r2-explorer 1.1.9 → 1.1.11

package/dist/index.mjs

@@ -5,7 +5,77 @@ import {
   fromHono
 } from "chanfana";
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/utils/body.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/compose.js
+var compose = (middleware, onError, onNotFound) => {
+  return (context, next) => {
+    let index = -1;
+    return dispatch(0);
+    async function dispatch(i) {
+      if (i <= index) {
+        throw new Error("next() called multiple times");
+      }
+      index = i;
+      let res;
+      let isError = false;
+      let handler;
+      if (middleware[i]) {
+        handler = middleware[i][0][0];
+        context.req.routeIndex = i;
+      } else {
+        handler = i === middleware.length && next || void 0;
+      }
+      if (handler) {
+        try {
+          res = await handler(context, () => dispatch(i + 1));
+        } catch (err) {
+          if (err instanceof Error && onError) {
+            context.error = err;
+            res = await onError(err, context);
+            isError = true;
+          } else {
+            throw err;
+          }
+        }
+      } else {
+        if (context.finalized === false && onNotFound) {
+          res = await onNotFound(context);
+        }
+      }
+      if (res && (context.finalized === false || isError)) {
+        context.res = res;
+      }
+      return context;
+    }
+  };
+};
+
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/http-exception.js
+var HTTPException = class extends Error {
+  res;
+  status;
+  constructor(status = 500, options) {
+    super(options?.message, { cause: options?.cause });
+    this.res = options?.res;
+    this.status = status;
+  }
+  getResponse() {
+    if (this.res) {
+      const newResponse = new Response(this.res.body, {
+        status: this.status,
+        headers: this.res.headers
+      });
+      return newResponse;
+    }
+    return new Response(this.message, {
+      status: this.status
+    });
+  }
+};
+
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/request/constants.js
+var GET_MATCH_RESULT = Symbol();
+
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/utils/body.js
 var parseBody = async (request, options = /* @__PURE__ */ Object.create(null)) => {
   const { all = false, dot = false } = options;
   const headers = request instanceof HonoRequest ? request.raw.headers : request.headers;
@@ -52,7 +122,11 @@ var handleParsingAllValues = (form, key, value) => {
       form[key] = [form[key], value];
     }
   } else {
-    form[key] = value;
+    if (!key.endsWith("[]")) {
+      form[key] = value;
+    } else {
+      form[key] = [value];
+    }
   }
 };
 var handleParsingNestedValues = (form, key, value) => {
@@ -70,7 +144,7 @@ var handleParsingNestedValues = (form, key, value) => {
   });
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/utils/url.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/utils/url.js
 var splitPath = (path) => {
   const paths = path.split("/");
   if (paths[0] === "") {
@@ -85,9 +159,9 @@ var splitRoutingPath = (routePath) => {
 };
 var extractGroupsFromPath = (path) => {
   const groups = [];
-  path = path.replace(/\{[^}]+\}/g, (match, index) => {
+  path = path.replace(/\{[^}]+\}/g, (match2, index) => {
     const mark = `@${index}`;
-    groups.push([mark, match]);
+    groups.push([mark, match2]);
     return mark;
   });
   return { groups, path };
@@ -105,20 +179,21 @@ var replaceGroupMarks = (paths, groups) => {
   return paths;
 };
 var patternCache = {};
-var getPattern = (label) => {
+var getPattern = (label, next) => {
   if (label === "*") {
     return "*";
   }
-  const match = label.match(/^\:([^\{\}]+)(?:\{(.+)\})?$/);
-  if (match) {
-    if (!patternCache[label]) {
-      if (match[2]) {
-        patternCache[label] = [label, match[1], new RegExp("^" + match[2] + "$")];
+  const match2 = label.match(/^\:([^\{\}]+)(?:\{(.+)\})?$/);
+  if (match2) {
+    const cacheKey = `${label}#${next}`;
+    if (!patternCache[cacheKey]) {
+      if (match2[2]) {
+        patternCache[cacheKey] = next && next[0] !== ":" && next[0] !== "*" ? [cacheKey, match2[1], new RegExp(`^${match2[2]}(?=/${next})`)] : [label, match2[1], new RegExp(`^${match2[2]}$`)];
       } else {
-        patternCache[label] = [label, match[1], true];
+        patternCache[cacheKey] = [label, match2[1], true];
       }
     }
-    return patternCache[label];
+    return patternCache[cacheKey];
   }
   return null;
 };
@@ -126,11 +201,11 @@ var tryDecode = (str, decoder) => {
   try {
     return decoder(str);
   } catch {
-    return str.replace(/(?:%[0-9A-Fa-f]{2})+/g, (match) => {
+    return str.replace(/(?:%[0-9A-Fa-f]{2})+/g, (match2) => {
       try {
-        return decoder(match);
+        return decoder(match2);
       } catch {
-        return match;
+        return match2;
       }
     });
   }
@@ -138,7 +213,7 @@ var tryDecode = (str, decoder) => {
 var tryDecodeURI = (str) => tryDecode(str, decodeURI);
 var getPath = (request) => {
   const url = request.url;
-  const start = url.indexOf("/", 8);
+  const start = url.indexOf("/", url.indexOf(":") + 4);
   let i = start;
   for (; i < url.length; i++) {
     const charCode = url.charCodeAt(i);
@@ -156,30 +231,14 @@ var getPathNoStrict = (request) => {
   const result = getPath(request);
   return result.length > 1 && result.at(-1) === "/" ? result.slice(0, -1) : result;
 };
-var mergePath = (...paths) => {
-  let p = "";
-  let endsWithSlash = false;
-  for (let path of paths) {
-    if (p.at(-1) === "/") {
-      p = p.slice(0, -1);
-      endsWithSlash = true;
-    }
-    if (path[0] !== "/") {
-      path = `/${path}`;
-    }
-    if (path === "/" && endsWithSlash) {
-      p = `${p}/`;
-    } else if (path !== "/") {
-      p = `${p}${path}`;
-    }
-    if (path === "/" && p === "") {
-      p = "/";
-    }
+var mergePath = (base, sub, ...rest) => {
+  if (rest.length) {
+    sub = mergePath(sub, ...rest);
   }
-  return p;
+  return `${base?.[0] === "/" ? "" : "/"}${base}${sub === "/" ? "" : `${base?.at(-1) === "/" ? "" : "/"}${sub?.[0] === "/" ? sub.slice(1) : sub}`}`;
 };
 var checkOptionalParameter = (path) => {
-  if (!path.match(/\:.+\?$/)) {
+  if (path.charCodeAt(path.length - 1) !== 63 || !path.includes(":")) {
     return null;
   }
   const segments = path.split("/");
@@ -212,14 +271,17 @@ var _decodeURI = (value) => {
   if (value.indexOf("+") !== -1) {
     value = value.replace(/\+/g, " ");
   }
-  return value.indexOf("%") !== -1 ? decodeURIComponent_(value) : value;
+  return value.indexOf("%") !== -1 ? tryDecode(value, decodeURIComponent_) : value;
 };
 var _getQueryParam = (url, key, multiple) => {
   let encoded;
   if (!multiple && key && !/[%+]/.test(key)) {
-    let keyIndex2 = url.indexOf(`?${key}`, 8);
+    let keyIndex2 = url.indexOf("?", 8);
     if (keyIndex2 === -1) {
-      keyIndex2 = url.indexOf(`&${key}`, 8);
+      return void 0;
+    }
+    if (!url.startsWith(key, keyIndex2 + 1)) {
+      keyIndex2 = url.indexOf(`&${key}`, keyIndex2 + 1);
     }
     while (keyIndex2 !== -1) {
       const trailingKeyCode = url.charCodeAt(keyIndex2 + key.length + 1);
@@ -284,7 +346,7 @@ var getQueryParams = (url, key) => {
 };
 var decodeURIComponent_ = decodeURIComponent;
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/request.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/request.js
 var tryDecodeURIComponent = (str) => tryDecode(str, decodeURIComponent_);
 var HonoRequest = class {
   raw;
@@ -305,14 +367,14 @@ var HonoRequest = class {
   #getDecodedParam(key) {
     const paramKey = this.#matchResult[0][this.routeIndex][1][key];
     const param = this.#getParamValue(paramKey);
-    return param ? /\%/.test(param) ? tryDecodeURIComponent(param) : param : void 0;
+    return param && /\%/.test(param) ? tryDecodeURIComponent(param) : param;
   }
   #getAllDecodedParams() {
     const decoded = {};
     const keys = Object.keys(this.#matchResult[0][this.routeIndex][1]);
     for (const key of keys) {
       const value = this.#getParamValue(this.#matchResult[0][this.routeIndex][1][key]);
-      if (value && typeof value === "string") {
+      if (value !== void 0) {
         decoded[key] = /\%/.test(value) ? tryDecodeURIComponent(value) : value;
       }
     }
@@ -329,7 +391,7 @@ var HonoRequest = class {
   }
   header(name) {
     if (name) {
-      return this.raw.headers.get(name.toLowerCase()) ?? void 0;
+      return this.raw.headers.get(name) ?? void 0;
     }
     const headerData = {};
     this.raw.headers.forEach((value, key) => {
@@ -358,7 +420,7 @@ var HonoRequest = class {
     return bodyCache[key] = raw2[key]();
   };
   json() {
-    return this.#cachedBody("json");
+    return this.#cachedBody("text").then((text) => JSON.parse(text));
   }
   text() {
     return this.#cachedBody("text");
@@ -384,6 +446,9 @@ var HonoRequest = class {
   get method() {
     return this.raw.method;
   }
+  get [GET_MATCH_RESULT]() {
+    return this.#matchResult;
+  }
   get matchedRoutes() {
     return this.#matchResult[0].map(([[, route]]) => route);
   }
@@ -392,7 +457,7 @@ var HonoRequest = class {
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/utils/html.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/utils/html.js
 var HtmlEscapedCallbackPhase = {
   Stringify: 1,
   BeforeStream: 2,
@@ -434,13 +499,13 @@ var resolveCallback = async (str, phase, preserveCallbacks, context, buffer) =>
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/context.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/context.js
 var TEXT_PLAIN = "text/plain; charset=UTF-8";
-var setHeaders = (headers, map = {}) => {
-  for (const key of Object.keys(map)) {
-    headers.set(key, map[key]);
-  }
-  return headers;
+var setDefaultContentType = (contentType, headers) => {
+  return {
+    "Content-Type": contentType,
+    ...headers
+  };
 };
 var Context = class {
   #rawRequest;
@@ -449,15 +514,13 @@ var Context = class {
   #var;
   finalized = false;
   error;
-  #status = 200;
+  #status;
   #executionCtx;
-  #headers;
-  #preparedHeaders;
   #res;
-  #isFresh = true;
   #layout;
   #renderer;
   #notFoundHandler;
+  #preparedHeaders;
   #matchResult;
   #path;
   constructor(req, options) {
@@ -489,36 +552,25 @@ var Context = class {
     }
   }
   get res() {
-    this.#isFresh = false;
-    return this.#res ||= new Response("404 Not Found", { status: 404 });
+    return this.#res ||= new Response(null, {
+      headers: this.#preparedHeaders ??= new Headers()
+    });
   }
   set res(_res) {
-    this.#isFresh = false;
     if (this.#res && _res) {
-      try {
-        for (const [k, v] of this.#res.headers.entries()) {
-          if (k === "content-type") {
-            continue;
-          }
-          if (k === "set-cookie") {
-            const cookies = this.#res.headers.getSetCookie();
-            _res.headers.delete("set-cookie");
-            for (const cookie of cookies) {
-              _res.headers.append("set-cookie", cookie);
-            }
-          } else {
-            _res.headers.set(k, v);
-          }
+      _res = new Response(_res.body, _res);
+      for (const [k, v] of this.#res.headers.entries()) {
+        if (k === "content-type") {
+          continue;
         }
-      } catch (e) {
-        if (e instanceof TypeError && e.message.includes("immutable")) {
-          this.res = new Response(_res.body, {
-            headers: _res.headers,
-            status: _res.status
-          });
-          return;
+        if (k === "set-cookie") {
+          const cookies = this.#res.headers.getSetCookie();
+          _res.headers.delete("set-cookie");
+          for (const cookie of cookies) {
+            _res.headers.append("set-cookie", cookie);
+          }
         } else {
-          throw e;
+          _res.headers.set(k, v);
         }
       }
     }
@@ -535,42 +587,19 @@ var Context = class {
     this.#renderer = renderer;
   };
   header = (name, value, options) => {
-    if (value === void 0) {
-      if (this.#headers) {
-        this.#headers.delete(name);
-      } else if (this.#preparedHeaders) {
-        delete this.#preparedHeaders[name.toLocaleLowerCase()];
-      }
-      if (this.finalized) {
-        this.res.headers.delete(name);
-      }
-      return;
+    if (this.finalized) {
+      this.#res = new Response(this.#res.body, this.#res);
     }
-    if (options?.append) {
-      if (!this.#headers) {
-        this.#isFresh = false;
-        this.#headers = new Headers(this.#preparedHeaders);
-        this.#preparedHeaders = {};
-      }
-      this.#headers.append(name, value);
+    const headers = this.#res ? this.#res.headers : this.#preparedHeaders ??= new Headers();
+    if (value === void 0) {
+      headers.delete(name);
+    } else if (options?.append) {
+      headers.append(name, value);
     } else {
-      if (this.#headers) {
-        this.#headers.set(name, value);
-      } else {
-        this.#preparedHeaders ??= {};
-        this.#preparedHeaders[name.toLowerCase()] = value;
-      }
-    }
-    if (this.finalized) {
-      if (options?.append) {
-        this.res.headers.append(name, value);
-      } else {
-        this.res.headers.set(name, value);
-      }
+      headers.set(name, value);
     }
   };
   status = (status) => {
-    this.#isFresh = false;
     this.#status = status;
   };
   set = (key, value) => {
@@ -587,94 +616,58 @@ var Context = class {
     return Object.fromEntries(this.#var);
   }
   #newResponse(data, arg, headers) {
-    if (this.#isFresh && !headers && !arg && this.#status === 200) {
-      return new Response(data, {
-        headers: this.#preparedHeaders
-      });
-    }
-    if (arg && typeof arg !== "number") {
-      const header = new Headers(arg.headers);
-      if (this.#headers) {
-        this.#headers.forEach((v, k) => {
-          if (k === "set-cookie") {
-            header.append(k, v);
-          } else {
-            header.set(k, v);
-          }
-        });
-      }
-      const headers2 = setHeaders(header, this.#preparedHeaders);
-      return new Response(data, {
-        headers: headers2,
-        status: arg.status ?? this.#status
-      });
-    }
-    const status = typeof arg === "number" ? arg : this.#status;
-    this.#preparedHeaders ??= {};
-    this.#headers ??= new Headers();
-    setHeaders(this.#headers, this.#preparedHeaders);
-    if (this.#res) {
-      this.#res.headers.forEach((v, k) => {
-        if (k === "set-cookie") {
-          this.#headers?.append(k, v);
+    const responseHeaders = this.#res ? new Headers(this.#res.headers) : this.#preparedHeaders ?? new Headers();
+    if (typeof arg === "object" && "headers" in arg) {
+      const argHeaders = arg.headers instanceof Headers ? arg.headers : new Headers(arg.headers);
+      for (const [key, value] of argHeaders) {
+        if (key.toLowerCase() === "set-cookie") {
+          responseHeaders.append(key, value);
         } else {
-          this.#headers?.set(k, v);
+          responseHeaders.set(key, value);
         }
-      });
-      setHeaders(this.#headers, this.#preparedHeaders);
+      }
     }
-    headers ??= {};
-    for (const [k, v] of Object.entries(headers)) {
-      if (typeof v === "string") {
-        this.#headers.set(k, v);
-      } else {
-        this.#headers.delete(k);
-        for (const v2 of v) {
-          this.#headers.append(k, v2);
+    if (headers) {
+      for (const [k, v] of Object.entries(headers)) {
+        if (typeof v === "string") {
+          responseHeaders.set(k, v);
+        } else {
+          responseHeaders.delete(k);
+          for (const v2 of v) {
+            responseHeaders.append(k, v2);
+          }
         }
       }
     }
-    return new Response(data, {
-      status,
-      headers: this.#headers
-    });
+    const status = typeof arg === "number" ? arg : arg?.status ?? this.#status;
+    return new Response(data, { status, headers: responseHeaders });
   }
   newResponse = (...args) => this.#newResponse(...args);
-  body = (data, arg, headers) => {
-    return typeof arg === "number" ? this.#newResponse(data, arg, headers) : this.#newResponse(data, arg);
-  };
+  body = (data, arg, headers) => this.#newResponse(data, arg, headers);
   text = (text, arg, headers) => {
-    if (!this.#preparedHeaders) {
-      if (this.#isFresh && !headers && !arg) {
-        return new Response(text);
-      }
-      this.#preparedHeaders = {};
-    }
-    this.#preparedHeaders["content-type"] = TEXT_PLAIN;
-    if (typeof arg === "number") {
-      return this.#newResponse(text, arg, headers);
-    }
-    return this.#newResponse(text, arg);
+    return !this.#preparedHeaders && !this.#status && !arg && !headers && !this.finalized ? new Response(text) : this.#newResponse(
+      text,
+      arg,
+      setDefaultContentType(TEXT_PLAIN, headers)
+    );
   };
   json = (object, arg, headers) => {
-    const body = JSON.stringify(object);
-    this.#preparedHeaders ??= {};
-    this.#preparedHeaders["content-type"] = "application/json";
-    return typeof arg === "number" ? this.#newResponse(body, arg, headers) : this.#newResponse(body, arg);
+    return this.#newResponse(
+      JSON.stringify(object),
+      arg,
+      setDefaultContentType("application/json", headers)
+    );
   };
   html = (html, arg, headers) => {
-    this.#preparedHeaders ??= {};
-    this.#preparedHeaders["content-type"] = "text/html; charset=UTF-8";
-    if (typeof html === "object") {
-      return resolveCallback(html, HtmlEscapedCallbackPhase.Stringify, false, {}).then((html2) => {
-        return typeof arg === "number" ? this.#newResponse(html2, arg, headers) : this.#newResponse(html2, arg);
-      });
-    }
-    return typeof arg === "number" ? this.#newResponse(html, arg, headers) : this.#newResponse(html, arg);
+    const res = (html2) => this.#newResponse(html2, arg, setDefaultContentType("text/html; charset=UTF-8", headers));
+    return typeof html === "object" ? resolveCallback(html, HtmlEscapedCallbackPhase.Stringify, false, {}).then(res) : res(html);
   };
   redirect = (location, status) => {
-    this.#headers ??= new Headers();
-    this.#headers.set("Location", String(location));
+    const locationString = String(location);
+    this.header(
+      "Location",
+      !/[^\x00-\xFF]/.test(locationString) ? locationString : encodeURI(locationString)
+    );
     return this.newResponse(null, status ?? 302);
   };
   notFound = () => {
@@ -683,56 +676,7 @@ var Context = class {
   };
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/compose.js
-var compose = (middleware, onError, onNotFound) => {
-  return (context, next) => {
-    let index = -1;
-    const isContext = context instanceof Context;
-    return dispatch(0);
-    async function dispatch(i) {
-      if (i <= index) {
-        throw new Error("next() called multiple times");
-      }
-      index = i;
-      let res;
-      let isError = false;
-      let handler;
-      if (middleware[i]) {
-        handler = middleware[i][0][0];
-        if (isContext) {
-          context.req.routeIndex = i;
-        }
-      } else {
-        handler = i === middleware.length && next || void 0;
-      }
-      if (!handler) {
-        if (isContext && context.finalized === false && onNotFound) {
-          res = await onNotFound(context);
-        }
-      } else {
-        try {
-          res = await handler(context, () => {
-            return dispatch(i + 1);
-          });
-        } catch (err) {
-          if (err instanceof Error && isContext && onError) {
-            context.error = err;
-            res = await onError(err, context);
-            isError = true;
-          } else {
-            throw err;
-          }
-        }
-      }
-      if (res && (context.finalized === false || isError)) {
-        context.res = res;
-      }
-      return context;
-    }
-  };
-};
-
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/router.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/router.js
 var METHOD_NAME_ALL = "ALL";
 var METHOD_NAME_ALL_LOWERCASE = "all";
 var METHODS = ["get", "post", "put", "delete", "options", "patch"];
@@ -740,16 +684,17 @@ var MESSAGE_MATCHER_IS_ALREADY_BUILT = "Can not add a route since the matcher is
 var UnsupportedPathError = class extends Error {
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/utils/constants.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/utils/constants.js
 var COMPOSED_HANDLER = "__COMPOSED_HANDLER";
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/hono-base.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/hono-base.js
 var notFoundHandler = (c) => {
   return c.text("404 Not Found", 404);
 };
 var errorHandler = (err, c) => {
   if ("getResponse" in err) {
-    return err.getResponse();
+    const res = err.getResponse();
+    return c.newResponse(res.body, res);
   }
   console.error(err);
   return c.text("Internal Server Error", 500);
@@ -807,16 +752,17 @@ var Hono = class {
       });
       return this;
     };
-    const strict = options.strict ?? true;
-    delete options.strict;
-    Object.assign(this, options);
-    this.getPath = strict ? options.getPath ?? getPath : getPathNoStrict;
+    const { strict, ...optionsWithoutStrict } = options;
+    Object.assign(this, optionsWithoutStrict);
+    this.getPath = strict ?? true ? options.getPath ?? getPath : getPathNoStrict;
   }
   #clone() {
     const clone = new Hono({
       router: this.router,
       getPath: this.getPath
     });
+    clone.errorHandler = this.errorHandler;
+    clone.#notFoundHandler = this.#notFoundHandler;
     clone.routes = this.routes;
     return clone;
   }
@@ -857,7 +803,11 @@ var Hono = class {
         optionHandler = options;
       } else {
         optionHandler = options.optionHandler;
-        replaceRequest = options.replaceRequest;
+        if (options.replaceRequest === false) {
+          replaceRequest = (request) => request;
+        } else {
+          replaceRequest = options.replaceRequest;
+        }
       }
     }
     const getOptions = optionHandler ? (c) => {
@@ -893,7 +843,7 @@ var Hono = class {
   #addRoute(method, path, handler) {
     method = method.toUpperCase();
     path = mergePath(this._basePath, path);
-    const r = { path, method, handler };
+    const r = { basePath: this._basePath, path, method, handler };
     this.router.add(method, path, [handler, r]);
     this.routes.push(r);
   }
@@ -968,7 +918,28 @@ var Hono = class {
   };
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/router/reg-exp-router/node.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/router/reg-exp-router/matcher.js
+var emptyParam = [];
+function match(method, path) {
+  const matchers = this.buildAllMatchers();
+  const match2 = (method2, path2) => {
+    const matcher = matchers[method2] || matchers[METHOD_NAME_ALL];
+    const staticMatch = matcher[2][path2];
+    if (staticMatch) {
+      return staticMatch;
+    }
+    const match3 = path2.match(matcher[0]);
+    if (!match3) {
+      return [[], emptyParam];
+    }
+    const index = match3.indexOf("", 1);
+    return [matcher[1][index], match3];
+  };
+  this.match = match2;
+  return match2(method, path);
+}
+
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/router/reg-exp-router/node.js
 var LABEL_REG_EXP_STR = "[^/]+";
 var ONLY_WILDCARD_REG_EXP_STR = ".*";
 var TAIL_WILDCARD_REG_EXP_STR = "(?:|/.*)";
@@ -1015,6 +986,9 @@ var Node = class {
       const name = pattern[1];
       let regexpStr = pattern[2] || LABEL_REG_EXP_STR;
       if (name && pattern[2]) {
+        if (regexpStr === ".*") {
+          throw PATH_ERROR;
+        }
         regexpStr = regexpStr.replace(/^\((?!\?:)(?=[^)]+\)$)/, "(?:");
         if (/\((?!\?:)/.test(regexpStr)) {
           throw PATH_ERROR;
@@ -1073,7 +1047,7 @@ var Node = class {
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/router/reg-exp-router/trie.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/router/reg-exp-router/trie.js
 var Trie = class {
   #context = { varIndex: 0 };
   #root = new Node();
@@ -1129,8 +1103,7 @@ var Trie = class {
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/router/reg-exp-router/router.js
-var emptyParam = [];
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/router/reg-exp-router/router.js
 var nullMatcher = [/^$/, [], /* @__PURE__ */ Object.create(null)];
 var wildcardRegExpCache = /* @__PURE__ */ Object.create(null);
 function buildWildcardRegExp(path) {
@@ -1277,30 +1250,14 @@ var RegExpRouter = class {
       });
     }
   }
-  match(method, path) {
-    clearWildcardRegExpCache();
-    const matchers = this.#buildAllMatchers();
-    this.match = (method2, path2) => {
-      const matcher = matchers[method2] || matchers[METHOD_NAME_ALL];
-      const staticMatch = matcher[2][path2];
-      if (staticMatch) {
-        return staticMatch;
-      }
-      const match = path2.match(matcher[0]);
-      if (!match) {
-        return [[], emptyParam];
-      }
-      const index = match.indexOf("", 1);
-      return [matcher[1][index], match];
-    };
-    return this.match(method, path);
-  }
-  #buildAllMatchers() {
+  match = match;
+  buildAllMatchers() {
     const matchers = /* @__PURE__ */ Object.create(null);
     Object.keys(this.#routes).concat(Object.keys(this.#middleware)).forEach((method) => {
       matchers[method] ||= this.#buildMatcher(method);
     });
     this.#middleware = this.#routes = void 0;
+    clearWildcardRegExpCache();
     return matchers;
   }
   #buildMatcher(method) {
@@ -1325,7 +1282,7 @@ var RegExpRouter = class {
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/router/smart-router/router.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/router/smart-router/router.js
 var SmartRouter = class {
   name = "SmartRouter";
   #routers = [];
@@ -1380,7 +1337,7 @@ var SmartRouter = class {
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/router/trie-router/node.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/router/trie-router/node.js
 var emptyParams = /* @__PURE__ */ Object.create(null);
 var Node2 = class {
   #methods;
@@ -1405,30 +1362,30 @@ var Node2 = class {
     const possibleKeys = [];
     for (let i = 0, len = parts.length; i < len; i++) {
       const p = parts[i];
-      if (Object.keys(curNode.#children).includes(p)) {
-        curNode = curNode.#children[p];
-        const pattern2 = getPattern(p);
-        if (pattern2) {
-          possibleKeys.push(pattern2[1]);
+      const nextP = parts[i + 1];
+      const pattern = getPattern(p, nextP);
+      const key = Array.isArray(pattern) ? pattern[0] : p;
+      if (key in curNode.#children) {
+        curNode = curNode.#children[key];
+        if (pattern) {
+          possibleKeys.push(pattern[1]);
         }
         continue;
       }
-      curNode.#children[p] = new Node2();
-      const pattern = getPattern(p);
+      curNode.#children[key] = new Node2();
       if (pattern) {
         curNode.#patterns.push(pattern);
         possibleKeys.push(pattern[1]);
       }
-      curNode = curNode.#children[p];
+      curNode = curNode.#children[key];
     }
-    const m = /* @__PURE__ */ Object.create(null);
-    const handlerSet = {
-      handler,
-      possibleKeys: possibleKeys.filter((v, i, a) => a.indexOf(v) === i),
-      score: this.#order
-    };
-    m[method] = handlerSet;
-    curNode.#methods.push(m);
+    curNode.#methods.push({
+      [method]: {
+        handler,
+        possibleKeys: possibleKeys.filter((v, i, a) => a.indexOf(v) === i),
+        score: this.#order
+      }
+    });
     return curNode;
   }
   #getHandlerSets(node, method, nodeParams, params) {
@@ -1458,6 +1415,7 @@ var Node2 = class {
     const curNode = this;
     let curNodes = [curNode];
     const parts = splitPath(path);
+    const curNodesQueue = [];
     for (let i = 0, len = parts.length; i < len; i++) {
       const part = parts[i];
       const isLast = i === len - 1;
@@ -1485,20 +1443,30 @@ var Node2 = class {
             const astNode = node.#children["*"];
             if (astNode) {
               handlerSets.push(...this.#getHandlerSets(astNode, method, node.#params));
+              astNode.#params = params;
               tempNodes.push(astNode);
             }
             continue;
           }
-          if (part === "") {
+          const [key, name, matcher] = pattern;
+          if (!part && !(matcher instanceof RegExp)) {
             continue;
           }
-          const [key, name, matcher] = pattern;
           const child = node.#children[key];
           const restPathString = parts.slice(i).join("/");
-          if (matcher instanceof RegExp && matcher.test(restPathString)) {
-            params[name] = restPathString;
-            handlerSets.push(...this.#getHandlerSets(child, method, node.#params, params));
-            continue;
+          if (matcher instanceof RegExp) {
+            const m = matcher.exec(restPathString);
+            if (m) {
+              params[name] = m[0];
+              handlerSets.push(...this.#getHandlerSets(child, method, node.#params, params));
+              if (Object.keys(child.#children).length) {
+                child.#params = params;
+                const componentCount = m[0].match(/\//)?.length ?? 0;
+                const targetCurNodes = curNodesQueue[componentCount] ||= [];
+                targetCurNodes.push(child);
+              }
+              continue;
+            }
           }
           if (matcher === true || matcher.test(part)) {
             params[name] = part;
@@ -1516,7 +1484,7 @@ var Node2 = class {
           }
         }
       }
-      curNodes = tempNodes;
+      curNodes = tempNodes.concat(curNodesQueue.shift() ?? []);
     }
     if (handlerSets.length > 1) {
       handlerSets.sort((a, b) => {
@@ -1527,7 +1495,7 @@ var Node2 = class {
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/router/trie-router/router.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/router/trie-router/router.js
 var TrieRouter = class {
   name = "TrieRouter";
   #node;
@@ -1549,7 +1517,7 @@ var TrieRouter = class {
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/hono.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/hono.js
 var Hono2 = class extends Hono {
   constructor(options = {}) {
     super(options);
@@ -1559,30 +1527,7 @@ var Hono2 = class extends Hono {
   }
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/http-exception.js
-var HTTPException = class extends Error {
-  res;
-  status;
-  constructor(status = 500, options) {
-    super(options?.message, { cause: options?.cause });
-    this.res = options?.res;
-    this.status = status;
-  }
-  getResponse() {
-    if (this.res) {
-      const newResponse = new Response(this.res.body, {
-        status: this.status,
-        headers: this.res.headers
-      });
-      return newResponse;
-    }
-    return new Response(this.message, {
-      status: this.status
-    });
-  }
-};
-
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/utils/encode.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/utils/encode.js
 var decodeBase64 = (str) => {
   const binary = atob(str);
   const bytes = new Uint8Array(new ArrayBuffer(binary.length));
@@ -1594,18 +1539,18 @@ var decodeBase64 = (str) => {
   return bytes;
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/utils/basic-auth.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/utils/basic-auth.js
 var CREDENTIALS_REGEXP = /^ *(?:[Bb][Aa][Ss][Ii][Cc]) +([A-Za-z0-9._~+/-]+=*) *$/;
 var USER_PASS_REGEXP = /^([^:]*):(.*)$/;
 var utf8Decoder = new TextDecoder();
 var auth = (req) => {
-  const match = CREDENTIALS_REGEXP.exec(req.headers.get("Authorization") || "");
-  if (!match) {
+  const match2 = CREDENTIALS_REGEXP.exec(req.headers.get("Authorization") || "");
+  if (!match2) {
     return void 0;
   }
   let userPass = void 0;
   try {
-    userPass = USER_PASS_REGEXP.exec(utf8Decoder.decode(decodeBase64(match[1])));
+    userPass = USER_PASS_REGEXP.exec(utf8Decoder.decode(decodeBase64(match2[1])));
   } catch {
   }
   if (!userPass) {
@@ -1614,7 +1559,7 @@ var auth = (req) => {
   return { username: userPass[1], password: userPass[2] };
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/utils/crypto.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/utils/crypto.js
 var sha256 = async (data) => {
   const algorithm = { name: "SHA-256", alias: "sha256" };
   const hash = await createHash(data, algorithm);
@@ -1643,7 +1588,7 @@ var createHash = async (data, algorithm) => {
   return null;
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/utils/buffer.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/utils/buffer.js
 var timingSafeEqual = async (a, b, hashFunction) => {
   if (!hashFunction) {
     hashFunction = sha256;
@@ -1655,7 +1600,7 @@ var timingSafeEqual = async (a, b, hashFunction) => {
   return sa === sb && a === b;
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/middleware/basic-auth/index.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/middleware/basic-auth/index.js
 var basicAuth = (options, ...users) => {
   const usernamePasswordInOptions = "username" in options && "password" in options;
   const verifyUserInOptions = "verifyUser" in options;
@@ -1710,7 +1655,7 @@ var basicAuth = (options, ...users) => {
   };
 };
 
-// ../../node_modules/.pnpm/hono@4.6.15/node_modules/hono/dist/middleware/cors/index.js
+// ../../node_modules/.pnpm/hono@4.10.7/node_modules/hono/dist/middleware/cors/index.js
 var cors = (options) => {
   const defaults = {
     origin: "*",
@@ -1735,22 +1680,23 @@ var cors = (options) => {
       return (origin) => optsOrigin.includes(origin) ? origin : null;
     }
   })(opts.origin);
+  const findAllowMethods = ((optsAllowMethods) => {
+    if (typeof optsAllowMethods === "function") {
+      return optsAllowMethods;
+    } else if (Array.isArray(optsAllowMethods)) {
+      return () => optsAllowMethods;
+    } else {
+      return () => [];
+    }
+  })(opts.allowMethods);
   return async function cors2(c, next) {
     function set(key, value) {
       c.res.headers.set(key, value);
     }
-    const allowOrigin = findAllowOrigin(c.req.header("origin") || "", c);
+    const allowOrigin = await findAllowOrigin(c.req.header("origin") || "", c);
     if (allowOrigin) {
       set("Access-Control-Allow-Origin", allowOrigin);
     }
-    if (opts.origin !== "*") {
-      const existingVary = c.req.header("Vary");
-      if (existingVary) {
-        set("Vary", existingVary);
-      } else {
-        set("Vary", "Origin");
-      }
-    }
     if (opts.credentials) {
       set("Access-Control-Allow-Credentials", "true");
     }
@@ -1758,11 +1704,15 @@ var cors = (options) => {
       set("Access-Control-Expose-Headers", opts.exposeHeaders.join(","));
     }
     if (c.req.method === "OPTIONS") {
+      if (opts.origin !== "*") {
+        set("Vary", "Origin");
+      }
       if (opts.maxAge != null) {
         set("Access-Control-Max-Age", opts.maxAge.toString());
       }
-      if (opts.allowMethods?.length) {
-        set("Access-Control-Allow-Methods", opts.allowMethods.join(","));
+      const allowMethods = await findAllowMethods(c.req.header("origin") || "", c);
+      if (allowMethods.length) {
+        set("Access-Control-Allow-Methods", allowMethods.join(","));
       }
       let headers = opts.allowHeaders;
       if (!headers?.length) {
@@ -1784,11 +1734,14 @@ var cors = (options) => {
       });
     }
     await next();
+    if (opts.origin !== "*") {
+      c.header("Vary", "Origin", { append: true });
+    }
   };
 };
 
 // src/index.ts
-import { z as z13 } from "zod";
+import { z as z17 } from "zod";
 
 // src/foundation/middlewares/readonly.ts
 async function readOnlyMiddleware(c, next) {
@@ -1811,7 +1764,7 @@ async function readOnlyMiddleware(c, next) {
 }
 
 // package.json
-var version = "1.1.9";
+var version = "1.1.11";
 
 // src/foundation/settings.ts
 var settings = {
@@ -1856,23 +1809,135 @@ var CreateFolder = class extends OpenAPIRoute {
   }
 };
 
-// src/modules/buckets/deleteObject.ts
+// src/modules/buckets/createShareLink.ts
 import { OpenAPIRoute as OpenAPIRoute2 } from "chanfana";
 import { z as z2 } from "zod";
-var DeleteObject = class extends OpenAPIRoute2 {
+var CreateShareLink = class extends OpenAPIRoute2 {
   schema = {
-    operationId: "post-bucket-delete-object",
+    operationId: "post-bucket-create-share-link",
     tags: ["Buckets"],
-    summary: "Delete object",
+    summary: "Create shareable link for file",
     request: {
       params: z2.object({
-        bucket: z2.string()
+        bucket: z2.string(),
+        key: z2.string()
       }),
       body: {
         content: {
           "application/json": {
             schema: z2.object({
-              key: z2.string().describe("base64 encoded file key")
+              expiresIn: z2.number().optional().describe("Expiration time in seconds"),
+              password: z2.string().optional().describe("Optional password"),
+              maxDownloads: z2.number().optional().describe("Maximum downloads")
+            })
+          }
+        }
+      }
+    },
+    responses: {
+      "200": {
+        description: "Share link created successfully",
+        content: {
+          "application/json": {
+            schema: z2.object({
+              shareId: z2.string(),
+              shareUrl: z2.string(),
+              expiresAt: z2.number().optional()
+            })
+          }
+        }
+      }
+    }
+  };
+  async handle(c) {
+    const data = await this.getValidatedData();
+    const bucketName = data.params.bucket;
+    const bucket = c.env[bucketName];
+    if (!bucket) {
+      throw new HTTPException(500, {
+        message: `Bucket binding not found: ${bucketName}`
+      });
+    }
+    const key = decodeURIComponent(escape(atob(data.params.key)));
+    const fileExists = await bucket.head(key);
+    if (!fileExists) {
+      throw new HTTPException(404, {
+        message: `File not found: ${key}`
+      });
+    }
+    let shareId = "";
+    let attempts = 0;
+    const maxAttempts = 5;
+    while (attempts < maxAttempts) {
+      shareId = crypto.randomUUID().replace(/-/g, "").substring(0, 10);
+      const existingShare = await bucket.head(
+        `.r2-explorer/sharable-links/${shareId}.json`
+      );
+      if (!existingShare) {
+        break;
+      }
+      attempts++;
+    }
+    if (attempts === maxAttempts) {
+      throw new HTTPException(500, {
+        message: "Failed to generate unique share ID"
+      });
+    }
+    let passwordHash;
+    if (data.body.password) {
+      const encoder = new TextEncoder();
+      const passwordData = encoder.encode(data.body.password);
+      const hashBuffer = await crypto.subtle.digest("SHA-256", passwordData);
+      passwordHash = Array.from(new Uint8Array(hashBuffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+    }
+    const expiresAt = data.body.expiresIn ? Date.now() + data.body.expiresIn * 1e3 : void 0;
+    const shareMetadata = {
+      bucket: bucketName,
+      key,
+      expiresAt,
+      passwordHash,
+      maxDownloads: data.body.maxDownloads,
+      currentDownloads: 0,
+      createdBy: c.get("authentication_username") || "anonymous",
+      createdAt: Date.now()
+    };
+    await bucket.put(
+      `.r2-explorer/sharable-links/${shareId}.json`,
+      JSON.stringify(shareMetadata),
+      {
+        httpMetadata: { contentType: "application/json" },
+        customMetadata: {
+          targetBucket: bucketName,
+          targetKey: key
+        }
+      }
+    );
+    const shareUrl = `${new URL(c.req.url).origin}/share/${shareId}`;
+    return c.json({
+      shareId,
+      shareUrl,
+      expiresAt
+    });
+  }
+};
+
+// src/modules/buckets/deleteObject.ts
+import { OpenAPIRoute as OpenAPIRoute3 } from "chanfana";
+import { z as z3 } from "zod";
+var DeleteObject = class extends OpenAPIRoute3 {
+  schema = {
+    operationId: "post-bucket-delete-object",
+    tags: ["Buckets"],
+    summary: "Delete object",
+    request: {
+      params: z3.object({
+        bucket: z3.string()
+      }),
+      body: {
+        content: {
+          "application/json": {
+            schema: z3.object({
+              key: z3.string().describe("base64 encoded file key")
             })
           }
         }
@@ -1894,24 +1959,73 @@ var DeleteObject = class extends OpenAPIRoute2 {
   }
 };
 
+// src/modules/buckets/deleteShareLink.ts
+import { OpenAPIRoute as OpenAPIRoute4 } from "chanfana";
+import { z as z4 } from "zod";
+var DeleteShareLink = class extends OpenAPIRoute4 {
+  schema = {
+    operationId: "delete-bucket-share-link",
+    tags: ["Buckets"],
+    summary: "Revoke/delete a share link",
+    request: {
+      params: z4.object({
+        bucket: z4.string(),
+        shareId: z4.string().describe("10-character share ID")
+      })
+    },
+    responses: {
+      "200": {
+        description: "Share link deleted successfully",
+        content: {
+          "application/json": {
+            schema: z4.object({
+              success: z4.boolean()
+            })
+          }
+        }
+      }
+    }
+  };
+  async handle(c) {
+    const data = await this.getValidatedData();
+    const bucketName = data.params.bucket;
+    const bucket = c.env[bucketName];
+    if (!bucket) {
+      throw new HTTPException(500, {
+        message: `Bucket binding not found: ${bucketName}`
+      });
+    }
+    const shareId = data.params.shareId;
+    const shareKey = `.r2-explorer/sharable-links/${shareId}.json`;
+    const shareExists = await bucket.head(shareKey);
+    if (!shareExists) {
+      throw new HTTPException(404, {
+        message: `Share link not found: ${shareId}`
+      });
+    }
+    await bucket.delete(shareKey);
+    return c.json({ success: true });
+  }
+};
+
 // src/modules/buckets/getObject.ts
-import { OpenAPIRoute as OpenAPIRoute3 } from "chanfana";
-import { z as z3 } from "zod";
-var GetObject = class extends OpenAPIRoute3 {
+import { OpenAPIRoute as OpenAPIRoute5 } from "chanfana";
+import { z as z5 } from "zod";
+var GetObject = class extends OpenAPIRoute5 {
   schema = {
     operationId: "get-bucket-object",
     tags: ["Buckets"],
     summary: "Get Object",
     request: {
-      params: z3.object({
-        bucket: z3.string(),
-        key: z3.string().describe("base64 encoded file key")
+      params: z5.object({
+        bucket: z5.string(),
+        key: z5.string().describe("base64 encoded file key")
       })
     },
     responses: {
       "200": {
         description: "File binary",
-        schema: z3.string().openapi({ format: "binary" })
+        schema: z5.string().openapi({ format: "binary" })
       }
     }
   };
@@ -1927,10 +2041,14 @@ var GetObject = class extends OpenAPIRoute3 {
     let filePath;
     try {
       filePath = decodeURIComponent(escape(atob(data.params.key)));
-    } catch (e) {
-      filePath = decodeURIComponent(
-        escape(atob(decodeURIComponent(data.params.key)))
-      );
+    } catch {
+      try {
+        filePath = decodeURIComponent(
+          escape(atob(decodeURIComponent(data.params.key)))
+        );
+      } catch {
+        filePath = escape(atob(decodeURIComponent(data.params.key)));
+      }
     }
     const object = await bucket.get(filePath);
     if (object === null) {
@@ -1939,6 +2057,7 @@ var GetObject = class extends OpenAPIRoute3 {
     const headers = new Headers();
     object.writeHttpMetadata(headers);
     headers.set("etag", object.httpEtag);
+    headers.set("content-length", object.size.toString());
     headers.set(
       "Content-Disposition",
       `attachment; filename="${filePath.split("/").pop()}"`
@@ -1949,18 +2068,137 @@ var GetObject = class extends OpenAPIRoute3 {
   }
 };
 
+// src/modules/buckets/getShareLink.ts
+import { OpenAPIRoute as OpenAPIRoute6 } from "chanfana";
+import { z as z6 } from "zod";
+var GetShareLink = class extends OpenAPIRoute6 {
+  schema = {
+    operationId: "get-share-link",
+    tags: ["Sharing"],
+    summary: "Access shared file",
+    security: [],
+    // Public endpoint - no auth required
+    request: {
+      params: z6.object({
+        shareId: z6.string().describe("10-character share ID")
+      }),
+      query: z6.object({
+        password: z6.string().optional().describe("Password for protected shares")
+      })
+    },
+    responses: {
+      "200": {
+        description: "File retrieved successfully"
+      },
+      "401": {
+        description: "Password required or incorrect"
+      },
+      "404": {
+        description: "Share link not found"
+      },
+      "410": {
+        description: "Share link expired"
+      },
+      "403": {
+        description: "Download limit reached"
+      }
+    }
+  };
+  async handle(c) {
+    const data = await this.getValidatedData();
+    const shareId = data.params.shareId;
+    let shareMetadata = null;
+    let bucket = null;
+    for (const key in c.env) {
+      if (key === "ASSETS") continue;
+      const currentBucket = c.env[key];
+      if (!currentBucket.get || typeof currentBucket.get !== "function") {
+        continue;
+      }
+      const shareObject = await currentBucket.get(
+        `.r2-explorer/sharable-links/${shareId}.json`
+      );
+      if (shareObject) {
+        shareMetadata = JSON.parse(await shareObject.text());
+        bucket = currentBucket;
+        break;
+      }
+    }
+    if (!shareMetadata || !bucket) {
+      throw new HTTPException(404, {
+        message: "Share link not found"
+      });
+    }
+    if (shareMetadata.expiresAt && Date.now() > shareMetadata.expiresAt) {
+      throw new HTTPException(410, {
+        message: "Share link expired"
+      });
+    }
+    if (shareMetadata.maxDownloads && shareMetadata.currentDownloads >= shareMetadata.maxDownloads) {
+      throw new HTTPException(403, {
+        message: "Download limit reached"
+      });
+    }
+    if (shareMetadata.passwordHash) {
+      if (!data.query.password) {
+        throw new HTTPException(401, {
+          message: "Password required"
+        });
+      }
+      const encoder = new TextEncoder();
+      const passwordData = encoder.encode(data.query.password);
+      const hashBuffer = await crypto.subtle.digest("SHA-256", passwordData);
+      const providedHash = Array.from(new Uint8Array(hashBuffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+      if (providedHash !== shareMetadata.passwordHash) {
+        throw new HTTPException(401, {
+          message: "Incorrect password"
+        });
+      }
+    }
+    shareMetadata.currentDownloads++;
+    await bucket.put(
+      `.r2-explorer/sharable-links/${shareId}.json`,
+      JSON.stringify(shareMetadata),
+      {
+        httpMetadata: { contentType: "application/json" },
+        customMetadata: {
+          targetBucket: shareMetadata.bucket,
+          targetKey: shareMetadata.key
+        }
+      }
+    );
+    const file = await bucket.get(shareMetadata.key);
+    if (!file) {
+      throw new HTTPException(404, {
+        message: "Shared file not found"
+      });
+    }
+    const headers = new Headers();
+    file.writeHttpMetadata(headers);
+    headers.set("etag", file.httpEtag);
+    const fileName = shareMetadata.key.split("/").pop() || "download";
+    headers.set(
+      "Content-Disposition",
+      `attachment; filename="${encodeURIComponent(fileName)}"`
+    );
+    return new Response(file.body, {
+      headers
+    });
+  }
+};
+
 // src/modules/buckets/headObject.ts
-import { OpenAPIRoute as OpenAPIRoute4 } from "chanfana";
-import { z as z4 } from "zod";
-var HeadObject = class extends OpenAPIRoute4 {
+import { OpenAPIRoute as OpenAPIRoute7 } from "chanfana";
+import { z as z7 } from "zod";
+var HeadObject = class extends OpenAPIRoute7 {
   schema = {
     operationId: "Head-bucket-object",
     tags: ["Buckets"],
     summary: "Get Object",
     request: {
-      params: z4.object({
-        bucket: z4.string(),
-        key: z4.string().describe("base64 encoded file key")
+      params: z7.object({
+        bucket: z7.string(),
+        key: z7.string().describe("base64 encoded file key")
       })
     }
   };
@@ -1990,24 +2228,24 @@ var HeadObject = class extends OpenAPIRoute4 {
 };
 
 // src/modules/buckets/listObjects.ts
-import { OpenAPIRoute as OpenAPIRoute5 } from "chanfana";
-import { z as z5 } from "zod";
-var ListObjects = class extends OpenAPIRoute5 {
+import { OpenAPIRoute as OpenAPIRoute8 } from "chanfana";
+import { z as z8 } from "zod";
+var ListObjects = class extends OpenAPIRoute8 {
   schema = {
     operationId: "get-bucket-list-objects",
     tags: ["Buckets"],
     summary: "List objects",
     request: {
-      params: z5.object({
-        bucket: z5.string()
+      params: z8.object({
+        bucket: z8.string()
       }),
-      query: z5.object({
-        limit: z5.number().optional(),
-        prefix: z5.string().nullable().optional().describe("base64 encoded prefix"),
-        cursor: z5.string().nullable().optional(),
-        delimiter: z5.string().nullable().optional(),
-        startAfter: z5.string().nullable().optional(),
-        include: z5.enum(["httpMetadata", "customMetadata"]).array().optional()
+      query: z8.object({
+        limit: z8.number().optional(),
+        prefix: z8.string().nullable().optional().describe("base64 encoded prefix"),
+        cursor: z8.string().nullable().optional(),
+        delimiter: z8.string().nullable().optional(),
+        startAfter: z8.string().nullable().optional(),
+        include: z8.enum(["httpMetadata", "customMetadata"]).array().optional()
       })
     }
   };
@@ -2033,24 +2271,102 @@ var ListObjects = class extends OpenAPIRoute5 {
   }
 };
 
+// src/modules/buckets/listShares.ts
+import { OpenAPIRoute as OpenAPIRoute9 } from "chanfana";
+import { z as z9 } from "zod";
+var ListShares = class extends OpenAPIRoute9 {
+  schema = {
+    operationId: "get-bucket-shares",
+    tags: ["Buckets"],
+    summary: "List all active shares in bucket",
+    request: {
+      params: z9.object({
+        bucket: z9.string()
+      })
+    },
+    responses: {
+      "200": {
+        description: "List of active shares",
+        content: {
+          "application/json": {
+            schema: z9.object({
+              shares: z9.array(
+                z9.object({
+                  shareId: z9.string(),
+                  shareUrl: z9.string(),
+                  key: z9.string(),
+                  expiresAt: z9.number().optional(),
+                  maxDownloads: z9.number().optional(),
+                  currentDownloads: z9.number(),
+                  createdBy: z9.string(),
+                  createdAt: z9.number(),
+                  isExpired: z9.boolean(),
+                  hasPassword: z9.boolean()
+                })
+              )
+            })
+          }
+        }
+      }
+    }
+  };
+  async handle(c) {
+    const data = await this.getValidatedData();
+    const bucketName = data.params.bucket;
+    const bucket = c.env[bucketName];
+    if (!bucket) {
+      throw new HTTPException(500, {
+        message: `Bucket binding not found: ${bucketName}`
+      });
+    }
+    const sharesList = await bucket.list({
+      prefix: ".r2-explorer/sharable-links/"
+    });
+    const shares = [];
+    const now = Date.now();
+    const origin = new URL(c.req.url).origin;
+    for (const obj of sharesList.objects) {
+      const shareId = obj.key.split("/").pop()?.replace(".json", "");
+      if (!shareId) continue;
+      const shareObject = await bucket.get(obj.key);
+      if (!shareObject) continue;
+      const metadata = JSON.parse(await shareObject.text());
+      const isExpired = !!(metadata.expiresAt && now > metadata.expiresAt);
+      shares.push({
+        shareId,
+        shareUrl: `${origin}/share/${shareId}`,
+        key: metadata.key,
+        expiresAt: metadata.expiresAt,
+        maxDownloads: metadata.maxDownloads,
+        currentDownloads: metadata.currentDownloads || 0,
+        createdBy: metadata.createdBy,
+        createdAt: metadata.createdAt,
+        isExpired,
+        hasPassword: !!metadata.passwordHash
+      });
+    }
+    return c.json({ shares });
+  }
+};
+
 // src/modules/buckets/moveObject.ts
-import { OpenAPIRoute as OpenAPIRoute6 } from "chanfana";
-import { z as z6 } from "zod";
-var MoveObject = class extends OpenAPIRoute6 {
+import { OpenAPIRoute as OpenAPIRoute10 } from "chanfana";
+import { z as z10 } from "zod";
+var MoveObject = class extends OpenAPIRoute10 {
   schema = {
     operationId: "post-bucket-move-object",
     tags: ["Buckets"],
     summary: "Move object",
     request: {
-      params: z6.object({
-        bucket: z6.string()
+      params: z10.object({
+        bucket: z10.string()
       }),
       body: {
         content: {
           "application/json": {
-            schema: z6.object({
-              oldKey: z6.string().describe("base64 encoded file key"),
-              newKey: z6.string().describe("base64 encoded file key")
+            schema: z10.object({
+              oldKey: z10.string().describe("base64 encoded file key"),
+              newKey: z10.string().describe("base64 encoded file key")
             })
           }
         }
@@ -2084,27 +2400,27 @@ var MoveObject = class extends OpenAPIRoute6 {
 };
 
 // src/modules/buckets/multipart/completeUpload.ts
-import { OpenAPIRoute as OpenAPIRoute7 } from "chanfana";
-import { z as z7 } from "zod";
-var CompleteUpload = class extends OpenAPIRoute7 {
+import { OpenAPIRoute as OpenAPIRoute11 } from "chanfana";
+import { z as z11 } from "zod";
+var CompleteUpload = class extends OpenAPIRoute11 {
   schema = {
     operationId: "post-multipart-complete-upload",
     tags: ["Multipart"],
     summary: "Complete upload",
     request: {
-      params: z7.object({
-        bucket: z7.string()
+      params: z11.object({
+        bucket: z11.string()
       }),
       body: {
         content: {
           "application/json": {
-            schema: z7.object({
-              uploadId: z7.string(),
-              parts: z7.object({
-                etag: z7.string(),
-                partNumber: z7.number().int()
+            schema: z11.object({
+              uploadId: z11.string(),
+              parts: z11.object({
+                etag: z11.string(),
+                partNumber: z11.number().int()
               }).array(),
-              key: z7.string().describe("base64 encoded file key")
+              key: z11.string().describe("base64 encoded file key")
             })
           }
         }
@@ -2114,6 +2430,12 @@ var CompleteUpload = class extends OpenAPIRoute7 {
   async handle(c) {
     const data = await this.getValidatedData();
     const bucket = c.env[data.params.bucket];
+    if (!bucket || typeof bucket !== "object" || !("resumeMultipartUpload" in bucket)) {
+      return Response.json(
+        { error: `Bucket binding not found: ${data.params.bucket}` },
+        { status: 500 }
+      );
+    }
     const uploadId = data.body.uploadId;
     const key = decodeURIComponent(escape(atob(data.body.key)));
     const parts = data.body.parts;
@@ -2131,27 +2453,33 @@ var CompleteUpload = class extends OpenAPIRoute7 {
 };
 
 // src/modules/buckets/multipart/createUpload.ts
-import { OpenAPIRoute as OpenAPIRoute8 } from "chanfana";
-import { z as z8 } from "zod";
-var CreateUpload = class extends OpenAPIRoute8 {
+import { OpenAPIRoute as OpenAPIRoute12 } from "chanfana";
+import { z as z12 } from "zod";
+var CreateUpload = class extends OpenAPIRoute12 {
   schema = {
     operationId: "post-multipart-create-upload",
     tags: ["Multipart"],
     summary: "Create upload",
     request: {
-      params: z8.object({
-        bucket: z8.string()
+      params: z12.object({
+        bucket: z12.string()
       }),
-      query: z8.object({
-        key: z8.string().describe("base64 encoded file key"),
-        customMetadata: z8.string().nullable().optional().describe("base64 encoded json string"),
-        httpMetadata: z8.string().nullable().optional().describe("base64 encoded json string")
+      query: z12.object({
+        key: z12.string().describe("base64 encoded file key"),
+        customMetadata: z12.string().nullable().optional().describe("base64 encoded json string"),
+        httpMetadata: z12.string().nullable().optional().describe("base64 encoded json string")
       })
     }
   };
   async handle(c) {
     const data = await this.getValidatedData();
     const bucket = c.env[data.params.bucket];
+    if (!bucket || typeof bucket !== "object" || !("createMultipartUpload" in bucket)) {
+      return Response.json(
+        { error: `Bucket binding not found: ${data.params.bucket}` },
+        { status: 500 }
+      );
+    }
     const key = decodeURIComponent(escape(atob(data.query.key)));
     let customMetadata = void 0;
     if (data.query.customMetadata) {
@@ -2173,9 +2501,9 @@ var CreateUpload = class extends OpenAPIRoute8 {
 };
 
 // src/modules/buckets/multipart/partUpload.ts
-import { OpenAPIRoute as OpenAPIRoute9 } from "chanfana";
-import { z as z9 } from "zod";
-var PartUpload = class extends OpenAPIRoute9 {
+import { OpenAPIRoute as OpenAPIRoute13 } from "chanfana";
+import { z as z13 } from "zod";
+var PartUpload = class extends OpenAPIRoute13 {
   schema = {
     operationId: "post-multipart-part-upload",
     tags: ["Multipart"],
@@ -2184,26 +2512,32 @@ var PartUpload = class extends OpenAPIRoute9 {
       body: {
         content: {
           "application/octet-stream": {
-            schema: z9.object({}).openapi({
+            schema: z13.object({}).openapi({
               type: "string",
               format: "binary"
             })
           }
         }
       },
-      params: z9.object({
-        bucket: z9.string()
+      params: z13.object({
+        bucket: z13.string()
       }),
-      query: z9.object({
-        key: z9.string().describe("base64 encoded file key"),
-        uploadId: z9.string(),
-        partNumber: z9.number().int()
+      query: z13.object({
+        key: z13.string().describe("base64 encoded file key"),
+        uploadId: z13.string(),
+        partNumber: z13.number().int()
       })
     }
   };
   async handle(c) {
     const data = await this.getValidatedData();
     const bucket = c.env[data.params.bucket];
+    if (!bucket || typeof bucket !== "object" || !("resumeMultipartUpload" in bucket)) {
+      return Response.json(
+        { error: `Bucket binding not found: ${data.params.bucket}` },
+        { status: 500 }
+      );
+    }
     const key = decodeURIComponent(escape(atob(data.query.key)));
     const multipartUpload = bucket.resumeMultipartUpload(
       key,
@@ -2221,24 +2555,24 @@ var PartUpload = class extends OpenAPIRoute9 {
 };
 
 // src/modules/buckets/putMetadata.ts
-import { OpenAPIRoute as OpenAPIRoute10 } from "chanfana";
-import { z as z10 } from "zod";
-var PutMetadata = class extends OpenAPIRoute10 {
+import { OpenAPIRoute as OpenAPIRoute14 } from "chanfana";
+import { z as z14 } from "zod";
+var PutMetadata = class extends OpenAPIRoute14 {
   schema = {
     operationId: "post-bucket-put-object-metadata",
     tags: ["Buckets"],
     summary: "Update object metadata",
     request: {
-      params: z10.object({
-        bucket: z10.string(),
-        key: z10.string().describe("base64 encoded file key")
+      params: z14.object({
+        bucket: z14.string(),
+        key: z14.string().describe("base64 encoded file key")
       }),
       body: {
         content: {
           "application/json": {
-            schema: z10.object({
-              customMetadata: z10.record(z10.string(), z10.any()),
-              httpMetadata: z10.record(z10.string(), z10.any())
+            schema: z14.object({
+              customMetadata: z14.record(z14.string(), z14.any()),
+              httpMetadata: z14.record(z14.string(), z14.any())
             }).openapi("Object metadata")
           }
         }
@@ -2274,9 +2608,9 @@ var PutMetadata = class extends OpenAPIRoute10 {
 };
 
 // src/modules/buckets/putObject.ts
-import { OpenAPIRoute as OpenAPIRoute11 } from "chanfana";
-import { z as z11 } from "zod";
-var PutObject = class extends OpenAPIRoute11 {
+import { OpenAPIRoute as OpenAPIRoute15 } from "chanfana";
+import { z as z15 } from "zod";
+var PutObject = class extends OpenAPIRoute15 {
   schema = {
     operationId: "post-bucket-upload-object",
     tags: ["Buckets"],
@@ -2285,20 +2619,20 @@ var PutObject = class extends OpenAPIRoute11 {
       body: {
         content: {
           "application/octet-stream": {
-            schema: z11.object({}).openapi({
+            schema: z15.object({}).openapi({
               type: "string",
               format: "binary"
             })
           }
         }
       },
-      params: z11.object({
-        bucket: z11.string()
+      params: z15.object({
+        bucket: z15.string()
       }),
-      query: z11.object({
-        key: z11.string().describe("base64 encoded file key"),
-        customMetadata: z11.string().nullable().optional().describe("base64 encoded json string"),
-        httpMetadata: z11.string().nullable().optional().describe("base64 encoded json string")
+      query: z15.object({
+        key: z15.string().describe("base64 encoded file key"),
+        customMetadata: z15.string().nullable().optional().describe("base64 encoded json string"),
+        httpMetadata: z15.string().nullable().optional().describe("base64 encoded json string")
       })
     }
   };
@@ -2383,7 +2717,7 @@ async function streamToArrayBuffer(stream, streamSize) {
 }
 async function receiveEmail(event, env, ctx, config) {
   let bucket;
-  if (config?.emailRouting?.targetBucket && env[config.emailRouting.targetBucket]) {
+  if (config?.emailRouting && typeof config.emailRouting === "object" && config.emailRouting.targetBucket && env[config.emailRouting.targetBucket]) {
     bucket = env[config.emailRouting.targetBucket];
   }
   if (!bucket) {
@@ -2423,9 +2757,9 @@ async function receiveEmail(event, env, ctx, config) {
 }
 
 // src/modules/emails/sendEmail.ts
-import { OpenAPIRoute as OpenAPIRoute12, Str } from "chanfana";
-import { z as z12 } from "zod";
-var SendEmail = class extends OpenAPIRoute12 {
+import { OpenAPIRoute as OpenAPIRoute16, Str } from "chanfana";
+import { z as z16 } from "zod";
+var SendEmail = class extends OpenAPIRoute16 {
   schema = {
     operationId: "post-email-send",
     tags: ["Emails"],
@@ -2434,17 +2768,17 @@ var SendEmail = class extends OpenAPIRoute12 {
       body: {
         content: {
           "application/json": {
-            schema: z12.object({
+            schema: z16.object({
               subject: Str({ example: "Look! No servers" }),
-              from: z12.object({
+              from: z16.object({
                 email: Str({ example: "sender@example.com" }),
                 name: Str({ example: "Workers - MailChannels integration" })
               }),
-              to: z12.object({
+              to: z16.object({
                 email: Str({ example: "test@example.com" }),
                 name: Str({ example: "Test Recipient" })
               }).array(),
-              content: z12.object({}).catchall(z12.string())
+              content: z16.object({}).catchall(z16.string())
             })
           }
         }
@@ -2462,8 +2796,8 @@ var SendEmail = class extends OpenAPIRoute12 {
 };
 
 // src/modules/server/getInfo.ts
-import { OpenAPIRoute as OpenAPIRoute13 } from "chanfana";
-var GetInfo = class extends OpenAPIRoute13 {
+import { OpenAPIRoute as OpenAPIRoute17 } from "chanfana";
+var GetInfo = class extends OpenAPIRoute17 {
   schema = {
     operationId: "get-server-info",
     tags: ["Server"],
@@ -2473,7 +2807,7 @@ var GetInfo = class extends OpenAPIRoute13 {
     const { basicAuth: basicAuth2, ...config } = c.get("config");
     const buckets = [];
     for (const [key, value] of Object.entries(c.env)) {
-      if (value.get && value.put && value.get.toString().includes("function") && value.put.toString().includes("function")) {
+      if (value && typeof value === "object" && "get" in value && "put" in value && "list" in value && typeof value.get === "function" && typeof value.put === "function" && typeof value.list === "function") {
         buckets.push({ name: key });
       }
     }
@@ -2491,7 +2825,7 @@ var GetInfo = class extends OpenAPIRoute13 {
 
 // src/index.ts
 function R2Explorer(config) {
-  extendZodWithOpenApi(z13);
+  extendZodWithOpenApi(z17);
   config = config || {};
   if (config.readonly !== false) config.readonly = true;
   const openapiSchema = {
@@ -2566,9 +2900,13 @@ function R2Explorer(config) {
   openapi.post("/api/buckets/:bucket/delete", DeleteObject);
   openapi.on("head", "/api/buckets/:bucket/:key", HeadObject);
   openapi.get("/api/buckets/:bucket/:key/head", HeadObject);
+  openapi.post("/api/buckets/:bucket/:key/share", CreateShareLink);
+  openapi.get("/api/buckets/:bucket/shares", ListShares);
+  openapi.delete("/api/buckets/:bucket/share/:shareId", DeleteShareLink);
   openapi.get("/api/buckets/:bucket/:key", GetObject);
   openapi.post("/api/buckets/:bucket/:key", PutMetadata);
   openapi.post("/api/emails/send", SendEmail);
+  openapi.get("/share/:shareId", GetShareLink);
   openapi.get("/", dashboardIndex);
   openapi.get("*", dashboardRedirect);
   app.all(