@dangao/bun-server 1.0.0 → 1.0.3

package/src/router/route.ts

@@ -0,0 +1,140 @@
+import type { Context } from '../core/context';
+import type { HttpMethod, RouteHandler, RouteMatch } from './types';
+import { MiddlewarePipeline } from '../middleware/pipeline';
+import type { Middleware } from '../middleware';
+
+/**
+ * 路由类
+ * 表示一个路由定义
+ */
+export class Route {
+  /**
+   * HTTP 方法
+   */
+  public readonly method: HttpMethod;
+
+  /**
+   * 路由路径（支持参数，如 /users/:id）
+   */
+  public readonly path: string;
+
+  /**
+   * 路由处理器
+   */
+  public readonly handler: RouteHandler;
+
+  /**
+   * 控制器类（可选，用于控制器路由）
+   */
+  public readonly controllerClass?: new (...args: unknown[]) => unknown;
+
+  /**
+   * 方法名（可选，用于控制器路由）
+   */
+  public readonly methodName?: string;
+
+  /**
+   * 路径模式（用于匹配）
+   */
+  private readonly pattern: RegExp;
+
+  /**
+   * 路径参数名列表
+   */
+  private readonly paramNames: string[];
+
+  private readonly middlewarePipeline: MiddlewarePipeline | null;
+  private readonly staticKey?: string;
+  public readonly isStatic: boolean;
+
+  public constructor(
+    method: HttpMethod,
+    path: string,
+    handler: RouteHandler,
+    middlewares: Middleware[] = [],
+    controllerClass?: new (...args: unknown[]) => unknown,
+    methodName?: string,
+  ) {
+    this.method = method;
+    this.path = path;
+    this.handler = handler;
+    this.controllerClass = controllerClass;
+    this.methodName = methodName;
+
+    // 解析路径参数
+    const { pattern, paramNames } = this.parsePath(path);
+    this.pattern = pattern;
+    this.paramNames = paramNames;
+    this.middlewarePipeline = middlewares.length > 0 ? new MiddlewarePipeline(middlewares) : null;
+    this.isStatic = !path.includes(':') && !path.includes('*');
+    if (this.isStatic) {
+      this.staticKey = `${method}:${path}`;
+    }
+  }
+
+  /**
+   * 解析路径，生成匹配模式和参数名列表
+   * @param path - 路由路径
+   * @returns 匹配模式和参数名列表
+   */
+  private parsePath(path: string): { pattern: RegExp; paramNames: string[] } {
+    const paramNames: string[] = [];
+    const patternString = path
+      .replace(/:([^/]+)/g, (_, paramName) => {
+        paramNames.push(paramName);
+        return '([^/]+)';
+      })
+      .replace(/\*/g, '.*');
+
+    const pattern = new RegExp(`^${patternString}$`);
+    return { pattern, paramNames };
+  }
+
+  /**
+   * 匹配路由
+   * @param method - HTTP 方法
+   * @param path - 请求路径
+   * @returns 匹配结果
+   */
+  public match(method: HttpMethod, path: string): RouteMatch {
+    // 方法不匹配
+    if (this.method !== method) {
+      return { matched: false, params: {} };
+    }
+
+    // 路径不匹配
+    const match = path.match(this.pattern);
+    if (!match) {
+      return { matched: false, params: {} };
+    }
+
+    // 提取路径参数
+    const params: Record<string, string> = {};
+    for (let i = 0; i < this.paramNames.length; i++) {
+      params[this.paramNames[i]] = match[i + 1] ?? '';
+    }
+
+    return { matched: true, params };
+  }
+
+  /**
+   * 执行路由处理器
+   * @param context - 请求上下文
+   * @returns 响应对象
+   */
+  public async execute(context: Context): Promise<Response> {
+    if (!this.middlewarePipeline || !this.middlewarePipeline.hasMiddlewares()) {
+      return await this.handler(context);
+    }
+
+    return await this.middlewarePipeline.run(context, async () => this.handler(context));
+  }
+
+  /**
+   * 获取静态路由缓存 key
+   */
+  public getStaticKey(): string | undefined {
+    return this.staticKey;
+  }
+}
+

package/src/router/router.ts

@@ -0,0 +1,241 @@
+import type { Context } from '../core/context';
+import { Route } from './route';
+import type { HttpMethod, RouteHandler, RouteMatch } from './types';
+import type { Middleware } from '../middleware';
+
+/**
+ * 路由器类
+ * 管理所有路由，提供路由注册和匹配功能
+ */
+export class Router {
+  /**
+   * 路由列表
+   */
+  private readonly routes: Route[] = [];
+  private readonly staticRoutes = new Map<string, Route>();
+  private readonly dynamicRoutes: Route[] = [];
+  
+  /**
+   * 路由匹配结果缓存（method:path -> { route, match }）
+   * 用于避免重复匹配，提升性能
+   */
+  private readonly matchCache = new Map<string, { route: Route; match: RouteMatch }>();
+
+  /**
+   * 规范化路径（移除尾部斜杠，除非是根路径）
+   */
+  private normalizePath(path: string): string {
+    if (path.length > 1 && path.endsWith('/')) {
+      return path.slice(0, -1);
+    }
+    return path;
+  }
+
+  /**
+   * 注册路由
+   * @param method - HTTP 方法
+   * @param path - 路由路径
+   * @param handler - 路由处理器
+   * @param middlewares - 中间件列表
+   * @param controllerClass - 控制器类（可选）
+   * @param methodName - 方法名（可选）
+   */
+  public register(
+    method: HttpMethod,
+    path: string,
+    handler: RouteHandler,
+    middlewares: Middleware[] = [],
+    controllerClass?: new (...args: unknown[]) => unknown,
+    methodName?: string,
+  ): void {
+    // 规范化路径
+    const normalizedPath = this.normalizePath(path);
+    const route = new Route(method, normalizedPath, handler, middlewares, controllerClass, methodName);
+    this.routes.push(route);
+    const staticKey = route.getStaticKey();
+    if (staticKey) {
+      this.staticRoutes.set(staticKey, route);
+    } else {
+      this.dynamicRoutes.push(route);
+    }
+    
+    // 清除匹配缓存，因为路由已更新
+    this.matchCache.clear();
+  }
+
+  /**
+   * 注册 GET 路由
+   * @param path - 路由路径
+   * @param handler - 路由处理器
+   */
+  public get(path: string, handler: RouteHandler, middlewares: Middleware[] = []): void {
+    this.register('GET', path, handler, middlewares);
+  }
+
+  /**
+   * 注册 POST 路由
+   * @param path - 路由路径
+   * @param handler - 路由处理器
+   */
+  public post(path: string, handler: RouteHandler, middlewares: Middleware[] = []): void {
+    this.register('POST', path, handler, middlewares);
+  }
+
+  /**
+   * 注册 PUT 路由
+   * @param path - 路由路径
+   * @param handler - 路由处理器
+   */
+  public put(path: string, handler: RouteHandler, middlewares: Middleware[] = []): void {
+    this.register('PUT', path, handler, middlewares);
+  }
+
+  /**
+   * 注册 DELETE 路由
+   * @param path - 路由路径
+   * @param handler - 路由处理器
+   */
+  public delete(path: string, handler: RouteHandler, middlewares: Middleware[] = []): void {
+    this.register('DELETE', path, handler, middlewares);
+  }
+
+  /**
+   * 注册 PATCH 路由
+   * @param path - 路由路径
+   * @param handler - 路由处理器
+   */
+  public patch(path: string, handler: RouteHandler, middlewares: Middleware[] = []): void {
+    this.register('PATCH', path, handler, middlewares);
+  }
+
+  /**
+   * 查找匹配的路由
+   * @param method - HTTP 方法
+   * @param path - 请求路径
+   * @returns 匹配的路由，如果没有找到则返回 undefined
+   */
+  public findRoute(method: HttpMethod, path: string): Route | undefined {
+    const result = this.findRouteWithMatch(method, path);
+    return result?.route;
+  }
+
+  /**
+   * 查找匹配的路由并返回匹配结果（包含参数）
+   * @param method - HTTP 方法
+   * @param path - 请求路径
+   * @returns 匹配结果，包含路由和参数，如果没有找到则返回 undefined
+   */
+  public findRouteWithMatch(method: HttpMethod, path: string): { route: Route; match: RouteMatch } | undefined {
+    // 规范化路径，确保与注册时的路径格式一致
+    const normalizedPath = this.normalizePath(path);
+    const cacheKey = `${method}:${normalizedPath}`;
+    
+    // 检查缓存（只缓存匹配成功的结果）
+    const cached = this.matchCache.get(cacheKey);
+    if (cached && cached.match.matched) {
+      return cached;
+    }
+
+    // 先检查静态路由
+    const staticRoute = this.staticRoutes.get(cacheKey);
+    if (staticRoute) {
+      const match = { matched: true, params: {} };
+      const result = { route: staticRoute, match };
+      this.matchCache.set(cacheKey, result);
+      return result;
+    }
+
+    // 遍历动态路由（使用规范化后的路径进行匹配）
+    for (const route of this.dynamicRoutes) {
+      const match = route.match(method, normalizedPath);
+      if (match.matched) {
+        const result = { route, match };
+        // 缓存匹配结果
+        this.matchCache.set(cacheKey, result);
+        return result;
+      }
+    }
+    
+    // 不缓存未匹配结果，因为路由可能会动态添加
+    return undefined;
+  }
+
+  /**
+   * 预处理请求：仅匹配路由并设置路径参数 / routeHandler，但不执行处理器
+   * 供安全过滤器等中间件在真正执行前基于路由元数据做鉴权
+   */
+  public async preHandle(context: Context): Promise<void> {
+    const method = context.method as HttpMethod;
+    const path = this.normalizePath(context.path);
+
+    // 使用 findRouteWithMatch 避免重复匹配
+    const result = this.findRouteWithMatch(method, path);
+    if (!result) {
+      return;
+    }
+
+    const { route, match } = result;
+    if (match.matched) {
+      context.params = match.params;
+    }
+
+    if (route.controllerClass && route.methodName) {
+      (context as any).routeHandler = {
+        controller: route.controllerClass,
+        method: route.methodName,
+      };
+    }
+  }
+
+  /**
+   * 处理请求（包含路由匹配 + 执行）
+   * @param context - 请求上下文
+   * @returns 响应对象，如果没有匹配的路由则返回 undefined
+   */
+  public async handle(context: Context): Promise<Response | undefined> {
+    const method = context.method as HttpMethod;
+    const path = this.normalizePath(context.path);
+
+    // 使用 findRouteWithMatch 获取路由和匹配结果
+    const result = this.findRouteWithMatch(method, path);
+    if (!result) {
+      return undefined;
+    }
+
+    const { route, match } = result;
+    
+    // 设置路径参数
+    if (match.matched) {
+      context.params = match.params;
+    }
+
+    // 设置 routeHandler
+    if (route.controllerClass && route.methodName) {
+      (context as any).routeHandler = {
+        controller: route.controllerClass,
+        method: route.methodName,
+      };
+    }
+
+    return await route.execute(context);
+  }
+
+  /**
+   * 获取所有路由
+   * @returns 路由列表
+   */
+  public getRoutes(): readonly Route[] {
+    return this.routes;
+  }
+
+  /**
+   * 清除所有已注册路由（主要用于测试环境）
+   */
+  public clear(): void {
+    this.routes.length = 0;
+    this.dynamicRoutes.length = 0;
+    this.staticRoutes.clear();
+    this.matchCache.clear();
+  }
+}
+

package/src/router/types.ts

@@ -0,0 +1,27 @@
+import type { Context } from '../core/context';
+
+/**
+ * HTTP 方法类型
+ */
+export type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH' | 'HEAD' | 'OPTIONS';
+
+/**
+ * 路由处理器函数
+ */
+export type RouteHandler = (context: Context) => Response | Promise<Response>;
+
+/**
+ * 路由匹配结果
+ */
+export interface RouteMatch {
+  /**
+   * 是否匹配
+   */
+  matched: boolean;
+
+  /**
+   * 路径参数
+   */
+  params: Record<string, string>;
+}
+

package/src/security/access-decision-manager.ts

@@ -0,0 +1,34 @@
+import type { Authentication, AccessDecisionManager } from './types';
+
+/**
+ * 基于角色的访问决策器
+ */
+export class RoleBasedAccessDecisionManager implements AccessDecisionManager {
+  /**
+   * 决定是否授权
+   * @param authentication - 认证信息
+   * @param requiredAuthorities - 需要的权限（角色）
+   * @returns 是否授权
+   */
+  public decide(
+    authentication: Authentication,
+    requiredAuthorities: string[],
+  ): boolean {
+    // 如果没有要求权限，则允许访问
+    if (requiredAuthorities.length === 0) {
+      return true;
+    }
+
+    // 如果未认证，拒绝访问
+    if (!authentication.authenticated) {
+      return false;
+    }
+
+    // 检查是否有足够的权限
+    const userAuthorities = authentication.authorities || [];
+    return requiredAuthorities.some((required) =>
+      userAuthorities.includes(required),
+    );
+  }
+}
+

package/src/security/authentication-manager.ts

@@ -0,0 +1,47 @@
+import type {
+  Authentication,
+  AuthenticationProvider,
+  AuthenticationRequest,
+} from './types';
+
+/**
+ * 认证管理器
+ */
+export class AuthenticationManager {
+  private readonly providers: AuthenticationProvider[] = [];
+
+  /**
+   * 注册认证提供者
+   */
+  public registerProvider(provider: AuthenticationProvider): void {
+    this.providers.push(provider);
+  }
+
+  /**
+   * 认证
+   * @param request - 认证请求
+   * @returns 认证信息
+   */
+  public async authenticate(
+    request: AuthenticationRequest,
+  ): Promise<Authentication | null> {
+    const type = request.type || 'default';
+
+    // 查找支持的提供者
+    const provider = this.providers.find((p) => p.supports(type));
+
+    if (!provider) {
+      throw new Error(`No authentication provider found for type: ${type}`);
+    }
+
+    return await provider.authenticate(request);
+  }
+
+  /**
+   * 获取所有提供者
+   */
+  public getProviders(): AuthenticationProvider[] {
+    return [...this.providers];
+  }
+}
+

package/src/security/context.ts

@@ -0,0 +1,92 @@
+import { AsyncLocalStorage } from 'async_hooks';
+
+import type { Authentication, Principal, SecurityContext } from './types';
+
+/**
+ * 安全上下文实现
+ */
+export class SecurityContextImpl implements SecurityContext {
+  private _authentication: Authentication | null = null;
+
+  /**
+   * 当前认证信息
+   */
+  public get authentication(): Authentication | null {
+    return this._authentication;
+  }
+
+  /**
+   * 设置认证信息
+   */
+  public setAuthentication(authentication: Authentication | null): void {
+    this._authentication = authentication;
+  }
+
+  /**
+   * 是否已认证
+   */
+  public isAuthenticated(): boolean {
+    return this._authentication?.authenticated ?? false;
+  }
+
+  /**
+   * 获取主体
+   */
+  public getPrincipal(): Principal | null {
+    return this._authentication?.principal ?? null;
+  }
+
+  /**
+   * 获取权限
+   */
+  public getAuthorities(): string[] {
+    return this._authentication?.authorities ?? [];
+  }
+
+  /**
+   * 清除认证信息
+   */
+  public clear(): void {
+    this._authentication = null;
+  }
+}
+
+/**
+ * 安全上下文持有者（ThreadLocal 模式）
+ */
+export class SecurityContextHolder {
+  private static readonly storage = new AsyncLocalStorage<SecurityContextImpl>();
+
+  /**
+   * 获取当前上下文
+   */
+  public static getContext(): SecurityContextImpl {
+    let context = this.storage.getStore();
+    if (!context) {
+      context = new SecurityContextImpl();
+      this.storage.enterWith(context);
+    }
+    return context;
+  }
+
+  /**
+   * 在给定回调中运行，绑定独立的安全上下文（每个请求一个）
+   * @param callback - 要在安全上下文中执行的回调
+   */
+  public static runWithContext<T>(callback: () => T): T {
+    // 总是创建新的上下文，确保每个请求都有独立的上下文
+    const context = new SecurityContextImpl();
+    return this.storage.run(context, callback);
+  }
+
+  /**
+   * 清除当前上下文中的认证信息
+   */
+  public static clearContext(): void {
+    const context = this.storage.getStore();
+    if (context) {
+      context.clear();
+    }
+  }
+}
+