@hyperspan/framework 1.0.0-alpha.1 → 1.0.0-alpha.11

package/src/cookies.ts

@@ -0,0 +1,234 @@
+import type { Hyperspan as HS } from './types';
+
+const REGEXP_PAIR_SPLIT = /; */;
+
+/**
+ * RegExp to match field-content in RFC 7230 sec 3.2
+ *
+ * field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ]
+ * field-vchar   = VCHAR / obs-text
+ * obs-text      = %x80-FF
+ */
+
+const REGEXP_FIELD_CONTENT = /^[\u0009\u0020-\u007e\u0080-\u00ff]+$/;
+
+/**
+ * Cookie parsing and serialization
+ */
+export class Cookies implements HS.Cookies {
+  _req: Request;
+  _responseHeaders: HS.Cookies['_responseHeaders'];
+  _parsedCookies: HS.Cookies['_parsedCookies'] = {};
+  _encrypt: HS.Cookies['_encrypt'];
+  _decrypt: HS.Cookies['_decrypt'];
+  constructor(req: Request, responseHeaders: HS.Cookies['_responseHeaders'] = undefined) {
+    this._req = req;
+    this._responseHeaders = responseHeaders;
+    this._parsedCookies = parse(req.headers.get('Cookie') || '');
+  }
+
+  get(name: string): string | undefined {
+    const value = this._parsedCookies[name];
+    if (value && this._decrypt) {
+      return this._decrypt(value);
+    }
+    return value;
+  }
+
+  set(name: string, value: string, options?: HS.CookieOptions) {
+    if (!this._responseHeaders) {
+      throw new Error('Set cookies in the response object. Cookies can only be read from the request object.');
+    }
+    if (this._encrypt) {
+      value = this._encrypt(value);
+    }
+    this._responseHeaders.append('Set-Cookie', serialize(name, value, options));
+  }
+
+  delete(name: string) {
+    this.set(name, '', { expires: new Date(0) });
+  }
+
+  /**
+   * Set the encoder and decoder functions for the cookies and re-parse the cookie header
+   */
+  setEncryption(encrypt: HS.Cookies['_encrypt'], decrypt: HS.Cookies['_decrypt']) {
+    this._encrypt = encrypt;
+    this._decrypt = decrypt;
+    this._parsedCookies = parse(this._req.headers.get('Cookie') || '');
+  }
+}
+
+/*!
+ * cookie
+ * @source https://github.com/jkohrman/cookie-parse/blob/master/index.js
+ * Copyright(c) 2012-2014 Roman Shtylman
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * Copyright(c) 2016 Jeff Kohrman
+ * MIT Licensed
+ */
+
+/**
+ * Parse a cookie header.
+ *
+ * Parse the given cookie header string into an object
+ * The object has the various cookies as keys(names) => values
+ *
+ * @param {string} str
+ * @param {object} [options]
+ * @return {object}
+ * @public
+ */
+
+function parse(str: string): Record<string, string | any | undefined> {
+  if (typeof str !== 'string') {
+    throw new TypeError('argument str must be a string');
+  }
+
+  const obj = {}
+  const pairs = str.split(REGEXP_PAIR_SPLIT);
+
+  for (let i = 0; i < pairs.length; i++) {
+    const pair = pairs[i];
+    let eq_idx = pair.indexOf('=');
+
+    // set true for things that don't look like key=value
+    let key;
+    let val;
+    if (eq_idx < 0) {
+      key = pair.trim();
+      val = 'true';
+    } else {
+      key = pair.substring(0, eq_idx).trim()
+      val = pair.substring(eq_idx + 1, eq_idx + 1 + pair.length).trim();
+    };
+
+    // quoted values
+    if ('"' == val[0]) {
+      val = val.slice(1, -1);
+    }
+
+    // only assign once
+    // @ts-ignore
+    if (undefined == obj[key]) {
+      // @ts-ignore
+      obj[key] = tryDecode(val, decodeURIComponent);
+    }
+  }
+
+  return obj;
+}
+
+/**
+ * Serialize data into a cookie header.
+ *
+ * Serialize the a name value pair into a cookie string suitable for
+ * http headers. An optional options object specified cookie parameters.
+ *
+ * serialize('foo', 'bar', { httpOnly: true })
+ *   => "foo=bar; httpOnly"
+ *
+ * @param {string} name
+ * @param {string} val
+ * @param {object} [options]
+ * @return {string}
+ * @public
+ */
+type SerializeOptions = {
+  encrypt?: (str: string) => string;
+  maxAge?: number;
+  domain?: string;
+  path?: string;
+  expires?: Date;
+  httpOnly?: boolean;
+  secure?: boolean;
+  sameSite?: 'lax' | 'strict' | true;
+};
+function serialize(name: string, val: string, options: SerializeOptions = {}) {
+  const opt = options || {};
+
+  if (!REGEXP_FIELD_CONTENT.test(name)) {
+    throw new TypeError('argument name is invalid');
+  }
+
+  let value = encodeURIComponent(val);
+
+  if (value && !REGEXP_FIELD_CONTENT.test(value)) {
+    throw new TypeError('argument val is invalid');
+  }
+
+  let str = name + '=' + value;
+
+  if (null != opt.maxAge) {
+    const maxAge = opt.maxAge - 0;
+    if (isNaN(maxAge)) throw new Error('maxAge should be a Number');
+    str += '; Max-Age=' + Math.floor(maxAge);
+  }
+
+  if (opt.domain) {
+    if (!REGEXP_FIELD_CONTENT.test(opt.domain)) {
+      throw new TypeError('option domain is invalid');
+    }
+
+    str += '; Domain=' + opt.domain;
+  }
+
+  if (opt.path) {
+    if (!REGEXP_FIELD_CONTENT.test(opt.path)) {
+      throw new TypeError('option path is invalid');
+    }
+
+    str += '; Path=' + opt.path;
+  }
+
+  if (opt.expires) {
+    if (typeof opt.expires.toUTCString !== 'function') {
+      throw new TypeError('option expires must be a Date object');
+    }
+
+    str += '; Expires=' + opt.expires.toUTCString();
+  }
+
+  if (opt.httpOnly) {
+    str += '; HttpOnly';
+  }
+
+  if (opt.secure) {
+    str += '; Secure';
+  }
+
+  if (opt.sameSite) {
+    const sameSite = typeof opt.sameSite === 'string'
+      ? opt.sameSite.toLowerCase() : opt.sameSite;
+
+    switch (sameSite) {
+      case true:
+      case 'strict':
+        str += '; SameSite=Strict';
+        break;
+      case 'lax':
+        str += '; SameSite=Lax';
+        break;
+      default:
+        throw new TypeError('option sameSite is invalid');
+    }
+  }
+
+  return str;
+}
+
+/**
+ * Try decoding a string using a decoding function.
+ *
+ * @param {string} str
+ * @param {function} decode
+ * @private
+ */
+
+function tryDecode(str: string, decode: (str: string) => string) {
+  try {
+    return decode(str);
+  } catch (e) {
+    return str;
+  }
+}

package/src/index.ts

@@ -0,0 +1,2 @@
+export { createConfig, createContext, createRoute, createServer, getRunnableRoute, StreamResponse, IS_PROD, HTTPResponseException } from './server';
+export type { Hyperspan } from './types';

package/src/plugins.ts

@@ -46,6 +46,7 @@ export function clientJSPlugin(): HS.Plugin {
           const esmName = String(result.outputs[0].path.split('/').reverse()[0]).replace('.js', '');
           JS_IMPORT_MAP.set(esmName, `${JS_PUBLIC_PATH}/${esmName}.js`);
 
+          // Get the contents of the file to extract the exports
           const contents = await result.outputs[0].text();
           const exportLine = EXPORT_REGEX.exec(contents);
 
@@ -65,10 +66,7 @@ export function clientJSPlugin(): HS.Plugin {
 
           // Export a special object that can be used to render the client JS as a script tag
           const moduleCode = `// hyperspan:processed
-import { functionToString } from '@hyperspan/framework/assets';
-
-// Original file contents
-${contents}
+import { functionToString } from '@hyperspan/framework/client/js';
 
 // hyperspan:client-js-plugin
 export const __CLIENT_JS = {

package/src/server.test.ts

@@ -1,9 +1,9 @@
 import { test, expect } from 'bun:test';
-import { createRoute, createServer } from './server';
+import { createRoute, createServer, createContext } from './server';
 import type { Hyperspan as HS } from './types';
 
 test('route fetch() returns a Response', async () => {
-  const route = createRoute().get((context) => {
+  const route = createRoute().get((context: HS.Context) => {
     return context.res.html('<h1>Hello World</h1>');
   });
 
@@ -16,24 +16,25 @@ test('route fetch() returns a Response', async () => {
 });
 
 test('server with two routes can return Response from one', async () => {
-  const server = createServer({
+  const server = await createServer({
     appDir: './app',
-    staticFileRoot: './public',
+    publicDir: './public',
+    plugins: [],
   });
 
   // Add two routes to the server
-  server.get('/users', (context) => {
+  server.get('/users', (context: HS.Context) => {
     return context.res.html('<h1>Users Page</h1>');
   });
 
-  server.get('/posts', (context) => {
+  server.get('/posts', (context: HS.Context) => {
     return context.res.html('<h1>Posts Page</h1>');
   });
 
 
   // Test that we can get a Response from one of the routes
   const request = new Request('http://localhost:3000/users');
-  const testRoute = server._routes.find((route) => route._path === '/users');
+  const testRoute = server._routes.find((route: HS.Route) => route._path() === '/users');
   const response = await testRoute!.fetch(request);
 
   expect(response).toBeInstanceOf(Response);
@@ -42,22 +43,23 @@ test('server with two routes can return Response from one', async () => {
 });
 
 test('server returns a route with a POST request', async () => {
-  const server = createServer({
+  const server = await createServer({
     appDir: './app',
-    staticFileRoot: './public',
+    publicDir: './public',
+    plugins: [],
   });
 
   // Add two routes to the server
-  server.get('/users', (context) => {
+  server.get('/users', (context: HS.Context) => {
     return context.res.html('<h1>GET /users</h1>');
   });
 
-  server.post('/users', (context) => {
+  server.post('/users', (context: HS.Context) => {
     return context.res.html('<h1>POST /users</h1>');
   });
 
-  const route = server._routes.find((route) => route._path === '/users' && route._methods().includes('POST')) as HS.Route;
-  const request = new Request('http://localhost:3000/', { method: 'POST' });
+  const route = server._routes.find((route: HS.Route) => route._path() === '/users' && route._methods().includes('POST')) as HS.Route;
+  const request = new Request('http://localhost:3000/users', { method: 'POST' });
   const response = await route.fetch(request);
 
   expect(response).toBeInstanceOf(Response);
@@ -66,18 +68,19 @@ test('server returns a route with a POST request', async () => {
 });
 
 test('returns 405 when route path matches but HTTP method does not', async () => {
-  const server = createServer({
+  const server = await createServer({
     appDir: './app',
-    staticFileRoot: './public',
+    publicDir: './public',
+    plugins: [],
   });
 
   // Route registered for GET only
-  server.get('/users', (context) => {
+  server.get('/users', (context: HS.Context) => {
     return context.res.html('<h1>Users Page</h1>');
   });
 
   // Attempt to POST to /users, which should return 405
-  const route = server._routes.find((route) => route._path === '/users')!;
+  const route = server._routes.find((route: HS.Route) => route._path() === '/users')!;
   const request = new Request('http://localhost:3000/users', { method: 'POST' });
   const response = await route.fetch(request);
 
@@ -86,3 +89,124 @@ test('returns 405 when route path matches but HTTP method does not', async () =>
   const text = await response.text();
   expect(text).toContain('Method not allowed');
 });
+
+test('createContext() can get and set cookies', () => {
+  // Create a request with cookies in the Cookie header
+  const request = new Request('http://localhost:3000/', {
+    headers: {
+      'Cookie': 'sessionId=abc123; theme=dark; userId=42',
+    },
+  });
+
+  // Create context from the request
+  const context = createContext(request);
+
+  // Test reading cookies from request
+  expect(context.req.cookies.get('sessionId')).toBe('abc123');
+  expect(context.req.cookies.get('theme')).toBe('dark');
+  expect(context.req.cookies.get('userId')).toBe('42');
+  expect(context.req.cookies.get('nonExistent')).toBeUndefined();
+
+  // Test setting a simple cookie in response
+  context.res.cookies.set('newCookie', 'newValue');
+  let setCookieHeader = context.res.headers.get('Set-Cookie');
+  expect(setCookieHeader).toBeTruthy();
+  expect(setCookieHeader).toContain('newCookie=newValue');
+
+  // Test setting a cookie with options (this will overwrite the previous Set-Cookie header)
+  context.res.cookies.set('secureCookie', 'secureValue', {
+    httpOnly: true,
+    secure: true,
+    sameSite: 'strict',
+    maxAge: 3600,
+  });
+
+  // Verify Set-Cookie header contains the last cookie set
+  setCookieHeader = context.res.headers.get('Set-Cookie');
+  expect(setCookieHeader).toBeTruthy();
+  expect(setCookieHeader).toContain('secureCookie=secureValue');
+  expect(setCookieHeader).toContain('HttpOnly');
+  expect(setCookieHeader).toContain('Secure');
+  expect(setCookieHeader).toContain('SameSite=Strict');
+  expect(setCookieHeader).toContain('Max-Age=3600');
+
+  // Verify the previous cookie was overwritten
+  expect(setCookieHeader).not.toContain('newCookie=newValue');
+
+  // Test deleting a cookie
+  context.res.cookies.delete('sessionId');
+  setCookieHeader = context.res.headers.get('Set-Cookie');
+  expect(setCookieHeader).toBeTruthy();
+  if (setCookieHeader) {
+    expect(setCookieHeader).toContain('sessionId=');
+    expect(setCookieHeader).toContain('Expires=');
+    // Verify it's set to expire in the past (deleted)
+    const expiresMatch = setCookieHeader.match(/Expires=([^;]+)/);
+    expect(expiresMatch).toBeTruthy();
+    if (expiresMatch) {
+      const expiresDate = new Date(expiresMatch[1]);
+      expect(expiresDate.getTime()).toBeLessThanOrEqual(new Date(0).getTime());
+    }
+  }
+});
+
+test('createContext() merge() function preserves custom headers when using response methods', () => {
+  // Create a request
+  const request = new Request('http://localhost:3000/');
+
+  // Create context from the request
+  const context = createContext(request);
+
+  // Set custom headers on the context response
+  context.res.headers.set('X-Custom-Header', 'custom-value');
+  context.res.headers.set('X-Another-Header', 'another-value');
+  context.res.headers.set('Authorization', 'Bearer token123');
+
+  // Use html() method which should merge headers
+  const response = context.res.html('<h1>Test</h1>');
+
+  // Verify the response has both the custom headers and the Content-Type header
+  expect(response.headers.get('X-Custom-Header')).toBe('custom-value');
+  expect(response.headers.get('X-Another-Header')).toBe('another-value');
+  expect(response.headers.get('Authorization')).toBe('Bearer token123');
+  expect(response.headers.get('Content-Type')).toBe('text/html; charset=UTF-8');
+
+  // Verify response body is correct
+  expect(response.status).toBe(200);
+});
+
+test('createContext() merge() function preserves custom headers with json() method', () => {
+  const request = new Request('http://localhost:3000/');
+  const context = createContext(request);
+
+  // Set custom headers
+  context.res.headers.set('X-API-Version', 'v1');
+  context.res.headers.set('X-Request-ID', 'req-123');
+
+  // Use json() method
+  const response = context.res.json({ message: 'Hello' });
+
+  // Verify headers are merged
+  expect(response.headers.get('X-API-Version')).toBe('v1');
+  expect(response.headers.get('X-Request-ID')).toBe('req-123');
+  expect(response.headers.get('Content-Type')).toBe('application/json');
+});
+
+test('createContext() merge() function allows response headers to override context headers', () => {
+  const request = new Request('http://localhost:3000/');
+  const context = createContext(request);
+
+  // Set a header on context
+  context.res.headers.set('X-Header', 'context-value');
+
+  // Use html() with options that include the same header (should override)
+  const response = context.res.html('<h1>Test</h1>', {
+    headers: {
+      'X-Header': 'response-value',
+    },
+  });
+
+  // Response header should override context header
+  expect(response.headers.get('X-Header')).toBe('response-value');
+  expect(response.headers.get('Content-Type')).toBe('text/html; charset=UTF-8');
+});