qhttpx 1.8.12 → 1.9.1

package/dist/src/database/manager.js

@@ -1,87 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DatabaseManager = void 0;
-class DatabaseManager {
-    constructor(config) {
-        this.config = config;
-        this.connections = new Map();
-    }
-    /**
-     * Manually register an already initialized adapter instance
-     * @param name The connection name
-     * @param adapter The initialized adapter instance
-     */
-    registerConnection(name, adapter) {
-        this.connections.set(name, adapter);
-    }
-    /**
-     * Register a new database adapter type
-     * @param type The type identifier (e.g., 'postgres', 'mysql', 'mongo')
-     * @param adapter The adapter class
-     */
-    static registerAdapter(type, adapter) {
-        DatabaseManager.adapterRegistry.set(type, adapter);
-    }
-    /**
-     * Connect to a specific database or the default one
-     * @param name Connection name from config
-     */
-    async connect(name) {
-        const connectionName = name || this.config.default;
-        if (!connectionName) {
-            throw new Error('No connection name provided and no default connection configured.');
-        }
-        // Return existing connection if available and connected
-        const existingConnection = this.connections.get(connectionName);
-        if (existingConnection && existingConnection.isConnected()) {
-            return existingConnection;
-        }
-        const dbConfig = this.config.connections[connectionName];
-        if (!dbConfig) {
-            throw new Error(`Connection configuration for '${connectionName}' not found.`);
-        }
-        const AdapterClass = DatabaseManager.adapterRegistry.get(dbConfig.type);
-        if (!AdapterClass) {
-            throw new Error(`No adapter registered for database type '${dbConfig.type}'.`);
-        }
-        const adapter = new AdapterClass(dbConfig);
-        await adapter.connect();
-        this.connections.set(connectionName, adapter);
-        return adapter;
-    }
-    /**
-     * Disconnect a specific connection or all connections
-     * @param name Connection name (optional). If not provided, disconnects all.
-     */
-    async disconnect(name) {
-        if (name) {
-            const adapter = this.connections.get(name);
-            if (adapter) {
-                await adapter.disconnect();
-                this.connections.delete(name);
-            }
-        }
-        else {
-            const promises = Array.from(this.connections.values()).map(adapter => adapter.disconnect());
-            await Promise.all(promises);
-            this.connections.clear();
-        }
-    }
-    /**
-     * Get an active connection
-     * @param name Connection name
-     */
-    get(name) {
-        const connectionName = name || this.config.default;
-        if (!connectionName) {
-            throw new Error('No connection name provided and no default connection configured.');
-        }
-        const adapter = this.connections.get(connectionName);
-        if (!adapter) {
-            throw new Error(`Connection '${connectionName}' is not active. Call connect() first.`);
-        }
-        return adapter;
-    }
-}
-exports.DatabaseManager = DatabaseManager;
-DatabaseManager.adapterRegistry = new Map();

package/dist/src/database/types.d.ts

@@ -1,20 +0,0 @@
-export interface DatabaseConfig {
-    type: string;
-    url?: string;
-    host?: string;
-    port?: number;
-    username?: string;
-    password?: string;
-    database?: string;
-    options?: Record<string, any>;
-}
-export interface DatabaseAdapter {
-    connect(): Promise<void>;
-    disconnect(): Promise<void>;
-    query<T = any>(query: string | object, params?: any[]): Promise<T>;
-    isConnected(): boolean;
-}
-export interface DatabaseEngineOptions {
-    default?: string;
-    connections: Record<string, DatabaseConfig>;
-}

package/dist/src/database/types.js

@@ -1,2 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });

package/dist/src/index.d.ts

@@ -1,50 +0,0 @@
-import { QHTTPX } from './core/server';
-import type { QHTTPXOptions } from './core/types';
-import { NativeAdapter } from './core/native-adapter';
-export { QHTTPX } from './core/server';
-export * from './core/types';
-export * from './core/errors';
-export * from './middleware/cors';
-export { createSecurityHeadersMiddleware, type SecurityHeadersOptions, createSecureDefaults, type SecureDefaultsOptions, } from './middleware/security';
-export * from './middleware/rate-limit';
-export * from './middleware/static';
-export * from './middleware/compression';
-export * from './core/stream';
-export * from './utils/logger';
-export { BufferPool, BufferPoolConfig } from './core/buffer-pool';
-export * from './testing';
-export * from './utils/signals';
-export * from './middleware/presets';
-export * from './utils/cookies';
-export * from './utils/sse';
-export { fastJsonStringify, getStringifier } from './core/serializer';
-export * from './database/types';
-export * from './database/manager';
-export * from './database/adapters/memory';
-export * from './views';
-export * from './validation';
-export * from './database/adapters/sqlite';
-export * from './database/adapters/postgres';
-export * from './database/adapters/mongo';
-export * from './core/fusion';
-export * from './validation/types';
-export * from './validation/simple';
-export * from './openapi/generator';
-export * from './client';
-export { NativeAdapter } from './core/native-adapter';
-export declare function createHttpApp(options?: QHTTPXOptions): QHTTPX;
-export declare function createNativeApp(options?: QHTTPXOptions): NativeAdapter;
-/**
- * Singleton instance for quick start
- * @example
- * import { app } from 'qhttpx';
- * app.get('/', ({ json }) => json({ hello: 'world' }));
- */
-export declare const app: QHTTPX;
-/**
- * Default export for simplified usage
- * @example
- * import QHTTPX from 'qhttpx';
- * const app = QHTTPX();
- */
-export default createHttpApp;

package/dist/src/index.js

@@ -1,91 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.app = exports.NativeAdapter = exports.getStringifier = exports.fastJsonStringify = exports.BufferPool = exports.createSecureDefaults = exports.createSecurityHeadersMiddleware = exports.QHTTPX = void 0;
-exports.createHttpApp = createHttpApp;
-exports.createNativeApp = createNativeApp;
-const server_1 = require("./core/server");
-const presets_1 = require("./middleware/presets");
-const native_adapter_1 = require("./core/native-adapter");
-var server_2 = require("./core/server");
-Object.defineProperty(exports, "QHTTPX", { enumerable: true, get: function () { return server_2.QHTTPX; } });
-__exportStar(require("./core/types"), exports);
-__exportStar(require("./core/errors"), exports);
-__exportStar(require("./middleware/cors"), exports);
-var security_1 = require("./middleware/security");
-Object.defineProperty(exports, "createSecurityHeadersMiddleware", { enumerable: true, get: function () { return security_1.createSecurityHeadersMiddleware; } });
-Object.defineProperty(exports, "createSecureDefaults", { enumerable: true, get: function () { return security_1.createSecureDefaults; } });
-__exportStar(require("./middleware/rate-limit"), exports);
-__exportStar(require("./middleware/static"), exports);
-__exportStar(require("./middleware/compression"), exports);
-__exportStar(require("./core/stream"), exports);
-__exportStar(require("./utils/logger"), exports);
-var buffer_pool_1 = require("./core/buffer-pool");
-Object.defineProperty(exports, "BufferPool", { enumerable: true, get: function () { return buffer_pool_1.BufferPool; } });
-__exportStar(require("./testing"), exports);
-__exportStar(require("./utils/signals"), exports);
-__exportStar(require("./middleware/presets"), exports);
-__exportStar(require("./utils/cookies"), exports);
-__exportStar(require("./utils/sse"), exports);
-var serializer_1 = require("./core/serializer");
-Object.defineProperty(exports, "fastJsonStringify", { enumerable: true, get: function () { return serializer_1.fastJsonStringify; } });
-Object.defineProperty(exports, "getStringifier", { enumerable: true, get: function () { return serializer_1.getStringifier; } });
-__exportStar(require("./database/types"), exports);
-__exportStar(require("./database/manager"), exports);
-__exportStar(require("./database/adapters/memory"), exports);
-__exportStar(require("./views"), exports);
-__exportStar(require("./validation"), exports);
-__exportStar(require("./database/adapters/sqlite"), exports);
-__exportStar(require("./database/adapters/postgres"), exports);
-__exportStar(require("./database/adapters/mongo"), exports);
-__exportStar(require("./core/fusion"), exports);
-__exportStar(require("./validation/types"), exports);
-__exportStar(require("./validation/simple"), exports);
-__exportStar(require("./openapi/generator"), exports);
-__exportStar(require("./client"), exports);
-var native_adapter_2 = require("./core/native-adapter");
-Object.defineProperty(exports, "NativeAdapter", { enumerable: true, get: function () { return native_adapter_2.NativeAdapter; } });
-function createHttpApp(options = {}) {
-    const app = new server_1.QHTTPX(options);
-    // Skip middleware in ultra mode for maximum performance
-    if (options.performanceMode !== 'ultra') {
-        const middlewares = (0, presets_1.createApiPreset)({
-            rateLimit: options.rateLimit,
-            cors: options.cors,
-            compression: options.compression,
-        });
-        middlewares.forEach((mw) => app.use(mw));
-    }
-    return app;
-}
-function createNativeApp(options = {}) {
-    const app = createHttpApp(options);
-    return new native_adapter_1.NativeAdapter(app);
-}
-/**
- * Singleton instance for quick start
- * @example
- * import { app } from 'qhttpx';
- * app.get('/', ({ json }) => json({ hello: 'world' }));
- */
-exports.app = createHttpApp();
-/**
- * Default export for simplified usage
- * @example
- * import QHTTPX from 'qhttpx';
- * const app = QHTTPX();
- */
-exports.default = createHttpApp;

package/dist/src/middleware/compression.d.ts

@@ -1,2 +0,0 @@
-import { QHTTPXMiddleware, CompressionOptions } from '../core/types';
-export declare function createCompressionMiddleware(options?: CompressionOptions): QHTTPXMiddleware;

package/dist/src/middleware/compression.js

@@ -1,133 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createCompressionMiddleware = createCompressionMiddleware;
-const zlib_1 = __importDefault(require("zlib"));
-function createCompressionMiddleware(options = {}) {
-    const threshold = options.threshold ?? 1024;
-    const level = options.level ?? zlib_1.default.constants.Z_DEFAULT_COMPRESSION;
-    return async (ctx, next) => {
-        const req = ctx.req;
-        const res = ctx.res;
-        const acceptEncoding = req.headers['accept-encoding'] || '';
-        let stream;
-        let encoding = '';
-        if (/\bbr\b/.test(acceptEncoding)) {
-            stream = zlib_1.default.createBrotliCompress({
-                params: {
-                    [zlib_1.default.constants.BROTLI_PARAM_QUALITY]: level,
-                },
-            });
-            encoding = 'br';
-        }
-        else if (/\bgzip\b/.test(acceptEncoding)) {
-            stream = zlib_1.default.createGzip({ level });
-            encoding = 'gzip';
-        }
-        else if (/\bdeflate\b/.test(acceptEncoding)) {
-            stream = zlib_1.default.createDeflate({ level });
-            encoding = 'deflate';
-        }
-        if (!stream) {
-            await next();
-            return;
-        }
-        const originalWrite = res.write;
-        const originalEnd = res.end;
-        // const originalSetHeader = res.setHeader;
-        // We need to defer compression decision until we know the content type/length
-        // But since we are streaming, we might just start compressing if headers are sent?
-        // Actually, we can hook into write/end.
-        let headersSent = false;
-        let compress = false;
-        // Helper to check if we should compress based on content-type
-        const shouldCompress = () => {
-            const contentType = res.getHeader('content-type');
-            if (!contentType)
-                return true; // Assume yes if unknown? Or no? Usually text/json is compressed.
-            const type = String(contentType).toLowerCase();
-            if (type.includes('text/event-stream')) {
-                return false;
-            }
-            return (type.includes('text') ||
-                type.includes('json') ||
-                type.includes('xml') ||
-                type.includes('javascript') ||
-                type.includes('svg'));
-        };
-        // Override write
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        res.write = function (chunk, ...args) {
-            if (!headersSent) {
-                if (shouldCompress()) {
-                    compress = true;
-                    // Disable auto-end because we handle the stream asynchronously
-                    ctx.disableAutoEnd = true;
-                    res.setHeader('Content-Encoding', encoding);
-                    res.removeHeader('Content-Length');
-                    res.setHeader('Vary', 'Accept-Encoding');
-                    stream.on('data', (data) => {
-                        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-                        originalWrite.call(res, data);
-                    });
-                    stream.on('end', () => {
-                        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-                        originalEnd.call(res);
-                    });
-                }
-                else {
-                    compress = false;
-                }
-                headersSent = true;
-            }
-            if (compress && stream) {
-                return stream.write(chunk, ...args);
-            }
-            else {
-                // eslint-disable-next-line @typescript-eslint/no-explicit-any
-                return originalWrite.apply(res, [chunk, ...args]);
-            }
-        };
-        // Override end
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        res.end = function (chunk, ...args) {
-            if (!headersSent) {
-                const len = chunk ? Buffer.byteLength(chunk) : 0;
-                if (shouldCompress() && len >= threshold) {
-                    compress = true;
-                    // Disable auto-end because we handle the stream asynchronously
-                    ctx.disableAutoEnd = true;
-                    res.setHeader('Content-Encoding', encoding);
-                    res.removeHeader('Content-Length');
-                    res.setHeader('Vary', 'Accept-Encoding');
-                    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-                    stream.on('data', (data) => originalWrite.call(res, data));
-                    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-                    stream.on('end', () => originalEnd.call(res));
-                }
-                else {
-                    compress = false;
-                }
-                headersSent = true;
-            }
-            if (compress && stream) {
-                if (chunk)
-                    stream.write(chunk);
-                stream.end();
-            }
-            else {
-                // eslint-disable-next-line @typescript-eslint/no-explicit-any
-                return originalEnd.apply(res, [chunk, ...args]);
-            }
-            return res;
-        };
-        // Fix for the pipe issue:
-        // If we set compress=true, we should pipe stream to res ONCE.
-        // If we use { end: false }, we must manually end res.
-        // If we use { end: true }, stream.end() will end res.
-        // Let's refine the logic.
-        await next();
-    };
-}

package/dist/src/middleware/cors.d.ts

@@ -1,2 +0,0 @@
-import { QHTTPXMiddleware, CorsOptions } from '../core/types';
-export declare function createCorsMiddleware(options?: CorsOptions): QHTTPXMiddleware;

package/dist/src/middleware/cors.js

@@ -1,66 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createCorsMiddleware = createCorsMiddleware;
-function resolveOrigin(origin, requestOrigin) {
-    if (!origin) {
-        return '*';
-    }
-    if (typeof origin === 'string') {
-        return origin;
-    }
-    if (Array.isArray(origin)) {
-        if (!requestOrigin) {
-            return null;
-        }
-        if (origin.includes(requestOrigin)) {
-            return requestOrigin;
-        }
-        return null;
-    }
-    return origin(requestOrigin);
-}
-function createCorsMiddleware(options = {}) {
-    const methodsHeader = options.methods && options.methods.length > 0
-        ? options.methods.join(', ')
-        : 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS';
-    const allowedHeadersHeader = options.allowedHeaders && options.allowedHeaders.length > 0
-        ? options.allowedHeaders.join(', ')
-        : undefined;
-    const exposedHeadersHeader = options.exposedHeaders && options.exposedHeaders.length > 0
-        ? options.exposedHeaders.join(', ')
-        : undefined;
-    const maxAgeHeader = typeof options.maxAgeSeconds === 'number'
-        ? String(options.maxAgeSeconds)
-        : undefined;
-    const allowCredentials = options.credentials ?? false;
-    return async (ctx, next) => {
-        const requestOriginHeader = ctx.req.headers.origin;
-        const resolvedOrigin = resolveOrigin(options.origin, requestOriginHeader);
-        if (resolvedOrigin) {
-            ctx.res.setHeader('access-control-allow-origin', resolvedOrigin);
-            if (allowCredentials) {
-                ctx.res.setHeader('access-control-allow-credentials', 'true');
-            }
-            if (exposedHeadersHeader) {
-                ctx.res.setHeader('access-control-expose-headers', exposedHeadersHeader);
-            }
-        }
-        if (ctx.req.method === 'OPTIONS') {
-            ctx.res.statusCode = 204;
-            ctx.res.setHeader('access-control-allow-methods', methodsHeader);
-            const requestHeaders = typeof ctx.req.headers['access-control-request-headers'] === 'string'
-                ? ctx.req.headers['access-control-request-headers']
-                : undefined;
-            const headersValue = allowedHeadersHeader || requestHeaders;
-            if (headersValue) {
-                ctx.res.setHeader('access-control-allow-headers', headersValue);
-            }
-            if (maxAgeHeader) {
-                ctx.res.setHeader('access-control-max-age', maxAgeHeader);
-            }
-            ctx.res.end();
-            return;
-        }
-        await next();
-    };
-}

package/dist/src/middleware/presets.d.ts

@@ -1,16 +0,0 @@
-import { QHTTPXMiddleware, RateLimitOptions, CorsOptions, CompressionOptions } from '../core/types';
-import { SecureDefaultsOptions } from './security';
-import { LoggerOptions } from '../utils/logger';
-import { StaticOptions } from './static';
-export type ApiPresetOptions = {
-    security?: SecureDefaultsOptions;
-    logging?: LoggerOptions | boolean;
-    rateLimit?: RateLimitOptions;
-    cors?: CorsOptions | boolean;
-    compression?: CompressionOptions | boolean;
-};
-export declare function createApiPreset(options?: ApiPresetOptions): QHTTPXMiddleware[];
-export type StaticAppPresetOptions = ApiPresetOptions & {
-    static: StaticOptions;
-};
-export declare function createStaticAppPreset(options: StaticAppPresetOptions): QHTTPXMiddleware[];

package/dist/src/middleware/presets.js

@@ -1,52 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createApiPreset = createApiPreset;
-exports.createStaticAppPreset = createStaticAppPreset;
-const security_1 = require("./security");
-const cors_1 = require("./cors");
-const compression_1 = require("./compression");
-const logger_1 = require("../utils/logger");
-const static_1 = require("./static");
-const rate_limit_1 = require("./rate-limit");
-function createApiPreset(options = {}) {
-    const middlewares = [];
-    // 1. CORS
-    // Default to true (enabled) if not specified, to match createSecureDefaults behavior
-    const corsOpts = options.cors ?? options.security?.cors ?? true;
-    if (corsOpts !== false) {
-        const opts = corsOpts === true ? {} : corsOpts;
-        middlewares.push((0, cors_1.createCorsMiddleware)(opts));
-    }
-    // 2. Security Headers
-    middlewares.push((0, security_1.createSecurityHeadersMiddleware)(options.security?.securityHeaders));
-    // 3. Compression
-    if (options.compression) {
-        const opts = options.compression === true ? {} : options.compression;
-        middlewares.push((0, compression_1.createCompressionMiddleware)(opts));
-    }
-    // 4. Logging
-    if (options.logging !== false) {
-        const loggerOptions = typeof options.logging === 'object' ? options.logging : {};
-        middlewares.push((0, logger_1.createLoggerMiddleware)(loggerOptions));
-    }
-    // 5. Rate Limit
-    if (options.rateLimit) {
-        middlewares.push((0, rate_limit_1.rateLimit)(options.rateLimit));
-    }
-    return middlewares;
-}
-function createStaticAppPreset(options) {
-    const middlewares = [];
-    // 1. Security
-    middlewares.push(...(0, security_1.createSecureDefaults)(options.security));
-    // 2. Logging
-    if (options.logging !== false) {
-        const loggerOptions = typeof options.logging === 'object' ? options.logging : {};
-        middlewares.push((0, logger_1.createLoggerMiddleware)(loggerOptions));
-    }
-    // 3. Static Files
-    // We force fallthrough to true so API routes can handle non-static requests
-    const staticOptions = { ...options.static, fallthrough: true };
-    middlewares.push((0, static_1.createStaticMiddleware)(staticOptions));
-    return middlewares;
-}

package/dist/src/middleware/rate-limit.d.ts

@@ -1,14 +0,0 @@
-import type { QHTTPXMiddleware, RateLimitOptions, RateLimitStore } from '../core/types';
-export declare class MemoryStore implements RateLimitStore {
-    private hits;
-    private interval?;
-    constructor(clearPeriodMs?: number);
-    increment(key: string, windowMs: number): Promise<{
-        total: number;
-        resetTime: number;
-    }>;
-    decrement(key: string): Promise<void>;
-    reset(key: string): Promise<void>;
-    private cleanup;
-}
-export declare const rateLimit: (options?: RateLimitOptions) => QHTTPXMiddleware;

package/dist/src/middleware/rate-limit.js

@@ -1,83 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.rateLimit = exports.MemoryStore = void 0;
-class MemoryStore {
-    constructor(clearPeriodMs = 60000) {
-        this.hits = new Map();
-        // Cleanup expired entries periodically
-        if (clearPeriodMs > 0) {
-            this.interval = setInterval(() => this.cleanup(), clearPeriodMs);
-            this.interval.unref(); // Don't hold process open
-        }
-    }
-    async increment(key, windowMs) {
-        const now = Date.now();
-        let record = this.hits.get(key);
-        if (!record || now > record.resetTime) {
-            record = { count: 1, resetTime: now + windowMs };
-            this.hits.set(key, record);
-        }
-        else {
-            record.count++;
-        }
-        return { total: record.count, resetTime: record.resetTime };
-    }
-    async decrement(key) {
-        const record = this.hits.get(key);
-        if (record && record.count > 0) {
-            record.count--;
-        }
-    }
-    async reset(key) {
-        this.hits.delete(key);
-    }
-    cleanup() {
-        const now = Date.now();
-        for (const [key, record] of this.hits.entries()) {
-            if (now > record.resetTime) {
-                this.hits.delete(key);
-            }
-        }
-    }
-}
-exports.MemoryStore = MemoryStore;
-const rateLimit = (options = {}) => {
-    const windowMs = options.windowMs ?? 60000; // 1 minute default
-    const max = options.max ?? 100; // 100 requests default
-    const message = options.message ?? 'Too many requests, please try again later.';
-    const statusCode = options.statusCode ?? 429;
-    const headers = options.headers ?? true;
-    const store = options.store ?? new MemoryStore();
-    const keyGenerator = options.keyGenerator ?? ((ctx) => {
-        if (options.trustProxy) {
-            const forwarded = ctx.req.headers['x-forwarded-for'];
-            if (forwarded) {
-                return Array.isArray(forwarded) ? forwarded[0] : forwarded.split(',')[0].trim();
-            }
-        }
-        return ctx.req.socket.remoteAddress || 'unknown';
-    });
-    return async (ctx, next) => {
-        if (options.skip?.(ctx)) {
-            return next();
-        }
-        const key = keyGenerator(ctx);
-        const { total, resetTime } = await store.increment(key, windowMs);
-        const remaining = Math.max(0, max - total);
-        const resetSeconds = Math.ceil((resetTime - Date.now()) / 1000);
-        if (headers) {
-            ctx.res.setHeader('X-RateLimit-Limit', max);
-            ctx.res.setHeader('X-RateLimit-Remaining', remaining);
-            ctx.res.setHeader('X-RateLimit-Reset', resetSeconds);
-        }
-        if (total > max) {
-            if (headers) {
-                ctx.res.setHeader('Retry-After', resetSeconds);
-            }
-            ctx.json(typeof message === 'string' ? { error: message } : message, statusCode);
-            return;
-        }
-        await next();
-    };
-};
-exports.rateLimit = rateLimit;

package/dist/src/middleware/security.d.ts

@@ -1,21 +0,0 @@
-import { QHTTPXContext, QHTTPXMiddleware, CorsOptions } from '../core/types';
-export type SecurityHeadersOptions = {
-    contentSecurityPolicy?: string | null;
-    referrerPolicy?: string | null;
-    xFrameOptions?: 'DENY' | 'SAMEORIGIN' | null;
-    xContentTypeOptions?: 'nosniff' | null;
-    xXssProtection?: '0' | '1; mode=block' | null;
-    strictTransportSecurity?: string | null;
-};
-export declare function createSecurityHeadersMiddleware(options?: SecurityHeadersOptions): QHTTPXMiddleware;
-export type SecureDefaultsOptions = {
-    cors?: CorsOptions;
-    securityHeaders?: SecurityHeadersOptions;
-};
-export declare function createSecureDefaults(options?: SecureDefaultsOptions): QHTTPXMiddleware[];
-export type RateLimitOptions = {
-    maxRequests: number;
-    windowMs: number;
-    keyGenerator?: (ctx: QHTTPXContext) => string;
-};
-export declare function createRateLimitMiddleware(options: RateLimitOptions): QHTTPXMiddleware;