vafast 0.4.1 → 0.4.3

package/dist/middleware/auth.js

@@ -1,205 +0,0 @@
-// src/middleware.ts
-var VafastError = class extends Error {
-  status;
-  type;
-  expose;
-  constructor(message, options = {}) {
-    super(message);
-    this.name = "VafastError";
-    this.status = options.status ?? 500;
-    this.type = options.type ?? "internal_error";
-    this.expose = options.expose ?? false;
-    if (options.cause) this.cause = options.cause;
-  }
-};
-
-// src/utils/parsers.ts
-import qs from "qs";
-import cookie from "cookie";
-function parseCookies(req) {
-  const cookieHeader = req.headers.get("cookie");
-  if (!cookieHeader) return {};
-  try {
-    const parsed = cookie.parse(cookieHeader);
-    const result = {};
-    for (const [key, value] of Object.entries(parsed)) {
-      if (value !== void 0 && value !== null) {
-        result[key] = value;
-      }
-    }
-    return result;
-  } catch {
-    return {};
-  }
-}
-
-// src/utils/handle.ts
-function getCookie(req, key) {
-  const cookies = parseCookies(req);
-  return cookies[key] || null;
-}
-
-// src/utils/base64url.ts
-function base64urlEncode(str) {
-  return btoa(str).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
-}
-function base64urlDecode(str) {
-  const pad = str.length % 4 === 0 ? "" : "=".repeat(4 - str.length % 4);
-  const base64 = str.replace(/-/g, "+").replace(/_/g, "/") + pad;
-  return atob(base64);
-}
-
-// src/auth/token.ts
-var TokenError = class extends Error {
-  constructor(message, code) {
-    super(message);
-    this.code = code;
-    this.name = "TokenError";
-  }
-};
-var encoder = new TextEncoder();
-async function sign(data, secret) {
-  const key = await crypto.subtle.importKey(
-    "raw",
-    encoder.encode(secret),
-    { name: "HMAC", hash: "SHA-256" },
-    false,
-    ["sign"]
-  );
-  const signature = await crypto.subtle.sign("HMAC", key, encoder.encode(data));
-  return btoa(
-    String.fromCharCode.apply(null, Array.from(new Uint8Array(signature)))
-  );
-}
-async function verifyToken(token, secret) {
-  try {
-    const [data, sig] = token.split(".");
-    if (!data || !sig) {
-      throw new TokenError("\u4EE4\u724C\u683C\u5F0F\u65E0\u6548", "MALFORMED_TOKEN");
-    }
-    const expectedSig = await sign(data, secret);
-    const expected = base64urlEncode(expectedSig);
-    if (sig !== expected) {
-      throw new TokenError("\u4EE4\u724C\u7B7E\u540D\u65E0\u6548", "INVALID_SIGNATURE");
-    }
-    const payload = JSON.parse(base64urlDecode(data));
-    if (payload.exp && Date.now() / 1e3 > payload.exp) {
-      throw new TokenError("\u4EE4\u724C\u5DF2\u8FC7\u671F", "EXPIRED_TOKEN");
-    }
-    return payload;
-  } catch (error) {
-    if (error instanceof TokenError) {
-      throw error;
-    }
-    throw new TokenError("\u4EE4\u724C\u9A8C\u8BC1\u5931\u8D25", "INVALID_TOKEN");
-  }
-}
-
-// src/middleware/auth.ts
-function createAuth(options) {
-  const {
-    secret,
-    cookieName = "auth",
-    headerName = "authorization",
-    required = true,
-    roles = [],
-    permissions = []
-  } = options;
-  return async (req, next) => {
-    const token = getCookie(req, cookieName) || req.headers.get(headerName)?.replace("Bearer ", "") || "";
-    if (!token && required) {
-      throw new VafastError("\u7F3A\u5C11\u8BA4\u8BC1\u4EE4\u724C", {
-        status: 401,
-        type: "unauthorized",
-        expose: true
-      });
-    }
-    if (!token && !required) {
-      return next();
-    }
-    try {
-      const user = await verifyToken(token, secret);
-      if (!user) {
-        throw new VafastError("\u4EE4\u724C\u9A8C\u8BC1\u5931\u8D25", {
-          status: 401,
-          type: "unauthorized",
-          expose: true
-        });
-      }
-      if (roles.length > 0 && user.role && !roles.includes(user.role)) {
-        throw new VafastError("\u6743\u9650\u4E0D\u8DB3", {
-          status: 403,
-          type: "forbidden",
-          expose: true
-        });
-      }
-      if (permissions.length > 0 && user.permissions) {
-        const userPermissions = Array.isArray(user.permissions) ? user.permissions : [user.permissions];
-        const hasPermission = permissions.some(
-          (permission) => userPermissions.includes(permission)
-        );
-        if (!hasPermission) {
-          throw new VafastError("\u6743\u9650\u4E0D\u8DB3", {
-            status: 403,
-            type: "forbidden",
-            expose: true
-          });
-        }
-      }
-      req.user = user;
-      req.token = token;
-      return next();
-    } catch (error) {
-      if (error instanceof TokenError) {
-        let status = 401;
-        let message = "\u8BA4\u8BC1\u5931\u8D25";
-        switch (error.code) {
-          case "EXPIRED_TOKEN":
-            status = 401;
-            message = "\u4EE4\u724C\u5DF2\u8FC7\u671F";
-            break;
-          case "INVALID_SIGNATURE":
-            status = 401;
-            message = "\u4EE4\u724C\u7B7E\u540D\u65E0\u6548";
-            break;
-          case "MALFORMED_TOKEN":
-            status = 400;
-            message = "\u4EE4\u724C\u683C\u5F0F\u9519\u8BEF";
-            break;
-          default:
-            status = 401;
-            message = "\u4EE4\u724C\u9A8C\u8BC1\u5931\u8D25";
-        }
-        throw new VafastError(message, {
-          status,
-          type: "unauthorized",
-          expose: true
-        });
-      }
-      if (error instanceof VafastError) {
-        throw error;
-      }
-      throw new VafastError("\u8BA4\u8BC1\u8FC7\u7A0B\u4E2D\u53D1\u751F\u9519\u8BEF", {
-        status: 500,
-        type: "internal_error",
-        expose: false
-      });
-    }
-  };
-}
-function createOptionalAuth(options) {
-  return createAuth({ ...options, required: false });
-}
-function createRoleAuth(roles, options) {
-  return createAuth({ ...options, roles });
-}
-function createPermissionAuth(permissions, options) {
-  return createAuth({ ...options, permissions });
-}
-export {
-  createAuth,
-  createOptionalAuth,
-  createPermissionAuth,
-  createRoleAuth
-};
-//# sourceMappingURL=auth.js.map

package/dist/middleware/auth.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/middleware.ts","../../src/utils/parsers.ts","../../src/utils/handle.ts","../../src/utils/base64url.ts","../../src/auth/token.ts","../../src/middleware/auth.ts"],"sourcesContent":["// src/middleware.ts\n\nimport { json, mapResponse } from \"./utils/response\";\n\nimport type { Handler, Middleware } from \"./types\";\n/** 中间件类型：使用 next() 传递给下一个处理 */\n\n/** Vafast 自定义错误类型 */\nexport class VafastError extends Error {\n  status: number;\n  type: string;\n  expose: boolean;\n\n  constructor(\n    message: string,\n    options: {\n      status?: number;\n      type?: string;\n      expose?: boolean;\n      cause?: unknown;\n    } = {},\n  ) {\n    super(message);\n    this.name = \"VafastError\";\n    this.status = options.status ?? 500;\n    this.type = options.type ?? \"internal_error\";\n    this.expose = options.expose ?? false;\n    if (options.cause) (this as any).cause = options.cause;\n  }\n}\n\n/**\n * 组合类型: 自动注入错误处理器进行中间件组合\n */\nexport function composeMiddleware(\n  middleware: Middleware[],\n  finalHandler: Handler,\n): (req: Request) => Promise<Response> {\n  const all = [errorHandler, ...middleware];\n\n  return function composedHandler(req: Request): Promise<Response> {\n    let i = -1;\n\n    const dispatch = (index: number): Promise<Response> => {\n      if (index <= i)\n        return Promise.reject(new Error(\"next() called multiple times\"));\n      i = index;\n\n      // 中间件阶段\n      if (index < all.length) {\n        const mw = all[index];\n        return Promise.resolve(mw(req, () => dispatch(index + 1)));\n      }\n\n      // 最终 handler - 使用 mapResponse 转换返回值\n      return Promise.resolve(finalHandler(req)).then(mapResponse);\n    };\n\n    return dispatch(0);\n  };\n}\n\n/** 默认包含的全局错误处理器 */\nconst errorHandler: Middleware = async (req, next) => {\n  try {\n    return await next();\n  } catch (err) {\n    console.error(\"未处理的错误:\", err);\n\n    if (err instanceof VafastError) {\n      return json(\n        {\n          error: err.type,\n          message: err.expose ? err.message : \"发生了一个错误\",\n        },\n        err.status,\n      );\n    }\n\n    return json({ error: \"internal_error\", message: \"出现了一些问题\" }, 500);\n  }\n};\n","// src/parsers.ts\nimport qs from \"qs\";\nimport cookie from \"cookie\";\n\n// 文件信息接口\nexport interface FileInfo {\n  name: string;\n  type: string;\n  size: number;\n  data: ArrayBuffer;\n}\n\n// 表单数据接口\nexport interface FormData {\n  fields: Record<string, string>;\n  files: Record<string, FileInfo>;\n}\n\n/**\n * 简化的请求体解析函数\n * 优先简洁性，处理最常见的场景\n */\nexport async function parseBody(req: Request): Promise<unknown> {\n  const contentType = req.headers.get(\"content-type\") || \"\";\n  if (contentType.includes(\"application/json\")) {\n    return await req.json();\n  }\n  if (contentType.includes(\"application/x-www-form-urlencoded\")) {\n    const text = await req.text();\n    return Object.fromEntries(new URLSearchParams(text));\n  }\n  return await req.text(); // fallback\n}\n\n/**\n * 解析 multipart/form-data 格式\n * 支持文件上传和普通表单字段\n */\nasync function parseMultipartFormData(req: Request): Promise<FormData> {\n  const formData = await req.formData();\n  const result: FormData = {\n    fields: {},\n    files: {},\n  };\n\n  for (const [key, value] of formData.entries()) {\n    if (\n      typeof value === \"object\" &&\n      value !== null &&\n      \"name\" in value &&\n      \"type\" in value &&\n      \"size\" in value\n    ) {\n      // 处理文件\n      const file = value as any;\n      const arrayBuffer = await file.arrayBuffer();\n      result.files[key] = {\n        name: file.name,\n        type: file.type,\n        size: file.size,\n        data: arrayBuffer,\n      };\n    } else {\n      // 处理普通字段\n      result.fields[key] = value as string;\n    }\n  }\n\n  return result;\n}\n\n/**\n * 解析请求体为特定类型\n * 提供类型安全的解析方法\n */\nexport async function parseBodyAs<T>(req: Request): Promise<T> {\n  const body = await parseBody(req);\n  return body as T;\n}\n\n/**\n * 解析请求体为表单数据\n * 专门用于处理 multipart/form-data\n */\nexport async function parseFormData(req: Request): Promise<FormData> {\n  const contentType = req.headers.get(\"content-type\") || \"\";\n\n  if (!contentType.includes(\"multipart/form-data\")) {\n    throw new Error(\"请求不是 multipart/form-data 格式\");\n  }\n\n  return await parseMultipartFormData(req);\n}\n\n/**\n * 解析请求体为文件\n * 专门用于处理文件上传\n */\nexport async function parseFile(req: Request): Promise<FileInfo> {\n  const contentType = req.headers.get(\"content-type\") || \"\";\n\n  if (!contentType.includes(\"multipart/form-data\")) {\n    throw new Error(\"请求不是 multipart/form-data 格式\");\n  }\n\n  const formData = await parseMultipartFormData(req);\n  const fileKeys = Object.keys(formData.files);\n\n  if (fileKeys.length === 0) {\n    throw new Error(\"请求中没有文件\");\n  }\n\n  if (fileKeys.length > 1) {\n    throw new Error(\"请求中包含多个文件，请使用 parseFormData\");\n  }\n\n  return formData.files[fileKeys[0]];\n}\n\n/**\n * 快速提取 query string（避免创建 URL 对象）\n */\nfunction extractQueryString(url: string): string {\n  const qIndex = url.indexOf(\"?\");\n  if (qIndex === -1) return \"\";\n\n  const hashIndex = url.indexOf(\"#\", qIndex);\n  return hashIndex === -1\n    ? url.substring(qIndex + 1)\n    : url.substring(qIndex + 1, hashIndex);\n}\n\n/** 获取查询字符串，直接返回对象 */\nexport function parseQuery(req: Request): Record<string, unknown> {\n  const queryString = extractQueryString(req.url);\n  if (!queryString) return {};\n  return qs.parse(queryString);\n}\n\n/**\n * 快速解析简单查询字符串（不支持嵌套，但更快）\n * 适用于简单的 key=value&key2=value2 场景\n */\nexport function parseQueryFast(req: Request): Record<string, string> {\n  const queryString = extractQueryString(req.url);\n  if (!queryString) return {};\n\n  const result: Record<string, string> = Object.create(null);\n  const pairs = queryString.split(\"&\");\n\n  for (const pair of pairs) {\n    const eqIndex = pair.indexOf(\"=\");\n    if (eqIndex === -1) {\n      result[decodeURIComponent(pair)] = \"\";\n    } else {\n      const key = decodeURIComponent(pair.substring(0, eqIndex));\n      const value = decodeURIComponent(pair.substring(eqIndex + 1));\n      result[key] = value;\n    }\n  }\n\n  return result;\n}\n\n/** 解析请求头，返回对象 */\nexport function parseHeaders(req: Request): Record<string, string> {\n  const headers: Record<string, string> = Object.create(null);\n  req.headers.forEach((value, key) => {\n    headers[key] = value;\n  });\n  return headers;\n}\n\n/**\n * 获取单个请求头（避免解析全部）\n */\nexport function getHeader(req: Request, name: string): string | null {\n  return req.headers.get(name);\n}\n\n/** 使用cookie库解析Cookie，保证可靠性 */\nexport function parseCookies(req: Request): Record<string, string> {\n  const cookieHeader = req.headers.get(\"cookie\");\n  if (!cookieHeader) return {};\n\n  try {\n    const parsed = cookie.parse(cookieHeader);\n    // 过滤掉undefined和null值\n    const result: Record<string, string> = {};\n    for (const [key, value] of Object.entries(parsed)) {\n      if (value !== undefined && value !== null) {\n        result[key] = value;\n      }\n    }\n    return result;\n  } catch {\n    return {};\n  }\n}\n\n/**\n * 快速解析 Cookie（简化版，不使用外部库）\n * 适用于简单的 cookie 场景\n */\nexport function parseCookiesFast(req: Request): Record<string, string> {\n  const cookieHeader = req.headers.get(\"cookie\");\n  if (!cookieHeader) return {};\n\n  const result: Record<string, string> = Object.create(null);\n  const pairs = cookieHeader.split(\";\");\n\n  for (const pair of pairs) {\n    const trimmed = pair.trim();\n    const eqIndex = trimmed.indexOf(\"=\");\n    if (eqIndex > 0) {\n      const key = trimmed.substring(0, eqIndex).trim();\n      const value = trimmed.substring(eqIndex + 1).trim();\n      // 移除引号\n      result[key] =\n        value.startsWith('\"') && value.endsWith('\"')\n          ? value.slice(1, -1)\n          : value;\n    }\n  }\n\n  return result;\n}\n\n/**\n * 获取单个 Cookie 值（避免解析全部）\n */\nexport function getCookie(req: Request, name: string): string | null {\n  const cookieHeader = req.headers.get(\"cookie\");\n  if (!cookieHeader) return null;\n\n  const prefix = `${name}=`;\n  const pairs = cookieHeader.split(\";\");\n\n  for (const pair of pairs) {\n    const trimmed = pair.trim();\n    if (trimmed.startsWith(prefix)) {\n      const value = trimmed.substring(prefix.length).trim();\n      return value.startsWith('\"') && value.endsWith('\"')\n        ? value.slice(1, -1)\n        : value;\n    }\n  }\n\n  return null;\n}\n","import { parseCookies } from \"./parsers\";\n\n/** 获取单个 Cookie 值 */\nexport function getCookie(req: Request, key: string): string | null {\n  const cookies = parseCookies(req);\n  return cookies[key] || null;\n}\n\n/** 生成 Set-Cookie 头 */\nexport function setCookie(\n  key: string,\n  value: string,\n  options: {\n    path?: string;\n    httpOnly?: boolean;\n    maxAge?: number;\n    secure?: boolean;\n  } = {},\n): string {\n  let cookie = `${key}=${encodeURIComponent(value)}`;\n\n  if (options.path) cookie += `; Path=${options.path}`;\n  if (options.httpOnly) cookie += `; HttpOnly`;\n  if (options.secure) cookie += `; Secure`;\n  if (options.maxAge) cookie += `; Max-Age=${options.maxAge}`;\n\n  return cookie;\n}\n\n// 提供给中间件写入\"局部上下文\"的工具函数\nexport function setLocals<T extends object>(req: Request, extras: T) {\n  const target = req as unknown as Record<string, unknown>;\n  target.__locals = { ...((target.__locals as object) ?? {}), ...extras };\n}\n\n// 获取中间件注入的局部上下文\nexport function getLocals<T extends object>(req: Request): T {\n  const target = req as unknown as Record<string, unknown>;\n  return (target.__locals ?? {}) as T;\n}\n","export function base64urlEncode(str: string): string {\n  return btoa(str)\n    .replace(/=/g, \"\") // ✅ 删除填充\n    .replace(/\\+/g, \"-\")\n    .replace(/\\//g, \"_\");\n}\n\nexport function base64urlDecode(str: string): string {\n  const pad = str.length % 4 === 0 ? \"\" : \"=\".repeat(4 - (str.length % 4));\n  const base64 = str.replace(/-/g, \"+\").replace(/_/g, \"/\") + pad;\n  return atob(base64);\n}\n","// src/auth/token.ts\nimport { base64urlEncode, base64urlDecode } from \"../utils/base64url\";\n\n// 类型定义\nexport interface TokenPayload {\n  [key: string]: any;\n  exp?: number; // 过期时间戳\n  iat?: number; // 签发时间戳\n  sub?: string; // 主题（通常是用户ID）\n  aud?: string; // 受众\n  iss?: string; // 签发者\n}\n\nexport interface TokenResult {\n  payload: TokenPayload;\n  token: string;\n  expiresAt: number;\n}\n\nexport interface TokenOptions {\n  expiresIn?: number; // 过期时间（秒）\n  issuer?: string; // 签发者\n  audience?: string; // 受众\n  subject?: string; // 主题\n}\n\nexport class TokenError extends Error {\n  constructor(\n    message: string,\n    public code:\n      | \"INVALID_TOKEN\"\n      | \"EXPIRED_TOKEN\"\n      | \"INVALID_SIGNATURE\"\n      | \"MALFORMED_TOKEN\"\n      | \"INVALID_PAYLOAD\",\n  ) {\n    super(message);\n    this.name = \"TokenError\";\n  }\n}\n\nconst encoder = new TextEncoder();\n\n/** 使用 HMAC-SHA256 进行签名 */\nasync function sign(data: string, secret: string): Promise<string> {\n  const key = await crypto.subtle.importKey(\n    \"raw\",\n    encoder.encode(secret),\n    { name: \"HMAC\", hash: \"SHA-256\" },\n    false,\n    [\"sign\"],\n  );\n\n  const signature = await crypto.subtle.sign(\"HMAC\", key, encoder.encode(data));\n  return btoa(\n    String.fromCharCode.apply(null, Array.from(new Uint8Array(signature))),\n  );\n}\n\n/** 生成令牌 */\nexport async function generateToken(\n  payload: TokenPayload,\n  secret: string,\n  options: TokenOptions = {},\n): Promise<TokenResult> {\n  const { expiresIn = 3600, issuer, audience, subject } = options;\n\n  // 创建令牌载荷，强制使用当前时间\n  const now = Math.floor(Date.now() / 1000);\n  const tokenPayload: TokenPayload = {\n    ...payload,\n    iat: now,\n    exp: now + expiresIn,\n  };\n\n  // 添加可选字段\n  if (issuer) tokenPayload.iss = issuer;\n  if (audience) tokenPayload.aud = audience;\n  if (subject) tokenPayload.sub = subject;\n\n  const data = base64urlEncode(JSON.stringify(tokenPayload));\n  const sig = await sign(data, secret);\n  const token = `${data}.${base64urlEncode(sig)}`;\n\n  return {\n    payload: tokenPayload,\n    token,\n    expiresAt: tokenPayload.exp! * 1000, // 转换为毫秒\n  };\n}\n\n/** 验证令牌 */\nexport async function verifyToken(\n  token: string,\n  secret: string,\n): Promise<TokenPayload | null> {\n  try {\n    const [data, sig] = token.split(\".\");\n    if (!data || !sig) {\n      throw new TokenError(\"令牌格式无效\", \"MALFORMED_TOKEN\");\n    }\n\n    const expectedSig = await sign(data, secret);\n    const expected = base64urlEncode(expectedSig);\n\n    if (sig !== expected) {\n      throw new TokenError(\"令牌签名无效\", \"INVALID_SIGNATURE\");\n    }\n\n    const payload = JSON.parse(base64urlDecode(data)) as TokenPayload;\n\n    // 检查过期时间\n    if (payload.exp && Date.now() / 1000 > payload.exp) {\n      throw new TokenError(\"令牌已过期\", \"EXPIRED_TOKEN\");\n    }\n\n    return payload;\n  } catch (error) {\n    if (error instanceof TokenError) {\n      throw error;\n    }\n    throw new TokenError(\"令牌验证失败\", \"INVALID_TOKEN\");\n  }\n}\n\n/** 解析令牌（不验证签名） */\nexport function parseToken(token: string): TokenPayload | null {\n  try {\n    const [data] = token.split(\".\");\n    if (!data) return null;\n\n    return JSON.parse(base64urlDecode(data));\n  } catch {\n    return null;\n  }\n}\n\n/** 检查令牌是否过期 */\nexport function isTokenExpired(token: string): boolean {\n  const payload = parseToken(token);\n  if (!payload || !payload.exp) return true;\n\n  return Date.now() / 1000 > payload.exp;\n}\n\n/** 获取令牌剩余有效时间（秒） */\nexport function getTokenTimeRemaining(token: string): number {\n  const payload = parseToken(token);\n  if (!payload || !payload.exp) return 0;\n\n  const remaining = payload.exp - Date.now() / 1000;\n  return Math.max(0, Math.floor(remaining));\n}\n\n/** 刷新令牌 */\nexport async function refreshToken(\n  token: string,\n  secret: string,\n  options: TokenOptions = {},\n): Promise<TokenResult | null> {\n  try {\n    const payload = await verifyToken(token, secret);\n    if (!payload) return null;\n\n    // 移除时间相关字段，重新生成\n    const { exp, iat, ...cleanPayload } = payload;\n\n    // 添加延迟确保时间戳不同\n    await new Promise((resolve) => setTimeout(resolve, 10));\n\n    return await generateToken(cleanPayload, secret, options);\n  } catch {\n    return null;\n  }\n}\n\n/** 创建访问令牌和刷新令牌对 */\nexport async function createTokenPair(\n  payload: TokenPayload,\n  secret: string,\n  options: TokenOptions = {},\n): Promise<{\n  accessToken: TokenResult;\n  refreshToken: TokenResult;\n}> {\n  const accessToken = await generateToken(payload, secret, {\n    ...options,\n    expiresIn: options.expiresIn || 3600, // 1小时\n  });\n\n  const refreshToken = await generateToken(payload, secret, {\n    ...options,\n    expiresIn: 7 * 24 * 3600, // 7天\n  });\n\n  return { accessToken, refreshToken };\n}\n","// src/middleware/auth.ts\n\nimport type { Middleware } from \"../types\";\nimport { VafastError } from \"../middleware\";\nimport { getCookie } from \"../utils/handle\";\nimport { verifyToken, TokenError, type TokenPayload } from \"../auth/token\";\n\ninterface AuthOptions {\n  secret: string;\n  cookieName?: string;\n  headerName?: string;\n  required?: boolean; // 是否必需认证\n  roles?: string[]; // 允许的角色\n  permissions?: string[]; // 允许的权限\n}\n\nexport function createAuth(options: AuthOptions): Middleware {\n  const {\n    secret,\n    cookieName = \"auth\",\n    headerName = \"authorization\",\n    required = true,\n    roles = [],\n    permissions = [],\n  } = options;\n\n  return async (req, next) => {\n    const token =\n      getCookie(req, cookieName) ||\n      req.headers.get(headerName)?.replace(\"Bearer \", \"\") ||\n      \"\";\n\n    if (!token && required) {\n      throw new VafastError(\"缺少认证令牌\", {\n        status: 401,\n        type: \"unauthorized\",\n        expose: true,\n      });\n    }\n\n    if (!token && !required) {\n      return next();\n    }\n\n    try {\n      const user = (await verifyToken(token, secret)) as TokenPayload;\n\n      if (!user) {\n        throw new VafastError(\"令牌验证失败\", {\n          status: 401,\n          type: \"unauthorized\",\n          expose: true,\n        });\n      }\n\n      // 检查角色权限\n      if (roles.length > 0 && user.role && !roles.includes(user.role)) {\n        throw new VafastError(\"权限不足\", {\n          status: 403,\n          type: \"forbidden\",\n          expose: true,\n        });\n      }\n\n      // 检查具体权限\n      if (permissions.length > 0 && user.permissions) {\n        const userPermissions = Array.isArray(user.permissions)\n          ? user.permissions\n          : [user.permissions];\n\n        const hasPermission = permissions.some((permission) =>\n          userPermissions.includes(permission),\n        );\n\n        if (!hasPermission) {\n          throw new VafastError(\"权限不足\", {\n            status: 403,\n            type: \"forbidden\",\n            expose: true,\n          });\n        }\n      }\n\n      // 🪄 在这里扩展 Request 对象\n      (req as any).user = user;\n      (req as any).token = token;\n\n      return next();\n    } catch (error) {\n      if (error instanceof TokenError) {\n        let status = 401;\n        let message = \"认证失败\";\n\n        switch (error.code) {\n          case \"EXPIRED_TOKEN\":\n            status = 401;\n            message = \"令牌已过期\";\n            break;\n          case \"INVALID_SIGNATURE\":\n            status = 401;\n            message = \"令牌签名无效\";\n            break;\n          case \"MALFORMED_TOKEN\":\n            status = 400;\n            message = \"令牌格式错误\";\n            break;\n          default:\n            status = 401;\n            message = \"令牌验证失败\";\n        }\n\n        throw new VafastError(message, {\n          status,\n          type: \"unauthorized\",\n          expose: true,\n        });\n      }\n\n      if (error instanceof VafastError) {\n        throw error;\n      }\n\n      throw new VafastError(\"认证过程中发生错误\", {\n        status: 500,\n        type: \"internal_error\",\n        expose: false,\n      });\n    }\n  };\n}\n\n// 可选认证中间件\nexport function createOptionalAuth(\n  options: Omit<AuthOptions, \"required\">,\n): Middleware {\n  return createAuth({ ...options, required: false });\n}\n\n// 角色验证中间件\nexport function createRoleAuth(\n  roles: string[],\n  options: Omit<AuthOptions, \"roles\">,\n): Middleware {\n  return createAuth({ ...options, roles });\n}\n\n// 权限验证中间件\nexport function createPermissionAuth(\n  permissions: string[],\n  options: Omit<AuthOptions, \"permissions\">,\n): Middleware {\n  return createAuth({ ...options, permissions });\n}\n"],"mappings":";AAQO,IAAM,cAAN,cAA0B,MAAM;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EAEA,YACE,SACA,UAKI,CAAC,GACL;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS,QAAQ,UAAU;AAChC,SAAK,OAAO,QAAQ,QAAQ;AAC5B,SAAK,SAAS,QAAQ,UAAU;AAChC,QAAI,QAAQ,MAAO,CAAC,KAAa,QAAQ,QAAQ;AAAA,EACnD;AACF;;;AC5BA,OAAO,QAAQ;AACf,OAAO,YAAY;AAmLZ,SAAS,aAAa,KAAsC;AACjE,QAAM,eAAe,IAAI,QAAQ,IAAI,QAAQ;AAC7C,MAAI,CAAC,aAAc,QAAO,CAAC;AAE3B,MAAI;AACF,UAAM,SAAS,OAAO,MAAM,YAAY;AAExC,UAAM,SAAiC,CAAC;AACxC,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,MAAM,GAAG;AACjD,UAAI,UAAU,UAAa,UAAU,MAAM;AACzC,eAAO,GAAG,IAAI;AAAA,MAChB;AAAA,IACF;AACA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;;;ACnMO,SAAS,UAAU,KAAc,KAA4B;AAClE,QAAM,UAAU,aAAa,GAAG;AAChC,SAAO,QAAQ,GAAG,KAAK;AACzB;;;ACNO,SAAS,gBAAgB,KAAqB;AACnD,SAAO,KAAK,GAAG,EACZ,QAAQ,MAAM,EAAE,EAChB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG;AACvB;AAEO,SAAS,gBAAgB,KAAqB;AACnD,QAAM,MAAM,IAAI,SAAS,MAAM,IAAI,KAAK,IAAI,OAAO,IAAK,IAAI,SAAS,CAAE;AACvE,QAAM,SAAS,IAAI,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG,IAAI;AAC3D,SAAO,KAAK,MAAM;AACpB;;;ACeO,IAAM,aAAN,cAAyB,MAAM;AAAA,EACpC,YACE,SACO,MAMP;AACA,UAAM,OAAO;AAPN;AAQP,SAAK,OAAO;AAAA,EACd;AACF;AAEA,IAAM,UAAU,IAAI,YAAY;AAGhC,eAAe,KAAK,MAAc,QAAiC;AACjE,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC9B;AAAA,IACA,QAAQ,OAAO,MAAM;AAAA,IACrB,EAAE,MAAM,QAAQ,MAAM,UAAU;AAAA,IAChC;AAAA,IACA,CAAC,MAAM;AAAA,EACT;AAEA,QAAM,YAAY,MAAM,OAAO,OAAO,KAAK,QAAQ,KAAK,QAAQ,OAAO,IAAI,CAAC;AAC5E,SAAO;AAAA,IACL,OAAO,aAAa,MAAM,MAAM,MAAM,KAAK,IAAI,WAAW,SAAS,CAAC,CAAC;AAAA,EACvE;AACF;AAmCA,eAAsB,YACpB,OACA,QAC8B;AAC9B,MAAI;AACF,UAAM,CAAC,MAAM,GAAG,IAAI,MAAM,MAAM,GAAG;AACnC,QAAI,CAAC,QAAQ,CAAC,KAAK;AACjB,YAAM,IAAI,WAAW,wCAAU,iBAAiB;AAAA,IAClD;AAEA,UAAM,cAAc,MAAM,KAAK,MAAM,MAAM;AAC3C,UAAM,WAAW,gBAAgB,WAAW;AAE5C,QAAI,QAAQ,UAAU;AACpB,YAAM,IAAI,WAAW,wCAAU,mBAAmB;AAAA,IACpD;AAEA,UAAM,UAAU,KAAK,MAAM,gBAAgB,IAAI,CAAC;AAGhD,QAAI,QAAQ,OAAO,KAAK,IAAI,IAAI,MAAO,QAAQ,KAAK;AAClD,YAAM,IAAI,WAAW,kCAAS,eAAe;AAAA,IAC/C;AAEA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,QAAI,iBAAiB,YAAY;AAC/B,YAAM;AAAA,IACR;AACA,UAAM,IAAI,WAAW,wCAAU,eAAe;AAAA,EAChD;AACF;;;AC3GO,SAAS,WAAW,SAAkC;AAC3D,QAAM;AAAA,IACJ;AAAA,IACA,aAAa;AAAA,IACb,aAAa;AAAA,IACb,WAAW;AAAA,IACX,QAAQ,CAAC;AAAA,IACT,cAAc,CAAC;AAAA,EACjB,IAAI;AAEJ,SAAO,OAAO,KAAK,SAAS;AAC1B,UAAM,QACJ,UAAU,KAAK,UAAU,KACzB,IAAI,QAAQ,IAAI,UAAU,GAAG,QAAQ,WAAW,EAAE,KAClD;AAEF,QAAI,CAAC,SAAS,UAAU;AACtB,YAAM,IAAI,YAAY,wCAAU;AAAA,QAC9B,QAAQ;AAAA,QACR,MAAM;AAAA,QACN,QAAQ;AAAA,MACV,CAAC;AAAA,IACH;AAEA,QAAI,CAAC,SAAS,CAAC,UAAU;AACvB,aAAO,KAAK;AAAA,IACd;AAEA,QAAI;AACF,YAAM,OAAQ,MAAM,YAAY,OAAO,MAAM;AAE7C,UAAI,CAAC,MAAM;AACT,cAAM,IAAI,YAAY,wCAAU;AAAA,UAC9B,QAAQ;AAAA,UACR,MAAM;AAAA,UACN,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAGA,UAAI,MAAM,SAAS,KAAK,KAAK,QAAQ,CAAC,MAAM,SAAS,KAAK,IAAI,GAAG;AAC/D,cAAM,IAAI,YAAY,4BAAQ;AAAA,UAC5B,QAAQ;AAAA,UACR,MAAM;AAAA,UACN,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAGA,UAAI,YAAY,SAAS,KAAK,KAAK,aAAa;AAC9C,cAAM,kBAAkB,MAAM,QAAQ,KAAK,WAAW,IAClD,KAAK,cACL,CAAC,KAAK,WAAW;AAErB,cAAM,gBAAgB,YAAY;AAAA,UAAK,CAAC,eACtC,gBAAgB,SAAS,UAAU;AAAA,QACrC;AAEA,YAAI,CAAC,eAAe;AAClB,gBAAM,IAAI,YAAY,4BAAQ;AAAA,YAC5B,QAAQ;AAAA,YACR,MAAM;AAAA,YACN,QAAQ;AAAA,UACV,CAAC;AAAA,QACH;AAAA,MACF;AAGA,MAAC,IAAY,OAAO;AACpB,MAAC,IAAY,QAAQ;AAErB,aAAO,KAAK;AAAA,IACd,SAAS,OAAO;AACd,UAAI,iBAAiB,YAAY;AAC/B,YAAI,SAAS;AACb,YAAI,UAAU;AAEd,gBAAQ,MAAM,MAAM;AAAA,UAClB,KAAK;AACH,qBAAS;AACT,sBAAU;AACV;AAAA,UACF,KAAK;AACH,qBAAS;AACT,sBAAU;AACV;AAAA,UACF,KAAK;AACH,qBAAS;AACT,sBAAU;AACV;AAAA,UACF;AACE,qBAAS;AACT,sBAAU;AAAA,QACd;AAEA,cAAM,IAAI,YAAY,SAAS;AAAA,UAC7B;AAAA,UACA,MAAM;AAAA,UACN,QAAQ;AAAA,QACV,CAAC;AAAA,MACH;AAEA,UAAI,iBAAiB,aAAa;AAChC,cAAM;AAAA,MACR;AAEA,YAAM,IAAI,YAAY,0DAAa;AAAA,QACjC,QAAQ;AAAA,QACR,MAAM;AAAA,QACN,QAAQ;AAAA,MACV,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAGO,SAAS,mBACd,SACY;AACZ,SAAO,WAAW,EAAE,GAAG,SAAS,UAAU,MAAM,CAAC;AACnD;AAGO,SAAS,eACd,OACA,SACY;AACZ,SAAO,WAAW,EAAE,GAAG,SAAS,MAAM,CAAC;AACzC;AAGO,SAAS,qBACd,aACA,SACY;AACZ,SAAO,WAAW,EAAE,GAAG,SAAS,YAAY,CAAC;AAC/C;","names":[]}

package/dist/middleware/authMiddleware.d.ts

@@ -1,5 +0,0 @@
-import { Middleware } from '../types/types.js';
-
-declare const requireAuth: Middleware;
-
-export { requireAuth };

package/dist/middleware/authMiddleware.js

@@ -1,57 +0,0 @@
-// src/middleware.ts
-var VafastError = class extends Error {
-  status;
-  type;
-  expose;
-  constructor(message, options = {}) {
-    super(message);
-    this.name = "VafastError";
-    this.status = options.status ?? 500;
-    this.type = options.type ?? "internal_error";
-    this.expose = options.expose ?? false;
-    if (options.cause) this.cause = options.cause;
-  }
-};
-
-// src/utils/parsers.ts
-import qs from "qs";
-import cookie from "cookie";
-function parseCookies(req) {
-  const cookieHeader = req.headers.get("cookie");
-  if (!cookieHeader) return {};
-  try {
-    const parsed = cookie.parse(cookieHeader);
-    const result = {};
-    for (const [key, value] of Object.entries(parsed)) {
-      if (value !== void 0 && value !== null) {
-        result[key] = value;
-      }
-    }
-    return result;
-  } catch {
-    return {};
-  }
-}
-
-// src/utils/handle.ts
-function getCookie(req, key) {
-  const cookies = parseCookies(req);
-  return cookies[key] || null;
-}
-
-// src/middleware/authMiddleware.ts
-var requireAuth = async (req, next) => {
-  const token = getCookie(req, "auth");
-  if (!token || token !== "valid-token") {
-    throw new VafastError("Unauthorized", {
-      status: 401,
-      type: "unauthorized",
-      expose: true
-    });
-  }
-  return next();
-};
-export {
-  requireAuth
-};
-//# sourceMappingURL=authMiddleware.js.map

package/dist/middleware/authMiddleware.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/middleware.ts","../../src/utils/parsers.ts","../../src/utils/handle.ts","../../src/middleware/authMiddleware.ts"],"sourcesContent":["// src/middleware.ts\n\nimport { json, mapResponse } from \"./utils/response\";\n\nimport type { Handler, Middleware } from \"./types\";\n/** 中间件类型：使用 next() 传递给下一个处理 */\n\n/** Vafast 自定义错误类型 */\nexport class VafastError extends Error {\n  status: number;\n  type: string;\n  expose: boolean;\n\n  constructor(\n    message: string,\n    options: {\n      status?: number;\n      type?: string;\n      expose?: boolean;\n      cause?: unknown;\n    } = {},\n  ) {\n    super(message);\n    this.name = \"VafastError\";\n    this.status = options.status ?? 500;\n    this.type = options.type ?? \"internal_error\";\n    this.expose = options.expose ?? false;\n    if (options.cause) (this as any).cause = options.cause;\n  }\n}\n\n/**\n * 组合类型: 自动注入错误处理器进行中间件组合\n */\nexport function composeMiddleware(\n  middleware: Middleware[],\n  finalHandler: Handler,\n): (req: Request) => Promise<Response> {\n  const all = [errorHandler, ...middleware];\n\n  return function composedHandler(req: Request): Promise<Response> {\n    let i = -1;\n\n    const dispatch = (index: number): Promise<Response> => {\n      if (index <= i)\n        return Promise.reject(new Error(\"next() called multiple times\"));\n      i = index;\n\n      // 中间件阶段\n      if (index < all.length) {\n        const mw = all[index];\n        return Promise.resolve(mw(req, () => dispatch(index + 1)));\n      }\n\n      // 最终 handler - 使用 mapResponse 转换返回值\n      return Promise.resolve(finalHandler(req)).then(mapResponse);\n    };\n\n    return dispatch(0);\n  };\n}\n\n/** 默认包含的全局错误处理器 */\nconst errorHandler: Middleware = async (req, next) => {\n  try {\n    return await next();\n  } catch (err) {\n    console.error(\"未处理的错误:\", err);\n\n    if (err instanceof VafastError) {\n      return json(\n        {\n          error: err.type,\n          message: err.expose ? err.message : \"发生了一个错误\",\n        },\n        err.status,\n      );\n    }\n\n    return json({ error: \"internal_error\", message: \"出现了一些问题\" }, 500);\n  }\n};\n","// src/parsers.ts\nimport qs from \"qs\";\nimport cookie from \"cookie\";\n\n// 文件信息接口\nexport interface FileInfo {\n  name: string;\n  type: string;\n  size: number;\n  data: ArrayBuffer;\n}\n\n// 表单数据接口\nexport interface FormData {\n  fields: Record<string, string>;\n  files: Record<string, FileInfo>;\n}\n\n/**\n * 简化的请求体解析函数\n * 优先简洁性，处理最常见的场景\n */\nexport async function parseBody(req: Request): Promise<unknown> {\n  const contentType = req.headers.get(\"content-type\") || \"\";\n  if (contentType.includes(\"application/json\")) {\n    return await req.json();\n  }\n  if (contentType.includes(\"application/x-www-form-urlencoded\")) {\n    const text = await req.text();\n    return Object.fromEntries(new URLSearchParams(text));\n  }\n  return await req.text(); // fallback\n}\n\n/**\n * 解析 multipart/form-data 格式\n * 支持文件上传和普通表单字段\n */\nasync function parseMultipartFormData(req: Request): Promise<FormData> {\n  const formData = await req.formData();\n  const result: FormData = {\n    fields: {},\n    files: {},\n  };\n\n  for (const [key, value] of formData.entries()) {\n    if (\n      typeof value === \"object\" &&\n      value !== null &&\n      \"name\" in value &&\n      \"type\" in value &&\n      \"size\" in value\n    ) {\n      // 处理文件\n      const file = value as any;\n      const arrayBuffer = await file.arrayBuffer();\n      result.files[key] = {\n        name: file.name,\n        type: file.type,\n        size: file.size,\n        data: arrayBuffer,\n      };\n    } else {\n      // 处理普通字段\n      result.fields[key] = value as string;\n    }\n  }\n\n  return result;\n}\n\n/**\n * 解析请求体为特定类型\n * 提供类型安全的解析方法\n */\nexport async function parseBodyAs<T>(req: Request): Promise<T> {\n  const body = await parseBody(req);\n  return body as T;\n}\n\n/**\n * 解析请求体为表单数据\n * 专门用于处理 multipart/form-data\n */\nexport async function parseFormData(req: Request): Promise<FormData> {\n  const contentType = req.headers.get(\"content-type\") || \"\";\n\n  if (!contentType.includes(\"multipart/form-data\")) {\n    throw new Error(\"请求不是 multipart/form-data 格式\");\n  }\n\n  return await parseMultipartFormData(req);\n}\n\n/**\n * 解析请求体为文件\n * 专门用于处理文件上传\n */\nexport async function parseFile(req: Request): Promise<FileInfo> {\n  const contentType = req.headers.get(\"content-type\") || \"\";\n\n  if (!contentType.includes(\"multipart/form-data\")) {\n    throw new Error(\"请求不是 multipart/form-data 格式\");\n  }\n\n  const formData = await parseMultipartFormData(req);\n  const fileKeys = Object.keys(formData.files);\n\n  if (fileKeys.length === 0) {\n    throw new Error(\"请求中没有文件\");\n  }\n\n  if (fileKeys.length > 1) {\n    throw new Error(\"请求中包含多个文件，请使用 parseFormData\");\n  }\n\n  return formData.files[fileKeys[0]];\n}\n\n/**\n * 快速提取 query string（避免创建 URL 对象）\n */\nfunction extractQueryString(url: string): string {\n  const qIndex = url.indexOf(\"?\");\n  if (qIndex === -1) return \"\";\n\n  const hashIndex = url.indexOf(\"#\", qIndex);\n  return hashIndex === -1\n    ? url.substring(qIndex + 1)\n    : url.substring(qIndex + 1, hashIndex);\n}\n\n/** 获取查询字符串，直接返回对象 */\nexport function parseQuery(req: Request): Record<string, unknown> {\n  const queryString = extractQueryString(req.url);\n  if (!queryString) return {};\n  return qs.parse(queryString);\n}\n\n/**\n * 快速解析简单查询字符串（不支持嵌套，但更快）\n * 适用于简单的 key=value&key2=value2 场景\n */\nexport function parseQueryFast(req: Request): Record<string, string> {\n  const queryString = extractQueryString(req.url);\n  if (!queryString) return {};\n\n  const result: Record<string, string> = Object.create(null);\n  const pairs = queryString.split(\"&\");\n\n  for (const pair of pairs) {\n    const eqIndex = pair.indexOf(\"=\");\n    if (eqIndex === -1) {\n      result[decodeURIComponent(pair)] = \"\";\n    } else {\n      const key = decodeURIComponent(pair.substring(0, eqIndex));\n      const value = decodeURIComponent(pair.substring(eqIndex + 1));\n      result[key] = value;\n    }\n  }\n\n  return result;\n}\n\n/** 解析请求头，返回对象 */\nexport function parseHeaders(req: Request): Record<string, string> {\n  const headers: Record<string, string> = Object.create(null);\n  req.headers.forEach((value, key) => {\n    headers[key] = value;\n  });\n  return headers;\n}\n\n/**\n * 获取单个请求头（避免解析全部）\n */\nexport function getHeader(req: Request, name: string): string | null {\n  return req.headers.get(name);\n}\n\n/** 使用cookie库解析Cookie，保证可靠性 */\nexport function parseCookies(req: Request): Record<string, string> {\n  const cookieHeader = req.headers.get(\"cookie\");\n  if (!cookieHeader) return {};\n\n  try {\n    const parsed = cookie.parse(cookieHeader);\n    // 过滤掉undefined和null值\n    const result: Record<string, string> = {};\n    for (const [key, value] of Object.entries(parsed)) {\n      if (value !== undefined && value !== null) {\n        result[key] = value;\n      }\n    }\n    return result;\n  } catch {\n    return {};\n  }\n}\n\n/**\n * 快速解析 Cookie（简化版，不使用外部库）\n * 适用于简单的 cookie 场景\n */\nexport function parseCookiesFast(req: Request): Record<string, string> {\n  const cookieHeader = req.headers.get(\"cookie\");\n  if (!cookieHeader) return {};\n\n  const result: Record<string, string> = Object.create(null);\n  const pairs = cookieHeader.split(\";\");\n\n  for (const pair of pairs) {\n    const trimmed = pair.trim();\n    const eqIndex = trimmed.indexOf(\"=\");\n    if (eqIndex > 0) {\n      const key = trimmed.substring(0, eqIndex).trim();\n      const value = trimmed.substring(eqIndex + 1).trim();\n      // 移除引号\n      result[key] =\n        value.startsWith('\"') && value.endsWith('\"')\n          ? value.slice(1, -1)\n          : value;\n    }\n  }\n\n  return result;\n}\n\n/**\n * 获取单个 Cookie 值（避免解析全部）\n */\nexport function getCookie(req: Request, name: string): string | null {\n  const cookieHeader = req.headers.get(\"cookie\");\n  if (!cookieHeader) return null;\n\n  const prefix = `${name}=`;\n  const pairs = cookieHeader.split(\";\");\n\n  for (const pair of pairs) {\n    const trimmed = pair.trim();\n    if (trimmed.startsWith(prefix)) {\n      const value = trimmed.substring(prefix.length).trim();\n      return value.startsWith('\"') && value.endsWith('\"')\n        ? value.slice(1, -1)\n        : value;\n    }\n  }\n\n  return null;\n}\n","import { parseCookies } from \"./parsers\";\n\n/** 获取单个 Cookie 值 */\nexport function getCookie(req: Request, key: string): string | null {\n  const cookies = parseCookies(req);\n  return cookies[key] || null;\n}\n\n/** 生成 Set-Cookie 头 */\nexport function setCookie(\n  key: string,\n  value: string,\n  options: {\n    path?: string;\n    httpOnly?: boolean;\n    maxAge?: number;\n    secure?: boolean;\n  } = {},\n): string {\n  let cookie = `${key}=${encodeURIComponent(value)}`;\n\n  if (options.path) cookie += `; Path=${options.path}`;\n  if (options.httpOnly) cookie += `; HttpOnly`;\n  if (options.secure) cookie += `; Secure`;\n  if (options.maxAge) cookie += `; Max-Age=${options.maxAge}`;\n\n  return cookie;\n}\n\n// 提供给中间件写入\"局部上下文\"的工具函数\nexport function setLocals<T extends object>(req: Request, extras: T) {\n  const target = req as unknown as Record<string, unknown>;\n  target.__locals = { ...((target.__locals as object) ?? {}), ...extras };\n}\n\n// 获取中间件注入的局部上下文\nexport function getLocals<T extends object>(req: Request): T {\n  const target = req as unknown as Record<string, unknown>;\n  return (target.__locals ?? {}) as T;\n}\n","// src/middleware/authMiddleware.ts\nimport type { Middleware } from \"../types\";\nimport { VafastError } from \"../middleware\";\nimport { getCookie } from \"../utils/handle\";\n\nexport const requireAuth: Middleware = async (req, next) => {\n  const token = getCookie(req, \"auth\");\n\n  if (!token || token !== \"valid-token\") {\n    throw new VafastError(\"Unauthorized\", {\n      status: 401,\n      type: \"unauthorized\",\n      expose: true,\n    });\n  }\n\n  return next();\n};\n"],"mappings":";AAQO,IAAM,cAAN,cAA0B,MAAM;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EAEA,YACE,SACA,UAKI,CAAC,GACL;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS,QAAQ,UAAU;AAChC,SAAK,OAAO,QAAQ,QAAQ;AAC5B,SAAK,SAAS,QAAQ,UAAU;AAChC,QAAI,QAAQ,MAAO,CAAC,KAAa,QAAQ,QAAQ;AAAA,EACnD;AACF;;;AC5BA,OAAO,QAAQ;AACf,OAAO,YAAY;AAmLZ,SAAS,aAAa,KAAsC;AACjE,QAAM,eAAe,IAAI,QAAQ,IAAI,QAAQ;AAC7C,MAAI,CAAC,aAAc,QAAO,CAAC;AAE3B,MAAI;AACF,UAAM,SAAS,OAAO,MAAM,YAAY;AAExC,UAAM,SAAiC,CAAC;AACxC,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,MAAM,GAAG;AACjD,UAAI,UAAU,UAAa,UAAU,MAAM;AACzC,eAAO,GAAG,IAAI;AAAA,MAChB;AAAA,IACF;AACA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;;;ACnMO,SAAS,UAAU,KAAc,KAA4B;AAClE,QAAM,UAAU,aAAa,GAAG;AAChC,SAAO,QAAQ,GAAG,KAAK;AACzB;;;ACDO,IAAM,cAA0B,OAAO,KAAK,SAAS;AAC1D,QAAM,QAAQ,UAAU,KAAK,MAAM;AAEnC,MAAI,CAAC,SAAS,UAAU,eAAe;AACrC,UAAM,IAAI,YAAY,gBAAgB;AAAA,MACpC,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,QAAQ;AAAA,IACV,CAAC;AAAA,EACH;AAEA,SAAO,KAAK;AACd;","names":[]}

package/dist/middleware/component-renderer.js

@@ -1,139 +0,0 @@
-// src/middleware/component-renderer.ts
-var renderVueSSR = async (componentImport, req, preloadedDeps) => {
-  try {
-    const { createSSRApp, renderToString } = preloadedDeps || await Promise.all([import("vue"), import("@vue/server-renderer")]).then(
-      ([vue, renderer]) => ({
-        createSSRApp: vue.createSSRApp,
-        renderToString: renderer.renderToString
-      })
-    );
-    const componentModule = await componentImport();
-    const component = componentModule.default || componentModule;
-    const app = createSSRApp(component);
-    app.provide("routeInfo", {
-      params: req.params || {},
-      query: Object.fromEntries(new URL(req.url).searchParams),
-      pathname: new URL(req.url).pathname
-    });
-    const html = await renderToString(app);
-    return new Response(
-      `
-      <!doctype html>
-      <html>
-        <head>
-          <meta charset="utf-8">
-          <title>Vue SSR App</title>
-        </head>
-        <body>
-          <div id="app">${html}</div>
-          <script>
-            window.__ROUTE_INFO__ = {
-              params: ${JSON.stringify(req.params || {})},
-              query: ${JSON.stringify(Object.fromEntries(new URL(req.url).searchParams))},
-              pathname: '${new URL(req.url).pathname}'
-            };
-          </script>
-          <script type="module" src="/client.js"></script>
-        </body>
-      </html>
-    `,
-      {
-        headers: { "Content-Type": "text/html; charset=utf-8" }
-      }
-    );
-  } catch (error) {
-    console.error("Vue SSR \u6E32\u67D3\u5931\u8D25:", error);
-    return new Response(
-      `
-      <!doctype html>
-      <html>
-        <head><title>\u6E32\u67D3\u9519\u8BEF</title></head>
-        <body>
-          <h1>Vue SSR \u6E32\u67D3\u5931\u8D25</h1>
-          <p>\u9519\u8BEF\u4FE1\u606F: ${error instanceof Error ? error.message : "\u672A\u77E5\u9519\u8BEF"}</p>
-        </body>
-      </html>
-    `,
-      { status: 500 }
-    );
-  }
-};
-var renderReactSSR = async (componentImport, req, preloadedDeps) => {
-  try {
-    const { createElement, renderToString } = preloadedDeps || await Promise.all([import("react"), import("react-dom/server")]).then(
-      ([react, renderer]) => ({
-        createElement: react.createElement,
-        renderToString: renderer.renderToString
-      })
-    );
-    const componentModule = await componentImport();
-    const Component = componentModule.default || componentModule;
-    const content = createElement(Component, {
-      req,
-      params: req.params || {},
-      query: Object.fromEntries(new URL(req.url).searchParams)
-    });
-    const html = renderToString(content);
-    return new Response(
-      `
-      <!doctype html>
-      <html>
-        <head>
-          <meta charset="utf-8">
-          <title>React SSR App</title>
-        </head>
-        <body>
-          <div id="root">${html}</div>
-          <script>
-            window.__ROUTE_INFO__ = {
-              params: ${JSON.stringify(req.params || {})},
-              query: ${JSON.stringify(Object.fromEntries(new URL(req.url).searchParams))},
-              pathname: '${new URL(req.url).pathname}'
-            };
-          </script>
-          <script type="module" src="/client.js"></script>
-        </body>
-      </html>
-    `,
-      {
-        headers: { "Content-Type": "text/html; charset=utf-8" }
-      }
-    );
-  } catch (error) {
-    console.error("React SSR \u6E32\u67D3\u5931\u8D25:", error);
-    return new Response(
-      `
-      <!doctype html>
-      <html>
-        <head><title>\u6E32\u67D3\u9519\u8BEF</title></head>
-        <body>
-          <h1>React SSR \u6E32\u67D3\u5931\u8D25</h1>
-          <p>\u9519\u8BEF\u4FE1\u606F: ${error instanceof Error ? error.message : "\u672A\u77E5\u9519\u8BEF"}</p>
-        </body>
-      </html>
-    `,
-      { status: 500 }
-    );
-  }
-};
-var vueRenderer = (preloadedDeps) => {
-  return async (req, next) => {
-    req.renderVue = async (componentImport) => {
-      return await renderVueSSR(componentImport, req, preloadedDeps);
-    };
-    return next();
-  };
-};
-var reactRenderer = (preloadedDeps) => {
-  return async (req, next) => {
-    req.renderReact = async (componentImport) => {
-      return await renderReactSSR(componentImport, req, preloadedDeps);
-    };
-    return next();
-  };
-};
-export {
-  reactRenderer,
-  vueRenderer
-};
-//# sourceMappingURL=component-renderer.js.map

package/dist/middleware/component-renderer.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/middleware/component-renderer.ts"],"sourcesContent":["/**\n * 组件渲染中间件 - 专注 SSR\n * 支持 Vue 和 React 的服务端渲染\n */\n\n// Vue SSR 渲染\nconst renderVueSSR = async (\n  componentImport: () => Promise<any>,\n  req: Request,\n  preloadedDeps?: any,\n) => {\n  try {\n    // 使用预加载的依赖或动态导入\n    const { createSSRApp, renderToString } =\n      preloadedDeps ||\n      (await Promise.all([import(\"vue\"), import(\"@vue/server-renderer\")]).then(\n        ([vue, renderer]) => ({\n          createSSRApp: vue.createSSRApp,\n          renderToString: renderer.renderToString,\n        }),\n      ));\n\n    const componentModule = await componentImport();\n    const component = componentModule.default || componentModule;\n\n    const app = createSSRApp(component);\n\n    // 提供路由信息\n    app.provide(\"routeInfo\", {\n      params: (req as any).params || {},\n      query: Object.fromEntries(new URL(req.url).searchParams),\n      pathname: new URL(req.url).pathname,\n    });\n\n    const html = await renderToString(app);\n\n    return new Response(\n      `\n      <!doctype html>\n      <html>\n        <head>\n          <meta charset=\"utf-8\">\n          <title>Vue SSR App</title>\n        </head>\n        <body>\n          <div id=\"app\">${html}</div>\n          <script>\n            window.__ROUTE_INFO__ = {\n              params: ${JSON.stringify((req as any).params || {})},\n              query: ${JSON.stringify(Object.fromEntries(new URL(req.url).searchParams))},\n              pathname: '${new URL(req.url).pathname}'\n            };\n          </script>\n          <script type=\"module\" src=\"/client.js\"></script>\n        </body>\n      </html>\n    `,\n      {\n        headers: { \"Content-Type\": \"text/html; charset=utf-8\" },\n      },\n    );\n  } catch (error) {\n    console.error(\"Vue SSR 渲染失败:\", error);\n    return new Response(\n      `\n      <!doctype html>\n      <html>\n        <head><title>渲染错误</title></head>\n        <body>\n          <h1>Vue SSR 渲染失败</h1>\n          <p>错误信息: ${error instanceof Error ? error.message : \"未知错误\"}</p>\n        </body>\n      </html>\n    `,\n      { status: 500 },\n    );\n  }\n};\n\n// React SSR 渲染\nconst renderReactSSR = async (\n  componentImport: () => Promise<any>,\n  req: Request,\n  preloadedDeps?: any,\n) => {\n  try {\n    // 使用预加载的依赖或动态导入\n    const { createElement, renderToString } =\n      preloadedDeps ||\n      (await Promise.all([import(\"react\"), import(\"react-dom/server\")]).then(\n        ([react, renderer]) => ({\n          createElement: react.createElement,\n          renderToString: renderer.renderToString,\n        }),\n      ));\n\n    const componentModule = await componentImport();\n    const Component = componentModule.default || componentModule;\n\n    const content = createElement(Component, {\n      req,\n      params: (req as any).params || {},\n      query: Object.fromEntries(new URL(req.url).searchParams),\n    });\n\n    const html = renderToString(content);\n\n    return new Response(\n      `\n      <!doctype html>\n      <html>\n        <head>\n          <meta charset=\"utf-8\">\n          <title>React SSR App</title>\n        </head>\n        <body>\n          <div id=\"root\">${html}</div>\n          <script>\n            window.__ROUTE_INFO__ = {\n              params: ${JSON.stringify((req as any).params || {})},\n              query: ${JSON.stringify(Object.fromEntries(new URL(req.url).searchParams))},\n              pathname: '${new URL(req.url).pathname}'\n            };\n          </script>\n          <script type=\"module\" src=\"/client.js\"></script>\n        </body>\n      </html>\n    `,\n      {\n        headers: { \"Content-Type\": \"text/html; charset=utf-8\" },\n      },\n    );\n  } catch (error) {\n    console.error(\"React SSR 渲染失败:\", error);\n    return new Response(\n      `\n      <!doctype html>\n      <html>\n        <head><title>渲染错误</title></head>\n        <body>\n          <h1>React SSR 渲染失败</h1>\n          <p>错误信息: ${error instanceof Error ? error.message : \"未知错误\"}</p>\n        </body>\n      </html>\n    `,\n      { status: 500 },\n    );\n  }\n};\n\n// Vue 组件渲染器 - 专注 SSR\nexport const vueRenderer = (preloadedDeps?: any) => {\n  return async (req: Request, next: () => Promise<Response>) => {\n    (req as any).renderVue = async (componentImport: () => Promise<any>) => {\n      return await renderVueSSR(componentImport, req, preloadedDeps);\n    };\n    return next();\n  };\n};\n\n// React 组件渲染器 - 专注 SSR\nexport const reactRenderer = (preloadedDeps?: any) => {\n  return async (req: Request, next: () => Promise<Response>) => {\n    (req as any).renderReact = async (componentImport: () => Promise<any>) => {\n      return await renderReactSSR(componentImport, req, preloadedDeps);\n    };\n    return next();\n  };\n};\n"],"mappings":";AAMA,IAAM,eAAe,OACnB,iBACA,KACA,kBACG;AACH,MAAI;AAEF,UAAM,EAAE,cAAc,eAAe,IACnC,iBACC,MAAM,QAAQ,IAAI,CAAC,OAAO,KAAK,GAAG,OAAO,sBAAsB,CAAC,CAAC,EAAE;AAAA,MAClE,CAAC,CAAC,KAAK,QAAQ,OAAO;AAAA,QACpB,cAAc,IAAI;AAAA,QAClB,gBAAgB,SAAS;AAAA,MAC3B;AAAA,IACF;AAEF,UAAM,kBAAkB,MAAM,gBAAgB;AAC9C,UAAM,YAAY,gBAAgB,WAAW;AAE7C,UAAM,MAAM,aAAa,SAAS;AAGlC,QAAI,QAAQ,aAAa;AAAA,MACvB,QAAS,IAAY,UAAU,CAAC;AAAA,MAChC,OAAO,OAAO,YAAY,IAAI,IAAI,IAAI,GAAG,EAAE,YAAY;AAAA,MACvD,UAAU,IAAI,IAAI,IAAI,GAAG,EAAE;AAAA,IAC7B,CAAC;AAED,UAAM,OAAO,MAAM,eAAe,GAAG;AAErC,WAAO,IAAI;AAAA,MACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,0BAQoB,IAAI;AAAA;AAAA;AAAA,wBAGN,KAAK,UAAW,IAAY,UAAU,CAAC,CAAC,CAAC;AAAA,uBAC1C,KAAK,UAAU,OAAO,YAAY,IAAI,IAAI,IAAI,GAAG,EAAE,YAAY,CAAC,CAAC;AAAA,2BAC7D,IAAI,IAAI,IAAI,GAAG,EAAE,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAO9C;AAAA,QACE,SAAS,EAAE,gBAAgB,2BAA2B;AAAA,MACxD;AAAA,IACF;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,qCAAiB,KAAK;AACpC,WAAO,IAAI;AAAA,MACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yCAMe,iBAAiB,QAAQ,MAAM,UAAU,0BAAM;AAAA;AAAA;AAAA;AAAA,MAI9D,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AACF;AAGA,IAAM,iBAAiB,OACrB,iBACA,KACA,kBACG;AACH,MAAI;AAEF,UAAM,EAAE,eAAe,eAAe,IACpC,iBACC,MAAM,QAAQ,IAAI,CAAC,OAAO,OAAO,GAAG,OAAO,kBAAkB,CAAC,CAAC,EAAE;AAAA,MAChE,CAAC,CAAC,OAAO,QAAQ,OAAO;AAAA,QACtB,eAAe,MAAM;AAAA,QACrB,gBAAgB,SAAS;AAAA,MAC3B;AAAA,IACF;AAEF,UAAM,kBAAkB,MAAM,gBAAgB;AAC9C,UAAM,YAAY,gBAAgB,WAAW;AAE7C,UAAM,UAAU,cAAc,WAAW;AAAA,MACvC;AAAA,MACA,QAAS,IAAY,UAAU,CAAC;AAAA,MAChC,OAAO,OAAO,YAAY,IAAI,IAAI,IAAI,GAAG,EAAE,YAAY;AAAA,IACzD,CAAC;AAED,UAAM,OAAO,eAAe,OAAO;AAEnC,WAAO,IAAI;AAAA,MACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,2BAQqB,IAAI;AAAA;AAAA;AAAA,wBAGP,KAAK,UAAW,IAAY,UAAU,CAAC,CAAC,CAAC;AAAA,uBAC1C,KAAK,UAAU,OAAO,YAAY,IAAI,IAAI,IAAI,GAAG,EAAE,YAAY,CAAC,CAAC;AAAA,2BAC7D,IAAI,IAAI,IAAI,GAAG,EAAE,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAO9C;AAAA,QACE,SAAS,EAAE,gBAAgB,2BAA2B;AAAA,MACxD;AAAA,IACF;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,uCAAmB,KAAK;AACtC,WAAO,IAAI;AAAA,MACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yCAMe,iBAAiB,QAAQ,MAAM,UAAU,0BAAM;AAAA;AAAA;AAAA;AAAA,MAI9D,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AACF;AAGO,IAAM,cAAc,CAAC,kBAAwB;AAClD,SAAO,OAAO,KAAc,SAAkC;AAC5D,IAAC,IAAY,YAAY,OAAO,oBAAwC;AACtE,aAAO,MAAM,aAAa,iBAAiB,KAAK,aAAa;AAAA,IAC/D;AACA,WAAO,KAAK;AAAA,EACd;AACF;AAGO,IAAM,gBAAgB,CAAC,kBAAwB;AACpD,SAAO,OAAO,KAAc,SAAkC;AAC5D,IAAC,IAAY,cAAc,OAAO,oBAAwC;AACxE,aAAO,MAAM,eAAe,iBAAiB,KAAK,aAAa;AAAA,IACjE;AACA,WAAO,KAAK;AAAA,EACd;AACF;","names":[]}

package/dist/middleware/component-router.js

@@ -1,36 +0,0 @@
-// src/middleware/component-router.ts
-function flattenComponentRoutes(routes) {
-  const flattened = [];
-  function processRoute(route, parentPath = "", parentMiddleware = []) {
-    const currentPath = parentPath + route.path;
-    const currentMiddleware = [
-      ...parentMiddleware,
-      ...route.middleware || []
-    ];
-    if ("component" in route) {
-      flattened.push({
-        ...route,
-        fullPath: currentPath,
-        middlewareChain: currentMiddleware
-      });
-    } else if ("children" in route && route.children) {
-      for (const child of route.children) {
-        processRoute(child, currentPath, currentMiddleware);
-      }
-    }
-  }
-  for (const route of routes) {
-    processRoute(route);
-  }
-  return flattened;
-}
-var componentRouter = () => {
-  return async (req, next) => {
-    return next();
-  };
-};
-export {
-  componentRouter,
-  flattenComponentRoutes
-};
-//# sourceMappingURL=component-router.js.map

package/dist/middleware/component-router.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/middleware/component-router.ts"],"sourcesContent":["import type {\n  ComponentRoute,\n  NestedComponentRoute,\n  FlattenedComponentRoute,\n} from \"../types/component-route\";\nimport { vueRenderer, reactRenderer } from \"./component-renderer\";\n\n/**\n * 扁平化嵌套组件路由\n */\nexport function flattenComponentRoutes(\n  routes: (ComponentRoute | NestedComponentRoute)[],\n): FlattenedComponentRoute[] {\n  const flattened: FlattenedComponentRoute[] = [];\n\n  function processRoute(\n    route: ComponentRoute | NestedComponentRoute,\n    parentPath: string = \"\",\n    parentMiddleware: any[] = [],\n  ) {\n    const currentPath = parentPath + route.path;\n    const currentMiddleware = [\n      ...parentMiddleware,\n      ...(route.middleware || []),\n    ];\n\n    if (\"component\" in route) {\n      // 这是一个组件路由\n      flattened.push({\n        ...route,\n        fullPath: currentPath,\n        middlewareChain: currentMiddleware,\n      });\n    } else if (\"children\" in route && route.children) {\n      // 这是一个嵌套路由\n      for (const child of route.children) {\n        processRoute(child, currentPath, currentMiddleware);\n      }\n    }\n  }\n\n  for (const route of routes) {\n    processRoute(route);\n  }\n\n  return flattened;\n}\n\n/**\n * 组件路由处理器中间件\n * 自动检测组件类型并应用相应的渲染器\n */\nexport const componentRouter = () => {\n  return async (req: Request, next: () => Promise<Response>) => {\n    // 这里可以添加组件路由的自动处理逻辑\n    // 比如自动检测组件类型，应用相应的渲染器\n    return next();\n  };\n};\n"],"mappings":";AAUO,SAAS,uBACd,QAC2B;AAC3B,QAAM,YAAuC,CAAC;AAE9C,WAAS,aACP,OACA,aAAqB,IACrB,mBAA0B,CAAC,GAC3B;AACA,UAAM,cAAc,aAAa,MAAM;AACvC,UAAM,oBAAoB;AAAA,MACxB,GAAG;AAAA,MACH,GAAI,MAAM,cAAc,CAAC;AAAA,IAC3B;AAEA,QAAI,eAAe,OAAO;AAExB,gBAAU,KAAK;AAAA,QACb,GAAG;AAAA,QACH,UAAU;AAAA,QACV,iBAAiB;AAAA,MACnB,CAAC;AAAA,IACH,WAAW,cAAc,SAAS,MAAM,UAAU;AAEhD,iBAAW,SAAS,MAAM,UAAU;AAClC,qBAAa,OAAO,aAAa,iBAAiB;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AAEA,aAAW,SAAS,QAAQ;AAC1B,iBAAa,KAAK;AAAA,EACpB;AAEA,SAAO;AACT;AAMO,IAAM,kBAAkB,MAAM;AACnC,SAAO,OAAO,KAAc,SAAkC;AAG5D,WAAO,KAAK;AAAA,EACd;AACF;","names":[]}

package/dist/middleware/cors.d.ts

@@ -1,12 +0,0 @@
-import { Middleware } from '../types/types.js';
-
-interface CORSOptions {
-    origin?: string[] | "*";
-    methods?: string[];
-    headers?: string[];
-    credentials?: boolean;
-    maxAge?: number;
-}
-declare function createCORS(options?: CORSOptions): Middleware;
-
-export { type CORSOptions, createCORS };

package/dist/middleware/cors.js

@@ -1,43 +0,0 @@
-// src/middleware/cors.ts
-function createCORS(options = {}) {
-  const {
-    origin = [],
-    methods = ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
-    headers = [],
-    credentials = false,
-    maxAge
-  } = options;
-  return async (req, next) => {
-    const reqOrigin = req.headers.get("Origin") || "";
-    const isAllowedOrigin = origin === "*" || origin.includes(reqOrigin);
-    if (req.method === "OPTIONS") {
-      const resHeaders = new Headers();
-      if (isAllowedOrigin) {
-        resHeaders.set(
-          "Access-Control-Allow-Origin",
-          origin === "*" ? "*" : reqOrigin
-        );
-        resHeaders.set("Access-Control-Allow-Methods", methods.join(","));
-        resHeaders.set("Access-Control-Allow-Headers", headers.join(","));
-        if (credentials)
-          resHeaders.set("Access-Control-Allow-Credentials", "true");
-        if (maxAge) resHeaders.set("Access-Control-Max-Age", maxAge.toString());
-      }
-      return new Response(null, { status: 204, headers: resHeaders });
-    }
-    const res = await next();
-    if (isAllowedOrigin) {
-      res.headers.set(
-        "Access-Control-Allow-Origin",
-        origin === "*" ? "*" : reqOrigin
-      );
-      if (credentials)
-        res.headers.set("Access-Control-Allow-Credentials", "true");
-    }
-    return res;
-  };
-}
-export {
-  createCORS
-};
-//# sourceMappingURL=cors.js.map

package/dist/middleware/cors.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/middleware/cors.ts"],"sourcesContent":["import type { Middleware } from \"../types\";\n\nexport interface CORSOptions {\n  origin?: string[] | \"*\";\n  methods?: string[];\n  headers?: string[];\n  credentials?: boolean;\n  maxAge?: number;\n}\n\nexport function createCORS(options: CORSOptions = {}): Middleware {\n  const {\n    origin = [],\n    methods = [\"GET\", \"POST\", \"PUT\", \"DELETE\", \"OPTIONS\"],\n    headers = [],\n    credentials = false,\n    maxAge,\n  } = options;\n\n  return async (req, next) => {\n    const reqOrigin = req.headers.get(\"Origin\") || \"\";\n\n    // 判断：是否为允许的 Origin？\n    const isAllowedOrigin = origin === \"*\" || origin.includes(reqOrigin);\n\n    // 预检 (OPTIONS) 请求处理\n    if (req.method === \"OPTIONS\") {\n      const resHeaders = new Headers();\n\n      if (isAllowedOrigin) {\n        resHeaders.set(\n          \"Access-Control-Allow-Origin\",\n          origin === \"*\" ? \"*\" : reqOrigin,\n        );\n        resHeaders.set(\"Access-Control-Allow-Methods\", methods.join(\",\"));\n        resHeaders.set(\"Access-Control-Allow-Headers\", headers.join(\",\"));\n        if (credentials)\n          resHeaders.set(\"Access-Control-Allow-Credentials\", \"true\");\n        if (maxAge) resHeaders.set(\"Access-Control-Max-Age\", maxAge.toString());\n      }\n\n      return new Response(null, { status: 204, headers: resHeaders });\n    }\n\n    // 正常请求：在 next 后添加头部\n    const res = await next();\n\n    if (isAllowedOrigin) {\n      res.headers.set(\n        \"Access-Control-Allow-Origin\",\n        origin === \"*\" ? \"*\" : reqOrigin,\n      );\n      if (credentials)\n        res.headers.set(\"Access-Control-Allow-Credentials\", \"true\");\n    }\n\n    return res;\n  };\n}\n"],"mappings":";AAUO,SAAS,WAAW,UAAuB,CAAC,GAAe;AAChE,QAAM;AAAA,IACJ,SAAS,CAAC;AAAA,IACV,UAAU,CAAC,OAAO,QAAQ,OAAO,UAAU,SAAS;AAAA,IACpD,UAAU,CAAC;AAAA,IACX,cAAc;AAAA,IACd;AAAA,EACF,IAAI;AAEJ,SAAO,OAAO,KAAK,SAAS;AAC1B,UAAM,YAAY,IAAI,QAAQ,IAAI,QAAQ,KAAK;AAG/C,UAAM,kBAAkB,WAAW,OAAO,OAAO,SAAS,SAAS;AAGnE,QAAI,IAAI,WAAW,WAAW;AAC5B,YAAM,aAAa,IAAI,QAAQ;AAE/B,UAAI,iBAAiB;AACnB,mBAAW;AAAA,UACT;AAAA,UACA,WAAW,MAAM,MAAM;AAAA,QACzB;AACA,mBAAW,IAAI,gCAAgC,QAAQ,KAAK,GAAG,CAAC;AAChE,mBAAW,IAAI,gCAAgC,QAAQ,KAAK,GAAG,CAAC;AAChE,YAAI;AACF,qBAAW,IAAI,oCAAoC,MAAM;AAC3D,YAAI,OAAQ,YAAW,IAAI,0BAA0B,OAAO,SAAS,CAAC;AAAA,MACxE;AAEA,aAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,SAAS,WAAW,CAAC;AAAA,IAChE;AAGA,UAAM,MAAM,MAAM,KAAK;AAEvB,QAAI,iBAAiB;AACnB,UAAI,QAAQ;AAAA,QACV;AAAA,QACA,WAAW,MAAM,MAAM;AAAA,MACzB;AACA,UAAI;AACF,YAAI,QAAQ,IAAI,oCAAoC,MAAM;AAAA,IAC9D;AAEA,WAAO;AAAA,EACT;AACF;","names":[]}

package/dist/middleware/rateLimit.d.ts

@@ -1,10 +0,0 @@
-import { Middleware } from '../types/types.js';
-
-interface RateLimitOptions {
-    windowMs?: number;
-    max?: number;
-    keyFn?: (req: Request) => string;
-}
-declare function rateLimit(options?: RateLimitOptions): Middleware;
-
-export { rateLimit };