tezx 3.0.9-beta → 3.0.11-beta

package/cjs/core/server.js

@@ -1,11 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.TezX = void 0;
-const colors_js_1 = require("../utils/colors.js");
 const response_js_1 = require("../utils/response.js");
 const url_js_1 = require("../utils/url.js");
 const config_js_1 = require("./config.js");
 const context_js_1 = require("./context.js");
+const error_js_1 = require("./error.js");
 const router_js_1 = require("./router.js");
 class TezX extends router_js_1.Router {
     #pathResolver;
@@ -27,88 +27,70 @@ class TezX extends router_js_1.Router {
         this.#errorHandler = callback;
         return this;
     }
-    async #resolvePath(pathname) {
-        let resolvePath = pathname;
-        if (this.#pathResolver) {
-            resolvePath = await this.#pathResolver(pathname);
-            config_js_1.GlobalConfig.debugging.warn(`${(0, colors_js_1.colorText)(" PATH RESOLVE ", "white")} ${(0, colors_js_1.colorText)(pathname, "red")} ➞ ${(0, colors_js_1.colorText)(resolvePath, "cyan")}`);
-        }
-        if (typeof resolvePath !== "string") {
-            throw new Error(`Path resolution failed: expected a string, got ${typeof resolvePath}`);
-        }
-        return resolvePath;
-    }
-    #chain(middlewares) {
-        if (!Array.isArray(middlewares)) {
-            throw new TypeError("Middleware stack must be an array!");
-        }
-        const len = middlewares.length;
-        return async function (ctx) {
-            let index = -1;
-            async function dispatch(i) {
-                if (i <= index) {
-                    throw new Error("next() called multiple times");
-                }
-                index = i;
-                if (i >= len)
-                    return;
+    async #chain(ctx, mLen, middlewares, hLen, handlers) {
+        let index = -1;
+        let res;
+        async function dispatch(i) {
+            if (i <= index)
+                throw new Error("next() called multiple times");
+            index = i;
+            if (i < mLen) {
                 const fn = middlewares[i];
-                if (typeof fn !== "function") {
-                    throw new TypeError(`Middleware at index ${i} must be a function`);
+                if (typeof fn !== "function")
+                    throw new TypeError(`Middleware[${i}] must be a function`);
+                res = (await fn(ctx, () => dispatch(i + 1)));
+                if (res !== undefined) {
+                    ctx.res = res;
                 }
-                const result = await fn(ctx, () => dispatch(i + 1));
-                if (result instanceof Response) {
-                    ctx.res = result;
+                return ctx.res;
+            }
+            const hi = i - mLen;
+            if (hi < hLen) {
+                const fn = handlers[hi];
+                if (typeof fn !== "function")
+                    throw new TypeError(`Handler[${hi}] must be a function`);
+                res = (await fn(ctx, () => dispatch(i + 1)));
+                if (res !== undefined) {
+                    ctx.res = res;
                 }
                 return ctx.res;
             }
-            await dispatch(0);
-            return ctx.res;
-        };
+        }
+        await dispatch(0);
+        return (ctx.res ??
+            (ctx.body !== undefined ? ctx.send(ctx.body) : this.#notFound(ctx)));
     }
     async #handleRequest(req, method, args) {
-        if (!(req instanceof Request)) {
+        if (!(req instanceof Request))
             throw new Error("Invalid request object provided to tezX server.");
-        }
-        const pathname = await this.#resolvePath((0, url_js_1.getPathname)(req.url));
-        let ctx = new context_js_1.Context(req, {
-            pathname,
-            method,
-            env: this.env,
-            args,
-        });
+        const rawPath = (0, url_js_1.getPathname)(req.url);
+        const pathname = this.#pathResolver
+            ? await this.#pathResolver(rawPath)
+            : rawPath;
+        const ctx = new context_js_1.Context(req, pathname, method, this.env, args);
         try {
             const staticHandler = this.staticFile?.[`${method} ${pathname}`];
             if (staticHandler) {
                 return staticHandler(ctx);
             }
             const route = this.router.search(method, pathname);
-            if (!route || (route.handlers.length === 0 && route.middlewares.length === 0)) {
+            const mLen = route?.middlewares?.length;
+            const hLen = route?.handlers?.length;
+            if (!route || (hLen === 0 && mLen === 0)) {
                 return this.#notFound(ctx);
             }
             ctx.params = route.params;
-            if (route.handlers.length === 1 && route.middlewares.length === 0) {
-                const result = await route.handlers[0](ctx);
-                if (result)
-                    return result;
-                if (ctx.body !== undefined)
-                    return ctx.send(ctx.body);
-                return this.#notFound(ctx);
-            }
-            let res = await this.#chain([
-                ...route.middlewares,
-                ...route.handlers,
-            ])(ctx);
-            if (!res && ctx.body !== undefined) {
-                res = ctx.send(ctx.body);
+            if (hLen === 1 && mLen === 0) {
+                return ((await route.handlers[0](ctx)) ??
+                    (ctx.body !== undefined ? ctx.send(ctx.body) : this.#notFound(ctx)));
             }
-            if (!res) {
-                return this.#notFound(ctx);
-            }
-            return res;
+            return await this.#chain(ctx, mLen, route.middlewares, hLen, route.handlers);
         }
         catch (err) {
-            return this.#errorHandler(err, ctx);
+            if (!(err instanceof error_js_1.TezXError)) {
+                return this.#errorHandler?.(error_js_1.TezXError.internal(err?.message, err?.stack), ctx);
+            }
+            return this.#errorHandler?.(err, ctx);
         }
     }
     async serve(req, ...args) {

package/cjs/index.js

@@ -1,13 +1,16 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.version = exports.TezX = exports.Router = void 0;
+exports.version = exports.TezXError = exports.TezX = exports.Router = void 0;
+const error_js_1 = require("./core/error.js");
+Object.defineProperty(exports, "TezXError", { enumerable: true, get: function () { return error_js_1.TezXError; } });
 const router_js_1 = require("./core/router.js");
 Object.defineProperty(exports, "Router", { enumerable: true, get: function () { return router_js_1.Router; } });
 const server_js_1 = require("./core/server.js");
 Object.defineProperty(exports, "TezX", { enumerable: true, get: function () { return server_js_1.TezX; } });
-exports.version = "3.0.9-beta";
+exports.version = "3.0.11-beta";
 exports.default = {
     Router: router_js_1.Router,
     TezX: server_js_1.TezX,
     version: exports.version,
+    TezXError: error_js_1.TezXError,
 };

package/cjs/middleware/basic-auth.js

@@ -1,73 +1,47 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.default = exports.basicAuth = void 0;
+exports.basicAuth = void 0;
 const node_buffer_1 = require("node:buffer");
-const config_js_1 = require("../core/config.js");
-const colors_js_1 = require("../utils/colors.js");
-const rateLimit_js_1 = require("../utils/rateLimit.js");
 const basicAuth = (options) => {
-    const { validateCredentials, getRealm = () => "Restricted Area", onUnauthorized = (ctx, error) => {
-        const realm = getRealm(ctx);
+    const { validate, realm = "Restricted Area", onUnauthorized = (ctx, error) => {
         ctx.setStatus = 401;
         ctx.setHeader("WWW-Authenticate", `Basic realm="${realm}"`);
-        ctx.body = { error: error?.message };
-    }, rateLimit, supportedMethods = ["basic", "api-key", "bearer-token"], checkAccess, } = options;
-    let storage = rateLimit?.storage;
-    if (rateLimit && !rateLimit.storage) {
-        storage = (0, rateLimit_js_1.createRateLimitDefaultStorage)();
-    }
-    return async function basicAuth(ctx, next) {
-        let authMethod;
-        let credentials = {};
+        return ctx.json({ error: error?.message || "Unauthorized" });
+    }, } = options;
+    return async (ctx, next) => {
         const auth = ctx.req.header("authorization");
-        if (auth) {
-            if (auth.startsWith("Basic ")) {
-                authMethod = "basic";
-                const base64Credentials = auth.split(" ")[1];
-                const decoded = node_buffer_1.Buffer.from(base64Credentials, "base64").toString("utf-8");
-                const [username, password] = decoded.split(":");
-                credentials = { username, password };
-            }
-            else if (auth.startsWith("Bearer ")) {
-                authMethod = "bearer-token";
-                credentials = { token: auth.split(" ")[1] };
-            }
+        if (!auth || !auth.startsWith("Basic ")) {
+            return onUnauthorized(ctx, new Error("Basic authentication required"));
         }
-        else if (ctx.header("x-api-key")) {
-            authMethod = "api-key";
-            credentials = { apiKey: ctx.header("x-api-key") };
+        const base64 = auth.slice(6).trim();
+        if (!base64) {
+            return onUnauthorized(ctx, new Error("Empty credentials"));
         }
-        if (!authMethod || !supportedMethods.includes(authMethod)) {
-            config_js_1.GlobalConfig.debugging.error(`${(0, colors_js_1.colorText)("[AUTH]", "bgRed")} Unsupported or missing authentication method.`);
-            return onUnauthorized(ctx, new Error("Unsupported authentication method"));
+        let username, password;
+        try {
+            const decoded = node_buffer_1.Buffer.from(base64, "base64").toString("utf-8");
+            const idx = decoded.indexOf(":");
+            if (idx === -1)
+                throw new Error("Missing colon in credentials");
+            username = decoded.slice(0, idx);
+            password = decoded.slice(idx + 1);
         }
-        if (rateLimit) {
-            let key = `${ctx.req.remoteAddress.address}:${ctx.req.remoteAddress.port}`;
-            const { check, entry } = (0, rateLimit_js_1.isRateLimit)(ctx, key, storage, rateLimit.maxRequests, rateLimit.windowMs);
-            if (check) {
-                const retryAfter = Math.ceil((entry.resetTime - Date.now()) / 1000);
-                ctx.setHeader("Retry-After", retryAfter.toString());
-                return onUnauthorized(ctx, new Error(`Rate limit exceeded. Retry after ${retryAfter} seconds.`));
-            }
+        catch (err) {
+            return onUnauthorized(ctx, new Error("Invalid Basic auth format"));
         }
         try {
-            const isValid = await validateCredentials(authMethod, credentials, ctx);
-            if (!isValid) {
-                throw new Error("Invalid credentials.");
-            }
-            if (checkAccess) {
-                const hasAccess = await checkAccess(ctx, credentials);
-                if (!hasAccess) {
-                    return onUnauthorized(ctx, new Error("Access denied."));
-                }
+            const valid = await validate(username, password, ctx);
+            if (!valid) {
+                return onUnauthorized(ctx, new Error("Invalid username or password"));
             }
-            return await next();
+            ctx.user = { username };
+            await next();
         }
-        catch (error) {
-            config_js_1.GlobalConfig.debugging.error(`${(0, colors_js_1.colorText)("[AUTH]", "bgRed")} Failure for method: ${ctx.method}`);
+        catch (err) {
+            const error = err instanceof Error ? err : new Error(String(err));
             return onUnauthorized(ctx, error);
         }
     };
 };
 exports.basicAuth = basicAuth;
-exports.default = basicAuth;
+exports.default = exports.basicAuth;

package/cjs/middleware/bearer-auth.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.bearerAuth = void 0;
+const bearerAuth = (options) => {
+    const { validate, realm = "API", onUnauthorized = (ctx, error) => {
+        ctx.setStatus = 401;
+        ctx.setHeader("WWW-Authenticate", `Bearer realm="${realm}"`);
+        return ctx.json({ error: error?.message || "Unauthorized" });
+    }, } = options;
+    return async (ctx, next) => {
+        const auth = ctx.req.header("authorization");
+        if (!auth || !auth.startsWith("Bearer ")) {
+            return onUnauthorized(ctx, new Error("Bearer token required"));
+        }
+        const token = auth.slice(7).trim();
+        if (!token) {
+            return onUnauthorized(ctx, new Error("Empty token"));
+        }
+        try {
+            const valid = await validate(token, ctx);
+            if (!valid) {
+                return onUnauthorized(ctx, new Error("Invalid or expired token"));
+            }
+            ctx.token = token;
+            await next();
+        }
+        catch (err) {
+            const error = err instanceof Error ? err : new Error(String(err));
+            return onUnauthorized(ctx, error);
+        }
+    };
+};
+exports.bearerAuth = bearerAuth;
+exports.default = exports.bearerAuth;

package/cjs/middleware/cors.js

@@ -3,47 +3,37 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.cors = cors;
 exports.default = cors;
 function cors(option = {}) {
-    const { methods, allowedHeaders, credentials, exposedHeaders, maxAge, origin, } = option;
+    const { credentials, maxAge, origin, } = option;
+    let methods = (option.methods || ["GET", "POST", "PUT", "DELETE"]).join(", ");
+    let allowedHeaders = (option.allowedHeaders || ["Content-Type", "Authorization"]).join(", ");
+    let exposedHeaders = option?.exposedHeaders?.join(", ");
     return async function cors(ctx, next) {
         const reqOrigin = ctx.req.header("origin") || "";
         let allowOrigin = "*";
         if (typeof origin === "string") {
             allowOrigin = origin;
         }
-        else if (origin instanceof RegExp) {
-            allowOrigin = origin.test(reqOrigin) ? reqOrigin : "";
-        }
         else if (Array.isArray(origin)) {
-            const isAllowed = origin.some((item) => {
-                if (typeof item === "string") {
-                    return item === reqOrigin;
-                }
-                else if (item instanceof RegExp) {
-                    return item.test(reqOrigin);
-                }
-            });
-            allowOrigin = isAllowed ? reqOrigin : "";
+            allowOrigin = origin.includes(reqOrigin) ? reqOrigin : "";
         }
         else if (typeof origin === "function") {
             allowOrigin = origin(reqOrigin) ? reqOrigin : "";
         }
-        ctx.setHeader("Access-Control-Allow-Origin", allowOrigin);
-        ctx.setHeader("Access-Control-Allow-Methods", (methods || ["GET", "POST", "PUT", "DELETE"]).join(", "));
-        ctx.setHeader("Access-Control-Allow-Headers", (allowedHeaders || ["Content-Type", "Authorization"]).join(", "));
+        ctx.headers.set("Access-Control-Allow-Origin", allowOrigin);
+        ctx.headers.set("Access-Control-Allow-Methods", methods);
+        ctx.headers.set("Access-Control-Allow-Headers", allowedHeaders);
         if (exposedHeaders) {
-            ctx.setHeader("Access-Control-Expose-Headers", exposedHeaders.join(", "));
+            ctx.headers.set("Access-Control-Expose-Headers", exposedHeaders);
         }
         if (credentials) {
-            ctx.setHeader("Access-Control-Allow-Credentials", "true");
+            ctx.headers.set("Access-Control-Allow-Credentials", "true");
         }
         if (maxAge) {
-            ctx.setHeader("Access-Control-Max-Age", maxAge.toString());
+            ctx.headers.set("Access-Control-Max-Age", maxAge.toString());
         }
-        if (ctx.req.method === "OPTIONS") {
-            return new Response(null, {
-                status: 204,
-                headers: ctx.header(),
-            });
+        if (ctx.method === "OPTIONS") {
+            ctx.setStatus = 204;
+            return;
         }
         return await next();
     };

package/cjs/middleware/index.js

@@ -0,0 +1,25 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./basic-auth.js"), exports);
+__exportStar(require("./bearer-auth.js"), exports);
+__exportStar(require("./cors.js"), exports);
+__exportStar(require("./logger.js"), exports);
+__exportStar(require("./pagination.js"), exports);
+__exportStar(require("./powered-by.js"), exports);
+__exportStar(require("./request-id.js"), exports);
+__exportStar(require("./sanitize-headers.js"), exports);
+__exportStar(require("./xss-protection.js"), exports);

package/cjs/middleware/logger.js

@@ -3,15 +3,18 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.logger = logger;
 exports.default = logger;
 const colors_js_1 = require("../utils/colors.js");
-function logger() {
+function logger(options = { enabled: true }) {
     return async function logger(ctx, next) {
         try {
+            if (!options?.enabled) {
+                return next();
+            }
             console.log(`${(0, colors_js_1.colorText)("<--", "bold")} ${(0, colors_js_1.colorText)(ctx.method, "bgMagenta")} ${ctx.pathname}`);
             const startTime = performance.now();
-            let n = await next();
+            let n = (await next());
             const elapsed = performance.now() - startTime;
             console.log(`${(0, colors_js_1.colorText)("-->", "bold")} ${(0, colors_js_1.colorText)(ctx.method, "bgBlue")} ${ctx.pathname} ` +
-                `${(0, colors_js_1.colorText)(ctx.getStatus, "yellow")} ${(0, colors_js_1.colorText)(`${elapsed.toFixed(2)}ms`, "magenta")}`);
+                `${(0, colors_js_1.colorText)(n ? ctx.getStatus : 404, "yellow")} ${(0, colors_js_1.colorText)(`${elapsed.toFixed(2)}ms`, "magenta")}`);
             return n;
         }
         catch (err) {

package/cjs/middleware/pagination.js

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.default = exports.paginationHandler = void 0;
 const paginationHandler = (options = {}) => {
-    const { defaultPage = 1, defaultLimit = 10, maxLimit = 100, queryKeyPage = "page", queryKeyLimit = "limit", countKey = "total", dataKey = "data", getDataSource, } = options;
+    let { defaultPage = 1, defaultLimit = 10, maxLimit = 100, queryKeyPage = "page", queryKeyLimit = "limit", countKey = "total", dataKey = "data", getDataSource, } = options;
     return async function paginationHandler(ctx, next) {
         const rawPage = ctx.req.query[queryKeyPage];
         const rawLimit = ctx.req.query[queryKeyLimit];

package/cjs/middleware/powered-by.js

@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.default = exports.poweredBy = void 0;
 const poweredBy = (serverName) => {
     return function poweredBy(ctx, next) {
-        ctx.setHeader("x-powered-by", serverName || "TezX");
+        ctx.headers.set("x-powered-by", serverName || "TezX");
         return next();
     };
 };

package/cjs/middleware/rate-limiter.js

@@ -1,23 +1,36 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.default = exports.rateLimiter = void 0;
+const error_js_1 = require("../core/error.js");
 const rateLimit_js_1 = require("../utils/rateLimit.js");
 const rateLimiter = (options) => {
-    const { maxRequests, windowMs, keyGenerator = (ctx) => `${ctx.req.remoteAddress.address}:${ctx.req.remoteAddress.port}`, storage = (0, rateLimit_js_1.createRateLimitDefaultStorage)(), onError = (ctx, retryAfter, error) => {
+    const { maxRequests, windowMs, keyGenerator = (ctx) => {
+        const xForwardedFor = ctx.req.header("x-forwarded-for");
+        if (xForwardedFor) {
+            const ip = xForwardedFor.split(",")[0].trim();
+            return ip;
+        }
+        const clientIp = ctx.req.header("client-ip");
+        if (clientIp)
+            return clientIp;
+        const addr = ctx.req.remoteAddress?.address || "unknown";
+        const port = ctx.req.remoteAddress?.port || "0";
+        return `${addr}:${port}`;
+    }, storage = (0, rateLimit_js_1.createRateLimitDefaultStorage)(), onError = (ctx, retryAfter, error) => {
         ctx.setStatus = 429;
-        throw new Error(`Rate limit exceeded. Try again in ${retryAfter} seconds.`);
+        throw new error_js_1.TezXError(`Rate limit exceeded. Try again in ${retryAfter} seconds.`, 429);
     }, } = options;
     return async function rateLimiter(ctx, next) {
         const key = keyGenerator(ctx);
-        const { check, entry } = (0, rateLimit_js_1.isRateLimit)(ctx, key, storage, maxRequests, windowMs);
+        const { check, entry } = (0, rateLimit_js_1.isRateLimit)(key, storage, maxRequests, windowMs);
         if (check) {
             const retryAfter = Math.ceil((entry.resetTime - Date.now()) / 1000);
-            ctx.setHeader("Retry-After", retryAfter.toString());
+            ctx.headers.set("Retry-After", retryAfter.toString());
             return onError(ctx, retryAfter, new Error(`Rate limit exceeded. Retry after ${retryAfter} seconds.`));
         }
-        ctx.setHeader("X-RateLimit-Limit", maxRequests.toString());
-        ctx.setHeader("X-RateLimit-Remaining", (maxRequests - entry.count).toString());
-        ctx.setHeader("X-RateLimit-Reset", entry.resetTime.toString());
+        ctx.headers.set("X-RateLimit-Limit", maxRequests.toString());
+        ctx.headers.set("X-RateLimit-Remaining", (maxRequests - entry.count).toString());
+        ctx.headers.set("X-RateLimit-Reset", entry.resetTime.toString());
         return await next();
     };
 };

package/cjs/middleware/request-id.js

@@ -1,17 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.default = exports.requestID = void 0;
+exports.requestID = exports.default = void 0;
 const index_js_1 = require("../helper/index.js");
 const requestID = (headerName = "X-Request-ID", contextKey = "requestID") => {
     return function requestID(ctx, next) {
-        let requestId = ctx.header(headerName);
-        if (!requestId) {
-            requestId = `req-${(0, index_js_1.generateUUID)()}`;
-        }
+        let requestId = ctx.headers.get(headerName) ?? `req-${(0, index_js_1.generateUUID)()}`;
         ctx[contextKey] = requestId;
-        ctx.setHeader(headerName, requestId);
+        ctx.headers.set(headerName, requestId);
         return next();
     };
 };
-exports.requestID = requestID;
 exports.default = requestID;
+exports.requestID = requestID;

package/cjs/middleware/sanitize-headers.js

@@ -1,54 +1,22 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.sanitizeHeaders = exports.default = void 0;
-const config_js_1 = require("../core/config.js");
 const sanitizeHeaders = (options = {}) => {
-    const { whitelist = [], blacklist = [], allowUnsafeCharacters = false, } = options;
+    const { whitelist = [], blacklist = [], } = options;
     const normalizedWhitelist = whitelist.map((h) => h.toLowerCase());
     const normalizedBlacklist = blacklist.map((h) => h.toLowerCase());
+    let lWhite = normalizedWhitelist.length;
     return async function sanitizeHeaders(ctx, next) {
-        const sanitizedHeaders = {};
-        for (const key in ctx.header()) {
-            let value = ctx.header(key);
-            const normalizedKey = key.toLowerCase();
-            if (normalizedWhitelist.length > 0 &&
-                !normalizedWhitelist.includes(normalizedKey)) {
-                config_js_1.GlobalConfig.debugging.warn(`🚫 Header "${key}" not in whitelist - removed`);
-                continue;
+        await next();
+        for (const key of ctx.headers.keys()) {
+            if (lWhite > 0 && !normalizedWhitelist.includes(key)) {
+                ctx.headers.delete(key);
             }
-            if (normalizedBlacklist.includes(normalizedKey)) {
-                config_js_1.GlobalConfig.debugging.warn(`🚫 Header "${key}" in blacklist - removed`);
-                continue;
+            if (normalizedBlacklist.includes(key)) {
+                ctx.headers.delete(key);
             }
-            if (!isValidHeaderName(normalizedKey)) {
-                config_js_1.GlobalConfig.debugging.warn(`⚠️ Invalid header name: "${normalizedKey}" - removed`);
-                continue;
-            }
-            const sanitizedValue = sanitizeHeaderValue(value, allowUnsafeCharacters);
-            if (!sanitizedValue) {
-                config_js_1.GlobalConfig.debugging.warn(`⚠️ Header "${key}" has invalid/empty value - removed`);
-                continue;
-            }
-            sanitizedHeaders[normalizedKey] = sanitizedValue;
-        }
-        for (const k in sanitizedHeaders) {
-            let v = sanitizedHeaders[k];
-            ctx.setHeader(k, v);
         }
-        ctx.clearHeader = sanitizedHeaders;
-        return await next();
     };
 };
 exports.default = sanitizeHeaders;
 exports.sanitizeHeaders = sanitizeHeaders;
-const isValidHeaderName = (name) => {
-    const HEADER_NAME_REGEX = /^[a-zA-Z0-9\-_]+$/;
-    return HEADER_NAME_REGEX.test(name);
-};
-const sanitizeHeaderValue = (value, allowUnsafeCharacters) => {
-    let sanitized = value.trim();
-    if (!allowUnsafeCharacters) {
-        sanitized = sanitized.replace(/[\x00-\x1F\x7F]/g, "");
-    }
-    return sanitized;
-};

package/cjs/middleware/xss-protection.js

@@ -1,27 +1,23 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.default = exports.xssProtection = void 0;
-const config_js_1 = require("../core/config.js");
+exports.xssProtection = exports.default = void 0;
 const xssProtection = (options = {}) => {
     const { enabled = true, mode = "block", fallbackCSP = "default-src 'self'; script-src 'self';", } = options;
     return async function xssProtection(ctx, next) {
         const isEnabled = typeof enabled === "function" ? enabled(ctx) : enabled;
         if (!isEnabled) {
-            config_js_1.GlobalConfig.debugging.warn("🟠 XSS protection is disabled.");
             return await next();
         }
         const xssHeaderValue = mode === "block" ? "1; mode=block" : "1";
         ctx.setHeader("X-XSS-Protection", xssHeaderValue);
-        config_js_1.GlobalConfig.debugging.warn(`🟢 X-XSS-Protection set to: ${xssHeaderValue}`);
         if (fallbackCSP) {
             const existingCSP = ctx.req.header("content-security-policy");
             if (!existingCSP) {
                 ctx.setHeader("Content-Security-Policy", fallbackCSP);
-                config_js_1.GlobalConfig.debugging.warn(`🟣 Fallback CSP set to: ${fallbackCSP}`);
             }
         }
         return await next();
     };
 };
-exports.xssProtection = xssProtection;
 exports.default = xssProtection;
+exports.xssProtection = xssProtection;