Val Town Code SearchReturn to Val Town

10 * {id} -> :id
11 */
12export function convertOpenApiPathToHono(openApiPath: string): string {
13  return openApiPath.replace(/\{([^}]+)\}/g, ":$1");
14}
18 * :id -> {id}
19 */
20export function convertHonoPathToOpenApi(honoPath: string): string {
21  return honoPath.replace(/:([^/]+)/g, "{$1}");
22}
25 * Extract parameters from OpenAPI path
26 */
27export function extractOpenApiParams(
28  pathTemplate: string,
29  actualPath: string,

11import { getCurrentDateInSydney, getSydneyTimestampMillis } from "@/utils/dateUtils.ts";
12
13function generateZID(): string {
14  // Generate two 4-character random parts from UUIDs
15  const randomPart1 = crypto.randomUUID().slice(0, 4);
32 * @returns Decoded ZID components or null if invalid
33 */
34export function decodeZID(encodedZid: string): {
35  originalString: string;
36  randomPart1: string;
72 *
73 * @param c - Hono context
74 * @param next - Next middleware function
75 */
76export const zidTrackingMiddleware = async (
152 * @returns Current ZID or null if not set
153 */
154export function getZID(c: Context<{ Variables: Variables }>): string | null {
155  return c.get("zid") || null;
156}
161 * @returns Request timing info or null if not available
162 */
163export function getRequestTiming(c: Context<{ Variables: Variables }>): {
164  startTime: number;
165  duration: number;
181 * @param data - Additional log data
182 */
183export function logWithZID(
184  { c, level, message, data }: {
185    c: Context<{ Variables: Variables }>;

19 *
20 * @param c - Hono context with Variables type extension for session data
21 * @param next - Next middleware function in the chain
22 * @throws {Error} When session parsing fails or cookie operations encounter errors
23 */
148
149/**
150 * Configuration management functions for cookie session middleware
151 */
152
162  newConfig: Partial<CookieSessionConfig>,
163) => {
164  // updateConfig functionality has been removed
165  console.warn(
166    "updateSessionConfig is called, but runtime config updates are currently disabled.",

116 *
117 * @param c - Hono context object containing request and response data
118 * @param next - Next middleware function in the Hono processing chain
119 * @returns Promise<void> - Completes after validation check and next() execution
120 */
140/**
141 * @param schemaName - Name of the validation schema to retrieve from available schemas
142 * @returns Corresponding validator function for the specified schema type
143 */
144export const getQueryValidator = (schemaName: keyof typeof queryValidationSchemas) => {

16 *   console.log(clean); // <script>alert("xss")</script>
17 */
18export function sanitizeInput(input: any): any {
19  if (typeof input === "string") {
20    // Check for blocked patterns
60 *   }
61 */
62export function validateRequestSize(request: Request): boolean {
63  const contentLength = request.headers.get("content-length");
64  if (contentLength) {
92 *   }
93 */
94export function validateJsonPayloadSize(jsonString: string): boolean {
95  const size = new TextEncoder().encode(jsonString).length;
96  const isValid = size <= InputValidationConfig.maxJsonPayload;
120 *   }
121 */
122export function validateUrlLength(url: string): boolean {
123  const isValid = url.length <= InputValidationConfig.maxUrlLength;
124
147 *   }
148 */
149export function validateFileType(mimeType: string): boolean {
150  const isValid = InputValidationConfig.allowedFileTypes.includes(mimeType);
151
169 * @returns True if input contains blocked patterns
170 */
171export function containsBlockedPatterns(input: string): boolean {
172  for (const pattern of InputValidationConfig.blockedPatterns) {
173    if (pattern.test(input)) {
190 *
191 * @param c - Hono context object containing request and response data
192 * @param next - Next middleware function in the Hono processing chain
193 * @returns Promise<void> - Continues to next middleware or throws HTTPException on security violation
194 * @throws HTTPException - 413 Request Entity Too Large, 414 URI Too Long, 400 Bad Request
255 *
256 * @param c - Hono context object
257 * @param next - Next middleware function
258 */
259export const sanitizeBodyMiddleware = async (

84  }
85
86  /* Header validation (original functionality) ---------------------- */
87  if (!cfg.enabled) {
88    await next();

54
55/**
56 * Validation utility functions for common input patterns.
57 * Provides reusable validators for UUID, alphanumeric, length, and enum validation.
58 */
393 *
394 * @param c - Hono context object containing request and response data
395 * @param next - Next middleware function in the Hono processing chain
396 * @returns Promise<void> - Completes after validation check and next() execution
397 */
425/**
426 * @param schemaName - Name of the validation schema to retrieve from available schemas
427 * @returns Corresponding validator function for the specified schema type
428 */
429export const getBodyValidator = (schemaName: keyof typeof bodyValidationSchemas) => {

28};
29
30async function initTables() {
31  await sqlService.createTable("rate_limit_violations", {
32    id: { type: "INTEGER", primaryKey: true, autoIncrement: true },
58}
59
60async function persistViolation(v: RateLimitViolation) {
61  await sqlService.insert("rate_limit_violations", {
62    ip: v.ip,
68}
69
70async function persistBlockStatus(b: IPBlockStatus) {
71  await sqlService.execute({
72    sql: `INSERT OR REPLACE INTO ip_block_status
86}
87
88async function persistBlacklist(ip: string, reason: string) {
89  const key = "rate-limiter/blacklist.json";
90  const json = (await blobService.getJSON<Record<string, unknown>>(key)) ?? {};
93}
94
95async function loadBlacklist() {
96  const key = "rate-limiter/blacklist.json";
97  const json = await blobService.getJSON<Record<string, unknown>>(key);
114];
115
116function getClientIP(c: Context): string {
117  for (const h of HEADER_CANDIDATES) {
118    const v = c.req.header(h);
122}
123
124async function currentViolationCount(ip: string): Promise<number> {
125  if (!AUTO_BLOCK_CONFIG.persistToStorage) {
126    return memoryCache.violationCounts.get(ip) ?? 0;
137}
138
139async function addViolation(ip: string, ep: string, ua?: string) {
140  const v: RateLimitViolation = {
141    ip,
153
154/* Threat detection & auto-blocking */
155async function inspectThreat(ip: string): Promise<ThreatDetectionResult> {
156  if (memoryCache.blacklistedIPs.has(ip)) {
157    return { action: "blacklist", reason: "already blacklisted", violationCount: 0 };
183}
184
185async function temporaryBlock(ip: string, reason: string, vCount: number) {
186  const until = new Date(getSydneyTimestamp() + AUTO_BLOCK_CONFIG.blockDuration * 60 * 1000);
187  const st: IPBlockStatus = {
201/* Middleware                                                */
202/* ────────────────────────────────────────────────────────── */
203export async function enhancedRateLimitMiddleware(c: Context, next: Next) {
204  if (!AUTO_BLOCK_CONFIG.enabled) return await next();
205
250
251/* Back-compat wrapper (same signature as old middleware) */
252export default function createBackendRateLimitMiddleware(): MiddlewareHandler<
253  { Variables: HonoVariables }
254> {

110    c.set("securityContext", newSecurityContextUpdate);
111    await next();
112    function safeMatch(ipToMatch: string, range: string, errTpl: string): boolean {
113      try {
114        return checkIpRange(ipToMatch, range);
118      }
119    }
120    function logIfBlocked(msg: string) {
121      if (cfg.logBlocked) console.warn(msg);
122    }
123    function throwForbidden(
124      config: NetworkFilterConfig,
125      codeKey: keyof NetworkFilterConfig["errorCodes"],

182 * Centralised security-event logger (⚠️ do not remove).
183 */
184export function logSecurityEvent(
185  type: string,
186  details: unknown,
287
288/* --- alert stub ---------------------------------------------------- */
289function triggerSecurityAlert(event: SecurityEvent): void {
290  // TODO: integrate pager-duty / email / webhook
291  console.error(