@hazeljs/core 0.2.0-beta.1

package/dist/logger.js

@@ -0,0 +1,238 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requestLogger = void 0;
+const winston_1 = __importDefault(require("winston"));
+const dotenv_1 = __importDefault(require("dotenv"));
+const path_1 = __importDefault(require("path"));
+const fs_1 = __importDefault(require("fs"));
+const chalk_1 = __importDefault(require("chalk"));
+// Load environment variables
+dotenv_1.default.config();
+const logLevel = process.env.LOG_LEVEL || 'info';
+const logDir = process.env.LOG_DIR || 'logs';
+// Ensure log directory exists
+if (!fs_1.default.existsSync(logDir)) {
+    fs_1.default.mkdirSync(logDir, { recursive: true });
+}
+// Professional color scheme for different log levels
+const colors = {
+    error: chalk_1.default.red,
+    warn: chalk_1.default.yellow,
+    info: chalk_1.default.blue,
+    http: chalk_1.default.magenta,
+    debug: chalk_1.default.gray,
+    silly: chalk_1.default.gray,
+};
+// Professional category-based coloring
+const categoryColors = {
+    // Module operations
+    'Initializing HazelModule': chalk_1.default.blue.bold,
+    'Initializing module': chalk_1.default.blue.bold,
+    'Initializing imported modules': chalk_1.default.blue,
+    'Initializing HazelApp': chalk_1.default.cyan.bold,
+    // Provider operations
+    'Registering providers': chalk_1.default.green.bold,
+    'Registering provider': chalk_1.default.green,
+    'Created instance of': chalk_1.default.green,
+    // Controller operations
+    'Registering controllers': chalk_1.default.yellow.bold,
+    'Registering controller': chalk_1.default.yellow,
+    // Route operations
+    'Registering route': chalk_1.default.magenta.bold,
+    // Server operations
+    'Server listening on': chalk_1.default.green.bold,
+    'Application started': chalk_1.default.cyan.bold,
+    'Connected to database': chalk_1.default.green.bold,
+    'Disconnected from database': chalk_1.default.yellow,
+    // Cache operations
+    'Cache service initialized': chalk_1.default.blue,
+    'Cache registered': chalk_1.default.green,
+    'Configuring cache module': chalk_1.default.blue,
+    // Configuration
+    'Configuration loaded': chalk_1.default.green,
+    Configuring: chalk_1.default.blue,
+    // Container
+    'Container initialized': chalk_1.default.cyan.bold,
+};
+// Helper to detect log category and apply appropriate color
+const getCategoryColor = (message) => {
+    for (const [category, colorFn] of Object.entries(categoryColors)) {
+        if (message.includes(category)) {
+            return colorFn;
+        }
+    }
+    return chalk_1.default.white;
+};
+// Custom format for better readability with enhanced colors
+const customFormat = winston_1.default.format.printf(({ level, message, timestamp, ...metadata }) => {
+    // Get the appropriate color for the log level
+    const levelColor = colors[level] || chalk_1.default.white;
+    // Format the timestamp with subtle color
+    const time = chalk_1.default.gray.dim(timestamp);
+    // Format the level with color and padding (no icons for professional look)
+    const levelStr = levelColor.bold(`[${level.toUpperCase()}]`.padEnd(9));
+    // Convert message to string
+    const messageStr = String(message);
+    // Detect category and apply appropriate color to message
+    const categoryColor = getCategoryColor(messageStr);
+    let msg = categoryColor(messageStr);
+    // Special formatting for important messages
+    if (messageStr.includes('Server listening on')) {
+        msg = chalk_1.default.green.bold(messageStr);
+    }
+    else if (messageStr.includes('Application started')) {
+        msg = chalk_1.default.cyan.bold(messageStr);
+    }
+    else if (messageStr.includes('→ Local:') || messageStr.includes('→ Network:')) {
+        msg = chalk_1.default.green(messageStr);
+    }
+    // Format metadata if present with enhanced colors
+    let metaStr = '';
+    if (Object.keys(metadata).length > 0) {
+        metaStr = Object.entries(metadata)
+            .map(([key, value]) => {
+            // Color keys based on their type
+            let keyColor = chalk_1.default.cyan;
+            if (key.includes('module') || key.includes('Module')) {
+                keyColor = chalk_1.default.blue;
+            }
+            else if (key.includes('provider') ||
+                key.includes('Provider') ||
+                key.includes('Service')) {
+                keyColor = chalk_1.default.green;
+            }
+            else if (key.includes('controller') || key.includes('Controller')) {
+                keyColor = chalk_1.default.yellow;
+            }
+            else if (key.includes('route') || key.includes('Route')) {
+                keyColor = chalk_1.default.magenta;
+            }
+            const formattedKey = keyColor.bold(key);
+            // Use a custom replacer function to handle circular references
+            const seen = new WeakSet();
+            const safeValue = JSON.stringify(value, (key, val) => {
+                // Skip known circular references
+                if (key === 'socket' || key === 'parser' || key === 'res' || key === 'req') {
+                    return '[Circular]';
+                }
+                // Skip Node.js internal objects
+                if (key === '_idlePrev' || key === '_idleNext' || key === 'cleanupInterval') {
+                    return '[Internal]';
+                }
+                // Handle circular references
+                if (typeof val === 'object' && val !== null) {
+                    if (seen.has(val)) {
+                        return '[Circular]';
+                    }
+                    seen.add(val);
+                }
+                return val;
+            });
+            // Color values based on their content
+            let valueColor = chalk_1.default.yellow;
+            if (typeof value === 'string') {
+                if (value.includes('Module') ||
+                    value.includes('Service') ||
+                    value.includes('Controller')) {
+                    valueColor = chalk_1.default.cyan;
+                }
+                else if (value.includes('http://') || value.includes('localhost')) {
+                    valueColor = chalk_1.default.green;
+                }
+            }
+            const formattedValue = valueColor(safeValue);
+            return `${formattedKey}=${formattedValue}`;
+        })
+            .join(' ');
+        metaStr = chalk_1.default.gray.dim(' | ') + metaStr;
+    }
+    return `${time} ${levelStr} ${msg}${metaStr}`;
+});
+// Create logger instance
+const logger = winston_1.default.createLogger({
+    level: logLevel,
+    format: winston_1.default.format.combine(winston_1.default.format.timestamp({ format: 'YYYY-MM-DD HH:mm:ss' }), customFormat),
+    transports: [
+        // Console transport with colors
+        new winston_1.default.transports.Console({
+            format: winston_1.default.format.combine(customFormat),
+        }),
+        // File transport for all logs (without colors)
+        new winston_1.default.transports.File({
+            filename: path_1.default.join(logDir, 'combined.log'),
+            format: winston_1.default.format.combine(winston_1.default.format.timestamp(), winston_1.default.format.printf(({ level, message, timestamp, ...metadata }) => {
+                let msg = `${timestamp} [${level.toUpperCase()}] ${message}`;
+                if (Object.keys(metadata).length > 0) {
+                    msg += ` | ${JSON.stringify(metadata, (key, val) => {
+                        if (key === 'socket' || key === 'parser' || key === 'res' || key === 'req') {
+                            return '[Circular]';
+                        }
+                        return val;
+                    })}`;
+                }
+                return msg;
+            })),
+        }),
+        // File transport for errors only (without colors)
+        new winston_1.default.transports.File({
+            filename: path_1.default.join(logDir, 'error.log'),
+            level: 'error',
+            format: winston_1.default.format.combine(winston_1.default.format.timestamp(), winston_1.default.format.printf(({ level, message, timestamp, ...metadata }) => {
+                let msg = `${timestamp} [${level.toUpperCase()}] ${message}`;
+                if (Object.keys(metadata).length > 0) {
+                    msg += ` | ${JSON.stringify(metadata, (key, val) => {
+                        if (key === 'socket' || key === 'parser' || key === 'res' || key === 'req') {
+                            return '[Circular]';
+                        }
+                        return val;
+                    })}`;
+                }
+                return msg;
+            })),
+        }),
+    ],
+});
+// Log application info when starting
+const appInfo = {
+    service: process.env.APP_NAME || 'hazeljs',
+    version: process.env.APP_VERSION || '0.1.0',
+    environment: process.env.NODE_ENV || 'development',
+};
+logger.info(chalk_1.default.cyan.bold('Application started'), appInfo);
+// Add request logging middleware with beautiful formatting
+const requestLogger = (req, res, next) => {
+    const start = Date.now();
+    res.on('finish', () => {
+        const duration = Date.now() - start;
+        const statusColor = res.statusCode >= 500
+            ? chalk_1.default.red
+            : res.statusCode >= 400
+                ? chalk_1.default.yellow
+                : res.statusCode >= 300
+                    ? chalk_1.default.cyan
+                    : res.statusCode >= 200
+                        ? chalk_1.default.green
+                        : chalk_1.default.white;
+        logger.info(`${chalk_1.default.bold(req.method)} ${req.url}`, {
+            status: statusColor(res.statusCode),
+            duration: chalk_1.default.yellow(`${duration}ms`),
+            userAgent: chalk_1.default.gray(req.headers['user-agent']),
+            ip: chalk_1.default.gray(req.socket.remoteAddress),
+        });
+    });
+    next();
+};
+exports.requestLogger = requestLogger;
+// Add helper method to check if debug is enabled
+const isDebugEnabled = () => {
+    return logger.isLevelEnabled('debug');
+};
+// Extend logger with helper method
+const enhancedLogger = Object.assign(logger, {
+    isDebugEnabled,
+});
+// Export logger instance
+exports.default = enhancedLogger;

package/dist/middleware/cors.middleware.d.ts

@@ -0,0 +1,44 @@
+/**
+ * CORS Middleware
+ * Handles Cross-Origin Resource Sharing
+ */
+import { Request, Response } from '../types';
+export interface CorsOptions {
+    origin?: string | string[] | ((origin: string) => boolean);
+    methods?: string[];
+    allowedHeaders?: string[];
+    exposedHeaders?: string[];
+    credentials?: boolean;
+    maxAge?: number;
+    preflightContinue?: boolean;
+    optionsSuccessStatus?: number;
+}
+export declare class CorsMiddleware {
+    private options;
+    constructor(options?: CorsOptions);
+    /**
+     * Check if origin is allowed
+     */
+    private isOriginAllowed;
+    /**
+     * Set CORS headers
+     */
+    private setCorsHeaders;
+    /**
+     * Handle preflight request
+     */
+    private handlePreflight;
+    /**
+     * Handle CORS request
+     */
+    handle(req: Request, res: Response, next: () => void): void;
+    /**
+     * Create middleware function
+     */
+    static create(options?: CorsOptions): (req: Request, res: Response, next: () => void) => void;
+}
+/**
+ * Simple CORS helper for common use cases
+ */
+export declare function enableCors(options?: CorsOptions): (req: Request, res: Response, next: () => void) => void;
+//# sourceMappingURL=cors.middleware.d.ts.map

package/dist/middleware/cors.middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cors.middleware.d.ts","sourceRoot":"","sources":["../../src/middleware/cors.middleware.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAE7C,MAAM,WAAW,WAAW;IAC1B,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,CAAC,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC;IAC3D,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,OAAO,CAAwB;gBAE3B,OAAO,GAAE,WAAgB;IAarC;;OAEG;IACH,OAAO,CAAC,eAAe;IAsBvB;;OAEG;IACH,OAAO,CAAC,cAAc;IAsBtB;;OAEG;IACH,OAAO,CAAC,eAAe;IA+BvB;;OAEG;IACH,MAAM,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,IAAI,GAAG,IAAI;IAa3D;;OAEG;IACH,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,WAAW,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,IAAI,KAAK,IAAI;CAI9F;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,OAAO,CAAC,EAAE,WAAW,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,IAAI,KAAK,IAAI,CAEzG"}

package/dist/middleware/cors.middleware.js

@@ -0,0 +1,118 @@
+"use strict";
+/**
+ * CORS Middleware
+ * Handles Cross-Origin Resource Sharing
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CorsMiddleware = void 0;
+exports.enableCors = enableCors;
+class CorsMiddleware {
+    constructor(options = {}) {
+        this.options = {
+            origin: options.origin || '*',
+            methods: options.methods || ['GET', 'HEAD', 'PUT', 'PATCH', 'POST', 'DELETE'],
+            allowedHeaders: options.allowedHeaders || ['Content-Type', 'Authorization'],
+            exposedHeaders: options.exposedHeaders || [],
+            credentials: options.credentials || false,
+            maxAge: options.maxAge || 86400, // 24 hours
+            preflightContinue: options.preflightContinue || false,
+            optionsSuccessStatus: options.optionsSuccessStatus || 204,
+        };
+    }
+    /**
+     * Check if origin is allowed
+     */
+    isOriginAllowed(origin) {
+        const { origin: allowedOrigin } = this.options;
+        if (allowedOrigin === '*') {
+            return true;
+        }
+        if (typeof allowedOrigin === 'string') {
+            return origin === allowedOrigin;
+        }
+        if (Array.isArray(allowedOrigin)) {
+            return allowedOrigin.includes(origin);
+        }
+        if (typeof allowedOrigin === 'function') {
+            return allowedOrigin(origin);
+        }
+        return false;
+    }
+    /**
+     * Set CORS headers
+     */
+    setCorsHeaders(req, res) {
+        const origin = req.headers?.origin || req.headers?.referer || '';
+        // Set Access-Control-Allow-Origin
+        if (this.options.origin === '*') {
+            res.setHeader('Access-Control-Allow-Origin', '*');
+        }
+        else if (this.isOriginAllowed(origin)) {
+            res.setHeader('Access-Control-Allow-Origin', origin);
+            res.setHeader('Vary', 'Origin');
+        }
+        // Set Access-Control-Allow-Credentials
+        if (this.options.credentials) {
+            res.setHeader('Access-Control-Allow-Credentials', 'true');
+        }
+        // Set Access-Control-Expose-Headers
+        if (this.options.exposedHeaders.length > 0) {
+            res.setHeader('Access-Control-Expose-Headers', this.options.exposedHeaders.join(', '));
+        }
+    }
+    /**
+     * Handle preflight request
+     */
+    handlePreflight(req, res) {
+        if (req.method !== 'OPTIONS') {
+            return false;
+        }
+        // Set CORS headers
+        this.setCorsHeaders(req, res);
+        // Set Access-Control-Allow-Methods
+        res.setHeader('Access-Control-Allow-Methods', this.options.methods.join(', '));
+        // Set Access-Control-Allow-Headers
+        const requestHeaders = req.headers?.['access-control-request-headers'];
+        if (requestHeaders) {
+            res.setHeader('Access-Control-Allow-Headers', requestHeaders);
+        }
+        else if (this.options.allowedHeaders.length > 0) {
+            res.setHeader('Access-Control-Allow-Headers', this.options.allowedHeaders.join(', '));
+        }
+        // Set Access-Control-Max-Age
+        res.setHeader('Access-Control-Max-Age', this.options.maxAge.toString());
+        // Send response
+        if (!this.options.preflightContinue) {
+            res.status(this.options.optionsSuccessStatus).end();
+            return true;
+        }
+        return false;
+    }
+    /**
+     * Handle CORS request
+     */
+    handle(req, res, next) {
+        // Handle preflight request
+        if (this.handlePreflight(req, res)) {
+            return;
+        }
+        // Set CORS headers for actual request
+        this.setCorsHeaders(req, res);
+        // Continue to next middleware
+        next();
+    }
+    /**
+     * Create middleware function
+     */
+    static create(options) {
+        const middleware = new CorsMiddleware(options);
+        return (req, res, next) => middleware.handle(req, res, next);
+    }
+}
+exports.CorsMiddleware = CorsMiddleware;
+/**
+ * Simple CORS helper for common use cases
+ */
+function enableCors(options) {
+    return CorsMiddleware.create(options);
+}

package/dist/middleware/csrf.middleware.d.ts

@@ -0,0 +1,82 @@
+import { Request, Response } from '../types';
+import { MiddlewareClass, NextFunction } from './global-middleware';
+/**
+ * CSRF protection options
+ */
+export interface CsrfOptions {
+    /**
+     * Cookie name for CSRF token
+     */
+    cookieName?: string;
+    /**
+     * Header name for CSRF token
+     */
+    headerName?: string;
+    /**
+     * Secret key for token generation
+     */
+    secret?: string;
+    /**
+     * Cookie options
+     */
+    cookieOptions?: {
+        httpOnly?: boolean;
+        secure?: boolean;
+        sameSite?: 'strict' | 'lax' | 'none';
+        path?: string;
+        domain?: string;
+        maxAge?: number;
+    };
+    /**
+     * Methods to protect (default: POST, PUT, PATCH, DELETE)
+     */
+    methods?: string[];
+    /**
+     * Paths to exclude from CSRF protection
+     */
+    excludePaths?: string[];
+    /**
+     * Token length in bytes
+     */
+    tokenLength?: number;
+}
+/**
+ * CSRF Protection Middleware
+ * Protects against Cross-Site Request Forgery attacks
+ */
+export declare class CsrfMiddleware implements MiddlewareClass {
+    private options;
+    private secret;
+    private tokenStore;
+    constructor(options?: CsrfOptions);
+    use(req: Request, res: Response, next: NextFunction): void;
+    /**
+     * Get or create CSRF token
+     */
+    private getOrCreateToken;
+    /**
+     * Generate CSRF token
+     */
+    private generateToken;
+    /**
+     * Verify CSRF token
+     */
+    private verifyToken;
+    /**
+     * Get token from request
+     */
+    private getTokenFromRequest;
+    /**
+     * Get session ID from request
+     */
+    private getSessionId;
+    /**
+     * Build cookie string
+     */
+    private buildCookie;
+    /**
+     * Cleanup expired tokens
+     */
+    private cleanupTokens;
+}
+//# sourceMappingURL=csrf.middleware.d.ts.map

package/dist/middleware/csrf.middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrf.middleware.d.ts","sourceRoot":"","sources":["../../src/middleware/csrf.middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAKpE;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,aAAa,CAAC,EAAE;QACd,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;QACrC,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IAEF;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IAEnB;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,qBAAa,cAAe,YAAW,eAAe;IAIxC,OAAO,CAAC,OAAO;IAH3B,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,UAAU,CAAkC;gBAEhC,OAAO,GAAE,WAAgB;IAyB7C,GAAG,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI;IA4B1D;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAgBxB;;OAEG;IACH,OAAO,CAAC,aAAa;IAQrB;;OAEG;IACH,OAAO,CAAC,WAAW;IAenB;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAwB3B;;OAEG;IACH,OAAO,CAAC,YAAY;IAsBpB;;OAEG;IACH,OAAO,CAAC,WAAW;IAcnB;;OAEG;IACH,OAAO,CAAC,aAAa;CAYtB"}

package/dist/middleware/csrf.middleware.js

@@ -0,0 +1,183 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CsrfMiddleware = void 0;
+const http_error_1 = require("../errors/http.error");
+const crypto_1 = require("crypto");
+const logger_1 = __importDefault(require("../logger"));
+/**
+ * CSRF Protection Middleware
+ * Protects against Cross-Site Request Forgery attacks
+ */
+class CsrfMiddleware {
+    constructor(options = {}) {
+        this.options = options;
+        this.tokenStore = new Map();
+        this.options = {
+            cookieName: '_csrf',
+            headerName: 'x-csrf-token',
+            secret: process.env.CSRF_SECRET || (0, crypto_1.randomBytes)(32).toString('hex'),
+            cookieOptions: {
+                httpOnly: true,
+                secure: process.env.NODE_ENV === 'production',
+                sameSite: 'strict',
+                path: '/',
+                maxAge: 3600, // 1 hour
+            },
+            methods: ['POST', 'PUT', 'PATCH', 'DELETE'],
+            tokenLength: 32,
+            ...options,
+        };
+        this.secret = this.options.secret;
+        // Cleanup expired tokens every 5 minutes
+        setInterval(() => {
+            this.cleanupTokens();
+        }, 300000);
+    }
+    use(req, res, next) {
+        const path = req.url?.split('?')[0] || '/';
+        // Skip excluded paths
+        if (this.options.excludePaths?.some(excluded => path.startsWith(excluded))) {
+            next();
+            return;
+        }
+        // Generate or retrieve token
+        const token = this.getOrCreateToken(req, res);
+        // Check if method requires CSRF protection
+        if (this.options.methods?.includes(req.method || '')) {
+            const providedToken = this.getTokenFromRequest(req);
+            if (!providedToken || !this.verifyToken(token, providedToken)) {
+                logger_1.default.warn(`CSRF token validation failed for ${req.method} ${path}`);
+                throw new http_error_1.HttpError(403, 'Invalid CSRF token');
+            }
+        }
+        // Add token to response for forms
+        res.setHeader('X-CSRF-Token', token);
+        next();
+    }
+    /**
+     * Get or create CSRF token
+     */
+    getOrCreateToken(req, res) {
+        const sessionId = this.getSessionId(req);
+        let token = this.tokenStore.get(sessionId);
+        if (!token) {
+            token = this.generateToken();
+            this.tokenStore.set(sessionId, token);
+        }
+        // Set cookie
+        const cookie = this.buildCookie(token);
+        res.setHeader('Set-Cookie', cookie);
+        return token;
+    }
+    /**
+     * Generate CSRF token
+     */
+    generateToken() {
+        const random = (0, crypto_1.randomBytes)(this.options.tokenLength || 32).toString('hex');
+        const hmac = (0, crypto_1.createHmac)('sha256', this.secret);
+        hmac.update(random);
+        const signature = hmac.digest('hex');
+        return `${random}.${signature}`;
+    }
+    /**
+     * Verify CSRF token
+     */
+    verifyToken(storedToken, providedToken) {
+        if (!storedToken || !providedToken)
+            return false;
+        if (storedToken === providedToken)
+            return true;
+        // Verify signature
+        const [random, signature] = providedToken.split('.');
+        if (!random || !signature)
+            return false;
+        const hmac = (0, crypto_1.createHmac)('sha256', this.secret);
+        hmac.update(random);
+        const expectedSignature = hmac.digest('hex');
+        return signature === expectedSignature;
+    }
+    /**
+     * Get token from request
+     */
+    getTokenFromRequest(req) {
+        // Try header first
+        if (req.headers) {
+            const headerToken = req.headers[this.options.headerName.toLowerCase()];
+            if (headerToken) {
+                return Array.isArray(headerToken) ? headerToken[0] : headerToken;
+            }
+        }
+        // Try body
+        if (req.body && typeof req.body === 'object' && this.options.cookieName in req.body) {
+            const bodyValue = req.body[this.options.cookieName];
+            return typeof bodyValue === 'string' ? bodyValue : null;
+        }
+        // Try query parameter
+        if (req.query && typeof req.query === 'object' && this.options.cookieName in req.query) {
+            const queryValue = req.query[this.options.cookieName];
+            return typeof queryValue === 'string' ? queryValue : null;
+        }
+        return null;
+    }
+    /**
+     * Get session ID from request
+     */
+    getSessionId(req) {
+        // Try to get from cookie
+        if (req.headers?.cookie) {
+            const sessionCookie = req.headers.cookie
+                .split(';')
+                .find(c => c.trim().startsWith('sessionId='));
+            if (sessionCookie) {
+                return sessionCookie.split('=')[1].trim();
+            }
+        }
+        // Fallback to IP + User-Agent hash
+        const ip = req.socket?.remoteAddress || 'unknown';
+        const ua = req.headers?.['user-agent'] || 'unknown';
+        const hash = (0, crypto_1.createHmac)('sha256', this.secret)
+            .update(`${ip}:${ua}`)
+            .digest('hex')
+            .substring(0, 16);
+        return hash;
+    }
+    /**
+     * Build cookie string
+     */
+    buildCookie(token) {
+        const opts = this.options.cookieOptions;
+        const parts = [`${this.options.cookieName}=${token}`];
+        if (opts.path)
+            parts.push(`Path=${opts.path}`);
+        if (opts.domain)
+            parts.push(`Domain=${opts.domain}`);
+        if (opts.maxAge)
+            parts.push(`Max-Age=${opts.maxAge}`);
+        if (opts.httpOnly)
+            parts.push('HttpOnly');
+        if (opts.secure)
+            parts.push('Secure');
+        if (opts.sameSite)
+            parts.push(`SameSite=${opts.sameSite}`);
+        return parts.join('; ');
+    }
+    /**
+     * Cleanup expired tokens
+     */
+    cleanupTokens() {
+        // Simple cleanup - remove old entries
+        // In production, use a proper session store with TTL
+        if (this.tokenStore.size > 10000) {
+            const entries = Array.from(this.tokenStore.entries());
+            this.tokenStore.clear();
+            // Keep last 5000 entries
+            entries.slice(-5000).forEach(([key, value]) => {
+                this.tokenStore.set(key, value);
+            });
+        }
+    }
+}
+exports.CsrfMiddleware = CsrfMiddleware;