@hazeljs/core 0.2.0-alpha.1

package/dist/middleware/cors.middleware.js

@@ -0,0 +1,118 @@
+"use strict";
+/**
+ * CORS Middleware
+ * Handles Cross-Origin Resource Sharing
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CorsMiddleware = void 0;
+exports.enableCors = enableCors;
+class CorsMiddleware {
+    constructor(options = {}) {
+        this.options = {
+            origin: options.origin || '*',
+            methods: options.methods || ['GET', 'HEAD', 'PUT', 'PATCH', 'POST', 'DELETE'],
+            allowedHeaders: options.allowedHeaders || ['Content-Type', 'Authorization'],
+            exposedHeaders: options.exposedHeaders || [],
+            credentials: options.credentials || false,
+            maxAge: options.maxAge || 86400, // 24 hours
+            preflightContinue: options.preflightContinue || false,
+            optionsSuccessStatus: options.optionsSuccessStatus || 204,
+        };
+    }
+    /**
+     * Check if origin is allowed
+     */
+    isOriginAllowed(origin) {
+        const { origin: allowedOrigin } = this.options;
+        if (allowedOrigin === '*') {
+            return true;
+        }
+        if (typeof allowedOrigin === 'string') {
+            return origin === allowedOrigin;
+        }
+        if (Array.isArray(allowedOrigin)) {
+            return allowedOrigin.includes(origin);
+        }
+        if (typeof allowedOrigin === 'function') {
+            return allowedOrigin(origin);
+        }
+        return false;
+    }
+    /**
+     * Set CORS headers
+     */
+    setCorsHeaders(req, res) {
+        const origin = req.headers?.origin || req.headers?.referer || '';
+        // Set Access-Control-Allow-Origin
+        if (this.options.origin === '*') {
+            res.setHeader('Access-Control-Allow-Origin', '*');
+        }
+        else if (this.isOriginAllowed(origin)) {
+            res.setHeader('Access-Control-Allow-Origin', origin);
+            res.setHeader('Vary', 'Origin');
+        }
+        // Set Access-Control-Allow-Credentials
+        if (this.options.credentials) {
+            res.setHeader('Access-Control-Allow-Credentials', 'true');
+        }
+        // Set Access-Control-Expose-Headers
+        if (this.options.exposedHeaders.length > 0) {
+            res.setHeader('Access-Control-Expose-Headers', this.options.exposedHeaders.join(', '));
+        }
+    }
+    /**
+     * Handle preflight request
+     */
+    handlePreflight(req, res) {
+        if (req.method !== 'OPTIONS') {
+            return false;
+        }
+        // Set CORS headers
+        this.setCorsHeaders(req, res);
+        // Set Access-Control-Allow-Methods
+        res.setHeader('Access-Control-Allow-Methods', this.options.methods.join(', '));
+        // Set Access-Control-Allow-Headers
+        const requestHeaders = req.headers?.['access-control-request-headers'];
+        if (requestHeaders) {
+            res.setHeader('Access-Control-Allow-Headers', requestHeaders);
+        }
+        else if (this.options.allowedHeaders.length > 0) {
+            res.setHeader('Access-Control-Allow-Headers', this.options.allowedHeaders.join(', '));
+        }
+        // Set Access-Control-Max-Age
+        res.setHeader('Access-Control-Max-Age', this.options.maxAge.toString());
+        // Send response
+        if (!this.options.preflightContinue) {
+            res.status(this.options.optionsSuccessStatus).end();
+            return true;
+        }
+        return false;
+    }
+    /**
+     * Handle CORS request
+     */
+    handle(req, res, next) {
+        // Handle preflight request
+        if (this.handlePreflight(req, res)) {
+            return;
+        }
+        // Set CORS headers for actual request
+        this.setCorsHeaders(req, res);
+        // Continue to next middleware
+        next();
+    }
+    /**
+     * Create middleware function
+     */
+    static create(options) {
+        const middleware = new CorsMiddleware(options);
+        return (req, res, next) => middleware.handle(req, res, next);
+    }
+}
+exports.CorsMiddleware = CorsMiddleware;
+/**
+ * Simple CORS helper for common use cases
+ */
+function enableCors(options) {
+    return CorsMiddleware.create(options);
+}

package/dist/middleware/csrf.middleware.d.ts

@@ -0,0 +1,82 @@
+import { Request, Response } from '../types';
+import { MiddlewareClass, NextFunction } from './global-middleware';
+/**
+ * CSRF protection options
+ */
+export interface CsrfOptions {
+    /**
+     * Cookie name for CSRF token
+     */
+    cookieName?: string;
+    /**
+     * Header name for CSRF token
+     */
+    headerName?: string;
+    /**
+     * Secret key for token generation
+     */
+    secret?: string;
+    /**
+     * Cookie options
+     */
+    cookieOptions?: {
+        httpOnly?: boolean;
+        secure?: boolean;
+        sameSite?: 'strict' | 'lax' | 'none';
+        path?: string;
+        domain?: string;
+        maxAge?: number;
+    };
+    /**
+     * Methods to protect (default: POST, PUT, PATCH, DELETE)
+     */
+    methods?: string[];
+    /**
+     * Paths to exclude from CSRF protection
+     */
+    excludePaths?: string[];
+    /**
+     * Token length in bytes
+     */
+    tokenLength?: number;
+}
+/**
+ * CSRF Protection Middleware
+ * Protects against Cross-Site Request Forgery attacks
+ */
+export declare class CsrfMiddleware implements MiddlewareClass {
+    private options;
+    private secret;
+    private tokenStore;
+    constructor(options?: CsrfOptions);
+    use(req: Request, res: Response, next: NextFunction): void;
+    /**
+     * Get or create CSRF token
+     */
+    private getOrCreateToken;
+    /**
+     * Generate CSRF token
+     */
+    private generateToken;
+    /**
+     * Verify CSRF token
+     */
+    private verifyToken;
+    /**
+     * Get token from request
+     */
+    private getTokenFromRequest;
+    /**
+     * Get session ID from request
+     */
+    private getSessionId;
+    /**
+     * Build cookie string
+     */
+    private buildCookie;
+    /**
+     * Cleanup expired tokens
+     */
+    private cleanupTokens;
+}
+//# sourceMappingURL=csrf.middleware.d.ts.map

package/dist/middleware/csrf.middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrf.middleware.d.ts","sourceRoot":"","sources":["../../src/middleware/csrf.middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAKpE;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,aAAa,CAAC,EAAE;QACd,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;QACrC,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IAEF;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IAEnB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,qBAAa,cAAe,YAAW,eAAe;IAIxC,OAAO,CAAC,OAAO;IAH3B,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,UAAU,CAAkC;gBAEhC,OAAO,GAAE,WAAgB;IAyB7C,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI;IA4B1D;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAgBxB;;OAEG;IACH,OAAO,CAAC,aAAa;IAQrB;;OAEG;IACH,OAAO,CAAC,WAAW;IAenB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAwB3B;;OAEG;IACH,OAAO,CAAC,YAAY;IAsBpB;;OAEG;IACH,OAAO,CAAC,WAAW;IAcnB;;OAEG;IACH,OAAO,CAAC,aAAa;CAYtB"}

package/dist/middleware/csrf.middleware.js

@@ -0,0 +1,183 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CsrfMiddleware = void 0;
+const http_error_1 = require("../errors/http.error");
+const crypto_1 = require("crypto");
+const logger_1 = __importDefault(require("../logger"));
+/**
+ * CSRF Protection Middleware
+ * Protects against Cross-Site Request Forgery attacks
+ */
+class CsrfMiddleware {
+    constructor(options = {}) {
+        this.options = options;
+        this.tokenStore = new Map();
+        this.options = {
+            cookieName: '_csrf',
+            headerName: 'x-csrf-token',
+            secret: process.env.CSRF_SECRET || (0, crypto_1.randomBytes)(32).toString('hex'),
+            cookieOptions: {
+                httpOnly: true,
+                secure: process.env.NODE_ENV === 'production',
+                sameSite: 'strict',
+                path: '/',
+                maxAge: 3600, // 1 hour
+            },
+            methods: ['POST', 'PUT', 'PATCH', 'DELETE'],
+            tokenLength: 32,
+            ...options,
+        };
+        this.secret = this.options.secret;
+        // Cleanup expired tokens every 5 minutes
+        setInterval(() => {
+            this.cleanupTokens();
+        }, 300000);
+    }
+    use(req, res, next) {
+        const path = req.url?.split('?')[0] || '/';
+        // Skip excluded paths
+        if (this.options.excludePaths?.some(excluded => path.startsWith(excluded))) {
+            next();
+            return;
+        }
+        // Generate or retrieve token
+        const token = this.getOrCreateToken(req, res);
+        // Check if method requires CSRF protection
+        if (this.options.methods?.includes(req.method || '')) {
+            const providedToken = this.getTokenFromRequest(req);
+            if (!providedToken || !this.verifyToken(token, providedToken)) {
+                logger_1.default.warn(`CSRF token validation failed for ${req.method} ${path}`);
+                throw new http_error_1.HttpError(403, 'Invalid CSRF token');
+            }
+        }
+        // Add token to response for forms
+        res.setHeader('X-CSRF-Token', token);
+        next();
+    }
+    /**
+     * Get or create CSRF token
+     */
+    getOrCreateToken(req, res) {
+        const sessionId = this.getSessionId(req);
+        let token = this.tokenStore.get(sessionId);
+        if (!token) {
+            token = this.generateToken();
+            this.tokenStore.set(sessionId, token);
+        }
+        // Set cookie
+        const cookie = this.buildCookie(token);
+        res.setHeader('Set-Cookie', cookie);
+        return token;
+    }
+    /**
+     * Generate CSRF token
+     */
+    generateToken() {
+        const random = (0, crypto_1.randomBytes)(this.options.tokenLength || 32).toString('hex');
+        const hmac = (0, crypto_1.createHmac)('sha256', this.secret);
+        hmac.update(random);
+        const signature = hmac.digest('hex');
+        return `${random}.${signature}`;
+    }
+    /**
+     * Verify CSRF token
+     */
+    verifyToken(storedToken, providedToken) {
+        if (!storedToken || !providedToken)
+            return false;
+        if (storedToken === providedToken)
+            return true;
+        // Verify signature
+        const [random, signature] = providedToken.split('.');
+        if (!random || !signature)
+            return false;
+        const hmac = (0, crypto_1.createHmac)('sha256', this.secret);
+        hmac.update(random);
+        const expectedSignature = hmac.digest('hex');
+        return signature === expectedSignature;
+    }
+    /**
+     * Get token from request
+     */
+    getTokenFromRequest(req) {
+        // Try header first
+        if (req.headers) {
+            const headerToken = req.headers[this.options.headerName.toLowerCase()];
+            if (headerToken) {
+                return Array.isArray(headerToken) ? headerToken[0] : headerToken;
+            }
+        }
+        // Try body
+        if (req.body && typeof req.body === 'object' && this.options.cookieName in req.body) {
+            const bodyValue = req.body[this.options.cookieName];
+            return typeof bodyValue === 'string' ? bodyValue : null;
+        }
+        // Try query parameter
+        if (req.query && typeof req.query === 'object' && this.options.cookieName in req.query) {
+            const queryValue = req.query[this.options.cookieName];
+            return typeof queryValue === 'string' ? queryValue : null;
+        }
+        return null;
+    }
+    /**
+     * Get session ID from request
+     */
+    getSessionId(req) {
+        // Try to get from cookie
+        if (req.headers?.cookie) {
+            const sessionCookie = req.headers.cookie
+                .split(';')
+                .find(c => c.trim().startsWith('sessionId='));
+            if (sessionCookie) {
+                return sessionCookie.split('=')[1].trim();
+            }
+        }
+        // Fallback to IP + User-Agent hash
+        const ip = req.socket?.remoteAddress || 'unknown';
+        const ua = req.headers?.['user-agent'] || 'unknown';
+        const hash = (0, crypto_1.createHmac)('sha256', this.secret)
+            .update(`${ip}:${ua}`)
+            .digest('hex')
+            .substring(0, 16);
+        return hash;
+    }
+    /**
+     * Build cookie string
+     */
+    buildCookie(token) {
+        const opts = this.options.cookieOptions;
+        const parts = [`${this.options.cookieName}=${token}`];
+        if (opts.path)
+            parts.push(`Path=${opts.path}`);
+        if (opts.domain)
+            parts.push(`Domain=${opts.domain}`);
+        if (opts.maxAge)
+            parts.push(`Max-Age=${opts.maxAge}`);
+        if (opts.httpOnly)
+            parts.push('HttpOnly');
+        if (opts.secure)
+            parts.push('Secure');
+        if (opts.sameSite)
+            parts.push(`SameSite=${opts.sameSite}`);
+        return parts.join('; ');
+    }
+    /**
+     * Cleanup expired tokens
+     */
+    cleanupTokens() {
+        // Simple cleanup - remove old entries
+        // In production, use a proper session store with TTL
+        if (this.tokenStore.size > 10000) {
+            const entries = Array.from(this.tokenStore.entries());
+            this.tokenStore.clear();
+            // Keep last 5000 entries
+            entries.slice(-5000).forEach(([key, value]) => {
+                this.tokenStore.set(key, value);
+            });
+        }
+    }
+}
+exports.CsrfMiddleware = CsrfMiddleware;

package/dist/middleware/global-middleware.d.ts

@@ -0,0 +1,111 @@
+import { Request, Response } from '../types';
+/**
+ * Next function type for middleware chain
+ */
+export type NextFunction = () => Promise<void> | void;
+/**
+ * Middleware function type
+ */
+export type MiddlewareFunction = (req: Request, res: Response, next: NextFunction) => Promise<void> | void;
+/**
+ * Middleware interface
+ */
+export interface MiddlewareConsumer {
+    apply(...middleware: Array<MiddlewareFunction | MiddlewareClass>): MiddlewareConfigProxy;
+}
+/**
+ * Middleware class interface
+ */
+export interface MiddlewareClass {
+    use(req: Request, res: Response, next: NextFunction): Promise<void> | void;
+}
+/**
+ * Middleware configuration proxy
+ */
+export interface MiddlewareConfigProxy {
+    forRoutes(...routes: Array<string | RouteInfo>): MiddlewareConfigProxy;
+    exclude(...routes: Array<string | RouteInfo>): MiddlewareConfigProxy;
+}
+/**
+ * Route information
+ */
+export interface RouteInfo {
+    path: string;
+    method?: string;
+}
+/**
+ * Global middleware manager
+ */
+export declare class GlobalMiddlewareManager {
+    private middleware;
+    /**
+     * Add global middleware
+     */
+    use(middleware: MiddlewareFunction | MiddlewareClass): void;
+    /**
+     * Add middleware for specific routes
+     */
+    useFor(middleware: MiddlewareFunction | MiddlewareClass, routes: Array<string | RouteInfo>): void;
+    /**
+     * Add middleware with exclusions
+     */
+    useExcept(middleware: MiddlewareFunction | MiddlewareClass, excludedRoutes: Array<string | RouteInfo>): void;
+    /**
+     * Execute middleware chain for a request
+     */
+    execute(req: Request, res: Response): Promise<void>;
+    /**
+     * Get middleware applicable to a request
+     */
+    private getApplicableMiddleware;
+    /**
+     * Check if request matches any route
+     */
+    private matchesAnyRoute;
+    /**
+     * Match path with pattern
+     */
+    private matchPath;
+    /**
+     * Normalize routes to RouteInfo array
+     */
+    private normalizeRoutes;
+    /**
+     * Clear all middleware
+     */
+    clear(): void;
+    /**
+     * Get all registered middleware
+     */
+    getMiddleware(): MiddlewareEntry[];
+}
+/**
+ * Middleware entry
+ */
+interface MiddlewareEntry {
+    handler: MiddlewareFunction | MiddlewareClass;
+    routes: RouteInfo[];
+    excludedRoutes: RouteInfo[];
+}
+/**
+ * Built-in CORS middleware
+ */
+export declare class CorsMiddleware implements MiddlewareClass {
+    private options;
+    constructor(options?: CorsOptions);
+    use(req: Request, res: Response, next: NextFunction): void;
+}
+export interface CorsOptions {
+    origin?: string;
+    methods?: string[];
+    allowedHeaders?: string[];
+    credentials?: boolean;
+}
+/**
+ * Built-in logging middleware
+ */
+export declare class LoggerMiddleware implements MiddlewareClass {
+    use(req: Request, res: Response, next: NextFunction): Promise<void>;
+}
+export {};
+//# sourceMappingURL=global-middleware.d.ts.map

package/dist/middleware/global-middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"global-middleware.d.ts","sourceRoot":"","sources":["../../src/middleware/global-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAG7C;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AAEtD;;GAEG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAC/B,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,IAAI,EAAE,YAAY,KACf,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;AAE1B;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,KAAK,CAAC,GAAG,UAAU,EAAE,KAAK,CAAC,kBAAkB,GAAG,eAAe,CAAC,GAAG,qBAAqB,CAAC;CAC1F;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAC5E;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,SAAS,CAAC,GAAG,MAAM,EAAE,KAAK,CAAC,MAAM,GAAG,SAAS,CAAC,GAAG,qBAAqB,CAAC;IACvE,OAAO,CAAC,GAAG,MAAM,EAAE,KAAK,CAAC,MAAM,GAAG,SAAS,CAAC,GAAG,qBAAqB,CAAC;CACtE;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,qBAAa,uBAAuB;IAClC,OAAO,CAAC,UAAU,CAAyB;IAE3C;;OAEG;IACH,GAAG,CAAC,UAAU,EAAE,kBAAkB,GAAG,eAAe,GAAG,IAAI;IAS3D;;OAEG;IACH,MAAM,CACJ,UAAU,EAAE,kBAAkB,GAAG,eAAe,EAChD,MAAM,EAAE,KAAK,CAAC,MAAM,GAAG,SAAS,CAAC,GAChC,IAAI;IASP;;OAEG;IACH,SAAS,CACP,UAAU,EAAE,kBAAkB,GAAG,eAAe,EAChD,cAAc,EAAE,KAAK,CAAC,MAAM,GAAG,SAAS,CAAC,GACxC,IAAI;IASP;;OAEG;IACG,OAAO,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IA4BzD;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAiB/B;;OAEG;IACH,OAAO,CAAC,eAAe;IAWvB;;OAEG;IACH,OAAO,CAAC,SAAS;IAUjB;;OAEG;IACH,OAAO,CAAC,eAAe;IASvB;;OAEG;IACH,KAAK,IAAI,IAAI;IAIb;;OAEG;IACH,aAAa,IAAI,eAAe,EAAE;CAGnC;AAED;;GAEG;AACH,UAAU,eAAe;IACvB,OAAO,EAAE,kBAAkB,GAAG,eAAe,CAAC;IAC9C,MAAM,EAAE,SAAS,EAAE,CAAC;IACpB,cAAc,EAAE,SAAS,EAAE,CAAC;CAC7B;AAED;;GAEG;AACH,qBAAa,cAAe,YAAW,eAAe;IACxC,OAAO,CAAC,OAAO;gBAAP,OAAO,GAAE,WAAgB;IAE7C,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI;CAoB3D;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,qBAAa,gBAAiB,YAAW,eAAe;IAChD,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;CAU1E"}

package/dist/middleware/global-middleware.js

@@ -0,0 +1,179 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LoggerMiddleware = exports.CorsMiddleware = exports.GlobalMiddlewareManager = void 0;
+const logger_1 = __importDefault(require("../logger"));
+/**
+ * Global middleware manager
+ */
+class GlobalMiddlewareManager {
+    constructor() {
+        this.middleware = [];
+    }
+    /**
+     * Add global middleware
+     */
+    use(middleware) {
+        logger_1.default.info('Registering global middleware');
+        this.middleware.push({
+            handler: middleware,
+            routes: [],
+            excludedRoutes: [],
+        });
+    }
+    /**
+     * Add middleware for specific routes
+     */
+    useFor(middleware, routes) {
+        logger_1.default.info('Registering route-specific middleware');
+        this.middleware.push({
+            handler: middleware,
+            routes: this.normalizeRoutes(routes),
+            excludedRoutes: [],
+        });
+    }
+    /**
+     * Add middleware with exclusions
+     */
+    useExcept(middleware, excludedRoutes) {
+        logger_1.default.info('Registering middleware with exclusions');
+        this.middleware.push({
+            handler: middleware,
+            routes: [],
+            excludedRoutes: this.normalizeRoutes(excludedRoutes),
+        });
+    }
+    /**
+     * Execute middleware chain for a request
+     */
+    async execute(req, res) {
+        const applicableMiddleware = this.getApplicableMiddleware(req);
+        let index = 0;
+        const next = async () => {
+            if (index >= applicableMiddleware.length) {
+                return;
+            }
+            const entry = applicableMiddleware[index++];
+            const handler = entry.handler;
+            try {
+                if (typeof handler === 'function') {
+                    await handler(req, res, next);
+                }
+                else {
+                    await handler.use(req, res, next);
+                }
+            }
+            catch (error) {
+                logger_1.default.error('Middleware error:', error);
+                throw error;
+            }
+        };
+        await next();
+    }
+    /**
+     * Get middleware applicable to a request
+     */
+    getApplicableMiddleware(req) {
+        return this.middleware.filter((entry) => {
+            // Check if route is excluded
+            if (this.matchesAnyRoute(req, entry.excludedRoutes)) {
+                return false;
+            }
+            // If no specific routes, apply to all
+            if (entry.routes.length === 0) {
+                return true;
+            }
+            // Check if route matches
+            return this.matchesAnyRoute(req, entry.routes);
+        });
+    }
+    /**
+     * Check if request matches any route
+     */
+    matchesAnyRoute(req, routes) {
+        const requestPath = req.url?.split('?')[0] || '/';
+        const requestMethod = req.method || 'GET';
+        return routes.some((route) => {
+            const methodMatches = !route.method || route.method === requestMethod;
+            const pathMatches = this.matchPath(requestPath, route.path);
+            return methodMatches && pathMatches;
+        });
+    }
+    /**
+     * Match path with pattern
+     */
+    matchPath(path, pattern) {
+        // Simple wildcard matching
+        if (pattern === '*')
+            return true;
+        if (pattern.endsWith('*')) {
+            const prefix = pattern.slice(0, -1);
+            return path.startsWith(prefix);
+        }
+        return path === pattern;
+    }
+    /**
+     * Normalize routes to RouteInfo array
+     */
+    normalizeRoutes(routes) {
+        return routes.map((route) => {
+            if (typeof route === 'string') {
+                return { path: route };
+            }
+            return route;
+        });
+    }
+    /**
+     * Clear all middleware
+     */
+    clear() {
+        this.middleware = [];
+    }
+    /**
+     * Get all registered middleware
+     */
+    getMiddleware() {
+        return [...this.middleware];
+    }
+}
+exports.GlobalMiddlewareManager = GlobalMiddlewareManager;
+/**
+ * Built-in CORS middleware
+ */
+class CorsMiddleware {
+    constructor(options = {}) {
+        this.options = options;
+    }
+    use(req, res, next) {
+        const origin = this.options.origin || '*';
+        const methods = this.options.methods || ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'];
+        const headers = this.options.allowedHeaders || ['Content-Type', 'Authorization'];
+        res.setHeader('Access-Control-Allow-Origin', origin);
+        res.setHeader('Access-Control-Allow-Methods', methods.join(', '));
+        res.setHeader('Access-Control-Allow-Headers', headers.join(', '));
+        if (this.options.credentials) {
+            res.setHeader('Access-Control-Allow-Credentials', 'true');
+        }
+        if (req.method === 'OPTIONS') {
+            res.status(204).end();
+            return;
+        }
+        next();
+    }
+}
+exports.CorsMiddleware = CorsMiddleware;
+/**
+ * Built-in logging middleware
+ */
+class LoggerMiddleware {
+    async use(req, res, next) {
+        const start = Date.now();
+        logger_1.default.info(`→ ${req.method} ${req.url}`);
+        await next();
+        const duration = Date.now() - start;
+        logger_1.default.info(`← ${req.method} ${req.url} ${duration}ms`);
+    }
+}
+exports.LoggerMiddleware = LoggerMiddleware;