stratal 0.0.18 → 0.0.19

package/dist/http-method.decorator-BT3ufnz8.mjs

@@ -0,0 +1,96 @@
+import { f as ROUTE_METADATA_KEYS } from "./errors-B4pYgYON.mjs";
+import { i as z } from "./validation-Dbg3ehdP.mjs";
+//#region src/router/decorators/http-method.decorator.ts
+/**
+* Creates an HTTP method decorator factory for the given HTTP method.
+*
+* The returned decorator stores {@link ExplicitRouteMetadata} on the method and
+* tracks the method name under {@link ROUTE_METADATA_KEYS.DECORATED_METHODS}
+* on the controller prototype so they can be discovered at registration time.
+*/
+function createHttpMethodDecorator(method) {
+	return function(path, config) {
+		return function(target, propertyKey, descriptor) {
+			const metadata = {
+				type: "explicit",
+				method,
+				path,
+				config: config ?? { response: z.any() }
+			};
+			Reflect.defineMetadata(ROUTE_METADATA_KEYS.ROUTE_CONFIG, metadata, target, propertyKey);
+			const existing = Reflect.getOwnMetadata(ROUTE_METADATA_KEYS.DECORATED_METHODS, target) ?? [];
+			existing.push(propertyKey);
+			Reflect.defineMetadata(ROUTE_METADATA_KEYS.DECORATED_METHODS, existing, target);
+			return descriptor;
+		};
+	};
+}
+/**
+* Registers a GET route on the controller method.
+*
+* @param path - Route path relative to the controller base path
+* @param config - Optional route configuration (response schema, body, params, etc.)
+*
+* @example
+* ```typescript
+* @Controller('/api/v1/users')
+* class UsersController {
+*   @Get('/', { response: z.array(userSchema), summary: 'List users' })
+*   async list(ctx: RouterContext) { ... }
+*
+*   @Get('/:id', { params: z.object({ id: z.string().uuid() }), response: userSchema })
+*   async getUser(ctx: RouterContext) { ... }
+* }
+* ```
+*/
+const Get = createHttpMethodDecorator("get");
+/**
+* Registers a POST route on the controller method.
+*
+* @param path - Route path relative to the controller base path
+* @param config - Optional route configuration (response schema, body, params, etc.)
+*
+* @example
+* ```typescript
+* @Controller('/api/v1/users')
+* class UsersController {
+*   @Post('/', { body: createUserSchema, response: userSchema, statusCode: 201 })
+*   async createUser(ctx: RouterContext) { ... }
+* }
+* ```
+*/
+const Post = createHttpMethodDecorator("post");
+/**
+* Registers a PUT route on the controller method.
+*
+* @param path - Route path relative to the controller base path
+* @param config - Optional route configuration
+*/
+const Put = createHttpMethodDecorator("put");
+/**
+* Registers a PATCH route on the controller method.
+*
+* @param path - Route path relative to the controller base path
+* @param config - Optional route configuration
+*/
+const Patch = createHttpMethodDecorator("patch");
+/**
+* Registers a DELETE route on the controller method.
+*
+* @param path - Route path relative to the controller base path
+* @param config - Optional route configuration
+*/
+const Delete = createHttpMethodDecorator("delete");
+/**
+* Registers an ALL (any HTTP method) route on the controller method.
+* Routes using @All are registered without OpenAPI validation
+* since OpenAPI does not support a catch-all HTTP method.
+*
+* @param path - Route path relative to the controller base path
+* @param config - Optional route configuration
+*/
+const All = createHttpMethodDecorator("all");
+//#endregion
+export { Post as a, Patch as i, Delete as n, Put as o, Get as r, All as t };
+
+//# sourceMappingURL=http-method.decorator-BT3ufnz8.mjs.map

package/dist/http-method.decorator-BT3ufnz8.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-method.decorator-BT3ufnz8.mjs","names":[],"sources":["../src/router/decorators/http-method.decorator.ts"],"sourcesContent":["import { z } from '../../i18n/validation'\nimport { ROUTE_METADATA_KEYS } from '../constants'\nimport type { ExplicitRouteMetadata, HttpMethod, RouteConfig } from '../types'\n\n/**\n * Creates an HTTP method decorator factory for the given HTTP method.\n *\n * The returned decorator stores {@link ExplicitRouteMetadata} on the method and\n * tracks the method name under {@link ROUTE_METADATA_KEYS.DECORATED_METHODS}\n * on the controller prototype so they can be discovered at registration time.\n */\nfunction createHttpMethodDecorator(method: HttpMethod) {\n  return function (path: string, config?: RouteConfig) {\n    return function (\n      target: object,\n      propertyKey: string,\n      descriptor: PropertyDescriptor\n    ) {\n      const metadata: ExplicitRouteMetadata = {\n        type: 'explicit',\n        method,\n        path,\n        config: config ?? { response: z.any() },\n      }\n\n      Reflect.defineMetadata(\n        ROUTE_METADATA_KEYS.ROUTE_CONFIG,\n        metadata,\n        target,\n        propertyKey\n      )\n\n      // Track this method as decorated on the prototype\n      const existing: string[] =\n        (Reflect.getOwnMetadata(ROUTE_METADATA_KEYS.DECORATED_METHODS, target) as string[] | undefined) ?? []\n      existing.push(propertyKey)\n      Reflect.defineMetadata(ROUTE_METADATA_KEYS.DECORATED_METHODS, existing, target)\n\n      return descriptor\n    }\n  }\n}\n\n/**\n * Registers a GET route on the controller method.\n *\n * @param path - Route path relative to the controller base path\n * @param config - Optional route configuration (response schema, body, params, etc.)\n *\n * @example\n * ```typescript\n * @Controller('/api/v1/users')\n * class UsersController {\n *   @Get('/', { response: z.array(userSchema), summary: 'List users' })\n *   async list(ctx: RouterContext) { ... }\n *\n *   @Get('/:id', { params: z.object({ id: z.string().uuid() }), response: userSchema })\n *   async getUser(ctx: RouterContext) { ... }\n * }\n * ```\n */\nexport const Get = createHttpMethodDecorator('get')\n\n/**\n * Registers a POST route on the controller method.\n *\n * @param path - Route path relative to the controller base path\n * @param config - Optional route configuration (response schema, body, params, etc.)\n *\n * @example\n * ```typescript\n * @Controller('/api/v1/users')\n * class UsersController {\n *   @Post('/', { body: createUserSchema, response: userSchema, statusCode: 201 })\n *   async createUser(ctx: RouterContext) { ... }\n * }\n * ```\n */\nexport const Post = createHttpMethodDecorator('post')\n\n/**\n * Registers a PUT route on the controller method.\n *\n * @param path - Route path relative to the controller base path\n * @param config - Optional route configuration\n */\nexport const Put = createHttpMethodDecorator('put')\n\n/**\n * Registers a PATCH route on the controller method.\n *\n * @param path - Route path relative to the controller base path\n * @param config - Optional route configuration\n */\nexport const Patch = createHttpMethodDecorator('patch')\n\n/**\n * Registers a DELETE route on the controller method.\n *\n * @param path - Route path relative to the controller base path\n * @param config - Optional route configuration\n */\nexport const Delete = createHttpMethodDecorator('delete')\n\n/**\n * Registers an ALL (any HTTP method) route on the controller method.\n * Routes using @All are registered without OpenAPI validation\n * since OpenAPI does not support a catch-all HTTP method.\n *\n * @param path - Route path relative to the controller base path\n * @param config - Optional route configuration\n */\nexport const All = createHttpMethodDecorator('all')\n"],"mappings":";;;;;;;;;;AAWA,SAAS,0BAA0B,QAAoB;AACrD,QAAO,SAAU,MAAc,QAAsB;AACnD,SAAO,SACL,QACA,aACA,YACA;GACA,MAAM,WAAkC;IACtC,MAAM;IACN;IACA;IACA,QAAQ,UAAU,EAAE,UAAU,EAAE,KAAK,EAAE;IACxC;AAED,WAAQ,eACN,oBAAoB,cACpB,UACA,QACA,YACD;GAGD,MAAM,WACH,QAAQ,eAAe,oBAAoB,mBAAmB,OAAO,IAA6B,EAAE;AACvG,YAAS,KAAK,YAAY;AAC1B,WAAQ,eAAe,oBAAoB,mBAAmB,UAAU,OAAO;AAE/E,UAAO;;;;;;;;;;;;;;;;;;;;;;AAuBb,MAAa,MAAM,0BAA0B,MAAM;;;;;;;;;;;;;;;;AAiBnD,MAAa,OAAO,0BAA0B,OAAO;;;;;;;AAQrD,MAAa,MAAM,0BAA0B,MAAM;;;;;;;AAQnD,MAAa,QAAQ,0BAA0B,QAAQ;;;;;;;AAQvD,MAAa,SAAS,0BAA0B,SAAS;;;;;;;;;AAUzD,MAAa,MAAM,0BAA0B,MAAM"}

package/dist/i18n/index.d.mts

@@ -1,3 +1,3 @@
-import { A as LocaleNotSupportedError, C as DetectionStrategy, D as buildDetectorOptions, E as ResolvedI18nOptions, O as resolveI18nOptions, S as I18nModule, T as LanguageDetectionOptions, _ as Messages, b as messages, g as MessageRegistry, h as MessageLoaderService, k as TranslationMissingError, m as I18nContextMiddleware, v as getLocales, w as I18nModuleOptions, x as I18N_TOKENS, y as getMessages } from "../index-BrmS34sa.mjs";
-import { S as SystemMessageKeys, _ as II18nService, b as MessageParams, g as DeepKeys, h as AppMessages, m as AppMessageKeys, v as MessageKeyPrefix, x as Prefixes, y as MessageKeys } from "../index-Dfpd_ypO.mjs";
-export { AppMessageKeys, AppMessages, DeepKeys, DetectionStrategy, I18N_TOKENS, I18nContextMiddleware, I18nModule, I18nModuleOptions, II18nService, LanguageDetectionOptions, LocaleNotSupportedError, MessageKeyPrefix, MessageKeys, MessageLoaderService, MessageParams, MessageRegistry, Messages, Prefixes, ResolvedI18nOptions, SystemMessageKeys, TranslationMissingError, buildDetectorOptions, getLocales, getMessages, messages, resolveI18nOptions };
+import { A as LocaleNotSupportedError, C as DetectionStrategy, D as buildDetectorOptions, E as ResolvedI18nOptions, O as resolveI18nOptions, S as I18nModule, T as LanguageDetectionOptions, _ as Messages, b as messages, g as MessageRegistry, h as MessageLoaderService, k as TranslationMissingError, m as I18nContextMiddleware, v as getLocales, w as I18nModuleOptions, x as I18N_TOKENS, y as getMessages } from "../index-DPFqRs8L.mjs";
+import { C as SystemMessageKeys, S as Prefixes, _ as DeepKeys, b as MessageKeys, g as AppMessages, h as AppMessageNamespaces, m as AppMessageKeys, v as II18nService, x as MessageParams, y as MessageKeyPrefix } from "../index-B437eK7p.mjs";
+export { AppMessageKeys, AppMessageNamespaces, AppMessages, DeepKeys, DetectionStrategy, I18N_TOKENS, I18nContextMiddleware, I18nModule, I18nModuleOptions, II18nService, LanguageDetectionOptions, LocaleNotSupportedError, MessageKeyPrefix, MessageKeys, MessageLoaderService, MessageParams, MessageRegistry, Messages, Prefixes, ResolvedI18nOptions, SystemMessageKeys, TranslationMissingError, buildDetectorOptions, getLocales, getMessages, messages, resolveI18nOptions };

package/dist/i18n/index.mjs

@@ -1,3 +1,3 @@
-import { w as I18N_TOKENS } from "../errors--RBIvDXr.mjs";
-import { B as MessageRegistry, G as buildDetectorOptions, H as getLocales, J as LocaleNotSupportedError, K as resolveI18nOptions, U as getMessages, V as MessageLoaderService, W as messages, X as I18nContextMiddleware, q as TranslationMissingError, t as I18nModule } from "../i18n.module-BpLLLCTg.mjs";
+import { w as I18N_TOKENS } from "../errors-B4pYgYON.mjs";
+import { B as LocaleNotSupportedError, F as getMessages, H as I18nContextMiddleware, I as messages, L as buildDetectorOptions, M as MessageRegistry, N as MessageLoaderService, P as getLocales, R as resolveI18nOptions, t as I18nModule, z as TranslationMissingError } from "../i18n.module-CI_prYFD.mjs";
 export { I18N_TOKENS, I18nContextMiddleware, I18nModule, LocaleNotSupportedError, MessageLoaderService, MessageRegistry, TranslationMissingError, buildDetectorOptions, getLocales, getMessages, messages, resolveI18nOptions };

package/dist/i18n/messages/en/index.d.mts

@@ -1,2 +1,2 @@
-import { a as errors, i as emails, n as zodI18n, o as common, r as validation } from "../../../index-BDh9J2KD.mjs";
+import { a as errors, i as emails, n as zodI18n, o as common, r as validation } from "../../../index-DFhEeFfC.mjs";
 export { common, emails, errors, validation, zodI18n };

package/dist/i18n/messages/en/index.mjs

@@ -1,2 +1,2 @@
-import { a as errors, i as emails, n as zodI18n, o as common, r as validation } from "../../../en-3QnZwP-u.mjs";
+import { a as errors, i as emails, n as zodI18n, o as common, r as validation } from "../../../en-rHmW6vD9.mjs";
 export { common, emails, errors, validation, zodI18n };

package/dist/i18n/utils/index.mjs

@@ -1,2 +1,2 @@
-import { t as setupI18nCompiler } from "../../setup-BRIN-iYT.mjs";
+import { t as setupI18nCompiler } from "../../setup-CtekcwuO.mjs";
 export { setupI18nCompiler };

package/dist/i18n/validation/index.d.mts

@@ -1,4 +1,4 @@
-import { c as runWithErrorMapContext, d as LocaleProvider, f as ZodCustomIssue, i as ZodError, l as ErrorMapContext, n as OpenAPIObject, o as z, p as withI18n, r as PathItemObject, s as backendErrorMap, t as OpenAPIHono, u as I18nErrorMetadata } from "../../index-Dfpd_ypO.mjs";
+import { c as runWithErrorMapContext, d as LocaleProvider, f as ZodCustomIssue, i as ZodError, l as ErrorMapContext, n as OpenAPIObject, o as z, p as withI18n, r as PathItemObject, s as backendErrorMap, t as OpenAPIHono, u as I18nErrorMetadata } from "../../index-B437eK7p.mjs";
 export * from "@hono/zod-openapi";
 export * from "zod";
 export { ErrorMapContext, I18nErrorMetadata, LocaleProvider, OpenAPIHono, OpenAPIObject, PathItemObject, ZodCustomIssue, ZodError, backendErrorMap, runWithErrorMapContext, withI18n, z };

package/dist/i18n/validation/index.mjs

@@ -1,3 +1,3 @@
-import { a as withI18n, i as z, n as ZodError, o as backendErrorMap, s as runWithErrorMapContext, t as OpenAPIHono } from "../../validation-B4bePOa_.mjs";
+import { a as withI18n, i as z, n as ZodError, o as backendErrorMap, s as runWithErrorMapContext, t as OpenAPIHono } from "../../validation-Dbg3ehdP.mjs";
 export * from "@hono/zod-openapi";
 export { OpenAPIHono, ZodError, backendErrorMap, runWithErrorMapContext, withI18n, z };

package/dist/{i18n.module-BpLLLCTg.mjs → i18n.module-CI_prYFD.mjs}

@@ -1,12 +1,15 @@
-import { A as Scope, D as runWithContainer, E as getContainer, H as ApplicationError, V as ROUTER_TOKENS, a as createHttpExceptionContext, c as DEFAULT_CONTENT_TYPE, d as ROUTER_CONTEXT_KEYS, f as ROUTE_METADATA_KEYS, k as ERROR_CODES, l as HTTP_METHODS, m as VERSION_NEUTRAL, p as SECURITY_SCHEMES, s as RouterContext, u as METHOD_STATUS_CODES, w as I18N_TOKENS } from "./errors--RBIvDXr.mjs";
-import { a as __decorate, d as CONTAINER_TOKEN, f as DI_TOKENS, g as getMethodInjections, o as __decorateParam, p as Transient, s as __decorateMetadata, u as LOGGER_TOKENS } from "./logger-c0ftIK4G.mjs";
-import { S as Module, _ as OpenAPIRouteRegistrationError, b as ControllerMethodNotFoundError, c as InvalidSignatureError, d as ResponseValidationError, f as RouteNameNotFoundError, h as RouteNotFoundError, l as MissingEnvironmentVariableError, m as SchemaValidationError, o as DomainMismatchError, s as DuplicateRouteNameError, u as MissingRouteParamError, v as HonoAppAlreadyConfiguredError, y as ControllerRegistrationError } from "./module-C3YZ-kZN.mjs";
-import { i as z, o as backendErrorMap, r as validation_exports, s as runWithErrorMapContext, t as OpenAPIHono } from "./validation-B4bePOa_.mjs";
-import { n as OPENAPI_TOKENS } from "./openapi-tools.service-B77QXD56.mjs";
-import { t as en_exports } from "./en-3QnZwP-u.mjs";
-import { i as getMethodGuards, r as getControllerGuards, t as GuardExecutionService } from "./guards-MtDgcHnF.mjs";
-import { c as getWsOnMessageMethod, d as isGateway, m as getControllerRoute, o as getWsOnCloseMethod, p as getControllerOptions, s as getWsOnErrorMethod, t as GatewayContext } from "./gateway-context-BdBFoQd8.mjs";
-import { t as setupI18nCompiler } from "./setup-BRIN-iYT.mjs";
+import { A as Scope, D as runWithContainer, E as getContainer, H as ApplicationError, V as ROUTER_TOKENS, a as createHttpExceptionContext, c as DEFAULT_CONTENT_TYPE, d as ROUTER_CONTEXT_KEYS, f as ROUTE_METADATA_KEYS, k as ERROR_CODES, l as HTTP_METHODS, m as VERSION_NEUTRAL, p as SECURITY_SCHEMES, s as RouterContext, u as METHOD_STATUS_CODES, w as I18N_TOKENS } from "./errors-B4pYgYON.mjs";
+import { a as __decorate, d as CONTAINER_TOKEN, f as DI_TOKENS, g as getMethodInjections, o as __decorateParam, p as Transient, s as __decorateMetadata, u as LOGGER_TOKENS } from "./logger-V6Ms3QnQ.mjs";
+import { C as Module, b as ControllerRegistrationError, c as InvalidSignatureError, d as MissingRouteParamError, f as ResponseValidationError, g as RouteNotFoundError, h as SchemaValidationError, l as MiddlewareNextCalledMultipleTimesError, o as DomainMismatchError, p as RouteNameNotFoundError, s as DuplicateRouteNameError, u as MissingEnvironmentVariableError, v as OpenAPIRouteRegistrationError, x as ControllerMethodNotFoundError, y as HonoAppAlreadyConfiguredError } from "./module-qGE_1duv.mjs";
+import { i as z, o as backendErrorMap, r as validation_exports, s as runWithErrorMapContext, t as OpenAPIHono } from "./validation-Dbg3ehdP.mjs";
+import { n as OPENAPI_TOKENS } from "./openapi-tools.service-CYWGuhue.mjs";
+import { t as en_exports } from "./en-rHmW6vD9.mjs";
+import { i as getMethodGuards, r as getControllerGuards, t as GuardExecutionService } from "./guards-DMbsAxSX.mjs";
+import { n as getControllerOptions, r as getControllerRoute } from "./controller.decorator-LZY9aHYG.mjs";
+import { c as getWsOnMessageMethod, d as isGateway, o as getWsOnCloseMethod, s as getWsOnErrorMethod, t as GatewayContext } from "./gateway-context-cqZ8wMoi.mjs";
+import "./http-method.decorator-BT3ufnz8.mjs";
+import { n as verifySignedUrl, t as signUrl } from "./signed-url-COX7cCWR.mjs";
+import { t as setupI18nCompiler } from "./setup-CtekcwuO.mjs";
 import { inject } from "tsyringe";
 import { createCoreContext, translate } from "@intlify/core-base";
 import { swaggerUI } from "@hono/swagger-ui";
@@ -705,105 +708,28 @@ function createMiddlewareChain(classes) {
 		let current = next;
 		for (let i = classes.length - 1; i >= 0; i--) {
 			const prevNext = current;
-			const middleware = requestContainer.resolve(classes[i]);
-			current = () => middleware.handle(ctx, prevNext);
+			const middlewareClass = classes[i];
+			current = () => {
+				const middleware = requestContainer.resolve(middlewareClass);
+				let called = false;
+				const guardedNext = () => {
+					if (called) {
+						const err = new MiddlewareNextCalledMultipleTimesError(middlewareClass.name ?? "anonymous");
+						console.error("[STRATAL DEBUG] next() called multiple times for " + middlewareClass.name);
+						console.error("[STRATAL DEBUG] Stack trace:", (/* @__PURE__ */ new Error()).stack);
+						return Promise.reject(err);
+					}
+					called = true;
+					return prevNext();
+				};
+				return middleware.handle(ctx, guardedNext);
+			};
 		}
 		const result = await current();
 		if (result instanceof Response) return result;
 	};
 }
 //#endregion
-//#region src/router/decorators/http-method.decorator.ts
-/**
-* Creates an HTTP method decorator factory for the given HTTP method.
-*
-* The returned decorator stores {@link ExplicitRouteMetadata} on the method and
-* tracks the method name under {@link ROUTE_METADATA_KEYS.DECORATED_METHODS}
-* on the controller prototype so they can be discovered at registration time.
-*/
-function createHttpMethodDecorator(method) {
-	return function(path, config) {
-		return function(target, propertyKey, descriptor) {
-			const metadata = {
-				type: "explicit",
-				method,
-				path,
-				config: config ?? { response: z.any() }
-			};
-			Reflect.defineMetadata(ROUTE_METADATA_KEYS.ROUTE_CONFIG, metadata, target, propertyKey);
-			const existing = Reflect.getOwnMetadata(ROUTE_METADATA_KEYS.DECORATED_METHODS, target) ?? [];
-			existing.push(propertyKey);
-			Reflect.defineMetadata(ROUTE_METADATA_KEYS.DECORATED_METHODS, existing, target);
-			return descriptor;
-		};
-	};
-}
-/**
-* Registers a GET route on the controller method.
-*
-* @param path - Route path relative to the controller base path
-* @param config - Optional route configuration (response schema, body, params, etc.)
-*
-* @example
-* ```typescript
-* @Controller('/api/v1/users')
-* class UsersController {
-*   @Get('/', { response: z.array(userSchema), summary: 'List users' })
-*   async list(ctx: RouterContext) { ... }
-*
-*   @Get('/:id', { params: z.object({ id: z.string().uuid() }), response: userSchema })
-*   async getUser(ctx: RouterContext) { ... }
-* }
-* ```
-*/
-const Get = createHttpMethodDecorator("get");
-/**
-* Registers a POST route on the controller method.
-*
-* @param path - Route path relative to the controller base path
-* @param config - Optional route configuration (response schema, body, params, etc.)
-*
-* @example
-* ```typescript
-* @Controller('/api/v1/users')
-* class UsersController {
-*   @Post('/', { body: createUserSchema, response: userSchema, statusCode: 201 })
-*   async createUser(ctx: RouterContext) { ... }
-* }
-* ```
-*/
-const Post = createHttpMethodDecorator("post");
-/**
-* Registers a PUT route on the controller method.
-*
-* @param path - Route path relative to the controller base path
-* @param config - Optional route configuration
-*/
-const Put = createHttpMethodDecorator("put");
-/**
-* Registers a PATCH route on the controller method.
-*
-* @param path - Route path relative to the controller base path
-* @param config - Optional route configuration
-*/
-const Patch = createHttpMethodDecorator("patch");
-/**
-* Registers a DELETE route on the controller method.
-*
-* @param path - Route path relative to the controller base path
-* @param config - Optional route configuration
-*/
-const Delete = createHttpMethodDecorator("delete");
-/**
-* Registers an ALL (any HTTP method) route on the controller method.
-* Routes using @All are registered without OpenAPI validation
-* since OpenAPI does not support a catch-all HTTP method.
-*
-* @param path - Route path relative to the controller base path
-* @param config - Optional route configuration
-*/
-const All = createHttpMethodDecorator("all");
-//#endregion
 //#region src/router/decorators/route.decorator.ts
 /**
 * Decorator to add OpenAPI metadata to a controller method using convention-based routing.
@@ -1227,7 +1153,7 @@ let RouteRegistrationService = class RouteRegistrationService {
 				middleware: routerConfig.middleware.map((m) => m.name)
 			});
 			for (const route of expandedRoutes) actions.set(route, () => {
-				if (routerConfig.middleware.length > 0) this.app.use(`${route.path}/*`, createMiddlewareChain(routerConfig.middleware));
+				if (routerConfig.middleware.length > 0) this.app.use(route.path, createMiddlewareChain(routerConfig.middleware));
 				if (effectiveDomain) {
 					const domainHandler = createDomainMiddleware(effectiveDomain);
 					this.app.use(route.path, domainHandler);
@@ -1252,7 +1178,7 @@ let RouteRegistrationService = class RouteRegistrationService {
 				middleware: routerConfig.middleware.map((m) => m.name)
 			});
 			for (const route of expandedRoutes) actions.set(route, () => {
-				if (routerConfig.middleware.length > 0) this.app.use(`${route.path}/*`, createMiddlewareChain(routerConfig.middleware));
+				if (routerConfig.middleware.length > 0) this.app.use(route.path, createMiddlewareChain(routerConfig.middleware));
 				this.registerWildcardRoute(ControllerClass, route.path);
 			});
 			return;
@@ -1273,10 +1199,11 @@ let RouteRegistrationService = class RouteRegistrationService {
 			else if (meta.type === "explicit") hasExplicit = true;
 		}
 		if (hasConvention && hasExplicit) throw new ControllerRegistrationError(ControllerClass.name, "Cannot mix @Route() with HTTP method decorators (@Get, @Post, etc.) in the same controller. Use one pattern or the other.");
-		let scopedMiddlewareApplied = false;
 		const routerHidden = routerConfig.hideFromDocs;
 		const controllerHidden = controllerOpts?.hideFromDocs ?? false;
-		const effectiveNamePrefix = controllerOpts?.name ?? routerConfig.name;
+		const routerName = routerConfig.name;
+		const controllerName = controllerOpts?.name;
+		const effectiveNamePrefix = routerName && controllerName ? `${routerName}${controllerName}` : routerName ?? controllerName;
 		const middlewareNames = routerConfig.middleware.map((m) => m.name);
 		for (const { method: methodName, meta } of methodMetadata) {
 			const resolved = this.resolveMethodAndPath(meta, methodName, basePath, className);
@@ -1306,11 +1233,6 @@ let RouteRegistrationService = class RouteRegistrationService {
 			const responseSchema = httpMethod !== "all" ? this.extractResponseSchema(routeConfig) : null;
 			const handler = this.createControllerHandler(ControllerClass, methodName, responseSchema);
 			for (const route of expandedRoutes) actions.set(route, () => {
-				if (!scopedMiddlewareApplied && routerConfig.middleware.length > 0) {
-					const primaryRoute = expandedRoutes.find((r) => !r.isLocaleVariant) ?? expandedRoutes[0];
-					this.app.use(`${primaryRoute.path}/*`, createMiddlewareChain(routerConfig.middleware));
-					scopedMiddlewareApplied = true;
-				}
 				if (effectiveDomain) {
 					const domainHandler = createDomainMiddleware(effectiveDomain);
 					this.app.use(route.path, domainHandler);
@@ -1329,12 +1251,13 @@ let RouteRegistrationService = class RouteRegistrationService {
 						path: route.path,
 						methodName
 					});
-					if (allGuards.length > 0) this.app.all(route.path, this.createGuardMiddleware(allGuards), handler);
-					else this.app.all(route.path, handler);
+					if (routerConfig.middleware.length > 0) this.app.use(route.path, createMiddlewareChain(routerConfig.middleware));
+					if (allGuards.length > 0) this.app.use(route.path, this.createGuardMiddleware(allGuards));
+					this.app.all(route.path, handler);
 					return;
 				}
 				const metadata = this.mergeMetadata(controllerOpts, routeConfig, ControllerClass, methodName);
-				const openApiRoute = this.buildOpenAPIRoute(httpMethod, route.path, routeConfig, metadata, allGuards, meta.type === "convention" ? methodName : void 0, statusCodeOverride, route.isLocaleVariant ?? false);
+				const openApiRoute = this.buildOpenAPIRoute(httpMethod, route.path, routeConfig, metadata, meta.type === "convention" ? methodName : void 0, statusCodeOverride, route.isLocaleVariant ?? false);
 				this.logger.info(`Registering route`, {
 					controller: className,
 					method: httpMethod.toUpperCase(),
@@ -1343,7 +1266,8 @@ let RouteRegistrationService = class RouteRegistrationService {
 					tags: metadata.tags,
 					hidden: route.hidden
 				});
-				this.app.openapi(openApiRoute, handler);
+				const wrappedHandler = this.wrapHandlerWithChain(handler, routerConfig.middleware, allGuards);
+				this.app.openapi(openApiRoute, wrappedHandler);
 				if (!route.hidden) {
 					const { hide: _, ...specRoute } = openApiRoute;
 					this.app.openAPIRegistry.registerPath({
@@ -1416,6 +1340,31 @@ let RouteRegistrationService = class RouteRegistrationService {
 		};
 	}
 	/**
+	* Wrap a controller handler with a `scopedMiddleware → guards → handler`
+	* chain that runs *inside* the Hono route handler — after request
+	* validators have populated `c.req.valid(...)`. This is the only place
+	* we can run user middleware after `@hono/zod-openapi`'s validators in
+	* the same pipeline.
+	*
+	* Returns a Hono handler with the same signature as the original so
+	* `app.openapi(route, wrapped)` works transparently.
+	*/
+	wrapHandlerWithChain(handler, scopedMiddleware, guards) {
+		if (scopedMiddleware.length === 0 && guards.length === 0) return handler;
+		const scopedChain = scopedMiddleware.length > 0 ? createMiddlewareChain(scopedMiddleware) : null;
+		const guardChain = guards.length > 0 ? this.createGuardMiddleware(guards) : null;
+		return async (c) => {
+			let captured;
+			const runHandler = async () => {
+				captured = await handler(c);
+			};
+			const runGuards = guardChain ? () => guardChain(c, runHandler) : runHandler;
+			const result = await (scopedChain ? () => scopedChain(c, runGuards) : runGuards)();
+			if (result instanceof Response) return result;
+			return captured;
+		};
+	}
+	/**
 	* Register wildcard route for non-RESTful controllers
 	*/
 	registerWildcardRoute(ControllerClass, route) {
@@ -1453,9 +1402,9 @@ let RouteRegistrationService = class RouteRegistrationService {
 	* Join a base path and a route path, normalizing slashes
 	*/
 	joinPaths(basePath, routePath) {
-		if (routePath === "/") return basePath;
-		if (basePath !== "/" && basePath.endsWith("/")) basePath = basePath.slice(0, -1);
-		if (routePath && !routePath.startsWith("/")) routePath = "/" + routePath;
+		if (basePath.endsWith("/")) basePath = basePath.slice(0, -1);
+		if (routePath === "/" || routePath === "") return basePath || "/";
+		if (!routePath.startsWith("/")) routePath = "/" + routePath;
 		return basePath + routePath;
 	}
 	/**
@@ -1492,12 +1441,13 @@ let RouteRegistrationService = class RouteRegistrationService {
 	}
 	/**
 	* Build OpenAPI route configuration from metadata
-	* Creates a route definition compatible with @hono/zod-openapi
-	* Includes guard execution for proper access control
+	* Creates a route definition compatible with @hono/zod-openapi.
 	*
-	* Execution order: Global middlewares → Guards → Handler
+	* Scoped middleware and guards are NOT attached to `route.middleware`
+	* here — they're composed into a wrapped handler in `collectRoutes` so
+	* they run after Hono's request validators. See `wrapHandlerWithChain`.
 	*/
-	buildOpenAPIRoute(method, path, routeConfig, metadata, guards, methodName, statusCodeOverride, hasLocaleParam = false) {
+	buildOpenAPIRoute(method, path, routeConfig, metadata, methodName, statusCodeOverride, hasLocaleParam = false) {
 		try {
 			const route = {
 				method,
@@ -1506,7 +1456,6 @@ let RouteRegistrationService = class RouteRegistrationService {
 				responses: {},
 				hide: true
 			};
-			if (guards.length > 0) route.middleware = [this.createGuardMiddleware(guards)];
 			if (routeConfig.body) {
 				const bodySchema = this.isRouteBodyObject(routeConfig.body) ? routeConfig.body.schema : routeConfig.body;
 				const bodyContentType = this.isRouteBodyObject(routeConfig.body) ? routeConfig.body.contentType ?? "application/json" : DEFAULT_CONTENT_TYPE;
@@ -1972,77 +1921,6 @@ RouteRegistry = __decorate([
 	__decorateMetadata("design:paramtypes", [Object, Object])
 ], RouteRegistry);
 //#endregion
-//#region src/router/signed-url.ts
-/**
-* Import a signing key for HMAC-SHA256.
-*/
-async function importKey(secret) {
-	const encoder = new TextEncoder();
-	return crypto.subtle.importKey("raw", encoder.encode(secret), {
-		name: "HMAC",
-		hash: "SHA-256"
-	}, false, ["sign", "verify"]);
-}
-/**
-* Encode an ArrayBuffer as base64url (URL-safe base64).
-*/
-function toBase64Url(buffer) {
-	const bytes = new Uint8Array(buffer);
-	let binary = "";
-	for (const byte of bytes) binary += String.fromCharCode(byte);
-	return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-}
-/**
-* Sign a URL with HMAC-SHA256.
-*
-* Appends `signature` and optionally `expires` query parameters.
-* The signature covers the pathname + search (excluding the signature params themselves).
-*
-* @param url - Full URL or path to sign
-* @param secret - HMAC secret key (e.g., from env.APP_SECRET)
-* @param options - Optional expiration
-* @returns URL string with `signature` (and `expires`) query params appended
-*/
-async function signUrl(url, secret, options) {
-	const parsedUrl = new URL(url, "https://placeholder.local");
-	const key = await importKey(secret);
-	if (options?.expiresIn) {
-		const expires = Math.floor(Date.now() / 1e3) + options.expiresIn;
-		parsedUrl.searchParams.set("expires", String(expires));
-	}
-	const dataToSign = `${parsedUrl.pathname}?${parsedUrl.searchParams.toString()}`;
-	const encoder = new TextEncoder();
-	const signature = toBase64Url(await crypto.subtle.sign("HMAC", key, encoder.encode(dataToSign)));
-	parsedUrl.searchParams.set("signature", signature);
-	return url.startsWith("http") ? parsedUrl.toString() : `${parsedUrl.pathname}?${parsedUrl.searchParams.toString()}`;
-}
-/**
-* Verify a signed URL using `crypto.subtle.verify()` (timing-attack-safe).
-*
-* @param url - Full URL or path with signature query param
-* @param secret - HMAC secret key (same key used for signing)
-* @returns true if signature is valid and not expired
-*/
-async function verifySignedUrl(url, secret) {
-	const parsedUrl = new URL(url, "https://placeholder.local");
-	const signature = parsedUrl.searchParams.get("signature");
-	if (!signature) return false;
-	const expires = parsedUrl.searchParams.get("expires");
-	if (expires) {
-		const expiryTime = parseInt(expires, 10);
-		if (isNaN(expiryTime) || Math.floor(Date.now() / 1e3) > expiryTime) return false;
-	}
-	parsedUrl.searchParams.delete("signature");
-	const dataToVerify = `${parsedUrl.pathname}?${parsedUrl.searchParams.toString()}`;
-	const base64 = signature.replace(/-/g, "+").replace(/_/g, "/");
-	const binaryStr = atob(base64);
-	const signatureBytes = new Uint8Array(binaryStr.length);
-	for (let i = 0; i < binaryStr.length; i++) signatureBytes[i] = binaryStr.charCodeAt(i);
-	const key = await importKey(secret);
-	const encoder = new TextEncoder();
-	return crypto.subtle.verify("HMAC", key, signatureBytes, encoder.encode(dataToVerify));
-}
-//#endregion
 //#region src/router/uri.ts
 /**
 * Build a URL from a registered route, filling path/domain params and appending extras as query string.
@@ -2457,6 +2335,6 @@ I18nModule = _I18nModule = __decorate([Module({ providers: [
 	}
 ] })], I18nModule);
 //#endregion
-export { Delete as A, MessageRegistry as B, successMessageSchema as C, getRouteDecoratedMethods as D, Route as E, createMiddlewareChain as F, buildDetectorOptions as G, getLocales as H, createDomainMiddleware as I, LocaleNotSupportedError as J, resolveI18nOptions as K, parseDomainPattern as L, Patch as M, Post as N, getRouteMetadata as O, Put as P, OpenAPIModule as R, paginationQuerySchema as S, validationErrorResponseSchema as T, getMessages as U, MessageLoaderService as V, messages as W, I18nContextMiddleware as X, OpenAPIConfigService as Y, sortRoutesBySpecificity as _, buildRouteUrl as a, errorResponseSchema as b, RouteRegistry as c, HonoApp as d, RouteRegistrationService as f, getPathSpecificityScore as g, generateConventionRouteName as h, Uri as i, Get as j, All as k, VersioningService as l, extractParamNames as m, VerifySignatureMiddleware as n, signUrl as o, extractDomainParamNames as p, TranslationMissingError as q, route as r, verifySignedUrl as s, I18nModule as t, LocalePathService as u, toOpenAPIPath as v, uuidParamSchema as w, paginatedResponseSchema as x, commonErrorSchemas as y, OpenAPIService as z };
+export { OpenAPIModule as A, LocaleNotSupportedError as B, validationErrorResponseSchema as C, createMiddlewareChain as D, getRouteMetadata as E, getMessages as F, I18nContextMiddleware as H, messages as I, buildDetectorOptions as L, MessageRegistry as M, MessageLoaderService as N, createDomainMiddleware as O, getLocales as P, resolveI18nOptions as R, uuidParamSchema as S, getRouteDecoratedMethods as T, OpenAPIConfigService as V, commonErrorSchemas as _, buildRouteUrl as a, paginationQuerySchema as b, LocalePathService as c, extractDomainParamNames as d, extractParamNames as f, toOpenAPIPath as g, sortRoutesBySpecificity as h, Uri as i, OpenAPIService as j, parseDomainPattern as k, HonoApp as l, getPathSpecificityScore as m, VerifySignatureMiddleware as n, RouteRegistry as o, generateConventionRouteName as p, route as r, VersioningService as s, I18nModule as t, RouteRegistrationService as u, errorResponseSchema as v, Route as w, successMessageSchema as x, paginatedResponseSchema as y, TranslationMissingError as z };
 
-//# sourceMappingURL=i18n.module-BpLLLCTg.mjs.map
+//# sourceMappingURL=i18n.module-CI_prYFD.mjs.map