This is the full developer documentation for Hono. # Start of Hono documentation # Hono Hono - _**means flameπŸ”₯ in Japanese**_ - is a small, simple, and ultrafast web framework built on Web Standards. It works on any JavaScript runtime: Cloudflare Workers, Fastly Compute, Deno, Bun, Vercel, Netlify, AWS Lambda, Lambda@Edge, and Node.js. Fast, but not only fast. ```ts twoslash import { Hono } from 'hono' const app = new Hono() app.get('/', (c) => c.text('Hono!')) export default app ``` ## Quick Start Just run this: ::: code-group ```sh [npm] npm create hono@latest ``` ```sh [yarn] yarn create hono ``` ```sh [pnpm] pnpm create hono@latest ``` ```sh [bun] bun create hono@latest ``` ```sh [deno] deno init --npm hono@latest ``` ::: ## Features - **Ultrafast** πŸš€ - The router `RegExpRouter` is really fast. Not using linear loops. Fast. - **Lightweight** πŸͺΆ - The `hono/tiny` preset is under 14kB. Hono has zero dependencies and uses only the Web Standards. - **Multi-runtime** 🌍 - Works on Cloudflare Workers, Fastly Compute, Deno, Bun, AWS Lambda, or Node.js. The same code runs on all platforms. - **Batteries Included** πŸ”‹ - Hono has built-in middleware, custom middleware, third-party middleware, and helpers. Batteries included. - **Delightful DX** πŸ˜ƒ - Super clean APIs. First-class TypeScript support. Now, we've got "Types". ## Use-cases Hono is a simple web application framework similar to Express, without a frontend. But it runs on CDN Edges and allows you to construct larger applications when combined with middleware. Here are some examples of use-cases. - Building Web APIs - Proxy of backend servers - Front of CDN - Edge application - Base server for a library - Full-stack application ## Who is using Hono? | Project | Platform | What for? | | ---------------------------------------------------------------------------------- | ------------------ | ----------------------------------------------------------------------------------------------------------- | | [cdnjs](https://cdnjs.com) | Cloudflare Workers | A free and open-source CDN service. _Hono is used for the API server_. | | [Cloudflare D1](https://www.cloudflare.com/developer-platform/d1/) | Cloudflare Workers | Serverless SQL databases. _Hono is used for the internal API server_. | | [Cloudflare Workers KV](https://www.cloudflare.com/developer-platform/workers-kv/) | Cloudflare Workers | Serverless key-value database. _Hono is used for the internal API server_. | | [BaseAI](https://baseai.dev) | Local AI Server | Serverless AI agent pipes with memory. An open-source agentic AI framework for web. _API server with Hono_. | | [Unkey](https://unkey.dev) | Cloudflare Workers | An open-source API authentication and authorization. _Hono is used for the API server_. | | [OpenStatus](https://openstatus.dev) | Bun | An open-source website & API monitoring platform. _Hono is used for the API server_. | | [Deno Benchmarks](https://deno.com/benchmarks) | Deno | A secure TypeScript runtime built on V8. _Hono is used for benchmarking_. | | [Clerk](https://clerk.com) | Cloudflare Workers | An open-source User Management Platform. _Hono is used for the API server_. | And the following. - [Drivly](https://driv.ly/) - Cloudflare Workers - [repeat.dev](https://repeat.dev/) - Cloudflare Workers Do you want to see more? See [Who is using Hono in production?](https://github.com/orgs/honojs/discussions/1510). ## Hono in 1 minute A demonstration to create an application for Cloudflare Workers with Hono. ![A gif showing a hono app being created quickly with fast iteration.](/images/sc.gif) ## Ultrafast **Hono is the fastest**, compared to other routers for Cloudflare Workers. ``` Hono x 402,820 ops/sec Β±4.78% (80 runs sampled) itty-router x 212,598 ops/sec Β±3.11% (87 runs sampled) sunder x 297,036 ops/sec Β±4.76% (77 runs sampled) worktop x 197,345 ops/sec Β±2.40% (88 runs sampled) Fastest is Hono ✨ Done in 28.06s. ``` See [more benchmarks](/docs/concepts/benchmarks). ## Lightweight **Hono is so small**. With the `hono/tiny` preset, its size is **under 14KB** when minified. There are many middleware and adapters, but they are bundled only when used. For context, the size of Express is 572KB. ``` $ npx wrangler dev --minify ./src/index.ts ⛅️ wrangler 2.20.0 -------------------- ⬣ Listening at http://0.0.0.0:8787 - http://127.0.0.1:8787 - http://192.168.128.165:8787 Total Upload: 11.47 KiB / gzip: 4.34 KiB ``` ## Multiple routers **Hono has multiple routers**. **RegExpRouter** is the fastest router in the JavaScript world. It matches the route using a single large Regex created before dispatch. With **SmartRouter**, it supports all route patterns. **LinearRouter** registers the routes very quickly, so it's suitable for an environment that initializes applications every time. **PatternRouter** simply adds and matches the pattern, making it small. See [more information about routes](/docs/concepts/routers). ## Web Standards Thanks to the use of the **Web Standards**, Hono works on a lot of platforms. - Cloudflare Workers - Cloudflare Pages - Fastly Compute - Deno - Bun - Vercel - AWS Lambda - Lambda@Edge - Others And by using [a Node.js adapter](https://github.com/honojs/node-server), Hono works on Node.js. See [more information about Web Standards](/docs/concepts/web-standard). ## Middleware & Helpers **Hono has many middleware and helpers**. This makes "Write Less, do more" a reality. Out of the box, Hono provides middleware and helpers for: - [Basic Authentication](/docs/middleware/builtin/basic-auth) - [Bearer Authentication](/docs/middleware/builtin/bearer-auth) - [Body Limit](/docs/middleware/builtin/body-limit) - [Cache](/docs/middleware/builtin/cache) - [Compress](/docs/middleware/builtin/compress) - [Context Storage](/docs/middleware/builtin/context-storage) - [Cookie](/docs/helpers/cookie) - [CORS](/docs/middleware/builtin/cors) - [ETag](/docs/middleware/builtin/etag) - [html](/docs/helpers/html) - [JSX](/docs/guides/jsx) - [JWT Authentication](/docs/middleware/builtin/jwt) - [Logger](/docs/middleware/builtin/logger) - [Language](/docs/middleware/builtin/language) - [Pretty JSON](/docs/middleware/builtin/pretty-json) - [Secure Headers](/docs/middleware/builtin/secure-headers) - [SSG](/docs/helpers/ssg) - [Streaming](/docs/helpers/streaming) - [GraphQL Server](https://github.com/honojs/middleware/tree/main/packages/graphql-server) - [Firebase Authentication](https://github.com/honojs/middleware/tree/main/packages/firebase-auth) - [Sentry](https://github.com/honojs/middleware/tree/main/packages/sentry) - Others! For example, adding ETag and request logging only takes a few lines of code with Hono: ```ts import { Hono } from 'hono' import { etag } from 'hono/etag' import { logger } from 'hono/logger' const app = new Hono() app.use(etag(), logger()) ``` See [more information about Middleware](/docs/concepts/middleware). ## Developer Experience Hono provides a delightful "**Developer Experience**". Easy access to Request/Response thanks to the `Context` object. Moreover, Hono is written in TypeScript. Hono has "**Types**". For example, the path parameters will be literal types. ![A screenshot showing Hono having proper literal typing when URL parameters. The URL "/entry/:date/:id" allows for request parameters to be "date" or "id"](/images/ss.png) And, the Validator and Hono Client `hc` enable the RPC mode. In RPC mode, you can use your favorite validator such as Zod and easily share server-side API specs with the client and build type-safe applications. See [Hono Stacks](/docs/concepts/stacks). # Next.js Next.js is a flexible React framework that gives you building blocks to create fast web applications. You can run Hono on Next.js when using the Node.js runtime.\ On Vercel, deploying Hono with Next.js is easy by using Vercel Functions. ## 1. Setup A starter for Next.js is available. Start your project with "create-hono" command. Select `nextjs` template for this example. ::: code-group ```sh [npm] npm create hono@latest my-app ``` ```sh [yarn] yarn create hono my-app ``` ```sh [pnpm] pnpm create hono my-app ``` ```sh [bun] bun create hono@latest my-app ``` ```sh [deno] deno init --npm hono my-app ``` ::: Move into `my-app` and install the dependencies. ::: code-group ```sh [npm] cd my-app npm i ``` ```sh [yarn] cd my-app yarn ``` ```sh [pnpm] cd my-app pnpm i ``` ```sh [bun] cd my-app bun i ``` ::: ## 2. Hello World If you use the App Router, Edit `app/api/[[...route]]/route.ts`. Refer to the [Supported HTTP Methods](https://nextjs.org/docs/app/building-your-application/routing/route-handlers#supported-http-methods) section for more options. ```ts import { Hono } from 'hono' import { handle } from 'hono/vercel' const app = new Hono().basePath('/api') app.get('/hello', (c) => { return c.json({ message: 'Hello Next.js!', }) }) export const GET = handle(app) export const POST = handle(app) ``` ## 3. Run Run the development server locally. Then, access `http://localhost:3000` in your Web browser. ::: code-group ```sh [npm] npm run dev ``` ```sh [yarn] yarn dev ``` ```sh [pnpm] pnpm dev ``` ```sh [bun] bun run dev ``` ::: Now, `/api/hello` just returns JSON, but if you build React UIs, you can create a full-stack application with Hono. ## 4. Deploy If you have a Vercel account, you can deploy by linking the Git repository. ## Pages Router If you use the Pages Router, you'll need to install the Node.js adapter first. ::: code-group ```sh [npm] npm i @hono/node-server ``` ```sh [yarn] yarn add @hono/node-server ``` ```sh [pnpm] pnpm add @hono/node-server ``` ```sh [bun] bun add @hono/node-server ``` ::: Then, you can utilize the `getRequestListener` function imported from `@hono/node-server` in `pages/api/[[...route]].ts`. ```ts import { getRequestListener } from '@hono/node-server' import { Hono } from 'hono' import type { PageConfig } from 'next' export const config: PageConfig = { api: { bodyParser: false, }, } const app = new Hono().basePath('/api') app.get('/hello', (c) => { return c.json({ message: 'Hello Next.js!', }) }) export default getRequestListener(app.fetch) ``` In order for this to work with the Pages Router, it's important to disable Vercel Node.js helpers by setting up an environment variable in your project dashboard or in your `.env` file. ```text NODEJS_HELPERS=0 ``` # Getting Started Using Hono is super easy. We can set up the project, write code, develop with a local server, and deploy quickly. The same code will work on any runtime, just with different entry points. Let's look at the basic usage of Hono. ## Starter Starter templates are available for each platform. Use the following "create-hono" command. ::: code-group ```sh [npm] npm create hono@latest my-app ``` ```sh [yarn] yarn create hono my-app ``` ```sh [pnpm] pnpm create hono@latest my-app ``` ```sh [bun] bun create hono@latest my-app ``` ```sh [deno] deno init --npm hono@latest my-app ``` ::: Then you will be asked which template you would like to use. Let's select Cloudflare Workers for this example. ``` ? Which template do you want to use? aws-lambda bun cloudflare-pages ❯ cloudflare-workers deno fastly nextjs nodejs vercel ``` The template will be pulled into `my-app`, so go to it and install the dependencies. ::: code-group ```sh [npm] cd my-app npm i ``` ```sh [yarn] cd my-app yarn ``` ```sh [pnpm] cd my-app pnpm i ``` ```sh [bun] cd my-app bun i ``` ::: Once the package installation is complete, run the following command to start up a local server. ::: code-group ```sh [npm] npm run dev ``` ```sh [yarn] yarn dev ``` ```sh [pnpm] pnpm dev ``` ```sh [bun] bun run dev ``` ::: ## Hello World You can write code in TypeScript with the Cloudflare Workers development tool "Wrangler", Deno, Bun, or others without being aware of transpiling. Write your first application with Hono in `src/index.ts`. The example below is a starter Hono application. The `import` and the final `export default` parts may vary from runtime to runtime, but all of the application code will run the same code everywhere. ```ts import { Hono } from 'hono' const app = new Hono() app.get('/', (c) => { return c.text('Hello Hono!') }) export default app ``` Start the development server and access `http://localhost:8787` with your browser. ::: code-group ```sh [npm] npm run dev ``` ```sh [yarn] yarn dev ``` ```sh [pnpm] pnpm dev ``` ```sh [bun] bun run dev ``` ::: ## Return JSON Returning JSON is also easy. The following is an example of handling a GET Request to `/api/hello` and returning an `application/json` Response. ```ts app.get('/api/hello', (c) => { return c.json({ ok: true, message: 'Hello Hono!', }) }) ``` ## Request and Response Getting a path parameter, URL query value, and appending a Response header is written as follows. ```ts app.get('/posts/:id', (c) => { const page = c.req.query('page') const id = c.req.param('id') c.header('X-Message', 'Hi!') return c.text(`You want to see ${page} of ${id}`) }) ``` We can easily handle POST, PUT, and DELETE not only GET. ```ts app.post('/posts', (c) => c.text('Created!', 201)) app.delete('/posts/:id', (c) => c.text(`${c.req.param('id')} is deleted!`) ) ``` ## Return HTML You can write HTML with [the html Helper](/docs/helpers/html) or using [JSX](/docs/guides/jsx) syntax. If you want to use JSX, rename the file to `src/index.tsx` and configure it (check with each runtime as it is different). Below is an example using JSX. ```tsx const View = () => { return (

Hello Hono!

) } app.get('/page', (c) => { return c.html() }) ``` ## Return raw Response You can also return the raw [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response). ```ts app.get('/', () => { return new Response('Good morning!') }) ``` ## Using Middleware Middleware can do the hard work for you. For example, add in Basic Authentication. ```ts import { basicAuth } from 'hono/basic-auth' // ... app.use( '/admin/*', basicAuth({ username: 'admin', password: 'secret', }) ) app.get('/admin', (c) => { return c.text('You are authorized!') }) ``` There are useful built-in middleware including Bearer and authentication using JWT, CORS and ETag. Hono also provides third-party middleware using external libraries such as GraphQL Server and Firebase Auth. And, you can make your own middleware. ## Adapter There are Adapters for platform-dependent functions, e.g., handling static files or WebSocket. For example, to handle WebSocket in Cloudflare Workers, import `hono/cloudflare-workers`. ```ts import { upgradeWebSocket } from 'hono/cloudflare-workers' app.get( '/ws', upgradeWebSocket((c) => { // ... }) ) ``` ## Next step Most code will work on any platform, but there are guides for each. For instance, how to set up projects or how to deploy. Please see the page for the exact platform you want to use to create your application! # Cloudflare Pages [Cloudflare Pages](https://pages.cloudflare.com) is an edge platform for full-stack web applications. It serves static files and dynamic content provided by Cloudflare Workers. Hono fully supports Cloudflare Pages. It introduces a delightful developer experience. Vite's dev server is fast, and deploying with Wrangler is super quick. ## 1. Setup A starter for Cloudflare Pages is available. Start your project with "create-hono" command. Select `cloudflare-pages` template for this example. ::: code-group ```sh [npm] npm create hono@latest my-app ``` ```sh [yarn] yarn create hono my-app ``` ```sh [pnpm] pnpm create hono my-app ``` ```sh [bun] bun create hono@latest my-app ``` ```sh [deno] deno init --npm hono my-app ``` ::: Move into `my-app` and install the dependencies. ::: code-group ```sh [npm] cd my-app npm i ``` ```sh [yarn] cd my-app yarn ``` ```sh [pnpm] cd my-app pnpm i ``` ```sh [bun] cd my-app bun i ``` ::: Below is a basic directory structure. ```text ./ β”œβ”€β”€ package.json β”œβ”€β”€ public β”‚Β Β  └── static // Put your static files. β”‚Β Β  └── style.css // You can refer to it as `/static/style.css`. β”œβ”€β”€ src β”‚Β Β  β”œβ”€β”€ index.tsx // The entry point for server-side. β”‚Β Β  └── renderer.tsx β”œβ”€β”€ tsconfig.json └── vite.config.ts ``` ## 2. Hello World Edit `src/index.tsx` like the following: ```tsx import { Hono } from 'hono' import { renderer } from './renderer' const app = new Hono() app.get('*', renderer) app.get('/', (c) => { return c.render(

Hello, Cloudflare Pages!

) }) export default app ``` ## 3. Run Run the development server locally. Then, access `http://localhost:5173` in your Web browser. ::: code-group ```sh [npm] npm run dev ``` ```sh [yarn] yarn dev ``` ```sh [pnpm] pnpm dev ``` ```sh [bun] bun run dev ``` ::: ## 4. Deploy If you have a Cloudflare account, you can deploy to Cloudflare. In `package.json`, `$npm_execpath` needs to be changed to your package manager of choice. ::: code-group ```sh [npm] npm run deploy ``` ```sh [yarn] yarn deploy ``` ```sh [pnpm] pnpm run deploy ``` ```sh [bun] bun run deploy ``` ::: ### Deploy via the Cloudflare dashboard with GitHub 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account. 2. In Account Home, select Workers & Pages > Create application > Pages > Connect to Git. 3. Authorize your GitHub account, and select the repository. In Set up builds and deployments, provide the following information: | Configuration option | Value | | -------------------- | --------------- | | Production branch | `main` | | Build command | `npm run build` | | Build directory | `dist` | ## Bindings You can use Cloudflare Bindings like Variables, KV, D1, and others. In this section, let's use Variables and KV. ### Create `wrangler.toml` First, create `wrangler.toml` for local Bindings: ```sh touch wrangler.toml ``` Edit `wrangler.toml`. Specify Variable with the name `MY_NAME`. ```toml [vars] MY_NAME = "Hono" ``` ### Create KV Next, make the KV. Run the following `wrangler` command: ```sh wrangler kv namespace create MY_KV --preview ``` Note down the `preview_id` as the following output: ``` { binding = "MY_KV", preview_id = "abcdef" } ``` Specify `preview_id` with the name of Bindings, `MY_KV`: ```toml [[kv_namespaces]] binding = "MY_KV" id = "abcdef" ``` ### Edit `vite.config.ts` Edit the `vite.config.ts`: ```ts import devServer from '@hono/vite-dev-server' import adapter from '@hono/vite-dev-server/cloudflare' import build from '@hono/vite-cloudflare-pages' import { defineConfig } from 'vite' export default defineConfig({ plugins: [ devServer({ entry: 'src/index.tsx', adapter, // Cloudflare Adapter }), build(), ], }) ``` ### Use Bindings in your application Use Variable and KV in your application. Set the types. ```ts type Bindings = { MY_NAME: string MY_KV: KVNamespace } const app = new Hono<{ Bindings: Bindings }>() ``` Use them: ```tsx app.get('/', async (c) => { await c.env.MY_KV.put('name', c.env.MY_NAME) const name = await c.env.MY_KV.get('name') return c.render(

Hello! {name}

) }) ``` ### In production For Cloudflare Pages, you will use `wrangler.toml` for local development, but for production, you will set up Bindings in the dashboard. ## Client-side You can write client-side scripts and import them into your application using Vite's features. If `/src/client.ts` is the entry point for the client, simply write it in the script tag. Additionally, `import.meta.env.PROD` is useful for detecting whether it's running on a dev server or in the build phase. ```tsx app.get('/', (c) => { return c.html( {import.meta.env.PROD ? ( ) : ( )}

Hello

) }) ``` In order to build the script properly, you can use the example config file `vite.config.ts` as shown below. ```ts import pages from '@hono/vite-cloudflare-pages' import devServer from '@hono/vite-dev-server' import { defineConfig } from 'vite' export default defineConfig(({ mode }) => { if (mode === 'client') { return { build: { rollupOptions: { input: './src/client.ts', output: { entryFileNames: 'static/client.js', }, }, }, } } else { return { plugins: [ pages(), devServer({ entry: 'src/index.tsx', }), ], } } }) ``` You can run the following command to build the server and client script. ```sh vite build --mode client && vite build ``` ## Cloudflare Pages Middleware Cloudflare Pages uses its own [middleware](https://developers.cloudflare.com/pages/functions/middleware/) system that is different from Hono's middleware. You can enable it by exporting `onRequest` in a file named `_middleware.ts` like this: ```ts // functions/_middleware.ts export async function onRequest(pagesContext) { console.log(`You are accessing ${pagesContext.request.url}`) return await pagesContext.next() } ``` Using `handleMiddleware`, you can use Hono's middleware as Cloudflare Pages middleware. ```ts // functions/_middleware.ts import { handleMiddleware } from 'hono/cloudflare-pages' export const onRequest = handleMiddleware(async (c, next) => { console.log(`You are accessing ${c.req.url}`) await next() }) ``` You can also use built-in and 3rd party middleware for Hono. For example, to add Basic Authentication, you can use [Hono's Basic Authentication Middleware](/docs/middleware/builtin/basic-auth). ```ts // functions/_middleware.ts import { handleMiddleware } from 'hono/cloudflare-pages' import { basicAuth } from 'hono/basic-auth' export const onRequest = handleMiddleware( basicAuth({ username: 'hono', password: 'acoolproject', }) ) ``` If you want to apply multiple middleware, you can write it like this: ```ts import { handleMiddleware } from 'hono/cloudflare-pages' // ... export const onRequest = [ handleMiddleware(middleware1), handleMiddleware(middleware2), handleMiddleware(middleware3), ] ``` ### Accessing `EventContext` You can access [`EventContext`](https://developers.cloudflare.com/pages/functions/api-reference/#eventcontext) object via `c.env` in `handleMiddleware`. ```ts // functions/_middleware.ts import { handleMiddleware } from 'hono/cloudflare-pages' export const onRequest = [ handleMiddleware(async (c, next) => { c.env.eventContext.data.user = 'Joe' await next() }), ] ``` Then, you can access the data value in via `c.env.eventContext` in the handler: ```ts // functions/api/[[route]].ts import type { EventContext } from 'hono/cloudflare-pages' import { handle } from 'hono/cloudflare-pages' // ... type Env = { Bindings: { eventContext: EventContext } } const app = new Hono().basePath('/api') app.get('/hello', (c) => { return c.json({ message: `Hello, ${c.env.eventContext.data.user}!`, // 'Joe' }) }) export const onRequest = handle(app) ``` # Vercel Vercel is the AI cloud, providing the developer tools and cloud infrastructure to build, scale, and secure a faster, more personalized web. Hono can be deployed to Vercel with zero-configuration. ## 1. Setup A starter for Vercel is available. Start your project with "create-hono" command. Select `vercel` template for this example. ::: code-group ```sh [npm] npm create hono@latest my-app ``` ```sh [yarn] yarn create hono my-app ``` ```sh [pnpm] pnpm create hono my-app ``` ```sh [bun] bun create hono@latest my-app ``` ```sh [deno] deno init --npm hono my-app ``` ::: Move into `my-app` and install the dependencies. ::: code-group ```sh [npm] cd my-app npm i ``` ```sh [yarn] cd my-app yarn ``` ```sh [pnpm] cd my-app pnpm i ``` ```sh [bun] cd my-app bun i ``` ::: We will use Vercel CLI to work on the app locally in the next step. If you haven't already, install it globally following [the Vercel CLI documentation](https://vercel.com/docs/cli). ## 2. Hello World In the `index.ts` or `src/index.ts` of your project, export the Hono application as a default export. ```ts import { Hono } from 'hono' const app = new Hono() const welcomeStrings = [ 'Hello Hono!', 'To learn more about Hono on Vercel, visit https://vercel.com/docs/frameworks/backend/hono', ] app.get('/', (c) => { return c.text(welcomeStrings.join('\n\n')) }) export default app ``` If you started with the `vercel` template, this is already set up for you. ## 3. Run To run the development server locally: ```sh vercel dev ``` Visiting `localhost:3000` will respond with a text response. ## 4. Deploy Deploy to Vercel using `vc deploy`. ```sh vercel deploy ``` ## Further reading [Learn more about Hono in the Vercel documentation](https://vercel.com/docs/frameworks/backend/hono). # AWS Lambda AWS Lambda is a serverless platform by Amazon Web Services. You can run your code in response to events and automatically manages the underlying compute resources for you. Hono works on AWS Lambda with the Node.js 18+ environment. ## 1. Setup When creating the application on AWS Lambda, [CDK](https://docs.aws.amazon.com/cdk/v2/guide/home.html) is useful to set up the functions such as IAM Role, API Gateway, and others. Initialize your project with the `cdk` CLI. ::: code-group ```sh [npm] mkdir my-app cd my-app cdk init app -l typescript npm i hono npm i -D esbuild mkdir lambda touch lambda/index.ts ``` ```sh [yarn] mkdir my-app cd my-app cdk init app -l typescript yarn add hono yarn add -D esbuild mkdir lambda touch lambda/index.ts ``` ```sh [pnpm] mkdir my-app cd my-app cdk init app -l typescript pnpm add hono pnpm add -D esbuild mkdir lambda touch lambda/index.ts ``` ```sh [bun] mkdir my-app cd my-app cdk init app -l typescript bun add hono bun add -D esbuild mkdir lambda touch lambda/index.ts ``` ::: ## 2. Hello World Edit `lambda/index.ts`. ```ts import { Hono } from 'hono' import { handle } from 'hono/aws-lambda' const app = new Hono() app.get('/', (c) => c.text('Hello Hono!')) export const handler = handle(app) ``` ## 3. Deploy Edit `lib/my-app-stack.ts`. ```ts import * as cdk from 'aws-cdk-lib' import { Construct } from 'constructs' import * as lambda from 'aws-cdk-lib/aws-lambda' import { NodejsFunction } from 'aws-cdk-lib/aws-lambda-nodejs' export class MyAppStack extends cdk.Stack { constructor(scope: Construct, id: string, props?: cdk.StackProps) { super(scope, id, props) const fn = new NodejsFunction(this, 'lambda', { entry: 'lambda/index.ts', handler: 'handler', runtime: lambda.Runtime.NODEJS_22_X, }) const fnUrl = fn.addFunctionUrl({ authType: lambda.FunctionUrlAuthType.NONE, }) new cdk.CfnOutput(this, 'lambdaUrl', { value: fnUrl.url!, }) } } ``` Finally, run the command to deploy: ```sh cdk deploy ``` ## Serve Binary data Hono supports binary data as a response. In Lambda, base64 encoding is required to return binary data. Once binary type is set to `Content-Type` header, Hono automatically encodes data to base64. ```ts app.get('/binary', async (c) => { // ... c.status(200) c.header('Content-Type', 'image/png') // means binary data return c.body(buffer) // supports `ArrayBufferLike` type, encoded to base64. }) ``` ## Access AWS Lambda Object In Hono, you can access the AWS Lambda Events and Context by binding the `LambdaEvent`, `LambdaContext` type and using `c.env` ```ts import { Hono } from 'hono' import type { LambdaEvent, LambdaContext } from 'hono/aws-lambda' import { handle } from 'hono/aws-lambda' type Bindings = { event: LambdaEvent lambdaContext: LambdaContext } const app = new Hono<{ Bindings: Bindings }>() app.get('/aws-lambda-info/', (c) => { return c.json({ isBase64Encoded: c.env.event.isBase64Encoded, awsRequestId: c.env.lambdaContext.awsRequestId, }) }) export const handler = handle(app) ``` ## Access RequestContext In Hono, you can access the AWS Lambda request context by binding the `LambdaEvent` type and using `c.env.event.requestContext`. ```ts import { Hono } from 'hono' import type { LambdaEvent } from 'hono/aws-lambda' import { handle } from 'hono/aws-lambda' type Bindings = { event: LambdaEvent } const app = new Hono<{ Bindings: Bindings }>() app.get('/custom-context/', (c) => { const lambdaContext = c.env.event.requestContext return c.json(lambdaContext) }) export const handler = handle(app) ``` ### Before v3.10.0 (deprecated) you can access the AWS Lambda request context by binding the `ApiGatewayRequestContext` type and using `c.env.` ```ts import { Hono } from 'hono' import type { ApiGatewayRequestContext } from 'hono/aws-lambda' import { handle } from 'hono/aws-lambda' type Bindings = { requestContext: ApiGatewayRequestContext } const app = new Hono<{ Bindings: Bindings }>() app.get('/custom-context/', (c) => { const lambdaContext = c.env.requestContext return c.json(lambdaContext) }) export const handler = handle(app) ``` ## Lambda response streaming By changing the invocation mode of AWS Lambda, you can achieve [Streaming Response](https://aws.amazon.com/blogs/compute/introducing-aws-lambda-response-streaming/). ```diff fn.addFunctionUrl({ authType: lambda.FunctionUrlAuthType.NONE, + invokeMode: lambda.InvokeMode.RESPONSE_STREAM, }) ``` Typically, the implementation requires writing chunks to NodeJS.WritableStream using awslambda.streamifyResponse, but with the AWS Lambda Adaptor, you can achieve the traditional streaming response of Hono by using streamHandle instead of handle. ```ts import { Hono } from 'hono' import { streamHandle } from 'hono/aws-lambda' import { streamText } from 'hono/streaming' const app = new Hono() app.get('/stream', async (c) => { return streamText(c, async (stream) => { for (let i = 0; i < 3; i++) { await stream.writeln(`${i}`) await stream.sleep(1) } }) }) export const handler = streamHandle(app) ``` # WebAssembly (w/ WASI) [WebAssembly][wasm-core] is a secure, sandboxed, portable runtime that runs inside and outside web browsers. In practice: - Languages (like JavaScript) _compile to_ WebAssembly (`.wasm` files) - WebAssembly runtimes (like [`wasmtime`][wasmtime] or [`jco`][jco]) enable _running_ WebAssembly binaries While core WebAssembly has _no_ access to things like the local filesystem or sockets, the [WebAssembly System Interface][wasi] steps in to enable defining a platform under WebAssembly workloads. This means that _with_ WASI, WebAssembly can operate on files, sockets, and much more. ::: info Want to peek at the WASI interface yourself? Check out [`wasi:http`][wasi-http] ::: Support for WebAssembly w/ WASI in JS is powered by [StarlingMonkey][sm], and thanks to the focus on Web standards in both StarlingMonkey and Hono, **Hono works \*out of the box with WASI-enabled WebAssembly ecosystems.** [sm]: https://github.com/bytecodealliance/StarlingMonkey [wasm-core]: https://webassembly.org/ [wasi]: https://wasi.dev/ [bca]: https://bytecodealliance.org/ [wasi-http]: https://github.com/WebAssembly/wasi-http ## 1. Setup The WebAssembly JS ecosystem provides tooling to make it easy to get started building WASI-enabled WebAssembly components: - [StarlingMonkey][sm] is a fork of [SpiderMonkey][spidermonkey] that compiles to WebAssembly and enables components - [`componentize-js`][componentize-js] turns JavaScript ES modules into WebAssembly components - [`jco`][jco] is a multi-tool that builds components, generates types, and runs components in environments like Node.js or the browser ::: info WebAssembly has an open ecosystem and is open source, with core projects stewarded primarily by the [Bytecode Alliance][bca] and its members. New features, issues, pull requests and other types of contributions are always welcome. ::: While a starter for Hono on WebAssembly is not yet available, you can start a WebAssembly Hono project just like any other: ::: code-group ```sh [npm] mkdir my-app cd my-app npm init npm i hono npm i -D @bytecodealliance/jco @bytecodealliance/componentize-js @bytecodealliance/jco-std npm i -D rolldown ``` ```sh [yarn] mkdir my-app cd my-app npm init yarn add hono yarn add -D @bytecodealliance/jco @bytecodealliance/componentize-js @bytecodealliance/jco-std yarn add -D rolldown ``` ```sh [pnpm] mkdir my-app cd my-app pnpm init --init-type module pnpm add hono pnpm add -D @bytecodealliance/jco @bytecodealliance/componentize-js @bytecodealliance/jco-std pnpm add -D rolldown ``` ```sh [bun] mkdir my-app cd my-app npm init bun add hono bun add -D @bytecodealliance/jco @bytecodealliance/componentize-js @bytecodealliance/jco-std ``` ::: ::: info To ensure your project uses ES modules, ensure `type` is set to `"module"` in `package.json` ::: After entering the `my-app` folder, install dependencies, and initialize TypeScript: ::: code-group ```sh [npm] npm i npx tsc --init ``` ```sh [yarn] yarn yarn tsc --init ``` ```sh [pnpm] pnpm i pnpm exec tsc --init ``` ```sh [bun] bun i ``` ::: Once you have a basic TypeScript configuration file (`tsconfig.json`), please ensure it has the following configuration: - `compilerOptions.module` set to `"nodenext"` Since `componentize-js` (and `jco` which re-uses it) supports only single JS files, bundling is necessary, so [`rolldown`][rolldown] can be used to create a single file bundle. A Rolldown configuration (`rolldown.config.mjs`) like the following can be used: ```js import { defineConfig } from 'rolldown' export default defineConfig({ input: 'src/component.ts', external: /wasi:.*/, output: { file: 'dist/component.js', format: 'esm', }, }) ``` ::: info Feel free to use any other bundlers that you're more comfortable with (`rolldown`, `esbuild`, `rollup`, etc) ::: [jco]: https://github.com/bytecodealliance/jco [componentize-js]: https://github.com/bytecodealliance/componentize-js [rolldown]: https://rolldown.rs [spidermonkey]: https://spidermonkey.dev/ ## 2. Set up WIT interface & dependencies [WebAssembly Interface Types (WIT)][wit] is an Interface Definition Language ("IDL") that governs what functionality a WebAssembly component uses ("imports"), and what it provides ("exports"). Amongst the standardized WIT interfaces, [`wasi:http`][wasi-http] is for dealing with HTTP requests (whether it's receiving them or sending them out), and since we intend to make a web server, our component must declare the use of `wasi:http/incoming-handler` in its [WIT world][wit-world]: First, let's set up the component's WIT world in a file called `wit/component.wit`: ```txt package example:hono; world component { export wasi:http/incoming-handler@0.2.6; } ``` Put simply, the WIT file above means that our component "provides" the functionality of "receiving"/"handling incoming" HTTP requests. The `wasi:http/incoming-handler` interface relies on upstream standardized WIT interfaces (specifications on how requests are structured, etc). To pull those third party (Bytecode Alliance maintained) WIT interfaces, one tool we can use is [`wkg`][wkg]: ```sh wkg wit fetch ``` Once `wkg` has finished running, you should find your `wit` folder populated with a new `deps` folder alongside `component.wit`: ``` wit β”œβ”€β”€ component.wit └── deps β”œβ”€β”€ wasi-cli-0.2.6 β”‚Β Β  └── package.wit β”œβ”€β”€ wasi-clocks-0.2.6 β”‚Β Β  └── package.wit β”œβ”€β”€ wasi-http-0.2.6 β”‚Β Β  └── package.wit β”œβ”€β”€ wasi-io-0.2.6 β”‚Β Β  └── package.wit └── wasi-random-0.2.6 └── package.wit ``` [wkg]: https://github.com/bytecodealliance/wasm-pkg-tools [wit-world]: https://github.com/WebAssembly/component-model/blob/main/design/mvp/WIT.md#wit-worlds [wit]: https://github.com/WebAssembly/component-model/blob/main/design/mvp/WIT.md ## 3. Hello Wasm To build an HTTP server in WebAssembly, we can make use of the [`jco-std`][jco-std] project, which contains helpers that make the experience very similar to the standard Hono experience. Let's fulfill our `component` world with a basic Hono application as a WebAssembly component in a file called `src/component.ts`: ```ts import { Hono } from 'hono' import { fire } from '@bytecodealliance/jco-std/wasi/0.2.6/http/adapters/hono/server' const app = new Hono() app.get('/hello', (c) => { return c.json({ message: 'Hello from WebAssembly!' }) }) fire(app) // Although we've called `fire()` with wasi HTTP configured for use above, // we still need to actually export the `wasi:http/incoming-handler` interface object, // as jco and componentize-js will be looking for the ES module export that matches the WASI interface. export { incomingHandler } from '@bytecodealliance/jco-std/wasi/0.2.6/http/adapters/hono/server' ``` ## 4. Build Since we're using Rolldown (and it's configured to handle TypeScript compilation), we can use it to build and bundle: ::: code-group ```sh [npm] npx rolldown -c ``` ```sh [yarn] yarn rolldown -c ``` ```sh [pnpm] pnpm exec rolldown -c ``` ```sh [bun] bun build --target=bun --outfile=dist/component.js ./src/component.ts ``` ::: ::: info The bundling step is necessary because WebAssembly JS ecosystem tooling only currently supports a single JS file, and we'd like to include Hono along with related libraries. For components with simpler requirements, bundlers are not necessary. ::: To build your WebAssembly component, use `jco` (and indirectly `componentize-js`): ::: code-group ```sh [npm] npx jco componentize -w wit -o dist/component.wasm dist/component.js ``` ```sh [yarn] yarn jco componentize -w wit -o dist/component.wasm dist/component.js ``` ```sh [pnpm] pnpm exec jco componentize -w wit -o dist/component.wasm dist/component.js ``` ```sh [bun] bun run jco componentize -w wit -o dist/component.wasm dist/component.js ``` ::: ## 5. Run To run your Hono WebAssembly HTTP server, you can use any WASI-enabled WebAssembly runtime: - [`wasmtime`][wasmtime] - `jco` (runs in Node.js) In this guide, we'll use `jco serve` since it's already installed. ::: warning `jco serve` is meant for development, and is not recommended for production use. ::: [wasmtime]: https://wasmtime.dev ::: code-group ```sh [npm] npx jco serve dist/component.wasm ``` ```sh [yarn] yarn jco serve dist/component.wasm ``` ```sh [pnpm] pnpm exec jco serve dist/component.wasm ``` ```sh [bun] bun run jco serve dist/component.wasm ``` ::: You should see output like the following: ``` $ npx jco serve dist/component.wasm Server listening @ localhost:8000... ``` Sending a request to `localhost:8000/hello` will produce the JSON output you've specified in your Hono application. You should see output like the following: ```json { "message": "Hello from WebAssembly!" } ``` ::: info `jco serve` works by converting the WebAssembly component into a basic WebAssembly coremodule, so that it can be run in runtimes like Node.js and the browser. This process is normally run via `jco transpile`, and is the way we can use JS engines like Node.js and the browser (which may use V8 or other JavaScript engines) as WebAssembly Component runtimes. How `jco transpile` is outside the scope of this guide, you can read more about it in [the Jco book][jco-book] ::: ## More information To learn more about WASI, WebAssembly components and more, see the following resources: - [BytecodeAlliance Component Model book][cm-book] - [`jco` codebase][jco] - [`jco` example components][jco-example-components] (in particular the [Hono example][jco-example-component-hono]) - [Jco book][jco-book] - [`componentize-js` codebase][componentize-js] - [StarlingMonkey codebase][sm] To reach out to the WebAssembly community with questions, comments, contributions or to file issues: - [Bytecode Alliance Zulip](https://bytecodealliance.zulipchat.com) (consider posting in the [#jco channel](https://bytecodealliance.zulipchat.com/#narrow/channel/409526-jco)) - [Jco repository](https://github.com/bytecodealliance/jco) - [componentize-js repository](https://github.com/bytecodealliance/componentize-js) [cm-book]: https://component-model.bytecodealliance.org/ [jco-book]: https://bytecodealliance.github.io/jco/ [jco-example-components]: https://github.com/bytecodealliance/jco/tree/main/examples/components [jco-example-component-hono]: https://github.com/bytecodealliance/jco/tree/main/examples/components/http-server-hono # Supabase Edge Functions [Supabase](https://supabase.com/) is an open-source alternative to Firebase, offering a suite of tools similar to Firebase's capabilities, including database, authentication, storage, and now, serverless functions. Supabase Edge Functions are server-side TypeScript functions that are distributed globally, running closer to your users for improved performance. These functions are developed using [Deno](https://deno.com/), which brings several benefits, including improved security and a modern JavaScript/TypeScript runtime. Here's how you can get started with Supabase Edge Functions: ## 1. Setup ### Prerequisites Before you begin, make sure you have the Supabase CLI installed. If you haven't installed it yet, follow the instructions in the [official documentation](https://supabase.com/docs/guides/cli/getting-started). ### Creating a New Project 1. Open your terminal or command prompt. 2. Create a new Supabase project in a directory on your local machine by running: ```bash supabase init ``` This command initializes a new Supabase project in the current directory. ### Adding an Edge Function 3. Inside your Supabase project, create a new Edge Function named `hello-world`: ```bash supabase functions new hello-world ``` This command creates a new Edge Function with the specified name in your project. ## 2. Hello World Edit the `hello-world` function by modifying the file `supabase/functions/hello-world/index.ts`: ```ts import { Hono } from 'jsr:@hono/hono' // change this to your function name const functionName = 'hello-world' const app = new Hono().basePath(`/${functionName}`) app.get('/hello', (c) => c.text('Hello from hono-server!')) Deno.serve(app.fetch) ``` ## 3. Run To run the function locally, use the following command: 1. Use the following command to serve the function: ```bash supabase start # start the supabase stack supabase functions serve --no-verify-jwt # start the Functions watcher ``` The `--no-verify-jwt` flag allows you to bypass JWT verification during local development. 2. Make a GET request using cURL or Postman to `http://127.0.0.1:54321/functions/v1/hello-world/hello`: ```bash curl --location 'http://127.0.0.1:54321/functions/v1/hello-world/hello' ``` This request should return the text "Hello from hono-server!". ## 4. Deploy You can deploy all of your Edge Functions in Supabase with a single command: ```bash supabase functions deploy ``` Alternatively, you can deploy individual Edge Functions by specifying the name of the function in the deploy command: ```bash supabase functions deploy hello-world ``` For more deployment methods, visit the Supabase documentation on [Deploying to Production](https://supabase.com/docs/guides/functions/deploy). # Deno [Deno](https://deno.com/) is a JavaScript runtime built on V8. It's not Node.js. Hono also works on Deno. You can use Hono, write the code with TypeScript, run the application with the `deno` command, and deploy it to "Deno Deploy". ## 1. Install Deno First, install `deno` command. Please refer to [the official document](https://docs.deno.com/runtime/getting_started/installation/). ## 2. Setup A starter for Deno is available. Start your project with the [`deno init`](https://docs.deno.com/runtime/reference/cli/init/) command. ```sh deno init --npm hono --template=deno my-app ``` Move into `my-app`. For Deno, you don't have to install Hono explicitly. ```sh cd my-app ``` ## 3. Hello World Edit `main.ts`: ```ts [main.ts] import { Hono } from 'hono' const app = new Hono() app.get('/', (c) => c.text('Hello Deno!')) Deno.serve(app.fetch) ``` ## 4. Run Run the development server locally. Then, access `http://localhost:8000` in your Web browser. ```sh deno task start ``` ## Change port number You can specify the port number by updating the arguments of `Deno.serve` in `main.ts`: ```ts Deno.serve(app.fetch) // [!code --] Deno.serve({ port: 8787 }, app.fetch) // [!code ++] ``` ## Serve static files To serve static files, use `serveStatic` imported from `hono/deno`. ```ts import { Hono } from 'hono' import { serveStatic } from 'hono/deno' const app = new Hono() app.use('/static/*', serveStatic({ root: './' })) app.use('/favicon.ico', serveStatic({ path: './favicon.ico' })) app.get('/', (c) => c.text('You can access: /static/hello.txt')) app.get('*', serveStatic({ path: './static/fallback.txt' })) Deno.serve(app.fetch) ``` For the above code, it will work well with the following directory structure. ``` ./ β”œβ”€β”€ favicon.ico β”œβ”€β”€ index.ts └── static β”œβ”€β”€ demo β”‚ └── index.html β”œβ”€β”€ fallback.txt β”œβ”€β”€ hello.txt └── images └── dinotocat.png ``` ### `rewriteRequestPath` If you want to map `http://localhost:8000/static/*` to `./statics`, you can use the `rewriteRequestPath` option: ```ts app.get( '/static/*', serveStatic({ root: './', rewriteRequestPath: (path) => path.replace(/^\/static/, '/statics'), }) ) ``` ### `mimes` You can add MIME types with `mimes`: ```ts app.get( '/static/*', serveStatic({ mimes: { m3u8: 'application/vnd.apple.mpegurl', ts: 'video/mp2t', }, }) ) ``` ### `onFound` You can specify handling when the requested file is found with `onFound`: ```ts app.get( '/static/*', serveStatic({ // ... onFound: (_path, c) => { c.header('Cache-Control', `public, immutable, max-age=31536000`) }, }) ) ``` ### `onNotFound` You can specify handling when the requested file is not found with `onNotFound`: ```ts app.get( '/static/*', serveStatic({ onNotFound: (path, c) => { console.log(`${path} is not found, you access ${c.req.path}`) }, }) ) ``` ### `precompressed` The `precompressed` option checks if files with extensions like `.br` or `.gz` are available and serves them based on the `Accept-Encoding` header. It prioritizes Brotli, then Zstd, and Gzip. If none are available, it serves the original file. ```ts app.get( '/static/*', serveStatic({ precompressed: true, }) ) ``` ## Deno Deploy Deno Deploy is a serverless platform for running JavaScript and TypeScript applications in the cloud. It provides a management plane for deploying and running applications through integrations like GitHub deployment. Hono also works on Deno Deploy. Please refer to [the official document](https://docs.deno.com/deploy/manual/). ## Testing Testing the application on Deno is easy. You can write with `Deno.test` and use `assert` or `assertEquals` from [@std/assert](https://jsr.io/@std/assert). ```sh deno add jsr:@std/assert ``` ```ts [hello.ts] import { Hono } from 'hono' import { assertEquals } from '@std/assert' Deno.test('Hello World', async () => { const app = new Hono() app.get('/', (c) => c.text('Please test me')) const res = await app.request('http://localhost/') assertEquals(res.status, 200) }) ``` Then run the command: ```sh deno test hello.ts ``` ## npm and JSR Hono is available on both [npm](https://www.npmjs.com/package/hono) and [JSR](https://jsr.io/@hono/hono) (the JavaScript Registry). You can use either `npm:hono` or `jsr:@hono/hono` in your `deno.json`: ```json { "imports": { "hono": "jsr:@hono/hono" // [!code --] "hono": "npm:hono" // [!code ++] } } ``` To use middleware you need to use the [Deno directory](https://docs.deno.com/runtime/fundamentals/configuration/#custom-path-mappings) syntax in the import. ```json { "imports": { "hono/": "npm:/hono/" } } ``` When using third-party middleware, you may need to use Hono from the same registry as the middleware for proper TypeScript type inference. For example, if using the middleware from npm, you should also use Hono from npm: ```json { "imports": { "hono": "npm:hono", "zod": "npm:zod", "@hono/zod-validator": "npm:@hono/zod-validator" } } ``` We also provide many third-party middleware packages on [JSR](https://jsr.io/@hono). When using the middleware on JSR, use Hono from JSR: ```json { "imports": { "hono": "jsr:@hono/hono", "zod": "npm:zod", "@hono/zod-validator": "jsr:@hono/zod-validator" } } ``` # Cloudflare Workers [Cloudflare Workers](https://workers.cloudflare.com) is a JavaScript edge runtime on Cloudflare CDN. You can develop the application locally and publish it with a few commands using [Wrangler](https://developers.cloudflare.com/workers/wrangler/). Wrangler includes transcompiler, so we can write the code with TypeScript. Let’s make your first application for Cloudflare Workers with Hono. ## 1. Setup A starter for Cloudflare Workers is available. Start your project with "create-hono" command. Select `cloudflare-workers` template for this example. ::: code-group ```sh [npm] npm create hono@latest my-app ``` ```sh [yarn] yarn create hono my-app ``` ```sh [pnpm] pnpm create hono my-app ``` ```sh [bun] bun create hono@latest my-app ``` ```sh [deno] deno init --npm hono my-app ``` ::: Move to `my-app` and install the dependencies. ::: code-group ```sh [npm] cd my-app npm i ``` ```sh [yarn] cd my-app yarn ``` ```sh [pnpm] cd my-app pnpm i ``` ```sh [bun] cd my-app bun i ``` ::: ## 2. Hello World Edit `src/index.ts` like below. ```ts import { Hono } from 'hono' const app = new Hono() app.get('/', (c) => c.text('Hello Cloudflare Workers!')) export default app ``` ## 3. Run Run the development server locally. Then, access `http://localhost:8787` in your web browser. ::: code-group ```sh [npm] npm run dev ``` ```sh [yarn] yarn dev ``` ```sh [pnpm] pnpm dev ``` ```sh [bun] bun run dev ``` ::: ### Change port number If you need to change the port number you can follow the instructions here to update `wrangler.toml` / `wrangler.json` / `wrangler.jsonc` files: [Wrangler Configuration](https://developers.cloudflare.com/workers/wrangler/configuration/#local-development-settings) Or, you can follow the instructions here to set CLI options: [Wrangler CLI](https://developers.cloudflare.com/workers/wrangler/commands/#dev) ## 4. Deploy If you have a Cloudflare account, you can deploy to Cloudflare. In `package.json`, `$npm_execpath` needs to be changed to your package manager of choice. ::: code-group ```sh [npm] npm run deploy ``` ```sh [yarn] yarn deploy ``` ```sh [pnpm] pnpm run deploy ``` ```sh [bun] bun run deploy ``` ::: That's all! ## Using Hono with other event handlers You can integrate Hono with other event handlers (such as `scheduled`) in _Module Worker mode_. To do this, export `app.fetch` as the module's `fetch` handler, and then implement other handlers as needed: ```ts const app = new Hono() export default { fetch: app.fetch, scheduled: async (batch, env) => {}, } ``` ## Serve static files If you want to serve static files, you can use [the Static Assets feature](https://developers.cloudflare.com/workers/static-assets/) of Cloudflare Workers. Specify the directory for the files in `wrangler.toml`: ```toml assets = { directory = "public" } ``` Then create theΒ `public`Β directory and place the files there. For instance, `./public/static/hello.txt` will be served as `/static/hello.txt`. ``` . β”œβ”€β”€ package.json β”œβ”€β”€ public β”‚Β Β  β”œβ”€β”€ favicon.ico β”‚Β Β  └── static β”‚Β Β  └── hello.txt β”œβ”€β”€ src β”‚Β Β  └── index.ts └── wrangler.toml ``` ## Types You have to install `@cloudflare/workers-types` if you want to have workers types. ::: code-group ```sh [npm] npm i --save-dev @cloudflare/workers-types ``` ```sh [yarn] yarn add -D @cloudflare/workers-types ``` ```sh [pnpm] pnpm add -D @cloudflare/workers-types ``` ```sh [bun] bun add --dev @cloudflare/workers-types ``` ::: ## Testing For testing, we recommend using `@cloudflare/vitest-pool-workers`. Refer to [examples](https://github.com/honojs/examples) for setting it up. If there is the application below. ```ts import { Hono } from 'hono' const app = new Hono() app.get('/', (c) => c.text('Please test me!')) ``` We can test if it returns "_200 OK_" Response with this code. ```ts describe('Test the application', () => { it('Should return 200 response', async () => { const res = await app.request('http://localhost/') expect(res.status).toBe(200) }) }) ``` ## Bindings In the Cloudflare Workers, we can bind the environment values, KV namespace, R2 bucket, or Durable Object. You can access them in `c.env`. It will have the types if you pass the "_type definition_" for the bindings to the `Hono` as generics. ```ts type Bindings = { MY_BUCKET: R2Bucket USERNAME: string PASSWORD: string } const app = new Hono<{ Bindings: Bindings }>() // Access to environment values app.put('/upload/:key', async (c, next) => { const key = c.req.param('key') await c.env.MY_BUCKET.put(key, c.req.body) return c.text(`Put ${key} successfully!`) }) ``` ## Using Variables in Middleware This is the only case for Module Worker mode. If you want to use Variables or Secret Variables in Middleware, for example, "username" or "password" in Basic Authentication Middleware, you need to write like the following. ```ts import { basicAuth } from 'hono/basic-auth' type Bindings = { USERNAME: string PASSWORD: string } const app = new Hono<{ Bindings: Bindings }>() //... app.use('/auth/*', async (c, next) => { const auth = basicAuth({ username: c.env.USERNAME, password: c.env.PASSWORD, }) return auth(c, next) }) ``` The same is applied to Bearer Authentication Middleware, JWT Authentication, or others. ## Deploy from GitHub Actions Before deploying code to Cloudflare via CI, you need a Cloudflare token. You can manage it from [User API Tokens](https://dash.cloudflare.com/profile/api-tokens). If it's a newly created token, select the **Edit Cloudflare Workers** template. If you already have another token, make sure the token has the corresponding permissions. (Note: token permissions are not shared between Cloudflare Pages and Cloudflare Workers). then go to your GitHub repository settings dashboard: `Settings->Secrets and variables->Actions->Repository secrets`, and add a new secret with the name `CLOUDFLARE_API_TOKEN`. then create `.github/workflows/deploy.yml` in your Hono project root folder, paste the following code: ```yml name: Deploy on: push: branches: - main jobs: deploy: runs-on: ubuntu-latest name: Deploy steps: - uses: actions/checkout@v4 - name: Deploy uses: cloudflare/wrangler-action@v3 with: apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} ``` then edit `wrangler.toml`, and add this code after `compatibility_date` line. ```toml main = "src/index.ts" minify = true ``` Everything is ready! Now push the code and enjoy it. ## Load env when local development To configure the environment variables for local development, create a `.dev.vars` file or a `.env` file in the root directory of the project. These files should be formatted using the [dotenv](https://hexdocs.pm/dotenvy/dotenv-file-format.html) syntax. For example: ``` SECRET_KEY=value API_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 ``` > For more about this section you can find in the Cloudflare documentation: > https://developers.cloudflare.com/workers/wrangler/configuration/#secrets Then we use the `c.env.*` to get the environment variables in our code. ::: info By default, `process.env` is not available in Cloudflare Workers, so it is recommended to get environment variables from `c.env`. If you want to use it, you need to enable [`nodejs_compat_populate_process_env`](https://developers.cloudflare.com/workers/configuration/compatibility-flags/#enable-auto-populating-processenv) flag. You can also import `env` from `cloudflare:workers`. For details, please see [How to access `env` on Cloudflare docs](https://developers.cloudflare.com/workers/runtime-apis/bindings/#how-to-access-env) ::: ```ts type Bindings = { SECRET_KEY: string } const app = new Hono<{ Bindings: Bindings }>() app.get('/env', (c) => { const SECRET_KEY = c.env.SECRET_KEY return c.text(SECRET_KEY) }) ``` Before you deploy your project to Cloudflare, remember to set the environment variable/secrets in the Cloudflare Workers project's configuration. > For more about this section you can find in the Cloudflare documentation: > https://developers.cloudflare.com/workers/configuration/environment-variables/#add-environment-variables-via-the-dashboard # Fastly Compute [Fastly Compute](https://www.fastly.com/products/edge-compute) is an advanced edge computing system that runs your code, in your favorite language, on Fastly's global edge network. Hono also works on Fastly Compute. You can develop the application locally and publish it with a few commands using [Fastly CLI](https://www.fastly.com/documentation/reference/tools/cli/), which is installed locally automatically as part of the template. ## 1. Setup A starter for Fastly Compute is available. Start your project with "create-hono" command. Select `fastly` template for this example. ::: code-group ```sh [npm] npm create hono@latest my-app ``` ```sh [yarn] yarn create hono my-app ``` ```sh [pnpm] pnpm create hono my-app ``` ```sh [bun] bun create hono@latest my-app ``` ```sh [deno] deno init --npm hono my-app ``` ::: Move to `my-app` and install the dependencies. ::: code-group ```sh [npm] cd my-app npm i ``` ```sh [yarn] cd my-app yarn ``` ```sh [pnpm] cd my-app pnpm i ``` ```sh [bun] cd my-app bun i ``` ::: ## 2. Hello World Edit `src/index.ts`: ```ts // src/index.ts import { Hono } from 'hono' import { fire } from '@fastly/hono-fastly-compute' const app = new Hono() app.get('/', (c) => c.text('Hello Fastly!')) fire(app) ``` > [!NOTE] > When using `fire` (or `buildFire()`) from `@fastly/hono-fastly-compute'` at the top level of your application, it is suitable to use `Hono` from `'hono'` rather than `'hono/quick'`, because `fire` causes its router to build its internal data during the application initialization phase. ## 3. Run Run the development server locally. Then, access `http://localhost:7676` in your Web browser. ::: code-group ```sh [npm] npm run start ``` ```sh [yarn] yarn start ``` ```sh [pnpm] pnpm run start ``` ```sh [bun] bun run start ``` ::: ## 4. Deploy To build and deploy your application to your Fastly account, type the following command. The first time you deploy the application, you will be prompted to create a new service in your account. If you don't have an account yet, you must [create your Fastly account](https://www.fastly.com/signup/). ::: code-group ```sh [npm] npm run deploy ``` ```sh [yarn] yarn deploy ``` ```sh [pnpm] pnpm run deploy ``` ```sh [bun] bun run deploy ``` ::: ## Bindings In Fastly Compute, you can bind Fastly platform resources, such as KV Stores, Config Stores, Secret Stores, Backends, Access Control Lists, Named Log Streams, and Environment Variables. You can access them through `c.env`, and will have their individual SDK types. To use these bindings, import `buildFire` instead of `fire` from `@fastly/hono-fastly-compute`. Define your [bindings](https://github.com/fastly/compute-js-context?tab=readme-ov-file#typed-bindings-with-buildcontextproxy) and pass them to [`buildFire()`](https://github.com/fastly/hono-fastly-compute?tab=readme-ov-file#basic-example) to obtain `fire`. Then use `fire.Bindings` to define your `Env` type as you construct `Hono`. ```ts // src/index.ts import { buildFire } from '@fastly/hono-fastly-compute' const fire = buildFire({ siteData: 'KVStore:site-data', // I have a KV Store named "site-data" }) const app = new Hono<{ Bindings: typeof fire.Bindings }>() app.put('/upload/:key', async (c, next) => { // e.g., Access the KV Store const key = c.req.param('key') await c.env.siteData.put(key, c.req.body) return c.text(`Put ${key} successfully!`) }) fire(app) ``` # Azure Functions [Azure Functions](https://azure.microsoft.com/en-us/products/functions) is a serverless platform from Microsoft Azure. You can run your code in response to events, and it automatically manages the underlying compute resources for you. Hono was not designed for Azure Functions at first, but with [Azure Functions Adapter](https://github.com/Marplex/hono-azurefunc-adapter), it can run on it as well. It works with Azure Functions **V4** running on Node.js 18 or above. ## 1. Install CLI To create an Azure Function, you must first install [Azure Functions Core Tools](https://learn.microsoft.com/en-us/azure/azure-functions/create-first-function-cli-typescript?pivots=nodejs-model-v4#install-the-azure-functions-core-tools). On macOS ```sh brew tap azure/functions brew install azure-functions-core-tools@4 ``` Follow this link for other OS: - [Install the Azure Functions Core Tools | Microsoft Learn](https://learn.microsoft.com/en-us/azure/azure-functions/create-first-function-cli-typescript?pivots=nodejs-model-v4#install-the-azure-functions-core-tools) ## 2. Setup Create a TypeScript Node.js V4 project in the current folder. ```sh func init --typescript ``` Change the default route prefix of the host. Add this property to the root json object of `host.json`: ```json "extensions": { "http": { "routePrefix": "" } } ``` ::: info The default Azure Functions route prefix is `/api`. If you don't change it as shown above, be sure to start all your Hono routes with `/api` ::: Now you are ready to install Hono and the Azure Functions Adapter with: ::: code-group ```sh [npm] npm i @marplex/hono-azurefunc-adapter hono ``` ```sh [yarn] yarn add @marplex/hono-azurefunc-adapter hono ``` ```sh [pnpm] pnpm add @marplex/hono-azurefunc-adapter hono ``` ```sh [bun] bun add @marplex/hono-azurefunc-adapter hono ``` ::: ## 3. Hello World Create `src/app.ts`: ```ts // src/app.ts import { Hono } from 'hono' const app = new Hono() app.get('/', (c) => c.text('Hello Azure Functions!')) export default app ``` Create `src/functions/httpTrigger.ts`: ```ts // src/functions/httpTrigger.ts import { app } from '@azure/functions' import { azureHonoHandler } from '@marplex/hono-azurefunc-adapter' import honoApp from '../app' app.http('httpTrigger', { methods: [ //Add all your supported HTTP methods here 'GET', 'POST', 'DELETE', 'PUT', ], authLevel: 'anonymous', route: '{*proxy}', handler: azureHonoHandler(honoApp.fetch), }) ``` ## 4. Run Run the development server locally. Then, access `http://localhost:7071` in your Web browser. ::: code-group ```sh [npm] npm run start ``` ```sh [yarn] yarn start ``` ```sh [pnpm] pnpm start ``` ```sh [bun] bun run start ``` ::: ## 5. Deploy ::: info Before you can deploy to Azure, you need to create some resources in your cloud infrastructure. Please visit the Microsoft documentation on [Create supporting Azure resources for your function](https://learn.microsoft.com/en-us/azure/azure-functions/create-first-function-cli-typescript?pivots=nodejs-model-v4&tabs=windows%2Cazure-cli%2Cbrowser#create-supporting-azure-resources-for-your-function) ::: Build the project for deployment: ::: code-group ```sh [npm] npm run build ``` ```sh [yarn] yarn build ``` ```sh [pnpm] pnpm build ``` ```sh [bun] bun run build ``` ::: Deploy your project to the function app in Azure Cloud. Replace `` with the name of your app. ```sh func azure functionapp publish ``` # Lambda@Edge [Lambda@Edge](https://aws.amazon.com/lambda/edge/) is a serverless platform by Amazon Web Services. It allows you to run Lambda functions at Amazon CloudFront's edge locations, enabling you to customize behaviors for HTTP requests/responses. Hono supports Lambda@Edge with the Node.js 18+ environment. ## 1. Setup When creating the application on Lambda@Edge, [CDK](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-cdk.html) is useful to set up the functions such as CloudFront, IAM Role, API Gateway, and others. Initialize your project with the `cdk` CLI. ::: code-group ```sh [npm] mkdir my-app cd my-app cdk init app -l typescript npm i hono mkdir lambda ``` ```sh [yarn] mkdir my-app cd my-app cdk init app -l typescript yarn add hono mkdir lambda ``` ```sh [pnpm] mkdir my-app cd my-app cdk init app -l typescript pnpm add hono mkdir lambda ``` ```sh [bun] mkdir my-app cd my-app cdk init app -l typescript bun add hono mkdir lambda ``` ::: ## 2. Hello World Edit `lambda/index_edge.ts`. ```ts import { Hono } from 'hono' import { handle } from 'hono/lambda-edge' const app = new Hono() app.get('/', (c) => c.text('Hello Hono on Lambda@Edge!')) export const handler = handle(app) ``` ## 3. Deploy Edit `bin/my-app.ts`. ```ts #!/usr/bin/env node import 'source-map-support/register' import * as cdk from 'aws-cdk-lib' import { MyAppStack } from '../lib/my-app-stack' const app = new cdk.App() new MyAppStack(app, 'MyAppStack', { env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: 'us-east-1', }, }) ``` Edit `lambda/cdk-stack.ts`. ```ts import { Construct } from 'constructs' import * as cdk from 'aws-cdk-lib' import * as cloudfront from 'aws-cdk-lib/aws-cloudfront' import * as origins from 'aws-cdk-lib/aws-cloudfront-origins' import * as lambda from 'aws-cdk-lib/aws-lambda' import { NodejsFunction } from 'aws-cdk-lib/aws-lambda-nodejs' import * as s3 from 'aws-cdk-lib/aws-s3' export class MyAppStack extends cdk.Stack { public readonly edgeFn: lambda.Function constructor(scope: Construct, id: string, props?: cdk.StackProps) { super(scope, id, props) const edgeFn = new NodejsFunction(this, 'edgeViewer', { entry: 'lambda/index_edge.ts', handler: 'handler', runtime: lambda.Runtime.NODEJS_20_X, }) // Upload any html const originBucket = new s3.Bucket(this, 'originBucket') new cloudfront.Distribution(this, 'Cdn', { defaultBehavior: { origin: new origins.S3Origin(originBucket), edgeLambdas: [ { functionVersion: edgeFn.currentVersion, eventType: cloudfront.LambdaEdgeEventType.VIEWER_REQUEST, }, ], }, }) } } ``` Finally, run the command to deploy: ```sh cdk deploy ``` ## Callback If you want to add Basic Auth and continue with request processing after verification, you can use `c.env.callback()` ```ts import { Hono } from 'hono' import { basicAuth } from 'hono/basic-auth' import type { Callback, CloudFrontRequest } from 'hono/lambda-edge' import { handle } from 'hono/lambda-edge' type Bindings = { callback: Callback request: CloudFrontRequest } const app = new Hono<{ Bindings: Bindings }>() app.get( '*', basicAuth({ username: 'hono', password: 'acoolproject', }) ) app.get('/', async (c, next) => { await next() c.env.callback(null, c.env.request) }) export const handler = handle(app) ``` # Alibaba Cloud Function Compute [Alibaba Cloud Function Compute](https://www.alibabacloud.com/en/product/function-compute) is a fully managed, event-driven compute service. Function Compute allows you to focus on writing and uploading code without having to manage infrastructure such as servers. This guide uses a third-party adapter [rwv/hono-alibaba-cloud-fc3-adapter](https://github.com/rwv/hono-alibaba-cloud-fc3-adapter) to run Hono on Alibaba Cloud Function Compute. ## 1. Setup ::: code-group ```sh [npm] mkdir my-app cd my-app npm i hono hono-alibaba-cloud-fc3-adapter npm i -D @serverless-devs/s esbuild mkdir src touch src/index.ts ``` ```sh [yarn] mkdir my-app cd my-app yarn add hono hono-alibaba-cloud-fc3-adapter yarn add -D @serverless-devs/s esbuild mkdir src touch src/index.ts ``` ```sh [pnpm] mkdir my-app cd my-app pnpm add hono hono-alibaba-cloud-fc3-adapter pnpm add -D @serverless-devs/s esbuild mkdir src touch src/index.ts ``` ```sh [bun] mkdir my-app cd my-app bun add hono hono-alibaba-cloud-fc3-adapter bun add -D esbuild @serverless-devs/s mkdir src touch src/index.ts ``` ::: ## 2. Hello World Edit `src/index.ts`. ```ts import { Hono } from 'hono' import { handle } from 'hono-alibaba-cloud-fc3-adapter' const app = new Hono() app.get('/', (c) => c.text('Hello Hono!')) export const handler = handle(app) ``` ## 3. Setup serverless-devs > [serverless-devs](https://github.com/Serverless-Devs/Serverless-Devs) is an open source and open serverless developer platform dedicated to providing developers with a powerful tool chain system. Through this platform, developers can not only experience multi cloud serverless products with one click and rapidly deploy serverless projects, but also manage projects in the whole life cycle of serverless applications, and combine serverless devs with other tools / platforms very simply and quickly to further improve the efficiency of R & D, operation and maintenance. Add the Alibaba Cloud AccessKeyID & AccessKeySecret ```sh npx s config add # Please select a provider: Alibaba Cloud (alibaba) # Input your AccessKeyID & AccessKeySecret ``` Edit `s.yaml` ```yaml edition: 3.0.0 name: my-app access: 'default' vars: region: 'us-west-1' resources: my-app: component: fc3 props: region: ${vars.region} functionName: 'my-app' description: 'Hello World by Hono' runtime: 'nodejs20' code: ./dist handler: index.handler memorySize: 1024 timeout: 300 ``` Edit `scripts` section in `package.json`: ```json { "scripts": { "build": "esbuild --bundle --outfile=./dist/index.js --platform=node --target=node20 ./src/index.ts", "deploy": "s deploy -y" } } ``` ## 4. Deploy Finally, run the command to deploy: ```sh npm run build # Compile the TypeScript code to JavaScript npm run deploy # Deploy the function to Alibaba Cloud Function Compute ``` # Node.js [Node.js](https://nodejs.org/) is an open-source, cross-platform JavaScript runtime environment. Hono was not designed for Node.js at first, but with a [Node.js Adapter](https://github.com/honojs/node-server), it can run on Node.js as well. ::: info It works on Node.js versions greater than 18.x. The specific required Node.js versions are as follows: - 18.x => 18.14.1+ - 19.x => 19.7.0+ - 20.x => 20.0.0+ Essentially, you can simply use the latest version of each major release. ::: ## 1. Setup A starter for Node.js is available. Start your project with "create-hono" command. Select `nodejs` template for this example. ::: code-group ```sh [npm] npm create hono@latest my-app ``` ```sh [yarn] yarn create hono my-app ``` ```sh [pnpm] pnpm create hono my-app ``` ```sh [bun] bun create hono@latest my-app ``` ```sh [deno] deno init --npm hono my-app ``` ::: Move to `my-app` and install the dependencies. ::: code-group ```sh [npm] cd my-app npm i ``` ```sh [yarn] cd my-app yarn ``` ```sh [pnpm] cd my-app pnpm i ``` ```sh [bun] cd my-app bun i ``` ::: ## 2. Hello World Edit `src/index.ts`: ```ts import { serve } from '@hono/node-server' import { Hono } from 'hono' const app = new Hono() app.get('/', (c) => c.text('Hello Node.js!')) serve(app) ``` If you want to gracefully shut down the server, write it like this: ```ts const server = serve(app) // graceful shutdown process.on('SIGINT', () => { server.close() process.exit(0) }) process.on('SIGTERM', () => { server.close((err) => { if (err) { console.error(err) process.exit(1) } process.exit(0) }) }) ``` ## 3. Run Run the development server locally. Then, access `http://localhost:3000` in your Web browser. ::: code-group ```sh [npm] npm run dev ``` ```sh [yarn] yarn dev ``` ```sh [pnpm] pnpm dev ``` ::: ## Change port number You can specify the port number with the `port` option. ```ts serve({ fetch: app.fetch, port: 8787, }) ``` ## WebSocket WebSocket support is built into `@hono/node-server`. Install `ws` and, if you use TypeScript, `@types/ws`. Then create a `WebSocketServer` with `{ noServer: true }` and pass it to `serve()` with the `websocket` option. `@hono/node-ws` is deprecated. ```ts import { serve, upgradeWebSocket } from '@hono/node-server' import { Hono } from 'hono' import { WebSocketServer } from 'ws' const app = new Hono() app.get( '/ws', upgradeWebSocket(() => ({ onMessage(event, ws) { ws.send(event.data) }, })) ) const wss = new WebSocketServer({ noServer: true }) serve({ fetch: app.fetch, websocket: { server: wss }, }) ``` ## Access the raw Node.js APIs You can access the Node.js APIs from `c.env.incoming` and `c.env.outgoing`. ```ts import { Hono } from 'hono' import { serve, type HttpBindings } from '@hono/node-server' // or `Http2Bindings` if you use HTTP2 type Bindings = HttpBindings & { /* ... */ } const app = new Hono<{ Bindings: Bindings }>() app.get('/', (c) => { return c.json({ remoteAddress: c.env.incoming.socket.remoteAddress, }) }) serve(app) ``` ## Serve static files You can use `serveStatic` to serve static files from the local file system. For example, suppose the directory structure is as follows: ```sh ./ β”œβ”€β”€ favicon.ico β”œβ”€β”€ index.ts └── static β”œβ”€β”€ hello.txt └── image.png ``` If a request to the path `/static/*` comes in and you want to return a file under `./static`, you can write the following: ```ts import { serveStatic } from '@hono/node-server/serve-static' app.use('/static/*', serveStatic({ root: './' })) ``` ::: warning The `root` option resolves paths relative to the current working directory (`process.cwd()`). This means the behavior depends on **where you run your Node.js process from**, not where your source file is located. If you start your server from a different directory, file resolution may fail. For reliable path resolution that always points to the same directory as your source file, use `import.meta.url`: ```ts import { fileURLToPath } from 'node:url' import { serveStatic } from '@hono/node-server/serve-static' app.use( '/static/*', serveStatic({ root: fileURLToPath(new URL('./', import.meta.url)) }) ) ``` ::: Use the `path` option to serve `favicon.ico` in the directory root: ```ts app.use('/favicon.ico', serveStatic({ path: './favicon.ico' })) ``` If a request to the path `/hello.txt` or `/image.png` comes in and you want to return a file named `./static/hello.txt` or `./static/image.png`, you can use the following: ```ts app.use('*', serveStatic({ root: './static' })) ``` ### `rewriteRequestPath` If you want to map `http://localhost:3000/static/*` to `./statics`, you can use the `rewriteRequestPath` option: ```ts app.get( '/static/*', serveStatic({ root: './', rewriteRequestPath: (path) => path.replace(/^\/static/, '/statics'), }) ) ``` ## http2 You can run hono on a [Node.js http2 Server](https://nodejs.org/api/http2.html). ### unencrypted http2 ```ts import { createServer } from 'node:http2' const server = serve({ fetch: app.fetch, createServer, }) ``` ### encrypted http2 ```ts import { createSecureServer } from 'node:http2' import { readFileSync } from 'node:fs' const server = serve({ fetch: app.fetch, createServer: createSecureServer, serverOptions: { key: readFileSync('localhost-privkey.pem'), cert: readFileSync('localhost-cert.pem'), }, }) ``` ## Building & Deployment ::: code-group ```sh [npm] npm run build ``` ```sh [yarn] yarn run build ``` ```sh [pnpm] pnpm run build ``` ```sh [bun] bun run build ``` ::: info Apps with a front-end framework may need to use [Hono's Vite plugins](https://github.com/honojs/vite-plugins). ::: ### Dockerfile Here is an example of a Node.js Dockerfile. ```Dockerfile FROM node:22-alpine AS base FROM base AS builder RUN apk add --no-cache gcompat WORKDIR /app COPY package*json tsconfig.json src ./ RUN npm ci && \ npm run build && \ npm prune --production FROM base AS runner WORKDIR /app RUN addgroup --system --gid 1001 nodejs RUN adduser --system --uid 1001 hono COPY --from=builder --chown=hono:nodejs /app/node_modules /app/node_modules COPY --from=builder --chown=hono:nodejs /app/dist /app/dist COPY --from=builder --chown=hono:nodejs /app/package.json /app/package.json USER hono EXPOSE 3000 CMD ["node", "/app/dist/index.js"] ``` # Bun [Bun](https://bun.com) is another JavaScript runtime. It's not Node.js or Deno. Bun includes a transcompiler, so we can write the code in TypeScript or plain JavaScript. Hono also works on Bun. ## 1. Install Bun To install `bun` command, follow the instruction in [the official web site](https://bun.com). ## 2. Setup ### 2.1. Setup a new project A starter for Bun is available. Start your project with "bun create" command. Select `bun` template for this example. ```sh bun create hono@latest my-app ``` Move into my-app and install the dependencies. ```sh cd my-app bun install ``` ### 2.2. Setup an existing project On an existing Bun project, we only need to install `hono` dependencies on the project root directory via ```sh bun add hono ``` Then add the `dev` command to your existing `package.json`. ```json { "scripts": { "dev": "bun run --hot src/index.ts" } } ``` See the [Bun starter template](https://github.com/honojs/starter/tree/main/templates/bun) for a minimal example setup. This is the output of running `bun create hono@latest`. ## 3. Hello World "Hello World" script is below. Almost the same as writing on other platforms. ```ts import { Hono } from 'hono' const app = new Hono() app.get('/', (c) => c.text('Hello Bun!')) export default app ``` If you are setting up Hono on an existing project, the `bun run dev` command expects the "Hello World" script to be placed in `src/index.ts` ## 4. Run Run the command. ```sh bun run dev ``` Then, access `http://localhost:3000` in your browser. ## Change port number You can specify the port number with exporting the `port`. ```ts import { Hono } from 'hono' const app = new Hono() app.get('/', (c) => c.text('Hello Bun!')) export default app // [!code --] export default { // [!code ++] port: 3000, // [!code ++] fetch: app.fetch, // [!code ++] } // [!code ++] ``` ## Serve static files To serve static files, use `serveStatic` which is imported from `hono/bun`. ```ts import { serveStatic } from 'hono/bun' const app = new Hono() app.use('/static/*', serveStatic({ root: './' })) app.use('/favicon.ico', serveStatic({ path: './favicon.ico' })) app.get('/', (c) => c.text('You can access: /static/hello.txt')) app.get('*', serveStatic({ path: './static/fallback.txt' })) ``` For the above code, it will work well with the following directory structure. ``` ./ β”œβ”€β”€ favicon.ico β”œβ”€β”€ src └── static β”œβ”€β”€ demo β”‚ └── index.html β”œβ”€β”€ fallback.txt β”œβ”€β”€ hello.txt └── images └── dinotocat.png ``` ### `rewriteRequestPath` If you want to map `http://localhost:3000/static/*` to `./statics`, you can use the `rewriteRequestPath` option: ```ts app.get( '/static/*', serveStatic({ root: './', rewriteRequestPath: (path) => path.replace(/^\/static/, '/statics'), }) ) ``` ### `mimes` You can add MIME types with `mimes`: ```ts app.get( '/static/*', serveStatic({ mimes: { m3u8: 'application/vnd.apple.mpegurl', ts: 'video/mp2t', }, }) ) ``` ### `onFound` You can specify handling when the requested file is found with `onFound`: ```ts app.get( '/static/*', serveStatic({ // ... onFound: (_path, c) => { c.header('Cache-Control', `public, immutable, max-age=31536000`) }, }) ) ``` ### `onNotFound` You can specify handling when the requested file is not found with `onNotFound`: ```ts app.get( '/static/*', serveStatic({ onNotFound: (path, c) => { console.log(`${path} is not found, you access ${c.req.path}`) }, }) ) ``` ### `precompressed` The `precompressed` option checks if files with extensions like `.br` or `.gz` are available and serves them based on the `Accept-Encoding` header. It prioritizes Brotli, then Zstd, and Gzip. If none are available, it serves the original file. ```ts app.get( '/static/*', serveStatic({ precompressed: true, }) ) ``` ## Testing You can use `bun:test` for testing on Bun. ```ts import { describe, expect, it } from 'bun:test' import app from '.' describe('My first test', () => { it('Should return 200 Response', async () => { const req = new Request('http://localhost/') const res = await app.fetch(req) expect(res.status).toBe(200) }) }) ``` Then, run the command. ```sh bun test index.test.ts ``` # Netlify Netlify provides static site hosting and serverless backend services. [Edge Functions](https://docs.netlify.com/edge-functions/overview/) enables us to make the web pages dynamic. Edge Functions support writing in Deno and TypeScript, and deployment is made easy through the [Netlify CLI](https://docs.netlify.com/cli/get-started/). With Hono, you can create the application for Netlify Edge Functions. ## 1. Setup A starter for Netlify is available. Start your project with "create-hono" command. Select `netlify` template for this example. ::: code-group ```sh [npm] npm create hono@latest my-app ``` ```sh [yarn] yarn create hono my-app ``` ```sh [pnpm] pnpm create hono my-app ``` ```sh [bun] bun create hono@latest my-app ``` ```sh [deno] deno init --npm hono my-app ``` ::: Move into `my-app`. ## 2. Hello World Edit `netlify/edge-functions/index.ts`: ```ts import { Hono } from 'jsr:@hono/hono' import { handle } from 'jsr:@hono/hono/netlify' const app = new Hono() app.get('/', (c) => { return c.text('Hello Hono!') }) export default handle(app) ``` ## 3. Run Run the development server with Netlify CLI. Then, access `http://localhost:8888` in your Web browser. ```sh netlify dev ``` ## 4. Deploy You can deploy with a `netlify deploy` command. ```sh netlify deploy --prod ``` ## `Context` You can access the Netlify's `Context` through `c.env`: ```ts import { Hono } from 'jsr:@hono/hono' import { handle } from 'jsr:@hono/hono/netlify' // Import the type definition import type { Context } from 'https://edge.netlify.com/' export type Env = { Bindings: { context: Context } } const app = new Hono() app.get('/country', (c) => c.json({ 'You are in': c.env.context.geo.country?.name, }) ) export default handle(app) ``` # Service Worker [Service Worker](https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API) is a script that runs in the background of the browser to handle tasks like caching and push notifications. Using a Service Worker adapter, you can run applications made with Hono as [FetchEvent](https://developer.mozilla.org/en-US/docs/Web/API/FetchEvent) handler within the browser. This page shows an example of creating a project using [Vite](https://vitejs.dev/). ## 1. Setup First, create and move to your project directory: ```sh mkdir my-app cd my-app ``` Create the necessary files for the project. Make a `package.json` file with the following: ```json { "name": "my-app", "private": true, "scripts": { "dev": "vite dev" }, "type": "module" } ``` Similarly, create a `tsconfig.json` file with the following: ```json { "compilerOptions": { "target": "ES2020", "module": "ESNext", "lib": ["ES2020", "DOM", "WebWorker"], "moduleResolution": "bundler" }, "include": ["./"], "exclude": ["node_modules"] } ``` Next, install the necessary modules. ::: code-group ```sh [npm] npm i hono npm i -D vite ``` ```sh [yarn] yarn add hono yarn add -D vite ``` ```sh [pnpm] pnpm add hono pnpm add -D vite ``` ```sh [bun] bun add hono bun add -D vite ``` ::: ## 2. Hello World Edit `index.html`: ```html Hello World by Service Worker ``` `main.ts` is a script to register the Service Worker: ```ts function register() { navigator.serviceWorker .register('/sw.ts', { scope: '/sw', type: 'module' }) .then( function (_registration) { console.log('Register Service Worker: Success') }, function (_error) { console.log('Register Service Worker: Error') } ) } function start() { navigator.serviceWorker .getRegistrations() .then(function (registrations) { for (const registration of registrations) { console.log('Unregister Service Worker') registration.unregister() } register() }) } start() ``` In `sw.ts`, create an application using Hono and register it to the `fetch` event with the Service Worker adapter’s `handle` function. This allows the Hono application to intercept access to `/sw`. ```ts // To support types // https://github.com/microsoft/TypeScript/issues/14877 declare const self: ServiceWorkerGlobalScope import { Hono } from 'hono' import { handle } from 'hono/service-worker' const app = new Hono().basePath('/sw') app.get('/', (c) => c.text('Hello World')) self.addEventListener('fetch', handle(app)) ``` ### Using `fire()` The `fire()` function automatically calls `addEventListener('fetch', handle(app))` for you, making the code more concise. ```ts import { Hono } from 'hono' import { fire } from 'hono/service-worker' const app = new Hono().basePath('/sw') app.get('/', (c) => c.text('Hello World')) fire(app) ``` ## 3. Run Start the development server. ::: code-group ```sh [npm] npm run dev ``` ```sh [yarn] yarn dev ``` ```sh [pnpm] pnpm run dev ``` ```sh [bun] bun run dev ``` ::: By default, the development server will run on port `5173`. Access `http://localhost:5173/` in your browser to complete the Service Worker registration. Then, access `/sw` to see the response from the Hono application. # Google Cloud Run [Google Cloud Run](https://cloud.google.com/run) is a serverless platform built by Google Cloud. You can run your code in response to events and Google automatically manages the underlying compute resources for you. Google Cloud Run uses containers to run your service. This means you can use any runtime you like (E.g., Deno or Bun) by providing a Dockerfile. If no Dockerfile is provided Google Cloud Run will use the default Node.js buildpack. This guide assumes you already have a Google Cloud account and a billing account. ## 1. Install the CLI When working with Google Cloud Platform, it is easiest to work with the [gcloud CLI](https://cloud.google.com/sdk/docs/install). For example, on MacOS using Homebrew: ```sh brew install --cask gcloud-cli ``` Authenticate with the CLI. ```sh gcloud auth login ``` ## 2. Project setup Create a project. Accept the auto-generated project ID at the prompt. ```sh gcloud projects create --set-as-default --name="my app" ``` Create environment variables for your project ID and project number for easy reuse. It may take ~30 seconds before the project successfully returns with the `gcloud projects list` command. ```sh PROJECT_ID=$(gcloud projects list \ --format='value(projectId)' \ --filter='name="my app"') PROJECT_NUMBER=$(gcloud projects list \ --format='value(projectNumber)' \ --filter='name="my app"') echo $PROJECT_ID $PROJECT_NUMBER ``` Find your billing account ID. ```sh gcloud billing accounts list ``` Add your billing account from the prior command to the project. ```sh gcloud billing projects link $PROJECT_ID \ --billing-account=[billing_account_id] ``` Enable the required APIs. ```sh gcloud services enable run.googleapis.com \ cloudbuild.googleapis.com ``` Update the service account permissions to have access to Cloud Build. ```sh gcloud projects add-iam-policy-binding $PROJECT_ID \ --member=serviceAccount:$PROJECT_NUMBER-compute@developer.gserviceaccount.com \ --role=roles/run.builder ``` ## 3. Hello World Start your project with "create-hono" command. Select `nodejs`. ```sh npm create hono@latest my-app ``` Move to `my-app` and install the dependencies. ```sh cd my-app npm i ``` Update the port in `src/index.ts` to be `8080`. ```ts import { serve } from '@hono/node-server' import { Hono } from 'hono' const app = new Hono() app.get('/', (c) => { return c.text('Hello Hono!') }) serve({ fetch: app.fetch, port: 3000 // [!code --] port: 8080 // [!code ++] }, (info) => { console.log(`Server is running on http://localhost:${info.port}`) }) ``` Run the development server locally. Then, access http://localhost:8080 in your Web browser. ```sh npm run dev ``` ## 4. Deploy Start the deployment and follow the interactive prompts (E.g., select a region). ```sh gcloud run deploy my-app --source . --allow-unauthenticated ``` ## Changing runtimes If you want to deploy using Deno or Bun runtimes (or a customised Nodejs container), add a `Dockerfile` (and optionally `.dockerignore`) with your desired environment. For information on containerizing, please refer to: - [Node.js](/docs/getting-started/nodejs#building-deployment) - [Bun](https://bun.com/guides/ecosystem/docker) - [Deno](https://docs.deno.com/examples/google_cloud_run_tutorial) # Third-party Middleware Third-party middleware refers to middleware not bundled within the Hono package. Most of this middleware leverages external libraries. ### Authentication - [Auth.js(Next Auth)](https://github.com/honojs/middleware/tree/main/packages/auth-js) - [Casbin](https://github.com/honojs/middleware/tree/main/packages/casbin) - [Clerk Auth](https://github.com/honojs/middleware/tree/main/packages/clerk-auth) - [Cloudflare Access](https://github.com/honojs/middleware/tree/main/packages/cloudflare-access) - [OAuth Providers](https://github.com/honojs/middleware/tree/main/packages/oauth-providers) - [OIDC Auth](https://github.com/honojs/middleware/tree/main/packages/oidc-auth) - [Firebase Auth](https://github.com/honojs/middleware/tree/main/packages/firebase-auth) - [Verify RSA JWT (JWKS)](https://github.com/wataruoguchi/verify-rsa-jwt-cloudflare-worker) - [Stytch Auth](https://github.com/honojs/middleware/tree/main/packages/stytch-auth) ### Validators - [Ajv Validator](https://github.com/honojs/middleware/tree/main/packages/ajv-validator) - [ArkType Validator](https://github.com/honojs/middleware/tree/main/packages/arktype-validator) - [Class Validator](https://github.com/honojs/middleware/tree/main/packages/class-validator) - [Conform Validator](https://github.com/honojs/middleware/tree/main/packages/conform-validator) - [Effect Schema Validator](https://github.com/honojs/middleware/tree/main/packages/effect-validator) - [Standard Schema Validator](https://github.com/honojs/middleware/tree/main/packages/standard-validator) - [TypeBox Validator](https://github.com/honojs/middleware/tree/main/packages/typebox-validator) - [Typia Validator](https://github.com/honojs/middleware/tree/main/packages/typia-validator) - [unknownutil Validator](https://github.com/ryoppippi/hono-unknownutil-validator) - [Valibot Validator](https://github.com/honojs/middleware/tree/main/packages/valibot-validator) - [Zod Validator](https://github.com/honojs/middleware/tree/main/packages/zod-validator) ### OpenAPI - [Zod OpenAPI](https://github.com/honojs/middleware/tree/main/packages/zod-openapi) - [Scalar](https://github.com/scalar/scalar/tree/main/integrations/hono) - [Swagger UI](https://github.com/honojs/middleware/tree/main/packages/swagger-ui) - [Swagger Editor](https://github.com/honojs/middleware/tree/main/packages/swagger-editor) - [Hono OpenAPI](https://github.com/rhinobase/hono-openapi) - [hono-zod-openapi](https://github.com/paolostyle/hono-zod-openapi) ### Development - [ESLint Config](https://github.com/honojs/middleware/tree/main/packages/eslint-config) - [SSG Plugin Essential](https://github.com/honojs/middleware/tree/main/packages/ssg-plugins-essential) ### Monitoring / Tracing - [Apitally (API monitoring & analytics)](https://docs.apitally.io/frameworks/hono) - [Highlight.io](https://www.highlight.io/docs/getting-started/backend-sdk/js/hono) - [LogTape (Logging)](https://logtape.org/manual/integrations#hono) - [OpenTelemetry](https://github.com/honojs/middleware/tree/main/packages/otel) - [Prometheus Metrics](https://github.com/honojs/middleware/tree/main/packages/prometheus) - [Sentry](https://github.com/honojs/middleware/tree/main/packages/sentry) - [Pino logger](https://github.com/maou-shonen/hono-pino) ### Server / Adapter - [GraphQL Server](https://github.com/honojs/middleware/tree/main/packages/graphql-server) - [oRPC](https://orpc.dev/docs/adapters/hono) - [tRPC Server](https://github.com/honojs/middleware/tree/main/packages/trpc-server) ### Transpiler - [Bun Transpiler](https://github.com/honojs/middleware/tree/main/packages/bun-transpiler) - [esbuild Transpiler](https://github.com/honojs/middleware/tree/main/packages/esbuild-transpiler) ### UI / Renderer - [Qwik City](https://github.com/honojs/middleware/tree/main/packages/qwik-city) - [React Compatibility](https://github.com/honojs/middleware/tree/main/packages/react-compat) - [React Renderer](https://github.com/honojs/middleware/tree/main/packages/react-renderer) ### Queue / Job Processing - [GlideMQ (Message Queue REST API + SSE)](https://github.com/avifenesh/glidemq-hono) ### Internationalization - [Intlayer i18n](https://intlayer.org/doc/environment/hono) ### Utilities - [Bun Compress](https://github.com/honojs/middleware/tree/main/packages/bun-compress) - [Cap Checkpoint](https://capjs.js.org/guide/middleware/hono.html) - [Event Emitter](https://github.com/honojs/middleware/tree/main/packages/event-emitter) - [Geo](https://github.com/ktkongtong/hono-geo-middleware/tree/main/packages/middleware) - [Hono Rate Limiter](https://github.com/rhinobase/hono-rate-limiter) - [Hono Problem Details (RFC 9457)](https://github.com/paveg/hono-problem-details) - [Hono Simple DI](https://github.com/maou-shonen/hono-simple-DI) - [InferDI](https://github.com/inferdi/inferdi/tree/main/packages/hono) - [Idempotency (Stripe-style idempotency keys)](https://github.com/paveg/hono-idempotency) - [idempot-js](https://js.idempot.dev) - spec-compliant middleware, supporting multiple storage backends (redis, postgres, mysql, sqlite) - [jsonv-ts (Validator, OpenAPI, MCP)](https://github.com/dswbx/jsonv-ts) - [MCP](https://github.com/honojs/middleware/tree/main/packages/mcp) - [RONIN (Database)](https://github.com/ronin-co/hono-client) - [Session](https://github.com/honojs/middleware/tree/main/packages/session) - [tsyringe](https://github.com/honojs/middleware/tree/main/packages/tsyringe) - [User Agent based Blocker](https://github.com/honojs/middleware/tree/main/packages/ua-blocker) # JSX Renderer Middleware JSX Renderer Middleware allows you to set up the layout when rendering JSX with the `c.render()` function, without the need for using `c.setRenderer()`. Additionally, it enables access to instances of Context within components through the use of `useRequestContext()`. ## Import ```ts import { Hono } from 'hono' import { jsxRenderer, useRequestContext } from 'hono/jsx-renderer' ``` ## Usage ```jsx const app = new Hono() app.get( '/page/*', jsxRenderer(({ children }) => { return (
Menu
{children}
) }) ) app.get('/page/about', (c) => { return c.render(

About me!

) }) ``` ## Options ### docType: `boolean` | `string` If you do not want to add a DOCTYPE at the beginning of the HTML, set the `docType` option to `false`. ```tsx app.use( '*', jsxRenderer( ({ children }) => { return ( {children} ) }, { docType: false } ) ) ``` And you can specify the DOCTYPE. ```tsx app.use( '*', jsxRenderer( ({ children }) => { return ( {children} ) }, { docType: '', } ) ) ``` ### stream: `boolean` | `Record` If you set it to `true` or provide a Record value, it will be rendered as a streaming response. ```tsx const AsyncComponent = async () => { await new Promise((r) => setTimeout(r, 1000)) // sleep 1s return
Hi!
} app.get( '*', jsxRenderer( ({ children }) => { return (

SSR Streaming

{children} ) }, { stream: true } ) ) app.get('/', (c) => { return c.render( loading...}> ) }) ``` If `true` is set, the following headers are added: ```ts { 'Transfer-Encoding': 'chunked', 'Content-Type': 'text/html; charset=UTF-8', 'Content-Encoding': 'Identity' } ``` You can customize the header values by specifying the Record values. ### Function-based Options You can pass a function that receives a `Context` object instead of a static options object. This allows you to dynamically set options based on the request context, such as environment variables or request parameters. ```tsx app.use( '*', jsxRenderer( ({ children }) => { return ( {children} ) }, (c) => ({ stream: c.req.header('X-Enable-Streaming') === 'true', }) ) ) ``` As a concrete example, you can use this to disable streaming when generating static sites (SSG) with ``, by using the [`isSSGContext`](/docs/helpers/ssg#isssgcontext) helper: ```tsx app.use( '*', jsxRenderer( ({ children }) => { return (
) }, (c) => ({ stream: !isSSGContext(c), }) ) ) ``` ## Nested Layouts The `Layout` component enables nesting the layouts. ```tsx app.use( jsxRenderer(({ children }) => { return ( {children} ) }) ) const blog = new Hono() blog.use( jsxRenderer(({ children, Layout }) => { return (
{children}
 ) }) ) app.route('/blog', blog) ``` ## `useRequestContext()` `useRequestContext()` returns an instance of Context. ```tsx import { useRequestContext, jsxRenderer } from 'hono/jsx-renderer' const app = new Hono() app.use(jsxRenderer()) const RequestUrlBadge: FC = () => { const c = useRequestContext() return {c.req.url} } app.get('/page/info', (c) => { return c.render(
You are accessing:
) }) ``` ::: warning You can't use `useRequestContext()` with the Deno's `precompile` JSX option. Use the `react-jsx`: ```json "compilerOptions": { "jsx": "precompile", // [!code --] "jsx": "react-jsx", // [!code ++] "jsxImportSource": "hono/jsx" } } ``` ::: ## Extending `ContextRenderer` By defining `ContextRenderer` as shown below, you can pass additional content to the renderer. This is handy, for instance, when you want to change the contents of the head tag depending on the page. ```tsx declare module 'hono' { interface ContextRenderer { ( content: string | Promise, props: { title: string } ): Response } } const app = new Hono() app.get( '/page/*', jsxRenderer(({ children, title }) => { return ( {title}
Menu
{children}
) }) ) app.get('/page/favorites', (c) => { return c.render(
  • Eating sushi
  • Watching baseball games
, { title: 'My favorites', } ) }) ``` # JWK Auth Middleware The JWK Auth Middleware authenticates requests by verifying tokens using JWK (JSON Web Key). It checks for an `Authorization` header and other configured sources, such as cookies, if specified. It validates tokens using the provided `keys`, retrieves keys from `jwks_uri` if specified, and supports token extraction from cookies if the `cookie` option is set. ## What this middleware validates For each token, `jwk()`: - Parses and validates the JWT header format. - Requires a `kid` header and finds a matching key by `kid`. - Rejects symmetric algorithms (`HS256`, `HS384`, `HS512`). - Requires the header `alg` to be included in the configured `alg` allowlist. - If a matched JWK has an `alg` field, requires it to match the JWT header `alg`. - Verifies the token signature with the matched key. - By default, validates time-based claims: `nbf`, `exp`, and `iat`. Optional claim validation can be configured with the `verification` option: - `iss`: validates issuer when provided. - `aud`: validates audience when provided. If you need additional token checks beyond the above (for example, custom application-level authorization rules), add them in your own middleware after `jwk()`. :::info The Authorization header sent from the client must have a specified scheme. Example: `Bearer my.token.value` or `Basic my.token.value` ::: ## Import ```ts import { Hono } from 'hono' import { jwk } from 'hono/jwk' import { verifyWithJwks } from 'hono/jwt' ``` ## Usage ```ts const app = new Hono() app.use( '/auth/*', jwk({ jwks_uri: `https://${backendServer}/.well-known/jwks.json`, alg: ['RS256'], }) ) app.get('/auth/page', (c) => { return c.text('You are authorized') }) ``` Get payload: ```ts const app = new Hono() app.use( '/auth/*', jwk({ jwks_uri: `https://${backendServer}/.well-known/jwks.json`, alg: ['RS256'], }) ) app.get('/auth/page', (c) => { const payload = c.get('jwtPayload') return c.json(payload) // eg: { "sub": "1234567890", "name": "John Doe", "iat": 1516239022 } }) ``` Anonymous access: ```ts const app = new Hono() app.use( '/auth/*', jwk({ jwks_uri: (c) => `https://${c.env.authServer}/.well-known/jwks.json`, alg: ['RS256'], allow_anon: true, }) ) app.get('/auth/page', (c) => { const payload = c.get('jwtPayload') return c.json(payload ?? { message: 'hello anon' }) }) ``` ## Using `verifyWithJwks` outside of middleware The `verifyWithJwks` utility function can be used to verify JWT tokens outside of Hono's middleware context, such as in SvelteKit SSR pages or other server-side environments: ```ts const id_payload = await verifyWithJwks( id_token, { jwks_uri: 'https://your-auth-server/.well-known/jwks.json', allowedAlgorithms: ['RS256'], }, { cf: { cacheEverything: true, cacheTtl: 3600 }, } ) ``` ## Configuring JWKS fetch request options To configure how JWKS is retrieved from `jwks_uri`, pass fetch request options as the second argument of `jwk()`. This argument is `RequestInit` and is used only for the JWKS fetch request. ```ts const app = new Hono() app.use( '/auth/*', jwk( { jwks_uri: `https://${backendServer}/.well-known/jwks.json`, alg: ['RS256'], }, { headers: { Authorization: 'Bearer TOKEN', }, } ) ) ``` ## Options ### alg: `AsymmetricAlgorithm[]` An array of allowed asymmetric algorithms used for token verification. Available types are `RS256` | `RS384` | `RS512` | `PS256` | `PS384` | `PS512` | `ES256` | `ES384` | `ES512` | `EdDSA`. ### keys: `HonoJsonWebKey[] | (c: Context) => Promise` The values of your public keys, or a function that returns them. The function receives the Context object. ### jwks_uri: `string` | `(c: Context) => Promise` If this value is set, attempt to fetch JWKs from this URI, expecting a JSON response with `keys`, which are added to the provided `keys` option. You can also pass a callback function to dynamically determine the JWKS URI using the Context. ### allow_anon: `boolean` If this value is set to `true`, requests without a valid token will be allowed to pass through the middleware. Use `c.get('jwtPayload')` to check if the request is authenticated. The default is `false`. ### cookie: `string` If this value is set, then the value is retrieved from the cookie header using that value as a key, which is then validated as a token. ### headerName: `string` The name of the header to look for the JWT token. The default is `Authorization`. ### verification: `VerifyOptions` Configure claim validation behavior in addition to signature verification: - `iss`: expected issuer. - `aud`: expected audience. - `exp`, `nbf`, `iat`: enabled by default, can be disabled if needed. # Trailing Slash Middleware This middleware handles Trailing Slash in the URL on a GET request. `appendTrailingSlash` redirects the URL to which it added the Trailing Slash if the content was not found. Also, `trimTrailingSlash` will remove the Trailing Slash. ## Import ```ts import { Hono } from 'hono' import { appendTrailingSlash, trimTrailingSlash, } from 'hono/trailing-slash' ``` ## Usage Example of redirecting a GET request of `/about/me` to `/about/me/`. ```ts import { Hono } from 'hono' import { appendTrailingSlash } from 'hono/trailing-slash' const app = new Hono({ strict: true }) app.use(appendTrailingSlash()) app.get('/about/me/', (c) => c.text('With Trailing Slash')) ``` Example of redirecting a GET request of `/about/me/` to `/about/me`. ```ts import { Hono } from 'hono' import { trimTrailingSlash } from 'hono/trailing-slash' const app = new Hono({ strict: true }) app.use(trimTrailingSlash()) app.get('/about/me', (c) => c.text('Without Trailing Slash')) ``` ## Options ### alwaysRedirect: `boolean` By default, trailing slash middleware only redirects when the response status is `404`. When `alwaysRedirect` is set to `true`, the middleware redirects before executing handlers. This is useful for wildcard routes (`*`) where the default behavior doesn't work. ```ts const app = new Hono() app.use(trimTrailingSlash({ alwaysRedirect: true })) app.get('/my-path/*', (c) => c.text('Wildcard route')) ``` This option is available for both `trimTrailingSlash` and `appendTrailingSlash`. ### skip: `(path: string) => boolean` A function that determines whether the redirect should be skipped based on the request path. If the function returns `true`, the redirect will be skipped. This is useful when you want to exclude certain paths, such as those with file extensions, from being redirected. ```ts app.use( appendTrailingSlash({ skip: (path) => /\.\w+$/.test(path), }) ) ``` This option is available for both `trimTrailingSlash` and `appendTrailingSlash`. ## Note It will be enabled when the request method is `GET` and the response status is `404`. # Timeout Middleware The Timeout Middleware enables you to easily manage request timeouts in your application. It allows you to set a maximum duration for requests and optionally define custom error responses if the specified timeout is exceeded. ## Import ```ts import { Hono } from 'hono' import { timeout } from 'hono/timeout' ``` ## Usage Here's how to use the Timeout Middleware with both default and custom settings: Default Settings: ```ts const app = new Hono() // Applying a 5-second timeout app.use('/api', timeout(5000)) // Handling a route app.get('/api/data', async (c) => { // Your route handler logic return c.json({ data: 'Your data here' }) }) ``` Custom settings: ```ts import { HTTPException } from 'hono/http-exception' // Custom exception factory function const customTimeoutException = (context) => new HTTPException(408, { message: `Request timeout after waiting ${context.req.headers.get( 'Duration' )} seconds. Please try again later.`, }) // for Static Exception Message // const customTimeoutException = new HTTPException(408, { // message: 'Operation timed out. Please try again later.' // }); // Applying a 1-minute timeout with a custom exception app.use('/api/long-process', timeout(60000, customTimeoutException)) app.get('/api/long-process', async (c) => { // Simulate a long process await new Promise((resolve) => setTimeout(resolve, 61000)) return c.json({ data: 'This usually takes longer' }) }) ``` ## Notes - The duration for the timeout can be specified in milliseconds. The middleware will automatically reject the promise and potentially throw an error if the specified duration is exceeded. - The timeout middleware cannot be used with stream Thus, use `stream.close` and `setTimeout` together. ```ts app.get('/sse', async (c) => { let id = 0 let running = true let timer: number | undefined return streamSSE(c, async (stream) => { timer = setTimeout(() => { console.log('Stream timeout reached, closing stream') stream.close() }, 3000) as unknown as number stream.onAbort(async () => { console.log('Client closed connection') running = false clearTimeout(timer) }) while (running) { const message = `It is ${new Date().toISOString()}` await stream.writeSSE({ data: message, event: 'time-update', id: String(id++), }) await stream.sleep(1000) } }) }) ``` ## Middleware Conflicts Be cautious about the order of middleware, especially when using error-handling or other timing-related middleware, as it might affect the behavior of this timeout middleware. # Request ID Middleware Request ID Middleware generates a unique ID for each request, which you can use in your handlers. ::: info **Node.js**: This middleware uses `crypto.randomUUID()` to generate IDs. The global `crypto` was introduced in Node.js version 20 or later. Therefore, errors may occur in versions earlier than that. In that case, please specify `generator`. However, if you are using [the Node.js adapter](https://github.com/honojs/node-server), it automatically sets `crypto` globally, so this is not necessary. ::: ## Import ```ts import { Hono } from 'hono' import { requestId } from 'hono/request-id' ``` ## Usage You can access the Request ID through the `requestId` variable in the handlers and middleware to which the Request ID Middleware is applied. ```ts const app = new Hono() app.use('*', requestId()) app.get('/', (c) => { return c.text(`Your request id is ${c.get('requestId')}`) }) ``` If you want to explicitly specify the type, import `RequestIdVariables` and pass it in the generics of `new Hono()`. ```ts import type { RequestIdVariables } from 'hono/request-id' const app = new Hono<{ Variables: RequestIdVariables }>() ``` ### Set Request ID You set a custom request ID in the header (default: `X-Request-Id`), the middleware will use that value instead of generating a new one: ```ts const app = new Hono() app.use('*', requestId()) app.get('/', (c) => { return c.text(`${c.get('requestId')}`) }) const res = await app.request('/', { headers: { 'X-Request-Id': 'your-custom-id', }, }) console.log(await res.text()) // your-custom-id ``` If you want to disable this feature, set [`headerName` option](#headername-string) to an empty string. ## Options ### limitLength: `number` The maximum length of the request ID. The default is `255`. ### headerName: `string` The header name used for the request ID. The default is `X-Request-Id`. ### generator: `(c: Context) => string` The request ID generation function. By default, it uses `crypto.randomUUID()`. ## Platform specific Request IDs Some platform (such as AWS Lambda) already generate their own Request IDs per request. Without any additional configuration, this middleware is unaware of these specific Request IDs and generates a new Request ID. This can lead to confusion when looking at your application logs. To unify these IDs, use the `generator` function to capture the platform specific Request ID and to use it in this middleware. ### Platform specific links - AWS Lambda - [AWS documentation: Context object](https://docs.aws.amazon.com/lambda/latest/dg/nodejs-context.html) - [Hono: Access AWS Lambda Object](/docs/getting-started/aws-lambda#access-aws-lambda-object) - Cloudflare - [Cloudflare Ray ID ](https://developers.cloudflare.com/fundamentals/reference/cloudflare-ray-id/) - Deno - [Request ID on the Deno Blog](https://deno.com/blog/zero-config-debugging-deno-opentelemetry#:~:text=s%20automatically%20have-,unique%20request%20IDs,-associated%20with%20them) - Fastly - [Fastly documentation: req.xid](https://www.fastly.com/documentation/reference/vcl/variables/client-request/req-xid/) # Pretty JSON Middleware Pretty JSON middleware enables "_JSON pretty print_" for JSON response body. Adding `?pretty` to url query param, the JSON strings are prettified. ```js // GET / {"project":{"name":"Hono","repository":"https://github.com/honojs/hono"}} ``` will be: ```js // GET /?pretty { "project": { "name": "Hono", "repository": "https://github.com/honojs/hono" } } ``` ## Import ```ts import { Hono } from 'hono' import { prettyJSON } from 'hono/pretty-json' ``` ## Usage ```ts const app = new Hono() app.use(prettyJSON()) // With options: prettyJSON({ space: 4 }) app.get('/', (c) => { return c.json({ message: 'Hono!' }) }) ``` ## Options ### space: `number` Number of spaces for indentation. The default is `2`. ### query: `string` The name of the query string for applying. The default is `pretty`. ### force: `boolean` When set to `true`, JSON responses are always prettified regardless of the query parameter. The default is `false`. # CORS Middleware There are many use cases of Cloudflare Workers as Web APIs and calling them from external front-end application. For them we have to implement CORS, let's do this with middleware as well. ## Import ```ts import { Hono } from 'hono' import { cors } from 'hono/cors' ``` ## Usage ```ts const app = new Hono() // CORS should be called before the route app.use('/api/*', cors()) app.use( '/api2/*', cors({ origin: 'http://example.com', allowHeaders: ['X-Custom-Header', 'Upgrade-Insecure-Requests'], allowMethods: ['POST', 'GET', 'OPTIONS'], exposeHeaders: ['Content-Length', 'X-Kuma-Revision'], maxAge: 600, credentials: true, }) ) app.all('/api/abc', (c) => { return c.json({ success: true }) }) app.all('/api2/abc', (c) => { return c.json({ success: true }) }) ``` Multiple origins: ```ts app.use( '/api3/*', cors({ origin: ['https://example.com', 'https://example.org'], }) ) // Or you can use "function" app.use( '/api4/*', cors({ // `c` is a `Context` object origin: (origin, c) => { return origin.endsWith('.example.com') ? origin : 'http://example.com' }, }) ) ``` Dynamic allowed methods based on origin: ```ts app.use( '/api5/*', cors({ origin: (origin) => origin === 'https://example.com' ? origin : '*', // `c` is a `Context` object allowMethods: (origin, c) => origin === 'https://example.com' ? ['GET', 'HEAD', 'POST', 'PATCH', 'DELETE'] : ['GET', 'HEAD'], }) ) ``` ## Options ### origin: `string` | `string[]` | `(origin:string, c:Context) => string` The value of "_Access-Control-Allow-Origin_" CORS header. You can also pass the callback function like `origin: (origin) => (origin.endsWith('.example.com') ? origin : 'http://example.com')`. The default is `*`. ### allowMethods: `string[]` | `(origin:string, c:Context) => string[]` The value of "_Access-Control-Allow-Methods_" CORS header. You can also pass a callback function to dynamically determine allowed methods based on the origin. The default is `['GET', 'HEAD', 'PUT', 'POST', 'DELETE', 'PATCH']`. ### allowHeaders: `string[]` The value of "_Access-Control-Allow-Headers_" CORS header. The default is `[]`. ### maxAge: `number` The value of "_Access-Control-Max-Age_" CORS header. ### credentials: `boolean` The value of "_Access-Control-Allow-Credentials_" CORS header. ### exposeHeaders: `string[]` The value of "_Access-Control-Expose-Headers_" CORS header. The default is `[]`. ## Environment-dependent CORS configuration If you want to adjust CORS configuration according to the execution environment, such as development or production, injecting values from environment variables is convenient as it eliminates the need for the application to be aware of its own execution environment. See the example below for clarification. ```ts app.use('*', async (c, next) => { const corsMiddlewareHandler = cors({ origin: c.env.CORS_ORIGIN, }) return corsMiddlewareHandler(c, next) }) ``` ## Using with Vite When using Hono with Vite, you should disable Vite's built-in CORS feature by setting `server.cors` to `false` in your `vite.config.ts`. This prevents conflicts with Hono's CORS middleware. ```ts // vite.config.ts import { cloudflare } from '@cloudflare/vite-plugin' import { defineConfig } from 'vite' export default defineConfig({ server: { cors: false, // disable Vite's built-in CORS setting }, plugins: [cloudflare()], }) ``` # IP Restriction Middleware IP Restriction Middleware is middleware that limits access to resources based on the IP address of the user. ## Import ```ts import { Hono } from 'hono' import { ipRestriction } from 'hono/ip-restriction' ``` ## Usage For your application running on Bun, if you want to allow access only from local, you can write it as follows. Specify the rules you want to deny in the `denyList` and the rules you want to allow in the `allowList`. ```ts import { Hono } from 'hono' import { getConnInfo } from 'hono/bun' import { ipRestriction } from 'hono/ip-restriction' const app = new Hono() app.use( '*', ipRestriction(getConnInfo, { denyList: [], allowList: ['127.0.0.1', '::1'], }) ) app.get('/', (c) => c.text('Hello Hono!')) ``` Pass the `getConninfo` from the [ConnInfo helper](/docs/helpers/conninfo) appropriate for your environment as the first argument of `ipRestriction`. For example, for Deno, it would look like this: ```ts import { getConnInfo } from 'hono/deno' import { ipRestriction } from 'hono/ip-restriction' //... app.use( '*', ipRestriction(getConnInfo, { // ... }) ) ``` ## Rules Follow the instructions below for writing rules. ### IPv4 - `192.168.2.0` - Static IP Address - `192.168.2.0/24` - CIDR Notation - `*` - ALL Addresses ### IPv6 - `::1` - Static IP Address - `::1/10` - CIDR Notation - `*` - ALL Addresses ## Error handling To customize the error, return a `Response` in the third argument. ```ts app.use( '*', ipRestriction( getConnInfo, { denyList: ['192.168.2.0/24'], }, async (remote, c) => { return c.text(`Blocking access from ${remote.addr}`, 403) } ) ) ``` # Language Middleware The Language Detector middleware automatically determines a user's preferred language (locale) from various sources and makes it available via `c.get('language')`. Detection strategies include query parameters, cookies, headers, and URL path segments. Perfect for internationalization (i18n) and locale-specific content. ## Import ```ts import { Hono } from 'hono' import { languageDetector } from 'hono/language' ``` ## Basic Usage Detect language from query string, cookie, and header (default order), with fallback to English: ```ts const app = new Hono() app.use( languageDetector({ supportedLanguages: ['en', 'ar', 'ja'], // Must include fallback fallbackLanguage: 'en', // Required }) ) app.get('/', (c) => { const lang = c.get('language') return c.text(`Hello! Your language is ${lang}`) }) ``` ### Client Examples ```sh # Via path curl http://localhost:8787/ar/home # Via query parameter curl http://localhost:8787/?lang=ar # Via cookie curl -H 'Cookie: language=ja' http://localhost:8787/ # Via header curl -H 'Accept-Language: ar,en;q=0.9' http://localhost:8787/ ``` ## Default Configuration ```ts export const DEFAULT_OPTIONS: DetectorOptions = { order: ['querystring', 'cookie', 'header'], lookupQueryString: 'lang', lookupCookie: 'language', lookupFromHeaderKey: 'accept-language', lookupFromPathIndex: 0, caches: ['cookie'], ignoreCase: true, fallbackLanguage: 'en', supportedLanguages: ['en'], cookieOptions: { sameSite: 'Strict', secure: true, maxAge: 365 * 24 * 60 * 60, httpOnly: true, }, debug: false, } ``` ## Key Behaviors ### Detection Workflow 1. **Order**: Checks sources in this sequence by default: - Query parameter (?lang=ar) - Cookie (language=ar) - Accept-Language header 2. **Caching**: Stores detected language in a cookie (1 year by default) 3. **Fallback**: Uses `fallbackLanguage` if no valid detection (must be in `supportedLanguages`) ## Advanced Configuration ### Custom Detection Order Prioritize URL path detection (e.g., /en/about): ```ts app.use( languageDetector({ order: ['path', 'cookie', 'querystring', 'header'], lookupFromPathIndex: 0, // /en/profile β†’ index 0 = 'en' supportedLanguages: ['en', 'ar'], fallbackLanguage: 'en', }) ) ``` ### Progressive Locale Matching When a detected locale code like `ja-JP` is not in `supportedLanguages`, the middleware progressively truncates subtags to find a match. For example, `zh-Hant-CN` will try `zh-Hant`, then `zh`. An exact match is always preferred. ```ts app.use( languageDetector({ supportedLanguages: ['en', 'ja', 'zh-Hant'], fallbackLanguage: 'en', }) ) // Accept-Language: ja-JP β†’ matches 'ja' // Accept-Language: zh-Hant-CN β†’ matches 'zh-Hant' ``` ### Language Code Transformation Normalize complex codes (e.g., en-US β†’ en): ```ts app.use( languageDetector({ convertDetectedLanguage: (lang) => lang.split('-')[0], supportedLanguages: ['en', 'ja'], fallbackLanguage: 'en', }) ) ``` ### Cookie Configuration ```ts app.use( languageDetector({ lookupCookie: 'app_lang', caches: ['cookie'], cookieOptions: { path: '/', // Cookie path sameSite: 'Lax', // Cookie same-site policy secure: true, // Only send over HTTPS maxAge: 86400 * 365, // 1 year expiration httpOnly: true, // Not accessible via JavaScript domain: '.example.com', // Optional: specific domain }, }) ) ``` To disable cookie caching: ```ts languageDetector({ caches: false, }) ``` ### Debugging Log detection steps: ```ts languageDetector({ debug: true, // Shows: "Detected from querystring: ar" }) ``` ## Options Reference ### Basic Options | Option | Type | Default | Required | Description | | :------------------- | :--------------- | :------------------------------------ | :------- | :--------------------- | | `supportedLanguages` | `string[]` | `['en']` | Yes | Allowed language codes | | `fallbackLanguage` | `string` | `'en'` | Yes | Default language | | `order` | `DetectorType[]` | `['querystring', 'cookie', 'header']` | No | Detection sequence | | `debug` | `boolean` | `false` | No | Enable logging | ### Detection Options | Option | Type | Default | Description | | :-------------------- | :------- | :------------------ | :------------------- | | `lookupQueryString` | `string` | `'lang'` | Query parameter name | | `lookupCookie` | `string` | `'language'` | Cookie name | | `lookupFromHeaderKey` | `string` | `'accept-language'` | Header name | | `lookupFromPathIndex` | `number` | `0` | Path segment index | ### Cookie Options | Option | Type | Default | Description | | :----------------------- | :---------------------------- | :----------- | :------------------- | | `caches` | `CacheType[] \| false` | `['cookie']` | Cache settings | | `cookieOptions.path` | `string` | `'/'` | Cookie path | | `cookieOptions.sameSite` | `'Strict' \| 'Lax' \| 'None'` | `'Strict'` | SameSite policy | | `cookieOptions.secure` | `boolean` | `true` | HTTPS only | | `cookieOptions.maxAge` | `number` | `31536000` | Expiration (seconds) | | `cookieOptions.httpOnly` | `boolean` | `true` | JS accessibility | | `cookieOptions.domain` | `string` | `undefined` | Cookie domain | ### Advanced Options | Option | Type | Default | Description | | :------------------------ | :------------------------- | :---------- | :------------------------ | | `ignoreCase` | `boolean` | `true` | Case-insensitive matching | | `convertDetectedLanguage` | `(lang: string) => string` | `undefined` | Language code transformer | ## Validation & Error Handling - `fallbackLanguage` must be in `supportedLanguages` (throws error during setup) - `lookupFromPathIndex` must be β‰₯ 0 - Invalid configurations throw errors during middleware initialization - Failed detections silently use `fallbackLanguage` ## Common Recipes ### Path-Based Routing ```ts app.get('/:lang/home', (c) => { const lang = c.get('language') // 'en', 'ar', etc. return c.json({ message: getLocalizedContent(lang) }) }) ``` ### Multiple Supported Languages ```ts languageDetector({ supportedLanguages: ['en', 'en-GB', 'ar', 'ar-EG'], convertDetectedLanguage: (lang) => lang.replace('_', '-'), // Normalize }) ``` # Basic Auth Middleware This middleware can apply Basic authentication to a specified path. Implementing Basic authentication with Cloudflare Workers or other platforms is more complicated than it seems, but with this middleware, it's a breeze. For more information about how the Basic auth scheme works under the hood, see the [MDN docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#basic_authentication_scheme). ## Import ```ts import { Hono } from 'hono' import { basicAuth } from 'hono/basic-auth' ``` ## Usage ```ts const app = new Hono() app.use( '/auth/*', basicAuth({ username: 'hono', password: 'acoolproject', }) ) app.get('/auth/page', (c) => { return c.text('You are authorized') }) ``` To restrict to a specific route + method: ```ts const app = new Hono() app.get('/auth/page', (c) => { return c.text('Viewing page') }) app.delete( '/auth/page', basicAuth({ username: 'hono', password: 'acoolproject' }), (c) => { return c.text('Page deleted') } ) ``` If you want to verify the user by yourself, specify the `verifyUser` option; returning `true` means it is accepted. ```ts const app = new Hono() app.use( basicAuth({ verifyUser: (username, password, c) => { return ( username === 'dynamic-user' && password === 'hono-password' ) }, }) ) ``` ## Options ### username: `string` The username of the user who is authenticating. ### password: `string` The password value for the provided username to authenticate against. ### realm: `string` The domain name of the realm, as part of the returned WWW-Authenticate challenge header. The default is `"Secure Area"`. See more: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate#directives ### hashFunction: `Function` A function to handle hashing for safe comparison of passwords. ### verifyUser: `(username: string, password: string, c: Context) => boolean | Promise` The function to verify the user. ### invalidUserMessage: `string | object | MessageFunction` `MessageFunction` is `(c: Context) => string | object | Promise`. The custom message if the user is invalid. ### onAuthSuccess: `(c: Context, username: string) => void | Promise` A callback function invoked after successful authentication. This allows you to set context variables or perform side effects without re-parsing the Authorization header. ```ts app.use( '/auth/*', basicAuth({ username: 'hono', password: 'acoolproject', onAuthSuccess: (c, username) => { c.set('username', username) }, }) ) app.get('/auth/page', (c) => { const username = c.get('username') return c.text(`Hello, ${username}!`) }) ``` ## More Options ### ...users: `{ username: string, password: string }[]` ## Recipes ### Defining Multiple Users This middleware also allows you to pass arbitrary parameters containing objects defining more `username` and `password` pairs. ```ts app.use( '/auth/*', basicAuth( { username: 'hono', password: 'acoolproject', // Define other params in the first object realm: 'www.example.com', }, { username: 'hono-admin', password: 'super-secure', // Cannot redefine other params here }, { username: 'hono-user-1', password: 'a-secret', // Or here } ) ) ``` Or less hardcoded: ```ts import { users } from '../config/users' app.use( '/auth/*', basicAuth( { realm: 'www.example.com', ...users[0], }, ...users.slice(1) ) ) ``` # Context Storage Middleware The Context Storage Middleware stores the Hono `Context` in the `AsyncLocalStorage`, to make it globally accessible. ::: info **Note** This middleware uses `AsyncLocalStorage`. The runtime should support it. **Cloudflare Workers**: To enable `AsyncLocalStorage`, add the [`nodejs_compat` or `nodejs_als` flag](https://developers.cloudflare.com/workers/configuration/compatibility-dates/#nodejs-compatibility-flag) to yourΒ `wrangler.toml`Β file. ::: ## Import ```ts import { Hono } from 'hono' import { contextStorage, getContext, tryGetContext, } from 'hono/context-storage' ``` ## Usage The `getContext()` will return the current Context object if the `contextStorage()` is applied as a middleware. ```ts type Env = { Variables: { message: string } } const app = new Hono() app.use(contextStorage()) app.use(async (c, next) => { c.set('message', 'Hello!') await next() }) // You can access the variable outside the handler. const getMessage = () => { return getContext().var.message } app.get('/', (c) => { return c.text(getMessage()) }) ``` On Cloudflare Workers, you can access the bindings outside the handler. ```ts type Env = { Bindings: { KV: KVNamespace } } const app = new Hono() app.use(contextStorage()) const setKV = (value: string) => { return getContext().env.KV.put('key', value) } ``` ## tryGetContext `tryGetContext()` works like `getContext()`, but returns `undefined` instead of throwing an error when the context is not available: ```ts const context = tryGetContext() if (context) { // Context is available console.log(context.var.message) } ``` # Bearer Auth Middleware The Bearer Auth Middleware provides authentication by verifying an API token in the Request header. The HTTP clients accessing the endpoint will add the `Authorization` header with `Bearer {token}` as the header value. Using `curl` from the terminal, it would look like this: ```sh curl -H 'Authorization: Bearer honoiscool' http://localhost:8787/auth/page ``` ## Import ```ts import { Hono } from 'hono' import { bearerAuth } from 'hono/bearer-auth' ``` ## Usage > [!NOTE] > Your `token` must match the regex `/[A-Za-z0-9._~+/-]+=*/`, otherwise a 400 error will be returned. Notably, this regex accommodates both URL-safe Base64- and standard Base64-encoded JWTs. This middleware does not require the bearer token to be a JWT, just that it matches the above regex. ```ts const app = new Hono() const token = 'honoiscool' app.use('/api/*', bearerAuth({ token })) app.get('/api/page', (c) => { return c.json({ message: 'You are authorized' }) }) ``` To restrict to a specific route + method: ```ts const app = new Hono() const token = 'honoiscool' app.get('/api/page', (c) => { return c.json({ message: 'Read posts' }) }) app.post('/api/page', bearerAuth({ token }), (c) => { return c.json({ message: 'Created post!' }, 201) }) ``` To implement multiple tokens (E.g., any valid token can read but create/update/delete are restricted to a privileged token): ```ts const app = new Hono() const readToken = 'read' const privilegedToken = 'read+write' const privilegedMethods = ['POST', 'PUT', 'PATCH', 'DELETE'] app.on('GET', '/api/page/*', async (c, next) => { // List of valid tokens const bearer = bearerAuth({ token: [readToken, privilegedToken] }) return bearer(c, next) }) app.on(privilegedMethods, '/api/page/*', async (c, next) => { // Single valid privileged token const bearer = bearerAuth({ token: privilegedToken }) return bearer(c, next) }) // Define handlers for GET, POST, etc. ``` If you want to verify the value of the token yourself, specify the `verifyToken` option; returning `true` means it is accepted. ```ts const app = new Hono() app.use( '/auth-verify-token/*', bearerAuth({ verifyToken: async (token, c) => { return token === 'dynamic-token' }, }) ) ``` ## Options ### token: `string` | `string[]` The string to validate the incoming bearer token against. ### realm: `string` The domain name of the realm, as part of the returned WWW-Authenticate challenge header. The default is `""`. See more: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate#directives ### prefix: `string` The prefix (or known as `schema`) for the Authorization header value. The default is `"Bearer"`. ### headerName: `string` The header name. The default value is `Authorization`. ### hashFunction: `Function` A function to handle hashing for safe comparison of authentication tokens. ### verifyToken: `(token: string, c: Context) => boolean | Promise` The function to verify the token. ### noAuthenticationHeader: `object` Customizes the error response when the request does not have an authentication header. - `wwwAuthenticateHeader`: `string | object | MessageFunction` - Customizes the WWW-Authenticate header value. - `message`: `string | object | MessageFunction` - The custom message for the response body. `MessageFunction` is `(c: Context) => string | object | Promise`. ### invalidAuthenticationHeader: `object` Customizes the error response when the authentication header format is invalid. - `wwwAuthenticateHeader`: `string | object | MessageFunction` - Customizes the WWW-Authenticate header value. - `message`: `string | object | MessageFunction` - The custom message for the response body. ### invalidToken: `object` Customizes the error response when the token is invalid. - `wwwAuthenticateHeader`: `string | object | MessageFunction` - Customizes the WWW-Authenticate header value. - `message`: `string | object | MessageFunction` - The custom message for the response body. # Combine Middleware Combine Middleware combines multiple middleware functions into a single middleware. It provides three functions: - `some` - Runs only one of the given middleware. - `every` - Runs all given middleware. - `except` - Runs all given middleware only if a condition is not met. ## Import ```ts import { Hono } from 'hono' import { some, every, except } from 'hono/combine' ``` ## Usage Here's an example of complex access control rules using Combine Middleware. ```ts import { Hono } from 'hono' import { bearerAuth } from 'hono/bearer-auth' import { getConnInfo } from 'hono/cloudflare-workers' import { every, some } from 'hono/combine' import { ipRestriction } from 'hono/ip-restriction' import { rateLimit } from '@/my-rate-limit' const app = new Hono() app.use( '*', some( every( ipRestriction(getConnInfo, { allowList: ['192.168.0.2'] }), bearerAuth({ token }) ), // If both conditions are met, rateLimit will not execute. rateLimit() ) ) app.get('/', (c) => c.text('Hello Hono!')) ``` ### some Runs the first middleware that returns true. Middleware is applied in order, and if any middleware exits successfully, subsequent middleware will not run. ```ts import { some } from 'hono/combine' import { bearerAuth } from 'hono/bearer-auth' import { myRateLimit } from '@/rate-limit' // If client has a valid token, skip rate limiting. // Otherwise, apply rate limiting. app.use( '/api/*', some(bearerAuth({ token }), myRateLimit({ limit: 100 })) ) ``` ### every Runs all middleware and stops if any of them fail. Middleware is applied in order, and if any middleware throws an error, subsequent middleware will not run. ```ts import { some, every } from 'hono/combine' import { bearerAuth } from 'hono/bearer-auth' import { myCheckLocalNetwork } from '@/check-local-network' import { myRateLimit } from '@/rate-limit' // If client is in local network, skip authentication and rate limiting. // Otherwise, apply authentication and rate limiting. app.use( '/api/*', some( myCheckLocalNetwork(), every(bearerAuth({ token }), myRateLimit({ limit: 100 })) ) ) ``` ### except Runs all middleware except when the condition is met. You can pass a string or function as the condition. If multiple targets need to be matched, pass them as an array. ```ts import { except } from 'hono/combine' import { bearerAuth } from 'hono/bearer-auth' // If client is accessing public API, skip authentication. // Otherwise, require a valid token. app.use('/api/*', except('/api/public/*', bearerAuth({ token }))) ``` # Body Limit Middleware The Body Limit Middleware can limit the file size of the request body. This middleware first uses the value of the `Content-Length` header in the request, if present. If it is not set, it reads the body in the stream and executes an error handler if it is larger than the specified file size. ## Import ```ts import { Hono } from 'hono' import { bodyLimit } from 'hono/body-limit' ``` ## Usage ```ts const app = new Hono() app.post( '/upload', bodyLimit({ maxSize: 50 * 1024, // 50kb onError: (c) => { return c.text('overflow :(', 413) }, }), async (c) => { const body = await c.req.parseBody() if (body['file'] instanceof File) { console.log(`Got file sized: ${body['file'].size}`) } return c.text('pass :)') } ) ``` ## Options ### maxSize: `number` The maximum file size of the file you want to limit. The default is `100 * 1024` - `100kb`. ### onError: `OnError` The error handler to be invoked if the specified file size is exceeded. ## Usage with Bun for large requests If the Body Limit Middleware is used explicitly to allow a request body larger than the default, it might be necessary to make changes to your `Bun.serve` configuration accordingly. [At the time of writing](https://github.com/oven-sh/bun/blob/f2cfa15e4ef9d730fc6842ad8b79fb7ab4c71cb9/packages/bun-types/bun.d.ts#L2191), `Bun.serve`'s default request body limit is 128MiB. If you set Hono's Body Limit Middleware to a value bigger than that, your requests will still fail and, additionally, the `onError` handler specified in the middleware will not be called. This is because `Bun.serve()` will set the status code to `413` and terminate the connection before passing the request to Hono. If you want to accept requests larger than 128MiB with Hono and Bun, you need to set the limit for Bun as well: ```ts export default { port: process.env['PORT'] || 3000, fetch: app.fetch, maxRequestBodySize: 1024 * 1024 * 200, // your value here } ``` or, depending on your setup: ```ts Bun.serve({ fetch(req, server) { return app.fetch(req, { ip: server.requestIP(req) }) }, maxRequestBodySize: 1024 * 1024 * 200, // your value here }) ``` # Logger Middleware It's a simple logger. ## Import ```ts import { Hono } from 'hono' import { logger } from 'hono/logger' ``` ## Usage ```ts const app = new Hono() app.use(logger()) app.get('/', (c) => c.text('Hello Hono!')) ``` ## Logging Details The Logger Middleware logs the following details for each request: - **Incoming Request**: Logs the HTTP method, request path, and incoming request. - **Outgoing Response**: Logs the HTTP method, request path, response status code, and request/response times. - **Status Code Coloring**: Response status codes are color-coded for better visibility and quick identification of status categories. Different status code categories are represented by different colors. - **Elapsed Time**: The time taken for the request/response cycle is logged in a human-readable format, either in milliseconds (ms) or seconds (s). By using the Logger Middleware, you can easily monitor the flow of requests and responses in your Hono application and quickly identify any issues or performance bottlenecks. You can also extend the middleware further by providing your own `PrintFunc` function for tailored logging behavior. ::: tip To disable _status code coloring_, you can set a `NO_COLOR` environment variable. This is a common way to disable ANSI color escape codes in logging libraries, and is described at . Note that Cloudflare Workers do not have a `process.env` object, so will default to plaintext log output. ::: ## PrintFunc The Logger Middleware accepts an optional `PrintFunc` function as a parameter. This function allows you to customize the logger and add additional logs. ## Options ### fn: `PrintFunc(str: string, ...rest: string[])` - `str`: Passed by the logger. - `...rest`: Additional string props to be printed to console. ### Example Setting up a custom `PrintFunc` function to the Logger Middleware: ```ts export const customLogger = (message: string, ...rest: string[]) => { console.log(message, ...rest) } app.use(logger(customLogger)) ``` Setting up the custom logger in a route: ```ts app.post('/blog', (c) => { // Routing logic customLogger('Blog saved:', `Path: ${blog.url},`, `ID: ${blog.id}`) // Output // <-- POST /blog // Blog saved: Path: /blog/example, ID: 1 // --> POST /blog 201 93ms // Return Context }) ``` # JWT Auth Middleware The JWT Auth Middleware provides authentication by verifying the token with JWT. The middleware will check for an `Authorization` header if the `cookie` option is not set. You can customize the header name using the `headerName` option. :::info The Authorization header sent from the client must have a specified scheme. Example: `Bearer my.token.value` or `Basic my.token.value` ::: ## Import ```ts import { Hono } from 'hono' import { jwt } from 'hono/jwt' import type { JwtVariables } from 'hono/jwt' ``` ## Usage ```ts // Specify the variable types to infer the `c.get('jwtPayload')`: type Variables = JwtVariables const app = new Hono<{ Variables: Variables }>() app.use( '/auth/*', jwt({ secret: 'it-is-very-secret', alg: 'HS256', }) ) app.get('/auth/page', (c) => { return c.text('You are authorized') }) ``` Get payload: ```ts const app = new Hono() app.use( '/auth/*', jwt({ secret: 'it-is-very-secret', alg: 'HS256', issuer: 'my-trusted-issuer', }) ) app.get('/auth/page', (c) => { const payload = c.get('jwtPayload') return c.json(payload) // eg: { "sub": "1234567890", "name": "John Doe", "iat": 1516239022, "iss": "my-trusted-issuer" } }) ``` ::: tip `jwt()` is just a middleware function. If you want to use an environment variable (eg: `c.env.JWT_SECRET`), you can use it as follows: ```js app.use('/auth/*', (c, next) => { const jwtMiddleware = jwt({ secret: c.env.JWT_SECRET, alg: 'HS256', }) return jwtMiddleware(c, next) }) ``` ::: ## Options ### secret: `string` A value of your secret key. ### alg: `string` An algorithm type that is used for verifying. Available types are `HS256` | `HS384` | `HS512` | `RS256` | `RS384` | `RS512` | `PS256` | `PS384` | `PS512` | `ES256` | `ES384` | `ES512` | `EdDSA`. ### cookie: `string` If this value is set, then the value is retrieved from the cookie header using that value as a key, which is then validated as a token. ### headerName: `string` The name of the header to look for the JWT token. The default is `Authorization`. ```ts app.use( '/auth/*', jwt({ secret: 'it-is-very-secret', alg: 'HS256', headerName: 'x-custom-auth-header', }) ) ``` ### verifyOptions: `VerifyOptions` Options controlling verification of the token. #### verifyOptions.iss: `string | RexExp` The expected issuer used for token verification. The `iss` claim will **not** be checked if this isn't set. #### verifyOptions.nbf: `boolean` The `nbf` (not before) claim will be verified if present and this is set to `true`. The default is `true`. #### verifyOptions.iat: `boolean` The `iat` (issued at) claim will be verified if present and this is set to `true`. The default is `true`. #### verifyOptions.exp: `boolean` The `exp` (expiration time) claim will be verified if present and this is set to `true`. The default is `true`. # ETag Middleware Using this middleware, you can add ETag headers easily. ## Import ```ts import { Hono } from 'hono' import { etag } from 'hono/etag' ``` ## Usage ```ts const app = new Hono() app.use('/etag/*', etag()) app.get('/etag/abc', (c) => { return c.text('Hono is cool') }) ``` ## The retained headers The 304 Response must include the headers that would have been sent in an equivalent 200 OK response. The default headers are Cache-Control, Content-Location, Date, ETag, Expires, and Vary. If you want to add the header that is sent, you can use `retainedHeaders` option and `RETAINED_304_HEADERS` strings array variable that includes the default headers: ```ts import { etag, RETAINED_304_HEADERS } from 'hono/etag' // ... app.use( '/etag/*', etag({ retainedHeaders: ['x-message', ...RETAINED_304_HEADERS], }) ) ``` ## Options ### weak: `boolean` Define using or not using a [weak validation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Conditional_requests#weak_validation). If `true` is set, then `w/` is added to the prefix of the value. The default is `false`. ### retainedHeaders: `string[]` The headers that you want to retain in the 304 Response. ### generateDigest: `(body: Uint8Array) => ArrayBuffer | Promise` A custom digest generation function. By default, it uses `SHA-1`. This function is called with the response body as a `Uint8Array` and should return a hash as an `ArrayBuffer` or a Promise of one. # Server-Timing Middleware The [Server-Timing](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Server-Timing) Middleware provides performance metrics in the response headers. ::: info Note: On Cloudflare Workers, the timer metrics may not be accurate, since [timers only show the time of last I/O](https://developers.cloudflare.com/workers/learning/security-model/#step-1-disallow-timers-and-multi-threading). ::: ## Import ```ts [npm] import { Hono } from 'hono' import { timing, setMetric, startTime, endTime, wrapTime, } from 'hono/timing' import type { TimingVariables } from 'hono/timing' ``` ## Usage ```js // Specify the variable types to infer the `c.get('metric')`: type Variables = TimingVariables const app = new Hono<{ Variables: Variables }>() // add the middleware to your router app.use(timing()); app.get('/', async (c) => { // add custom metrics setMetric(c, 'region', 'europe-west3') // add custom metrics with timing, must be in milliseconds setMetric(c, 'custom', 23.8, 'My custom Metric') // start a new timer startTime(c, 'db'); const data = await db.findMany(...); // end the timer endTime(c, 'db'); // ...or you can also just wrap a Promise using this function: const data = await wrapTime(c, 'db', db.findMany(...)); return c.json({ response: data }); }); ``` ### Conditionally enabled ```ts const app = new Hono() app.use( '*', timing({ // c: Context of the request enabled: (c) => c.req.method === 'POST', }) ) ``` ## Result ![](/images/timing-example.png) ## Options ### total: `boolean` Show the total response time. The default is `true`. ### enabled: `boolean` | `(c: Context) => boolean` Whether timings should be added to the headers or not. The default is `true`. ### totalDescription: `boolean` Description for the total response time. The default is `Total Response Time`. ### autoEnd: `boolean` If `startTime()` should end automatically at the end of the request. If disabled, not manually ended timers will not be shown. ### crossOrigin: `boolean` | `string` | `(c: Context) => boolean | string` The origin this timings header should be readable. - If false, only from current origin. - If true, from all origin. - If string, from this domain(s). Multiple domains must be separated with a comma. The default is `false`. See more [docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Timing-Allow-Origin). # CSRF Protection This middleware protects against CSRF attacks by checking both the `Origin` header and the `Sec-Fetch-Site` header. The request is allowed if either validation passes. The middleware only validates requests that: - Use unsafe HTTP methods (not GET, HEAD, or OPTIONS) - Have content types that can be sent by HTML forms (`application/x-www-form-urlencoded`, `multipart/form-data`, or `text/plain`) Old browsers that do not send `Origin` headers, or environments that use reverse proxies to remove these headers, may not work well. In such environments, use other CSRF token methods. ## Import ```ts import { Hono } from 'hono' import { csrf } from 'hono/csrf' ``` ## Usage ```ts const app = new Hono() // Default: both origin and sec-fetch-site validation app.use(csrf()) // Allow specific origins app.use(csrf({ origin: 'https://myapp.example.com' })) // Allow multiple origins app.use( csrf({ origin: [ 'https://myapp.example.com', 'https://development.myapp.example.com', ], }) ) // Allow specific sec-fetch-site values app.use(csrf({ secFetchSite: 'same-origin' })) app.use(csrf({ secFetchSite: ['same-origin', 'none'] })) // Dynamic origin validation // It is strongly recommended that the protocol be verified to ensure a match to `$`. // You should *never* do a forward match. app.use( '*', csrf({ origin: (origin) => /https:\/\/(\w+\.)?myapp\.example\.com$/.test(origin), }) ) // Dynamic sec-fetch-site validation app.use( csrf({ secFetchSite: (secFetchSite, c) => { // Always allow same-origin if (secFetchSite === 'same-origin') return true // Allow cross-site for webhook endpoints if ( secFetchSite === 'cross-site' && c.req.path.startsWith('/webhook/') ) { return true } return false }, }) ) ``` ## Options ### origin: `string` | `string[]` | `Function` Specify allowed origins for CSRF protection. - **`string`**: Single allowed origin (e.g., `'https://example.com'`) - **`string[]`**: Array of allowed origins - **`Function`**: Custom handler `(origin: string, context: Context) => boolean` for flexible origin validation and bypass logic **Default**: Only same origin as the request URL The function handler receives the request's `Origin` header value and the request context, allowing for dynamic validation based on request properties like path, headers, or other context data. ### secFetchSite: `string` | `string[]` | `Function` Specify allowed Sec-Fetch-Site header values for CSRF protection using [Fetch Metadata](https://web.dev/articles/fetch-metadata). - **`string`**: Single allowed value (e.g., `'same-origin'`) - **`string[]`**: Array of allowed values (e.g., `['same-origin', 'none']`) - **`Function`**: Custom handler `(secFetchSite: string, context: Context) => boolean` for flexible validation **Default**: Only allows `'same-origin'` Standard Sec-Fetch-Site values: - `same-origin`: Request from same origin - `same-site`: Request from same site (different subdomain) - `cross-site`: Request from different site - `none`: Request not from a web page (e.g., browser address bar, bookmark) The function handler receives the request's `Sec-Fetch-Site` header value and the request context, enabling dynamic validation based on request properties. # Cache Middleware The Cache middleware uses the Web Standards' [Cache API](https://developer.mozilla.org/en-US/docs/Web/API/Cache). The Cache middleware currently supports Cloudflare Workers projects using custom domains and Deno projects using [Deno 1.26+](https://github.com/denoland/deno/releases/tag/v1.26.0). Also available with Deno Deploy. Cloudflare Workers respects the `Cache-Control` header and return cached responses. For details, refer to [Cache on Cloudflare Docs](https://developers.cloudflare.com/workers/runtime-apis/cache/). Deno does not respect headers, so if you need to update the cache, you will need to implement your own mechanism. See [Usage](#usage) below for instructions on each platform. ## Import ```ts import { Hono } from 'hono' import { cache } from 'hono/cache' ``` ## Usage ::: code-group ```ts [Cloudflare Workers] app.get( '*', cache({ cacheName: 'my-app', cacheControl: 'max-age=3600', }) ) ``` ```ts [Deno] // Must use `wait: true` for the Deno runtime app.get( '*', cache({ cacheName: 'my-app', cacheControl: 'max-age=3600', wait: true, }) ) ``` ::: ## Options ### cacheName: `string` | `(c: Context) => string` | `Promise` The name of the cache. Can be used to store multiple caches with different identifiers. ### wait: `boolean` A boolean indicating if Hono should wait for the Promise of the `cache.put` function to resolve before continuing with the request. _Required to be true for the Deno environment_. The default is `false`. ### cacheControl: `string` A string of directives for the `Cache-Control` header. See the [MDN docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control) for more information. When this option is not provided, no `Cache-Control` header is added to requests. ### vary: `string` | `string[]` Sets the `Vary` header in the response. If the original response header already contains a `Vary` header, the values are merged, removing any duplicates. Setting this to `*` will result in an error. For more details on the Vary header and its implications for caching strategies, refer to the [MDN docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Vary). ### keyGenerator: `(c: Context) => string | Promise` Generates keys for every request in the `cacheName` store. This can be used to cache data based on request parameters or context parameters. The default is `c.req.url`. ### cacheableStatusCodes: `number[]` An array of status codes that should be cached. The default is `[200]`. Use this option to cache responses with specific status codes. ```ts app.get( '*', cache({ cacheName: 'my-app', cacheControl: 'max-age=3600', cacheableStatusCodes: [200, 404, 412], }) ) ``` ### onCacheNotAvailable: `(() => void | Promise)` | `false` A callback function or `false` that controls the behavior when the Cache API is not available in the global scope. By default, a message is logged with `console.log`. You can provide a custom function to customize the behavior, or set it to `false` to suppress the log entirely. ```ts // Custom logging app.use( cache({ cacheName: 'my-app-v1', onCacheNotAvailable: () => { console.log('Custom log: Cache API is not available.') }, }) ) ``` ```ts // Suppress logging app.use( cache({ cacheName: 'my-app-v1', onCacheNotAvailable: false, }) ) ``` # Compress Middleware This middleware compresses the response body, according to `Accept-Encoding` request header. ::: info **Note**: On Cloudflare Workers and Deno Deploy, the response body will be compressed automatically, so there is no need to use this middleware. ::: ## Import ```ts import { Hono } from 'hono' import { compress } from 'hono/compress' ``` ## Usage ```ts const app = new Hono() app.use(compress()) ``` ## Options ### encoding: `'gzip'` | `'deflate'` The compression scheme to allow for response compression. Either `gzip` or `deflate`. If not defined, both are allowed and will be used based on the `Accept-Encoding` header. `gzip` is prioritized if this option is not provided and the client provides both in the `Accept-Encoding` header. ### threshold: `number` The minimum size in bytes to compress. Defaults to 1024 bytes. ### contentTypeFilter: `RegExp` | `(contentType: string) => boolean` A `RegExp` or function to determine whether the response should be compressed based on its `Content-Type`. By default, a built-in list of compressible Content-Types is used. You can pass a `RegExp` to compress only matching Content-Types: ```ts // Compress only JSON responses app.use(compress({ contentTypeFilter: /^application\/json/ })) ``` Or pass a function for custom logic. The built-in `COMPRESSIBLE_CONTENT_TYPE_REGEX` is also exported so you can extend the default behavior: ```ts import { compress, COMPRESSIBLE_CONTENT_TYPE_REGEX, } from 'hono/compress' // Compress the default Content-Types plus a custom one app.use( compress({ contentTypeFilter: (type) => COMPRESSIBLE_CONTENT_TYPE_REGEX.test(type) || type === 'application/x-myformat', }) ) ``` # Secure Headers Middleware Secure Headers Middleware simplifies the setup of security headers. Inspired in part by the capabilities of Helmet, it allows you to control the activation and deactivation of specific security headers. ## Import ```ts import { Hono } from 'hono' import { secureHeaders } from 'hono/secure-headers' ``` ## Usage You can use the optimal settings by default. ```ts const app = new Hono() app.use(secureHeaders()) ``` You can suppress unnecessary headers by setting them to false. ```ts const app = new Hono() app.use( '*', secureHeaders({ xFrameOptions: false, xXssProtection: false, }) ) ``` You can override default header values using a string. ```ts const app = new Hono() app.use( '*', secureHeaders({ strictTransportSecurity: 'max-age=63072000; includeSubDomains; preload', xFrameOptions: 'DENY', xXssProtection: '1', }) ) ``` ## Supported Options Each option corresponds to the following Header Key-Value pairs. | Option | Header | Value | Default | | ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------- | ---------- | | - | X-Powered-By | (Delete Header) | True | | contentSecurityPolicy | [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) | Usage: [Setting Content-Security-Policy](#setting-content-security-policy) | No Setting | | contentSecurityPolicyReportOnly | [Content-Security-Policy-Report-Only](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only) | Usage: [Setting Content-Security-Policy](#setting-content-security-policy) | No Setting | | trustedTypes | [Trusted Types](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/trusted-types) | Usage: [Setting Content-Security-Policy](#setting-content-security-policy) | No Setting | | requireTrustedTypesFor | [Require Trusted Types For](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/require-trusted-types-for) | Usage: [Setting Content-Security-Policy](#setting-content-security-policy) | No Setting | | crossOriginEmbedderPolicy | [Cross-Origin-Embedder-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy) | require-corp | **False** | | crossOriginResourcePolicy | [Cross-Origin-Resource-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy) | same-origin | True | | crossOriginOpenerPolicy | [Cross-Origin-Opener-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy) | same-origin | True | | originAgentCluster | [Origin-Agent-Cluster](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin-Agent-Cluster) | ?1 | True | | referrerPolicy | [Referrer-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) | no-referrer | True | | reportingEndpoints | [Reporting-Endpoints](https://www.w3.org/TR/reporting-1/#header) | Usage: [Setting Content-Security-Policy](#setting-content-security-policy) | No Setting | | reportTo | [Report-To](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to) | Usage: [Setting Content-Security-Policy](#setting-content-security-policy) | No Setting | | strictTransportSecurity | [Strict-Transport-Security](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) | max-age=15552000; includeSubDomains | True | | xContentTypeOptions | [X-Content-Type-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options) | nosniff | True | | xDnsPrefetchControl | [X-DNS-Prefetch-Control](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control) | off | True | | xDownloadOptions | [X-Download-Options](https://learn.microsoft.com/en-us/archive/blogs/ie/ie8-security-part-v-comprehensive-protection#mime-handling-force-save) | noopen | True | | xFrameOptions | [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) | SAMEORIGIN | True | | xPermittedCrossDomainPolicies | [X-Permitted-Cross-Domain-Policies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Permitted-Cross-Domain-Policies) | none | True | | xXssProtection | [X-XSS-Protection](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) | 0 | True | | permissionPolicy | [Permissions-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy) | Usage: [Setting Permission-Policy](#setting-permission-policy) | No Setting | ## Middleware Conflict Please be cautious about the order of specification when dealing with middleware that manipulates the same header. In this case, Secure-headers operates and the `x-powered-by` is removed: ```ts const app = new Hono() app.use(secureHeaders()) app.use(poweredBy()) ``` In this case, Powered-By operates and the `x-powered-by` is added: ```ts const app = new Hono() app.use(poweredBy()) app.use(secureHeaders()) ``` ## Setting Content-Security-Policy ```ts const app = new Hono() app.use( '/test', secureHeaders({ reportingEndpoints: [ { name: 'endpoint-1', url: 'https://example.com/reports', }, ], // -- or alternatively // reportTo: [ // { // group: 'endpoint-1', // max_age: 10886400, // endpoints: [{ url: 'https://example.com/reports' }], // }, // ], contentSecurityPolicy: { defaultSrc: ["'self'"], baseUri: ["'self'"], childSrc: ["'self'"], connectSrc: ["'self'"], fontSrc: ["'self'", 'https:', 'data:'], formAction: ["'self'"], frameAncestors: ["'self'"], frameSrc: ["'self'"], imgSrc: ["'self'", 'data:'], manifestSrc: ["'self'"], mediaSrc: ["'self'"], objectSrc: ["'none'"], reportTo: 'endpoint-1', reportUri: '/csp-report', sandbox: ['allow-same-origin', 'allow-scripts'], scriptSrc: ["'self'"], scriptSrcAttr: ["'none'"], scriptSrcElem: ["'self'"], styleSrc: ["'self'", 'https:', "'unsafe-inline'"], styleSrcAttr: ['none'], styleSrcElem: ["'self'", 'https:', "'unsafe-inline'"], upgradeInsecureRequests: [], workerSrc: ["'self'"], }, }) ) ``` ### `nonce` attribute You can add a [`nonce` attribute](https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/nonce) to a `script` or `style` element by adding the `NONCE` imported from `hono/secure-headers` to a `scriptSrc` or `styleSrc`: ```tsx import { secureHeaders, NONCE } from 'hono/secure-headers' import type { SecureHeadersVariables } from 'hono/secure-headers' // Specify the variable types to infer the `c.get('secureHeadersNonce')`: type Variables = SecureHeadersVariables const app = new Hono<{ Variables: Variables }>() // Set the pre-defined nonce value to `scriptSrc`: app.get( '*', secureHeaders({ contentSecurityPolicy: { scriptSrc: [NONCE, 'https://allowed1.example.com'], }, }) ) // Get the value from `c.get('secureHeadersNonce')`: app.get('/', (c) => { return c.html( {/** contents */} `} ) }) const ws = app.get( '/ws', upgradeWebSocket((c) => { let intervalId return { onOpen(_event, ws) { intervalId = setInterval(() => { ws.send(new Date().toString()) }, 200) }, onClose() { clearInterval(intervalId) }, } }) ) export default { fetch: app.fetch, websocket, } ``` ### Node.js ```ts import { serve, upgradeWebSocket } from '@hono/node-server' import { Hono } from 'hono' import { WebSocketServer } from 'ws' const app = new Hono() app.get( '/ws', upgradeWebSocket(() => ({ onMessage(event, ws) { ws.send(event.data) }, })) ) const wss = new WebSocketServer({ noServer: true }) serve({ fetch: app.fetch, websocket: { server: wss }, }) ``` # Accepts Helper Accepts Helper helps to handle Accept headers in the Requests. ## Import ```ts import { Hono } from 'hono' import { accepts } from 'hono/accepts' ``` ## `accepts()` The `accepts()` function looks at the Accept header, such as Accept-Encoding and Accept-Language, and returns the proper value. ```ts import { accepts } from 'hono/accepts' app.get('/', (c) => { const accept = accepts(c, { header: 'Accept-Language', supports: ['en', 'ja', 'zh'], default: 'en', }) return c.json({ lang: accept }) }) ``` ### `AcceptHeader` type The definition of the `AcceptHeader` type is as follows. ```ts export type AcceptHeader = | 'Accept' | 'Accept-Charset' | 'Accept-Encoding' | 'Accept-Language' | 'Accept-Patch' | 'Accept-Post' | 'Accept-Ranges' ``` ## Options ### header: `AcceptHeader` The target accept header. ### supports: `string[]` The header values which your application supports. ### default: `string` The default values. ### match: `(accepts: Accept[], config: acceptsConfig) => string` The custom match function. # JWT Authentication Helper This helper provides functions for encoding, decoding, signing, and verifying JSON Web Tokens (JWTs). JWTs are commonly used for authentication and authorization purposes in web applications. This helper offers robust JWT functionality with support for various cryptographic algorithms. ## Import To use this helper, you can import it as follows: ```ts import { decode, sign, verify } from 'hono/jwt' ``` ::: info [JWT Middleware](/docs/middleware/builtin/jwt) also import the `jwt` function from the `hono/jwt`. ::: ## `sign()` This function generates a JWT token by encoding a payload and signing it using the specified algorithm and secret. ```ts sign( payload: unknown, secret: string, alg?: 'HS256'; ): Promise; ``` ### Example ```ts import { sign } from 'hono/jwt' const payload = { sub: 'user123', role: 'admin', exp: Math.floor(Date.now() / 1000) + 60 * 5, // Token expires in 5 minutes } const secret = 'mySecretKey' const token = await sign(payload, secret) ``` ### Options
#### payload: `unknown` The JWT payload to be signed. You can include other claims like in [Payload Validation](#payload-validation). #### secret: `string` The secret key used for JWT verification or signing. #### alg: [AlgorithmTypes](#supported-algorithmtypes) The algorithm used for JWT signing or verification. The default is HS256. ## `verify()` This function checks if a JWT token is genuine and still valid. It ensures the token hasn't been altered and checks validity only if you added [Payload Validation](#payload-validation). ```ts verify( token: string, secret: string, alg: 'HS256'; issuer?: string | RegExp; ): Promise; ``` ### Example ```ts import { verify } from 'hono/jwt' const tokenToVerify = 'token' const secretKey = 'mySecretKey' const decodedPayload = await verify(tokenToVerify, secretKey, 'HS256') console.log(decodedPayload) ``` ### Options
#### token: `string` The JWT token to be verified. #### secret: `string` The secret key used for JWT verification or signing. #### alg: [AlgorithmTypes](#supported-algorithmtypes) The algorithm used for JWT signing or verification. #### issuer: `string | RegExp` The expected issuer used for JWT verification. ## `decode()` This function decodes a JWT token without performing signature verification. It extracts and returns the header and payload from the token. ```ts decode(token: string): { header: any; payload: any }; ``` ### Example ```ts import { decode } from 'hono/jwt' // Decode the JWT token const tokenToDecode = 'eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJzdWIiOiAidXNlcjEyMyIsICJyb2xlIjogImFkbWluIn0.JxUwx6Ua1B0D1B0FtCrj72ok5cm1Pkmr_hL82sd7ELA' const { header, payload } = decode(tokenToDecode) console.log('Decoded Header:', header) console.log('Decoded Payload:', payload) ``` ### Options
#### token: `string` The JWT token to be decoded. > The `decode` function allows you to inspect the header and payload of a JWT token _**without**_ performing verification. This can be useful for debugging or extracting information from JWT tokens. ## Payload Validation When verifying a JWT token, the following payload validations are performed: - `exp`: The token is checked to ensure it has not expired. - `nbf`: The token is checked to ensure it is not being used before a specified time. - `iat`: The token is checked to ensure it is not issued in the future. - `iss`: The token is checked to ensure it has been issued by a trusted issuer. Please ensure that your JWT payload includes these fields, as an object, if you intend to perform these checks during verification. ## Custom Error Types The module also defines custom error types to handle JWT-related errors. - `JwtAlgorithmNotImplemented`: Indicates that the requested JWT algorithm is not implemented. - `JwtTokenInvalid`: Indicates that the JWT token is invalid. - `JwtTokenNotBefore`: Indicates that the token is being used before its valid date. - `JwtTokenExpired`: Indicates that the token has expired. - `JwtTokenIssuedAt`: Indicates that the "iat" claim in the token is incorrect. - `JwtTokenIssuer`: Indicates that the "iss" claim in the token is incorrect. - `JwtTokenSignatureMismatched`: Indicates a signature mismatch in the token. ## Supported AlgorithmTypes The module supports the following JWT cryptographic algorithms: - `HS256`: HMAC using SHA-256 - `HS384`: HMAC using SHA-384 - `HS512`: HMAC using SHA-512 - `RS256`: RSASSA-PKCS1-v1_5 using SHA-256 - `RS384`: RSASSA-PKCS1-v1_5 using SHA-384 - `RS512`: RSASSA-PKCS1-v1_5 using SHA-512 - `PS256`: RSASSA-PSS using SHA-256 and MGF1 with SHA-256 - `PS384`: RSASSA-PSS using SHA-386 and MGF1 with SHA-386 - `PS512`: RSASSA-PSS using SHA-512 and MGF1 with SHA-512 - `ES256`: ECDSA using P-256 and SHA-256 - `ES384`: ECDSA using P-384 and SHA-384 - `ES512`: ECDSA using P-521 and SHA-512 - `EdDSA`: EdDSA using Ed25519 # Dev Helper Dev Helper provides useful methods you can use in development. ```ts import { Hono } from 'hono' import { getRouterName, showRoutes } from 'hono/dev' ``` ## `getRouterName()` You can get the name of the currently used router with `getRouterName()`. ```ts const app = new Hono() // ... console.log(getRouterName(app)) ``` ## `showRoutes()` `showRoutes()` function displays the registered routes in your console. Consider an application like the following: ```ts const app = new Hono().basePath('/v1') app.get('/posts', (c) => { // ... }) app.get('/posts/:id', (c) => { // ... }) app.post('/posts', (c) => { // ... }) showRoutes(app, { verbose: true, }) ``` When this application starts running, the routes will be shown in your console as follows: ```txt GET /v1/posts GET /v1/posts/:id POST /v1/posts ``` ## Options ### verbose: `boolean` When set to `true`, it displays verbose information. ### colorize: `boolean` When set to `false`, the output will not be colored. # Proxy Helper Proxy Helper provides useful functions when using Hono application as a (reverse) proxy. ## Import ```ts import { Hono } from 'hono' import { proxy } from 'hono/proxy' ``` ## `proxy()` `proxy()` is a `fetch()` API wrapper for proxy. The parameters and return value are the same as for `fetch()` (except for the proxy-specific options). The `Accept-Encoding` header is replaced with an encoding that the current runtime can handle. Unnecessary response headers are removed, and a `Response` object is returned that can be sent from the handler. ### Examples Simple usage: ```ts app.get('/proxy/:path', (c) => { return proxy(`http://${originServer}/${c.req.param('path')}`) }) ``` Complicated usage: ```ts app.get('/proxy/:path', async (c) => { const res = await proxy( `http://${originServer}/${c.req.param('path')}`, { headers: { ...c.req.header(), // optional, specify only when forwarding all the request data (including credentials) is necessary. 'X-Forwarded-For': '127.0.0.1', 'X-Forwarded-Host': c.req.header('host'), Authorization: undefined, // do not propagate request headers contained in c.req.header('Authorization') }, } ) res.headers.delete('Set-Cookie') return res }) ``` Or you can pass the `c.req` as a parameter. ```ts app.all('/proxy/:path', (c) => { return proxy(`http://${originServer}/${c.req.param('path')}`, { ...c.req, // optional, specify only when forwarding all the request data (including credentials) is necessary. headers: { ...c.req.header(), 'X-Forwarded-For': '127.0.0.1', 'X-Forwarded-Host': c.req.header('host'), Authorization: undefined, // do not propagate request headers contained in c.req.header('Authorization') }, }) }) ``` You can override the default global `fetch` function with the `customFetch` option: ```ts app.get('/proxy', (c) => { return proxy('https://example.com/', { customFetch, }) }) ``` ### Connection Header Processing By default, `proxy()` ignores the `Connection` header to prevent Hop-by-Hop Header Injection attacks. You can enable strict RFC 9110 compliance with the `strictConnectionProcessing` option: ```ts // Default behavior (recommended for untrusted clients) app.get('/proxy/:path', (c) => { return proxy(`http://${originServer}/${c.req.param('path')}`, c.req) }) // Strict RFC 9110 compliance (use only in trusted environments) app.get('/internal-proxy/:path', (c) => { return proxy(`http://${internalServer}/${c.req.param('path')}`, { ...c.req, strictConnectionProcessing: true, }) }) ``` ### `ProxyFetch` The type of `proxy()` is defined as `ProxyFetch` and is as follows ```ts interface ProxyRequestInit extends Omit { raw?: Request customFetch?: (request: Request) => Promise strictConnectionProcessing?: boolean headers?: | HeadersInit | [string, string][] | Record | Record } interface ProxyFetch { ( input: string | URL | Request, init?: ProxyRequestInit ): Promise } ``` # Cookie Helper The Cookie Helper provides an easy interface to manage cookies, enabling developers to set, parse, and delete cookies seamlessly. ## Import ```ts import { Hono } from 'hono' import { deleteCookie, getCookie, getSignedCookie, setCookie, setSignedCookie, generateCookie, generateSignedCookie, } from 'hono/cookie' ``` ## Usage ### Regular cookies ```ts app.get('/cookie', (c) => { setCookie(c, 'cookie_name', 'cookie_value') const yummyCookie = getCookie(c, 'cookie_name') deleteCookie(c, 'cookie_name') const allCookies = getCookie(c) // ... }) ``` ### Signed cookies **NOTE**: Setting and retrieving signed cookies returns a Promise due to the async nature of the WebCrypto API, which is used to create HMAC SHA-256 signatures. ```ts app.get('/signed-cookie', (c) => { const secret = 'secret' // make sure it's a large enough string to be secure await setSignedCookie(c, 'cookie_name0', 'cookie_value', secret) const fortuneCookie = await getSignedCookie( c, secret, 'cookie_name0' ) deleteCookie(c, 'cookie_name0') // `getSignedCookie` will return `false` for a specified cookie if the signature was tampered with or is invalid const allSignedCookies = await getSignedCookie(c, secret) // ... }) ``` ### Cookie Generation `generateCookie` and `generateSignedCookie` functions allow you to create cookie strings directly without setting them in the response headers. #### `generateCookie` ```ts // Basic cookie generation const cookie = generateCookie('delicious_cookie', 'macha') // Returns: 'delicious_cookie=macha; Path=/' // Cookie with options const cookie = generateCookie('delicious_cookie', 'macha', { path: '/', secure: true, httpOnly: true, domain: 'example.com', }) ``` #### `generateSignedCookie` ```ts // Basic signed cookie generation const signedCookie = await generateSignedCookie( 'delicious_cookie', 'macha', 'secret chocolate chips' ) // Signed cookie with options const signedCookie = await generateSignedCookie( 'delicious_cookie', 'macha', 'secret chocolate chips', { path: '/', secure: true, httpOnly: true, } ) ``` **Note**: Unlike `setCookie` and `setSignedCookie`, these functions only generate the cookie strings. You need to manually set them in headers if needed. ## Options ### `setCookie` & `setSignedCookie` - domain: `string` - expires: `Date` - httpOnly: `boolean` - maxAge: `number` - path: `string` - secure: `boolean` - sameSite: `'Strict'` | `'Lax'` | `'None'` - priority: `'Low' | 'Medium' | 'High'` - prefix: `secure` | `'host'` - partitioned: `boolean` Example: ```ts // Regular cookies setCookie(c, 'great_cookie', 'banana', { path: '/', secure: true, domain: 'example.com', httpOnly: true, maxAge: 1000, expires: new Date(Date.UTC(2000, 11, 24, 10, 30, 59, 900)), sameSite: 'Strict', }) // Signed cookies await setSignedCookie( c, 'fortune_cookie', 'lots-of-money', 'secret ingredient', { path: '/', secure: true, domain: 'example.com', httpOnly: true, maxAge: 1000, expires: new Date(Date.UTC(2000, 11, 24, 10, 30, 59, 900)), sameSite: 'Strict', } ) ``` ### `deleteCookie` - path: `string` - secure: `boolean` - domain: `string` Example: ```ts deleteCookie(c, 'banana', { path: '/', secure: true, domain: 'example.com', }) ``` `deleteCookie` returns the deleted value: ```ts const deletedCookie = deleteCookie(c, 'delicious_cookie') ``` ## `__Secure-` and `__Host-` prefix The Cookie helper supports `__Secure-` and `__Host-` prefixes for cookie names. If you want to verify if the cookie name has a prefix, specify the prefix option. ```ts const securePrefixCookie = getCookie(c, 'yummy_cookie', 'secure') const hostPrefixCookie = getCookie(c, 'yummy_cookie', 'host') const securePrefixSignedCookie = await getSignedCookie( c, secret, 'fortune_cookie', 'secure' ) const hostPrefixSignedCookie = await getSignedCookie( c, secret, 'fortune_cookie', 'host' ) ``` Also, if you wish to specify a prefix when setting the cookie, specify a value for the prefix option. ```ts setCookie(c, 'delicious_cookie', 'macha', { prefix: 'secure', // or `host` }) await setSignedCookie( c, 'delicious_cookie', 'macha', 'secret choco chips', { prefix: 'secure', // or `host` } ) ``` ## Following the best practices A New Cookie RFC (a.k.a cookie-bis) and CHIPS include some best practices for Cookie settings that developers should follow. - [RFC6265bis-13](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-13) - `Max-Age`/`Expires` limitation - `__Host-`/`__Secure-` prefix limitation - [CHIPS-01](https://www.ietf.org/archive/id/draft-cutler-httpbis-partitioned-cookies-01.html) - `Partitioned` limitation Hono is following the best practices. The cookie helper will throw an `Error` when parsing cookies under the following conditions: - The cookie name starts with `__Secure-`, but `secure` option is not set. - The cookie name starts with `__Host-`, but `secure` option is not set. - The cookie name starts with `__Host-`, but `path` is not `/`. - The cookie name starts with `__Host-`, but `domain` is set. - The `maxAge` option value is greater than 400 days. - The `expires` option value is 400 days later than the current time. # Factory Helper The Factory Helper provides useful functions for creating Hono's components such as Middleware. Sometimes it's difficult to set the proper TypeScript types, but this helper facilitates that. ## Import ```ts import { Hono } from 'hono' import { createFactory, createMiddleware } from 'hono/factory' ``` ## `createFactory()` `createFactory()` will create an instance of the Factory class. ```ts import { createFactory } from 'hono/factory' const factory = createFactory() ``` You can pass your Env types as Generics: ```ts type Env = { Variables: { foo: string } } const factory = createFactory() ``` ### Options ### defaultAppOptions: `HonoOptions` The default options to pass to the Hono application created by `createApp()`. ```ts const factory = createFactory({ defaultAppOptions: { strict: false }, }) const app = factory.createApp() // `strict: false` is applied ``` ## `createMiddleware()` `createMiddleware()` is shortcut of `factory.createMiddleware()`. This function will create your custom middleware. ```ts const messageMiddleware = createMiddleware(async (c, next) => { await next() c.res.headers.set('X-Message', 'Good morning!') }) ``` Tip: If you want to get an argument like `message`, you can create it as a function like the following. ```ts const messageMiddleware = (message: string) => { return createMiddleware(async (c, next) => { await next() c.res.headers.set('X-Message', message) }) } app.use(messageMiddleware('Good evening!')) ``` ## `factory.createHandlers()` `createHandlers()` helps to define handlers in a different place than `app.get('/')`. ```ts import { createFactory } from 'hono/factory' import { logger } from 'hono/logger' // ... const factory = createFactory() const middleware = factory.createMiddleware(async (c, next) => { c.set('foo', 'bar') await next() }) const handlers = factory.createHandlers(logger(), middleware, (c) => { return c.json(c.var.foo) }) app.get('/api', ...handlers) ``` ## `factory.createApp()` `createApp()` helps to create an instance of Hono with the proper types. If you use this method with `createFactory()`, you can avoid redundancy in the definition of the `Env` type. If your application is like this, you have to set the `Env` in two places: ```ts import { createMiddleware } from 'hono/factory' type Env = { Variables: { myVar: string } } // 1. Set the `Env` to `new Hono()` const app = new Hono() // 2. Set the `Env` to `createMiddleware()` const mw = createMiddleware(async (c, next) => { await next() }) app.use(mw) ``` By using `createFactory()` and `createApp()`, you can set the `Env` only in one place. ```ts import { createFactory } from 'hono/factory' // ... // Set the `Env` to `createFactory()` const factory = createFactory() const app = factory.createApp() // factory also has `createMiddleware()` const mw = factory.createMiddleware(async (c, next) => { await next() }) ``` `createFactory()` can receive the `initApp` option to initialize an `app` created by `createApp()`. The following is an example that uses the option. ```ts // factory-with-db.ts type Env = { Bindings: { MY_DB: D1Database } Variables: { db: DrizzleD1Database } } export default createFactory({ initApp: (app) => { app.use(async (c, next) => { const db = drizzle(c.env.MY_DB) c.set('db', db) await next() }) }, }) ``` ```ts // crud.ts import factoryWithDB from './factory-with-db' const app = factoryWithDB.createApp() app.post('/posts', (c) => { c.var.db.insert() // ... }) ``` # Route Helper The Route Helper provides enhanced routing information for debugging and middleware development. It allows you to access detailed information about matched routes and the current route being processed. ## Import ```ts import { Hono } from 'hono' import { matchedRoutes, routePath, baseRoutePath, basePath, } from 'hono/route' ``` ## Usage ### Basic route information ```ts const app = new Hono() app.get('/posts/:id', (c) => { const currentPath = routePath(c) // '/posts/:id' const routes = matchedRoutes(c) // Array of matched routes return c.json({ path: currentPath, totalRoutes: routes.length, }) }) ``` ### Working with sub-applications ```ts const app = new Hono() const apiApp = new Hono() apiApp.get('/posts/:id', (c) => { return c.json({ routePath: routePath(c), // '/posts/:id' baseRoutePath: baseRoutePath(c), // '/api' basePath: basePath(c), // '/api' (with actual params) }) }) app.route('/api', apiApp) ``` ## `matchedRoutes()` Returns an array of all routes that matched the current request, including middleware. ```ts app.all('/api/*', (c, next) => { console.log('API middleware') return next() }) app.get('/api/users/:id', (c) => { const routes = matchedRoutes(c) // Returns: [ // { method: 'ALL', path: '/api/*', handler: [Function] }, // { method: 'GET', path: '/api/users/:id', handler: [Function] } // ] return c.json({ routes: routes.length }) }) ``` ## `routePath()` Returns the route path pattern registered for the current handler. ```ts app.get('/posts/:id', (c) => { console.log(routePath(c)) // '/posts/:id' return c.text('Post details') }) ``` ### Using with index parameter You can optionally pass an index parameter to get the route path at a specific position, similar to `Array.prototype.at()`. ```ts app.all('/api/*', (c, next) => { return next() }) app.get('/api/users/:id', (c) => { console.log(routePath(c, 0)) // '/api/*' (first matched route) console.log(routePath(c, -1)) // '/api/users/:id' (last matched route) return c.text('User details') }) ``` ## `baseRoutePath()` Returns the base path pattern of the current route as specified in routing. ```ts const subApp = new Hono() subApp.get('/posts/:id', (c) => { return c.text(baseRoutePath(c)) // '/:sub' }) app.route('/:sub', subApp) ``` ### Using with index parameter You can optionally pass an index parameter to get the base route path at a specific position, similar to `Array.prototype.at()`. ```ts app.all('/api/*', (c, next) => { return next() }) const subApp = new Hono() subApp.get('/users/:id', (c) => { console.log(baseRoutePath(c, 0)) // '/' (first matched route) console.log(baseRoutePath(c, -1)) // '/api' (last matched route) return c.text('User details') }) app.route('/api', subApp) ``` ## `basePath()` Returns the base path with embedded parameters from the actual request. ```ts const subApp = new Hono() subApp.get('/posts/:id', (c) => { return c.text(basePath(c)) // '/api' (for request to '/api/posts/123') }) app.route('/:sub', subApp) ``` # html Helper The html Helper lets you write HTML in JavaScript template literal with a tag named `html`. Using `raw()`, the content will be rendered as is. You have to escape these strings by yourself. ## Import ```ts import { Hono } from 'hono' import { html, raw } from 'hono/html' ``` ## `html` ```ts const app = new Hono() app.get('/:username', (c) => { const { username } = c.req.param() return c.html( html`

Hello! ${username}!

` ) }) ``` ### Insert snippets into JSX Insert the inline script into JSX: ```tsx app.get('/', (c) => { return c.html( Test Site {html` `} Hello! ) }) ``` ### Act as functional component Since `html` returns an HtmlEscapedString, it can act as a fully functional component without using JSX. #### Use `html` to speed up the process instead of `memo` ```typescript const Footer = () => html`
My Address...
` ``` ### Receives props and embeds values ```typescript interface SiteData { title: string description: string image: string children?: any } const Layout = (props: SiteData) => html` ${props.title} ${props.children} ` const Content = (props: { siteData: SiteData; name: string }) => (

Hello {props.name}

 ) app.get('/', (c) => { const props = { name: 'World', siteData: { title: 'Hello <> World', description: 'This is a description', image: 'https://example.com/image.png', }, } return c.html() }) ``` ## `raw()` ```ts app.get('/', (c) => { const name = 'John "Johnny" Smith' return c.html(html`

I'm ${raw(name)}.

`) }) ``` ## Tips Thanks to these libraries, Visual Studio Code and vim also interprets template literals as HTML, allowing syntax highlighting and formatting to be applied. - - # Context The `Context` object is instantiated for each request and kept until the response is returned. You can put values in it, set headers and a status code you want to return, and access HonoRequest and Response objects. ## req `req` is an instance of HonoRequest. For more details, see [HonoRequest](/docs/api/request). ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/hello', (c) => { const userAgent = c.req.header('User-Agent') // ... // ---cut-start--- return c.text(`Hello, ${userAgent}`) // ---cut-end--- }) ``` ## status() You can set an HTTP status code with `c.status()`. The default is `200`. You don't have to use `c.status()` if the code is `200`. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.post('/posts', (c) => { // Set HTTP status code c.status(201) return c.text('Your post is created!') }) ``` ## header() You can set HTTP Headers for the response. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/', (c) => { // Set headers c.header('X-Message', 'My custom message') return c.text('Hello!') }) ``` ## body() Return an HTTP response. ::: info **Note**: When returning text or HTML, it is recommended to use `c.text()` or `c.html()`. ::: ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/welcome', (c) => { c.header('Content-Type', 'text/plain') // Return the response body return c.body('Thank you for coming') }) ``` You can also write the following. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/welcome', (c) => { return c.body('Thank you for coming', 201, { 'X-Message': 'Hello!', 'Content-Type': 'text/plain', }) }) ``` The response is the same `Response` object as below. ```ts twoslash new Response('Thank you for coming', { status: 201, headers: { 'X-Message': 'Hello!', 'Content-Type': 'text/plain', }, }) ``` ## text() Render text as `Content-Type: text/plain`. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/say', (c) => { return c.text('Hello!') }) ``` ## json() Render JSON as `Content-Type: application/json`. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/api', (c) => { return c.json({ message: 'Hello!' }) }) ``` ## html() Render HTML as `Content-Type: text/html`. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/', (c) => { return c.html('

Hello! Hono!

') }) ``` ## notFound() Return a `Not Found` Response. You can customize it with [`app.notFound()`](/docs/api/hono#not-found). ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/notfound', (c) => { return c.notFound() }) ``` ## redirect() Redirect, default status code is `302`. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/redirect', (c) => { return c.redirect('/') }) app.get('/redirect-permanently', (c) => { return c.redirect('/', 301) }) ``` ## res You can access the [Response] object that will be returned. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- // Response object app.use('/', async (c, next) => { await next() c.res.headers.append('X-Debug', 'Debug message') }) ``` [Response]: https://developer.mozilla.org/en-US/docs/Web/API/Response ## set() / get() Get and set arbitrary key-value pairs, with a lifetime of the current request. This allows passing specific values between middleware or from middleware to route handlers. ```ts twoslash import { Hono } from 'hono' const app = new Hono<{ Variables: { message: string } }>() // ---cut--- app.use(async (c, next) => { c.set('message', 'Hono is cool!!') await next() }) app.get('/', (c) => { const message = c.get('message') return c.text(`The message is "${message}"`) }) ``` Pass the `Variables` as Generics to the constructor of `Hono` to make it type-safe. ```ts twoslash import { Hono } from 'hono' // ---cut--- type Variables = { message: string } const app = new Hono<{ Variables: Variables }>() ``` The value of `c.set` / `c.get` are retained only within the same request. They cannot be shared or persisted across different requests. ## var You can also access the value of a variable with `c.var`. ```ts twoslash import type { Context } from 'hono' declare const c: Context // ---cut--- const result = c.var.client.oneMethod() ``` If you want to create the middleware which provides a custom method, write like the following: ```ts twoslash import { Hono } from 'hono' import { createMiddleware } from 'hono/factory' // ---cut--- type Env = { Variables: { echo: (str: string) => string } } const app = new Hono() const echoMiddleware = createMiddleware(async (c, next) => { c.set('echo', (str) => str) await next() }) app.get('/echo', echoMiddleware, (c) => { return c.text(c.var.echo('Hello!')) }) ``` If you want to use the middleware in multiple handlers, you can use `app.use()`. Then, you have to pass the `Env` as Generics to the constructor of `Hono` to make it type-safe. ```ts twoslash import { Hono } from 'hono' import type { MiddlewareHandler } from 'hono/types' declare const echoMiddleware: MiddlewareHandler type Env = { Variables: { echo: (str: string) => string } } // ---cut--- const app = new Hono() app.use(echoMiddleware) app.get('/echo', (c) => { return c.text(c.var.echo('Hello!')) }) ``` ## render() / setRenderer() You can set a layout using `c.setRenderer()` within a custom middleware. ```tsx twoslash /** @jsx jsx */ /** @jsxImportSource hono/jsx */ import { Hono } from 'hono' const app = new Hono() // ---cut--- app.use(async (c, next) => { c.setRenderer((content) => { return c.html(

{content}

) }) await next() }) ``` Then, you can utilize `c.render()` to create responses within this layout. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/', (c) => { return c.render('Hello!') }) ``` The output of which will be: ```html

Hello!

``` Additionally, this feature offers the flexibility to customize arguments. To ensure type safety, types can be defined as: ```ts declare module 'hono' { interface ContextRenderer { ( content: string | Promise, head: { title: string } ): Response | Promise } } ``` Here's an example of how you can use this: ```ts app.use('/pages/*', async (c, next) => { c.setRenderer((content, head) => { return c.html( {head.title}
{head.title}

{content}

) }) await next() }) app.get('/pages/my-favorite', (c) => { return c.render(

Ramen and Sushi

, { title: 'My favorite', }) }) app.get('/pages/my-hobbies', (c) => { return c.render(

Watching baseball

, { title: 'My hobbies', }) }) ``` ## executionCtx You can access Cloudflare Workers' specific [ExecutionContext](https://developers.cloudflare.com/workers/runtime-apis/context/). ```ts twoslash import { Hono } from 'hono' const app = new Hono<{ Bindings: { KV: any } }>() declare const key: string declare const data: string // ---cut--- // ExecutionContext object app.get('/foo', async (c) => { c.executionCtx.waitUntil(c.env.KV.put(key, data)) // ... }) ``` The `ExecutionContext` also has an [`exports`](https://developers.cloudflare.com/workers/runtime-apis/context/#exports) field. To get autocomplete with Wrangler's generated types, you can use module augmentation: ```ts import 'hono' declare module 'hono' { interface ExecutionContext { readonly exports: Cloudflare.Exports } } ``` ## event You can access Cloudflare Workers' specific `FetchEvent`. This was used in "Service Worker" syntax. But, it is not recommended now. ```ts twoslash import { Hono } from 'hono' declare const key: string declare const data: string type KVNamespace = any // ---cut--- // Type definition to make type inference type Bindings = { MY_KV: KVNamespace } const app = new Hono<{ Bindings: Bindings }>() // FetchEvent object (only set when using Service Worker syntax) app.get('/foo', async (c) => { c.event.waitUntil(c.env.MY_KV.put(key, data)) // ... }) ``` ## env In Cloudflare Workers Environment variables, secrets, KV namespaces, D1 database, R2 bucket etc. that are bound to a worker are known as bindings. Regardless of type, bindings are always available as global variables and can be accessed via the context `c.env.BINDING_KEY`. ```ts twoslash import { Hono } from 'hono' type KVNamespace = any // ---cut--- // Type definition to make type inference type Bindings = { MY_KV: KVNamespace } const app = new Hono<{ Bindings: Bindings }>() // Environment object for Cloudflare Workers app.get('/', async (c) => { c.env.MY_KV.get('my-key') // ... }) ``` ## error If the Handler throws an error, the error object is placed in `c.error`. You can access it in your middleware. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.use(async (c, next) => { await next() if (c.error) { // do something... } }) ``` ## ContextVariableMap ::: warning `ContextVariableMap` adds types **globally** to all contexts, regardless of whether the middleware that sets the variable has actually run. This means `c.get('result')` will appear type-safe even in handlers where your middleware was never registered, potentially hiding `undefined` bugs at runtime. Take a look at the following example: ```ts declare module 'hono' { interface ContextVariableMap { result: string } } const mw = createMiddleware(async (c, next) => { c.set('result', 'some values') await next() }) const app = new Hono() // handler uses the middleware app.get('/foo', mw, (c) => { const val = c.get('result') // βœ… val is a string and typed as such, as expected }) // handler doesn't use the middleware app.get('/bar', (c) => { const val = c.get('result') // ❌ val is undefined but typed as a string, which can lead to runtime errors }) ``` ::: You can augment the `ContextVariableMap` interface to define types for context variables globally across your entire application. This is appropriate when a variable is set by middleware that is applied app-wide and is guaranteed to exist in the context. For example: ```ts declare module 'hono' { interface ContextVariableMap { result: string } } ``` You can then utilize this in your middleware: ```ts twoslash import { createMiddleware } from 'hono/factory' // ---cut--- const mw = createMiddleware(async (c, next) => { c.set('result', 'some values') // result is a string await next() }) ``` In a handler, the variable is inferred as the proper type: ```ts twoslash import { Hono } from 'hono' const app = new Hono<{ Variables: { result: string } }>() // ---cut--- app.get('/', (c) => { const val = c.get('result') // val is a string // ... return c.json({ result: val }) }) ``` # Routing Routing of Hono is flexible and intuitive. Let's take a look. ## Basic ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- // HTTP Methods app.get('/', (c) => c.text('GET /')) app.post('/', (c) => c.text('POST /')) app.put('/', (c) => c.text('PUT /')) app.delete('/', (c) => c.text('DELETE /')) // Wildcard app.get('/wild/*/card', (c) => { return c.text('GET /wild/*/card') }) // Any HTTP methods app.all('/hello', (c) => c.text('Any Method /hello')) // Custom HTTP method app.on('PURGE', '/cache', (c) => c.text('PURGE Method /cache')) // Multiple Method app.on(['PUT', 'DELETE'], '/post', (c) => c.text('PUT or DELETE /post') ) // Multiple Paths app.on('GET', ['/hello', '/ja/hello', '/en/hello'], (c) => c.text('Hello') ) ``` ## Path Parameter ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/user/:name', async (c) => { const name = c.req.param('name') // ^? // ... }) ``` or all parameters at once: ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/posts/:id/comment/:comment_id', async (c) => { const { id, comment_id } = c.req.param() // ^? // ... }) ``` ## Optional Parameter ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- // Will match `/api/animal` and `/api/animal/:type` app.get('/api/animal/:type?', (c) => c.text('Animal!')) ``` ## Regexp ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/post/:date{[0-9]+}/:title{[a-z]+}', async (c) => { const { date, title } = c.req.param() // ^? // ... }) ``` ## Including slashes ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/posts/:filename{.+\\.png}', async (c) => { //... }) ``` ## Chained route ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app .get('/endpoint', (c) => { return c.text('GET /endpoint') }) .post((c) => { return c.text('POST /endpoint') }) .delete((c) => { return c.text('DELETE /endpoint') }) ``` ## Grouping You can group the routes with the Hono instance and add them to the main app with the route method. ```ts twoslash import { Hono } from 'hono' // ---cut--- const book = new Hono() book.get('/', (c) => c.text('List Books')) // GET /book book.get('/:id', (c) => { // GET /book/:id const id = c.req.param('id') return c.text('Get Book: ' + id) }) book.post('/', (c) => c.text('Create Book')) // POST /book const app = new Hono() app.route('/book', book) ``` ## Grouping without changing base You can also group multiple instances while keeping base. ```ts twoslash import { Hono } from 'hono' // ---cut--- const book = new Hono() book.get('/book', (c) => c.text('List Books')) // GET /book book.post('/book', (c) => c.text('Create Book')) // POST /book const user = new Hono().basePath('/user') user.get('/', (c) => c.text('List Users')) // GET /user user.post('/', (c) => c.text('Create User')) // POST /user const app = new Hono() app.route('/', book) // Handle /book app.route('/', user) // Handle /user ``` ## Base path You can specify the base path. ```ts twoslash import { Hono } from 'hono' // ---cut--- const api = new Hono().basePath('/api') api.get('/book', (c) => c.text('List Books')) // GET /api/book ``` ## Routing with hostname It works fine if it includes a hostname. ```ts twoslash import { Hono } from 'hono' // ---cut--- const app = new Hono({ getPath: (req) => req.url.replace(/^https?:\/([^?]+).*$/, '$1'), }) app.get('/www1.example.com/hello', (c) => c.text('hello www1')) app.get('/www2.example.com/hello', (c) => c.text('hello www2')) ``` ## Routing with `host` Header value Hono can handle the `host` header value if you set the `getPath()` function in the Hono constructor. ```ts twoslash import { Hono } from 'hono' // ---cut--- const app = new Hono({ getPath: (req) => '/' + req.headers.get('host') + req.url.replace(/^https?:\/\/[^/]+(\/[^?]*).*/, '$1'), }) app.get('/www1.example.com/hello', (c) => c.text('hello www1')) // A following request will match the route: // new Request('http://www1.example.com/hello', { // headers: { host: 'www1.example.com' }, // }) ``` By applying this, for example, you can change the routing by `User-Agent` header. ## Routing priority Handlers or middleware will be executed in registration order. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/book/a', (c) => c.text('a')) // a app.get('/book/:slug', (c) => c.text('common')) // common ``` ``` GET /book/a ---> `a` GET /book/b ---> `common` ``` When a handler is executed, the process will be stopped. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('*', (c) => c.text('common')) // common app.get('/foo', (c) => c.text('foo')) // foo ``` ``` GET /foo ---> `common` // foo will not be dispatched ``` If you have the middleware that you want to execute, write the code above the handler. ```ts twoslash import { Hono } from 'hono' import { logger } from 'hono/logger' const app = new Hono() // ---cut--- app.use(logger()) app.get('/foo', (c) => c.text('foo')) ``` If you want to have a "_fallback_" handler, write the code below the other handler. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/bar', (c) => c.text('bar')) // bar app.get('*', (c) => c.text('fallback')) // fallback ``` ``` GET /bar ---> `bar` GET /foo ---> `fallback` ``` ## Grouping ordering Note that the mistake of grouping routings is hard to notice. The `route()` function takes the stored routing from the second argument (such as `three` or `two`) and adds it to its own (`two` or `app`) routing. ```ts three.get('/hi', (c) => c.text('hi')) two.route('/three', three) app.route('/two', two) export default app ``` It will return 200 response. ``` GET /two/three/hi ---> `hi` ``` However, if they are in the wrong order, it will return a 404. ```ts twoslash import { Hono } from 'hono' const app = new Hono() const two = new Hono() const three = new Hono() // ---cut--- three.get('/hi', (c) => c.text('hi')) app.route('/two', two) // `two` does not have routes two.route('/three', three) export default app ``` ``` GET /two/three/hi ---> 404 Not Found ``` # Presets Hono has several routers, each designed for a specific purpose. You can specify the router you want to use in the constructor of Hono. **Presets** are provided for common use cases, so you don't have to specify the router each time. The `Hono` class imported from all presets is the same, the only difference being the router. Therefore, you can use them interchangeably. ## `hono` Usage: ```ts twoslash import { Hono } from 'hono' ``` Routers: ```ts this.router = new SmartRouter({ routers: [new RegExpRouter(), new TrieRouter()], }) ``` ## `hono/quick` Usage: ```ts twoslash import { Hono } from 'hono/quick' ``` Router: ```ts this.router = new SmartRouter({ routers: [new LinearRouter(), new TrieRouter()], }) ``` ## `hono/tiny` Usage: ```ts twoslash import { Hono } from 'hono/tiny' ``` Router: ```ts this.router = new PatternRouter() ``` ## Which preset should I use? | Preset | Suitable platforms | | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `hono` | This is highly recommended for most use cases. Although the registration phase may be slower than `hono/quick`, it exhibits high performance once booted. It's ideal for long-life servers built with **Deno**, **Bun**, or **Node.js**. It is also suitable for **Fastly Compute**, as route registration occurs during the app build phase on that platform. For environments such as **Cloudflare Workers**, **Deno Deploy**, where v8 isolates are utilized, this preset is suitable as well because the isolations persist for a certain amount of time after booting. | | `hono/quick` | This preset is designed for environments where the application is initialized for every request. | | `hono/tiny` | This is the smallest router package and it's suitable for environments where resources are limited. | # API Hono's API is simple. Just composed by extended objects from Web Standards. So, you can understand it well quickly. In this section, we introduce API of Hono like below. - Hono object - About routing - Context object - About middleware # App - Hono `Hono` is the primary object. It will be imported first and used until the end. ```ts twoslash import { Hono } from 'hono' const app = new Hono() //... export default app // for Cloudflare Workers or Bun ``` ## Methods An instance of `Hono` has the following methods. - app.**HTTP_METHOD**(\[path,\]handler|middleware...) - app.**all**(\[path,\]handler|middleware...) - app.**on**(method|method[], path|path[], handler|middleware...) - app.**use**(\[path,\]middleware) - app.**route**(path, \[app\]) - app.**basePath**(path) - app.**notFound**(handler) - app.**onError**(err, handler) - app.**mount**(path, anotherApp) - app.**fire**() - app.**fetch**(request, env, event) - app.**request**(path, options) The first part of them is used for routing, please refer to the [routing section](/docs/api/routing). ## Not Found `app.notFound` allows you to customize a Not Found Response. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.notFound((c) => { return c.text('Custom 404 Message', 404) }) ``` :::warning The `notFound` method is only called from the top-level app. For more information, see this [issue](https://github.com/honojs/hono/issues/3465#issuecomment-2381210165). ::: ## Error Handling `app.onError` allows you to handle uncaught errors and return a custom Response. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.onError((err, c) => { console.error(`${err}`) return c.text('Custom Error Message', 500) }) ``` ::: info If both a parent app and its routes have `onError` handlers, the route-level handlers get priority. ::: ## fire() ::: warning **`app.fire()` is deprecated**. Use `fire()` from `hono/service-worker` instead. See the [Service Worker documentation](/docs/getting-started/service-worker) for details. ::: `app.fire()` automatically adds a global `fetch` event listener. This can be useful for environments that adhere to the [Service Worker API](https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API), such as [non-ES module Cloudflare Workers](https://developers.cloudflare.com/workers/reference/migrate-to-module-workers/). `app.fire()` executes the following for you: ```ts addEventListener('fetch', (event: FetchEventLike): void => { event.respondWith(this.dispatch(...)) }) ``` ## fetch() `app.fetch` will be the entry point of your application. For Cloudflare Workers, you can use the following: ```ts twoslash import { Hono } from 'hono' const app = new Hono() type Env = any type ExecutionContext = any // ---cut--- export default { fetch(request: Request, env: Env, ctx: ExecutionContext) { return app.fetch(request, env, ctx) }, } ``` or just do: ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- export default app ``` Bun: ```ts export default app // [!code --] export default { // [!code ++] port: 3000, // [!code ++] fetch: app.fetch, // [!code ++] } // [!code ++] ``` ## request() `request` is a useful method for testing. You can pass a URL or pathname to send a GET request. `app` will return a `Response` object. ```ts twoslash import { Hono } from 'hono' const app = new Hono() declare const test: (name: string, fn: () => void) => void declare const expect: (value: any) => any // ---cut--- test('GET /hello is ok', async () => { const res = await app.request('/hello') expect(res.status).toBe(200) }) ``` You can also pass a `Request` object: ```ts twoslash import { Hono } from 'hono' const app = new Hono() declare const test: (name: string, fn: () => void) => void declare const expect: (value: any) => any // ---cut--- test('POST /message is ok', async () => { const req = new Request('Hello!', { method: 'POST', }) const res = await app.request(req) expect(res.status).toBe(201) }) ``` ## mount() The `mount()` allows you to mount applications built with other frameworks into your Hono application. ```ts import { Router as IttyRouter } from 'itty-router' import { Hono } from 'hono' // Create itty-router application const ittyRouter = IttyRouter() // Handle `GET /itty-router/hello` ittyRouter.get('/hello', () => new Response('Hello from itty-router')) // Hono application const app = new Hono() // Mount! app.mount('/itty-router', ittyRouter.handle) ``` ## strict mode Strict mode defaults to `true` and distinguishes the following routes. - `/hello` - `/hello/` `app.get('/hello')` will not match `GET /hello/`. By setting strict mode to `false`, both paths will be treated equally. ```ts twoslash import { Hono } from 'hono' // ---cut--- const app = new Hono({ strict: false }) ``` ## router option The `router` option specifies which router to use. The default router is `SmartRouter`. If you want to use `RegExpRouter`, pass it to a new `Hono` instance: ```ts twoslash import { Hono } from 'hono' // ---cut--- import { RegExpRouter } from 'hono/router/reg-exp-router' const app = new Hono({ router: new RegExpRouter() }) ``` ## Generics You can pass Generics to specify the types of Cloudflare Workers Bindings and variables used in `c.set`/`c.get`. ```ts twoslash import { Hono } from 'hono' type User = any declare const user: User // ---cut--- type Bindings = { TOKEN: string } type Variables = { user: User } const app = new Hono<{ Bindings: Bindings Variables: Variables }>() app.use('/auth/*', async (c, next) => { const token = c.env.TOKEN // token is `string` // ... c.set('user', user) // user should be `User` await next() }) ``` # HonoRequest The `HonoRequest` is an object that can be taken from `c.req` which wraps a [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) object. ## param() Get the values of path parameters. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- // Captured params app.get('/entry/:id', async (c) => { const id = c.req.param('id') // ^? // ... }) // Get all params at once app.get('/entry/:id/comment/:commentId', async (c) => { const { id, commentId } = c.req.param() // ^? }) ``` ## query() Get querystring parameters. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- // Query params app.get('/search', async (c) => { const query = c.req.query('q') // ^? }) // Get all params at once app.get('/search', async (c) => { const { q, limit, offset } = c.req.query() // ^? }) ``` ## queries() Get multiple querystring parameter values, e.g. `/search?tags=A&tags=B` ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/search', async (c) => { // tags will be string[] const tags = c.req.queries('tags') // ^? // ... }) ``` ## header() Get the request header value. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/', (c) => { const userAgent = c.req.header('User-Agent') // ^? return c.text(`Your user agent is ${userAgent}`) }) ``` ::: warning When `c.req.header()` is called with no arguments, all keys in the returned record are **lowercase**. If you want to get the value of a header with an uppercase name, use `c.req.header(β€œX-Foo”)`. ```ts // ❌ Will not work const headerRecord = c.req.header() const foo = headerRecord['X-Foo'] // βœ… Will work const foo = c.req.header('X-Foo') ``` ::: ## parseBody() Parse Request body of type `multipart/form-data` or `application/x-www-form-urlencoded` ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.post('/entry', async (c) => { const body = await c.req.parseBody() // ... }) ``` `parseBody()` supports the following behaviors. **Single file** ```ts twoslash import { Context } from 'hono' declare const c: Context // ---cut--- const body = await c.req.parseBody() const data = body['foo'] // ^? ``` `body['foo']` is `(string | File)`. If multiple files are uploaded, the last one will be used. ### Multiple files ```ts twoslash import { Context } from 'hono' declare const c: Context // ---cut--- const body = await c.req.parseBody() body['foo[]'] ``` `body['foo[]']` is always `(string | File)[]`. `[]` postfix is required. ### Multiple files or fields with same name If you have an input field that allows multiple `` or multiple checkboxes with the same name ``. ```ts twoslash import { Context } from 'hono' declare const c: Context // ---cut--- const body = await c.req.parseBody({ all: true }) body['foo'] ``` `all` option is disabled by default. - If `body['foo']` is multiple files, it will be parsed to `(string | File)[]`. - If `body['foo']` is single file, it will be parsed to `(string | File)`. ### Dot notation If you set the `dot` option `true`, the return value is structured based on the dot notation. Imagine receiving the following data: ```ts twoslash const data = new FormData() data.append('obj.key1', 'value1') data.append('obj.key2', 'value2') ``` You can get the structured value by setting the `dot` option `true`: ```ts twoslash import { Context } from 'hono' declare const c: Context // ---cut--- const body = await c.req.parseBody({ dot: true }) // body is `{ obj: { key1: 'value1', key2: 'value2' } }` ``` ## json() Parses the request body of type `application/json` ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.post('/entry', async (c) => { const body = await c.req.json() // ... }) ``` ## text() Parses the request body of type `text/plain` ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.post('/entry', async (c) => { const body = await c.req.text() // ... }) ``` ## arrayBuffer() Parses the request body as an `ArrayBuffer` ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.post('/entry', async (c) => { const body = await c.req.arrayBuffer() // ... }) ``` ## blob() Parses the request body as a `Blob`. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.post('/entry', async (c) => { const body = await c.req.blob() // ... }) ``` ## formData() Parses the request body as a `FormData`. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.post('/entry', async (c) => { const body = await c.req.formData() // ... }) ``` ## valid() Get the validated data. ```ts app.post('/posts', async (c) => { const { title, body } = c.req.valid('form') // ... }) ``` Available targets are below. - `form` - `json` - `query` - `header` - `cookie` - `param` See the [Validation section](/docs/guides/validation) for usage examples. ## routePath ::: warning **Deprecated in v4.8.0**: This property is deprecated. Use `routePath()` from [Route Helper](/docs/helpers/route) instead. ::: You can retrieve the registered path within the handler like this: ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/posts/:id', (c) => { return c.json({ path: c.req.routePath }) }) ``` If you access `/posts/123`, it will return `/posts/:id`: ```json { "path": "/posts/:id" } ``` ## matchedRoutes ::: warning **Deprecated in v4.8.0**: This property is deprecated. Use `matchedRoutes()` from [Route Helper](/docs/helpers/route) instead. ::: It returns matched routes within the handler, which is useful for debugging. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.use(async function logger(c, next) { await next() c.req.matchedRoutes.forEach(({ handler, method, path }, i) => { const name = handler.name || (handler.length < 2 ? '[handler]' : '[middleware]') console.log( method, ' ', path, ' '.repeat(Math.max(10 - path.length, 0)), name, i === c.req.routeIndex ? '<- respond from here' : '' ) }) }) ``` ## path The request pathname. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/about/me', async (c) => { const pathname = c.req.path // `/about/me` // ... }) ``` ## url The request url strings. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/about/me', async (c) => { const url = c.req.url // `http://localhost:8787/about/me` // ... }) ``` ## method The method name of the request. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- app.get('/about/me', async (c) => { const method = c.req.method // `GET` // ... }) ``` ## raw The raw [`Request`](https://developer.mozilla.org/en-US/docs/Web/API/Request) object. ```ts // For Cloudflare Workers app.post('/', async (c) => { const metadata = c.req.raw.cf?.hostMetadata? // ... }) ``` ## cloneRawRequest() Clones the raw Request object from a HonoRequest. Works even after the request body has been consumed by validators or HonoRequest methods. ```ts twoslash import { Hono } from 'hono' const app = new Hono() import { cloneRawRequest } from 'hono/request' import { validator } from 'hono/validator' app.post( '/forward', validator('json', (data) => data), async (c) => { // Clone after validation const clonedReq = await cloneRawRequest(c.req) // Does not throw the error await clonedReq.json() // ... } ) ``` # HTTPException When a fatal error occurs, Hono (and many ecosystem middleware) may throw an `HTTPException`. This is a custom Hono `Error` that simplifies [returning error responses](#handling-httpexceptions). ## Throwing HTTPExceptions You can throw your own HTTPExceptions by specifying a status code, and either a message or a custom response. ### Custom Message For basic `text` responses, just set the error `message`. ```ts twoslash import { HTTPException } from 'hono/http-exception' throw new HTTPException(401, { message: 'Unauthorized' }) ``` ### Custom Response For other response types, or to set response headers, use the `res` option. _Note that the status passed to the constructor is the one used to create responses._ ```ts twoslash import { HTTPException } from 'hono/http-exception' const errorResponse = new Response('Unauthorized', { status: 401, // this gets ignored headers: { Authenticate: 'error="invalid_token"', }, }) throw new HTTPException(401, { res: errorResponse }) ``` ### Cause In either case, you can use the [`cause`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Error/cause) option to add arbitrary data to the HTTPException. ```ts twoslash import { Hono, Context } from 'hono' import { HTTPException } from 'hono/http-exception' const app = new Hono() declare const message: string declare const authorize: (c: Context) => Promise // ---cut--- app.post('/login', async (c) => { try { await authorize(c) } catch (cause) { throw new HTTPException(401, { message, cause }) } return c.redirect('/') }) ``` ## Handling HTTPExceptions You can handle uncaught HTTPExceptions with [`app.onError`](/docs/api/hono#error-handling). They include a `getResponse` method that returns a new `Response` created from the error `status`, and either the error `message`, or the [custom response](#custom-response) set when the error was thrown. ```ts twoslash import { Hono } from 'hono' const app = new Hono() // ---cut--- import { HTTPException } from 'hono/http-exception' // ... app.onError((err, c) => { if (err instanceof HTTPException) { // Return the error response generated by HTTPException return err.getResponse() } // For any other unexpected errors, log and return a generic 500 response console.error(err) return c.text('Internal Server Error', 500) }) ``` ::: warning **`HTTPException.getResponse` is not aware of `Context`**. To include headers already set in `Context`, you must apply them to a new `Response`. :::