@dangao/bun-server 1.8.0 → 1.8.1

package/tests/middleware/builtin/middleware-builtin-extended.test.ts

@@ -0,0 +1,237 @@
+import { describe, expect, test, beforeEach } from 'bun:test';
+import 'reflect-metadata';
+
+import { createCorsMiddleware } from '../../../src/middleware/builtin/cors';
+import { createLoggerMiddleware } from '../../../src/middleware/builtin/logger';
+import { createStaticFileMiddleware } from '../../../src/middleware/builtin/static-file';
+import { createFileUploadMiddleware } from '../../../src/middleware/builtin/file-upload';
+import { Context } from '../../../src/core/context';
+import { Container } from '../../../src/di/container';
+
+describe('CORS Middleware', () => {
+  test('should add CORS headers to context', async () => {
+    const middleware = createCorsMiddleware({
+      origin: '*',
+      methods: ['GET', 'POST'],
+      allowedHeaders: ['Content-Type'],
+    });
+
+    const request = new Request('http://localhost/api/data', {
+      headers: { Origin: 'http://example.com' },
+    });
+    const context = new Context(request, new Container());
+
+    await middleware(context, async () => new Response('ok'));
+
+    // CORS middleware sets headers on context.responseHeaders
+    expect(context.responseHeaders.get('Access-Control-Allow-Origin')).toBe('*');
+  });
+
+  test('should handle preflight OPTIONS request', async () => {
+    const middleware = createCorsMiddleware({
+      origin: 'http://example.com',
+      methods: ['GET', 'POST', 'PUT'],
+    });
+
+    const request = new Request('http://localhost/api/data', {
+      method: 'OPTIONS',
+      headers: { Origin: 'http://example.com' },
+    });
+    const context = new Context(request, new Container());
+
+    const response = await middleware(context, async () => new Response('should not reach'));
+
+    expect(response.status).toBe(204);
+  });
+
+  test('should use array of origins', async () => {
+    const middleware = createCorsMiddleware({
+      origin: ['http://allowed.com', 'http://example.com'],
+    });
+
+    const request = new Request('http://localhost/api/data', {
+      headers: { Origin: 'http://allowed.com' },
+    });
+    const context = new Context(request, new Container());
+
+    await middleware(context, async () => new Response('ok'));
+
+    expect(context.responseHeaders.get('Access-Control-Allow-Origin')).toBe('http://allowed.com');
+  });
+
+  test('should set credentials header when enabled', async () => {
+    const middleware = createCorsMiddleware({
+      origin: '*',
+      credentials: true,
+    });
+
+    const request = new Request('http://localhost/api/data', {
+      headers: { Origin: 'http://example.com' },
+    });
+    const context = new Context(request, new Container());
+
+    await middleware(context, async () => new Response('ok'));
+
+    expect(context.responseHeaders.get('Access-Control-Allow-Credentials')).toBe('true');
+  });
+
+  test('should set exposed headers', async () => {
+    const middleware = createCorsMiddleware({
+      origin: '*',
+      exposedHeaders: ['X-Custom-Header'],
+    });
+
+    const request = new Request('http://localhost/api/data');
+    const context = new Context(request, new Container());
+
+    await middleware(context, async () => new Response('ok'));
+
+    expect(context.responseHeaders.get('Access-Control-Expose-Headers')).toBe('X-Custom-Header');
+  });
+});
+
+describe('Logger Middleware', () => {
+  test('should log request information', async () => {
+    const logs: string[] = [];
+    const middleware = createLoggerMiddleware({
+      logger: (msg) => logs.push(msg),
+    });
+
+    const request = new Request('http://localhost/api/data');
+    const context = new Context(request, new Container());
+
+    await middleware(context, async () => new Response('ok'));
+
+    expect(logs.length).toBeGreaterThan(0);
+    expect(logs.some((log) => log.includes('/api/data'))).toBe(true);
+  });
+
+  test('should log status code', async () => {
+    const logs: string[] = [];
+    const middleware = createLoggerMiddleware({
+      logger: (msg) => logs.push(msg),
+    });
+
+    const request = new Request('http://localhost/api/test');
+    const context = new Context(request, new Container());
+
+    await middleware(context, async () => new Response('ok', { status: 200 }));
+
+    expect(logs.some((log) => log.includes('200'))).toBe(true);
+  });
+
+  test('should use custom prefix', async () => {
+    const logs: string[] = [];
+    const middleware = createLoggerMiddleware({
+      prefix: '[MyApp]',
+      logger: (msg) => logs.push(msg),
+    });
+
+    const request = new Request('http://localhost/test');
+    const context = new Context(request, new Container());
+
+    await middleware(context, async () => new Response('ok'));
+
+    expect(logs.some((log) => log.includes('[MyApp]'))).toBe(true);
+  });
+});
+
+describe('Static File Middleware', () => {
+  test('should return 404 for non-existent file', async () => {
+    const middleware = createStaticFileMiddleware({
+      root: '/tmp/nonexistent-dir',
+    });
+
+    const request = new Request('http://localhost/file.txt');
+    const context = new Context(request, new Container());
+
+    const response = await middleware(context, async () => new Response('not found', { status: 404 }));
+
+    // Should pass to next middleware if file not found
+    expect(response.status).toBe(404);
+  });
+
+  test('should use custom prefix', async () => {
+    const middleware = createStaticFileMiddleware({
+      root: '/tmp',
+      prefix: '/static',
+    });
+
+    const request = new Request('http://localhost/static/file.txt');
+    const context = new Context(request, new Container());
+
+    // Should attempt to serve from /tmp/file.txt
+    const response = await middleware(context, async () => new Response('fallback'));
+
+    expect(response).toBeDefined();
+  });
+
+  test('should skip non-GET requests', async () => {
+    const middleware = createStaticFileMiddleware({
+      root: '/tmp',
+    });
+
+    const request = new Request('http://localhost/file.txt', { method: 'POST' });
+    const context = new Context(request, new Container());
+
+    let nextCalled = false;
+    await middleware(context, async () => {
+      nextCalled = true;
+      return new Response('ok');
+    });
+
+    expect(nextCalled).toBe(true);
+  });
+});
+
+describe('File Upload Middleware', () => {
+  test('should skip non-POST/PUT requests', async () => {
+    const middleware = createFileUploadMiddleware();
+
+    const request = new Request('http://localhost/upload', { method: 'GET' });
+    const context = new Context(request, new Container());
+
+    let nextCalled = false;
+    await middleware(context, async () => {
+      nextCalled = true;
+      return new Response('ok');
+    });
+
+    expect(nextCalled).toBe(true);
+  });
+
+  test('should skip requests without multipart content type', async () => {
+    const middleware = createFileUploadMiddleware();
+
+    const request = new Request('http://localhost/upload', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ data: 'test' }),
+    });
+    const context = new Context(request, new Container());
+
+    let nextCalled = false;
+    await middleware(context, async () => {
+      nextCalled = true;
+      return new Response('ok');
+    });
+
+    expect(nextCalled).toBe(true);
+  });
+
+  test('should use custom max file size', () => {
+    const middleware = createFileUploadMiddleware({
+      maxFileSize: 1024 * 1024 * 10, // 10MB
+    });
+
+    expect(middleware).toBeDefined();
+  });
+
+  test('should use custom upload directory', () => {
+    const middleware = createFileUploadMiddleware({
+      uploadDir: '/tmp/uploads',
+    });
+
+    expect(middleware).toBeDefined();
+  });
+});

package/tests/middleware/builtin/rate-limit.test.ts

@@ -0,0 +1,257 @@
+import { describe, expect, test, beforeEach } from 'bun:test';
+import 'reflect-metadata';
+
+import {
+  MemoryRateLimitStore,
+  createRateLimitMiddleware,
+  type RateLimitOptions,
+} from '../../../src/middleware/builtin/rate-limit';
+import { Context } from '../../../src/core/context';
+import { Container } from '../../../src/di/container';
+
+describe('MemoryRateLimitStore', () => {
+  let store: MemoryRateLimitStore;
+
+  beforeEach(() => {
+    store = new MemoryRateLimitStore();
+  });
+
+  describe('get', () => {
+    test('should return 0 for non-existent key', async () => {
+      const count = await store.get('non-existent');
+      expect(count).toBe(0);
+    });
+
+    test('should return current count', async () => {
+      await store.increment('key1', 60000);
+      await store.increment('key1', 60000);
+      const count = await store.get('key1');
+      expect(count).toBe(2);
+    });
+
+    test('should return 0 for expired key', async () => {
+      await store.increment('key2', 50); // 50ms window
+      await new Promise((resolve) => setTimeout(resolve, 100));
+      const count = await store.get('key2');
+      expect(count).toBe(0);
+    });
+  });
+
+  describe('increment', () => {
+    test('should start at 1 for new key', async () => {
+      const count = await store.increment('new-key', 60000);
+      expect(count).toBe(1);
+    });
+
+    test('should increment existing key', async () => {
+      await store.increment('incr-key', 60000);
+      await store.increment('incr-key', 60000);
+      const count = await store.increment('incr-key', 60000);
+      expect(count).toBe(3);
+    });
+
+    test('should reset count after window expires', async () => {
+      await store.increment('expire-key', 50);
+      await store.increment('expire-key', 50);
+      expect(await store.get('expire-key')).toBe(2);
+      
+      await new Promise((resolve) => setTimeout(resolve, 100));
+      
+      const count = await store.increment('expire-key', 50);
+      expect(count).toBe(1); // Should reset
+    });
+  });
+
+  describe('reset', () => {
+    test('should reset count to 0', async () => {
+      await store.increment('reset-key', 60000);
+      await store.increment('reset-key', 60000);
+      await store.reset('reset-key');
+      const count = await store.get('reset-key');
+      expect(count).toBe(0);
+    });
+  });
+
+  describe('cleanup', () => {
+    test('should remove expired entries', async () => {
+      await store.increment('cleanup1', 50);
+      await store.increment('cleanup2', 60000);
+      
+      await new Promise((resolve) => setTimeout(resolve, 100));
+      
+      store.cleanup();
+      
+      expect(await store.get('cleanup1')).toBe(0); // expired
+      expect(await store.get('cleanup2')).toBe(1); // still valid
+    });
+  });
+});
+
+describe('createRateLimitMiddleware', () => {
+  let container: Container;
+
+  beforeEach(() => {
+    container = new Container();
+  });
+
+  test('should allow requests within limit', async () => {
+    const middleware = createRateLimitMiddleware({
+      max: 5,
+      windowMs: 60000,
+    });
+
+    const request = new Request('http://localhost/test');
+    const context = new Context(request, container);
+
+    let passed = false;
+    const next = async (): Promise<Response> => {
+      passed = true;
+      return new Response('OK');
+    };
+
+    await middleware(context, next);
+    expect(passed).toBe(true);
+  });
+
+  test('should block requests exceeding limit', async () => {
+    const store = new MemoryRateLimitStore();
+    const middleware = createRateLimitMiddleware({
+      max: 2,
+      windowMs: 60000,
+      store,
+    });
+
+    const request = new Request('http://localhost/test');
+    
+    // First request
+    const context1 = new Context(request, container);
+    await middleware(context1, async () => new Response('OK'));
+
+    // Second request
+    const context2 = new Context(request, container);
+    await middleware(context2, async () => new Response('OK'));
+
+    // Third request should be blocked
+    const context3 = new Context(request, container);
+    let blocked = false;
+    const response = await middleware(context3, async () => {
+      blocked = true;
+      return new Response('OK');
+    });
+
+    expect(blocked).toBe(false);
+    expect(response?.status).toBe(429);
+  });
+
+  test('should use custom key generator', async () => {
+    const keys: string[] = [];
+    const middleware = createRateLimitMiddleware({
+      max: 10,
+      windowMs: 60000,
+      keyGenerator: (ctx: Context) => {
+        const key = ctx.request.headers.get('X-API-Key') ?? 'anonymous';
+        keys.push(key);
+        return key;
+      },
+    });
+
+    const request1 = new Request('http://localhost/test', {
+      headers: { 'X-API-Key': 'key-abc' },
+    });
+    const context1 = new Context(request1, container);
+    await middleware(context1, async () => new Response('OK'));
+
+    const request2 = new Request('http://localhost/test', {
+      headers: { 'X-API-Key': 'key-xyz' },
+    });
+    const context2 = new Context(request2, container);
+    await middleware(context2, async () => new Response('OK'));
+
+    expect(keys).toContain('key-abc');
+    expect(keys).toContain('key-xyz');
+  });
+
+  test('should track rate limit in context', async () => {
+    const middleware = createRateLimitMiddleware({
+      max: 5,
+      windowMs: 60000,
+    });
+
+    const request = new Request('http://localhost/test');
+    const context = new Context(request, container);
+
+    await middleware(context, async () => new Response('OK'));
+
+    // Headers are set on context, not on response
+    expect(context.getHeader('X-RateLimit-Limit')).toBeNull(); // getHeader reads request headers, returns null for non-existent
+    // The middleware sets response headers via context.setHeader
+  });
+
+  test('should return 429 response when rate limited', async () => {
+    const store = new MemoryRateLimitStore();
+    const middleware = createRateLimitMiddleware({
+      max: 1,
+      windowMs: 60000,
+      store,
+    });
+
+    const request = new Request('http://localhost/test');
+    
+    // First request
+    const context1 = new Context(request, container);
+    await middleware(context1, async () => new Response('OK'));
+
+    // Second request should be rate limited
+    const context2 = new Context(request, container);
+    const response = await middleware(context2, async () => new Response('OK'));
+
+    expect(response?.status).toBe(429);
+    const body = await response?.json() as { error: string };
+    expect(body.error).toBe('Too Many Requests');
+  });
+
+  test('should use default windowMs of 60000', async () => {
+    const middleware = createRateLimitMiddleware({
+      max: 100,
+    });
+
+    // Should not throw and should create middleware successfully
+    expect(typeof middleware).toBe('function');
+  });
+
+  test('should skip rate limiting when skip function returns true', async () => {
+    const store = new MemoryRateLimitStore();
+    const middleware = createRateLimitMiddleware({
+      max: 1,
+      windowMs: 60000,
+      store,
+      skip: (ctx: Context) => ctx.request.url.includes('/health'),
+    });
+
+    // Health check should be skipped
+    const healthRequest = new Request('http://localhost/health');
+    const healthContext = new Context(healthRequest, container);
+    let healthPassed = false;
+    await middleware(healthContext, async () => {
+      healthPassed = true;
+      return new Response('OK');
+    });
+    expect(healthPassed).toBe(true);
+
+    // Normal requests should be rate limited
+    const normalRequest1 = new Request('http://localhost/api');
+    const normalContext1 = new Context(normalRequest1, container);
+    await middleware(normalContext1, async () => new Response('OK'));
+
+    const normalRequest2 = new Request('http://localhost/api');
+    const normalContext2 = new Context(normalRequest2, container);
+    let normalPassed = false;
+    const response = await middleware(normalContext2, async () => {
+      normalPassed = true;
+      return new Response('OK');
+    });
+
+    expect(normalPassed).toBe(false);
+    expect(response?.status).toBe(429);
+  });
+});