npm - @forinda/kickjs-http - Versions diffs - 0.3.2 → 0.4.0 - Mend

@forinda/kickjs-http 0.3.2 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

package/dist/application.js +2 -2
package/dist/bootstrap.js +3 -3
package/dist/{chunk-AK5TGZRS.js → chunk-4G2S7T4R.js} +4 -4
package/dist/chunk-DUQ7SN7N.js +208 -0
package/dist/chunk-DUQ7SN7N.js.map +1 -0
package/dist/chunk-H4S527PH.js +97 -0
package/dist/chunk-H4S527PH.js.map +1 -0
package/dist/chunk-LEILPDMW.js +183 -0
package/dist/chunk-LEILPDMW.js.map +1 -0
package/dist/{chunk-DU3FQYET.js → chunk-LQ6RSWMX.js} +5 -1
package/dist/chunk-LQ6RSWMX.js.map +1 -0
package/dist/chunk-NQJNMKW5.js +158 -0
package/dist/chunk-NQJNMKW5.js.map +1 -0
package/dist/{chunk-7I33DN2G.js → chunk-OWLI3SBW.js} +2 -2
package/dist/{chunk-BPXWHHCY.js → chunk-VFVMIFNZ.js} +9 -2
package/dist/chunk-VFVMIFNZ.js.map +1 -0
package/dist/context.d.ts +2 -0
package/dist/context.js +1 -1
package/dist/devtools.d.ts +85 -0
package/dist/devtools.js +8 -0
package/dist/devtools.js.map +1 -0
package/dist/index.d.ts +4 -1
package/dist/index.js +27 -11
package/dist/middleware/rate-limit.d.ts +53 -0
package/dist/middleware/rate-limit.js +8 -0
package/dist/middleware/rate-limit.js.map +1 -0
package/dist/middleware/session.d.ts +64 -0
package/dist/middleware/session.js +8 -0
package/dist/middleware/session.js.map +1 -0
package/dist/middleware/upload.d.ts +35 -16
package/dist/middleware/upload.js +5 -1
package/dist/router-builder.js +3 -2
package/package.json +15 -2
package/dist/chunk-BPXWHHCY.js.map +0 -1
package/dist/chunk-DU3FQYET.js.map +0 -1
package/dist/chunk-RFOXGJ3G.js +0 -88
package/dist/chunk-RFOXGJ3G.js.map +0 -1
/package/dist/{chunk-AK5TGZRS.js.map → chunk-4G2S7T4R.js.map} +0 -0
/package/dist/{chunk-7I33DN2G.js.map → chunk-OWLI3SBW.js.map} +0 -0

package/dist/chunk-NQJNMKW5.js ADDED Viewed

@@ -0,0 +1,158 @@
+import {
+  __name
+} from "./chunk-WCQVDF3K.js";
+// src/middleware/session.ts
+import { randomUUID, createHmac, timingSafeEqual } from "crypto";
+var MemoryStore = class MemoryStore2 {
+  static {
+    __name(this, "MemoryStore");
+  }
+  sessions = /* @__PURE__ */ new Map();
+  cleanupInterval;
+  constructor() {
+    this.cleanupInterval = setInterval(() => this.purge(), 6e4);
+    this.cleanupInterval.unref();
+  }
+  async get(sid) {
+    const entry = this.sessions.get(sid);
+    if (!entry) return null;
+    if (Date.now() > entry.expires) {
+      this.sessions.delete(sid);
+      return null;
+    }
+    return entry.data;
+  }
+  async set(sid, data, maxAge) {
+    this.sessions.set(sid, {
+      data,
+      expires: Date.now() + maxAge
+    });
+  }
+  async destroy(sid) {
+    this.sessions.delete(sid);
+  }
+  async touch(sid, maxAge) {
+    const entry = this.sessions.get(sid);
+    if (entry) {
+      entry.expires = Date.now() + maxAge;
+    }
+  }
+  purge() {
+    const now = Date.now();
+    for (const [sid, entry] of this.sessions) {
+      if (now > entry.expires) {
+        this.sessions.delete(sid);
+      }
+    }
+  }
+};
+function sign(value, secret) {
+  const signature = createHmac("sha256", secret).update(value).digest("base64url");
+  return `s:${value}.${signature}`;
+}
+__name(sign, "sign");
+function unsign(signed, secret) {
+  if (!signed.startsWith("s:")) return false;
+  const raw = signed.slice(2);
+  const dotIndex = raw.lastIndexOf(".");
+  if (dotIndex === -1) return false;
+  const value = raw.slice(0, dotIndex);
+  const providedSig = raw.slice(dotIndex + 1);
+  const expectedSig = createHmac("sha256", secret).update(value).digest("base64url");
+  const a = Buffer.from(providedSig);
+  const b = Buffer.from(expectedSig);
+  if (a.length !== b.length || !timingSafeEqual(a, b)) {
+    return false;
+  }
+  return value;
+}
+__name(unsign, "unsign");
+function session(options) {
+  const { secret, cookieName = "kick.sid", maxAge = 864e5, rolling = false, saveUninitialized = true, store = new MemoryStore(), cookie: cookieOpts = {} } = options;
+  const cookieDefaults = {
+    httpOnly: cookieOpts.httpOnly ?? true,
+    secure: cookieOpts.secure ?? process.env.NODE_ENV === "production",
+    sameSite: cookieOpts.sameSite ?? "lax",
+    path: cookieOpts.path ?? "/",
+    ...cookieOpts.domain ? {
+      domain: cookieOpts.domain
+    } : {},
+    maxAge
+  };
+  return async (req, res, next) => {
+    const cookies = req.cookies || {};
+    const signedCookie = cookies[cookieName];
+    let sid = false;
+    let sessionData = null;
+    let isNew = false;
+    if (signedCookie) {
+      sid = unsign(signedCookie, secret);
+      if (sid) {
+        sessionData = await store.get(sid);
+      }
+    }
+    if (!sid || !sessionData) {
+      sid = randomUUID();
+      sessionData = {};
+      isNew = true;
+    }
+    let currentSid = sid;
+    let currentData = {
+      ...sessionData
+    };
+    let destroyed = false;
+    const sessionObj = {
+      get id() {
+        return currentSid;
+      },
+      data: currentData,
+      async regenerate() {
+        await store.destroy(currentSid);
+        currentSid = randomUUID();
+        currentData = {};
+        sessionObj.data = currentData;
+        await store.set(currentSid, currentData, maxAge);
+        res.cookie(cookieName, sign(currentSid, secret), cookieDefaults);
+      },
+      async destroy() {
+        await store.destroy(currentSid);
+        destroyed = true;
+        currentData = {};
+        sessionObj.data = currentData;
+        res.clearCookie(cookieName, {
+          path: cookieDefaults.path
+        });
+      },
+      async save() {
+        if (!destroyed) {
+          await store.set(currentSid, currentData, maxAge);
+        }
+      }
+    };
+    req.session = sessionObj;
+    if (isNew) {
+      res.cookie(cookieName, sign(currentSid, secret), cookieDefaults);
+    }
+    res.on("finish", async () => {
+      if (destroyed) return;
+      if (isNew && !saveUninitialized && Object.keys(currentData).length === 0) return;
+      await store.set(currentSid, currentData, maxAge);
+      if (rolling && !isNew) {
+        if (store.touch) {
+          await store.touch(currentSid, maxAge);
+        }
+      }
+    });
+    if (rolling && !isNew) {
+      res.cookie(cookieName, sign(currentSid, secret), cookieDefaults);
+    }
+    next();
+  };
+}
+__name(session, "session");
+export {
+  session
+};
+//# sourceMappingURL=chunk-NQJNMKW5.js.map

package/dist/chunk-NQJNMKW5.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/middleware/session.ts"],"sourcesContent":["import { randomUUID, createHmac, timingSafeEqual } from 'node:crypto'\nimport type { Request, Response, NextFunction } from 'express'\n\nexport interface SessionData {\n [key: string]: unknown\n}\n\nexport interface SessionStore {\n get(sid: string): Promise<SessionData | null>\n set(sid: string, data: SessionData, maxAge: number): Promise<void>\n destroy(sid: string): Promise<void>\n touch?(sid: string, maxAge: number): Promise<void>\n}\n\nexport interface Session {\n id: string\n data: SessionData\n regenerate(): Promise<void>\n destroy(): Promise<void>\n save(): Promise<void>\n}\n\nexport interface SessionOptions {\n /** Secret used to sign the session cookie (required) */\n secret: string\n /** Cookie name (default: 'kick.sid') */\n cookieName?: string\n /** Session max age in milliseconds (default: 86400000 = 24h) */\n maxAge?: number\n /** Reset maxAge on every response (default: false) */\n rolling?: boolean\n /** Save new sessions that have not been modified (default: true) */\n saveUninitialized?: boolean\n /** Cookie options */\n cookie?: {\n httpOnly?: boolean\n secure?: boolean\n sameSite?: 'strict' | 'lax' | 'none'\n path?: string\n domain?: string\n }\n /** Custom session store (default: in-memory store with TTL cleanup) */\n store?: SessionStore\n}\n\n// ── In-Memory Store ───────────────────────────────────────────────────\n\nclass MemoryStore implements SessionStore {\n private sessions = new Map<string, { data: SessionData; expires: number }>()\n private cleanupInterval: ReturnType<typeof setInterval>\n\n constructor() {\n // Purge expired sessions every 60 seconds\n this.cleanupInterval = setInterval(() => this.purge(), 60_000)\n this.cleanupInterval.unref()\n }\n\n async get(sid: string): Promise<SessionData | null> {\n const entry = this.sessions.get(sid)\n if (!entry) return null\n if (Date.now() > entry.expires) {\n this.sessions.delete(sid)\n return null\n }\n return entry.data\n }\n\n async set(sid: string, data: SessionData, maxAge: number): Promise<void> {\n this.sessions.set(sid, { data, expires: Date.now() + maxAge })\n }\n\n async destroy(sid: string): Promise<void> {\n this.sessions.delete(sid)\n }\n\n async touch(sid: string, maxAge: number): Promise<void> {\n const entry = this.sessions.get(sid)\n if (entry) {\n entry.expires = Date.now() + maxAge\n }\n }\n\n private purge() {\n const now = Date.now()\n for (const [sid, entry] of this.sessions) {\n if (now > entry.expires) {\n this.sessions.delete(sid)\n }\n }\n }\n}\n\n// ── Cookie Signing ────────────────────────────────────────────────────\n\nfunction sign(value: string, secret: string): string {\n const signature = createHmac('sha256', secret).update(value).digest('base64url')\n return `s:${value}.${signature}`\n}\n\nfunction unsign(signed: string, secret: string): string | false {\n if (!signed.startsWith('s:')) return false\n const raw = signed.slice(2)\n const dotIndex = raw.lastIndexOf('.')\n if (dotIndex === -1) return false\n\n const value = raw.slice(0, dotIndex)\n const providedSig = raw.slice(dotIndex + 1)\n const expectedSig = createHmac('sha256', secret).update(value).digest('base64url')\n\n const a = Buffer.from(providedSig)\n const b = Buffer.from(expectedSig)\n\n if (a.length !== b.length || !timingSafeEqual(a, b)) {\n return false\n }\n\n return value\n}\n\n// ── Middleware Factory ────────────────────────────────────────────────\n\n/**\n * Session management middleware.\n *\n * Attaches a `req.session` object with `id`, `data`, `regenerate()`,\n * `destroy()`, and `save()` methods. Session IDs are signed with\n * HMAC-SHA256 to prevent cookie tampering.\n *\n * @example\n * ```ts\n * import { session } from '@forinda/kickjs-http'\n *\n * bootstrap({\n * modules,\n * middleware: [\n * cookieParser(),\n * session({ secret: process.env.SESSION_SECRET! }),\n * // ... other middleware\n * ],\n * })\n * ```\n */\nexport function session(options: SessionOptions) {\n const {\n secret,\n cookieName = 'kick.sid',\n maxAge = 86_400_000,\n rolling = false,\n saveUninitialized = true,\n store = new MemoryStore(),\n cookie: cookieOpts = {},\n } = options\n\n const cookieDefaults = {\n httpOnly: cookieOpts.httpOnly ?? true,\n secure: cookieOpts.secure ?? process.env.NODE_ENV === 'production',\n sameSite: cookieOpts.sameSite ?? ('lax' as const),\n path: cookieOpts.path ?? '/',\n ...(cookieOpts.domain ? { domain: cookieOpts.domain } : {}),\n maxAge,\n }\n\n return async (req: Request, res: Response, next: NextFunction) => {\n const cookies = (req as any).cookies || {}\n const signedCookie = cookies[cookieName]\n let sid: string | false = false\n let sessionData: SessionData | null = null\n let isNew = false\n\n // Attempt to recover existing session\n if (signedCookie) {\n sid = unsign(signedCookie, secret)\n if (sid) {\n sessionData = await store.get(sid)\n }\n }\n\n // Create new session if none found\n if (!sid || !sessionData) {\n sid = randomUUID()\n sessionData = {}\n isNew = true\n }\n\n let currentSid = sid as string\n let currentData = { ...sessionData }\n let destroyed = false\n\n const sessionObj: Session = {\n get id() {\n return currentSid\n },\n data: currentData,\n\n async regenerate() {\n await store.destroy(currentSid)\n currentSid = randomUUID()\n currentData = {}\n sessionObj.data = currentData\n await store.set(currentSid, currentData, maxAge)\n res.cookie(cookieName, sign(currentSid, secret), cookieDefaults)\n },\n\n async destroy() {\n await store.destroy(currentSid)\n destroyed = true\n currentData = {}\n sessionObj.data = currentData\n res.clearCookie(cookieName, { path: cookieDefaults.path })\n },\n\n async save() {\n if (!destroyed) {\n await store.set(currentSid, currentData, maxAge)\n }\n },\n }\n\n ;(req as any).session = sessionObj\n\n // Set cookie for new sessions\n if (isNew) {\n res.cookie(cookieName, sign(currentSid, secret), cookieDefaults)\n }\n\n // Auto-save on response finish\n res.on('finish', async () => {\n if (destroyed) return\n if (isNew && !saveUninitialized && Object.keys(currentData).length === 0) return\n\n await store.set(currentSid, currentData, maxAge)\n\n if (rolling && !isNew) {\n if (store.touch) {\n await store.touch(currentSid, maxAge)\n }\n }\n })\n\n // Rolling: refresh cookie on every response\n if (rolling && !isNew) {\n res.cookie(cookieName, sign(currentSid, secret), cookieDefaults)\n }\n\n next()\n }\n}\n"],"mappings":";;;;;AAAA,SAASA,YAAYC,YAAYC,uBAAuB;AA+CxD,IAAMC,cAAN,MAAMA,aAAAA;EA/CN,OA+CMA;;;EACIC,WAAW,oBAAIC,IAAAA;EACfC;EAER,cAAc;AAEZ,SAAKA,kBAAkBC,YAAY,MAAM,KAAKC,MAAK,GAAI,GAAA;AACvD,SAAKF,gBAAgBG,MAAK;EAC5B;EAEA,MAAMC,IAAIC,KAA0C;AAClD,UAAMC,QAAQ,KAAKR,SAASM,IAAIC,GAAAA;AAChC,QAAI,CAACC,MAAO,QAAO;AACnB,QAAIC,KAAKC,IAAG,IAAKF,MAAMG,SAAS;AAC9B,WAAKX,SAASY,OAAOL,GAAAA;AACrB,aAAO;IACT;AACA,WAAOC,MAAMK;EACf;EAEA,MAAMC,IAAIP,KAAaM,MAAmBE,QAA+B;AACvE,SAAKf,SAASc,IAAIP,KAAK;MAAEM;MAAMF,SAASF,KAAKC,IAAG,IAAKK;IAAO,CAAA;EAC9D;EAEA,MAAMC,QAAQT,KAA4B;AACxC,SAAKP,SAASY,OAAOL,GAAAA;EACvB;EAEA,MAAMU,MAAMV,KAAaQ,QAA+B;AACtD,UAAMP,QAAQ,KAAKR,SAASM,IAAIC,GAAAA;AAChC,QAAIC,OAAO;AACTA,YAAMG,UAAUF,KAAKC,IAAG,IAAKK;IAC/B;EACF;EAEQX,QAAQ;AACd,UAAMM,MAAMD,KAAKC,IAAG;AACpB,eAAW,CAACH,KAAKC,KAAAA,KAAU,KAAKR,UAAU;AACxC,UAAIU,MAAMF,MAAMG,SAAS;AACvB,aAAKX,SAASY,OAAOL,GAAAA;MACvB;IACF;EACF;AACF;AAIA,SAASW,KAAKC,OAAeC,QAAc;AACzC,QAAMC,YAAYC,WAAW,UAAUF,MAAAA,EAAQG,OAAOJ,KAAAA,EAAOK,OAAO,WAAA;AACpE,SAAO,KAAKL,KAAAA,IAASE,SAAAA;AACvB;AAHSH;AAKT,SAASO,OAAOC,QAAgBN,QAAc;AAC5C,MAAI,CAACM,OAAOC,WAAW,IAAA,EAAO,QAAO;AACrC,QAAMC,MAAMF,OAAOG,MAAM,CAAA;AACzB,QAAMC,WAAWF,IAAIG,YAAY,GAAA;AACjC,MAAID,aAAa,GAAI,QAAO;AAE5B,QAAMX,QAAQS,IAAIC,MAAM,GAAGC,QAAAA;AAC3B,QAAME,cAAcJ,IAAIC,MAAMC,WAAW,CAAA;AACzC,QAAMG,cAAcX,WAAW,UAAUF,MAAAA,EAAQG,OAAOJ,KAAAA,EAAOK,OAAO,WAAA;AAEtE,QAAMU,IAAIC,OAAOC,KAAKJ,WAAAA;AACtB,QAAMK,IAAIF,OAAOC,KAAKH,WAAAA;AAEtB,MAAIC,EAAEI,WAAWD,EAAEC,UAAU,CAACC,gBAAgBL,GAAGG,CAAAA,GAAI;AACnD,WAAO;EACT;AAEA,SAAOlB;AACT;AAlBSM;AA2CF,SAASe,QAAQC,SAAuB;AAC7C,QAAM,EACJrB,QACAsB,aAAa,YACb3B,SAAS,OACT4B,UAAU,OACVC,oBAAoB,MACpBC,QAAQ,IAAI9C,YAAAA,GACZ+C,QAAQC,aAAa,CAAC,EAAC,IACrBN;AAEJ,QAAMO,iBAAiB;IACrBC,UAAUF,WAAWE,YAAY;IACjCC,QAAQH,WAAWG,UAAUC,QAAQC,IAAIC,aAAa;IACtDC,UAAUP,WAAWO,YAAa;IAClCC,MAAMR,WAAWQ,QAAQ;IACzB,GAAIR,WAAWS,SAAS;MAAEA,QAAQT,WAAWS;IAAO,IAAI,CAAC;IACzDzC;EACF;AAEA,SAAO,OAAO0C,KAAcC,KAAeC,SAAAA;AACzC,UAAMC,UAAWH,IAAYG,WAAW,CAAC;AACzC,UAAMC,eAAeD,QAAQlB,UAAAA;AAC7B,QAAInC,MAAsB;AAC1B,QAAIuD,cAAkC;AACtC,QAAIC,QAAQ;AAGZ,QAAIF,cAAc;AAChBtD,YAAMkB,OAAOoC,cAAczC,MAAAA;AAC3B,UAAIb,KAAK;AACPuD,sBAAc,MAAMjB,MAAMvC,IAAIC,GAAAA;MAChC;IACF;AAGA,QAAI,CAACA,OAAO,CAACuD,aAAa;AACxBvD,YAAMyD,WAAAA;AACNF,oBAAc,CAAC;AACfC,cAAQ;IACV;AAEA,QAAIE,aAAa1D;AACjB,QAAI2D,cAAc;MAAE,GAAGJ;IAAY;AACnC,QAAIK,YAAY;AAEhB,UAAMC,aAAsB;MAC1B,IAAIC,KAAK;AACP,eAAOJ;MACT;MACApD,MAAMqD;MAEN,MAAMI,aAAAA;AACJ,cAAMzB,MAAM7B,QAAQiD,UAAAA;AACpBA,qBAAaD,WAAAA;AACbE,sBAAc,CAAC;AACfE,mBAAWvD,OAAOqD;AAClB,cAAMrB,MAAM/B,IAAImD,YAAYC,aAAanD,MAAAA;AACzC2C,YAAIZ,OAAOJ,YAAYxB,KAAK+C,YAAY7C,MAAAA,GAAS4B,cAAAA;MACnD;MAEA,MAAMhC,UAAAA;AACJ,cAAM6B,MAAM7B,QAAQiD,UAAAA;AACpBE,oBAAY;AACZD,sBAAc,CAAC;AACfE,mBAAWvD,OAAOqD;AAClBR,YAAIa,YAAY7B,YAAY;UAAEa,MAAMP,eAAeO;QAAK,CAAA;MAC1D;MAEA,MAAMiB,OAAAA;AACJ,YAAI,CAACL,WAAW;AACd,gBAAMtB,MAAM/B,IAAImD,YAAYC,aAAanD,MAAAA;QAC3C;MACF;IACF;AAEE0C,QAAYjB,UAAU4B;AAGxB,QAAIL,OAAO;AACTL,UAAIZ,OAAOJ,YAAYxB,KAAK+C,YAAY7C,MAAAA,GAAS4B,cAAAA;IACnD;AAGAU,QAAIe,GAAG,UAAU,YAAA;AACf,UAAIN,UAAW;AACf,UAAIJ,SAAS,CAACnB,qBAAqB8B,OAAOC,KAAKT,WAAAA,EAAa5B,WAAW,EAAG;AAE1E,YAAMO,MAAM/B,IAAImD,YAAYC,aAAanD,MAAAA;AAEzC,UAAI4B,WAAW,CAACoB,OAAO;AACrB,YAAIlB,MAAM5B,OAAO;AACf,gBAAM4B,MAAM5B,MAAMgD,YAAYlD,MAAAA;QAChC;MACF;IACF,CAAA;AAGA,QAAI4B,WAAW,CAACoB,OAAO;AACrBL,UAAIZ,OAAOJ,YAAYxB,KAAK+C,YAAY7C,MAAAA,GAAS4B,cAAAA;IACnD;AAEAW,SAAAA;EACF;AACF;AAxGgBnB;","names":["randomUUID","createHmac","timingSafeEqual","MemoryStore","sessions","Map","cleanupInterval","setInterval","purge","unref","get","sid","entry","Date","now","expires","delete","data","set","maxAge","destroy","touch","sign","value","secret","signature","createHmac","update","digest","unsign","signed","startsWith","raw","slice","dotIndex","lastIndexOf","providedSig","expectedSig","a","Buffer","from","b","length","timingSafeEqual","session","options","cookieName","rolling","saveUninitialized","store","cookie","cookieOpts","cookieDefaults","httpOnly","secure","process","env","NODE_ENV","sameSite","path","domain","req","res","next","cookies","signedCookie","sessionData","isNew","randomUUID","currentSid","currentData","destroyed","sessionObj","id","regenerate","clearCookie","save","on","Object","keys"]}

package/dist/{chunk-7I33DN2G.js → chunk-OWLI3SBW.js} RENAMED Viewed

@@ -1,6 +1,6 @@
 import {
   Application
-} from "./chunk-AK5TGZRS.js";
+} from "./chunk-4G2S7T4R.js";
 import {
   __name,
   __require
@@ -57,4 +57,4 @@ __name(bootstrap, "bootstrap");
 export {
   bootstrap
 };
-//# sourceMappingURL=chunk-7I33DN2G.js.map
+//# sourceMappingURL=chunk-OWLI3SBW.js.map

package/dist/{chunk-BPXWHHCY.js → chunk-VFVMIFNZ.js} RENAMED Viewed

@@ -1,9 +1,12 @@
+import {
+  buildUploadMiddleware
+} from "./chunk-LEILPDMW.js";
 import {
   validate
 } from "./chunk-RPN7UFUO.js";
 import {
   RequestContext
-} from "./chunk-DU3FQYET.js";
+} from "./chunk-LQ6RSWMX.js";
 import {
   __name
 } from "./chunk-WCQVDF3K.js";
@@ -31,6 +34,10 @@ function buildRoutes(controllerClass) {
     if (route.validation) {
       handlers.push(validate(route.validation));
     }
+    const fileUploadConfig = Reflect.getMetadata(METADATA.FILE_UPLOAD, controllerClass, route.handlerName);
+    if (fileUploadConfig) {
+      handlers.push(buildUploadMiddleware(fileUploadConfig));
+    }
     for (const mw of [
       ...classMiddlewares,
       ...methodMiddlewares
@@ -59,4 +66,4 @@ export {
   getControllerPath,
   buildRoutes
 };
-//# sourceMappingURL=chunk-BPXWHHCY.js.map
+//# sourceMappingURL=chunk-VFVMIFNZ.js.map

package/dist/chunk-VFVMIFNZ.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/router-builder.ts"],"sourcesContent":["import 'reflect-metadata'\nimport { Router, type Request, type Response, type NextFunction } from 'express'\nimport {\n Container,\n METADATA,\n type RouteDefinition,\n type MiddlewareHandler,\n type FileUploadConfig,\n} from '@forinda/kickjs-core'\nimport { RequestContext } from './context'\nimport { validate } from './middleware/validate'\nimport { buildUploadMiddleware } from './middleware/upload'\n\n/** Get the controller path set by @Controller('/path') */\nexport function getControllerPath(controllerClass: any): string {\n return Reflect.getMetadata(METADATA.CONTROLLER_PATH, controllerClass) || '/'\n}\n\n/**\n * Build an Express Router from a controller class decorated with @Get, @Post, etc.\n * Resolves the controller from the DI container, wraps handlers in RequestContext,\n * and applies class-level and method-level middleware.\n */\nexport function buildRoutes(controllerClass: any): Router {\n const router = Router()\n const container = Container.getInstance()\n const controllerPath = getControllerPath(controllerClass)\n const routes: RouteDefinition[] = Reflect.getMetadata(METADATA.ROUTES, controllerClass) || []\n\n // Class-level middleware\n const classMiddlewares: MiddlewareHandler[] =\n Reflect.getMetadata(METADATA.CLASS_MIDDLEWARES, controllerClass) || []\n\n for (const route of routes) {\n const method = route.method.toLowerCase() as 'get' | 'post' | 'put' | 'delete' | 'patch'\n let routePath = route.path === '/' ? '' : route.path\n const fullPath = controllerPath === '/' ? routePath || '/' : controllerPath + routePath\n\n // Method-level middleware\n const methodMiddlewares: MiddlewareHandler[] =\n Reflect.getMetadata(METADATA.METHOD_MIDDLEWARES, controllerClass, route.handlerName) || []\n\n // Build handler chain\n const handlers: any[] = []\n\n // Validation middleware (shared with standalone validate() export)\n if (route.validation) {\n handlers.push(validate(route.validation))\n }\n\n // @FileUpload decorator — auto-attach upload middleware from metadata\n const fileUploadConfig: FileUploadConfig | undefined = Reflect.getMetadata(\n METADATA.FILE_UPLOAD,\n controllerClass,\n route.handlerName,\n )\n if (fileUploadConfig) {\n handlers.push(buildUploadMiddleware(fileUploadConfig))\n }\n\n // Class + method middleware (wrapped as Express middleware with error catching)\n for (const mw of [...classMiddlewares, ...methodMiddlewares]) {\n handlers.push((req: Request, res: Response, next: NextFunction) => {\n const ctx = new RequestContext(req, res, next)\n Promise.resolve(mw(ctx, next)).catch(next)\n })\n }\n\n // Main handler — resolve controller per-request to respect DI scoping\n handlers.push(async (req: Request, res: Response, next: NextFunction) => {\n const ctx = new RequestContext(req, res, next)\n try {\n const controller = container.resolve(controllerClass)\n await controller[route.handlerName](ctx)\n } catch (err: any) {\n next(err)\n }\n })\n ;(router as any)[method](fullPath, ...handlers)\n }\n\n return router\n}\n"],"mappings":";;;;;;;;;;;;;;AAAA,OAAO;AACP,SAASA,cAA8D;AACvE,SACEC,WACAC,gBAIK;AAMA,SAASC,kBAAkBC,iBAAoB;AACpD,SAAOC,QAAQC,YAAYC,SAASC,iBAAiBJ,eAAAA,KAAoB;AAC3E;AAFgBD;AAST,SAASM,YAAYL,iBAAoB;AAC9C,QAAMM,SAASC,OAAAA;AACf,QAAMC,YAAYC,UAAUC,YAAW;AACvC,QAAMC,iBAAiBZ,kBAAkBC,eAAAA;AACzC,QAAMY,SAA4BX,QAAQC,YAAYC,SAASU,QAAQb,eAAAA,KAAoB,CAAA;AAG3F,QAAMc,mBACJb,QAAQC,YAAYC,SAASY,mBAAmBf,eAAAA,KAAoB,CAAA;AAEtE,aAAWgB,SAASJ,QAAQ;AAC1B,UAAMK,SAASD,MAAMC,OAAOC,YAAW;AACvC,QAAIC,YAAYH,MAAMI,SAAS,MAAM,KAAKJ,MAAMI;AAChD,UAAMC,WAAWV,mBAAmB,MAAMQ,aAAa,MAAMR,iBAAiBQ;AAG9E,UAAMG,oBACJrB,QAAQC,YAAYC,SAASoB,oBAAoBvB,iBAAiBgB,MAAMQ,WAAW,KAAK,CAAA;AAG1F,UAAMC,WAAkB,CAAA;AAGxB,QAAIT,MAAMU,YAAY;AACpBD,eAASE,KAAKC,SAASZ,MAAMU,UAAU,CAAA;IACzC;AAGA,UAAMG,mBAAiD5B,QAAQC,YAC7DC,SAAS2B,aACT9B,iBACAgB,MAAMQ,WAAW;AAEnB,QAAIK,kBAAkB;AACpBJ,eAASE,KAAKI,sBAAsBF,gBAAAA,CAAAA;IACtC;AAGA,eAAWG,MAAM;SAAIlB;SAAqBQ;OAAoB;AAC5DG,eAASE,KAAK,CAACM,KAAcC,KAAeC,SAAAA;AAC1C,cAAMC,MAAM,IAAIC,eAAeJ,KAAKC,KAAKC,IAAAA;AACzCG,gBAAQC,QAAQP,GAAGI,KAAKD,IAAAA,CAAAA,EAAOK,MAAML,IAAAA;MACvC,CAAA;IACF;AAGAV,aAASE,KAAK,OAAOM,KAAcC,KAAeC,SAAAA;AAChD,YAAMC,MAAM,IAAIC,eAAeJ,KAAKC,KAAKC,IAAAA;AACzC,UAAI;AACF,cAAMM,aAAajC,UAAU+B,QAAQvC,eAAAA;AACrC,cAAMyC,WAAWzB,MAAMQ,WAAW,EAAEY,GAAAA;MACtC,SAASM,KAAU;AACjBP,aAAKO,GAAAA;MACP;IACF,CAAA;AACEpC,WAAeW,MAAAA,EAAQI,UAAAA,GAAaI,QAAAA;EACxC;AAEA,SAAOnB;AACT;AA3DgBD;","names":["Router","Container","METADATA","getControllerPath","controllerClass","Reflect","getMetadata","METADATA","CONTROLLER_PATH","buildRoutes","router","Router","container","Container","getInstance","controllerPath","routes","ROUTES","classMiddlewares","CLASS_MIDDLEWARES","route","method","toLowerCase","routePath","path","fullPath","methodMiddlewares","METHOD_MIDDLEWARES","handlerName","handlers","validation","push","validate","fileUploadConfig","FILE_UPLOAD","buildUploadMiddleware","mw","req","res","next","ctx","RequestContext","Promise","resolve","catch","controller","err"]}

package/dist/context.d.ts CHANGED Viewed

@@ -17,6 +17,8 @@ declare class RequestContext<TBody = any, TParams = any, TQuery = any> {
     get query(): TQuery;
     get headers(): http.IncomingHttpHeaders;
     get requestId(): string | undefined;
+    /** Session data (requires session middleware) */
+    get session(): any;
     /**
      * Parse the request query string into structured filters, sort, pagination, and search.
      * Pass the result to an ORM query builder adapter (Drizzle, Prisma, Sequelize, etc.).

package/dist/context.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import {
   RequestContext
-} from "./chunk-DU3FQYET.js";
+} from "./chunk-LQ6RSWMX.js";
 import "./chunk-VXX2Y3TA.js";
 import "./chunk-WCQVDF3K.js";
 export {

package/dist/devtools.d.ts ADDED Viewed

@@ -0,0 +1,85 @@
+import { AppAdapter, Ref, ComputedRef, Container, AdapterMiddleware } from '@forinda/kickjs-core';
+/** Per-route latency stats */
+interface RouteStats {
+    count: number;
+    totalMs: number;
+    minMs: number;
+    maxMs: number;
+}
+interface DevToolsOptions {
+    /** Base path for debug endpoints (default: '/_debug') */
+    basePath?: string;
+    /** Only enable when this is true (default: process.env.NODE_ENV !== 'production') */
+    enabled?: boolean;
+    /** Include environment variables (sanitized) at /_debug/config (default: false) */
+    exposeConfig?: boolean;
+    /** Env var prefixes to expose (default: ['APP_', 'NODE_ENV']). Others are redacted. */
+    configPrefixes?: string[];
+    /** Callback when error rate exceeds threshold */
+    onErrorRateExceeded?: (rate: number) => void;
+    /** Error rate threshold (default: 0.5 = 50%) */
+    errorRateThreshold?: number;
+}
+/**
+ * DevToolsAdapter — Vue-style reactive introspection for KickJS applications.
+ *
+ * Exposes debug endpoints powered by reactive state (ref, computed, watch):
+ * - `GET /_debug/routes`    — all registered routes with middleware
+ * - `GET /_debug/container` — DI registry with scopes and instantiation status
+ * - `GET /_debug/metrics`   — live request/error counts, error rate, uptime
+ * - `GET /_debug/health`    — deep health check with adapter status
+ * - `GET /_debug/config`    — sanitized environment variables (opt-in)
+ * - `GET /_debug/state`     — full reactive state snapshot
+ *
+ * @example
+ * ```ts
+ * import { DevToolsAdapter } from '@forinda/kickjs-http/devtools'
+ *
+ * bootstrap({
+ *   modules: [UserModule],
+ *   adapters: [
+ *     new DevToolsAdapter({
+ *       enabled: process.env.NODE_ENV !== 'production',
+ *       exposeConfig: true,
+ *       configPrefixes: ['APP_', 'DATABASE_'],
+ *     }),
+ *   ],
+ * })
+ * ```
+ */
+declare class DevToolsAdapter implements AppAdapter {
+    readonly name = "DevToolsAdapter";
+    private basePath;
+    private enabled;
+    private exposeConfig;
+    private configPrefixes;
+    private errorRateThreshold;
+    /** Total requests received */
+    readonly requestCount: Ref<number>;
+    /** Total responses with status >= 500 */
+    readonly errorCount: Ref<number>;
+    /** Total responses with status >= 400 and < 500 */
+    readonly clientErrorCount: Ref<number>;
+    /** Server start time */
+    readonly startedAt: Ref<number>;
+    /** Computed error rate (server errors / total requests) */
+    readonly errorRate: ComputedRef<number>;
+    /** Computed uptime in seconds */
+    readonly uptimeSeconds: ComputedRef<number>;
+    /** Per-route latency tracking */
+    readonly routeLatency: Record<string, RouteStats>;
+    private routes;
+    private container;
+    private adapterStatuses;
+    private stopErrorWatch;
+    constructor(options?: DevToolsOptions);
+    beforeMount(app: any, container: Container): void;
+    middleware(): AdapterMiddleware[];
+    onRouteMount(controllerClass: any, mountPath: string): void;
+    beforeStart(_app: any, _container: Container): void;
+    afterStart(_server: any, _container: Container): void;
+    shutdown(): void;
+}
+export { DevToolsAdapter, type DevToolsOptions };

package/dist/devtools.js ADDED Viewed

@@ -0,0 +1,8 @@
+import {
+  DevToolsAdapter
+} from "./chunk-DUQ7SN7N.js";
+import "./chunk-WCQVDF3K.js";
+export {
+  DevToolsAdapter
+};
+//# sourceMappingURL=devtools.js.map

package/dist/devtools.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/index.d.ts CHANGED Viewed

@@ -6,7 +6,10 @@ export { REQUEST_ID_HEADER, requestId } from './middleware/request-id.js';
 export { validate } from './middleware/validate.js';
 export { errorHandler, notFoundHandler } from './middleware/error-handler.js';
 export { CsrfOptions, csrf } from './middleware/csrf.js';
-export { UploadOptions, cleanupFiles, upload } from './middleware/upload.js';
+export { RateLimitOptions, RateLimitStore, rateLimit } from './middleware/rate-limit.js';
+export { Session, SessionData, SessionOptions, SessionStore, session } from './middleware/session.js';
+export { UploadOptions, buildUploadMiddleware, cleanupFiles, resolveMimeTypes, upload } from './middleware/upload.js';
+export { DevToolsAdapter, DevToolsOptions } from './devtools.js';
 export { buildQueryParams, parseFilters, parsePagination, parseQuery, parseSearchQuery, parseSort } from './query/index.js';
 export { F as FILTER_OPERATORS, a as FilterItem, b as FilterOperator, P as PaginationParams, c as ParsedQuery, Q as QueryBuilderAdapter, d as QueryFieldConfig, S as SortItem } from './types-Doz6f3AB.js';
 import 'node:http';

package/dist/index.js CHANGED Viewed

@@ -1,23 +1,38 @@
 import {
-  cleanupFiles,
-  upload
-} from "./chunk-RFOXGJ3G.js";
+  rateLimit
+} from "./chunk-H4S527PH.js";
+import {
+  session
+} from "./chunk-NQJNMKW5.js";
 import {
   bootstrap
-} from "./chunk-7I33DN2G.js";
+} from "./chunk-OWLI3SBW.js";
 import {
   Application
-} from "./chunk-AK5TGZRS.js";
+} from "./chunk-4G2S7T4R.js";
+import {
+  REQUEST_ID_HEADER,
+  requestId
+} from "./chunk-35NUARK7.js";
+import {
+  DevToolsAdapter
+} from "./chunk-DUQ7SN7N.js";
 import {
   buildRoutes,
   getControllerPath
-} from "./chunk-BPXWHHCY.js";
+} from "./chunk-VFVMIFNZ.js";
+import {
+  buildUploadMiddleware,
+  cleanupFiles,
+  resolveMimeTypes,
+  upload
+} from "./chunk-LEILPDMW.js";
 import {
   validate
 } from "./chunk-RPN7UFUO.js";
 import {
   RequestContext
-} from "./chunk-DU3FQYET.js";
+} from "./chunk-LQ6RSWMX.js";
 import {
   FILTER_OPERATORS,
   buildQueryParams,
@@ -34,19 +49,17 @@ import {
   errorHandler,
   notFoundHandler
 } from "./chunk-3NEDJA3J.js";
-import {
-  REQUEST_ID_HEADER,
-  requestId
-} from "./chunk-35NUARK7.js";
 import "./chunk-WCQVDF3K.js";
 export {
   Application,
+  DevToolsAdapter,
   FILTER_OPERATORS,
   REQUEST_ID_HEADER,
   RequestContext,
   bootstrap,
   buildQueryParams,
   buildRoutes,
+  buildUploadMiddleware,
   cleanupFiles,
   csrf,
   errorHandler,
@@ -57,7 +70,10 @@ export {
   parseQuery,
   parseSearchQuery,
   parseSort,
+  rateLimit,
   requestId,
+  resolveMimeTypes,
+  session,
   upload,
   validate
 };

package/dist/middleware/rate-limit.d.ts ADDED Viewed

@@ -0,0 +1,53 @@
+import { Request, Response, NextFunction } from 'express';
+interface RateLimitStore {
+    increment(key: string): Promise<{
+        totalHits: number;
+        resetTime: Date;
+    }>;
+    decrement(key: string): Promise<void>;
+    reset(key: string): Promise<void>;
+}
+interface RateLimitOptions {
+    /** Maximum number of requests per window (default: 100) */
+    max?: number;
+    /** Time window in milliseconds (default: 60_000) */
+    windowMs?: number;
+    /** Response message when rate limit is exceeded (default: 'Too Many Requests') */
+    message?: string;
+    /** HTTP status code when rate limit is exceeded (default: 429) */
+    statusCode?: number;
+    /** Function to generate the key for rate limiting (default: req.ip) */
+    keyGenerator?: (req: Request) => string;
+    /** Whether to send rate limit headers (default: true) */
+    headers?: boolean;
+    /** Custom store implementation (default: in-memory Map) */
+    store?: RateLimitStore;
+    /** Function to skip rate limiting for certain requests */
+    skip?: (req: Request) => boolean;
+    /** Paths to exclude from rate limiting */
+    skipPaths?: string[];
+}
+/**
+ * Rate limiting middleware.
+ *
+ * Limits the number of requests a client can make within a time window.
+ * Uses an in-memory store by default, but accepts a custom store for
+ * distributed deployments (e.g. Redis).
+ *
+ * @example
+ * ```ts
+ * import { rateLimit } from '@forinda/kickjs-http'
+ *
+ * bootstrap({
+ *   modules,
+ *   middleware: [
+ *     rateLimit({ max: 100, windowMs: 60_000 }),
+ *     // ... other middleware
+ *   ],
+ * })
+ * ```
+ */
+declare function rateLimit(options?: RateLimitOptions): (req: Request, res: Response, next: NextFunction) => Promise<void | Response<any, Record<string, any>>>;
+export { type RateLimitOptions, type RateLimitStore, rateLimit };

package/dist/middleware/rate-limit.js ADDED Viewed

@@ -0,0 +1,8 @@
+import {
+  rateLimit
+} from "../chunk-H4S527PH.js";
+import "../chunk-WCQVDF3K.js";
+export {
+  rateLimit
+};
+//# sourceMappingURL=rate-limit.js.map

package/dist/middleware/rate-limit.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/middleware/session.d.ts ADDED Viewed

@@ -0,0 +1,64 @@
+import { Request, Response, NextFunction } from 'express';
+interface SessionData {
+    [key: string]: unknown;
+}
+interface SessionStore {
+    get(sid: string): Promise<SessionData | null>;
+    set(sid: string, data: SessionData, maxAge: number): Promise<void>;
+    destroy(sid: string): Promise<void>;
+    touch?(sid: string, maxAge: number): Promise<void>;
+}
+interface Session {
+    id: string;
+    data: SessionData;
+    regenerate(): Promise<void>;
+    destroy(): Promise<void>;
+    save(): Promise<void>;
+}
+interface SessionOptions {
+    /** Secret used to sign the session cookie (required) */
+    secret: string;
+    /** Cookie name (default: 'kick.sid') */
+    cookieName?: string;
+    /** Session max age in milliseconds (default: 86400000 = 24h) */
+    maxAge?: number;
+    /** Reset maxAge on every response (default: false) */
+    rolling?: boolean;
+    /** Save new sessions that have not been modified (default: true) */
+    saveUninitialized?: boolean;
+    /** Cookie options */
+    cookie?: {
+        httpOnly?: boolean;
+        secure?: boolean;
+        sameSite?: 'strict' | 'lax' | 'none';
+        path?: string;
+        domain?: string;
+    };
+    /** Custom session store (default: in-memory store with TTL cleanup) */
+    store?: SessionStore;
+}
+/**
+ * Session management middleware.
+ *
+ * Attaches a `req.session` object with `id`, `data`, `regenerate()`,
+ * `destroy()`, and `save()` methods. Session IDs are signed with
+ * HMAC-SHA256 to prevent cookie tampering.
+ *
+ * @example
+ * ```ts
+ * import { session } from '@forinda/kickjs-http'
+ *
+ * bootstrap({
+ *   modules,
+ *   middleware: [
+ *     cookieParser(),
+ *     session({ secret: process.env.SESSION_SECRET! }),
+ *     // ... other middleware
+ *   ],
+ * })
+ * ```
+ */
+declare function session(options: SessionOptions): (req: Request, res: Response, next: NextFunction) => Promise<void>;
+export { type Session, type SessionData, type SessionOptions, type SessionStore, session };

package/dist/middleware/session.js ADDED Viewed

@@ -0,0 +1,8 @@
+import {
+  session
+} from "../chunk-NQJNMKW5.js";
+import "../chunk-WCQVDF3K.js";
+export {
+  session
+};
+//# sourceMappingURL=session.js.map

package/dist/middleware/session.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}