rajt 0.0.29 → 0.0.31

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "rajt",
   "description": "A serverless bundler layer, fully typed for AWS Lambda (Node.js and LLRT) and Cloudflare Workers.",
-  "version": "0.0.29",
+  "version": "0.0.31",
   "type": "module",
   "main": "dist/index.js",
   "exports": {

package/src/action.ts

@@ -3,10 +3,8 @@
 import { Context, Handler, ValidationTargets } from 'hono'
 import { z, ZodObject } from 'zod'
 import { zValidator } from '@hono/zod-validator'
-import JsonResponse from './response'
-import { bufferToFormData } from 'hono/utils/buffer'
-import { HTTPException } from 'hono/http-exception'
-import { BodyData } from 'hono/utils/body'
+import Response from './response'
+import cx from './context'
 
 export type ActionType = Function | Handler | Action | (new () => Action)
 
@@ -16,10 +14,10 @@ type RuleDefinition = {
   eTarget?: 'fieldErrors' | 'formErrors'
 }
 
-export default abstract class Action {
-  rule<T extends keyof ValidationTargets>(target: T): { schema: (schema: ZodObject<any>) => RuleDefinition }
-  rule<T extends keyof ValidationTargets>(target: T, schema: ZodObject<any>): RuleDefinition
-  rule<T extends keyof ValidationTargets>(target: T, schema?: ZodObject<any>):
+export default class Action {
+  static rule<T extends keyof ValidationTargets>(target: T): { schema: (schema: ZodObject<any>) => RuleDefinition }
+  static rule<T extends keyof ValidationTargets>(target: T, schema: ZodObject<any>): RuleDefinition
+  static rule<T extends keyof ValidationTargets>(target: T, schema?: ZodObject<any>):
     | { schema: (schema: ZodObject<any>) => RuleDefinition }
     | RuleDefinition
   {
@@ -40,101 +38,19 @@ export default abstract class Action {
     }
   }
 
-  param(key: string) {
-    return this.cx.req.param(key)
-  }
-
-  query() {
-    return this.cx.req.query()
-  }
-
-  async form(cType?: string) {
-    cType ??= this.cx.req.header('Content-Type')
-    if (!cType) return {}
-
-    let formData: FormData
-
-    if (this.cx.req.bodyCache.formData) {
-      formData = await this.cx.req.bodyCache.formData
-    } else {
-      try {
-        const arrayBuffer = await this.cx.req.arrayBuffer()
-        formData = await bufferToFormData(arrayBuffer, cType)
-        this.cx.req.bodyCache.formData = formData
-      } catch (e) {
-        throw new HTTPException(400, {
-          message: 'Malformed FormData request.'
-                   + (e instanceof Error ? ` ${e.message}` : ` ${String(e)}`)
-        })
-      }
-    }
-
-    const form: BodyData<{ all: true }> = {}
-    formData.forEach((value, key) => {
-      if (key.endsWith('[]')) {
-        ;((form[key] ??= []) as unknown[]).push(value)
-      } else if (Array.isArray(form[key])) {
-        ;(form[key] as unknown[]).push(value)
-      } else if (key in form) {
-        form[key] = [form[key] as string | File, value]
-      } else {
-        form[key] = value
-      }
-    })
-
-    return form
-  }
-
-  async json<E>() {
-    try {
-      return await this.cx.req.json<E>()
-    } catch {
-      throw new HTTPException(400, { message: 'Malformed JSON in request body' })
-    }
-  }
-
-  async body<E>() {
-    const cType = this.cx.req.header('Content-Type')
-    if (!cType) return {} as E
-
-    if (/^application\/([a-z-\.]+\+)?json(;\s*[a-zA-Z0-9\-]+\=([^;]+))*$/.test(cType)) {
-      return await this.json<E>()
-    }
-
-    if (
-      /^multipart\/form-data(;\s?boundary=[a-zA-Z0-9'"()+_,\-./:=?]+)?$/.test(cType)
-      && ! /^application\/x-www-form-urlencoded(;\s*[a-zA-Z0-9\-]+\=([^;]+))*$/.test(cType)
-    ) {
-        return await this.form() as E
-    }
-
-    return {} as E
-  }
-
-  get response() {
-    return JsonResponse
-  }
-
-  get cx() {
-    return JsonResponse.cx
-  }
-
-  get cookie() {
-    return JsonResponse.cookie
-  }
-
-  validate() {
+  static validate() {
     const rules = this.rules()
     const h = async (c: Context) => {
-      return await this.handle(this.cx)
+      return await this.handle(cx.cx)
     }
     if (!rules) return [h]
 
-    const rulesArray = (Array.isArray(rules) ? rules : [rules])
+    const rulesArray: Function[] = (Array.isArray(rules) ? rules : [rules])
+      // @ts-ignore
       .map(rule => zValidator(rule.target, rule.schema, (result, c) => {
         if (!result.success) {
           // @ts-ignore
-          return JsonResponse.badRequest({ ...result.error.flatten()[rule.eTarget] })
+          return Response.badRequest({ ...result.error.flatten()[rule.eTarget] })
         }
       }))
 
@@ -142,34 +58,15 @@ export default abstract class Action {
     return rulesArray
   }
 
-  run() {
+  static run() {
     return this.validate()
   }
 
-  // PUBLIC API
-
-  get auth() {
-    const auth = this.cx.get('#auth')
-    return auth ? auth?.data : null
-  }
-
-  can(...abilities: string[]): boolean {
-    const auth = this.cx.get('#auth')
-    return auth ? auth.can(...abilities) : false
-  }
-
-  cant(...abilities: string[]): boolean {
-    return !this.can(...abilities)
-  }
-
-  hasRole(...roles: string[]): boolean {
-    const auth = this.cx.get('#auth')
-    return auth ? auth.hasRole(...roles) : false
-  }
-
-  rules(): RuleDefinition[] | RuleDefinition | null {
+  static rules(): RuleDefinition[] | RuleDefinition | null {
     return null
   }
 
-  abstract handle(c: Context): Promise<Response>
+  static async handle(c: Context): Promise<Response> {
+    return Promise.resolve(Response.raw(200, 'Action handle not implemented'))
+  }
 }

package/src/auth/auth.ts

@@ -1,66 +1,26 @@
-import { Ability } from './ability'
+import { Authnz } from './authnz'
+import { Token } from './token'
 
-export class Authnz<T extends object> {
-  #abilities: string[]
-  #roles: string[]
-  #data: T
+export class Auth {
+  static #u: Authnz<any> | null = null
 
-  constructor(data: T, abilities: string[], roles: string[]) {
-    this.#abilities = abilities
-    this.#roles = roles
-    this.#data = data
+  static resolve() {
+    this.#u = Authnz.fromToken(Token.fromRequest())
   }
 
-  can(...abilities: string[]): boolean {
-    if (this.#abilities.includes('*')) return true
-
-    return abilities.flat().every(ability => {
-      if (this.#roles.includes(ability)) return true
-      return this.#abilities.some(rule => this.#match(rule, ability))
-    })
-  }
-  cant(...abilities: string[]): boolean {
-    return !this.can(...abilities)
+  static get user() {
+    return this.#u ? this.#u?.data : null
   }
 
-  hasRole(...roles: string[]): boolean {
-    return roles.flat().every(role => this.#roles.includes(role))
+  static can(...abilities: string[]): boolean {
+    return this.#u ? this.#u.can(...abilities) : false
   }
 
-  static fromToken<T extends object>(user: any): Authnz<T> | null {
-    if (!user || user?.isInvalid()) return null
-    user = user.get()
-    const roles = [...(user?.role ? [user.role] : []), ...(user?.roles ?? [])]
-
-    const combined = [...(user?.perms ?? []), ...roles.flatMap(role => {
-      const perms = Ability.roles[role]
-      if (!perms) return []
-      return perms === '*' ? ['*'] : perms;
-    })]
-
-    const abilities = combined.includes('*') ? ['*'] : Array.from(new Set(combined))
-
-    return new Authnz(user as T, abilities, roles)
-  }
-
-  #match(rule: string, ability: string): boolean {
-    if (rule === ability) return true
-    if (rule.endsWith('.*')) {
-      const prefix = rule.slice(0, -2)
-      return ability.startsWith(`${prefix}.`) || ability === prefix
-    }
-    return false
-  }
-
-  get abilities() {
-    return this.#abilities
-  }
-
-  get roles() {
-    return this.#roles
+  static cant(...abilities: string[]): boolean {
+    return !this.can(...abilities)
   }
 
-  get data() {
-    return this.#data
+  static hasRole(...roles: string[]): boolean {
+    return this.#u ? this.#u.hasRole(...roles) : false
   }
 }

package/src/auth/authnz.ts

@@ -0,0 +1,66 @@
+import { Ability } from './ability'
+
+export class Authnz<T extends object> {
+  #abilities: string[]
+  #roles: string[]
+  #data: T
+
+  constructor(data: T, abilities: string[], roles: string[]) {
+    this.#abilities = abilities
+    this.#roles = roles
+    this.#data = data
+  }
+
+  can(...abilities: string[]): boolean {
+    if (this.#abilities.includes('*')) return true
+
+    return abilities.flat().every(ability => {
+      if (this.#roles.includes(ability)) return true
+      return this.#abilities.some(rule => this.#match(rule, ability))
+    })
+  }
+  cant(...abilities: string[]): boolean {
+    return !this.can(...abilities)
+  }
+
+  hasRole(...roles: string[]): boolean {
+    return roles.flat().every(role => this.#roles.includes(role))
+  }
+
+  static fromToken<T extends object>(user: any): Authnz<T> | null {
+    if (!user || user?.isInvalid()) return null
+    user = user.get()
+    const roles = [...(user?.role ? [user.role] : []), ...(user?.roles ?? [])]
+
+    const combined = [...(user?.perms ?? []), ...roles.flatMap(role => {
+      const perms = Ability.roles[role]
+      if (!perms) return []
+      return perms === '*' ? ['*'] : perms;
+    })]
+
+    const abilities = combined.includes('*') ? ['*'] : Array.from(new Set(combined))
+
+    return new Authnz(user as T, abilities, roles)
+  }
+
+  #match(rule: string, ability: string): boolean {
+    if (rule === ability) return true
+    if (rule.endsWith('.*')) {
+      const prefix = rule.slice(0, -2)
+      return ability.startsWith(`${prefix}.`) || ability === prefix
+    }
+    return false
+  }
+
+  get abilities() {
+    return this.#abilities
+  }
+
+  get roles() {
+    return this.#roles
+  }
+
+  get data() {
+    return this.#data
+  }
+}

package/src/auth/index.ts

@@ -1,5 +1,6 @@
 export { Ability } from './ability'
-export { Authnz } from './auth'
+export { Auth } from './auth'
+export { Authnz } from './authnz'
 export { Token } from './token'
 
 export * from './types'

package/src/auth/token.ts

@@ -1,18 +1,18 @@
 import { Envir } from 't0n'
 import { Token as Factory } from 'cripta'
-import type { Context, HonoRequest, Next } from 'hono'
+import c from '../context'
 
 export class Token {
   static #name: string = 'Authorization'
   static #prefix: string = 'bearer'
 
-  static fromRequest(c: Context) {
-    const token = this.fromHeader(c.req)
-    return token ? this.parse(c.req, token) : null
+  static fromRequest() {
+    const token = this.fromCookie() || this.fromHeader()
+    return token ? this.parse(token) : null
   }
 
-  static fromHeader(req: HonoRequest): string | null {
-    const header = req.header(this.#name) || req.header('HTTP_AUTHORIZATION') || req.header('REDIRECT_HTTP_AUTHORIZATION') || null
+  static fromHeader(): string | null {
+    const header = c.cx.req.header(this.#name) || c.cx.req.header('HTTP_AUTHORIZATION') || c.cx.req.header('REDIRECT_HTTP_AUTHORIZATION') || null
 
     if (header) {
       const position = header.toLowerCase().indexOf(this.#prefix.toLowerCase())
@@ -28,17 +28,28 @@ export class Token {
     return null
   }
 
-  static parse(req: HonoRequest, token: string) {
-    const host = this.host(Envir.get('FLOW_SERVER') || req.header('host') || '')
+  static fromCookie(): string | null {
+    const uid = c.cx.req.header('uid')
+
+    if (uid) {
+      const auth = c.cookie.get('__auth_' + uid)
+      return auth ? auth : null
+    }
+
+    return null
+  }
+
+  static parse(token: string) {
+    const host = this.host(Envir.get('FLOW_SERVER') || c.cx.req.header('host') || '')
 
     return Factory.parse(token)
       .issuedBy(host)
       .permittedFor(host)
   }
 
-  static create(req: HonoRequest, user: any, exp: number = 7200) {
+  static create(user: any, exp: number = 7200) {
     const time = Math.floor(Date.now() / 1000)
-    const host = this.host(req.header('host') || '')
+    const host = this.host(c.cx.req.header('host') || '')
 
     return Factory.create()
       .issuedBy(host)

package/src/context.ts

@@ -0,0 +1,31 @@
+import { Context } from 'hono'
+import { getCookie, getSignedCookie, setCookie, setSignedCookie, deleteCookie } from 'hono/cookie'
+import type { CookieOptions, CookiePrefixOptions } from 'hono/utils/cookie'
+
+const cookieWrapper = (c: Context) => ({
+  all: () => getCookie(c),
+  allSigned: (secret: string) => getSignedCookie(c, secret),
+  get: (name: string, prefixOptions?: CookiePrefixOptions) => prefixOptions ? getCookie(c, name, prefixOptions) : getCookie(c, name),
+  getSigned: (secret: string, name: string, prefixOptions?: CookiePrefixOptions) => prefixOptions ? getSignedCookie(c, secret, name, prefixOptions) : getSignedCookie(c, secret, name),
+  set: (name: string, value: string, opt?: CookieOptions) => setCookie(c, name, value, opt),
+  setSigned: (name: string, value: string, secret: string, opt?: CookieOptions) => setSignedCookie(c, name, value, secret, opt),
+  delete: (name: string, opt?: CookieOptions) => deleteCookie(c, name, opt)
+})
+
+export default class CX {
+  static #c: Context
+  static #cookie: ReturnType<typeof cookieWrapper>
+
+  static setContext(c: Context) {
+    this.#c = c
+    this.#cookie = cookieWrapper(c)
+  }
+
+  static get cx(): Context {
+    return this.#c
+  }
+
+  static get cookie() {
+    return this.#cookie
+  }
+}

package/src/create-app.ts

@@ -4,13 +4,15 @@ import type { Env, Context, ErrorHandler, NotFoundHandler, Next } from 'hono'
 // import type { MiddlewareHandler } from 'hono'
 // import { createMiddleware } from 'hono/factory'
 // import type { H, Handler, HandlerResponse } from 'hono/types'
-import { HTTPResponseError } from 'hono/types'
-import { Routes } from './types'
+import type { HTTPResponseError } from 'hono/types'
+import type { Routes } from './types'
 import { BadRequest, Unauthorized } from './exceptions'
-import response from './response'
 import { resolve, resolveMiddleware } from './utils/resolve'
 import { getMiddlewares, getHandler } from './register'
 import env from './utils/environment'
+import { Auth } from './auth'
+import response from './response'
+import cx from './context'
 
 type InitFunction<E extends Env = Env> = (app: Hono<E>) => void
 
@@ -78,16 +80,18 @@ export const createApp = <E extends Env>(options?: ServerOptions<E>) => {
   const app = options?.app ?? new Hono<E>()
 
   app.use(async (c: Context, next: Next) => {
-    response.setContext(c)
+    cx.setContext(c)
+    Auth.resolve()
     await next()
   })
   getMiddlewares().forEach(mw => {
-    const h = async (c: Context, next: Next) => await resolveMiddleware(mw)(response.cx, next)
+    const h = async (c: Context, next: Next) => await resolveMiddleware(mw)(cx.cx, next)
     // @ts-ignore
     mw?.path ? app.use(String(mw.path), h) : app.use(h)
   })
-
+  // @ts-ignore
   app.onError(options?.onError || EHandler)
+  // @ts-ignore
   app.notFound(options?.notFound || NFHandler)
 
   if (options?.init) options.init(app)
@@ -95,12 +99,11 @@ export const createApp = <E extends Env>(options?: ServerOptions<E>) => {
   const routes = options?.routes || []
   for (const route of routes) {
     if (Array.isArray(route)) {
-      const handle = getHandler(route[3])
       // @ts-ignore
-      app[route[0]](route[1], ...mw(route[2], route[3]), ...resolve(handle))
+      app[route[0]](route[1], ...mw(route[2], route[3]), ...resolve(getHandler(route[3]), route[3]))
     } else {
       // @ts-ignore
-      app[route.method](route.path, ...mw(route.middlewares, route.name), ...resolve(route.handle))
+      app[route.method](route.path, ...mw(route.middlewares, route.name), ...resolve(route.handle, route.name))
     }
   }
 

package/src/http.ts

@@ -1,7 +1,7 @@
 import type { Context, Next } from 'hono'
 import { MiddlewareType } from './middleware'
-import JsonResponse from './response'
-import { Ability, Authnz, Token } from './auth'
+import Response from './response'
+import { Ability, Auth as Gate } from './auth'
 import mergeMiddleware from './utils/merge-middleware'
 
 function method(method: string, path = '/') {
@@ -52,15 +52,12 @@ export function Auth(...args: any[]): void | ClassDecorator {
 
 function _auth(target: Function | any) {
   mergeMiddleware(target, async (c: Context, next: Next) => {
-    const unauthorized = JsonResponse.unauthorized()
-
-    const auth = Authnz.fromToken(Token.fromRequest(c))
+    const auth = Gate.user()
     const ability = Ability.fromAction(target)
 
     if (!auth || !ability || auth.cant(ability))
-      return unauthorized
+      return Response.unauthorized()
 
-    c.set('#auth', auth)
     await next()
   })
 }

package/src/index.ts

@@ -1,4 +1,6 @@
 export { default as Action } from './action'
+export { Auth } from './auth/auth'
 export { default as Middleware } from './middleware'
-export { default as JsonResponse } from './response'
+export { default as Request } from './request'
+export { default as Response } from './response'
 export { default as Enum } from './enum'

package/src/middleware.ts

@@ -1,7 +1,7 @@
 import type { Context, MiddlewareHandler, Next } from 'hono'
 
 export type MiddlewareType = MiddlewareHandler | Middleware | (new () => Middleware)
-export default abstract class Middleware {
+export default class Middleware {
   static factory?: Function
   static opts?: object | any[]
   static path: string = '*'

package/src/register.ts

@@ -1,24 +1,13 @@
-export const handlers = {}
+export const handlers: Record<string, Function> = {}
 
 export function registerHandler(id: string, handler: any) {
-  if (typeof handler === 'function') {
-    // @ts-ignore
-    handlers[id] = handler
-  } else if (handler.prototype?.handle) {
-    const instance = new handler()
-    // @ts-ignore
-    handlers[id] = instance.handle.bind(instance)
-  } else if (handler.run) {
-    const instance = new handler()
-    // @ts-ignore
-    handlers[id] = instance.run.bind(instance)
-  } else {
-    console.warn(`Handler ${id} could not be registered - unsupported type`)
-  }
+  if (id in handlers)
+    console.warn(`Handler "${id}" has already been registered`)
+
+  handlers[id] = handler
 }
 
 export function getHandler(id: string): Function {
-  // @ts-ignore
   const handler = handlers[id] || null
   if (!handler) throw new Error(`Handler ${id} not registered`)
   return handler

package/src/request.ts

@@ -0,0 +1,90 @@
+import { bufferToFormData } from 'hono/utils/buffer'
+import { HTTPException } from 'hono/http-exception'
+import type { BodyData } from 'hono/utils/body'
+import Response from './response'
+import c from './context'
+
+export default class Request {
+  static param(key: string) {
+    return c.cx.req.param(key)
+  }
+
+  static query() {
+    return c.cx.req.query()
+  }
+
+  static async form(cType?: string) {
+    cType ??= c.cx.req.header('Content-Type')
+    if (!cType) return {}
+
+    let formData: FormData
+
+    if (c.cx.req.bodyCache.formData) {
+      formData = await c.cx.req.bodyCache.formData
+    } else {
+      try {
+        const arrayBuffer = await c.cx.req.arrayBuffer()
+        formData = await bufferToFormData(arrayBuffer, cType)
+        c.cx.req.bodyCache.formData = formData
+      } catch (e) {
+        throw new HTTPException(400, {
+          message: 'Malformed FormData request.'
+                   + (e instanceof Error ? ` ${e.message}` : ` ${String(e)}`)
+        })
+      }
+    }
+
+    const form: BodyData<{ all: true }> = {}
+    formData.forEach((value, key) => {
+      if (key.endsWith('[]')) {
+        ;((form[key] ??= []) as unknown[]).push(value)
+      } else if (Array.isArray(form[key])) {
+        ;(form[key] as unknown[]).push(value)
+      } else if (key in form) {
+        form[key] = [form[key] as string | File, value]
+      } else {
+        form[key] = value
+      }
+    })
+
+    return form
+  }
+
+  static async json<E>() {
+    try {
+      return await c.cx.req.json<E>()
+    } catch {
+      throw new HTTPException(400, { message: 'Malformed JSON in request body' })
+    }
+  }
+
+  static async body<E>() {
+    const cType = c.cx.req.header('Content-Type')
+    if (!cType) return {} as E
+
+    if (/^application\/([a-z-\.]+\+)?json(;\s*[a-zA-Z0-9\-]+\=([^;]+))*$/.test(cType)) {
+      return await Request.json<E>()
+    }
+
+    if (
+      /^multipart\/form-data(;\s?boundary=[a-zA-Z0-9'"()+_,\-./:=?]+)?$/.test(cType)
+      && ! /^application\/x-www-form-urlencoded(;\s*[a-zA-Z0-9\-]+\=([^;]+))*$/.test(cType)
+    ) {
+        return await Request.form() as E
+    }
+
+    return {} as E
+  }
+
+  static get response() {
+    return Response
+  }
+
+  static get cx() {
+    return c.cx
+  }
+
+  static get cookie() {
+    return c.cookie
+  }
+}

package/src/response.ts

@@ -1,39 +1,10 @@
-import { Context } from 'hono'
 import type { ContentfulStatusCode, StatusCode } from 'hono/utils/http-status'
-import { ErrorResponse, Errors } from './types'
-import { getCookie, getSignedCookie, setCookie, setSignedCookie, deleteCookie } from 'hono/cookie'
-import type { CookieOptions, CookiePrefixOptions } from 'hono/utils/cookie'
-
-const cookieWrapper = (c: Context) => ({
-  all: () => getCookie(c),
-  allSigned: (secret: string) => getSignedCookie(c, secret),
-  get: (name: string, prefixOptions?: CookiePrefixOptions) => prefixOptions ? getCookie(c, name, prefixOptions) : getCookie(c, name),
-  getSigned: (secret: string, name: string, prefixOptions?: CookiePrefixOptions) => prefixOptions ? getSignedCookie(c, secret, name, prefixOptions) : getSignedCookie(c, secret, name),
-  set: (name: string, value: string, opt?: CookieOptions) => setCookie(c, name, value, opt),
-  setSigned: (name: string, value: string, secret: string, opt?: CookieOptions) => setSignedCookie(c, name, value, secret, opt),
-  delete: (name: string, opt?: CookieOptions) => deleteCookie(c, name, opt)
-})
-
-export default class JsonResponse {
-  static #c: Context
-  static #cookie: ReturnType<typeof cookieWrapper>
-
-  static setContext(c: Context) {
-    this.#c = c
-    this.#cookie = cookieWrapper(c)
-    return this
-  }
-
-  static get cx(): Context {
-    return this.#c
-  }
-
-  static get cookie() {
-    return this.#cookie
-  }
+import type { ErrorResponse, Errors } from './types'
+import c from './context'
 
+export default class Response {
   static raw(status?: StatusCode, body?: string) {
-    return this.cx.newResponse(body ? body : null, { status })
+    return c.cx.newResponse(body ? body : null, { status })
   }
 
   static ok(): Response
@@ -42,7 +13,7 @@ export default class JsonResponse {
     if (data === undefined)
       return this.raw(200)
 
-    return this.cx.json(data, 200)
+    return c.cx.json(data, 200)
   }
 
   static created(): Response
@@ -51,7 +22,7 @@ export default class JsonResponse {
     if (data === undefined)
       return this.raw(201)
 
-    return this.cx.json(data, 201)
+    return c.cx.json(data, 201)
   }
 
   static accepted(): Response
@@ -60,7 +31,7 @@ export default class JsonResponse {
     if (data === undefined)
       return this.raw(202)
 
-    return this.cx.json(data, 202)
+    return c.cx.json(data, 202)
   }
 
   static deleted() {
@@ -82,7 +53,7 @@ export default class JsonResponse {
     if (data === undefined)
       return this.raw(401)
 
-    return this.cx.json(data, 401)
+    return c.cx.json(data, 401)
   }
 
   static forbidden(): Response
@@ -91,7 +62,7 @@ export default class JsonResponse {
     if (data === undefined)
       return this.raw(403)
 
-    return this.cx.json(data, 403)
+    return c.cx.json(data, 403)
   }
 
   static notFound(): Response
@@ -124,6 +95,6 @@ export default class JsonResponse {
     if (msg) resp.m = msg
     if (errors) resp.e = errors
 
-    return this.cx.json(resp, status)
+    return c.cx.json(resp, status)
   }
 }

package/src/routes.ts

@@ -62,7 +62,41 @@ export async function getRoutes(
     }
   )))
 
-  return routes
+  return sortRoutes(routes)
+}
+
+function sortRoutes(routes: Route[]) {
+  const metas = new Map<string, { score: number; segmentsCount: number }>()
+
+  for (const route of routes)
+    metas.set(route.path, computeRouteMeta(route.path))
+
+  return routes.sort((a, b) => {
+    const metaA = metas.get(a.path)!
+    const metaB = metas.get(b.path)!
+
+    if (metaA.score === metaB.score)
+      return metaB.segmentsCount - metaA.segmentsCount
+
+    return metaB.score - metaA.score
+  })
+}
+
+function computeRouteMeta(path: string) {
+  const segments = path.split('/').filter(Boolean)
+
+  let score = 0
+  for (const segment of segments) {
+    if (segment === '*') {
+      score += 0
+    } else if (segment.startsWith(':')) {
+      score += 1
+    } else {
+      score += 10
+    }
+  }
+
+  return { score, segmentsCount: segments.length }
 }
 
 export async function getMiddlewares(

package/src/utils/resolve.ts

@@ -1,21 +1,24 @@
 import Action, { ActionType } from '../action'
 import { MiddlewareType } from '../middleware'
 
-export function resolve(obj: ActionType) {
+export function resolve(obj: ActionType, id: string) {
   if (typeof obj === 'function' && obj?.length === 2)
     return [obj]
 
-  if (obj instanceof Action)
+  if (obj?.run)
     return obj.run()
 
+  if (obj?.handle)
+    return obj.handle()
+
   const instance = new (obj as new () => Action)()
-  if (Action.isPrototypeOf(obj))
+  if (obj?.prototype?.run)
     return instance.run()
 
   if (obj?.prototype?.handle)
     return [instance.handle]
 
-  throw new Error('Invalid action')
+  throw new Error(`Invalid action "${id}" - unsupported type`)
 }
 
 export function resolveMiddleware(obj: MiddlewareType) {