r2-explorer 1.1.10 → 1.1.12

package/dist/index.js

@@ -28,15 +28,85 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/index.ts
-var src_exports = {};
-__export(src_exports, {
+var index_exports = {};
+__export(index_exports, {
   R2Explorer: () => R2Explorer
 });
-module.exports = __toCommonJS(src_exports);
+module.exports = __toCommonJS(index_exports);
 var import_cloudflare_access = require("@hono/cloudflare-access");
-var import_chanfana14 = require("chanfana");
+var import_chanfana18 = require("chanfana");
+
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/compose.js
+var compose = (middleware, onError, onNotFound) => {
+  return (context, next) => {
+    let index = -1;
+    return dispatch(0);
+    async function dispatch(i) {
+      if (i <= index) {
+        throw new Error("next() called multiple times");
+      }
+      index = i;
+      let res;
+      let isError = false;
+      let handler;
+      if (middleware[i]) {
+        handler = middleware[i][0][0];
+        context.req.routeIndex = i;
+      } else {
+        handler = i === middleware.length && next || void 0;
+      }
+      if (handler) {
+        try {
+          res = await handler(context, () => dispatch(i + 1));
+        } catch (err) {
+          if (err instanceof Error && onError) {
+            context.error = err;
+            res = await onError(err, context);
+            isError = true;
+          } else {
+            throw err;
+          }
+        }
+      } else {
+        if (context.finalized === false && onNotFound) {
+          res = await onNotFound(context);
+        }
+      }
+      if (res && (context.finalized === false || isError)) {
+        context.res = res;
+      }
+      return context;
+    }
+  };
+};
+
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/http-exception.js
+var HTTPException = class extends Error {
+  res;
+  status;
+  constructor(status = 500, options) {
+    super(options?.message, { cause: options?.cause });
+    this.res = options?.res;
+    this.status = status;
+  }
+  getResponse() {
+    if (this.res) {
+      const newResponse = new Response(this.res.body, {
+        status: this.status,
+        headers: this.res.headers
+      });
+      return newResponse;
+    }
+    return new Response(this.message, {
+      status: this.status
+    });
+  }
+};
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/utils/body.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/request/constants.js
+var GET_MATCH_RESULT = Symbol();
+
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/utils/body.js
 var parseBody = async (request, options = /* @__PURE__ */ Object.create(null)) => {
   const { all = false, dot = false } = options;
   const headers = request instanceof HonoRequest ? request.raw.headers : request.headers;
@@ -83,7 +153,11 @@ var handleParsingAllValues = (form, key, value) => {
       form[key] = [form[key], value];
     }
   } else {
-    form[key] = value;
+    if (!key.endsWith("[]")) {
+      form[key] = value;
+    } else {
+      form[key] = [value];
+    }
   }
 };
 var handleParsingNestedValues = (form, key, value) => {
@@ -101,7 +175,7 @@ var handleParsingNestedValues = (form, key, value) => {
   });
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/utils/url.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/utils/url.js
 var splitPath = (path) => {
   const paths = path.split("/");
   if (paths[0] === "") {
@@ -116,9 +190,9 @@ var splitRoutingPath = (routePath) => {
 };
 var extractGroupsFromPath = (path) => {
   const groups = [];
-  path = path.replace(/\{[^}]+\}/g, (match, index) => {
+  path = path.replace(/\{[^}]+\}/g, (match2, index) => {
     const mark = `@${index}`;
-    groups.push([mark, match]);
+    groups.push([mark, match2]);
     return mark;
   });
   return { groups, path };
@@ -136,20 +210,21 @@ var replaceGroupMarks = (paths, groups) => {
   return paths;
 };
 var patternCache = {};
-var getPattern = (label) => {
+var getPattern = (label, next) => {
   if (label === "*") {
     return "*";
   }
-  const match = label.match(/^\:([^\{\}]+)(?:\{(.+)\})?$/);
-  if (match) {
-    if (!patternCache[label]) {
-      if (match[2]) {
-        patternCache[label] = [label, match[1], new RegExp("^" + match[2] + "$")];
+  const match2 = label.match(/^\:([^\{\}]+)(?:\{(.+)\})?$/);
+  if (match2) {
+    const cacheKey = `${label}#${next}`;
+    if (!patternCache[cacheKey]) {
+      if (match2[2]) {
+        patternCache[cacheKey] = next && next[0] !== ":" && next[0] !== "*" ? [cacheKey, match2[1], new RegExp(`^${match2[2]}(?=/${next})`)] : [label, match2[1], new RegExp(`^${match2[2]}$`)];
       } else {
-        patternCache[label] = [label, match[1], true];
+        patternCache[cacheKey] = [label, match2[1], true];
       }
     }
-    return patternCache[label];
+    return patternCache[cacheKey];
   }
   return null;
 };
@@ -157,11 +232,11 @@ var tryDecode = (str, decoder) => {
   try {
     return decoder(str);
   } catch {
-    return str.replace(/(?:%[0-9A-Fa-f]{2})+/g, (match) => {
+    return str.replace(/(?:%[0-9A-Fa-f]{2})+/g, (match2) => {
       try {
-        return decoder(match);
+        return decoder(match2);
       } catch {
-        return match;
+        return match2;
       }
     });
   }
@@ -169,7 +244,7 @@ var tryDecode = (str, decoder) => {
 var tryDecodeURI = (str) => tryDecode(str, decodeURI);
 var getPath = (request) => {
   const url = request.url;
-  const start = url.indexOf("/", 8);
+  const start = url.indexOf("/", url.indexOf(":") + 4);
   let i = start;
   for (; i < url.length; i++) {
     const charCode = url.charCodeAt(i);
@@ -187,30 +262,14 @@ var getPathNoStrict = (request) => {
   const result = getPath(request);
   return result.length > 1 && result.at(-1) === "/" ? result.slice(0, -1) : result;
 };
-var mergePath = (...paths) => {
-  let p = "";
-  let endsWithSlash = false;
-  for (let path of paths) {
-    if (p.at(-1) === "/") {
-      p = p.slice(0, -1);
-      endsWithSlash = true;
-    }
-    if (path[0] !== "/") {
-      path = `/${path}`;
-    }
-    if (path === "/" && endsWithSlash) {
-      p = `${p}/`;
-    } else if (path !== "/") {
-      p = `${p}${path}`;
-    }
-    if (path === "/" && p === "") {
-      p = "/";
-    }
+var mergePath = (base, sub, ...rest) => {
+  if (rest.length) {
+    sub = mergePath(sub, ...rest);
   }
-  return p;
+  return `${base?.[0] === "/" ? "" : "/"}${base}${sub === "/" ? "" : `${base?.at(-1) === "/" ? "" : "/"}${sub?.[0] === "/" ? sub.slice(1) : sub}`}`;
 };
 var checkOptionalParameter = (path) => {
-  if (!path.match(/\:.+\?$/)) {
+  if (path.charCodeAt(path.length - 1) !== 63 || !path.includes(":")) {
     return null;
   }
   const segments = path.split("/");
@@ -243,14 +302,17 @@ var _decodeURI = (value) => {
   if (value.indexOf("+") !== -1) {
     value = value.replace(/\+/g, " ");
   }
-  return value.indexOf("%") !== -1 ? decodeURIComponent_(value) : value;
+  return value.indexOf("%") !== -1 ? tryDecode(value, decodeURIComponent_) : value;
 };
 var _getQueryParam = (url, key, multiple) => {
   let encoded;
   if (!multiple && key && !/[%+]/.test(key)) {
-    let keyIndex2 = url.indexOf(`?${key}`, 8);
+    let keyIndex2 = url.indexOf("?", 8);
     if (keyIndex2 === -1) {
-      keyIndex2 = url.indexOf(`&${key}`, 8);
+      return void 0;
+    }
+    if (!url.startsWith(key, keyIndex2 + 1)) {
+      keyIndex2 = url.indexOf(`&${key}`, keyIndex2 + 1);
     }
     while (keyIndex2 !== -1) {
       const trailingKeyCode = url.charCodeAt(keyIndex2 + key.length + 1);
@@ -315,7 +377,7 @@ var getQueryParams = (url, key) => {
 };
 var decodeURIComponent_ = decodeURIComponent;
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/request.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/request.js
 var tryDecodeURIComponent = (str) => tryDecode(str, decodeURIComponent_);
 var HonoRequest = class {
   raw;
@@ -336,14 +398,14 @@ var HonoRequest = class {
   #getDecodedParam(key) {
     const paramKey = this.#matchResult[0][this.routeIndex][1][key];
     const param = this.#getParamValue(paramKey);
-    return param ? /\%/.test(param) ? tryDecodeURIComponent(param) : param : void 0;
+    return param && /\%/.test(param) ? tryDecodeURIComponent(param) : param;
   }
   #getAllDecodedParams() {
     const decoded = {};
     const keys = Object.keys(this.#matchResult[0][this.routeIndex][1]);
     for (const key of keys) {
       const value = this.#getParamValue(this.#matchResult[0][this.routeIndex][1][key]);
-      if (value && typeof value === "string") {
+      if (value !== void 0) {
         decoded[key] = /\%/.test(value) ? tryDecodeURIComponent(value) : value;
       }
     }
@@ -360,7 +422,7 @@ var HonoRequest = class {
   }
   header(name) {
     if (name) {
-      return this.raw.headers.get(name.toLowerCase()) ?? void 0;
+      return this.raw.headers.get(name) ?? void 0;
     }
     const headerData = {};
     this.raw.headers.forEach((value, key) => {
@@ -389,7 +451,7 @@ var HonoRequest = class {
     return bodyCache[key] = raw2[key]();
   };
   json() {
-    return this.#cachedBody("json");
+    return this.#cachedBody("text").then((text) => JSON.parse(text));
   }
   text() {
     return this.#cachedBody("text");
@@ -415,6 +477,9 @@ var HonoRequest = class {
   get method() {
     return this.raw.method;
   }
+  get [GET_MATCH_RESULT]() {
+    return this.#matchResult;
+  }
   get matchedRoutes() {
     return this.#matchResult[0].map(([[, route]]) => route);
   }
@@ -423,7 +488,7 @@ var HonoRequest = class {
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/utils/html.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/utils/html.js
 var HtmlEscapedCallbackPhase = {
   Stringify: 1,
   BeforeStream: 2,
@@ -465,13 +530,13 @@ var resolveCallback = async (str, phase, preserveCallbacks, context, buffer) =>
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/context.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/context.js
 var TEXT_PLAIN = "text/plain; charset=UTF-8";
-var setHeaders = (headers, map = {}) => {
-  for (const key of Object.keys(map)) {
-    headers.set(key, map[key]);
-  }
-  return headers;
+var setDefaultContentType = (contentType, headers) => {
+  return {
+    "Content-Type": contentType,
+    ...headers
+  };
 };
 var Context = class {
   #rawRequest;
@@ -480,15 +545,13 @@ var Context = class {
   #var;
   finalized = false;
   error;
-  #status = 200;
+  #status;
   #executionCtx;
-  #headers;
-  #preparedHeaders;
   #res;
-  #isFresh = true;
   #layout;
   #renderer;
   #notFoundHandler;
+  #preparedHeaders;
   #matchResult;
   #path;
   constructor(req, options) {
@@ -520,36 +583,25 @@ var Context = class {
     }
   }
   get res() {
-    this.#isFresh = false;
-    return this.#res ||= new Response("404 Not Found", { status: 404 });
+    return this.#res ||= new Response(null, {
+      headers: this.#preparedHeaders ??= new Headers()
+    });
   }
   set res(_res) {
-    this.#isFresh = false;
     if (this.#res && _res) {
-      try {
-        for (const [k, v] of this.#res.headers.entries()) {
-          if (k === "content-type") {
-            continue;
-          }
-          if (k === "set-cookie") {
-            const cookies = this.#res.headers.getSetCookie();
-            _res.headers.delete("set-cookie");
-            for (const cookie of cookies) {
-              _res.headers.append("set-cookie", cookie);
-            }
-          } else {
-            _res.headers.set(k, v);
-          }
+      _res = new Response(_res.body, _res);
+      for (const [k, v] of this.#res.headers.entries()) {
+        if (k === "content-type") {
+          continue;
         }
-      } catch (e) {
-        if (e instanceof TypeError && e.message.includes("immutable")) {
-          this.res = new Response(_res.body, {
-            headers: _res.headers,
-            status: _res.status
-          });
-          return;
+        if (k === "set-cookie") {
+          const cookies = this.#res.headers.getSetCookie();
+          _res.headers.delete("set-cookie");
+          for (const cookie of cookies) {
+            _res.headers.append("set-cookie", cookie);
+          }
         } else {
-          throw e;
+          _res.headers.set(k, v);
         }
       }
     }
@@ -566,42 +618,19 @@ var Context = class {
     this.#renderer = renderer;
   };
   header = (name, value, options) => {
-    if (value === void 0) {
-      if (this.#headers) {
-        this.#headers.delete(name);
-      } else if (this.#preparedHeaders) {
-        delete this.#preparedHeaders[name.toLocaleLowerCase()];
-      }
-      if (this.finalized) {
-        this.res.headers.delete(name);
-      }
-      return;
+    if (this.finalized) {
+      this.#res = new Response(this.#res.body, this.#res);
     }
-    if (options?.append) {
-      if (!this.#headers) {
-        this.#isFresh = false;
-        this.#headers = new Headers(this.#preparedHeaders);
-        this.#preparedHeaders = {};
-      }
-      this.#headers.append(name, value);
+    const headers = this.#res ? this.#res.headers : this.#preparedHeaders ??= new Headers();
+    if (value === void 0) {
+      headers.delete(name);
+    } else if (options?.append) {
+      headers.append(name, value);
     } else {
-      if (this.#headers) {
-        this.#headers.set(name, value);
-      } else {
-        this.#preparedHeaders ??= {};
-        this.#preparedHeaders[name.toLowerCase()] = value;
-      }
-    }
-    if (this.finalized) {
-      if (options?.append) {
-        this.res.headers.append(name, value);
-      } else {
-        this.res.headers.set(name, value);
-      }
+      headers.set(name, value);
     }
   };
   status = (status) => {
-    this.#isFresh = false;
     this.#status = status;
   };
   set = (key, value) => {
@@ -618,94 +647,58 @@ var Context = class {
     return Object.fromEntries(this.#var);
   }
   #newResponse(data, arg, headers) {
-    if (this.#isFresh && !headers && !arg && this.#status === 200) {
-      return new Response(data, {
-        headers: this.#preparedHeaders
-      });
-    }
-    if (arg && typeof arg !== "number") {
-      const header = new Headers(arg.headers);
-      if (this.#headers) {
-        this.#headers.forEach((v, k) => {
-          if (k === "set-cookie") {
-            header.append(k, v);
-          } else {
-            header.set(k, v);
-          }
-        });
-      }
-      const headers2 = setHeaders(header, this.#preparedHeaders);
-      return new Response(data, {
-        headers: headers2,
-        status: arg.status ?? this.#status
-      });
-    }
-    const status = typeof arg === "number" ? arg : this.#status;
-    this.#preparedHeaders ??= {};
-    this.#headers ??= new Headers();
-    setHeaders(this.#headers, this.#preparedHeaders);
-    if (this.#res) {
-      this.#res.headers.forEach((v, k) => {
-        if (k === "set-cookie") {
-          this.#headers?.append(k, v);
+    const responseHeaders = this.#res ? new Headers(this.#res.headers) : this.#preparedHeaders ?? new Headers();
+    if (typeof arg === "object" && "headers" in arg) {
+      const argHeaders = arg.headers instanceof Headers ? arg.headers : new Headers(arg.headers);
+      for (const [key, value] of argHeaders) {
+        if (key.toLowerCase() === "set-cookie") {
+          responseHeaders.append(key, value);
         } else {
-          this.#headers?.set(k, v);
+          responseHeaders.set(key, value);
         }
-      });
-      setHeaders(this.#headers, this.#preparedHeaders);
+      }
     }
-    headers ??= {};
-    for (const [k, v] of Object.entries(headers)) {
-      if (typeof v === "string") {
-        this.#headers.set(k, v);
-      } else {
-        this.#headers.delete(k);
-        for (const v2 of v) {
-          this.#headers.append(k, v2);
+    if (headers) {
+      for (const [k, v] of Object.entries(headers)) {
+        if (typeof v === "string") {
+          responseHeaders.set(k, v);
+        } else {
+          responseHeaders.delete(k);
+          for (const v2 of v) {
+            responseHeaders.append(k, v2);
+          }
         }
       }
     }
-    return new Response(data, {
-      status,
-      headers: this.#headers
-    });
+    const status = typeof arg === "number" ? arg : arg?.status ?? this.#status;
+    return new Response(data, { status, headers: responseHeaders });
   }
   newResponse = (...args) => this.#newResponse(...args);
-  body = (data, arg, headers) => {
-    return typeof arg === "number" ? this.#newResponse(data, arg, headers) : this.#newResponse(data, arg);
-  };
+  body = (data, arg, headers) => this.#newResponse(data, arg, headers);
   text = (text, arg, headers) => {
-    if (!this.#preparedHeaders) {
-      if (this.#isFresh && !headers && !arg) {
-        return new Response(text);
-      }
-      this.#preparedHeaders = {};
-    }
-    this.#preparedHeaders["content-type"] = TEXT_PLAIN;
-    if (typeof arg === "number") {
-      return this.#newResponse(text, arg, headers);
-    }
-    return this.#newResponse(text, arg);
+    return !this.#preparedHeaders && !this.#status && !arg && !headers && !this.finalized ? new Response(text) : this.#newResponse(
+      text,
+      arg,
+      setDefaultContentType(TEXT_PLAIN, headers)
+    );
   };
   json = (object, arg, headers) => {
-    const body = JSON.stringify(object);
-    this.#preparedHeaders ??= {};
-    this.#preparedHeaders["content-type"] = "application/json";
-    return typeof arg === "number" ? this.#newResponse(body, arg, headers) : this.#newResponse(body, arg);
+    return this.#newResponse(
+      JSON.stringify(object),
+      arg,
+      setDefaultContentType("application/json", headers)
+    );
   };
   html = (html, arg, headers) => {
-    this.#preparedHeaders ??= {};
-    this.#preparedHeaders["content-type"] = "text/html; charset=UTF-8";
-    if (typeof html === "object") {
-      return resolveCallback(html, HtmlEscapedCallbackPhase.Stringify, false, {}).then((html2) => {
-        return typeof arg === "number" ? this.#newResponse(html2, arg, headers) : this.#newResponse(html2, arg);
-      });
-    }
-    return typeof arg === "number" ? this.#newResponse(html, arg, headers) : this.#newResponse(html, arg);
+    const res = (html2) => this.#newResponse(html2, arg, setDefaultContentType("text/html; charset=UTF-8", headers));
+    return typeof html === "object" ? resolveCallback(html, HtmlEscapedCallbackPhase.Stringify, false, {}).then(res) : res(html);
   };
   redirect = (location, status) => {
-    this.#headers ??= new Headers();
-    this.#headers.set("Location", String(location));
+    const locationString = String(location);
+    this.header(
+      "Location",
+      !/[^\x00-\xFF]/.test(locationString) ? locationString : encodeURI(locationString)
+    );
     return this.newResponse(null, status ?? 302);
   };
   notFound = () => {
@@ -714,56 +707,7 @@ var Context = class {
   };
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/compose.js
-var compose = (middleware, onError, onNotFound) => {
-  return (context, next) => {
-    let index = -1;
-    const isContext = context instanceof Context;
-    return dispatch(0);
-    async function dispatch(i) {
-      if (i <= index) {
-        throw new Error("next() called multiple times");
-      }
-      index = i;
-      let res;
-      let isError = false;
-      let handler;
-      if (middleware[i]) {
-        handler = middleware[i][0][0];
-        if (isContext) {
-          context.req.routeIndex = i;
-        }
-      } else {
-        handler = i === middleware.length && next || void 0;
-      }
-      if (!handler) {
-        if (isContext && context.finalized === false && onNotFound) {
-          res = await onNotFound(context);
-        }
-      } else {
-        try {
-          res = await handler(context, () => {
-            return dispatch(i + 1);
-          });
-        } catch (err) {
-          if (err instanceof Error && isContext && onError) {
-            context.error = err;
-            res = await onError(err, context);
-            isError = true;
-          } else {
-            throw err;
-          }
-        }
-      }
-      if (res && (context.finalized === false || isError)) {
-        context.res = res;
-      }
-      return context;
-    }
-  };
-};
-
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/router.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/router.js
 var METHOD_NAME_ALL = "ALL";
 var METHOD_NAME_ALL_LOWERCASE = "all";
 var METHODS = ["get", "post", "put", "delete", "options", "patch"];
@@ -771,16 +715,17 @@ var MESSAGE_MATCHER_IS_ALREADY_BUILT = "Can not add a route since the matcher is
 var UnsupportedPathError = class extends Error {
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/utils/constants.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/utils/constants.js
 var COMPOSED_HANDLER = "__COMPOSED_HANDLER";
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/hono-base.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/hono-base.js
 var notFoundHandler = (c) => {
   return c.text("404 Not Found", 404);
 };
 var errorHandler = (err, c) => {
   if ("getResponse" in err) {
-    return err.getResponse();
+    const res = err.getResponse();
+    return c.newResponse(res.body, res);
   }
   console.error(err);
   return c.text("Internal Server Error", 500);
@@ -838,16 +783,17 @@ var Hono = class {
       });
       return this;
     };
-    const strict = options.strict ?? true;
-    delete options.strict;
-    Object.assign(this, options);
-    this.getPath = strict ? options.getPath ?? getPath : getPathNoStrict;
+    const { strict, ...optionsWithoutStrict } = options;
+    Object.assign(this, optionsWithoutStrict);
+    this.getPath = strict ?? true ? options.getPath ?? getPath : getPathNoStrict;
   }
   #clone() {
     const clone = new Hono({
       router: this.router,
       getPath: this.getPath
     });
+    clone.errorHandler = this.errorHandler;
+    clone.#notFoundHandler = this.#notFoundHandler;
     clone.routes = this.routes;
     return clone;
   }
@@ -888,7 +834,11 @@ var Hono = class {
         optionHandler = options;
       } else {
         optionHandler = options.optionHandler;
-        replaceRequest = options.replaceRequest;
+        if (options.replaceRequest === false) {
+          replaceRequest = (request) => request;
+        } else {
+          replaceRequest = options.replaceRequest;
+        }
       }
     }
     const getOptions = optionHandler ? (c) => {
@@ -924,7 +874,7 @@ var Hono = class {
   #addRoute(method, path, handler) {
     method = method.toUpperCase();
     path = mergePath(this._basePath, path);
-    const r = { path, method, handler };
+    const r = { basePath: this._basePath, path, method, handler };
     this.router.add(method, path, [handler, r]);
     this.routes.push(r);
   }
@@ -999,7 +949,28 @@ var Hono = class {
   };
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/router/reg-exp-router/node.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/router/reg-exp-router/matcher.js
+var emptyParam = [];
+function match(method, path) {
+  const matchers = this.buildAllMatchers();
+  const match2 = (method2, path2) => {
+    const matcher = matchers[method2] || matchers[METHOD_NAME_ALL];
+    const staticMatch = matcher[2][path2];
+    if (staticMatch) {
+      return staticMatch;
+    }
+    const match3 = path2.match(matcher[0]);
+    if (!match3) {
+      return [[], emptyParam];
+    }
+    const index = match3.indexOf("", 1);
+    return [matcher[1][index], match3];
+  };
+  this.match = match2;
+  return match2(method, path);
+}
+
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/router/reg-exp-router/node.js
 var LABEL_REG_EXP_STR = "[^/]+";
 var ONLY_WILDCARD_REG_EXP_STR = ".*";
 var TAIL_WILDCARD_REG_EXP_STR = "(?:|/.*)";
@@ -1046,6 +1017,9 @@ var Node = class {
       const name = pattern[1];
       let regexpStr = pattern[2] || LABEL_REG_EXP_STR;
       if (name && pattern[2]) {
+        if (regexpStr === ".*") {
+          throw PATH_ERROR;
+        }
         regexpStr = regexpStr.replace(/^\((?!\?:)(?=[^)]+\)$)/, "(?:");
         if (/\((?!\?:)/.test(regexpStr)) {
           throw PATH_ERROR;
@@ -1104,7 +1078,7 @@ var Node = class {
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/router/reg-exp-router/trie.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/router/reg-exp-router/trie.js
 var Trie = class {
   #context = { varIndex: 0 };
   #root = new Node();
@@ -1160,8 +1134,7 @@ var Trie = class {
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/router/reg-exp-router/router.js
-var emptyParam = [];
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/router/reg-exp-router/router.js
 var nullMatcher = [/^$/, [], /* @__PURE__ */ Object.create(null)];
 var wildcardRegExpCache = /* @__PURE__ */ Object.create(null);
 function buildWildcardRegExp(path) {
@@ -1308,30 +1281,14 @@ var RegExpRouter = class {
       });
     }
   }
-  match(method, path) {
-    clearWildcardRegExpCache();
-    const matchers = this.#buildAllMatchers();
-    this.match = (method2, path2) => {
-      const matcher = matchers[method2] || matchers[METHOD_NAME_ALL];
-      const staticMatch = matcher[2][path2];
-      if (staticMatch) {
-        return staticMatch;
-      }
-      const match = path2.match(matcher[0]);
-      if (!match) {
-        return [[], emptyParam];
-      }
-      const index = match.indexOf("", 1);
-      return [matcher[1][index], match];
-    };
-    return this.match(method, path);
-  }
-  #buildAllMatchers() {
+  match = match;
+  buildAllMatchers() {
     const matchers = /* @__PURE__ */ Object.create(null);
     Object.keys(this.#routes).concat(Object.keys(this.#middleware)).forEach((method) => {
       matchers[method] ||= this.#buildMatcher(method);
     });
     this.#middleware = this.#routes = void 0;
+    clearWildcardRegExpCache();
     return matchers;
   }
   #buildMatcher(method) {
@@ -1356,7 +1313,7 @@ var RegExpRouter = class {
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/router/smart-router/router.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/router/smart-router/router.js
 var SmartRouter = class {
   name = "SmartRouter";
   #routers = [];
@@ -1411,7 +1368,7 @@ var SmartRouter = class {
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/router/trie-router/node.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/router/trie-router/node.js
 var emptyParams = /* @__PURE__ */ Object.create(null);
 var Node2 = class {
   #methods;
@@ -1436,30 +1393,30 @@ var Node2 = class {
     const possibleKeys = [];
     for (let i = 0, len = parts.length; i < len; i++) {
       const p = parts[i];
-      if (Object.keys(curNode.#children).includes(p)) {
-        curNode = curNode.#children[p];
-        const pattern2 = getPattern(p);
-        if (pattern2) {
-          possibleKeys.push(pattern2[1]);
+      const nextP = parts[i + 1];
+      const pattern = getPattern(p, nextP);
+      const key = Array.isArray(pattern) ? pattern[0] : p;
+      if (key in curNode.#children) {
+        curNode = curNode.#children[key];
+        if (pattern) {
+          possibleKeys.push(pattern[1]);
         }
         continue;
       }
-      curNode.#children[p] = new Node2();
-      const pattern = getPattern(p);
+      curNode.#children[key] = new Node2();
       if (pattern) {
         curNode.#patterns.push(pattern);
         possibleKeys.push(pattern[1]);
       }
-      curNode = curNode.#children[p];
+      curNode = curNode.#children[key];
     }
-    const m = /* @__PURE__ */ Object.create(null);
-    const handlerSet = {
-      handler,
-      possibleKeys: possibleKeys.filter((v, i, a) => a.indexOf(v) === i),
-      score: this.#order
-    };
-    m[method] = handlerSet;
-    curNode.#methods.push(m);
+    curNode.#methods.push({
+      [method]: {
+        handler,
+        possibleKeys: possibleKeys.filter((v, i, a) => a.indexOf(v) === i),
+        score: this.#order
+      }
+    });
     return curNode;
   }
   #getHandlerSets(node, method, nodeParams, params) {
@@ -1489,6 +1446,7 @@ var Node2 = class {
     const curNode = this;
     let curNodes = [curNode];
     const parts = splitPath(path);
+    const curNodesQueue = [];
     for (let i = 0, len = parts.length; i < len; i++) {
       const part = parts[i];
       const isLast = i === len - 1;
@@ -1516,20 +1474,30 @@ var Node2 = class {
             const astNode = node.#children["*"];
             if (astNode) {
               handlerSets.push(...this.#getHandlerSets(astNode, method, node.#params));
+              astNode.#params = params;
               tempNodes.push(astNode);
             }
             continue;
           }
-          if (part === "") {
+          const [key, name, matcher] = pattern;
+          if (!part && !(matcher instanceof RegExp)) {
             continue;
           }
-          const [key, name, matcher] = pattern;
           const child = node.#children[key];
           const restPathString = parts.slice(i).join("/");
-          if (matcher instanceof RegExp && matcher.test(restPathString)) {
-            params[name] = restPathString;
-            handlerSets.push(...this.#getHandlerSets(child, method, node.#params, params));
-            continue;
+          if (matcher instanceof RegExp) {
+            const m = matcher.exec(restPathString);
+            if (m) {
+              params[name] = m[0];
+              handlerSets.push(...this.#getHandlerSets(child, method, node.#params, params));
+              if (Object.keys(child.#children).length) {
+                child.#params = params;
+                const componentCount = m[0].match(/\//)?.length ?? 0;
+                const targetCurNodes = curNodesQueue[componentCount] ||= [];
+                targetCurNodes.push(child);
+              }
+              continue;
+            }
           }
           if (matcher === true || matcher.test(part)) {
             params[name] = part;
@@ -1547,7 +1515,7 @@ var Node2 = class {
           }
         }
       }
-      curNodes = tempNodes;
+      curNodes = tempNodes.concat(curNodesQueue.shift() ?? []);
     }
     if (handlerSets.length > 1) {
       handlerSets.sort((a, b) => {
@@ -1558,7 +1526,7 @@ var Node2 = class {
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/router/trie-router/router.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/router/trie-router/router.js
 var TrieRouter = class {
   name = "TrieRouter";
   #node;
@@ -1580,7 +1548,7 @@ var TrieRouter = class {
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/hono.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/hono.js
 var Hono2 = class extends Hono {
   constructor(options = {}) {
     super(options);
@@ -1590,30 +1558,7 @@ var Hono2 = class extends Hono {
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/http-exception.js
-var HTTPException = class extends Error {
-  res;
-  status;
-  constructor(status = 500, options) {
-    super(options?.message, { cause: options?.cause });
-    this.res = options?.res;
-    this.status = status;
-  }
-  getResponse() {
-    if (this.res) {
-      const newResponse = new Response(this.res.body, {
-        status: this.status,
-        headers: this.res.headers
-      });
-      return newResponse;
-    }
-    return new Response(this.message, {
-      status: this.status
-    });
-  }
-};
-
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/utils/encode.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/utils/encode.js
 var decodeBase64 = (str) => {
   const binary = atob(str);
   const bytes = new Uint8Array(new ArrayBuffer(binary.length));
@@ -1625,18 +1570,18 @@ var decodeBase64 = (str) => {
   return bytes;
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/utils/basic-auth.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/utils/basic-auth.js
 var CREDENTIALS_REGEXP = /^ *(?:[Bb][Aa][Ss][Ii][Cc]) +([A-Za-z0-9._~+/-]+=*) *$/;
 var USER_PASS_REGEXP = /^([^:]*):(.*)$/;
 var utf8Decoder = new TextDecoder();
 var auth = (req) => {
-  const match = CREDENTIALS_REGEXP.exec(req.headers.get("Authorization") || "");
-  if (!match) {
+  const match2 = CREDENTIALS_REGEXP.exec(req.headers.get("Authorization") || "");
+  if (!match2) {
     return void 0;
   }
   let userPass = void 0;
   try {
-    userPass = USER_PASS_REGEXP.exec(utf8Decoder.decode(decodeBase64(match[1])));
+    userPass = USER_PASS_REGEXP.exec(utf8Decoder.decode(decodeBase64(match2[1])));
   } catch {
   }
   if (!userPass) {
@@ -1645,7 +1590,7 @@ var auth = (req) => {
   return { username: userPass[1], password: userPass[2] };
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/utils/crypto.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/utils/crypto.js
 var sha256 = async (data) => {
   const algorithm = { name: "SHA-256", alias: "sha256" };
   const hash = await createHash(data, algorithm);
@@ -1674,7 +1619,7 @@ var createHash = async (data, algorithm) => {
   return null;
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/utils/buffer.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/utils/buffer.js
 var timingSafeEqual = async (a, b, hashFunction) => {
   if (!hashFunction) {
     hashFunction = sha256;
@@ -1686,7 +1631,7 @@ var timingSafeEqual = async (a, b, hashFunction) => {
   return sa === sb && a === b;
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/middleware/basic-auth/index.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/middleware/basic-auth/index.js
 var basicAuth = (options, ...users) => {
   const usernamePasswordInOptions = "username" in options && "password" in options;
   const verifyUserInOptions = "verifyUser" in options;
@@ -1741,7 +1686,7 @@ var basicAuth = (options, ...users) => {
   };
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/middleware/cors/index.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/middleware/cors/index.js
 var cors = (options) => {
   const defaults = {
     origin: "*",
@@ -1766,22 +1711,23 @@ var cors = (options) => {
       return (origin) => optsOrigin.includes(origin) ? origin : null;
     }
   })(opts.origin);
+  const findAllowMethods = ((optsAllowMethods) => {
+    if (typeof optsAllowMethods === "function") {
+      return optsAllowMethods;
+    } else if (Array.isArray(optsAllowMethods)) {
+      return () => optsAllowMethods;
+    } else {
+      return () => [];
+    }
+  })(opts.allowMethods);
   return async function cors2(c, next) {
     function set(key, value) {
       c.res.headers.set(key, value);
     }
-    const allowOrigin = findAllowOrigin(c.req.header("origin") || "", c);
+    const allowOrigin = await findAllowOrigin(c.req.header("origin") || "", c);
     if (allowOrigin) {
       set("Access-Control-Allow-Origin", allowOrigin);
     }
-    if (opts.origin !== "*") {
-      const existingVary = c.req.header("Vary");
-      if (existingVary) {
-        set("Vary", existingVary);
-      } else {
-        set("Vary", "Origin");
-      }
-    }
     if (opts.credentials) {
       set("Access-Control-Allow-Credentials", "true");
     }
@@ -1789,11 +1735,15 @@ var cors = (options) => {
       set("Access-Control-Expose-Headers", opts.exposeHeaders.join(","));
     }
     if (c.req.method === "OPTIONS") {
+      if (opts.origin !== "*") {
+        set("Vary", "Origin");
+      }
       if (opts.maxAge != null) {
         set("Access-Control-Max-Age", opts.maxAge.toString());
       }
-      if (opts.allowMethods?.length) {
-        set("Access-Control-Allow-Methods", opts.allowMethods.join(","));
+      const allowMethods = await findAllowMethods(c.req.header("origin") || "", c);
+      if (allowMethods.length) {
+        set("Access-Control-Allow-Methods", allowMethods.join(","));
       }
       let headers = opts.allowHeaders;
       if (!headers?.length) {
@@ -1815,11 +1765,14 @@ var cors = (options) => {
       });
     }
     await next();
+    if (opts.origin !== "*") {
+      c.header("Vary", "Origin", { append: true });
+    }
   };
 };
 
 // src/index.ts
-var import_zod13 = require("zod");
+var import_zod17 = require("zod");
 
 // src/foundation/middlewares/readonly.ts
 async function readOnlyMiddleware(c, next) {
@@ -1842,7 +1795,7 @@ async function readOnlyMiddleware(c, next) {
 }
 
 // package.json
-var version = "1.1.10";
+var version = "1.1.12";
 
 // src/foundation/settings.ts
 var settings = {
@@ -1887,23 +1840,135 @@ var CreateFolder = class extends import_chanfana.OpenAPIRoute {
   }
 };
 
-// src/modules/buckets/deleteObject.ts
+// src/modules/buckets/createShareLink.ts
 var import_chanfana2 = require("chanfana");
 var import_zod2 = require("zod");
-var DeleteObject = class extends import_chanfana2.OpenAPIRoute {
+var CreateShareLink = class extends import_chanfana2.OpenAPIRoute {
   schema = {
-    operationId: "post-bucket-delete-object",
+    operationId: "post-bucket-create-share-link",
     tags: ["Buckets"],
-    summary: "Delete object",
+    summary: "Create shareable link for file",
     request: {
       params: import_zod2.z.object({
-        bucket: import_zod2.z.string()
+        bucket: import_zod2.z.string(),
+        key: import_zod2.z.string()
       }),
       body: {
         content: {
           "application/json": {
             schema: import_zod2.z.object({
-              key: import_zod2.z.string().describe("base64 encoded file key")
+              expiresIn: import_zod2.z.number().optional().describe("Expiration time in seconds"),
+              password: import_zod2.z.string().optional().describe("Optional password"),
+              maxDownloads: import_zod2.z.number().optional().describe("Maximum downloads")
+            })
+          }
+        }
+      }
+    },
+    responses: {
+      "200": {
+        description: "Share link created successfully",
+        content: {
+          "application/json": {
+            schema: import_zod2.z.object({
+              shareId: import_zod2.z.string(),
+              shareUrl: import_zod2.z.string(),
+              expiresAt: import_zod2.z.number().optional()
+            })
+          }
+        }
+      }
+    }
+  };
+  async handle(c) {
+    const data = await this.getValidatedData();
+    const bucketName = data.params.bucket;
+    const bucket = c.env[bucketName];
+    if (!bucket) {
+      throw new HTTPException(500, {
+        message: `Bucket binding not found: ${bucketName}`
+      });
+    }
+    const key = decodeURIComponent(escape(atob(data.params.key)));
+    const fileExists = await bucket.head(key);
+    if (!fileExists) {
+      throw new HTTPException(404, {
+        message: `File not found: ${key}`
+      });
+    }
+    let shareId = "";
+    let attempts = 0;
+    const maxAttempts = 5;
+    while (attempts < maxAttempts) {
+      shareId = crypto.randomUUID().replace(/-/g, "").substring(0, 10);
+      const existingShare = await bucket.head(
+        `.r2-explorer/sharable-links/${shareId}.json`
+      );
+      if (!existingShare) {
+        break;
+      }
+      attempts++;
+    }
+    if (attempts === maxAttempts) {
+      throw new HTTPException(500, {
+        message: "Failed to generate unique share ID"
+      });
+    }
+    let passwordHash;
+    if (data.body.password) {
+      const encoder = new TextEncoder();
+      const passwordData = encoder.encode(data.body.password);
+      const hashBuffer = await crypto.subtle.digest("SHA-256", passwordData);
+      passwordHash = Array.from(new Uint8Array(hashBuffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+    }
+    const expiresAt = data.body.expiresIn ? Date.now() + data.body.expiresIn * 1e3 : void 0;
+    const shareMetadata = {
+      bucket: bucketName,
+      key,
+      expiresAt,
+      passwordHash,
+      maxDownloads: data.body.maxDownloads,
+      currentDownloads: 0,
+      createdBy: c.get("authentication_username") || "anonymous",
+      createdAt: Date.now()
+    };
+    await bucket.put(
+      `.r2-explorer/sharable-links/${shareId}.json`,
+      JSON.stringify(shareMetadata),
+      {
+        httpMetadata: { contentType: "application/json" },
+        customMetadata: {
+          targetBucket: bucketName,
+          targetKey: key
+        }
+      }
+    );
+    const shareUrl = `${new URL(c.req.url).origin}/share/${shareId}`;
+    return c.json({
+      shareId,
+      shareUrl,
+      expiresAt
+    });
+  }
+};
+
+// src/modules/buckets/deleteObject.ts
+var import_chanfana3 = require("chanfana");
+var import_zod3 = require("zod");
+var DeleteObject = class extends import_chanfana3.OpenAPIRoute {
+  schema = {
+    operationId: "post-bucket-delete-object",
+    tags: ["Buckets"],
+    summary: "Delete object",
+    request: {
+      params: import_zod3.z.object({
+        bucket: import_zod3.z.string()
+      }),
+      body: {
+        content: {
+          "application/json": {
+            schema: import_zod3.z.object({
+              key: import_zod3.z.string().describe("base64 encoded file key")
             })
           }
         }
@@ -1925,24 +1990,73 @@ var DeleteObject = class extends import_chanfana2.OpenAPIRoute {
   }
 };
 
+// src/modules/buckets/deleteShareLink.ts
+var import_chanfana4 = require("chanfana");
+var import_zod4 = require("zod");
+var DeleteShareLink = class extends import_chanfana4.OpenAPIRoute {
+  schema = {
+    operationId: "delete-bucket-share-link",
+    tags: ["Buckets"],
+    summary: "Revoke/delete a share link",
+    request: {
+      params: import_zod4.z.object({
+        bucket: import_zod4.z.string(),
+        shareId: import_zod4.z.string().describe("10-character share ID")
+      })
+    },
+    responses: {
+      "200": {
+        description: "Share link deleted successfully",
+        content: {
+          "application/json": {
+            schema: import_zod4.z.object({
+              success: import_zod4.z.boolean()
+            })
+          }
+        }
+      }
+    }
+  };
+  async handle(c) {
+    const data = await this.getValidatedData();
+    const bucketName = data.params.bucket;
+    const bucket = c.env[bucketName];
+    if (!bucket) {
+      throw new HTTPException(500, {
+        message: `Bucket binding not found: ${bucketName}`
+      });
+    }
+    const shareId = data.params.shareId;
+    const shareKey = `.r2-explorer/sharable-links/${shareId}.json`;
+    const shareExists = await bucket.head(shareKey);
+    if (!shareExists) {
+      throw new HTTPException(404, {
+        message: `Share link not found: ${shareId}`
+      });
+    }
+    await bucket.delete(shareKey);
+    return c.json({ success: true });
+  }
+};
+
 // src/modules/buckets/getObject.ts
-var import_chanfana3 = require("chanfana");
-var import_zod3 = require("zod");
-var GetObject = class extends import_chanfana3.OpenAPIRoute {
+var import_chanfana5 = require("chanfana");
+var import_zod5 = require("zod");
+var GetObject = class extends import_chanfana5.OpenAPIRoute {
   schema = {
     operationId: "get-bucket-object",
     tags: ["Buckets"],
     summary: "Get Object",
     request: {
-      params: import_zod3.z.object({
-        bucket: import_zod3.z.string(),
-        key: import_zod3.z.string().describe("base64 encoded file key")
+      params: import_zod5.z.object({
+        bucket: import_zod5.z.string(),
+        key: import_zod5.z.string().describe("base64 encoded file key")
       })
     },
     responses: {
       "200": {
         description: "File binary",
-        schema: import_zod3.z.string().openapi({ format: "binary" })
+        schema: import_zod5.z.string().openapi({ format: "binary" })
       }
     }
   };
@@ -1958,10 +2072,14 @@ var GetObject = class extends import_chanfana3.OpenAPIRoute {
     let filePath;
     try {
       filePath = decodeURIComponent(escape(atob(data.params.key)));
-    } catch (e) {
-      filePath = decodeURIComponent(
-        escape(atob(decodeURIComponent(data.params.key)))
-      );
+    } catch {
+      try {
+        filePath = decodeURIComponent(
+          escape(atob(decodeURIComponent(data.params.key)))
+        );
+      } catch {
+        filePath = escape(atob(decodeURIComponent(data.params.key)));
+      }
     }
     const object = await bucket.get(filePath);
     if (object === null) {
@@ -1970,6 +2088,7 @@ var GetObject = class extends import_chanfana3.OpenAPIRoute {
     const headers = new Headers();
     object.writeHttpMetadata(headers);
     headers.set("etag", object.httpEtag);
+    headers.set("content-length", object.size.toString());
     headers.set(
       "Content-Disposition",
       `attachment; filename="${filePath.split("/").pop()}"`
@@ -1980,18 +2099,137 @@ var GetObject = class extends import_chanfana3.OpenAPIRoute {
   }
 };
 
+// src/modules/buckets/getShareLink.ts
+var import_chanfana6 = require("chanfana");
+var import_zod6 = require("zod");
+var GetShareLink = class extends import_chanfana6.OpenAPIRoute {
+  schema = {
+    operationId: "get-share-link",
+    tags: ["Sharing"],
+    summary: "Access shared file",
+    security: [],
+    // Public endpoint - no auth required
+    request: {
+      params: import_zod6.z.object({
+        shareId: import_zod6.z.string().describe("10-character share ID")
+      }),
+      query: import_zod6.z.object({
+        password: import_zod6.z.string().optional().describe("Password for protected shares")
+      })
+    },
+    responses: {
+      "200": {
+        description: "File retrieved successfully"
+      },
+      "401": {
+        description: "Password required or incorrect"
+      },
+      "404": {
+        description: "Share link not found"
+      },
+      "410": {
+        description: "Share link expired"
+      },
+      "403": {
+        description: "Download limit reached"
+      }
+    }
+  };
+  async handle(c) {
+    const data = await this.getValidatedData();
+    const shareId = data.params.shareId;
+    let shareMetadata = null;
+    let bucket = null;
+    for (const key in c.env) {
+      if (key === "ASSETS") continue;
+      const currentBucket = c.env[key];
+      if (!currentBucket.get || typeof currentBucket.get !== "function") {
+        continue;
+      }
+      const shareObject = await currentBucket.get(
+        `.r2-explorer/sharable-links/${shareId}.json`
+      );
+      if (shareObject) {
+        shareMetadata = JSON.parse(await shareObject.text());
+        bucket = currentBucket;
+        break;
+      }
+    }
+    if (!shareMetadata || !bucket) {
+      throw new HTTPException(404, {
+        message: "Share link not found"
+      });
+    }
+    if (shareMetadata.expiresAt && Date.now() > shareMetadata.expiresAt) {
+      throw new HTTPException(410, {
+        message: "Share link expired"
+      });
+    }
+    if (shareMetadata.maxDownloads && shareMetadata.currentDownloads >= shareMetadata.maxDownloads) {
+      throw new HTTPException(403, {
+        message: "Download limit reached"
+      });
+    }
+    if (shareMetadata.passwordHash) {
+      if (!data.query.password) {
+        throw new HTTPException(401, {
+          message: "Password required"
+        });
+      }
+      const encoder = new TextEncoder();
+      const passwordData = encoder.encode(data.query.password);
+      const hashBuffer = await crypto.subtle.digest("SHA-256", passwordData);
+      const providedHash = Array.from(new Uint8Array(hashBuffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+      if (providedHash !== shareMetadata.passwordHash) {
+        throw new HTTPException(401, {
+          message: "Incorrect password"
+        });
+      }
+    }
+    shareMetadata.currentDownloads++;
+    await bucket.put(
+      `.r2-explorer/sharable-links/${shareId}.json`,
+      JSON.stringify(shareMetadata),
+      {
+        httpMetadata: { contentType: "application/json" },
+        customMetadata: {
+          targetBucket: shareMetadata.bucket,
+          targetKey: shareMetadata.key
+        }
+      }
+    );
+    const file = await bucket.get(shareMetadata.key);
+    if (!file) {
+      throw new HTTPException(404, {
+        message: "Shared file not found"
+      });
+    }
+    const headers = new Headers();
+    file.writeHttpMetadata(headers);
+    headers.set("etag", file.httpEtag);
+    const fileName = shareMetadata.key.split("/").pop() || "download";
+    headers.set(
+      "Content-Disposition",
+      `attachment; filename="${encodeURIComponent(fileName)}"`
+    );
+    return new Response(file.body, {
+      headers
+    });
+  }
+};
+
 // src/modules/buckets/headObject.ts
-var import_chanfana4 = require("chanfana");
-var import_zod4 = require("zod");
-var HeadObject = class extends import_chanfana4.OpenAPIRoute {
+var import_chanfana7 = require("chanfana");
+var import_zod7 = require("zod");
+var HeadObject = class extends import_chanfana7.OpenAPIRoute {
   schema = {
     operationId: "Head-bucket-object",
     tags: ["Buckets"],
     summary: "Get Object",
     request: {
-      params: import_zod4.z.object({
-        bucket: import_zod4.z.string(),
-        key: import_zod4.z.string().describe("base64 encoded file key")
+      params: import_zod7.z.object({
+        bucket: import_zod7.z.string(),
+        key: import_zod7.z.string().describe("base64 encoded file key")
       })
     }
   };
@@ -2021,24 +2259,24 @@ var HeadObject = class extends import_chanfana4.OpenAPIRoute {
 };
 
 // src/modules/buckets/listObjects.ts
-var import_chanfana5 = require("chanfana");
-var import_zod5 = require("zod");
-var ListObjects = class extends import_chanfana5.OpenAPIRoute {
+var import_chanfana8 = require("chanfana");
+var import_zod8 = require("zod");
+var ListObjects = class extends import_chanfana8.OpenAPIRoute {
   schema = {
     operationId: "get-bucket-list-objects",
     tags: ["Buckets"],
     summary: "List objects",
     request: {
-      params: import_zod5.z.object({
-        bucket: import_zod5.z.string()
+      params: import_zod8.z.object({
+        bucket: import_zod8.z.string()
       }),
-      query: import_zod5.z.object({
-        limit: import_zod5.z.number().optional(),
-        prefix: import_zod5.z.string().nullable().optional().describe("base64 encoded prefix"),
-        cursor: import_zod5.z.string().nullable().optional(),
-        delimiter: import_zod5.z.string().nullable().optional(),
-        startAfter: import_zod5.z.string().nullable().optional(),
-        include: import_zod5.z.enum(["httpMetadata", "customMetadata"]).array().optional()
+      query: import_zod8.z.object({
+        limit: import_zod8.z.number().optional(),
+        prefix: import_zod8.z.string().nullable().optional().describe("base64 encoded prefix"),
+        cursor: import_zod8.z.string().nullable().optional(),
+        delimiter: import_zod8.z.string().nullable().optional(),
+        startAfter: import_zod8.z.string().nullable().optional(),
+        include: import_zod8.z.enum(["httpMetadata", "customMetadata"]).array().optional()
       })
     }
   };
@@ -2064,24 +2302,102 @@ var ListObjects = class extends import_chanfana5.OpenAPIRoute {
   }
 };
 
+// src/modules/buckets/listShares.ts
+var import_chanfana9 = require("chanfana");
+var import_zod9 = require("zod");
+var ListShares = class extends import_chanfana9.OpenAPIRoute {
+  schema = {
+    operationId: "get-bucket-shares",
+    tags: ["Buckets"],
+    summary: "List all active shares in bucket",
+    request: {
+      params: import_zod9.z.object({
+        bucket: import_zod9.z.string()
+      })
+    },
+    responses: {
+      "200": {
+        description: "List of active shares",
+        content: {
+          "application/json": {
+            schema: import_zod9.z.object({
+              shares: import_zod9.z.array(
+                import_zod9.z.object({
+                  shareId: import_zod9.z.string(),
+                  shareUrl: import_zod9.z.string(),
+                  key: import_zod9.z.string(),
+                  expiresAt: import_zod9.z.number().optional(),
+                  maxDownloads: import_zod9.z.number().optional(),
+                  currentDownloads: import_zod9.z.number(),
+                  createdBy: import_zod9.z.string(),
+                  createdAt: import_zod9.z.number(),
+                  isExpired: import_zod9.z.boolean(),
+                  hasPassword: import_zod9.z.boolean()
+                })
+              )
+            })
+          }
+        }
+      }
+    }
+  };
+  async handle(c) {
+    const data = await this.getValidatedData();
+    const bucketName = data.params.bucket;
+    const bucket = c.env[bucketName];
+    if (!bucket) {
+      throw new HTTPException(500, {
+        message: `Bucket binding not found: ${bucketName}`
+      });
+    }
+    const sharesList = await bucket.list({
+      prefix: ".r2-explorer/sharable-links/"
+    });
+    const shares = [];
+    const now = Date.now();
+    const origin = new URL(c.req.url).origin;
+    for (const obj of sharesList.objects) {
+      const shareId = obj.key.split("/").pop()?.replace(".json", "");
+      if (!shareId) continue;
+      const shareObject = await bucket.get(obj.key);
+      if (!shareObject) continue;
+      const metadata = JSON.parse(await shareObject.text());
+      const isExpired = !!(metadata.expiresAt && now > metadata.expiresAt);
+      shares.push({
+        shareId,
+        shareUrl: `${origin}/share/${shareId}`,
+        key: metadata.key,
+        expiresAt: metadata.expiresAt,
+        maxDownloads: metadata.maxDownloads,
+        currentDownloads: metadata.currentDownloads || 0,
+        createdBy: metadata.createdBy,
+        createdAt: metadata.createdAt,
+        isExpired,
+        hasPassword: !!metadata.passwordHash
+      });
+    }
+    return c.json({ shares });
+  }
+};
+
 // src/modules/buckets/moveObject.ts
-var import_chanfana6 = require("chanfana");
-var import_zod6 = require("zod");
-var MoveObject = class extends import_chanfana6.OpenAPIRoute {
+var import_chanfana10 = require("chanfana");
+var import_zod10 = require("zod");
+var MoveObject = class extends import_chanfana10.OpenAPIRoute {
   schema = {
     operationId: "post-bucket-move-object",
     tags: ["Buckets"],
     summary: "Move object",
     request: {
-      params: import_zod6.z.object({
-        bucket: import_zod6.z.string()
+      params: import_zod10.z.object({
+        bucket: import_zod10.z.string()
       }),
       body: {
         content: {
           "application/json": {
-            schema: import_zod6.z.object({
-              oldKey: import_zod6.z.string().describe("base64 encoded file key"),
-              newKey: import_zod6.z.string().describe("base64 encoded file key")
+            schema: import_zod10.z.object({
+              oldKey: import_zod10.z.string().describe("base64 encoded file key"),
+              newKey: import_zod10.z.string().describe("base64 encoded file key")
             })
           }
         }
@@ -2115,27 +2431,27 @@ var MoveObject = class extends import_chanfana6.OpenAPIRoute {
 };
 
 // src/modules/buckets/multipart/completeUpload.ts
-var import_chanfana7 = require("chanfana");
-var import_zod7 = require("zod");
-var CompleteUpload = class extends import_chanfana7.OpenAPIRoute {
+var import_chanfana11 = require("chanfana");
+var import_zod11 = require("zod");
+var CompleteUpload = class extends import_chanfana11.OpenAPIRoute {
   schema = {
     operationId: "post-multipart-complete-upload",
     tags: ["Multipart"],
     summary: "Complete upload",
     request: {
-      params: import_zod7.z.object({
-        bucket: import_zod7.z.string()
+      params: import_zod11.z.object({
+        bucket: import_zod11.z.string()
       }),
       body: {
         content: {
           "application/json": {
-            schema: import_zod7.z.object({
-              uploadId: import_zod7.z.string(),
-              parts: import_zod7.z.object({
-                etag: import_zod7.z.string(),
-                partNumber: import_zod7.z.number().int()
+            schema: import_zod11.z.object({
+              uploadId: import_zod11.z.string(),
+              parts: import_zod11.z.object({
+                etag: import_zod11.z.string(),
+                partNumber: import_zod11.z.number().int()
               }).array(),
-              key: import_zod7.z.string().describe("base64 encoded file key")
+              key: import_zod11.z.string().describe("base64 encoded file key")
             })
           }
         }
@@ -2145,6 +2461,12 @@ var CompleteUpload = class extends import_chanfana7.OpenAPIRoute {
   async handle(c) {
     const data = await this.getValidatedData();
     const bucket = c.env[data.params.bucket];
+    if (!bucket || typeof bucket !== "object" || !("resumeMultipartUpload" in bucket)) {
+      return Response.json(
+        { error: `Bucket binding not found: ${data.params.bucket}` },
+        { status: 500 }
+      );
+    }
     const uploadId = data.body.uploadId;
     const key = decodeURIComponent(escape(atob(data.body.key)));
     const parts = data.body.parts;
@@ -2162,27 +2484,33 @@ var CompleteUpload = class extends import_chanfana7.OpenAPIRoute {
 };
 
 // src/modules/buckets/multipart/createUpload.ts
-var import_chanfana8 = require("chanfana");
-var import_zod8 = require("zod");
-var CreateUpload = class extends import_chanfana8.OpenAPIRoute {
+var import_chanfana12 = require("chanfana");
+var import_zod12 = require("zod");
+var CreateUpload = class extends import_chanfana12.OpenAPIRoute {
   schema = {
     operationId: "post-multipart-create-upload",
     tags: ["Multipart"],
     summary: "Create upload",
     request: {
-      params: import_zod8.z.object({
-        bucket: import_zod8.z.string()
+      params: import_zod12.z.object({
+        bucket: import_zod12.z.string()
       }),
-      query: import_zod8.z.object({
-        key: import_zod8.z.string().describe("base64 encoded file key"),
-        customMetadata: import_zod8.z.string().nullable().optional().describe("base64 encoded json string"),
-        httpMetadata: import_zod8.z.string().nullable().optional().describe("base64 encoded json string")
+      query: import_zod12.z.object({
+        key: import_zod12.z.string().describe("base64 encoded file key"),
+        customMetadata: import_zod12.z.string().nullable().optional().describe("base64 encoded json string"),
+        httpMetadata: import_zod12.z.string().nullable().optional().describe("base64 encoded json string")
       })
     }
   };
   async handle(c) {
     const data = await this.getValidatedData();
     const bucket = c.env[data.params.bucket];
+    if (!bucket || typeof bucket !== "object" || !("createMultipartUpload" in bucket)) {
+      return Response.json(
+        { error: `Bucket binding not found: ${data.params.bucket}` },
+        { status: 500 }
+      );
+    }
     const key = decodeURIComponent(escape(atob(data.query.key)));
     let customMetadata = void 0;
     if (data.query.customMetadata) {
@@ -2204,9 +2532,9 @@ var CreateUpload = class extends import_chanfana8.OpenAPIRoute {
 };
 
 // src/modules/buckets/multipart/partUpload.ts
-var import_chanfana9 = require("chanfana");
-var import_zod9 = require("zod");
-var PartUpload = class extends import_chanfana9.OpenAPIRoute {
+var import_chanfana13 = require("chanfana");
+var import_zod13 = require("zod");
+var PartUpload = class extends import_chanfana13.OpenAPIRoute {
   schema = {
     operationId: "post-multipart-part-upload",
     tags: ["Multipart"],
@@ -2215,26 +2543,32 @@ var PartUpload = class extends import_chanfana9.OpenAPIRoute {
       body: {
         content: {
           "application/octet-stream": {
-            schema: import_zod9.z.object({}).openapi({
+            schema: import_zod13.z.object({}).openapi({
               type: "string",
               format: "binary"
             })
           }
         }
       },
-      params: import_zod9.z.object({
-        bucket: import_zod9.z.string()
+      params: import_zod13.z.object({
+        bucket: import_zod13.z.string()
       }),
-      query: import_zod9.z.object({
-        key: import_zod9.z.string().describe("base64 encoded file key"),
-        uploadId: import_zod9.z.string(),
-        partNumber: import_zod9.z.number().int()
+      query: import_zod13.z.object({
+        key: import_zod13.z.string().describe("base64 encoded file key"),
+        uploadId: import_zod13.z.string(),
+        partNumber: import_zod13.z.number().int()
       })
     }
   };
   async handle(c) {
     const data = await this.getValidatedData();
     const bucket = c.env[data.params.bucket];
+    if (!bucket || typeof bucket !== "object" || !("resumeMultipartUpload" in bucket)) {
+      return Response.json(
+        { error: `Bucket binding not found: ${data.params.bucket}` },
+        { status: 500 }
+      );
+    }
     const key = decodeURIComponent(escape(atob(data.query.key)));
     const multipartUpload = bucket.resumeMultipartUpload(
       key,
@@ -2252,24 +2586,24 @@ var PartUpload = class extends import_chanfana9.OpenAPIRoute {
 };
 
 // src/modules/buckets/putMetadata.ts
-var import_chanfana10 = require("chanfana");
-var import_zod10 = require("zod");
-var PutMetadata = class extends import_chanfana10.OpenAPIRoute {
+var import_chanfana14 = require("chanfana");
+var import_zod14 = require("zod");
+var PutMetadata = class extends import_chanfana14.OpenAPIRoute {
   schema = {
     operationId: "post-bucket-put-object-metadata",
     tags: ["Buckets"],
     summary: "Update object metadata",
     request: {
-      params: import_zod10.z.object({
-        bucket: import_zod10.z.string(),
-        key: import_zod10.z.string().describe("base64 encoded file key")
+      params: import_zod14.z.object({
+        bucket: import_zod14.z.string(),
+        key: import_zod14.z.string().describe("base64 encoded file key")
       }),
       body: {
         content: {
           "application/json": {
-            schema: import_zod10.z.object({
-              customMetadata: import_zod10.z.record(import_zod10.z.string(), import_zod10.z.any()),
-              httpMetadata: import_zod10.z.record(import_zod10.z.string(), import_zod10.z.any())
+            schema: import_zod14.z.object({
+              customMetadata: import_zod14.z.record(import_zod14.z.string(), import_zod14.z.any()),
+              httpMetadata: import_zod14.z.record(import_zod14.z.string(), import_zod14.z.any())
             }).openapi("Object metadata")
           }
         }
@@ -2305,9 +2639,9 @@ var PutMetadata = class extends import_chanfana10.OpenAPIRoute {
 };
 
 // src/modules/buckets/putObject.ts
-var import_chanfana11 = require("chanfana");
-var import_zod11 = require("zod");
-var PutObject = class extends import_chanfana11.OpenAPIRoute {
+var import_chanfana15 = require("chanfana");
+var import_zod15 = require("zod");
+var PutObject = class extends import_chanfana15.OpenAPIRoute {
   schema = {
     operationId: "post-bucket-upload-object",
     tags: ["Buckets"],
@@ -2316,20 +2650,20 @@ var PutObject = class extends import_chanfana11.OpenAPIRoute {
       body: {
         content: {
           "application/octet-stream": {
-            schema: import_zod11.z.object({}).openapi({
+            schema: import_zod15.z.object({}).openapi({
               type: "string",
               format: "binary"
             })
           }
         }
       },
-      params: import_zod11.z.object({
-        bucket: import_zod11.z.string()
+      params: import_zod15.z.object({
+        bucket: import_zod15.z.string()
       }),
-      query: import_zod11.z.object({
-        key: import_zod11.z.string().describe("base64 encoded file key"),
-        customMetadata: import_zod11.z.string().nullable().optional().describe("base64 encoded json string"),
-        httpMetadata: import_zod11.z.string().nullable().optional().describe("base64 encoded json string")
+      query: import_zod15.z.object({
+        key: import_zod15.z.string().describe("base64 encoded file key"),
+        customMetadata: import_zod15.z.string().nullable().optional().describe("base64 encoded json string"),
+        httpMetadata: import_zod15.z.string().nullable().optional().describe("base64 encoded json string")
       })
     }
   };
@@ -2414,7 +2748,7 @@ async function streamToArrayBuffer(stream, streamSize) {
 }
 async function receiveEmail(event, env, ctx, config) {
   let bucket;
-  if (config?.emailRouting?.targetBucket && env[config.emailRouting.targetBucket]) {
+  if (config?.emailRouting && typeof config.emailRouting === "object" && config.emailRouting.targetBucket && env[config.emailRouting.targetBucket]) {
     bucket = env[config.emailRouting.targetBucket];
   }
   if (!bucket) {
@@ -2454,9 +2788,9 @@ async function receiveEmail(event, env, ctx, config) {
 }
 
 // src/modules/emails/sendEmail.ts
-var import_chanfana12 = require("chanfana");
-var import_zod12 = require("zod");
-var SendEmail = class extends import_chanfana12.OpenAPIRoute {
+var import_chanfana16 = require("chanfana");
+var import_zod16 = require("zod");
+var SendEmail = class extends import_chanfana16.OpenAPIRoute {
   schema = {
     operationId: "post-email-send",
     tags: ["Emails"],
@@ -2465,17 +2799,17 @@ var SendEmail = class extends import_chanfana12.OpenAPIRoute {
       body: {
         content: {
           "application/json": {
-            schema: import_zod12.z.object({
-              subject: (0, import_chanfana12.Str)({ example: "Look! No servers" }),
-              from: import_zod12.z.object({
-                email: (0, import_chanfana12.Str)({ example: "sender@example.com" }),
-                name: (0, import_chanfana12.Str)({ example: "Workers - MailChannels integration" })
+            schema: import_zod16.z.object({
+              subject: (0, import_chanfana16.Str)({ example: "Look! No servers" }),
+              from: import_zod16.z.object({
+                email: (0, import_chanfana16.Str)({ example: "sender@example.com" }),
+                name: (0, import_chanfana16.Str)({ example: "Workers - MailChannels integration" })
               }),
-              to: import_zod12.z.object({
-                email: (0, import_chanfana12.Str)({ example: "test@example.com" }),
-                name: (0, import_chanfana12.Str)({ example: "Test Recipient" })
+              to: import_zod16.z.object({
+                email: (0, import_chanfana16.Str)({ example: "test@example.com" }),
+                name: (0, import_chanfana16.Str)({ example: "Test Recipient" })
               }).array(),
-              content: import_zod12.z.object({}).catchall(import_zod12.z.string())
+              content: import_zod16.z.object({}).catchall(import_zod16.z.string())
             })
           }
         }
@@ -2493,8 +2827,8 @@ var SendEmail = class extends import_chanfana12.OpenAPIRoute {
 };
 
 // src/modules/server/getInfo.ts
-var import_chanfana13 = require("chanfana");
-var GetInfo = class extends import_chanfana13.OpenAPIRoute {
+var import_chanfana17 = require("chanfana");
+var GetInfo = class extends import_chanfana17.OpenAPIRoute {
   schema = {
     operationId: "get-server-info",
     tags: ["Server"],
@@ -2504,7 +2838,7 @@ var GetInfo = class extends import_chanfana13.OpenAPIRoute {
     const { basicAuth: basicAuth2, ...config } = c.get("config");
     const buckets = [];
     for (const [key, value] of Object.entries(c.env)) {
-      if (value.get && value.put && value.get.toString().includes("function") && value.put.toString().includes("function")) {
+      if (value && typeof value === "object" && "get" in value && "put" in value && "list" in value && typeof value.get === "function" && typeof value.put === "function" && typeof value.list === "function") {
         buckets.push({ name: key });
       }
     }
@@ -2522,7 +2856,7 @@ var GetInfo = class extends import_chanfana13.OpenAPIRoute {
 
 // src/index.ts
 function R2Explorer(config) {
-  (0, import_chanfana14.extendZodWithOpenApi)(import_zod13.z);
+  (0, import_chanfana18.extendZodWithOpenApi)(import_zod17.z);
   config = config || {};
   if (config.readonly !== false) config.readonly = true;
   const openapiSchema = {
@@ -2544,7 +2878,7 @@ function R2Explorer(config) {
     c.set("config", config);
     await next();
   });
-  const openapi = (0, import_chanfana14.fromHono)(app, {
+  const openapi = (0, import_chanfana18.fromHono)(app, {
     schema: openapiSchema,
     raiseUnknownParameters: true,
     generateOperationIds: false
@@ -2597,9 +2931,13 @@ function R2Explorer(config) {
   openapi.post("/api/buckets/:bucket/delete", DeleteObject);
   openapi.on("head", "/api/buckets/:bucket/:key", HeadObject);
   openapi.get("/api/buckets/:bucket/:key/head", HeadObject);
+  openapi.post("/api/buckets/:bucket/:key/share", CreateShareLink);
+  openapi.get("/api/buckets/:bucket/shares", ListShares);
+  openapi.delete("/api/buckets/:bucket/share/:shareId", DeleteShareLink);
   openapi.get("/api/buckets/:bucket/:key", GetObject);
   openapi.post("/api/buckets/:bucket/:key", PutMetadata);
   openapi.post("/api/emails/send", SendEmail);
+  openapi.get("/share/:shareId", GetShareLink);
   openapi.get("/", dashboardIndex);
   openapi.get("*", dashboardRedirect);
   app.all(