npm - vafast - Versions diffs - 0.3.2 → 0.3.4 - Mend

vafast 0.3.2 → 0.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (136) hide show

package/dist/auth/token.d.ts +13 -11
package/dist/auth/token.js +118 -111
package/dist/auth/token.js.map +1 -0
package/dist/defineRoute.d.ts +5 -2
package/dist/defineRoute.js +7 -2
package/dist/defineRoute.js.map +1 -0
package/dist/index.d.ts +30 -14
package/dist/index.js +2247 -15
package/dist/index.js.map +1 -0
package/dist/middleware/auth.d.ts +8 -6
package/dist/middleware/auth.js +198 -99
package/dist/middleware/auth.js.map +1 -0
package/dist/middleware/authMiddleware.d.ts +5 -2
package/dist/middleware/authMiddleware.js +55 -11
package/dist/middleware/authMiddleware.js.map +1 -0
package/dist/middleware/component-renderer.d.ts +4 -2
package/dist/middleware/component-renderer.js +87 -80
package/dist/middleware/component-renderer.js.map +1 -0
package/dist/middleware/component-router.d.ts +8 -3
package/dist/middleware/component-router.js +33 -39
package/dist/middleware/component-router.js.map +1 -0
package/dist/middleware/cors.d.ts +6 -3
package/dist/middleware/cors.js +42 -29
package/dist/middleware/cors.js.map +1 -0
package/dist/middleware/rateLimit.d.ts +5 -3
package/dist/middleware/rateLimit.js +45 -29
package/dist/middleware/rateLimit.js.map +1 -0
package/dist/middleware.d.ts +6 -3
package/dist/middleware.js +97 -51
package/dist/middleware.js.map +1 -0
package/dist/monitoring/index.d.ts +11 -4
package/dist/monitoring/index.js +1299 -17
package/dist/monitoring/index.js.map +1 -0
package/dist/monitoring/native-monitor.d.ts +12 -6
package/dist/monitoring/native-monitor.js +1258 -161
package/dist/monitoring/native-monitor.js.map +1 -0
package/dist/monitoring/types.d.ts +8 -6
package/dist/monitoring/types.js +1 -1
package/dist/monitoring/types.js.map +1 -0
package/dist/node-server/index.d.ts +4 -22
package/dist/node-server/index.js +254 -21
package/dist/node-server/index.js.map +1 -0
package/dist/node-server/request.d.ts +6 -2
package/dist/node-server/request.js +102 -134
package/dist/node-server/request.js.map +1 -0
package/dist/node-server/response.d.ts +7 -3
package/dist/node-server/response.js +67 -89
package/dist/node-server/response.js.map +1 -0
package/dist/node-server/serve.d.ts +11 -7
package/dist/node-server/serve.js +231 -82
package/dist/node-server/serve.js.map +1 -0
package/dist/router/index.d.ts +3 -5
package/dist/router/index.js +228 -7
package/dist/router/index.js.map +1 -0
package/dist/router/radix-tree.d.ts +7 -4
package/dist/router/radix-tree.js +186 -218
package/dist/router/radix-tree.js.map +1 -0
package/dist/router.d.ts +7 -3
package/dist/router.js +37 -83
package/dist/router.js.map +1 -0
package/dist/serve.d.ts +2 -12
package/dist/serve.js +237 -11
package/dist/serve.js.map +1 -0
package/dist/server/base-server.d.ts +5 -2
package/dist/server/base-server.js +124 -135
package/dist/server/base-server.js.map +1 -0
package/dist/server/component-server.d.ts +9 -4
package/dist/server/component-server.js +481 -139
package/dist/server/component-server.js.map +1 -0
package/dist/server/index.d.ts +8 -7
package/dist/server/index.js +985 -11
package/dist/server/index.js.map +1 -0
package/dist/server/server-factory.d.ts +11 -5
package/dist/server/server-factory.js +979 -67
package/dist/server/server-factory.js.map +1 -0
package/dist/server/server.d.ts +7 -3
package/dist/server/server.js +553 -112
package/dist/server/server.js.map +1 -0
package/dist/types/component-route.d.ts +8 -4
package/dist/types/component-route.js +1 -1
package/dist/types/component-route.js.map +1 -0
package/dist/types/index.d.ts +5 -5
package/dist/types/index.js +21 -4
package/dist/types/index.js.map +1 -0
package/dist/types/route.d.ts +13 -10
package/dist/types/route.js +10 -9
package/dist/types/route.js.map +1 -0
package/dist/types/schema.d.ts +11 -7
package/dist/types/schema.js +1 -1
package/dist/types/schema.js.map +1 -0
package/dist/types/types.d.ts +11 -9
package/dist/types/types.js +1 -1
package/dist/types/types.js.map +1 -0
package/dist/utils/base64url.d.ts +4 -2
package/dist/utils/base64url.js +12 -9
package/dist/utils/base64url.js.map +1 -0
package/dist/utils/create-handler.d.ts +11 -7
package/dist/utils/create-handler.js +393 -217
package/dist/utils/create-handler.js.map +1 -0
package/dist/utils/dependency-manager.d.ts +3 -1
package/dist/utils/dependency-manager.js +67 -69
package/dist/utils/dependency-manager.js.map +1 -0
package/dist/utils/go-await.d.ts +3 -1
package/dist/utils/go-await.js +8 -22
package/dist/utils/go-await.js.map +1 -0
package/dist/utils/handle.d.ts +6 -4
package/dist/utils/handle.js +44 -25
package/dist/utils/handle.js.map +1 -0
package/dist/utils/html-renderer.d.ts +3 -1
package/dist/utils/html-renderer.js +25 -24
package/dist/utils/html-renderer.js.map +1 -0
package/dist/utils/index.d.ts +13 -13
package/dist/utils/index.js +832 -21
package/dist/utils/index.js.map +1 -0
package/dist/utils/parsers.d.ts +15 -13
package/dist/utils/parsers.js +138 -188
package/dist/utils/parsers.js.map +1 -0
package/dist/utils/path-matcher.d.ts +3 -1
package/dist/utils/path-matcher.js +68 -78
package/dist/utils/path-matcher.js.map +1 -0
package/dist/utils/request-validator.d.ts +13 -10
package/dist/utils/request-validator.js +234 -84
package/dist/utils/request-validator.js.map +1 -0
package/dist/utils/response.d.ts +9 -7
package/dist/utils/response.js +93 -102
package/dist/utils/response.js.map +1 -0
package/dist/utils/validators/schema-validator.d.ts +13 -9
package/dist/utils/validators/schema-validator.js +228 -209
package/dist/utils/validators/schema-validator.js.map +1 -0
package/dist/utils/validators/schema-validators-ultra.d.ts +15 -12
package/dist/utils/validators/schema-validators-ultra.js +233 -256
package/dist/utils/validators/schema-validators-ultra.js.map +1 -0
package/dist/utils/validators/validators.d.ts +15 -12
package/dist/utils/validators/validators.js +81 -122
package/dist/utils/validators/validators.js.map +1 -0
package/package.json +5 -4

package/dist/middleware/auth.js CHANGED Viewed

@@ -1,106 +1,205 @@
+// src/middleware.ts
+var VafastError = class extends Error {
+  status;
+  type;
+  expose;
+  constructor(message, options = {}) {
+    super(message);
+    this.name = "VafastError";
+    this.status = options.status ?? 500;
+    this.type = options.type ?? "internal_error";
+    this.expose = options.expose ?? false;
+    if (options.cause) this.cause = options.cause;
+  }
+};
+// src/utils/parsers.ts
+import qs from "qs";
+import cookie from "cookie";
+function parseCookies(req) {
+  const cookieHeader = req.headers.get("cookie");
+  if (!cookieHeader) return {};
+  try {
+    const parsed = cookie.parse(cookieHeader);
+    const result = {};
+    for (const [key, value] of Object.entries(parsed)) {
+      if (value !== void 0 && value !== null) {
+        result[key] = value;
+      }
+    }
+    return result;
+  } catch {
+    return {};
+  }
+}
+// src/utils/handle.ts
+function getCookie(req, key) {
+  const cookies = parseCookies(req);
+  return cookies[key] || null;
+}
+// src/utils/base64url.ts
+function base64urlEncode(str) {
+  return btoa(str).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+function base64urlDecode(str) {
+  const pad = str.length % 4 === 0 ? "" : "=".repeat(4 - str.length % 4);
+  const base64 = str.replace(/-/g, "+").replace(/_/g, "/") + pad;
+  return atob(base64);
+}
+// src/auth/token.ts
+var TokenError = class extends Error {
+  constructor(message, code) {
+    super(message);
+    this.code = code;
+    this.name = "TokenError";
+  }
+};
+var encoder = new TextEncoder();
+async function sign(data, secret) {
+  const key = await crypto.subtle.importKey(
+    "raw",
+    encoder.encode(secret),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"]
+  );
+  const signature = await crypto.subtle.sign("HMAC", key, encoder.encode(data));
+  return btoa(
+    String.fromCharCode.apply(null, Array.from(new Uint8Array(signature)))
+  );
+}
+async function verifyToken(token, secret) {
+  try {
+    const [data, sig] = token.split(".");
+    if (!data || !sig) {
+      throw new TokenError("\u4EE4\u724C\u683C\u5F0F\u65E0\u6548", "MALFORMED_TOKEN");
+    }
+    const expectedSig = await sign(data, secret);
+    const expected = base64urlEncode(expectedSig);
+    if (sig !== expected) {
+      throw new TokenError("\u4EE4\u724C\u7B7E\u540D\u65E0\u6548", "INVALID_SIGNATURE");
+    }
+    const payload = JSON.parse(base64urlDecode(data));
+    if (payload.exp && Date.now() / 1e3 > payload.exp) {
+      throw new TokenError("\u4EE4\u724C\u5DF2\u8FC7\u671F", "EXPIRED_TOKEN");
+    }
+    return payload;
+  } catch (error) {
+    if (error instanceof TokenError) {
+      throw error;
+    }
+    throw new TokenError("\u4EE4\u724C\u9A8C\u8BC1\u5931\u8D25", "INVALID_TOKEN");
+  }
+}
 // src/middleware/auth.ts
-import { VafastError } from "../middleware";
-import { getCookie } from "../utils/handle";
-import { verifyToken, TokenError } from "../auth/token";
-export function createAuth(options) {
-    const { secret, cookieName = "auth", headerName = "authorization", required = true, roles = [], permissions = [], } = options;
-    return async (req, next) => {
-        const token = getCookie(req, cookieName) ||
-            req.headers.get(headerName)?.replace("Bearer ", "") ||
-            "";
-        if (!token && required) {
-            throw new VafastError("缺少认证令牌", {
-                status: 401,
-                type: "unauthorized",
-                expose: true,
-            });
-        }
-        if (!token && !required) {
-            return next();
-        }
-        try {
-            const user = (await verifyToken(token, secret));
-            if (!user) {
-                throw new VafastError("令牌验证失败", {
-                    status: 401,
-                    type: "unauthorized",
-                    expose: true,
-                });
-            }
-            // 检查角色权限
-            if (roles.length > 0 && user.role && !roles.includes(user.role)) {
-                throw new VafastError("权限不足", {
-                    status: 403,
-                    type: "forbidden",
-                    expose: true,
-                });
-            }
-            // 检查具体权限
-            if (permissions.length > 0 && user.permissions) {
-                const userPermissions = Array.isArray(user.permissions)
-                    ? user.permissions
-                    : [user.permissions];
-                const hasPermission = permissions.some((permission) => userPermissions.includes(permission));
-                if (!hasPermission) {
-                    throw new VafastError("权限不足", {
-                        status: 403,
-                        type: "forbidden",
-                        expose: true,
-                    });
-                }
-            }
-            // 🪄 在这里扩展 Request 对象
-            req.user = user;
-            req.token = token;
-            return next();
+function createAuth(options) {
+  const {
+    secret,
+    cookieName = "auth",
+    headerName = "authorization",
+    required = true,
+    roles = [],
+    permissions = []
+  } = options;
+  return async (req, next) => {
+    const token = getCookie(req, cookieName) || req.headers.get(headerName)?.replace("Bearer ", "") || "";
+    if (!token && required) {
+      throw new VafastError("\u7F3A\u5C11\u8BA4\u8BC1\u4EE4\u724C", {
+        status: 401,
+        type: "unauthorized",
+        expose: true
+      });
+    }
+    if (!token && !required) {
+      return next();
+    }
+    try {
+      const user = await verifyToken(token, secret);
+      if (!user) {
+        throw new VafastError("\u4EE4\u724C\u9A8C\u8BC1\u5931\u8D25", {
+          status: 401,
+          type: "unauthorized",
+          expose: true
+        });
+      }
+      if (roles.length > 0 && user.role && !roles.includes(user.role)) {
+        throw new VafastError("\u6743\u9650\u4E0D\u8DB3", {
+          status: 403,
+          type: "forbidden",
+          expose: true
+        });
+      }
+      if (permissions.length > 0 && user.permissions) {
+        const userPermissions = Array.isArray(user.permissions) ? user.permissions : [user.permissions];
+        const hasPermission = permissions.some(
+          (permission) => userPermissions.includes(permission)
+        );
+        if (!hasPermission) {
+          throw new VafastError("\u6743\u9650\u4E0D\u8DB3", {
+            status: 403,
+            type: "forbidden",
+            expose: true
+          });
         }
-        catch (error) {
-            if (error instanceof TokenError) {
-                let status = 401;
-                let message = "认证失败";
-                switch (error.code) {
-                    case "EXPIRED_TOKEN":
-                        status = 401;
-                        message = "令牌已过期";
-                        break;
-                    case "INVALID_SIGNATURE":
-                        status = 401;
-                        message = "令牌签名无效";
-                        break;
-                    case "MALFORMED_TOKEN":
-                        status = 400;
-                        message = "令牌格式错误";
-                        break;
-                    default:
-                        status = 401;
-                        message = "令牌验证失败";
-                }
-                throw new VafastError(message, {
-                    status,
-                    type: "unauthorized",
-                    expose: true,
-                });
-            }
-            if (error instanceof VafastError) {
-                throw error;
-            }
-            throw new VafastError("认证过程中发生错误", {
-                status: 500,
-                type: "internal_error",
-                expose: false,
-            });
+      }
+      req.user = user;
+      req.token = token;
+      return next();
+    } catch (error) {
+      if (error instanceof TokenError) {
+        let status = 401;
+        let message = "\u8BA4\u8BC1\u5931\u8D25";
+        switch (error.code) {
+          case "EXPIRED_TOKEN":
+            status = 401;
+            message = "\u4EE4\u724C\u5DF2\u8FC7\u671F";
+            break;
+          case "INVALID_SIGNATURE":
+            status = 401;
+            message = "\u4EE4\u724C\u7B7E\u540D\u65E0\u6548";
+            break;
+          case "MALFORMED_TOKEN":
+            status = 400;
+            message = "\u4EE4\u724C\u683C\u5F0F\u9519\u8BEF";
+            break;
+          default:
+            status = 401;
+            message = "\u4EE4\u724C\u9A8C\u8BC1\u5931\u8D25";
         }
-    };
+        throw new VafastError(message, {
+          status,
+          type: "unauthorized",
+          expose: true
+        });
+      }
+      if (error instanceof VafastError) {
+        throw error;
+      }
+      throw new VafastError("\u8BA4\u8BC1\u8FC7\u7A0B\u4E2D\u53D1\u751F\u9519\u8BEF", {
+        status: 500,
+        type: "internal_error",
+        expose: false
+      });
+    }
+  };
 }
-// 可选认证中间件
-export function createOptionalAuth(options) {
-    return createAuth({ ...options, required: false });
+function createOptionalAuth(options) {
+  return createAuth({ ...options, required: false });
 }
-// 角色验证中间件
-export function createRoleAuth(roles, options) {
-    return createAuth({ ...options, roles });
+function createRoleAuth(roles, options) {
+  return createAuth({ ...options, roles });
 }
-// 权限验证中间件
-export function createPermissionAuth(permissions, options) {
-    return createAuth({ ...options, permissions });
+function createPermissionAuth(permissions, options) {
+  return createAuth({ ...options, permissions });
 }
+export {
+  createAuth,
+  createOptionalAuth,
+  createPermissionAuth,
+  createRoleAuth
+};
+//# sourceMappingURL=auth.js.map

package/dist/middleware/auth.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/middleware.ts","../../src/utils/parsers.ts","../../src/utils/handle.ts","../../src/utils/base64url.ts","../../src/auth/token.ts","../../src/middleware/auth.ts"],"sourcesContent":["// src/middleware.ts\n\nimport { json, mapResponse } from \"./utils/response\";\n\nimport type { Handler, Middleware } from \"./types\";\n/** 中间件类型：使用 next() 传递给下一个处理 */\n\n/** Vafast 自定义错误类型 */\nexport class VafastError extends Error {\n status: number;\n type: string;\n expose: boolean;\n\n constructor(\n message: string,\n options: {\n status?: number;\n type?: string;\n expose?: boolean;\n cause?: unknown;\n } = {},\n ) {\n super(message);\n this.name = \"VafastError\";\n this.status = options.status ?? 500;\n this.type = options.type ?? \"internal_error\";\n this.expose = options.expose ?? false;\n if (options.cause) (this as any).cause = options.cause;\n }\n}\n\n/**\n * 组合类型: 自动注入错误处理器进行中间件组合\n */\nexport function composeMiddleware(\n middleware: Middleware[],\n finalHandler: Handler,\n): (req: Request) => Promise<Response> {\n const all = [errorHandler, ...middleware];\n\n return function composedHandler(req: Request): Promise<Response> {\n let i = -1;\n\n const dispatch = (index: number): Promise<Response> => {\n if (index <= i)\n return Promise.reject(new Error(\"next() called multiple times\"));\n i = index;\n\n // 中间件阶段\n if (index < all.length) {\n const mw = all[index];\n return Promise.resolve(mw(req, () => dispatch(index + 1)));\n }\n\n // 最终 handler - 使用 mapResponse 转换返回值\n return Promise.resolve(finalHandler(req)).then(mapResponse);\n };\n\n return dispatch(0);\n };\n}\n\n/** 默认包含的全局错误处理器 */\nconst errorHandler: Middleware = async (req, next) => {\n try {\n return await next();\n } catch (err) {\n console.error(\"未处理的错误:\", err);\n\n if (err instanceof VafastError) {\n return json(\n {\n error: err.type,\n message: err.expose ? err.message : \"发生了一个错误\",\n },\n err.status,\n );\n }\n\n return json({ error: \"internal_error\", message: \"出现了一些问题\" }, 500);\n }\n};\n","// src/parsers.ts\nimport qs from \"qs\";\nimport cookie from \"cookie\";\n\n// 文件信息接口\nexport interface FileInfo {\n name: string;\n type: string;\n size: number;\n data: ArrayBuffer;\n}\n\n// 表单数据接口\nexport interface FormData {\n fields: Record<string, string>;\n files: Record<string, FileInfo>;\n}\n\n/**\n * 简化的请求体解析函数\n * 优先简洁性，处理最常见的场景\n */\nexport async function parseBody(req: Request): Promise<unknown> {\n const contentType = req.headers.get(\"content-type\") || \"\";\n if (contentType.includes(\"application/json\")) {\n return await req.json();\n }\n if (contentType.includes(\"application/x-www-form-urlencoded\")) {\n const text = await req.text();\n return Object.fromEntries(new URLSearchParams(text));\n }\n return await req.text(); // fallback\n}\n\n/**\n * 解析 multipart/form-data 格式\n * 支持文件上传和普通表单字段\n */\nasync function parseMultipartFormData(req: Request): Promise<FormData> {\n const formData = await req.formData();\n const result: FormData = {\n fields: {},\n files: {},\n };\n\n for (const [key, value] of formData.entries()) {\n if (\n typeof value === \"object\" &&\n value !== null &&\n \"name\" in value &&\n \"type\" in value &&\n \"size\" in value\n ) {\n // 处理文件\n const file = value as any;\n const arrayBuffer = await file.arrayBuffer();\n result.files[key] = {\n name: file.name,\n type: file.type,\n size: file.size,\n data: arrayBuffer,\n };\n } else {\n // 处理普通字段\n result.fields[key] = value as string;\n }\n }\n\n return result;\n}\n\n/**\n * 解析请求体为特定类型\n * 提供类型安全的解析方法\n */\nexport async function parseBodyAs<T>(req: Request): Promise<T> {\n const body = await parseBody(req);\n return body as T;\n}\n\n/**\n * 解析请求体为表单数据\n * 专门用于处理 multipart/form-data\n */\nexport async function parseFormData(req: Request): Promise<FormData> {\n const contentType = req.headers.get(\"content-type\") || \"\";\n\n if (!contentType.includes(\"multipart/form-data\")) {\n throw new Error(\"请求不是 multipart/form-data 格式\");\n }\n\n return await parseMultipartFormData(req);\n}\n\n/**\n * 解析请求体为文件\n * 专门用于处理文件上传\n */\nexport async function parseFile(req: Request): Promise<FileInfo> {\n const contentType = req.headers.get(\"content-type\") || \"\";\n\n if (!contentType.includes(\"multipart/form-data\")) {\n throw new Error(\"请求不是 multipart/form-data 格式\");\n }\n\n const formData = await parseMultipartFormData(req);\n const fileKeys = Object.keys(formData.files);\n\n if (fileKeys.length === 0) {\n throw new Error(\"请求中没有文件\");\n }\n\n if (fileKeys.length > 1) {\n throw new Error(\"请求中包含多个文件，请使用 parseFormData\");\n }\n\n return formData.files[fileKeys[0]];\n}\n\n/**\n * 快速提取 query string（避免创建 URL 对象）\n */\nfunction extractQueryString(url: string): string {\n const qIndex = url.indexOf(\"?\");\n if (qIndex === -1) return \"\";\n\n const hashIndex = url.indexOf(\"#\", qIndex);\n return hashIndex === -1\n ? url.substring(qIndex + 1)\n : url.substring(qIndex + 1, hashIndex);\n}\n\n/** 获取查询字符串，直接返回对象 */\nexport function parseQuery(req: Request): Record<string, unknown> {\n const queryString = extractQueryString(req.url);\n if (!queryString) return {};\n return qs.parse(queryString);\n}\n\n/**\n * 快速解析简单查询字符串（不支持嵌套，但更快）\n * 适用于简单的 key=value&key2=value2 场景\n */\nexport function parseQueryFast(req: Request): Record<string, string> {\n const queryString = extractQueryString(req.url);\n if (!queryString) return {};\n\n const result: Record<string, string> = Object.create(null);\n const pairs = queryString.split(\"&\");\n\n for (const pair of pairs) {\n const eqIndex = pair.indexOf(\"=\");\n if (eqIndex === -1) {\n result[decodeURIComponent(pair)] = \"\";\n } else {\n const key = decodeURIComponent(pair.substring(0, eqIndex));\n const value = decodeURIComponent(pair.substring(eqIndex + 1));\n result[key] = value;\n }\n }\n\n return result;\n}\n\n/** 解析请求头，返回对象 */\nexport function parseHeaders(req: Request): Record<string, string> {\n const headers: Record<string, string> = Object.create(null);\n req.headers.forEach((value, key) => {\n headers[key] = value;\n });\n return headers;\n}\n\n/**\n * 获取单个请求头（避免解析全部）\n */\nexport function getHeader(req: Request, name: string): string | null {\n return req.headers.get(name);\n}\n\n/** 使用cookie库解析Cookie，保证可靠性 */\nexport function parseCookies(req: Request): Record<string, string> {\n const cookieHeader = req.headers.get(\"cookie\");\n if (!cookieHeader) return {};\n\n try {\n const parsed = cookie.parse(cookieHeader);\n // 过滤掉undefined和null值\n const result: Record<string, string> = {};\n for (const [key, value] of Object.entries(parsed)) {\n if (value !== undefined && value !== null) {\n result[key] = value;\n }\n }\n return result;\n } catch {\n return {};\n }\n}\n\n/**\n * 快速解析 Cookie（简化版，不使用外部库）\n * 适用于简单的 cookie 场景\n */\nexport function parseCookiesFast(req: Request): Record<string, string> {\n const cookieHeader = req.headers.get(\"cookie\");\n if (!cookieHeader) return {};\n\n const result: Record<string, string> = Object.create(null);\n const pairs = cookieHeader.split(\";\");\n\n for (const pair of pairs) {\n const trimmed = pair.trim();\n const eqIndex = trimmed.indexOf(\"=\");\n if (eqIndex > 0) {\n const key = trimmed.substring(0, eqIndex).trim();\n const value = trimmed.substring(eqIndex + 1).trim();\n // 移除引号\n result[key] =\n value.startsWith('\"') && value.endsWith('\"')\n ? value.slice(1, -1)\n : value;\n }\n }\n\n return result;\n}\n\n/**\n * 获取单个 Cookie 值（避免解析全部）\n */\nexport function getCookie(req: Request, name: string): string | null {\n const cookieHeader = req.headers.get(\"cookie\");\n if (!cookieHeader) return null;\n\n const prefix = `${name}=`;\n const pairs = cookieHeader.split(\";\");\n\n for (const pair of pairs) {\n const trimmed = pair.trim();\n if (trimmed.startsWith(prefix)) {\n const value = trimmed.substring(prefix.length).trim();\n return value.startsWith('\"') && value.endsWith('\"')\n ? value.slice(1, -1)\n : value;\n }\n }\n\n return null;\n}\n","import { parseCookies } from \"./parsers\";\n\n/** 获取单个 Cookie 值 */\nexport function getCookie(req: Request, key: string): string | null {\n const cookies = parseCookies(req);\n return cookies[key] || null;\n}\n\n/** 生成 Set-Cookie 头 */\nexport function setCookie(\n key: string,\n value: string,\n options: {\n path?: string;\n httpOnly?: boolean;\n maxAge?: number;\n secure?: boolean;\n } = {},\n): string {\n let cookie = `${key}=${encodeURIComponent(value)}`;\n\n if (options.path) cookie += `; Path=${options.path}`;\n if (options.httpOnly) cookie += `; HttpOnly`;\n if (options.secure) cookie += `; Secure`;\n if (options.maxAge) cookie += `; Max-Age=${options.maxAge}`;\n\n return cookie;\n}\n\n// 提供给中间件写入\"局部上下文\"的工具函数\nexport function setLocals<T extends object>(req: Request, extras: T) {\n const target = req as unknown as Record<string, unknown>;\n target.__locals = { ...((target.__locals as object) ?? {}), ...extras };\n}\n\n// 获取中间件注入的局部上下文\nexport function getLocals<T extends object>(req: Request): T {\n const target = req as unknown as Record<string, unknown>;\n return (target.__locals ?? {}) as T;\n}\n","export function base64urlEncode(str: string): string {\n return btoa(str)\n .replace(/=/g, \"\") // ✅ 删除填充\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\");\n}\n\nexport function base64urlDecode(str: string): string {\n const pad = str.length % 4 === 0 ? \"\" : \"=\".repeat(4 - (str.length % 4));\n const base64 = str.replace(/-/g, \"+\").replace(/_/g, \"/\") + pad;\n return atob(base64);\n}\n","// src/auth/token.ts\nimport { base64urlEncode, base64urlDecode } from \"../utils/base64url\";\n\n// 类型定义\nexport interface TokenPayload {\n [key: string]: any;\n exp?: number; // 过期时间戳\n iat?: number; // 签发时间戳\n sub?: string; // 主题（通常是用户ID）\n aud?: string; // 受众\n iss?: string; // 签发者\n}\n\nexport interface TokenResult {\n payload: TokenPayload;\n token: string;\n expiresAt: number;\n}\n\nexport interface TokenOptions {\n expiresIn?: number; // 过期时间（秒）\n issuer?: string; // 签发者\n audience?: string; // 受众\n subject?: string; // 主题\n}\n\nexport class TokenError extends Error {\n constructor(\n message: string,\n public code:\n | \"INVALID_TOKEN\"\n | \"EXPIRED_TOKEN\"\n | \"INVALID_SIGNATURE\"\n | \"MALFORMED_TOKEN\"\n | \"INVALID_PAYLOAD\",\n ) {\n super(message);\n this.name = \"TokenError\";\n }\n}\n\nconst encoder = new TextEncoder();\n\n/** 使用 HMAC-SHA256 进行签名 */\nasync function sign(data: string, secret: string): Promise<string> {\n const key = await crypto.subtle.importKey(\n \"raw\",\n encoder.encode(secret),\n { name: \"HMAC\", hash: \"SHA-256\" },\n false,\n [\"sign\"],\n );\n\n const signature = await crypto.subtle.sign(\"HMAC\", key, encoder.encode(data));\n return btoa(\n String.fromCharCode.apply(null, Array.from(new Uint8Array(signature))),\n );\n}\n\n/** 生成令牌 */\nexport async function generateToken(\n payload: TokenPayload,\n secret: string,\n options: TokenOptions = {},\n): Promise<TokenResult> {\n const { expiresIn = 3600, issuer, audience, subject } = options;\n\n // 创建令牌载荷，强制使用当前时间\n const now = Math.floor(Date.now() / 1000);\n const tokenPayload: TokenPayload = {\n ...payload,\n iat: now,\n exp: now + expiresIn,\n };\n\n // 添加可选字段\n if (issuer) tokenPayload.iss = issuer;\n if (audience) tokenPayload.aud = audience;\n if (subject) tokenPayload.sub = subject;\n\n const data = base64urlEncode(JSON.stringify(tokenPayload));\n const sig = await sign(data, secret);\n const token = `${data}.${base64urlEncode(sig)}`;\n\n return {\n payload: tokenPayload,\n token,\n expiresAt: tokenPayload.exp! * 1000, // 转换为毫秒\n };\n}\n\n/** 验证令牌 */\nexport async function verifyToken(\n token: string,\n secret: string,\n): Promise<TokenPayload | null> {\n try {\n const [data, sig] = token.split(\".\");\n if (!data || !sig) {\n throw new TokenError(\"令牌格式无效\", \"MALFORMED_TOKEN\");\n }\n\n const expectedSig = await sign(data, secret);\n const expected = base64urlEncode(expectedSig);\n\n if (sig !== expected) {\n throw new TokenError(\"令牌签名无效\", \"INVALID_SIGNATURE\");\n }\n\n const payload = JSON.parse(base64urlDecode(data)) as TokenPayload;\n\n // 检查过期时间\n if (payload.exp && Date.now() / 1000 > payload.exp) {\n throw new TokenError(\"令牌已过期\", \"EXPIRED_TOKEN\");\n }\n\n return payload;\n } catch (error) {\n if (error instanceof TokenError) {\n throw error;\n }\n throw new TokenError(\"令牌验证失败\", \"INVALID_TOKEN\");\n }\n}\n\n/** 解析令牌（不验证签名） */\nexport function parseToken(token: string): TokenPayload | null {\n try {\n const [data] = token.split(\".\");\n if (!data) return null;\n\n return JSON.parse(base64urlDecode(data));\n } catch {\n return null;\n }\n}\n\n/** 检查令牌是否过期 */\nexport function isTokenExpired(token: string): boolean {\n const payload = parseToken(token);\n if (!payload || !payload.exp) return true;\n\n return Date.now() / 1000 > payload.exp;\n}\n\n/** 获取令牌剩余有效时间（秒） */\nexport function getTokenTimeRemaining(token: string): number {\n const payload = parseToken(token);\n if (!payload || !payload.exp) return 0;\n\n const remaining = payload.exp - Date.now() / 1000;\n return Math.max(0, Math.floor(remaining));\n}\n\n/** 刷新令牌 */\nexport async function refreshToken(\n token: string,\n secret: string,\n options: TokenOptions = {},\n): Promise<TokenResult | null> {\n try {\n const payload = await verifyToken(token, secret);\n if (!payload) return null;\n\n // 移除时间相关字段，重新生成\n const { exp, iat, ...cleanPayload } = payload;\n\n // 添加延迟确保时间戳不同\n await new Promise((resolve) => setTimeout(resolve, 10));\n\n return await generateToken(cleanPayload, secret, options);\n } catch {\n return null;\n }\n}\n\n/** 创建访问令牌和刷新令牌对 */\nexport async function createTokenPair(\n payload: TokenPayload,\n secret: string,\n options: TokenOptions = {},\n): Promise<{\n accessToken: TokenResult;\n refreshToken: TokenResult;\n}> {\n const accessToken = await generateToken(payload, secret, {\n ...options,\n expiresIn: options.expiresIn || 3600, // 1小时\n });\n\n const refreshToken = await generateToken(payload, secret, {\n ...options,\n expiresIn: 7 * 24 * 3600, // 7天\n });\n\n return { accessToken, refreshToken };\n}\n","// src/middleware/auth.ts\n\nimport type { Middleware } from \"../types\";\nimport { VafastError } from \"../middleware\";\nimport { getCookie } from \"../utils/handle\";\nimport { verifyToken, TokenError, type TokenPayload } from \"../auth/token\";\n\ninterface AuthOptions {\n secret: string;\n cookieName?: string;\n headerName?: string;\n required?: boolean; // 是否必需认证\n roles?: string[]; // 允许的角色\n permissions?: string[]; // 允许的权限\n}\n\nexport function createAuth(options: AuthOptions): Middleware {\n const {\n secret,\n cookieName = \"auth\",\n headerName = \"authorization\",\n required = true,\n roles = [],\n permissions = [],\n } = options;\n\n return async (req, next) => {\n const token =\n getCookie(req, cookieName) ||\n req.headers.get(headerName)?.replace(\"Bearer \", \"\") ||\n \"\";\n\n if (!token && required) {\n throw new VafastError(\"缺少认证令牌\", {\n status: 401,\n type: \"unauthorized\",\n expose: true,\n });\n }\n\n if (!token && !required) {\n return next();\n }\n\n try {\n const user = (await verifyToken(token, secret)) as TokenPayload;\n\n if (!user) {\n throw new VafastError(\"令牌验证失败\", {\n status: 401,\n type: \"unauthorized\",\n expose: true,\n });\n }\n\n // 检查角色权限\n if (roles.length > 0 && user.role && !roles.includes(user.role)) {\n throw new VafastError(\"权限不足\", {\n status: 403,\n type: \"forbidden\",\n expose: true,\n });\n }\n\n // 检查具体权限\n if (permissions.length > 0 && user.permissions) {\n const userPermissions = Array.isArray(user.permissions)\n ? user.permissions\n : [user.permissions];\n\n const hasPermission = permissions.some((permission) =>\n userPermissions.includes(permission),\n );\n\n if (!hasPermission) {\n throw new VafastError(\"权限不足\", {\n status: 403,\n type: \"forbidden\",\n expose: true,\n });\n }\n }\n\n // 🪄 在这里扩展 Request 对象\n (req as any).user = user;\n (req as any).token = token;\n\n return next();\n } catch (error) {\n if (error instanceof TokenError) {\n let status = 401;\n let message = \"认证失败\";\n\n switch (error.code) {\n case \"EXPIRED_TOKEN\":\n status = 401;\n message = \"令牌已过期\";\n break;\n case \"INVALID_SIGNATURE\":\n status = 401;\n message = \"令牌签名无效\";\n break;\n case \"MALFORMED_TOKEN\":\n status = 400;\n message = \"令牌格式错误\";\n break;\n default:\n status = 401;\n message = \"令牌验证失败\";\n }\n\n throw new VafastError(message, {\n status,\n type: \"unauthorized\",\n expose: true,\n });\n }\n\n if (error instanceof VafastError) {\n throw error;\n }\n\n throw new VafastError(\"认证过程中发生错误\", {\n status: 500,\n type: \"internal_error\",\n expose: false,\n });\n }\n };\n}\n\n// 可选认证中间件\nexport function createOptionalAuth(\n options: Omit<AuthOptions, \"required\">,\n): Middleware {\n return createAuth({ ...options, required: false });\n}\n\n// 角色验证中间件\nexport function createRoleAuth(\n roles: string[],\n options: Omit<AuthOptions, \"roles\">,\n): Middleware {\n return createAuth({ ...options, roles });\n}\n\n// 权限验证中间件\nexport function createPermissionAuth(\n permissions: string[],\n options: Omit<AuthOptions, \"permissions\">,\n): Middleware {\n return createAuth({ ...options, permissions });\n}\n"],"mappings":";AAQO,IAAM,cAAN,cAA0B,MAAM;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EAEA,YACE,SACA,UAKI,CAAC,GACL;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS,QAAQ,UAAU;AAChC,SAAK,OAAO,QAAQ,QAAQ;AAC5B,SAAK,SAAS,QAAQ,UAAU;AAChC,QAAI,QAAQ,MAAO,CAAC,KAAa,QAAQ,QAAQ;AAAA,EACnD;AACF;;;AC5BA,OAAO,QAAQ;AACf,OAAO,YAAY;AAmLZ,SAAS,aAAa,KAAsC;AACjE,QAAM,eAAe,IAAI,QAAQ,IAAI,QAAQ;AAC7C,MAAI,CAAC,aAAc,QAAO,CAAC;AAE3B,MAAI;AACF,UAAM,SAAS,OAAO,MAAM,YAAY;AAExC,UAAM,SAAiC,CAAC;AACxC,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,MAAM,GAAG;AACjD,UAAI,UAAU,UAAa,UAAU,MAAM;AACzC,eAAO,GAAG,IAAI;AAAA,MAChB;AAAA,IACF;AACA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;;;ACnMO,SAAS,UAAU,KAAc,KAA4B;AAClE,QAAM,UAAU,aAAa,GAAG;AAChC,SAAO,QAAQ,GAAG,KAAK;AACzB;;;ACNO,SAAS,gBAAgB,KAAqB;AACnD,SAAO,KAAK,GAAG,EACZ,QAAQ,MAAM,EAAE,EAChB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG;AACvB;AAEO,SAAS,gBAAgB,KAAqB;AACnD,QAAM,MAAM,IAAI,SAAS,MAAM,IAAI,KAAK,IAAI,OAAO,IAAK,IAAI,SAAS,CAAE;AACvE,QAAM,SAAS,IAAI,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG,IAAI;AAC3D,SAAO,KAAK,MAAM;AACpB;;;ACeO,IAAM,aAAN,cAAyB,MAAM;AAAA,EACpC,YACE,SACO,MAMP;AACA,UAAM,OAAO;AAPN;AAQP,SAAK,OAAO;AAAA,EACd;AACF;AAEA,IAAM,UAAU,IAAI,YAAY;AAGhC,eAAe,KAAK,MAAc,QAAiC;AACjE,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC9B;AAAA,IACA,QAAQ,OAAO,MAAM;AAAA,IACrB,EAAE,MAAM,QAAQ,MAAM,UAAU;AAAA,IAChC;AAAA,IACA,CAAC,MAAM;AAAA,EACT;AAEA,QAAM,YAAY,MAAM,OAAO,OAAO,KAAK,QAAQ,KAAK,QAAQ,OAAO,IAAI,CAAC;AAC5E,SAAO;AAAA,IACL,OAAO,aAAa,MAAM,MAAM,MAAM,KAAK,IAAI,WAAW,SAAS,CAAC,CAAC;AAAA,EACvE;AACF;AAmCA,eAAsB,YACpB,OACA,QAC8B;AAC9B,MAAI;AACF,UAAM,CAAC,MAAM,GAAG,IAAI,MAAM,MAAM,GAAG;AACnC,QAAI,CAAC,QAAQ,CAAC,KAAK;AACjB,YAAM,IAAI,WAAW,wCAAU,iBAAiB;AAAA,IAClD;AAEA,UAAM,cAAc,MAAM,KAAK,MAAM,MAAM;AAC3C,UAAM,WAAW,gBAAgB,WAAW;AAE5C,QAAI,QAAQ,UAAU;AACpB,YAAM,IAAI,WAAW,wCAAU,mBAAmB;AAAA,IACpD;AAEA,UAAM,UAAU,KAAK,MAAM,gBAAgB,IAAI,CAAC;AAGhD,QAAI,QAAQ,OAAO,KAAK,IAAI,IAAI,MAAO,QAAQ,KAAK;AAClD,YAAM,IAAI,WAAW,kCAAS,eAAe;AAAA,IAC/C;AAEA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,QAAI,iBAAiB,YAAY;AAC/B,YAAM;AAAA,IACR;AACA,UAAM,IAAI,WAAW,wCAAU,eAAe;AAAA,EAChD;AACF;;;AC3GO,SAAS,WAAW,SAAkC;AAC3D,QAAM;AAAA,IACJ;AAAA,IACA,aAAa;AAAA,IACb,aAAa;AAAA,IACb,WAAW;AAAA,IACX,QAAQ,CAAC;AAAA,IACT,cAAc,CAAC;AAAA,EACjB,IAAI;AAEJ,SAAO,OAAO,KAAK,SAAS;AAC1B,UAAM,QACJ,UAAU,KAAK,UAAU,KACzB,IAAI,QAAQ,IAAI,UAAU,GAAG,QAAQ,WAAW,EAAE,KAClD;AAEF,QAAI,CAAC,SAAS,UAAU;AACtB,YAAM,IAAI,YAAY,wCAAU;AAAA,QAC9B,QAAQ;AAAA,QACR,MAAM;AAAA,QACN,QAAQ;AAAA,MACV,CAAC;AAAA,IACH;AAEA,QAAI,CAAC,SAAS,CAAC,UAAU;AACvB,aAAO,KAAK;AAAA,IACd;AAEA,QAAI;AACF,YAAM,OAAQ,MAAM,YAAY,OAAO,MAAM;AAE7C,UAAI,CAAC,MAAM;AACT,cAAM,IAAI,YAAY,wCAAU;AAAA,UAC9B,QAAQ;AAAA,UACR,MAAM;AAAA,UACN,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAGA,UAAI,MAAM,SAAS,KAAK,KAAK,QAAQ,CAAC,MAAM,SAAS,KAAK,IAAI,GAAG;AAC/D,cAAM,IAAI,YAAY,4BAAQ;AAAA,UAC5B,QAAQ;AAAA,UACR,MAAM;AAAA,UACN,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAGA,UAAI,YAAY,SAAS,KAAK,KAAK,aAAa;AAC9C,cAAM,kBAAkB,MAAM,QAAQ,KAAK,WAAW,IAClD,KAAK,cACL,CAAC,KAAK,WAAW;AAErB,cAAM,gBAAgB,YAAY;AAAA,UAAK,CAAC,eACtC,gBAAgB,SAAS,UAAU;AAAA,QACrC;AAEA,YAAI,CAAC,eAAe;AAClB,gBAAM,IAAI,YAAY,4BAAQ;AAAA,YAC5B,QAAQ;AAAA,YACR,MAAM;AAAA,YACN,QAAQ;AAAA,UACV,CAAC;AAAA,QACH;AAAA,MACF;AAGA,MAAC,IAAY,OAAO;AACpB,MAAC,IAAY,QAAQ;AAErB,aAAO,KAAK;AAAA,IACd,SAAS,OAAO;AACd,UAAI,iBAAiB,YAAY;AAC/B,YAAI,SAAS;AACb,YAAI,UAAU;AAEd,gBAAQ,MAAM,MAAM;AAAA,UAClB,KAAK;AACH,qBAAS;AACT,sBAAU;AACV;AAAA,UACF,KAAK;AACH,qBAAS;AACT,sBAAU;AACV;AAAA,UACF,KAAK;AACH,qBAAS;AACT,sBAAU;AACV;AAAA,UACF;AACE,qBAAS;AACT,sBAAU;AAAA,QACd;AAEA,cAAM,IAAI,YAAY,SAAS;AAAA,UAC7B;AAAA,UACA,MAAM;AAAA,UACN,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAEA,UAAI,iBAAiB,aAAa;AAChC,cAAM;AAAA,MACR;AAEA,YAAM,IAAI,YAAY,0DAAa;AAAA,QACjC,QAAQ;AAAA,QACR,MAAM;AAAA,QACN,QAAQ;AAAA,MACV,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAGO,SAAS,mBACd,SACY;AACZ,SAAO,WAAW,EAAE,GAAG,SAAS,UAAU,MAAM,CAAC;AACnD;AAGO,SAAS,eACd,OACA,SACY;AACZ,SAAO,WAAW,EAAE,GAAG,SAAS,MAAM,CAAC;AACzC;AAGO,SAAS,qBACd,aACA,SACY;AACZ,SAAO,WAAW,EAAE,GAAG,SAAS,YAAY,CAAC;AAC/C;","names":[]}

package/dist/middleware/authMiddleware.d.ts CHANGED Viewed

@@ -1,2 +1,5 @@
-import type { Middleware } from "../types";
-export declare const requireAuth: Middleware;
+import { Middleware } from '../types/types.js';
+declare const requireAuth: Middleware;
+export { requireAuth };

package/dist/middleware/authMiddleware.js CHANGED Viewed

@@ -1,13 +1,57 @@
-import { VafastError } from "../middleware";
-import { getCookie } from "../utils/handle";
-export const requireAuth = async (req, next) => {
-    const token = getCookie(req, "auth");
-    if (!token || token !== "valid-token") {
-        throw new VafastError("Unauthorized", {
-            status: 401,
-            type: "unauthorized",
-            expose: true,
-        });
+// src/middleware.ts
+var VafastError = class extends Error {
+  status;
+  type;
+  expose;
+  constructor(message, options = {}) {
+    super(message);
+    this.name = "VafastError";
+    this.status = options.status ?? 500;
+    this.type = options.type ?? "internal_error";
+    this.expose = options.expose ?? false;
+    if (options.cause) this.cause = options.cause;
+  }
+};
+// src/utils/parsers.ts
+import qs from "qs";
+import cookie from "cookie";
+function parseCookies(req) {
+  const cookieHeader = req.headers.get("cookie");
+  if (!cookieHeader) return {};
+  try {
+    const parsed = cookie.parse(cookieHeader);
+    const result = {};
+    for (const [key, value] of Object.entries(parsed)) {
+      if (value !== void 0 && value !== null) {
+        result[key] = value;
+      }
     }
-    return next();
+    return result;
+  } catch {
+    return {};
+  }
+}
+// src/utils/handle.ts
+function getCookie(req, key) {
+  const cookies = parseCookies(req);
+  return cookies[key] || null;
+}
+// src/middleware/authMiddleware.ts
+var requireAuth = async (req, next) => {
+  const token = getCookie(req, "auth");
+  if (!token || token !== "valid-token") {
+    throw new VafastError("Unauthorized", {
+      status: 401,
+      type: "unauthorized",
+      expose: true
+    });
+  }
+  return next();
+};
+export {
+  requireAuth
 };
+//# sourceMappingURL=authMiddleware.js.map

package/dist/middleware/authMiddleware.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/middleware.ts","../../src/utils/parsers.ts","../../src/utils/handle.ts","../../src/middleware/authMiddleware.ts"],"sourcesContent":["// src/middleware.ts\n\nimport { json, mapResponse } from \"./utils/response\";\n\nimport type { Handler, Middleware } from \"./types\";\n/** 中间件类型：使用 next() 传递给下一个处理 */\n\n/** Vafast 自定义错误类型 */\nexport class VafastError extends Error {\n status: number;\n type: string;\n expose: boolean;\n\n constructor(\n message: string,\n options: {\n status?: number;\n type?: string;\n expose?: boolean;\n cause?: unknown;\n } = {},\n ) {\n super(message);\n this.name = \"VafastError\";\n this.status = options.status ?? 500;\n this.type = options.type ?? \"internal_error\";\n this.expose = options.expose ?? false;\n if (options.cause) (this as any).cause = options.cause;\n }\n}\n\n/**\n * 组合类型: 自动注入错误处理器进行中间件组合\n */\nexport function composeMiddleware(\n middleware: Middleware[],\n finalHandler: Handler,\n): (req: Request) => Promise<Response> {\n const all = [errorHandler, ...middleware];\n\n return function composedHandler(req: Request): Promise<Response> {\n let i = -1;\n\n const dispatch = (index: number): Promise<Response> => {\n if (index <= i)\n return Promise.reject(new Error(\"next() called multiple times\"));\n i = index;\n\n // 中间件阶段\n if (index < all.length) {\n const mw = all[index];\n return Promise.resolve(mw(req, () => dispatch(index + 1)));\n }\n\n // 最终 handler - 使用 mapResponse 转换返回值\n return Promise.resolve(finalHandler(req)).then(mapResponse);\n };\n\n return dispatch(0);\n };\n}\n\n/** 默认包含的全局错误处理器 */\nconst errorHandler: Middleware = async (req, next) => {\n try {\n return await next();\n } catch (err) {\n console.error(\"未处理的错误:\", err);\n\n if (err instanceof VafastError) {\n return json(\n {\n error: err.type,\n message: err.expose ? err.message : \"发生了一个错误\",\n },\n err.status,\n );\n }\n\n return json({ error: \"internal_error\", message: \"出现了一些问题\" }, 500);\n }\n};\n","// src/parsers.ts\nimport qs from \"qs\";\nimport cookie from \"cookie\";\n\n// 文件信息接口\nexport interface FileInfo {\n name: string;\n type: string;\n size: number;\n data: ArrayBuffer;\n}\n\n// 表单数据接口\nexport interface FormData {\n fields: Record<string, string>;\n files: Record<string, FileInfo>;\n}\n\n/**\n * 简化的请求体解析函数\n * 优先简洁性，处理最常见的场景\n */\nexport async function parseBody(req: Request): Promise<unknown> {\n const contentType = req.headers.get(\"content-type\") || \"\";\n if (contentType.includes(\"application/json\")) {\n return await req.json();\n }\n if (contentType.includes(\"application/x-www-form-urlencoded\")) {\n const text = await req.text();\n return Object.fromEntries(new URLSearchParams(text));\n }\n return await req.text(); // fallback\n}\n\n/**\n * 解析 multipart/form-data 格式\n * 支持文件上传和普通表单字段\n */\nasync function parseMultipartFormData(req: Request): Promise<FormData> {\n const formData = await req.formData();\n const result: FormData = {\n fields: {},\n files: {},\n };\n\n for (const [key, value] of formData.entries()) {\n if (\n typeof value === \"object\" &&\n value !== null &&\n \"name\" in value &&\n \"type\" in value &&\n \"size\" in value\n ) {\n // 处理文件\n const file = value as any;\n const arrayBuffer = await file.arrayBuffer();\n result.files[key] = {\n name: file.name,\n type: file.type,\n size: file.size,\n data: arrayBuffer,\n };\n } else {\n // 处理普通字段\n result.fields[key] = value as string;\n }\n }\n\n return result;\n}\n\n/**\n * 解析请求体为特定类型\n * 提供类型安全的解析方法\n */\nexport async function parseBodyAs<T>(req: Request): Promise<T> {\n const body = await parseBody(req);\n return body as T;\n}\n\n/**\n * 解析请求体为表单数据\n * 专门用于处理 multipart/form-data\n */\nexport async function parseFormData(req: Request): Promise<FormData> {\n const contentType = req.headers.get(\"content-type\") || \"\";\n\n if (!contentType.includes(\"multipart/form-data\")) {\n throw new Error(\"请求不是 multipart/form-data 格式\");\n }\n\n return await parseMultipartFormData(req);\n}\n\n/**\n * 解析请求体为文件\n * 专门用于处理文件上传\n */\nexport async function parseFile(req: Request): Promise<FileInfo> {\n const contentType = req.headers.get(\"content-type\") || \"\";\n\n if (!contentType.includes(\"multipart/form-data\")) {\n throw new Error(\"请求不是 multipart/form-data 格式\");\n }\n\n const formData = await parseMultipartFormData(req);\n const fileKeys = Object.keys(formData.files);\n\n if (fileKeys.length === 0) {\n throw new Error(\"请求中没有文件\");\n }\n\n if (fileKeys.length > 1) {\n throw new Error(\"请求中包含多个文件，请使用 parseFormData\");\n }\n\n return formData.files[fileKeys[0]];\n}\n\n/**\n * 快速提取 query string（避免创建 URL 对象）\n */\nfunction extractQueryString(url: string): string {\n const qIndex = url.indexOf(\"?\");\n if (qIndex === -1) return \"\";\n\n const hashIndex = url.indexOf(\"#\", qIndex);\n return hashIndex === -1\n ? url.substring(qIndex + 1)\n : url.substring(qIndex + 1, hashIndex);\n}\n\n/** 获取查询字符串，直接返回对象 */\nexport function parseQuery(req: Request): Record<string, unknown> {\n const queryString = extractQueryString(req.url);\n if (!queryString) return {};\n return qs.parse(queryString);\n}\n\n/**\n * 快速解析简单查询字符串（不支持嵌套，但更快）\n * 适用于简单的 key=value&key2=value2 场景\n */\nexport function parseQueryFast(req: Request): Record<string, string> {\n const queryString = extractQueryString(req.url);\n if (!queryString) return {};\n\n const result: Record<string, string> = Object.create(null);\n const pairs = queryString.split(\"&\");\n\n for (const pair of pairs) {\n const eqIndex = pair.indexOf(\"=\");\n if (eqIndex === -1) {\n result[decodeURIComponent(pair)] = \"\";\n } else {\n const key = decodeURIComponent(pair.substring(0, eqIndex));\n const value = decodeURIComponent(pair.substring(eqIndex + 1));\n result[key] = value;\n }\n }\n\n return result;\n}\n\n/** 解析请求头，返回对象 */\nexport function parseHeaders(req: Request): Record<string, string> {\n const headers: Record<string, string> = Object.create(null);\n req.headers.forEach((value, key) => {\n headers[key] = value;\n });\n return headers;\n}\n\n/**\n * 获取单个请求头（避免解析全部）\n */\nexport function getHeader(req: Request, name: string): string | null {\n return req.headers.get(name);\n}\n\n/** 使用cookie库解析Cookie，保证可靠性 */\nexport function parseCookies(req: Request): Record<string, string> {\n const cookieHeader = req.headers.get(\"cookie\");\n if (!cookieHeader) return {};\n\n try {\n const parsed = cookie.parse(cookieHeader);\n // 过滤掉undefined和null值\n const result: Record<string, string> = {};\n for (const [key, value] of Object.entries(parsed)) {\n if (value !== undefined && value !== null) {\n result[key] = value;\n }\n }\n return result;\n } catch {\n return {};\n }\n}\n\n/**\n * 快速解析 Cookie（简化版，不使用外部库）\n * 适用于简单的 cookie 场景\n */\nexport function parseCookiesFast(req: Request): Record<string, string> {\n const cookieHeader = req.headers.get(\"cookie\");\n if (!cookieHeader) return {};\n\n const result: Record<string, string> = Object.create(null);\n const pairs = cookieHeader.split(\";\");\n\n for (const pair of pairs) {\n const trimmed = pair.trim();\n const eqIndex = trimmed.indexOf(\"=\");\n if (eqIndex > 0) {\n const key = trimmed.substring(0, eqIndex).trim();\n const value = trimmed.substring(eqIndex + 1).trim();\n // 移除引号\n result[key] =\n value.startsWith('\"') && value.endsWith('\"')\n ? value.slice(1, -1)\n : value;\n }\n }\n\n return result;\n}\n\n/**\n * 获取单个 Cookie 值（避免解析全部）\n */\nexport function getCookie(req: Request, name: string): string | null {\n const cookieHeader = req.headers.get(\"cookie\");\n if (!cookieHeader) return null;\n\n const prefix = `${name}=`;\n const pairs = cookieHeader.split(\";\");\n\n for (const pair of pairs) {\n const trimmed = pair.trim();\n if (trimmed.startsWith(prefix)) {\n const value = trimmed.substring(prefix.length).trim();\n return value.startsWith('\"') && value.endsWith('\"')\n ? value.slice(1, -1)\n : value;\n }\n }\n\n return null;\n}\n","import { parseCookies } from \"./parsers\";\n\n/** 获取单个 Cookie 值 */\nexport function getCookie(req: Request, key: string): string | null {\n const cookies = parseCookies(req);\n return cookies[key] || null;\n}\n\n/** 生成 Set-Cookie 头 */\nexport function setCookie(\n key: string,\n value: string,\n options: {\n path?: string;\n httpOnly?: boolean;\n maxAge?: number;\n secure?: boolean;\n } = {},\n): string {\n let cookie = `${key}=${encodeURIComponent(value)}`;\n\n if (options.path) cookie += `; Path=${options.path}`;\n if (options.httpOnly) cookie += `; HttpOnly`;\n if (options.secure) cookie += `; Secure`;\n if (options.maxAge) cookie += `; Max-Age=${options.maxAge}`;\n\n return cookie;\n}\n\n// 提供给中间件写入\"局部上下文\"的工具函数\nexport function setLocals<T extends object>(req: Request, extras: T) {\n const target = req as unknown as Record<string, unknown>;\n target.__locals = { ...((target.__locals as object) ?? {}), ...extras };\n}\n\n// 获取中间件注入的局部上下文\nexport function getLocals<T extends object>(req: Request): T {\n const target = req as unknown as Record<string, unknown>;\n return (target.__locals ?? {}) as T;\n}\n","// src/middleware/authMiddleware.ts\nimport type { Middleware } from \"../types\";\nimport { VafastError } from \"../middleware\";\nimport { getCookie } from \"../utils/handle\";\n\nexport const requireAuth: Middleware = async (req, next) => {\n const token = getCookie(req, \"auth\");\n\n if (!token || token !== \"valid-token\") {\n throw new VafastError(\"Unauthorized\", {\n status: 401,\n type: \"unauthorized\",\n expose: true,\n });\n }\n\n return next();\n};\n"],"mappings":";AAQO,IAAM,cAAN,cAA0B,MAAM;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EAEA,YACE,SACA,UAKI,CAAC,GACL;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS,QAAQ,UAAU;AAChC,SAAK,OAAO,QAAQ,QAAQ;AAC5B,SAAK,SAAS,QAAQ,UAAU;AAChC,QAAI,QAAQ,MAAO,CAAC,KAAa,QAAQ,QAAQ;AAAA,EACnD;AACF;;;AC5BA,OAAO,QAAQ;AACf,OAAO,YAAY;AAmLZ,SAAS,aAAa,KAAsC;AACjE,QAAM,eAAe,IAAI,QAAQ,IAAI,QAAQ;AAC7C,MAAI,CAAC,aAAc,QAAO,CAAC;AAE3B,MAAI;AACF,UAAM,SAAS,OAAO,MAAM,YAAY;AAExC,UAAM,SAAiC,CAAC;AACxC,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,MAAM,GAAG;AACjD,UAAI,UAAU,UAAa,UAAU,MAAM;AACzC,eAAO,GAAG,IAAI;AAAA,MAChB;AAAA,IACF;AACA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;;;ACnMO,SAAS,UAAU,KAAc,KAA4B;AAClE,QAAM,UAAU,aAAa,GAAG;AAChC,SAAO,QAAQ,GAAG,KAAK;AACzB;;;ACDO,IAAM,cAA0B,OAAO,KAAK,SAAS;AAC1D,QAAM,QAAQ,UAAU,KAAK,MAAM;AAEnC,MAAI,CAAC,SAAS,UAAU,eAAe;AACrC,UAAM,IAAI,YAAY,gBAAgB;AAAA,MACpC,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,QAAQ;AAAA,IACV,CAAC;AAAA,EACH;AAEA,SAAO,KAAK;AACd;","names":[]}

package/dist/middleware/component-renderer.d.ts CHANGED Viewed

@@ -2,5 +2,7 @@
  * 组件渲染中间件 - 专注 SSR
  * 支持 Vue 和 React 的服务端渲染
  */
-export declare const vueRenderer: (preloadedDeps?: any) => (req: Request, next: () => Promise<Response>) => Promise<Response>;
-export declare const reactRenderer: (preloadedDeps?: any) => (req: Request, next: () => Promise<Response>) => Promise<Response>;
+declare const vueRenderer: (preloadedDeps?: any) => (req: Request, next: () => Promise<Response>) => Promise<Response>;
+declare const reactRenderer: (preloadedDeps?: any) => (req: Request, next: () => Promise<Response>) => Promise<Response>;
+export { reactRenderer, vueRenderer };