@j3r3mcdev/oast-server 1.0.0

package/src/core/http/router.ts

@@ -0,0 +1,138 @@
+// src/http/router.ts
+
+import { compilePath } from "./compile-path";
+import { Middleware } from "./middleware";
+
+export class Router {
+  private routes: Array<{
+    method: string;
+    path: string;
+    compiled: any[];
+    middlewares: Middleware[];
+    handler: Function;
+  }> = [];
+
+  /**
+   * Enregistre une route avec middlewares optionnels :
+   * router.get("/x", mw1, mw2, handler)
+   */
+  register(method: string, path: string, ...middlewaresAndHandler: any[]) {
+    const compiled = compilePath(path);
+
+    const handler = middlewaresAndHandler.pop();
+    const middlewares = middlewaresAndHandler as Middleware[];
+
+    this.routes.push({
+      method,
+      path,
+      compiled,
+      middlewares,
+      handler,
+    });
+  }
+
+  /**
+   * Trouve la route et extrait les params
+   */
+  match(method: string, urlPath: string) {
+    const urlSegments = urlPath.replace(/^\//, "").split("/");
+
+    for (const route of this.routes) {
+      if (route.method !== method) continue;
+
+      const params: Record<string, string> = {};
+      const compiled = route.compiled;
+
+      if (this.matchSegments(compiled, urlSegments, params)) {
+        return {
+          handler: route.handler,
+          middlewares: route.middlewares,
+          params,
+        };
+      }
+    }
+
+    return null;
+  }
+
+  /**
+   * Ton moteur de matching existant — inchangé
+   */
+  private matchSegments(
+    compiled: any[],
+    urlSegments: string[],
+    params: Record<string, string>,
+  ) {
+    let i = 0;
+
+    for (let j = 0; j < compiled.length; j++) {
+      const segment = compiled[j];
+      const part = urlSegments[i];
+
+      if (!part && segment.type !== "wildcard") {
+        return false;
+      }
+
+      if (segment.type === "static") {
+        if (segment.value !== part) return false;
+        i++;
+        continue;
+      }
+
+      if (segment.type === "param") {
+        if (!part) return false;
+        params[segment.name] = part;
+        i++;
+        continue;
+      }
+
+      if (segment.type === "wildcard") {
+        if (!part) return false;
+
+        const next = compiled[j + 1];
+        if (!next) return true;
+
+        while (i < urlSegments.length) {
+          if (next.type === "static" && urlSegments[i] === next.value) {
+            break;
+          }
+          i++;
+        }
+
+        if (i >= urlSegments.length) return false;
+
+        continue;
+      }
+    }
+
+    return i === urlSegments.length;
+  }
+
+  get(path: string, ...middlewaresAndHandler: any[]) {
+    this.register("GET", path, ...middlewaresAndHandler);
+  }
+
+  post(path: string, ...middlewaresAndHandler: any[]) {
+    this.register("POST", path, ...middlewaresAndHandler);
+  }
+
+  put(path: string, ...middlewaresAndHandler: any[]) {
+    this.register("PUT", path, ...middlewaresAndHandler);
+  }
+
+  delete(path: string, ...middlewaresAndHandler: any[]) {
+    this.register("DELETE", path, ...middlewaresAndHandler);
+  }
+
+  patch(path: string, ...middlewaresAndHandler: any[]) {
+    this.register("PATCH", path, ...middlewaresAndHandler);
+  }
+
+  options(path: string, ...middlewaresAndHandler: any[]) {
+    this.register("OPTIONS", path, ...middlewaresAndHandler);
+  }
+
+  head(path: string, ...middlewaresAndHandler: any[]) {
+    this.register("HEAD", path, ...middlewaresAndHandler);
+  }
+}

package/src/core/id-generator.ts

@@ -0,0 +1,8 @@
+import crypto from "crypto";
+
+export class IdGenerator {
+  static generate(): string {
+    // Token long, alphanumérique, très difficile à deviner
+    return crypto.randomBytes(16).toString("hex");
+  }
+}

package/src/core/logger.ts

@@ -0,0 +1,113 @@
+export type LogLevel = "debug" | "info" | "warn" | "error" | "fatal";
+
+export interface LoggerOptions {
+  level?: LogLevel;
+  context?: string;
+  enabled?: boolean;
+  hooks?: Array<(entry: LogEntry) => void>;
+}
+
+export interface LogEntry {
+  timestamp: string;
+  level: LogLevel;
+  message: string;
+  context?: string;
+  data?: any;
+}
+
+const COLORS = {
+  reset: "\x1b[0m",
+  gray: "\x1b[90m",
+  blue: "\x1b[34m",
+  yellow: "\x1b[33m",
+  red: "\x1b[31m",
+  magenta: "\x1b[35m",
+};
+
+const LEVEL_COLORS: Record<LogLevel, string> = {
+  debug: COLORS.gray,
+  info: COLORS.blue,
+  warn: COLORS.yellow,
+  error: COLORS.red,
+  fatal: COLORS.magenta,
+};
+
+const LEVEL_ORDER: Record<LogLevel, number> = {
+  debug: 10,
+  info: 20,
+  warn: 30,
+  error: 40,
+  fatal: 50,
+};
+
+export class Logger {
+  private level: LogLevel;
+  private context?: string;
+  private enabled: boolean;
+  private hooks: Array<(entry: LogEntry) => void>;
+
+  constructor(options: LoggerOptions = {}) {
+    this.level = options.level ?? "info";
+    this.context = options.context;
+    this.enabled = options.enabled ?? true;
+    this.hooks = options.hooks ?? [];
+  }
+
+  private shouldLog(level: LogLevel): boolean {
+    return this.enabled && LEVEL_ORDER[level] >= LEVEL_ORDER[this.level];
+  }
+
+  private emit(level: LogLevel, message: string, data?: any) {
+    if (!this.shouldLog(level)) return;
+
+    const entry: LogEntry = {
+      timestamp: new Date().toISOString(),
+      level,
+      message,
+      context: this.context,
+      data,
+    };
+
+    // Console output
+    const color = LEVEL_COLORS[level];
+    const ctx = this.context ? `[${this.context}] ` : "";
+    const formatted = `${color}${entry.timestamp} ${level.toUpperCase()} ${ctx}${message}${COLORS.reset}`;
+
+    console.log(formatted);
+
+    // Hooks (dashboard, file, webhook…)
+    for (const hook of this.hooks) {
+      hook(entry);
+    }
+  }
+
+  debug(msg: string, data?: any) {
+    this.emit("debug", msg, data);
+  }
+
+  info(msg: string, data?: any) {
+    this.emit("info", msg, data);
+  }
+
+  warn(msg: string, data?: any) {
+    this.emit("warn", msg, data);
+  }
+
+  error(msg: string, data?: any) {
+    this.emit("error", msg, data);
+  }
+
+  fatal(msg: string, data?: any) {
+    this.emit("fatal", msg, data);
+  }
+
+  // Créer un logger enfant avec un contexte différent
+  withContext(context: string): Logger {
+    return new Logger({
+      level: this.level,
+      enabled: this.enabled,
+      hooks: this.hooks,
+      context,
+    });
+  }
+}

package/src/core/router.ts

@@ -0,0 +1,44 @@
+import { Storage } from "../storage-adapters/storage.interface";
+import { Logger } from "./logger";
+import { AnyNormalizedEvent } from "../types/event.types";
+
+export type RouterHook = (event: AnyNormalizedEvent) => void | Promise<void>;
+
+export interface RouterOptions {
+  logger?: Logger;
+  hooks?: RouterHook[];
+}
+
+export class CoreRouter {
+  private logger: Logger;
+  private hooks: RouterHook[];
+
+  constructor(
+    private storage: Storage,
+    options: RouterOptions = {},
+  ) {
+    this.logger = options.logger ?? new Logger({ context: "CoreRouter" });
+    this.hooks = options.hooks ?? [];
+  }
+
+  async dispatch(event: AnyNormalizedEvent): Promise<void> {
+    // 1. Log
+    this.logger.info(`Event received (${event.type})`, { id: event.id });
+
+    // 2. Save
+    await this.storage.save(event);
+
+    // 3. Hooks
+    for (const hook of this.hooks) {
+      try {
+        await hook(event);
+      } catch (err) {
+        this.logger.error("Hook error", err);
+      }
+    }
+  }
+
+  addHook(hook: RouterHook) {
+    this.hooks.push(hook);
+  }
+}

package/src/core/server.ts

@@ -0,0 +1,85 @@
+import { Logger } from "./logger";
+import { CoreRouter } from "./router";
+import { StorageManager } from "./storage";
+import { Listener } from "../listeners/listener.interface";
+export interface CoreServerOptions {
+  logger?: Logger;
+  storage?: StorageManager;
+  listeners?: Listener[];
+}
+
+export class CoreServer {
+  private logger: Logger;
+  private storage: StorageManager;
+  private router: CoreRouter;
+  private listeners: Listener[];
+
+  constructor(options: CoreServerOptions = {}) {
+    this.logger = options.logger ?? new Logger({ context: "CoreServer" });
+    this.storage =
+      options.storage ?? new StorageManager({ logger: this.logger });
+    this.router = new CoreRouter(this.storage, { logger: this.logger });
+    this.listeners = options.listeners ?? [];
+  }
+
+  getRouter() {
+    return this.router;
+  }
+
+  getStorage() {
+    return this.storage;
+  }
+
+  async start(): Promise<void> {
+    this.logger.info("Starting OAST server...");
+
+    // Démarrage des listeners
+    for (const listener of this.listeners) {
+      try {
+        await listener.start();
+        this.logger.info(`Listener started`, {
+          listener: listener.constructor.name,
+        });
+      } catch (err: any) {
+        this.logger.error("Listener failed to start", {
+          listener: listener.constructor.name,
+          error: err.message,
+        });
+      }
+    }
+
+    this.logger.info("OAST server started");
+  }
+
+  async stop(): Promise<void> {
+    this.logger.info("Stopping OAST server...");
+
+    for (const listener of this.listeners) {
+      try {
+        await listener.stop();
+        this.logger.info(`Listener stopped`, {
+          listener: listener.constructor.name,
+        });
+      } catch (err: any) {
+        this.logger.error("Listener failed to stop", {
+          listener: listener.constructor.name,
+          error: err.message,
+        });
+      }
+    }
+
+    this.logger.info("OAST server stopped");
+  }
+
+  /**
+   * Méthode appelée par CoreRouter après chaque event normalisé.
+   * Permet de diffuser l’event aux listeners SSE (ApiListener).
+   */
+  broadcast(event: any) {
+    for (const listener of this.listeners) {
+      if (typeof (listener as any).broadcastEvent === "function") {
+        (listener as any).broadcastEvent(event);
+      }
+    }
+  }
+}

package/src/core/storage.ts

@@ -0,0 +1,64 @@
+import { Storage } from "../storage-adapters/storage.interface";
+import { AnyNormalizedEvent } from "../types/event.types";
+import { Logger } from "./logger";
+
+export class StorageManager implements Storage {
+  private events: AnyNormalizedEvent[] = [];
+  private logger: Logger;
+
+  constructor(options: { logger?: Logger } = {}) {
+    this.logger = options.logger ?? new Logger({ context: "StorageManager" });
+  }
+
+  async save(event: AnyNormalizedEvent): Promise<void> {
+    this.events.push(event);
+  }
+
+  async getEvent(id: string): Promise<AnyNormalizedEvent | null> {
+    return this.events.find((e) => e.id === id) ?? null;
+  }
+
+  async listEvents(params: {
+    type?: string;
+    page?: number;
+    limit?: number;
+  }): Promise<AnyNormalizedEvent[]> {
+    const { type, page = 1, limit = 50 } = params;
+
+    let filtered = this.events;
+    if (type) filtered = filtered.filter((e) => e.type === type);
+
+    const start = (page - 1) * limit;
+    return filtered.slice(start, start + limit);
+  }
+
+  async getAll(): Promise<AnyNormalizedEvent[]> {
+    return this.events;
+  }
+
+  async deleteEvent(id: string): Promise<boolean> {
+    const before = this.events.length;
+    this.events = this.events.filter((e) => e.id !== id);
+    return this.events.length !== before;
+  }
+
+  async clearEvents(): Promise<void> {
+    this.events = [];
+  }
+
+  async getStats(): Promise<{
+    total: number;
+    byType: Record<string, number>;
+  }> {
+    const byType: Record<string, number> = {};
+
+    for (const e of this.events) {
+      byType[e.type] = (byType[e.type] ?? 0) + 1;
+    }
+
+    return {
+      total: this.events.length,
+      byType,
+    };
+  }
+}

package/src/index.ts

@@ -0,0 +1,89 @@
+import { Logger } from "./core/logger";
+import { StorageManager } from "./core/storage";
+import { CoreRouter } from "./core/router";
+import { CoreServer } from "./core/server";
+
+// Listeners
+import { ApiListener } from "./listeners/api/api.listener";
+import { HttpListener } from "./listeners/http/http.listener";
+import { DnsListener } from "./listeners/dns/dns.listener";
+import { SmtpListener } from "./listeners/smtp/smtp.listener";
+import { TcpListener } from "./listeners/tcp/tcp.listener";
+
+async function main() {
+  const logger = new Logger({ context: "Bootstrap" });
+
+  // Core components
+  const storage = new StorageManager({
+    logger: logger.withContext("Storage"),
+  });
+
+  const router = new CoreRouter(storage, {
+    logger: logger.withContext("CoreRouter"),
+  });
+
+  // ---------------------------
+  // LISTENERS
+  // ---------------------------
+
+  // API → (router, storage, options)
+  const apiListener = new ApiListener(storage, {
+    port: 3100,
+    logger: logger.withContext("ApiListener"),
+  });
+
+  // HTTP → (router, options)
+  const httpListener = new HttpListener(router, {
+    port: 8080,
+    logger: logger.withContext("HttpListener"),
+  });
+
+  // DNS → (router, options)
+  const dnsListener = new DnsListener(router, {
+    server: {} as any,
+    logger: logger.withContext("DnsListener"),
+  });
+
+  const smtpListener = new SmtpListener(router, {
+    server: {} as any,
+    logger: logger.withContext("SmtpListener"),
+  });
+
+  // TCP → (router, storage, options)
+  const tcpListener = new TcpListener(router, storage, {
+    port: 9000,
+    logger: logger.withContext("TcpListener"),
+  });
+
+  // ---------------------------
+  // CORE SERVER
+  // ---------------------------
+  const server = new CoreServer({
+    logger: logger.withContext("CoreServer"),
+    storage,
+    listeners: [
+      apiListener,
+      httpListener,
+      dnsListener,
+      smtpListener,
+      tcpListener,
+    ],
+  });
+
+  await server.start();
+
+  // Graceful shutdown
+  const shutdown = async () => {
+    logger.warn("Received shutdown signal, stopping server...");
+    await server.stop();
+    process.exit(0);
+  };
+
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+}
+
+main().catch((err) => {
+  console.error("Fatal error in bootstrap:", err);
+  process.exit(1);
+});

package/src/listeners/api/__tests__/api.controller.test.ts

@@ -0,0 +1,116 @@
+import { ApiController } from "../api.controllers";
+import { StorageManager } from "../../../core/storage";
+import { ServerResponse, IncomingMessage } from "http";
+import { Socket } from "net";
+import { describe, it, expect, beforeEach, jest } from "@jest/globals";
+
+// Mock ServerResponse
+function mockRes(): ServerResponse {
+  const socket = new Socket();
+  const req = new IncomingMessage(socket);
+  const res = new ServerResponse(req);
+
+  jest.spyOn(res, "writeHead");
+  jest.spyOn(res, "end");
+
+  return res;
+}
+
+describe("ApiController", () => {
+  let storage: StorageManager;
+
+  beforeEach(() => {
+    // On utilise un vrai StorageManager en mémoire
+    storage = new StorageManager();
+  });
+
+  it("listEvents renvoie la liste des events (vide par défaut)", async () => {
+    const res = mockRes();
+    const url = new URL("http://localhost/events?page=2&type=http");
+
+    await ApiController.listEvents(url, res, storage);
+
+    expect(storage.listEvents).toBeDefined();
+
+    expect(res.writeHead).toHaveBeenCalledWith(200, {
+      "Content-Type": "application/json",
+    });
+
+    const body = (res.end as jest.Mock).mock.calls[0][0] as string;
+    const payload = JSON.parse(body);
+    expect(payload.success).toBe(true);
+    expect(payload.events).toEqual([]);
+  });
+
+  it("getEvent renvoie 404 si event absent", async () => {
+    const res = mockRes();
+
+    await ApiController.getEvent("unknown", res, storage);
+
+    expect(res.writeHead).toHaveBeenCalledWith(404, {
+      "Content-Type": "application/json",
+    });
+
+    const body = (res.end as jest.Mock).mock.calls[0][0] as string;
+    const payload = JSON.parse(body);
+    expect(payload.success).toBe(false);
+  });
+
+  it("getEvent renvoie l'event si présent", async () => {
+    // On mocke juste getEvent pour ce test
+    jest.spyOn(storage, "getEvent").mockResolvedValue({ id: "abc" } as any);
+
+    const res = mockRes();
+
+    await ApiController.getEvent("abc", res, storage);
+
+    expect(res.writeHead).toHaveBeenCalledWith(200, {
+      "Content-Type": "application/json",
+    });
+
+    const body = (res.end as jest.Mock).mock.calls[0][0] as string;
+    const payload = JSON.parse(body);
+    expect(payload.success).toBe(true);
+    expect(payload.event.id).toBe("abc");
+  });
+
+  it("deleteAll supprime tous les events", async () => {
+    const res = mockRes();
+
+    await ApiController.deleteAll(res, storage);
+
+    const body = (res.end as jest.Mock).mock.calls[0][0] as string;
+    const payload = JSON.parse(body);
+    expect(payload.success).toBe(true);
+  });
+
+  it("deleteOne supprime un event", async () => {
+    const res = mockRes();
+
+    await storage.save({
+      id: "xyz",
+      type: "http",
+      timestamp: Date.now(),
+      sourceIp: "127.0.0.1",
+      request: { method: "GET", path: "/", headers: {}, query: {}, body: "" },
+    });
+
+    await ApiController.deleteOne("xyz", res, storage);
+
+    const raw = String((res.end as jest.Mock).mock.calls[0][0]);
+    const payload = JSON.parse(raw);
+
+    expect(payload.success).toBe(true);
+  });
+
+  it("stats renvoie les stats", async () => {
+    const res = mockRes();
+
+    await ApiController.stats(res, storage);
+
+    const body = (res.end as jest.Mock).mock.calls[0][0] as string;
+    const payload = JSON.parse(body);
+    expect(payload.success).toBe(true);
+    expect(payload.stats).toEqual({ total: 0, byType: {} });
+  });
+});

package/src/listeners/api/__tests__/api.extractor.test.ts

@@ -0,0 +1,46 @@
+import { ApiExtractor } from "../api.extractor";
+import { IncomingMessage } from "http";
+import { Socket } from "net";
+import { describe, it, expect } from "@jest/globals";
+
+function mockReq(url: string, method = "GET", body?: any): IncomingMessage {
+  const socket = new Socket();
+  const req = new IncomingMessage(socket);
+
+  req.url = url;
+  req.method = method;
+  req.headers = { host: "localhost" };
+
+  if (body !== undefined) {
+    const json = JSON.stringify(body);
+    process.nextTick(() => {
+      req.emit("data", json);
+      req.emit("end");
+    });
+  } else {
+    process.nextTick(() => req.emit("end"));
+  }
+
+  return req;
+}
+
+describe("ApiExtractor", () => {
+  it("extrait un RawEvent GET", async () => {
+    const req = mockReq("/events?page=2&type=http");
+
+    const event = await ApiExtractor.extract(req);
+
+    expect(event.method).toBe("GET");
+    expect(event.path).toBe("/events");
+    expect(event.query).toEqual({ page: "2", type: "http" });
+  });
+
+  it("extrait un RawEvent POST avec body JSON", async () => {
+    const req = mockReq("/events", "POST", { hello: "world" });
+
+    const event = await ApiExtractor.extract(req);
+
+    expect(event.method).toBe("POST");
+    expect(event.body).toEqual({ hello: "world" });
+  });
+});