@aetherframework/middleware 1.0.2

package/src/middleware/body-parser.js

@@ -0,0 +1,299 @@
+/**
+ * @license MIT
+ * Copyright (c) 2026-present AetherFramework Contributors.
+ * SPDX-License-Identifier: MIT
+ * @module @aetherframework/middleware/middleware/body-parser.js
+ */
+
+import { StringDecoder } from 'string_decoder';
+
+/**
+ * Parse size string to bytes
+ * @param {string|number} size - Size string like '1mb', '2kb', or bytes count
+ * @returns {number} - Size in bytes
+ */
+function parseSize(size) {
+    if (typeof size === 'number') return size;
+    if (typeof size !== 'string') return 0;
+
+    const units = {
+        'b': 1,
+        'kb': 1024,
+        'mb': 1024 * 1024,
+        'gb': 1024 * 1024 * 1024
+    };
+    
+    const parsedStr = size.toLowerCase();
+    const match = parsedStr.match(/^(\d+(?:\.\d+)?)\s*(b|kb|mb|gb)$/);
+    if (!match) {
+        throw new Error(`Invalid size format: ${size}`);
+    }
+    
+    // 💡 修复：正确读取捕获组
+    const value = parseFloat(match[1]); // 第一捕获组：纯数字
+    const unit = match[2];              // 第二捕获组：单位 (如 'mb')
+    return value * (units[unit] || 1);
+}
+
+/**
+ * Parse request body as buffer
+ * @param {Object} request - HTTP request object
+ * @param {number} limit - Maximum size in bytes
+ * @returns {Promise<Buffer>} - Request body buffer
+ */
+async function parseBodyBuffer(request, limit) {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        let totalLength = 0;
+        
+        request.on('data', (chunk) => {
+            totalLength += chunk.length;
+            
+            if (totalLength > limit) {
+                request.destroy();
+                reject(new Error(`Request body exceeded limit of ${limit} bytes`));
+                return;
+            }
+            
+            chunks.push(chunk);
+        });
+        
+        request.on('end', () => {
+            resolve(Buffer.concat(chunks));
+        });
+        
+        request.on('error', (error) => {
+            reject(error);
+        });
+    });
+}
+
+/**
+ * Parse request body as JSON
+ * @param {Object} request - HTTP request object
+ * @param {number} limit - Maximum size in bytes
+ * @returns {Promise<Object>} - Parsed JSON object
+ */
+async function parseBodyJson(request, limit) {
+    const buffer = await parseBodyBuffer(request, limit);
+    const text = buffer.toString('utf8');
+    
+    try {
+        return JSON.parse(text);
+    } catch (error) {
+        throw new Error(`Invalid JSON: ${error.message}`);
+    }
+}
+
+/**
+ * Parse request body as URL-encoded
+ * @param {Object} request - HTTP request object
+ * @param {number} limit - Maximum size in bytes
+ * @returns {Promise<Object>} - Parsed URL-encoded object
+ */
+async function parseBodyUrlEncoded(request, limit) {
+    const buffer = await parseBodyBuffer(request, limit);
+    const text = buffer.toString('utf8');
+    
+    const result = {};
+    const pairs = text.split('&');
+    
+    for (const pair of pairs) {
+        const [key, value] = pair.split('=');
+        if (key) {
+            result[decodeURIComponent(key)] = decodeURIComponent(value || '');
+        }
+    }
+    
+    return result;
+}
+
+/**
+ * Parse request body as text
+ * @param {Object} request - HTTP request object
+ * @param {number} limit - Maximum size in bytes
+ * @returns {Promise<string>} - Parsed text
+ */
+async function parseBodyText(request, limit) {
+    const buffer = await parseBodyBuffer(request, limit);
+    return buffer.toString('utf8');
+}
+
+/**
+ * Create body parser middleware for AetherJS
+ * @param {Object} options - Body parser configuration
+ * @returns {Function} - Body parser middleware function
+ */
+function createBodyParserMiddleware(options = {}) {
+    // Load configuration from environment variables
+    const envConfig = {
+        jsonLimit: process.env.BODY_LIMIT_JSON,
+        urlencodedLimit: process.env.BODY_LIMIT_URLENCODED,
+        textLimit: process.env.BODY_LIMIT_TEXT,
+        rawLimit: process.env.BODY_LIMIT_RAW,
+        enableJson: process.env.BODY_ENABLE_JSON,
+        enableUrlencoded: process.env.BODY_ENABLE_URLENCODED,
+        enableText: process.env.BODY_ENABLE_TEXT,
+        enableRaw: process.env.BODY_ENABLE_RAW
+    };
+
+    // Default configuration
+    const defaults = {
+        json: {
+            enabled: envConfig.enableJson !== 'false',
+            limit: parseSize(envConfig.jsonLimit || '1mb'),
+            strict: true,
+            reviver: null
+        },
+        urlencoded: {
+            enabled: envConfig.enableUrlencoded !== 'false',
+            limit: parseSize(envConfig.urlencodedLimit || '1mb'),
+            extended: false,
+            parameterLimit: 1000
+        },
+        text: {
+            enabled: envConfig.enableText !== 'false',
+            limit: parseSize(envConfig.textLimit || '1mb'),
+            defaultCharset: 'utf-8'
+        },
+        raw: {
+            enabled: envConfig.enableRaw !== 'false',
+            limit: parseSize(envConfig.rawLimit || '10mb'),
+            type: 'application/octet-stream'
+        }
+    };
+
+    // 💡 修复：安全的嵌套字段深层合并，防止 options 传参直接覆盖 defaults 细节配置
+    const config = {
+        json: { ...defaults.json, ...options.json },
+        urlencoded: { ...defaults.urlencoded, ...options.urlencoded },
+        text: { ...defaults.text, ...options.text },
+        raw: { ...defaults.raw, ...options.raw }
+    };
+    
+    // 转换各类型的解析上限
+    if (options.json?.limit) config.json.limit = parseSize(options.json.limit);
+    if (options.urlencoded?.limit) config.urlencoded.limit = parseSize(options.urlencoded.limit);
+    if (options.text?.limit) config.text.limit = parseSize(options.text.limit);
+    if (options.raw?.limit) config.raw.limit = parseSize(options.raw.limit);
+    
+    const parsers = new Map();
+    
+    if (config.json.enabled) {
+        parsers.set('application/json', async (request) => {
+            const data = await parseBodyJson(request, config.json.limit);
+            if (config.json.reviver) {
+                return JSON.parse(JSON.stringify(data), config.json.reviver);
+            }
+            return data;
+        });
+        
+        parsers.set('application/json; charset=utf-8', parsers.get('application/json'));
+        parsers.set('application/json; charset=utf8', parsers.get('application/json'));
+    }
+    
+    if (config.urlencoded.enabled) {
+        parsers.set('application/x-www-form-urlencoded', async (request) => {
+            return await parseBodyUrlEncoded(request, config.urlencoded.limit);
+        });
+    }
+    
+    if (config.text.enabled) {
+        parsers.set('text/plain', async (request) => {
+            return await parseBodyText(request, config.text.limit);
+        });
+        
+        parsers.set('text/html', parsers.get('text/plain'));
+        parsers.set('text/xml', parsers.get('text/plain'));
+        parsers.set('text/css', parsers.get('text/plain'));
+        parsers.set('text/javascript', parsers.get('text/plain'));
+    }
+    
+    if (config.raw.enabled) {
+        parsers.set(config.raw.type, async (request) => {
+            return await parseBodyBuffer(request, config.raw.limit);
+        });
+    }
+
+    /**
+     * Body parser middleware function (Fully Aligned to (context, next) standard)
+     * @param {AetherContext} context - AetherJS execution context
+     * @param {Function} next - Continuation callback
+     */
+    return async function bodyParserMiddleware(context, next) {
+        // Skip if no body is expected
+        if (context.method === 'GET' || context.method === 'HEAD') {
+            return typeof next === 'function' ? next() : null;
+        }
+        
+        const contentType = context.getHeader('content-type') || '';
+        const contentLength = parseInt(context.getHeader('content-length')) || 0;
+        
+        // Skip if no content
+        if (contentLength === 0) {
+            return typeof next === 'function' ? next() : null;
+        }
+        
+        // Check content type
+        let parser = null;
+        for (const [type, parserFunc] of parsers) {
+            if (contentType.includes(type)) {
+                parser = parserFunc;
+                break;
+            }
+        }
+        
+        // If no parser found and raw is enabled, use raw parser
+        if (!parser && config.raw.enabled) {
+            parser = parsers.get(config.raw.type);
+        }
+        
+        if (!parser) {
+            // No suitable parser found, continue without parsing
+            return typeof next === 'function' ? next() : null;
+        }
+        
+        try {
+            // Parse body
+            const body = await parser(context._request);
+            
+            // Store parsed body in context state
+            if (contentType.includes('application/json')) {
+                context.setState('parsedBody', { json: body });
+            } else if (contentType.includes('application/x-www-form-urlencoded')) {
+                context.setState('parsedBody', { urlencoded: body });
+            } else if (contentType.includes('text/')) {
+                context.setState('parsedBody', { text: body });
+            } else {
+                context.setState('parsedBody', { raw: body });
+            }
+            
+            // Add convenience methods to context
+            context.body = body; // 触发我们在 AetherContext 加的 setter
+            context.getBody = () => body;
+            
+            return typeof next === 'function' ? next() : null;
+            
+        } catch (error) {
+            // Handle parsing errors
+            if (error.message.includes('exceeded limit')) {
+                context.setStatus(413).json({ 
+                    error: 'Payload Too Large',
+                    message: error.message 
+                });
+            } else if (error.message.includes('Invalid JSON')) {
+                context.setStatus(400).json({ 
+                    error: 'Bad Request',
+                    message: 'Invalid JSON format'
+                });
+            } else {
+                context.setStatus(400).json({ 
+                    error: 'Bad Request',
+                    message: error.message 
+                });
+            }
+        }
+    };
+}
+
+export default createBodyParserMiddleware;

package/src/middleware/compression.js

@@ -0,0 +1,248 @@
+
+/**
+ * @license MIT
+ * Copyright (c) 2026-present AetherFramework Contributors.
+ * SPDX-License-Identifier: MIT
+ * @module @aetherframework/middleware/middleware/compression.js
+ */
+
+import zlib from "zlib";
+
+/**
+ * Parse compression types from string
+ * @param {string} types - Comma-separated list of content types
+ * @returns {Array<string>} - Array of content types
+ */
+function parseCompressionTypes(types) {
+  if (!types || typeof types !== "string") {
+    return [
+      "text/plain",
+      "text/html",
+      "text/css",
+      "application/javascript",
+      "application/json",
+      "application/xml",
+      "text/xml",
+      "application/xhtml+xml",
+      "text/javascript",
+    ];
+  }
+
+  return types
+    .split(",")
+    .map((type) => type.trim())
+    .filter(Boolean);
+}
+
+/**
+ * Check if content type should be compressed
+ * @param {string} contentType - Response content type
+ * @param {Array<string>} compressibleTypes - List of compressible types
+ * @returns {boolean} - Whether to compress
+ */
+function shouldCompress(contentType, compressibleTypes) {
+  if (!contentType) return false;
+
+  for (const type of compressibleTypes) {
+    if (contentType.includes(type)) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
+/**
+ * Create compression middleware for AetherJS
+ * @param {Object} options - Compression configuration
+ * @returns {Function} - Compression middleware function
+ */
+function createCompressionMiddleware(options = {}) {
+  // Load configuration from environment variables
+  const envConfig = {
+    enabled: process.env.COMPRESSION_ENABLED,
+    threshold: process.env.COMPRESSION_THRESHOLD,
+    level: process.env.COMPRESSION_LEVEL,
+    memLevel: process.env.COMPRESSION_MEM_LEVEL,
+    strategy: process.env.COMPRESSION_STRATEGY,
+    chunkSize: process.env.COMPRESSION_CHUNK_SIZE,
+    windowBits: process.env.COMPRESSION_WINDOW_BITS,
+    gzip: process.env.COMPRESSION_GZIP,
+    deflate: process.env.COMPRESSION_DEFLATE,
+    brotli: process.env.COMPRESSION_BROTLI,
+    types: process.env.COMPRESSION_TYPES,
+  };
+
+  // Default configuration
+  const defaults = {
+    enabled: envConfig.enabled !== "false",
+    threshold: parseInt(envConfig.threshold) || 1024,
+    level: parseInt(envConfig.level) || zlib.constants.Z_DEFAULT_COMPRESSION,
+    memLevel: parseInt(envConfig.memLevel) || 8,
+    strategy: parseInt(envConfig.strategy) || zlib.constants.Z_DEFAULT_STRATEGY,
+    chunkSize: parseInt(envConfig.chunkSize) || 16 * 1024,
+    windowBits: parseInt(envConfig.windowBits) || 15,
+    gzip: envConfig.gzip !== "false",
+    deflate: envConfig.deflate === "true",
+    brotli:
+      envConfig.brotli === "true" &&
+      typeof zlib.createBrotliCompress === "function",
+    types: parseCompressionTypes(envConfig.types),
+    filter: (contentType) =>
+      shouldCompress(contentType, parseCompressionTypes(envConfig.types)),
+  };
+
+  // Merge with provided options
+  const config = { ...defaults, ...options };
+
+  // Create compression options
+  const gzipOptions = {
+    level: config.level,
+    memLevel: config.memLevel,
+    strategy: config.strategy,
+    chunkSize: config.chunkSize,
+    windowBits: config.windowBits,
+  };
+
+  const deflateOptions = { ...gzipOptions };
+  const brotliOptions = {
+    params: {
+      [zlib.constants.BROTLI_PARAM_QUALITY]: config.level,
+      [zlib.constants.BROTLI_PARAM_MODE]: zlib.constants.BROTLI_MODE_TEXT,
+      [zlib.constants.BROTLI_PARAM_SIZE_HINT]: config.chunkSize,
+    },
+  };
+
+  /**
+   * Compress data using specified algorithm
+   * @param {Buffer} data - Data to compress
+   * @param {string} encoding - Compression algorithm
+   * @returns {Promise<Buffer>} - Compressed data
+   */
+  async function compressData(data, encoding) {
+    return new Promise((resolve, reject) => {
+      let compressor;
+
+      switch (encoding) {
+        case "gzip":
+          compressor = zlib.createGzip(gzipOptions);
+          break;
+        case "deflate":
+          compressor = zlib.createDeflate(deflateOptions);
+          break;
+        case "br":
+          if (!config.brotli) {
+            reject(new Error("Brotli compression not supported"));
+            return;
+          }
+          compressor = zlib.createBrotliCompress(brotliOptions);
+          break;
+        default:
+          reject(new Error(`Unsupported compression: ${encoding}`));
+          return;
+      }
+
+      const chunks = [];
+      compressor.on("data", (chunk) => chunks.push(chunk));
+      compressor.on("end", () => resolve(Buffer.concat(chunks)));
+      compressor.on("error", reject);
+
+      compressor.write(data);
+      compressor.end();
+    });
+  }
+
+  /**
+   * Compression middleware function
+   * @param {AetherContext} context - AetherJS execution context
+   * @param {Object} signal - Signal object or next function for flow control
+   */
+  return async function compressionMiddleware(context, signal) {
+    // Safe invoker for compatible pipeline flow control
+    const invokeNext = async () => {
+      if (signal && typeof signal.next === "function") {
+        await signal.next();
+      } else if (typeof signal === "function") {
+        await signal();
+      }
+    };
+
+    if (!config.enabled) {
+      return await invokeNext();
+    }
+
+    // Store original finalize method
+    const originalize = context._finalize;
+
+    // Override finalize to add compression
+    context._finalize = async function () {
+      if (this._terminated) return;
+
+      const body = this._body;
+
+      // Safe fallback logic for grabbing the outbound content type
+      let contentType = "";
+      if (typeof this.getHeader === "function") {
+        contentType = this.getHeader("content-type") || "";
+      } else if (this._headers && typeof this._headers.get === "function") {
+        contentType = this._headers.get("content-type") || "";
+      }
+
+      // Check if compression should be applied
+      if (
+        !body ||
+        (!Buffer.isBuffer(body) && typeof body !== "string") ||
+        Buffer.byteLength(body) < config.threshold ||
+        !config.filter(contentType)
+      ) {
+        return originalize.call(this);
+      }
+
+      // Get accepted encodings
+      const acceptEncoding =
+        (typeof this.getHeader === "function"
+          ? this.getHeader("accept-encoding")
+          : "") || "";
+      let encoding = null;
+
+      // Determine best compression algorithm
+      if (config.gzip && acceptEncoding.includes("gzip")) {
+        encoding = "gzip";
+      } else if (config.deflate && acceptEncoding.includes("deflate")) {
+        encoding = "deflate";
+      } else if (config.brotli && acceptEncoding.includes("br")) {
+        encoding = "br";
+      }
+
+      if (!encoding) {
+        return originalize.call(this);
+      }
+
+      try {
+        // Convert body to buffer if needed
+        const bodyBuffer = Buffer.isBuffer(body) ? body : Buffer.from(body);
+
+        // Compress data
+        const compressed = await compressData(bodyBuffer, encoding);
+
+        // Update response
+        this._body = compressed;
+        if (typeof this.setHeader === "function") {
+          this.setHeader("content-encoding", encoding);
+          this.setHeader("vary", "Accept-Encoding");
+        }
+
+        // Call original finalize
+        return originalize.call(this);
+      } catch (error) {
+        // Compression failed, use original body
+        console.error("Compression error:", error);
+        return originalize.call(this);
+      }
+    };
+
+    await invokeNext();
+  };
+}
+
+export default createCompressionMiddleware;

package/src/middleware/cors.js

@@ -0,0 +1,162 @@
+
+/**
+ * @license MIT
+ * Copyright (c) 2026-present AetherFramework Contributors.
+ * SPDX-License-Identifier: MIT
+ * @module @aetherframework/middleware/middleware/cors.js
+ */
+
+function parseOrigin(origin) {
+  if (origin === "*") {
+    return (requestOrigin) => "*";
+  }
+
+  if (typeof origin === "string") {
+    const origins = origin
+      .split(",")
+      .map((o) => o.trim())
+      .filter(Boolean);
+    if (origins.length === 1) {
+      const singleOrigin = origins[0];
+      return (requestOrigin) => {
+        if (singleOrigin === "*") return "*";
+        return requestOrigin === singleOrigin ? requestOrigin : null;
+      };
+    }
+    return (requestOrigin) =>
+      origins.includes(requestOrigin) ? requestOrigin : null;
+  }
+
+  if (Array.isArray(origin)) {
+    return (requestOrigin) =>
+      origin.includes(requestOrigin) ? requestOrigin : null;
+  }
+
+  if (typeof origin === "function") {
+    return origin;
+  }
+
+  return () => null;
+}
+
+function createCorsMiddleware(options = {}) {
+  const envConfig = {
+    enabled: process.env.CORS_ENABLED,
+    origin: process.env.CORS_ORIGIN,
+    methods: process.env.CORS_METHODS,
+    allowedHeaders: process.env.CORS_ALLOWED_HEADERS,
+    credentials: process.env.CORS_CREDENTIALS,
+    maxAge: process.env.CORS_MAX_AGE,
+    preflightContinue: process.env.CORS_PREFLIGHT_CONTINUE,
+    optionsSuccessStatus: process.env.CORS_OPTIONS_STATUS,
+  };
+
+  const defaults = {
+    enabled: envConfig.enabled !== "false",
+    origin: envConfig.origin || "*",
+    methods: envConfig.methods
+      ? envConfig.methods.split(",").map((m) => m.trim())
+      : ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"],
+    allowedHeaders: envConfig.allowedHeaders
+      ? envConfig.allowedHeaders.split(",").map((h) => h.trim())
+      : ["Content-Type", "Authorization"],
+    exposedHeaders: [],
+    credentials: envConfig.credentials === "true",
+    maxAge: envConfig.maxAge ? parseInt(envConfig.maxAge) : 86400,
+    preflightContinue: envConfig.preflightContinue === "true",
+    optionsSuccessStatus: envConfig.optionsSuccessStatus
+      ? parseInt(envConfig.optionsSuccessStatus)
+      : 204,
+  };
+
+  const config = { ...defaults, ...options };
+  const originValidator = parseOrigin(config.origin);
+  const staticHeaders = new Map();
+
+  if (config.methods && config.methods.length > 0) {
+    staticHeaders.set(
+      "access-control-allow-methods",
+      config.methods.join(", "),
+    );
+  }
+  if (config.allowedHeaders && config.allowedHeaders.length > 0) {
+    staticHeaders.set(
+      "access-control-allow-headers",
+      config.allowedHeaders.join(", "),
+    );
+  }
+  if (config.maxAge && config.maxAge > 0) {
+    staticHeaders.set("access-control-max-age", config.maxAge.toString());
+  }
+  if (config.exposedHeaders && config.exposedHeaders.length > 0) {
+    staticHeaders.set(
+      "access-control-expose-headers",
+      config.exposedHeaders.join(", "),
+    );
+  }
+
+  return async function corsMiddleware(context, signal) {
+    if (!config.enabled) {
+      return signal && signal.next
+        ? await signal.next()
+        : typeof signal === "function"
+          ? await signal()
+          : void 0;
+    }
+
+    const requestOrigin = context.getHeader("origin") || "";
+    let allowOrigin = originValidator(requestOrigin);
+
+    // 💡 Critical Fix: According to W3C specs, if credentials are enabled and origin is '*',
+    // we must dynamically mirror the incoming request origin instead of returning a literal '*'.
+    if (config.credentials && allowOrigin === "*") {
+      allowOrigin = requestOrigin || "*";
+    }
+
+    if (allowOrigin && allowOrigin !== null) {
+      context.setHeader("access-control-allow-origin", allowOrigin);
+
+      for (const [header, value] of staticHeaders) {
+        context.setHeader(header, value);
+      }
+
+      if (config.credentials) {
+        context.setHeader("access-control-allow-credentials", "true");
+      }
+
+      if (allowOrigin !== "*") {
+        const varyHeader = context.getHeader("vary");
+        const varyValues = varyHeader
+          ? varyHeader.split(",").map((v) => v.trim())
+          : [];
+        if (!varyValues.includes("Origin")) {
+          varyValues.push("Origin");
+          context.setHeader("vary", varyValues.join(", "));
+        }
+      }
+    }
+
+    // Handle CORS Preflight OPTIONS requests
+    if (context.method === "OPTIONS") {
+      if (!config.preflightContinue) {
+        context.setStatus(config.optionsSuccessStatus);
+        context.setHeader("content-length", "0");
+        if (typeof context.json === "function") {
+          context.json("");
+        } else {
+          context.raw("");
+        }
+        return; // Short-circuit the request pipeline instantly, bypassing signal.next()
+      }
+    }
+
+    // Backward compatibility: Supports either signal.next() or traditional functional next() dispatching
+    if (signal && typeof signal.next === "function") {
+      await signal.next();
+    } else if (typeof signal === "function") {
+      await signal();
+    }
+  };
+}
+
+export default createCorsMiddleware;