npm - princejs - Versions diffs - 2.2.3 → 2.2.4 - Mend

princejs 2.2.3 → 2.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/LICENSE +20 -20
package/{Readme.md → README.md} +893 -786
package/dist/db.d.ts +1 -0
package/dist/db.d.ts.map +1 -1
package/dist/db.js +10 -4
package/dist/helpers.d.ts +9 -2
package/dist/helpers.d.ts.map +1 -1
package/dist/helpers.js +94 -7
package/dist/middleware.d.ts +9 -2
package/dist/middleware.d.ts.map +1 -1
package/dist/middleware.js +107 -84
package/package.json +10 -11

package/dist/middleware.js CHANGED Viewed

@@ -1,21 +1,17 @@
 // @bun
 var __defProp = Object.defineProperty;
-var __returnValue = (v) => v;
-function __exportSetter(name, newValue) {
-  this[name] = __returnValue.bind(null, newValue);
-}
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, {
       get: all[name],
       enumerable: true,
       configurable: true,
-      set: __exportSetter.bind(all, name)
+      set: (newValue) => all[name] = () => newValue
     });
 };
 var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
-// node_modules/jose/dist/webapi/lib/buffer_utils.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/buffer_utils.js
 function concat(...buffers) {
   const size = buffers.reduce((acc, { length }) => acc + length, 0);
   const buf = new Uint8Array(size);
@@ -63,7 +59,7 @@ var init_buffer_utils = __esm(() => {
   MAX_INT32 = 2 ** 32;
 });
-// node_modules/jose/dist/webapi/lib/base64.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/base64.js
 function encodeBase64(input) {
   if (Uint8Array.prototype.toBase64) {
     return input.toBase64();
@@ -87,7 +83,7 @@ function decodeBase64(encoded) {
   return bytes;
 }
-// node_modules/jose/dist/webapi/util/base64url.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/util/base64url.js
 var exports_base64url = {};
 __export(exports_base64url, {
   encode: () => encode2,
@@ -124,7 +120,7 @@ var init_base64url = __esm(() => {
   init_buffer_utils();
 });
-// node_modules/jose/dist/webapi/lib/crypto_key.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/crypto_key.js
 function getHashLength(hash) {
   return parseInt(hash.name.slice(4), 10);
 }
@@ -261,7 +257,7 @@ function checkEncCryptoKey(key, alg, usage) {
 }
 var unusable = (name, prop = "algorithm.name") => new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name}`), isAlgorithm = (algorithm, name) => algorithm.name === name;
-// node_modules/jose/dist/webapi/lib/invalid_key_input.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/invalid_key_input.js
 function message(msg, actual, ...types) {
   types = types.filter(Boolean);
   if (types.length > 2) {
@@ -285,7 +281,7 @@ function message(msg, actual, ...types) {
 }
 var invalidKeyInput = (actual, ...types) => message("Key must be ", actual, ...types), withAlg = (alg, actual, ...types) => message(`Key for the ${alg} algorithm must be `, actual, ...types);
-// node_modules/jose/dist/webapi/util/errors.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/util/errors.js
 var exports_errors = {};
 __export(exports_errors, {
   JWTInvalid: () => JWTInvalid,
@@ -407,7 +403,7 @@ var init_errors = __esm(() => {
   };
 });
-// node_modules/jose/dist/webapi/lib/is_key_like.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/is_key_like.js
 function assertCryptoKey(key) {
   if (!isCryptoKey(key)) {
     throw new Error("CryptoKey instance expected");
@@ -423,7 +419,7 @@ var isCryptoKey = (key) => {
   }
 }, isKeyObject = (key) => key?.[Symbol.toStringTag] === "KeyObject", isKeyLike = (key) => isCryptoKey(key) || isKeyObject(key);
-// node_modules/jose/dist/webapi/lib/content_encryption.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/content_encryption.js
 function cekLength(alg) {
   switch (alg) {
     case "A128GCM":
@@ -631,7 +627,7 @@ var init_content_encryption = __esm(() => {
   init_errors();
 });
-// node_modules/jose/dist/webapi/lib/helpers.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/helpers.js
 function assertNotSet(value, name) {
   if (value) {
     throw new TypeError(`${name} can only be called once`);
@@ -654,7 +650,7 @@ var init_helpers = __esm(() => {
   unprotected = Symbol();
 });
-// node_modules/jose/dist/webapi/lib/type_checks.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/type_checks.js
 function isObject(input) {
   if (!isObjectLike(input) || Object.prototype.toString.call(input) !== "[object Object]") {
     return false;
@@ -691,7 +687,7 @@ function isDisjoint(...headers) {
 }
 var isObjectLike = (value) => typeof value === "object" && value !== null, isJWK = (key) => isObject(key) && typeof key.kty === "string", isPrivateJWK = (key) => key.kty !== "oct" && (key.kty === "AKP" && typeof key.priv === "string" || typeof key.d === "string"), isPublicJWK = (key) => key.kty !== "oct" && key.d === undefined && key.priv === undefined, isSecretJWK = (key) => key.kty === "oct" && typeof key.k === "string";
-// node_modules/jose/dist/webapi/lib/aeskw.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/aeskw.js
 function checkKeySize(key, alg) {
   if (key.algorithm.length !== parseInt(alg.slice(1, 4), 10)) {
     throw new TypeError(`Invalid key size for alg: ${alg}`);
@@ -718,7 +714,7 @@ async function unwrap(alg, key, encryptedKey) {
 }
 var init_aeskw = () => {};
-// node_modules/jose/dist/webapi/lib/ecdhes.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/ecdhes.js
 function lengthAndInput(input) {
   return concat(uint32be(input.length), input);
 }
@@ -773,7 +769,7 @@ var init_ecdhes = __esm(() => {
   init_helpers();
 });
-// node_modules/jose/dist/webapi/lib/pbes2kw.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/pbes2kw.js
 function getCryptoKey2(key, alg) {
   if (key instanceof Uint8Array) {
     return crypto.subtle.importKey("raw", key, "PBKDF2", false, [
@@ -815,7 +811,7 @@ var init_pbes2kw = __esm(() => {
   init_errors();
 });
-// node_modules/jose/dist/webapi/lib/signing.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/signing.js
 function checkKeyLength(alg, key) {
   if (alg.startsWith("RS") || alg.startsWith("PS")) {
     const { modulusLength } = key.algorithm;
@@ -884,7 +880,7 @@ var init_signing = __esm(() => {
   init_errors();
 });
-// node_modules/jose/dist/webapi/lib/rsaes.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/rsaes.js
 async function encrypt2(alg, key, cek) {
   checkEncCryptoKey(key, alg, "encrypt");
   checkKeyLength(alg, key);
@@ -911,7 +907,7 @@ var init_rsaes = __esm(() => {
   init_errors();
 });
-// node_modules/jose/dist/webapi/lib/jwk_to_key.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/jwk_to_key.js
 function subtleMapping(jwk) {
   let algorithm;
   let keyUsages;
@@ -1022,7 +1018,7 @@ var init_jwk_to_key = __esm(() => {
   init_errors();
 });
-// node_modules/jose/dist/webapi/lib/normalize_key.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/normalize_key.js
 async function normalizeKey(key, alg) {
   if (key instanceof Uint8Array) {
     return key;
@@ -1184,7 +1180,7 @@ var init_normalize_key = __esm(() => {
   init_jwk_to_key();
 });
-// node_modules/jose/dist/webapi/lib/asn1.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/asn1.js
 function parsePKCS8Header(state) {
   expectTag(state, 48, "Invalid PKCS#8 structure");
   parseLength(state);
@@ -1412,7 +1408,7 @@ var init_asn1 = __esm(() => {
   init_errors();
 });
-// node_modules/jose/dist/webapi/key/import.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/key/import.js
 async function importSPKI(spki, alg, options) {
   if (typeof spki !== "string" || spki.indexOf("-----BEGIN PUBLIC KEY-----") !== 0) {
     throw new TypeError('"spki" must be SPKI formatted string');
@@ -1472,7 +1468,7 @@ var init_import = __esm(() => {
   init_errors();
 });
-// node_modules/jose/dist/webapi/lib/key_to_jwk.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/key_to_jwk.js
 async function keyToJWK(key) {
   if (isKeyObject(key)) {
     if (key.type === "secret") {
@@ -1503,7 +1499,7 @@ var init_key_to_jwk = __esm(() => {
   init_base64url();
 });
-// node_modules/jose/dist/webapi/key/export.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/key/export.js
 async function exportSPKI(key) {
   return toSPKI(key);
 }
@@ -1518,7 +1514,7 @@ var init_export = __esm(() => {
   init_key_to_jwk();
 });
-// node_modules/jose/dist/webapi/lib/aesgcmkw.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/aesgcmkw.js
 async function wrap3(alg, key, cek, iv) {
   const jweAlgorithm = alg.slice(0, 7);
   const wrapped = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array);
@@ -1537,7 +1533,7 @@ var init_aesgcmkw = __esm(() => {
   init_base64url();
 });
-// node_modules/jose/dist/webapi/lib/key_management.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/key_management.js
 function assertEncryptedKey(encryptedKey) {
   if (encryptedKey === undefined)
     throw new JWEInvalid("JWE Encrypted Key missing");
@@ -1724,7 +1720,7 @@ var init_key_management = __esm(() => {
   init_aesgcmkw();
 });
-// node_modules/jose/dist/webapi/lib/validate_crit.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/validate_crit.js
 function validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) {
   if (joseHeader.crit !== undefined && protectedHeader?.crit === undefined) {
     throw new Err('"crit" (Critical) Header Parameter MUST be integrity protected');
@@ -1758,7 +1754,7 @@ var init_validate_crit = __esm(() => {
   init_errors();
 });
-// node_modules/jose/dist/webapi/lib/validate_algorithms.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/validate_algorithms.js
 function validateAlgorithms(option, algorithms) {
   if (algorithms !== undefined && (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== "string"))) {
     throw new TypeError(`"${option}" option must be an array of strings`);
@@ -1769,7 +1765,7 @@ function validateAlgorithms(option, algorithms) {
   return new Set(algorithms);
 }
-// node_modules/jose/dist/webapi/lib/check_key_type.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/check_key_type.js
 function checkKeyType(alg, key, usage) {
   switch (alg.substring(0, 2)) {
     case "A1":
@@ -1887,7 +1883,7 @@ var tag = (key) => key?.[Symbol.toStringTag], jwkMatchesOp = (alg, key, usage) =
 };
 var init_check_key_type = () => {};
-// node_modules/jose/dist/webapi/lib/deflate.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/deflate.js
 function supported(name) {
   if (typeof globalThis[name] === "undefined") {
     throw new JOSENotSupported(`JWE "zip" (Compression Algorithm) Header Parameter requires the ${name} API.`);
@@ -1897,8 +1893,8 @@ async function compress(input) {
   supported("CompressionStream");
   const cs = new CompressionStream("deflate-raw");
   const writer = cs.writable.getWriter();
-  writer.write(input).catch(() => {});
-  writer.close().catch(() => {});
+  writer.write(input);
+  writer.close();
   const chunks = [];
   const reader = cs.readable.getReader();
   for (;; ) {
@@ -1913,8 +1909,8 @@ async function decompress(input, maxLength) {
   supported("DecompressionStream");
   const ds = new DecompressionStream("deflate-raw");
   const writer = ds.writable.getWriter();
-  writer.write(input).catch(() => {});
-  writer.close().catch(() => {});
+  writer.write(input);
+  writer.close();
   const chunks = [];
   let length = 0;
   const reader = ds.readable.getReader();
@@ -1935,7 +1931,7 @@ var init_deflate = __esm(() => {
   init_buffer_utils();
 });
-// node_modules/jose/dist/webapi/jwe/flattened/decrypt.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jwe/flattened/decrypt.js
 async function flattenedDecrypt(jwe, key, options) {
   if (!isObject(jwe)) {
     throw new JWEInvalid("Flattened JWE must be an object");
@@ -2052,11 +2048,7 @@ async function flattenedDecrypt(jwe, key, options) {
     if (maxDecompressedLength !== Infinity && (!Number.isSafeInteger(maxDecompressedLength) || maxDecompressedLength < 1)) {
       throw new TypeError("maxDecompressedLength must be 0, a positive safe integer, or Infinity");
     }
-    result.plaintext = await decompress(plaintext, maxDecompressedLength).catch((cause) => {
-      if (cause instanceof JWEInvalid)
-        throw cause;
-      throw new JWEInvalid("Failed to decompress plaintext", { cause });
-    });
+    result.plaintext = await decompress(plaintext, maxDecompressedLength);
   }
   if (jwe.protected !== undefined) {
     result.protectedHeader = parsedProt;
@@ -2089,7 +2081,7 @@ var init_decrypt = __esm(() => {
   init_deflate();
 });
-// node_modules/jose/dist/webapi/jwe/compact/decrypt.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jwe/compact/decrypt.js
 async function compactDecrypt(jwe, key, options) {
   if (jwe instanceof Uint8Array) {
     jwe = decoder.decode(jwe);
@@ -2120,7 +2112,7 @@ var init_decrypt2 = __esm(() => {
   init_buffer_utils();
 });
-// node_modules/jose/dist/webapi/jwe/general/decrypt.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jwe/general/decrypt.js
 async function generalDecrypt(jwe, key, options) {
   if (!isObject(jwe)) {
     throw new JWEInvalid("General JWE must be an object");
@@ -2152,7 +2144,7 @@ var init_decrypt3 = __esm(() => {
   init_errors();
 });
-// node_modules/jose/dist/webapi/jwe/flattened/encrypt.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jwe/flattened/encrypt.js
 class FlattenedEncrypt {
   #plaintext;
   #protectedHeader;
@@ -2272,9 +2264,7 @@ class FlattenedEncrypt {
     }
     let plaintext = this.#plaintext;
     if (joseHeader.zip === "DEF") {
-      plaintext = await compress(plaintext).catch((cause) => {
-        throw new JWEInvalid("Failed to compress plaintext", { cause });
-      });
+      plaintext = await compress(plaintext);
     }
     const { ciphertext, tag: tag2, iv } = await encrypt(enc, plaintext, cek, this.#iv, additionalData);
     const jwe = {
@@ -2317,7 +2307,7 @@ var init_encrypt = __esm(() => {
   init_deflate();
 });
-// node_modules/jose/dist/webapi/jwe/general/encrypt.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jwe/general/encrypt.js
 class IndividualRecipient {
   #parent;
   unprotectedHeader;
@@ -2488,7 +2478,7 @@ var init_encrypt2 = __esm(() => {
   init_check_key_type();
 });
-// node_modules/jose/dist/webapi/jws/flattened/verify.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jws/flattened/verify.js
 async function flattenedVerify(jws, key, options) {
   if (!isObject(jws)) {
     throw new JWSInvalid("Flattened JWS must be an object");
@@ -2591,7 +2581,7 @@ var init_verify = __esm(() => {
   init_normalize_key();
 });
-// node_modules/jose/dist/webapi/jws/compact/verify.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jws/compact/verify.js
 async function compactVerify(jws, key, options) {
   if (jws instanceof Uint8Array) {
     jws = decoder.decode(jws);
@@ -2616,7 +2606,7 @@ var init_verify2 = __esm(() => {
   init_buffer_utils();
 });
-// node_modules/jose/dist/webapi/jws/general/verify.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jws/general/verify.js
 async function generalVerify(jws, key, options) {
   if (!isObject(jws)) {
     throw new JWSInvalid("General JWS must be an object");
@@ -2641,7 +2631,7 @@ var init_verify3 = __esm(() => {
   init_errors();
 });
-// node_modules/jose/dist/webapi/lib/jwt_claims_set.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/lib/jwt_claims_set.js
 function secs(str) {
   const matched = REGEX.exec(str);
   if (!matched || matched[4] && matched[1]) {
@@ -2867,7 +2857,7 @@ var init_jwt_claims_set = __esm(() => {
   REGEX = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;
 });
-// node_modules/jose/dist/webapi/jwt/verify.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jwt/verify.js
 async function jwtVerify(jwt, key, options) {
   const verified = await compactVerify(jwt, key, options);
   if (verified.protectedHeader.crit?.includes("b64") && verified.protectedHeader.b64 === false) {
@@ -2886,7 +2876,7 @@ var init_verify4 = __esm(() => {
   init_errors();
 });
-// node_modules/jose/dist/webapi/jwt/decrypt.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jwt/decrypt.js
 async function jwtDecrypt(jwt, key, options) {
   const decrypted = await compactDecrypt(jwt, key, options);
   const payload = validateClaimsSet(decrypted.protectedHeader, decrypted.plaintext, options);
@@ -2912,7 +2902,7 @@ var init_decrypt4 = __esm(() => {
   init_errors();
 });
-// node_modules/jose/dist/webapi/jwe/compact/encrypt.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jwe/compact/encrypt.js
 class CompactEncrypt {
   #flattened;
   constructor(plaintext) {
@@ -2943,7 +2933,7 @@ var init_encrypt3 = __esm(() => {
   init_encrypt();
 });
-// node_modules/jose/dist/webapi/jws/flattened/sign.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jws/flattened/sign.js
 class FlattenedSign {
   #payload;
   #protectedHeader;
@@ -3033,7 +3023,7 @@ var init_sign = __esm(() => {
   init_helpers();
 });
-// node_modules/jose/dist/webapi/jws/compact/sign.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jws/compact/sign.js
 class CompactSign {
   #flattened;
   constructor(payload) {
@@ -3055,7 +3045,7 @@ var init_sign2 = __esm(() => {
   init_sign();
 });
-// node_modules/jose/dist/webapi/jws/general/sign.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jws/general/sign.js
 class IndividualSignature {
   #parent;
   protectedHeader;
@@ -3129,7 +3119,7 @@ var init_sign3 = __esm(() => {
   init_helpers();
 });
-// node_modules/jose/dist/webapi/jwt/sign.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jwt/sign.js
 class SignJWT {
   #protectedHeader;
   #jwt;
@@ -3183,7 +3173,7 @@ var init_sign4 = __esm(() => {
   init_jwt_claims_set();
 });
-// node_modules/jose/dist/webapi/jwt/encrypt.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jwt/encrypt.js
 class EncryptJWT {
   #cek;
   #iv;
@@ -3285,7 +3275,7 @@ var init_encrypt4 = __esm(() => {
   init_helpers();
 });
-// node_modules/jose/dist/webapi/jwk/thumbprint.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jwk/thumbprint.js
 async function calculateJwkThumbprint(key, digestAlgorithm) {
   let jwk;
   if (isJWK(key)) {
@@ -3350,7 +3340,7 @@ var init_thumbprint = __esm(() => {
   init_export();
 });
-// node_modules/jose/dist/webapi/jwk/embedded.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jwk/embedded.js
 async function EmbeddedJWK(protectedHeader, token) {
   const joseHeader = {
     ...protectedHeader,
@@ -3370,7 +3360,7 @@ var init_embedded = __esm(() => {
   init_errors();
 });
-// node_modules/jose/dist/webapi/jwks/local.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jwks/local.js
 function getKtyFromAlg(alg) {
   switch (typeof alg === "string" && alg.slice(0, 2)) {
     case "RS":
@@ -3489,7 +3479,7 @@ var init_local = __esm(() => {
   init_errors();
 });
-// node_modules/jose/dist/webapi/jwks/remote.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jwks/remote.js
 function isCloudflareWorkers() {
   return typeof WebSocketPair !== "undefined" || typeof navigator !== "undefined" && navigator.userAgent === "Cloudflare-Workers" || typeof EdgeRuntime !== "undefined" && EdgeRuntime === "vercel";
 }
@@ -3650,14 +3640,14 @@ var init_remote = __esm(() => {
   init_local();
   if (typeof navigator === "undefined" || !navigator.userAgent?.startsWith?.("Mozilla/5.0 ")) {
     const NAME = "jose";
-    const VERSION = "v6.2.2";
+    const VERSION = "v6.2.1";
     USER_AGENT = `${NAME}/${VERSION}`;
   }
   customFetch = Symbol();
   jwksCache = Symbol();
 });
-// node_modules/jose/dist/webapi/jwt/unsecured.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/jwt/unsecured.js
 class UnsecuredJWT {
   #jwt;
   constructor(payload = {}) {
@@ -3723,7 +3713,7 @@ var init_unsecured = __esm(() => {
   init_jwt_claims_set();
 });
-// node_modules/jose/dist/webapi/util/decode_protected_header.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/util/decode_protected_header.js
 function decodeProtectedHeader(token) {
   let protectedB64u;
   if (typeof token === "string") {
@@ -3756,7 +3746,7 @@ var init_decode_protected_header = __esm(() => {
   init_buffer_utils();
 });
-// node_modules/jose/dist/webapi/util/decode_jwt.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/util/decode_jwt.js
 function decodeJwt(jwt) {
   if (typeof jwt !== "string")
     throw new JWTInvalid("JWTs must use Compact JWS serialization, JWT must be a string");
@@ -3789,7 +3779,7 @@ var init_decode_jwt = __esm(() => {
   init_errors();
 });
-// node_modules/jose/dist/webapi/key/generate_key_pair.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/key/generate_key_pair.js
 function getModulusLengthOption(options) {
   const modulusLength = options?.modulusLength ?? 2048;
   if (typeof modulusLength !== "number" || modulusLength < 2048) {
@@ -3890,7 +3880,7 @@ var init_generate_key_pair = __esm(() => {
   init_errors();
 });
-// node_modules/jose/dist/webapi/key/generate_secret.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/key/generate_secret.js
 async function generateSecret(alg, options) {
   let length;
   let algorithm;
@@ -3934,7 +3924,7 @@ var init_generate_secret = __esm(() => {
   init_errors();
 });
-// node_modules/jose/dist/webapi/index.js
+// node_modules/.pnpm/jose@6.2.1/node_modules/jose/dist/webapi/index.js
 var exports_webapi = {};
 __export(exports_webapi, {
   jwtVerify: () => jwtVerify,
@@ -4064,7 +4054,7 @@ var logger = (options = {}) => {
     }
   };
 };
-var cors = (origin = "*") => {
+var cors = (origin = "http://localhost:3000") => {
   return async (req, next) => {
     if (req.method === "OPTIONS") {
       return new Response(null, {
@@ -4092,11 +4082,12 @@ var cors = (origin = "*") => {
     return response;
   };
 };
-var signJWT = async (payload, secret, expiresIn) => {
-  const jwt = await new SignJWT(payload).setProtectedHeader({ alg: "HS256" }).setIssuedAt().setExpirationTime(expiresIn).sign(secret);
+var signJWT = async (payload, secret, expiresIn, alg = "HS256") => {
+  const jwt = await new SignJWT(payload).setProtectedHeader({ alg }).setIssuedAt().setExpirationTime(expiresIn).sign(secret);
   return jwt;
 };
-var jwt = (key) => {
+var jwt = (key, options) => {
+  const algorithms = options?.algorithms ?? ["HS256", "HS512"];
   return async (req, next) => {
     const auth = req.headers.get("authorization");
     req.user = undefined;
@@ -4104,11 +4095,11 @@ var jwt = (key) => {
       const token = auth.slice(7).trim();
       try {
         const { payload } = await jwtVerify(token, key, {
-          algorithms: ["HS256", "HS512"]
+          algorithms
         });
         req.user = payload;
       } catch (err) {
-        console.error("JWT Verification Failed:", err);
+        console.error("JWT Verification Failed: Invalid token");
       }
     }
     const result = await next();
@@ -4117,9 +4108,11 @@ var jwt = (key) => {
 };
 var rateLimit = (max, window = 60) => {
   const store = {};
+  let lastCleanup = Date.now();
   return async (req, next) => {
-    const ip = req.headers.get("cf-connecting-ip") || req.headers.get("x-real-ip") || req.headers.get("x-forwarded-for")?.split(",")[0].trim() || req.headers.get("x-client-ip") || "unknown";
-    const key = `${ip}:${Math.floor(Date.now() / (window * 1000))}`;
+    const ip = req.ip || "127.0.0.1";
+    const bucket = Math.floor(Date.now() / (window * 1000));
+    const key = `${ip}:${bucket}`;
     store[key] = (store[key] || 0) + 1;
     if (store[key] > max) {
       return new Response(JSON.stringify({
@@ -4133,11 +4126,12 @@ var rateLimit = (max, window = 60) => {
         }
       });
     }
-    if (Math.random() < 0.01) {
-      const now = Math.floor(Date.now() / (window * 1000));
+    if (Date.now() - lastCleanup > 1e4) {
+      lastCleanup = Date.now();
+      const currentBucket = Math.floor(Date.now() / (window * 1000));
       Object.keys(store).forEach((k) => {
-        const timestamp = parseInt(k.split(":")[1]);
-        if (now - timestamp > 2)
+        const [_, b] = k.split(":");
+        if (currentBucket - parseInt(b) > 2)
           delete store[k];
       });
     }
@@ -4410,6 +4404,34 @@ var trimTrailingSlash = (statusCode = 301) => {
   mw.__trimTrailingSlash = statusCode;
   return mw;
 };
+var csrf = (options) => {
+  const cookieName = options?.cookieName ?? "csrf";
+  const headerName = options?.headerName ?? "x-csrf-token";
+  const keyLength = options?.keyLength ?? 32;
+  return async (req, next) => {
+    let token = req.cookies?.[cookieName];
+    if (!token) {
+      token = Array.from(crypto.getRandomValues(new Uint8Array(keyLength)), (b) => b.toString(16).padStart(2, "0")).join("");
+      req.headers.set(cookieName, token);
+    }
+    if (["POST", "PUT", "PATCH", "DELETE"].includes(req.method)) {
+      const provided = req.headers.get(headerName);
+      if (!provided || provided !== token) {
+        return new Response(JSON.stringify({ error: "CSRF validation failed" }), { status: 403, headers: { "Content-Type": "application/json" } });
+      }
+    }
+    const response = await next();
+    if (!response)
+      return response;
+    const headers = new Headers(response.headers);
+    headers.append("Set-Cookie", `${cookieName}=${token}; HttpOnly; Secure; SameSite=Strict; Path=/; Max-Age=3600`);
+    return new Response(response.body, {
+      status: response.status,
+      statusText: response.statusText,
+      headers
+    });
+  };
+};
 var every = (...middlewares) => {
   return async (req, next) => {
     let idx = 0;
@@ -4469,6 +4491,7 @@ export {
   ipRestriction,
   except,
   every,
+  csrf,
   cors,
   compress2 as compress,
   auth,