nextjs-secure 0.6.0 → 0.7.0

package/dist/index.js

@@ -5105,9 +5105,1486 @@ function withTiming(handler, options = {}) {
   };
 }
 
+// src/middleware/bot/user-agent.ts
+var KNOWN_BOT_PATTERNS = [
+  // Search Engines - Generally allowed
+  {
+    name: "Googlebot",
+    pattern: /Googlebot|Google-InspectionTool|Storebot-Google|GoogleOther/i,
+    category: "search_engine",
+    allowed: true,
+    description: "Google search crawler"
+  },
+  {
+    name: "Bingbot",
+    pattern: /bingbot|msnbot|BingPreview/i,
+    category: "search_engine",
+    allowed: true,
+    description: "Microsoft Bing crawler"
+  },
+  {
+    name: "Yahoo Slurp",
+    pattern: /Slurp/i,
+    category: "search_engine",
+    allowed: true,
+    description: "Yahoo search crawler"
+  },
+  {
+    name: "DuckDuckBot",
+    pattern: /DuckDuckBot|DuckDuckGo-Favicons-Bot/i,
+    category: "search_engine",
+    allowed: true,
+    description: "DuckDuckGo crawler"
+  },
+  {
+    name: "Baiduspider",
+    pattern: /Baiduspider/i,
+    category: "search_engine",
+    allowed: true,
+    description: "Baidu search crawler"
+  },
+  {
+    name: "Yandex",
+    pattern: /YandexBot|YandexImages|YandexMobileBot/i,
+    category: "search_engine",
+    allowed: true,
+    description: "Yandex search crawler"
+  },
+  {
+    name: "Applebot",
+    pattern: /Applebot/i,
+    category: "search_engine",
+    allowed: true,
+    description: "Apple search crawler"
+  },
+  {
+    name: "Sogou",
+    pattern: /Sogou/i,
+    category: "search_engine",
+    allowed: true,
+    description: "Sogou search crawler"
+  },
+  {
+    name: "Exabot",
+    pattern: /Exabot/i,
+    category: "search_engine",
+    allowed: true,
+    description: "Exalead search crawler"
+  },
+  // Social Media - Generally allowed
+  {
+    name: "Facebook",
+    pattern: /facebookexternalhit|Facebot|facebookcatalog/i,
+    category: "social_media",
+    allowed: true,
+    description: "Facebook crawler for link previews"
+  },
+  {
+    name: "Twitter",
+    pattern: /Twitterbot/i,
+    category: "social_media",
+    allowed: true,
+    description: "Twitter/X crawler for cards"
+  },
+  {
+    name: "LinkedIn",
+    pattern: /LinkedInBot/i,
+    category: "social_media",
+    allowed: true,
+    description: "LinkedIn crawler for previews"
+  },
+  {
+    name: "Pinterest",
+    pattern: /Pinterest|Pinterestbot/i,
+    category: "social_media",
+    allowed: true,
+    description: "Pinterest crawler"
+  },
+  {
+    name: "Slack",
+    pattern: /Slackbot/i,
+    category: "social_media",
+    allowed: true,
+    description: "Slack link preview bot"
+  },
+  {
+    name: "Discord",
+    pattern: /Discordbot/i,
+    category: "social_media",
+    allowed: true,
+    description: "Discord link preview bot"
+  },
+  {
+    name: "Telegram",
+    pattern: /TelegramBot/i,
+    category: "social_media",
+    allowed: true,
+    description: "Telegram link preview bot"
+  },
+  {
+    name: "WhatsApp",
+    pattern: /WhatsApp/i,
+    category: "social_media",
+    allowed: true,
+    description: "WhatsApp link preview"
+  },
+  {
+    name: "Snapchat",
+    pattern: /Snapchat/i,
+    category: "social_media",
+    allowed: true,
+    description: "Snapchat crawler"
+  },
+  // Monitoring - Generally allowed
+  {
+    name: "UptimeRobot",
+    pattern: /UptimeRobot/i,
+    category: "monitoring",
+    allowed: true,
+    description: "UptimeRobot monitoring"
+  },
+  {
+    name: "Pingdom",
+    pattern: /Pingdom/i,
+    category: "monitoring",
+    allowed: true,
+    description: "Pingdom monitoring"
+  },
+  {
+    name: "StatusCake",
+    pattern: /StatusCake/i,
+    category: "monitoring",
+    allowed: true,
+    description: "StatusCake monitoring"
+  },
+  {
+    name: "Site24x7",
+    pattern: /Site24x7/i,
+    category: "monitoring",
+    allowed: true,
+    description: "Site24x7 monitoring"
+  },
+  {
+    name: "Datadog",
+    pattern: /Datadog/i,
+    category: "monitoring",
+    allowed: true,
+    description: "Datadog synthetic monitoring"
+  },
+  {
+    name: "New Relic",
+    pattern: /NewRelicPinger/i,
+    category: "monitoring",
+    allowed: true,
+    description: "New Relic synthetic monitoring"
+  },
+  {
+    name: "Checkly",
+    pattern: /Checkly/i,
+    category: "monitoring",
+    allowed: true,
+    description: "Checkly monitoring"
+  },
+  // SEO Tools - Usually allowed but can be blocked
+  {
+    name: "Ahrefs",
+    pattern: /AhrefsBot|AhrefsSiteAudit/i,
+    category: "seo",
+    allowed: false,
+    description: "Ahrefs SEO crawler"
+  },
+  {
+    name: "Semrush",
+    pattern: /SemrushBot/i,
+    category: "seo",
+    allowed: false,
+    description: "Semrush SEO crawler"
+  },
+  {
+    name: "Moz",
+    pattern: /rogerbot|DotBot/i,
+    category: "seo",
+    allowed: false,
+    description: "Moz SEO crawler"
+  },
+  {
+    name: "Majestic",
+    pattern: /MJ12bot/i,
+    category: "seo",
+    allowed: false,
+    description: "Majestic SEO crawler"
+  },
+  {
+    name: "Screaming Frog",
+    pattern: /Screaming Frog/i,
+    category: "seo",
+    allowed: false,
+    description: "Screaming Frog SEO Spider"
+  },
+  // AI Crawlers - Configurable
+  {
+    name: "GPTBot",
+    pattern: /GPTBot/i,
+    category: "ai_crawler",
+    allowed: false,
+    description: "OpenAI GPT training crawler"
+  },
+  {
+    name: "ChatGPT-User",
+    pattern: /ChatGPT-User/i,
+    category: "ai_crawler",
+    allowed: false,
+    description: "ChatGPT user browsing"
+  },
+  {
+    name: "Claude-Web",
+    pattern: /Claude-Web|ClaudeBot|anthropic-ai/i,
+    category: "ai_crawler",
+    allowed: false,
+    description: "Anthropic Claude crawler"
+  },
+  {
+    name: "Bytespider",
+    pattern: /Bytespider/i,
+    category: "ai_crawler",
+    allowed: false,
+    description: "ByteDance AI crawler"
+  },
+  {
+    name: "CCBot",
+    pattern: /CCBot/i,
+    category: "ai_crawler",
+    allowed: false,
+    description: "Common Crawl bot"
+  },
+  {
+    name: "Google-Extended",
+    pattern: /Google-Extended/i,
+    category: "ai_crawler",
+    allowed: false,
+    description: "Google AI training crawler"
+  },
+  {
+    name: "Cohere-ai",
+    pattern: /cohere-ai/i,
+    category: "ai_crawler",
+    allowed: false,
+    description: "Cohere AI crawler"
+  },
+  {
+    name: "PerplexityBot",
+    pattern: /PerplexityBot/i,
+    category: "ai_crawler",
+    allowed: false,
+    description: "Perplexity AI crawler"
+  },
+  // Feed Readers - Generally allowed
+  {
+    name: "Feedly",
+    pattern: /Feedly/i,
+    category: "feed_reader",
+    allowed: true,
+    description: "Feedly RSS reader"
+  },
+  {
+    name: "Feedbin",
+    pattern: /Feedbin/i,
+    category: "feed_reader",
+    allowed: true,
+    description: "Feedbin RSS reader"
+  },
+  {
+    name: "NewsBlur",
+    pattern: /NewsBlur/i,
+    category: "feed_reader",
+    allowed: true,
+    description: "NewsBlur RSS reader"
+  },
+  // Link Previews - Generally allowed
+  {
+    name: "Embedly",
+    pattern: /Embedly/i,
+    category: "preview",
+    allowed: true,
+    description: "Embedly link preview"
+  },
+  {
+    name: "Iframely",
+    pattern: /Iframely/i,
+    category: "preview",
+    allowed: true,
+    description: "Iframely link preview"
+  },
+  // Security Scanners - Block by default
+  {
+    name: "Nessus",
+    pattern: /Nessus/i,
+    category: "security",
+    allowed: false,
+    description: "Nessus vulnerability scanner"
+  },
+  {
+    name: "Nikto",
+    pattern: /Nikto/i,
+    category: "security",
+    allowed: false,
+    description: "Nikto web scanner"
+  },
+  {
+    name: "sqlmap",
+    pattern: /sqlmap/i,
+    category: "security",
+    allowed: false,
+    description: "sqlmap SQL injection tool"
+  },
+  {
+    name: "WPScan",
+    pattern: /WPScan/i,
+    category: "security",
+    allowed: false,
+    description: "WordPress vulnerability scanner"
+  },
+  {
+    name: "Acunetix",
+    pattern: /Acunetix/i,
+    category: "security",
+    allowed: false,
+    description: "Acunetix vulnerability scanner"
+  },
+  // Known Scrapers - Block
+  {
+    name: "Scrapy",
+    pattern: /Scrapy/i,
+    category: "scraper",
+    allowed: false,
+    description: "Scrapy web scraper"
+  },
+  {
+    name: "HTTrack",
+    pattern: /HTTrack/i,
+    category: "scraper",
+    allowed: false,
+    description: "HTTrack website copier"
+  },
+  {
+    name: "WebCopier",
+    pattern: /WebCopier/i,
+    category: "scraper",
+    allowed: false,
+    description: "WebCopier tool"
+  },
+  {
+    name: "SiteSnagger",
+    pattern: /SiteSnagger/i,
+    category: "scraper",
+    allowed: false,
+    description: "SiteSnagger downloader"
+  },
+  // Spam Bots - Always block
+  {
+    name: "Spam Bot",
+    pattern: /spam|harvester|extractor|collect/i,
+    category: "spam",
+    allowed: false,
+    description: "Generic spam bot pattern"
+  },
+  {
+    name: "Email Harvester",
+    pattern: /email.*harvest|harvest.*email/i,
+    category: "spam",
+    allowed: false,
+    description: "Email harvesting bot"
+  },
+  // Malicious - Always block
+  {
+    name: "Malicious Generic",
+    pattern: /masscan|ZmEu|morfeus|nmap/i,
+    category: "malicious",
+    allowed: false,
+    description: "Known malicious tools"
+  },
+  {
+    name: "Vulnerability Scanner",
+    pattern: /havij|w3af|webscarab/i,
+    category: "malicious",
+    allowed: false,
+    description: "Vulnerability scanning tools"
+  },
+  // Generic Bot Pattern
+  {
+    name: "Generic Bot",
+    pattern: /bot|crawl|spider|scrape|fetch/i,
+    category: "unknown",
+    allowed: false,
+    description: "Generic bot pattern"
+  },
+  {
+    name: "HTTP Library",
+    pattern: /python-requests|python-urllib|curl|wget|axios|node-fetch|got\//i,
+    category: "unknown",
+    allowed: false,
+    description: "HTTP library user agent"
+  }
+];
+var DEFAULT_ALLOWED_CATEGORIES = [
+  "search_engine",
+  "social_media",
+  "monitoring",
+  "feed_reader",
+  "preview"
+];
+var DEFAULT_ALLOWED_BOTS = [
+  "Googlebot",
+  "Bingbot",
+  "Yahoo Slurp",
+  "DuckDuckBot",
+  "Applebot",
+  "Facebook",
+  "Twitter",
+  "LinkedIn",
+  "Slack",
+  "Discord",
+  "UptimeRobot",
+  "Pingdom"
+];
+function analyzeUserAgent(userAgent, options = {}) {
+  const {
+    blockAllBots = false,
+    allowCategories = DEFAULT_ALLOWED_CATEGORIES,
+    allowList = DEFAULT_ALLOWED_BOTS,
+    blockList = [],
+    customPatterns = [],
+    blockEmptyUA = true,
+    blockSuspiciousUA = true
+  } = options;
+  if (!userAgent || userAgent.trim() === "") {
+    return {
+      isBot: blockEmptyUA,
+      category: "unknown",
+      confidence: blockEmptyUA ? 0.9 : 0,
+      reason: "Empty User-Agent",
+      userAgent: userAgent || ""
+    };
+  }
+  const allPatterns = [...customPatterns, ...KNOWN_BOT_PATTERNS];
+  let matchedPattern = null;
+  for (const pattern of allPatterns) {
+    if (pattern.pattern.test(userAgent)) {
+      matchedPattern = pattern;
+      break;
+    }
+  }
+  if (!matchedPattern && blockSuspiciousUA && isSuspiciousUA(userAgent)) {
+    return {
+      isBot: true,
+      category: "unknown",
+      confidence: 0.8,
+      reason: "Suspicious User-Agent pattern",
+      userAgent
+    };
+  }
+  if (!matchedPattern) {
+    return {
+      isBot: false,
+      confidence: 0.1,
+      reason: "No bot pattern matched",
+      userAgent
+    };
+  }
+  if (blockList.includes(matchedPattern.name)) {
+    return {
+      isBot: true,
+      category: matchedPattern.category,
+      name: matchedPattern.name,
+      confidence: 0.95,
+      reason: `Blocked bot: ${matchedPattern.name}`,
+      userAgent
+    };
+  }
+  if (blockAllBots) {
+    return {
+      isBot: true,
+      category: matchedPattern.category,
+      name: matchedPattern.name,
+      confidence: 0.9,
+      reason: `Bot blocked (blockAllBots mode): ${matchedPattern.name}`,
+      userAgent
+    };
+  }
+  if (allowList.includes(matchedPattern.name)) {
+    return {
+      isBot: true,
+      category: matchedPattern.category,
+      name: matchedPattern.name,
+      confidence: 0.95,
+      reason: `Allowed bot: ${matchedPattern.name}`,
+      userAgent
+    };
+  }
+  if (allowCategories.includes(matchedPattern.category)) {
+    return {
+      isBot: true,
+      category: matchedPattern.category,
+      name: matchedPattern.name,
+      confidence: 0.9,
+      reason: `Allowed category: ${matchedPattern.category}`,
+      userAgent
+    };
+  }
+  return {
+    isBot: true,
+    category: matchedPattern.category,
+    name: matchedPattern.name,
+    confidence: 0.85,
+    reason: matchedPattern.allowed ? `Allowed bot: ${matchedPattern.name}` : `Blocked bot: ${matchedPattern.name}`,
+    userAgent
+  };
+}
+function isSuspiciousUA(userAgent) {
+  if (userAgent.length < 10) {
+    return true;
+  }
+  if (/^[0-9a-f]{8,}$/i.test(userAgent)) {
+    return true;
+  }
+  const hasBrowserIndicator = /Mozilla|Chrome|Safari|Firefox|Edge|Opera|MSIE|Trident/i.test(userAgent);
+  const hasOSIndicator = /Windows|Mac|Linux|Android|iOS|iPhone|iPad/i.test(userAgent);
+  if (hasBrowserIndicator && !hasOSIndicator && userAgent.length < 50) {
+    return true;
+  }
+  if (/Chrome\/[0-4]\./i.test(userAgent) || /Firefox\/[0-3]\./i.test(userAgent)) {
+    return true;
+  }
+  return false;
+}
+function isBotAllowed(botName, options = {}) {
+  const {
+    blockAllBots = false,
+    allowCategories = DEFAULT_ALLOWED_CATEGORIES,
+    allowList = DEFAULT_ALLOWED_BOTS,
+    blockList = []
+  } = options;
+  if (blockList.includes(botName)) {
+    return false;
+  }
+  if (blockAllBots) {
+    return false;
+  }
+  if (allowList.includes(botName)) {
+    return true;
+  }
+  const pattern = KNOWN_BOT_PATTERNS.find((p) => p.name === botName);
+  if (pattern && allowCategories.includes(pattern.category)) {
+    return true;
+  }
+  return pattern?.allowed ?? false;
+}
+function getBotsByCategory(category) {
+  return KNOWN_BOT_PATTERNS.filter((p) => p.category === category);
+}
+function createBotPattern(name, pattern, category, allowed = false, description) {
+  return {
+    name,
+    pattern: typeof pattern === "string" ? new RegExp(pattern, "i") : pattern,
+    category,
+    allowed,
+    description
+  };
+}
+
+// src/middleware/bot/honeypot.ts
+var DEFAULT_HONEYPOT_FIELDS = [
+  "_hp_email",
+  "_hp_name",
+  "_hp_website",
+  "_hp_phone",
+  "_hp_address",
+  "email_confirm",
+  "website_url",
+  "fax_number"
+];
+var DEFAULT_HONEYPOT_OPTIONS = {
+  fieldName: "_hp_email",
+  additionalFields: [],
+  checkIn: ["body", "query"]};
+async function checkHoneypot(req, options = {}) {
+  const {
+    fieldName = DEFAULT_HONEYPOT_OPTIONS.fieldName,
+    additionalFields = DEFAULT_HONEYPOT_OPTIONS.additionalFields,
+    checkIn = DEFAULT_HONEYPOT_OPTIONS.checkIn,
+    validate: validate2
+  } = options;
+  const allFields = [fieldName, ...additionalFields];
+  const filledFields = [];
+  if (checkIn.includes("query")) {
+    const url = new URL(req.url);
+    for (const field of allFields) {
+      const value = url.searchParams.get(field);
+      if (value !== null && value !== "") {
+        filledFields.push(`query:${field}`);
+      }
+    }
+  }
+  if (checkIn.includes("body") && hasBody(req)) {
+    try {
+      const body = await getRequestBody(req);
+      if (body && typeof body === "object") {
+        for (const field of allFields) {
+          const value = body[field];
+          if (value !== void 0 && value !== null && value !== "") {
+            if (validate2 && !validate2(value)) {
+              continue;
+            }
+            filledFields.push(`body:${field}`);
+          }
+        }
+      }
+    } catch {
+    }
+  }
+  if (checkIn.includes("headers")) {
+    for (const field of allFields) {
+      const headerName = `x-${field.replace(/_/g, "-")}`;
+      const value = req.headers.get(headerName);
+      if (value !== null && value !== "") {
+        filledFields.push(`header:${headerName}`);
+      }
+    }
+  }
+  if (filledFields.length > 0) {
+    return {
+      isBot: true,
+      category: "spam",
+      confidence: 0.95,
+      reason: `Honeypot triggered: ${filledFields.join(", ")}`,
+      ip: getClientIP2(req)
+    };
+  }
+  return {
+    isBot: false,
+    confidence: 0,
+    reason: "Honeypot check passed"
+  };
+}
+function withHoneypot(handler, options = {}) {
+  return async (req, ctx) => {
+    const result = await checkHoneypot(req, options);
+    if (result.isBot) {
+      return new Response(
+        JSON.stringify({
+          success: false,
+          error: "Request rejected"
+        }),
+        {
+          status: 403,
+          headers: { "Content-Type": "application/json" }
+        }
+      );
+    }
+    return handler(req, ctx);
+  };
+}
+function generateHoneypotHTML(options = {}) {
+  const {
+    fieldName = DEFAULT_HONEYPOT_OPTIONS.fieldName,
+    additionalFields = []
+  } = options;
+  const allFields = [fieldName, ...additionalFields];
+  const fields = allFields.map((field) => {
+    const style = getRandomHidingStyle();
+    const labelText = humanizeFieldName(field);
+    return `
+    <div style="${style}" aria-hidden="true" tabindex="-1">
+      <label for="${field}">${labelText}</label>
+      <input
+        type="text"
+        id="${field}"
+        name="${field}"
+        autocomplete="off"
+        tabindex="-1"
+      />
+    </div>`;
+  }).join("\n");
+  return `<!-- Honeypot fields - Do not fill these -->
+${fields}`;
+}
+function generateHoneypotCSS(options = {}) {
+  const {
+    fieldName = DEFAULT_HONEYPOT_OPTIONS.fieldName,
+    additionalFields = []
+  } = options;
+  const allFields = [fieldName, ...additionalFields];
+  const selectors = allFields.map((f) => `#${f}`).join(", ");
+  return `
+/* Honeypot field hiding */
+${selectors} {
+  position: absolute !important;
+  left: -9999px !important;
+  top: -9999px !important;
+  opacity: 0 !important;
+  height: 0 !important;
+  width: 0 !important;
+  z-index: -1 !important;
+  pointer-events: none !important;
+}
+`.trim();
+}
+function hasBody(req) {
+  const method = req.method.toUpperCase();
+  return ["POST", "PUT", "PATCH", "DELETE"].includes(method);
+}
+async function getRequestBody(req) {
+  try {
+    const contentType = req.headers.get("content-type") || "";
+    if (contentType.includes("application/json")) {
+      const cloned = req.clone();
+      return await cloned.json();
+    }
+    if (contentType.includes("application/x-www-form-urlencoded")) {
+      const cloned = req.clone();
+      const text = await cloned.text();
+      return Object.fromEntries(new URLSearchParams(text));
+    }
+    if (contentType.includes("multipart/form-data")) {
+      const cloned = req.clone();
+      const formData = await cloned.formData();
+      const obj = {};
+      formData.forEach((value, key) => {
+        obj[key] = value;
+      });
+      return obj;
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+function getClientIP2(req) {
+  return req.headers.get("x-forwarded-for")?.split(",")[0]?.trim() || req.headers.get("x-real-ip") || req.headers.get("cf-connecting-ip") || "unknown";
+}
+function getRandomHidingStyle() {
+  const styles = [
+    "position: absolute; left: -9999px; top: -9999px;",
+    "position: fixed; left: -100vw; visibility: hidden;",
+    "opacity: 0; height: 0; width: 0; overflow: hidden;",
+    "clip: rect(0, 0, 0, 0); white-space: nowrap; border: 0;",
+    "transform: scale(0); position: absolute;"
+  ];
+  return styles[Math.floor(Math.random() * styles.length)];
+}
+function humanizeFieldName(field) {
+  return field.replace(/^_hp_/, "").replace(/_/g, " ").replace(/\b\w/g, (c) => c.toUpperCase());
+}
+
+// src/middleware/bot/behavior.ts
+var DEFAULT_BEHAVIOR_OPTIONS = {
+  minRequestInterval: 100,
+  maxRequestsPerSecond: 10,
+  windowMs: 6e4,
+  patterns: {
+    sequentialAccess: true,
+    regularTiming: true,
+    missingHeaders: true
+  }
+};
+var MemoryBehaviorStore = class {
+  records = /* @__PURE__ */ new Map();
+  maxIdentifiers;
+  accessOrder = [];
+  constructor(options = {}) {
+    this.maxIdentifiers = options.maxIdentifiers || 1e4;
+  }
+  async record(identifier, timestamp, path) {
+    if (!this.records.has(identifier) && this.records.size >= this.maxIdentifiers) {
+      const oldest = this.accessOrder.shift();
+      if (oldest) {
+        this.records.delete(oldest);
+      }
+    }
+    const idx = this.accessOrder.indexOf(identifier);
+    if (idx > -1) {
+      this.accessOrder.splice(idx, 1);
+    }
+    this.accessOrder.push(identifier);
+    const records = this.records.get(identifier) || [];
+    records.push({ timestamp, path });
+    this.records.set(identifier, records);
+  }
+  async getHistory(identifier, windowMs) {
+    const records = this.records.get(identifier) || [];
+    const cutoff = Date.now() - windowMs;
+    const filtered = records.filter((r) => r.timestamp > cutoff);
+    if (filtered.length !== records.length) {
+      this.records.set(identifier, filtered);
+    }
+    return filtered;
+  }
+  async cleanup(maxAge) {
+    const cutoff = Date.now() - maxAge;
+    for (const [identifier, records] of this.records.entries()) {
+      const filtered = records.filter((r) => r.timestamp > cutoff);
+      if (filtered.length === 0) {
+        this.records.delete(identifier);
+        const idx = this.accessOrder.indexOf(identifier);
+        if (idx > -1) {
+          this.accessOrder.splice(idx, 1);
+        }
+      } else {
+        this.records.set(identifier, filtered);
+      }
+    }
+  }
+  /**
+   * Get store statistics
+   */
+  getStats() {
+    let totalRecords = 0;
+    for (const records of this.records.values()) {
+      totalRecords += records.length;
+    }
+    return {
+      identifiers: this.records.size,
+      totalRecords
+    };
+  }
+  /**
+   * Clear all records
+   */
+  clear() {
+    this.records.clear();
+    this.accessOrder = [];
+  }
+};
+async function analyzeBehavior(req, history, options = {}) {
+  const {
+    minRequestInterval = DEFAULT_BEHAVIOR_OPTIONS.minRequestInterval,
+    maxRequestsPerSecond = DEFAULT_BEHAVIOR_OPTIONS.maxRequestsPerSecond,
+    patterns = DEFAULT_BEHAVIOR_OPTIONS.patterns
+  } = options;
+  const reasons = [];
+  let score = 0;
+  const now = Date.now();
+  const requestCount = history.length;
+  const intervals = [];
+  for (let i = 1; i < history.length; i++) {
+    intervals.push(history[i].timestamp - history[i - 1].timestamp);
+  }
+  const avgInterval = intervals.length > 0 ? intervals.reduce((a, b) => a + b, 0) / intervals.length : Infinity;
+  const oneSecondAgo = now - 1e3;
+  const requestsLastSecond = history.filter((r) => r.timestamp > oneSecondAgo).length;
+  if (requestsLastSecond > maxRequestsPerSecond) {
+    score += 0.3;
+    reasons.push(`High request rate: ${requestsLastSecond}/s (max: ${maxRequestsPerSecond})`);
+  }
+  const hasRapidRequests = intervals.some((i) => i < minRequestInterval);
+  if (hasRapidRequests) {
+    score += 0.25;
+    reasons.push(`Rapid requests detected: interval < ${minRequestInterval}ms`);
+  }
+  if (patterns?.regularTiming && intervals.length >= 5) {
+    const variance = calculateVariance(intervals);
+    const coefficientOfVariation = Math.sqrt(variance) / avgInterval;
+    if (coefficientOfVariation < 0.1) {
+      score += 0.2;
+      reasons.push("Suspiciously regular request timing");
+    }
+  }
+  if (patterns?.sequentialAccess && history.length >= 5) {
+    const paths = history.map((r) => r.path);
+    if (isSequentialPattern(paths)) {
+      score += 0.15;
+      reasons.push("Sequential URL access pattern detected");
+    }
+  }
+  if (patterns?.missingHeaders) {
+    const missingScore = checkMissingHeaders(req);
+    if (missingScore > 0) {
+      score += missingScore;
+      reasons.push("Missing typical browser headers");
+    }
+  }
+  score = Math.min(1, score);
+  return {
+    suspicious: score >= 0.5,
+    score,
+    reasons,
+    requestCount,
+    avgInterval
+  };
+}
+async function checkBehavior(req, options = {}) {
+  const {
+    store = new MemoryBehaviorStore(),
+    windowMs = DEFAULT_BEHAVIOR_OPTIONS.windowMs,
+    identifier: getIdentifier2
+  } = options;
+  const identifier = getIdentifier2 ? await getIdentifier2(req) : getClientIP3(req);
+  const history = await store.getHistory(identifier, windowMs);
+  const now = Date.now();
+  const path = new URL(req.url).pathname;
+  await store.record(identifier, now, path);
+  const updatedHistory = [...history, { timestamp: now, path }];
+  const analysis = await analyzeBehavior(req, updatedHistory, options);
+  return {
+    isBot: analysis.suspicious,
+    confidence: analysis.score,
+    reason: analysis.reasons.join("; ") || "Behavior analysis passed",
+    ip: identifier
+  };
+}
+var globalBehaviorStore;
+function getGlobalBehaviorStore() {
+  if (!globalBehaviorStore) {
+    globalBehaviorStore = new MemoryBehaviorStore();
+  }
+  return globalBehaviorStore;
+}
+function withBehaviorAnalysis(handler, options = {}) {
+  const store = options.store || getGlobalBehaviorStore();
+  const mergedOptions = { ...options, store };
+  return async (req, ctx) => {
+    const result = await checkBehavior(req, mergedOptions);
+    if (result.isBot && result.confidence >= 0.5) {
+      return new Response(
+        JSON.stringify({
+          error: "Too Many Requests",
+          message: "Unusual request pattern detected",
+          retryAfter: 60
+        }),
+        {
+          status: 429,
+          headers: {
+            "Content-Type": "application/json",
+            "Retry-After": "60"
+          }
+        }
+      );
+    }
+    return handler(req, ctx);
+  };
+}
+function getClientIP3(req) {
+  return req.headers.get("x-forwarded-for")?.split(",")[0]?.trim() || req.headers.get("x-real-ip") || req.headers.get("cf-connecting-ip") || "unknown";
+}
+function calculateVariance(numbers) {
+  if (numbers.length === 0) return 0;
+  const mean = numbers.reduce((a, b) => a + b, 0) / numbers.length;
+  const squaredDiffs = numbers.map((n) => Math.pow(n - mean, 2));
+  return squaredDiffs.reduce((a, b) => a + b, 0) / numbers.length;
+}
+function isSequentialPattern(paths) {
+  const numbers = paths.map((p) => {
+    const match = p.match(/(\d+)/);
+    return match ? parseInt(match[1], 10) : null;
+  }).filter((n) => n !== null);
+  if (numbers.length < 3) return false;
+  let sequential = 0;
+  for (let i = 1; i < numbers.length; i++) {
+    if (numbers[i] === numbers[i - 1] + 1) {
+      sequential++;
+    }
+  }
+  return sequential >= numbers.length * 0.6;
+}
+function checkMissingHeaders(req) {
+  let score = 0;
+  const typicalHeaders = [
+    "accept",
+    "accept-language",
+    "accept-encoding"
+  ];
+  for (const header of typicalHeaders) {
+    if (!req.headers.get(header)) {
+      score += 0.05;
+    }
+  }
+  const accept = req.headers.get("accept");
+  if (accept && !accept.includes("text/html") && !accept.includes("application/json") && !accept.includes("*/*")) {
+    score += 0.05;
+  }
+  const referer = req.headers.get("referer");
+  const path = new URL(req.url).pathname;
+  if (!referer && path !== "/" && !path.includes("/api/")) {
+    score += 0.03;
+  }
+  return score;
+}
+
+// src/middleware/bot/captcha.ts
+var CAPTCHA_VERIFY_URLS = {
+  recaptcha: "https://www.google.com/recaptcha/api/siteverify",
+  hcaptcha: "https://hcaptcha.com/siteverify",
+  turnstile: "https://challenges.cloudflare.com/turnstile/v0/siteverify"
+};
+var DEFAULT_TOKEN_FIELDS = {
+  recaptcha: "g-recaptcha-response",
+  hcaptcha: "h-captcha-response",
+  turnstile: "cf-turnstile-response"
+};
+async function verifyCaptcha(token, options) {
+  const { provider, secretKey, action } = options;
+  const verifyUrl = CAPTCHA_VERIFY_URLS[provider];
+  const formData = new URLSearchParams();
+  formData.append("secret", secretKey);
+  formData.append("response", token);
+  try {
+    const response = await fetch(verifyUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: formData.toString()
+    });
+    if (!response.ok) {
+      return {
+        success: false,
+        errorCodes: [`HTTP ${response.status}`]
+      };
+    }
+    const data = await response.json();
+    return parseCaptchaResponse(data, provider, action);
+  } catch (error) {
+    return {
+      success: false,
+      errorCodes: ["verification-failed", String(error)]
+    };
+  }
+}
+function parseCaptchaResponse(data, provider, expectedAction) {
+  switch (provider) {
+    case "recaptcha":
+      return parseRecaptchaResponse(data, expectedAction);
+    case "hcaptcha":
+      return parseHCaptchaResponse(data);
+    case "turnstile":
+      return parseTurnstileResponse(data);
+    default:
+      return {
+        success: false,
+        errorCodes: ["unknown-provider"]
+      };
+  }
+}
+function parseRecaptchaResponse(data, expectedAction) {
+  const result = {
+    success: data.success === true,
+    score: typeof data.score === "number" ? data.score : void 0,
+    action: typeof data.action === "string" ? data.action : void 0,
+    hostname: typeof data.hostname === "string" ? data.hostname : void 0,
+    challengeTs: typeof data.challenge_ts === "string" ? data.challenge_ts : void 0,
+    errorCodes: Array.isArray(data["error-codes"]) ? data["error-codes"] : void 0
+  };
+  if (result.success && expectedAction && result.action !== expectedAction) {
+    result.success = false;
+    result.errorCodes = ["action-mismatch"];
+  }
+  return result;
+}
+function parseHCaptchaResponse(data) {
+  return {
+    success: data.success === true,
+    hostname: typeof data.hostname === "string" ? data.hostname : void 0,
+    challengeTs: typeof data.challenge_ts === "string" ? data.challenge_ts : void 0,
+    errorCodes: Array.isArray(data["error-codes"]) ? data["error-codes"] : void 0
+  };
+}
+function parseTurnstileResponse(data) {
+  return {
+    success: data.success === true,
+    hostname: typeof data.hostname === "string" ? data.hostname : void 0,
+    challengeTs: typeof data.challenge_ts === "string" ? data.challenge_ts : void 0,
+    action: typeof data.action === "string" ? data.action : void 0,
+    errorCodes: Array.isArray(data["error-codes"]) ? data["error-codes"] : void 0
+  };
+}
+async function extractCaptchaToken(req, options) {
+  const { provider, tokenField } = options;
+  const fieldName = tokenField || DEFAULT_TOKEN_FIELDS[provider];
+  const url = new URL(req.url);
+  const queryToken = url.searchParams.get(fieldName);
+  if (queryToken) {
+    return queryToken;
+  }
+  if (hasBody2(req)) {
+    try {
+      const body = await getRequestBody2(req);
+      if (body && typeof body === "object") {
+        const bodyToken = body[fieldName];
+        if (typeof bodyToken === "string") {
+          return bodyToken;
+        }
+      }
+    } catch {
+    }
+  }
+  const headerToken = req.headers.get(`x-${fieldName}`);
+  if (headerToken) {
+    return headerToken;
+  }
+  return null;
+}
+async function checkCaptcha(req, options) {
+  const { threshold = 0.5, skip } = options;
+  if (skip && await skip(req)) {
+    return {
+      isBot: false,
+      confidence: 0,
+      reason: "CAPTCHA check skipped"
+    };
+  }
+  const token = await extractCaptchaToken(req, options);
+  if (!token) {
+    return {
+      isBot: true,
+      confidence: 0.9,
+      reason: "CAPTCHA token missing",
+      ip: getClientIP4(req)
+    };
+  }
+  const result = await verifyCaptcha(token, options);
+  if (!result.success) {
+    return {
+      isBot: true,
+      confidence: 0.95,
+      reason: `CAPTCHA verification failed: ${result.errorCodes?.join(", ") || "unknown"}`,
+      ip: getClientIP4(req)
+    };
+  }
+  if (result.score !== void 0 && result.score < threshold) {
+    return {
+      isBot: true,
+      confidence: 1 - result.score,
+      reason: `CAPTCHA score too low: ${result.score} (threshold: ${threshold})`,
+      ip: getClientIP4(req)
+    };
+  }
+  return {
+    isBot: false,
+    confidence: result.score !== void 0 ? 1 - result.score : 0.1,
+    reason: "CAPTCHA verification passed"
+  };
+}
+function withCaptcha(handler, options) {
+  return async (req, ctx) => {
+    const result = await checkCaptcha(req, options);
+    if (result.isBot) {
+      return new Response(
+        JSON.stringify({
+          error: "CAPTCHA Required",
+          message: result.reason,
+          code: "CAPTCHA_FAILED"
+        }),
+        {
+          status: 403,
+          headers: { "Content-Type": "application/json" }
+        }
+      );
+    }
+    return handler(req, ctx);
+  };
+}
+function generateRecaptchaV2(siteKey, options = {}) {
+  const { theme = "light", size = "normal" } = options;
+  return `
+<script src="https://www.google.com/recaptcha/api.js" async defer></script>
+<div class="g-recaptcha" data-sitekey="${siteKey}" data-theme="${theme}" data-size="${size}"></div>
+`.trim();
+}
+function generateRecaptchaV3(siteKey, action = "submit") {
+  return `
+<script src="https://www.google.com/recaptcha/api.js?render=${siteKey}"></script>
+<script>
+  function getRecaptchaToken() {
+    return new Promise((resolve, reject) => {
+      grecaptcha.ready(() => {
+        grecaptcha.execute('${siteKey}', { action: '${action}' })
+          .then(resolve)
+          .catch(reject);
+      });
+    });
+  }
+</script>
+`.trim();
+}
+function generateHCaptcha(siteKey, options = {}) {
+  const { theme = "light", size = "normal" } = options;
+  return `
+<script src="https://js.hcaptcha.com/1/api.js" async defer></script>
+<div class="h-captcha" data-sitekey="${siteKey}" data-theme="${theme}" data-size="${size}"></div>
+`.trim();
+}
+function generateTurnstile(siteKey, options = {}) {
+  const { theme = "auto", size = "normal" } = options;
+  return `
+<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>
+<div class="cf-turnstile" data-sitekey="${siteKey}" data-theme="${theme}" data-size="${size}"></div>
+`.trim();
+}
+function hasBody2(req) {
+  const method = req.method.toUpperCase();
+  return ["POST", "PUT", "PATCH", "DELETE"].includes(method);
+}
+async function getRequestBody2(req) {
+  try {
+    const contentType = req.headers.get("content-type") || "";
+    if (contentType.includes("application/json")) {
+      const cloned = req.clone();
+      return await cloned.json();
+    }
+    if (contentType.includes("application/x-www-form-urlencoded")) {
+      const cloned = req.clone();
+      const text = await cloned.text();
+      return Object.fromEntries(new URLSearchParams(text));
+    }
+    if (contentType.includes("multipart/form-data")) {
+      const cloned = req.clone();
+      const formData = await cloned.formData();
+      const obj = {};
+      formData.forEach((value, key) => {
+        obj[key] = value;
+      });
+      return obj;
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+function getClientIP4(req) {
+  return req.headers.get("x-forwarded-for")?.split(",")[0]?.trim() || req.headers.get("x-real-ip") || req.headers.get("cf-connecting-ip") || "unknown";
+}
+
+// src/middleware/bot/middleware.ts
+function defaultBotResponse(result) {
+  return new Response(
+    JSON.stringify({
+      error: "Forbidden",
+      message: result.reason || "Request blocked",
+      code: "BOT_DETECTED",
+      category: result.category
+    }),
+    {
+      status: 403,
+      headers: {
+        "Content-Type": "application/json",
+        "X-Bot-Detection": "true"
+      }
+    }
+  );
+}
+async function detectBot(req, options = {}) {
+  const results = [];
+  if (options.userAgent !== false) {
+    const uaOptions = options.userAgent === true ? {} : options.userAgent || {};
+    const userAgent = req.headers.get("user-agent");
+    const uaResult = analyzeUserAgent(userAgent, uaOptions);
+    if (uaResult.isBot && !isAllowedBot(uaResult, uaOptions)) {
+      results.push(uaResult);
+    }
+  }
+  if (options.honeypot !== false && hasBody3(req)) {
+    const hpOptions = options.honeypot === true ? {} : options.honeypot || {};
+    const hpResult = await checkHoneypot(req, hpOptions);
+    if (hpResult.isBot) {
+      results.push(hpResult);
+    }
+  }
+  if (options.behavior !== false) {
+    const behaviorOptions = options.behavior === true ? {} : options.behavior || {};
+    if (!behaviorOptions.store) {
+      behaviorOptions.store = getGlobalBehaviorStore();
+    }
+    const behaviorResult = await checkBehavior(req, behaviorOptions);
+    if (behaviorResult.isBot) {
+      results.push(behaviorResult);
+    }
+  }
+  if (options.captcha) {
+    const captchaResult = await checkCaptcha(req, options.captcha);
+    if (captchaResult.isBot) {
+      results.push(captchaResult);
+    }
+  }
+  if (results.length === 0) {
+    return {
+      isBot: false,
+      confidence: 0,
+      reason: "All checks passed",
+      ip: getClientIP5(req),
+      userAgent: req.headers.get("user-agent") || void 0
+    };
+  }
+  const highestConfidence = results.reduce(
+    (prev, curr) => curr.confidence > prev.confidence ? curr : prev
+  );
+  const allReasons = results.map((r) => r.reason).filter(Boolean).join("; ");
+  return {
+    isBot: true,
+    category: highestConfidence.category,
+    name: highestConfidence.name,
+    confidence: highestConfidence.confidence,
+    reason: allReasons,
+    ip: getClientIP5(req),
+    userAgent: req.headers.get("user-agent") || void 0
+  };
+}
+function isAllowedBot(result, options) {
+  const {
+    allowCategories = DEFAULT_ALLOWED_CATEGORIES,
+    allowList = DEFAULT_ALLOWED_BOTS,
+    blockList = [],
+    blockAllBots = false
+  } = options;
+  if (result.name && blockList.includes(result.name)) {
+    return false;
+  }
+  if (blockAllBots) {
+    return false;
+  }
+  if (result.name && allowList.includes(result.name)) {
+    return true;
+  }
+  if (result.category && allowCategories.includes(result.category)) {
+    return true;
+  }
+  return false;
+}
+function withBotProtection(handler, options = {}) {
+  const {
+    skip,
+    onBot,
+    log,
+    mode = "block"
+  } = options;
+  return async (req, ctx) => {
+    if (skip && await skip(req)) {
+      return handler(req, { ...ctx, bot: void 0 });
+    }
+    const result = await detectBot(req, options);
+    if (log) {
+      if (typeof log === "function") {
+        log(result);
+      } else if (result.isBot) {
+        console.log("[Bot Detection]", JSON.stringify(result));
+      }
+    }
+    if (result.isBot) {
+      if (mode === "block") {
+        if (onBot) {
+          return onBot(req, result);
+        }
+        return defaultBotResponse(result);
+      }
+    }
+    const extendedCtx = {
+      ...ctx,
+      bot: result
+    };
+    return handler(req, extendedCtx);
+  };
+}
+function withUserAgentProtection(handler, options = {}) {
+  return withBotProtection(handler, {
+    userAgent: options,
+    honeypot: false,
+    behavior: false
+  });
+}
+function withHoneypotProtection(handler, options = {}) {
+  return withBotProtection(handler, {
+    userAgent: false,
+    honeypot: options,
+    behavior: false
+  });
+}
+function withBehaviorProtection(handler, options = {}) {
+  return withBotProtection(handler, {
+    userAgent: false,
+    honeypot: false,
+    behavior: options
+  });
+}
+function withCaptchaProtection(handler, options) {
+  return withBotProtection(handler, {
+    userAgent: false,
+    honeypot: false,
+    behavior: false,
+    captcha: options
+  });
+}
+var BOT_PROTECTION_PRESETS = {
+  /**
+   * Relaxed - Only blocks obvious bots
+   */
+  relaxed: {
+    userAgent: {
+      blockAllBots: false,
+      allowCategories: ["search_engine", "social_media", "monitoring", "feed_reader", "preview", "seo"]
+    },
+    honeypot: false,
+    behavior: false
+  },
+  /**
+   * Standard - Good balance of protection
+   */
+  standard: {
+    userAgent: {
+      blockAllBots: false,
+      allowCategories: ["search_engine", "social_media", "monitoring"]
+    },
+    honeypot: true,
+    behavior: {
+      maxRequestsPerSecond: 10
+    }
+  },
+  /**
+   * Strict - Maximum protection
+   */
+  strict: {
+    userAgent: {
+      blockAllBots: false,
+      allowCategories: ["search_engine"],
+      blockEmptyUA: true,
+      blockSuspiciousUA: true
+    },
+    honeypot: {
+      additionalFields: ["_hp_name", "_hp_phone"]
+    },
+    behavior: {
+      maxRequestsPerSecond: 5,
+      minRequestInterval: 200
+    }
+  },
+  /**
+   * API - For API endpoints
+   */
+  api: {
+    userAgent: {
+      blockAllBots: true,
+      blockEmptyUA: true
+    },
+    honeypot: false,
+    behavior: {
+      maxRequestsPerSecond: 20
+    }
+  }
+};
+function withBotProtectionPreset(handler, preset, overrides = {}) {
+  const presetOptions = BOT_PROTECTION_PRESETS[preset];
+  const mergedOptions = { ...presetOptions, ...overrides };
+  return withBotProtection(handler, mergedOptions);
+}
+function hasBody3(req) {
+  const method = req.method.toUpperCase();
+  return ["POST", "PUT", "PATCH", "DELETE"].includes(method);
+}
+function getClientIP5(req) {
+  return req.headers.get("x-forwarded-for")?.split(",")[0]?.trim() || req.headers.get("x-real-ip") || req.headers.get("cf-connecting-ip") || "unknown";
+}
+
 // src/index.ts
-var VERSION = "0.6.0";
+var VERSION = "0.7.0";
 
-export { MemoryStore2 as AuditMemoryStore, AuthenticationError, AuthorizationError, CLFFormatter, ConfigurationError, ConsoleStore, CsrfError, DANGEROUS_EXTENSIONS, DEFAULT_PII_FIELDS, ExternalStore, JSONFormatter, MIME_TYPES, MemoryStore, MultiStore, PRESET_API, PRESET_RELAXED, PRESET_STRICT, RateLimitError, SecureError, SecurityEventTracker, StructuredFormatter, TextFormatter, VERSION, ValidationError, anonymizeIp, buildCSP, buildHSTS, buildPermissionsPolicy, checkRateLimit, clearAllRateLimits, createMemoryStore2 as createAuditMemoryStore, createAuditMiddleware, createCLFFormatter, createToken as createCSRFToken, createConsoleStore, createDatadogStore, createExternalStore, createJSONFormatter, createMemoryStore, createMultiStore, createRateLimiter, createRedactor, createSecurityHeaders, createSecurityHeadersObject, createSecurityTracker, createStructuredFormatter, createTextFormatter, createValidator, decodeJWT, detectFileType, detectSQLInjection, detectXSS, escapeHtml, extractBearerToken, formatDuration, generateCSRF, getClientIp, getGeoInfo, getGlobalMemoryStore, getPreset, getRateLimitStatus, hasPathTraversal, hasSQLInjection, isFormRequest, isJsonRequest, isLocalhost, isPrivateIp, isSecureError, isValidIp, mask, normalizeIp, nowInMs, nowInSeconds, parseDuration, redactCreditCard, redactEmail, redactHeaders, redactIP, redactObject, redactPhone, redactQuery, resetRateLimit, sanitize, sanitizeFields, sanitizeFilename, sanitizeObject, sanitizePath, sanitizeSQLInput, sleep, stripHtml, toSecureError, tokensMatch, trackSecurityEvent, validate, validateBody, validateCSRF, validateContentType, validateFile, validateFiles, validatePath, validateQuery, validateRequest, verifyToken as verifyCSRFToken, verifyJWT, withAPIKey, withAuditLog, withAuth, withCSRF, withContentType, withFileValidation, withJWT, withOptionalAuth, withRateLimit, withRequestId, withRoles, withSQLProtection, withSanitization, withSecureValidation, withSecurityHeaders, withSession, withTiming, withValidation, withXSSProtection };
+export { MemoryStore2 as AuditMemoryStore, AuthenticationError, AuthorizationError, BOT_PROTECTION_PRESETS, CLFFormatter, ConfigurationError, ConsoleStore, CsrfError, DANGEROUS_EXTENSIONS, DEFAULT_ALLOWED_BOTS, DEFAULT_ALLOWED_CATEGORIES, DEFAULT_HONEYPOT_FIELDS, DEFAULT_PII_FIELDS, ExternalStore, JSONFormatter, KNOWN_BOT_PATTERNS, MIME_TYPES, MemoryBehaviorStore, MemoryStore, MultiStore, PRESET_API, PRESET_RELAXED, PRESET_STRICT, RateLimitError, SecureError, SecurityEventTracker, StructuredFormatter, TextFormatter, VERSION, ValidationError, analyzeBehavior, analyzeUserAgent, anonymizeIp, buildCSP, buildHSTS, buildPermissionsPolicy, checkBehavior, checkCaptcha, checkHoneypot, checkRateLimit, clearAllRateLimits, createMemoryStore2 as createAuditMemoryStore, createAuditMiddleware, createBotPattern, createCLFFormatter, createToken as createCSRFToken, createConsoleStore, createDatadogStore, createExternalStore, createJSONFormatter, createMemoryStore, createMultiStore, createRateLimiter, createRedactor, createSecurityHeaders, createSecurityHeadersObject, createSecurityTracker, createStructuredFormatter, createTextFormatter, createValidator, decodeJWT, detectBot, detectFileType, detectSQLInjection, detectXSS, escapeHtml, extractBearerToken, formatDuration, generateCSRF, generateHCaptcha, generateHoneypotCSS, generateHoneypotHTML, generateRecaptchaV2, generateRecaptchaV3, generateTurnstile, getBotsByCategory, getClientIp, getGeoInfo, getGlobalBehaviorStore, getGlobalMemoryStore, getPreset, getRateLimitStatus, hasPathTraversal, hasSQLInjection, isBotAllowed, isFormRequest, isJsonRequest, isLocalhost, isPrivateIp, isSecureError, isSuspiciousUA, isValidIp, mask, normalizeIp, nowInMs, nowInSeconds, parseDuration, redactCreditCard, redactEmail, redactHeaders, redactIP, redactObject, redactPhone, redactQuery, resetRateLimit, sanitize, sanitizeFields, sanitizeFilename, sanitizeObject, sanitizePath, sanitizeSQLInput, sleep, stripHtml, toSecureError, tokensMatch, trackSecurityEvent, validate, validateBody, validateCSRF, validateContentType, validateFile, validateFiles, validatePath, validateQuery, validateRequest, verifyToken as verifyCSRFToken, verifyCaptcha, verifyJWT, withAPIKey, withAuditLog, withAuth, withBehaviorAnalysis, withBehaviorProtection, withBotProtection, withBotProtectionPreset, withCSRF, withCaptcha, withCaptchaProtection, withContentType, withFileValidation, withHoneypot, withHoneypotProtection, withJWT, withOptionalAuth, withRateLimit, withRequestId, withRoles, withSQLProtection, withSanitization, withSecureValidation, withSecurityHeaders, withSession, withTiming, withUserAgentProtection, withValidation, withXSSProtection };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map