    trimStrings: function() {
+      const body = this.all();
+      for (const [key, value] of Object.entries(body)) {
+        if (typeof value === "string") {
+          body[key] = value.trim();
+        }
+      }
+    },
+    /** Lowercase specific fields */
+    lowercase: (...fields) => function() {
+      for (const field of fields) {
+        const value = this.input(field);
+        if (typeof value === "string") {
+          this.all()[field] = value.toLowerCase();
+        }
+      }
+    },
+    /** Uppercase specific fields */
+    uppercase: (...fields) => function() {
+      for (const field of fields) {
+        const value = this.input(field);
+        if (typeof value === "string") {
+          this.all()[field] = value.toUpperCase();
+        }
+      }
+    }
+  }
+};
+
+export { ArkTypeAdapter, AuthorizationError, FormRequest, MemoryRateLimitStore, RateLimitError, ValibotAdapter, ValidationError, YupAdapter, ZodAdapter, addMockMethod, authHelpers, checkRateLimit, coerceFormData, coercionPresets, composeAuthorization, createAppRouterWrapper, createAuthenticatedRequest, createMockRequest, createPagesRouterWrapper, expectFieldError, expectInvalid, expectValid, filterErrors, flattenErrors, formFile, formFiles, formatErrors, hookHelpers, isAppRouterRequest, isPagesRouterRequest, mergeErrors, rateLimit, setDefaultRateLimitStore, summarizeErrors, testFormRequest, withApiRequest, withApiSchema, withRequest, withSchema, zodCoerce };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map