@johntalton/http-core 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 John
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,2 @@
+# http-core
+HTTP2 Server without routing used to build on

package/package.json

@@ -0,0 +1,21 @@
+{
+  "name": "@johntalton/http-core",
+  "type": "module",
+  "version": "1.0.0",
+  "license": "MIT",
+  "exports": {
+    ".": "./src/index.js"
+  },
+  "files": [
+    "src/*.js"
+  ],
+  "repository": {
+    "url": "https://github.com/johntalton/http-core"
+  },
+  "scripts": {
+  },
+  "dependencies": {
+    "@johntalton/http-util": "^5.0.0",
+    "@johntalton/sse-util": "^1.0.0"
+  }
+}

package/src/epilogue.js

@@ -0,0 +1,125 @@
+import { Response } from '@johntalton/http-util/response/object'
+import { MIME_TYPE_JSON } from '@johntalton/http-util/headers'
+import { ServerSentEvents } from '@johntalton/sse-util'
+
+/** @import { ServerHttp2Stream } from 'node:http2' */
+/** @import { RouteAction, StreamID } from './index.js' */
+
+/**
+ * @param {ServerHttp2Stream} stream
+ * @param {MessagePort} port
+ * @param {StreamID} streamId
+ * @param {AbortSignal} shutdownSignal
+ */
+function addSSEPortHandler(stream, port, streamId, shutdownSignal) {
+	const signalHandler = () => {
+		console.log('shutdown of SSE requested (shutdown signal)', streamId, shutdownSignal.reason)
+		port.close()
+		stream.end()
+	}
+
+	stream.once('close', (() => {
+		console.log('stream close in sse handler', streamId)
+		shutdownSignal.removeEventListener('abort', signalHandler)
+		port.close()
+	}))
+
+	shutdownSignal.addEventListener('abort', signalHandler)
+
+	// ServerSentEvents.messageToEventStreamLines({
+	// 		comment: 'Welcome',
+	// 		retryMs: 1000 * 60,
+	// 	}).forEach(line => stream.write(line))
+
+	port.onmessage = message => {
+		const { data } = message
+		console.log('sending sse data', streamId, data)
+		// ServerSentEvents.messageToEventStreamLines(data)
+		ServerSentEvents.lineGen(data)
+			.forEach(line => stream.write(line))
+	}
+}
+
+/**
+ * @param {RouteAction} state
+ */
+export function epilogue(state) {
+	const { type, stream, meta, streamId } = state
+
+	meta.customHeaders.push([ 'X-Request-Id', streamId ])
+
+	switch(type) {
+		//
+		case 'trace': { Response.trace(stream, state.method, state.url, state.headers, meta) } break
+		//
+		case 'preflight': { Response.preflight(stream, state.methods, state.supportedQueryTypes, undefined, meta) } break
+		// case 'no-content': { Response.noContent(stream, state.etag, meta)} break
+		// case 'accepted': { Response.accepted(stream, meta) } break
+		case 'created': { Response.created(stream, new URL(state.location, meta.origin), state.etag, meta) } break
+		case 'not-modified': { Response.notModified(stream, state.etag, state.age, { priv: true, maxAge: 60 }, meta) } break
+
+		//
+		// case 'multiple-choices': { Response.multipleChoices(stream, meta) } break
+		// case 'gone': { Response.gone(stream, meta) } break
+		// case 'moved-permanently': { Response.movedPermanently(stream, state.location, meta) } break
+		// case 'see-other': { Response.seeOther(stream, state.location, meta) } break
+		// case 'temporary-redirect': { Response.temporaryRedirect(stream, state.location, meta) } break
+
+		//
+		case '404': { Response.notFound(stream, state.message, meta) } break
+		case 'conflict': { Response.conflict(stream, meta) } break
+		case 'not-allowed': { Response.notAllowed(stream, state.methods, meta) } break
+		case 'not-acceptable': { Response.notAcceptable(stream, state.acceptableMediaTypes ?? [], meta)} break
+		case 'unsupported-media': { Response.unsupportedMediaType(stream, state.acceptableMediaTypes, state.supportedQueryTypes, meta) } break
+		case 'unprocessable': { Response.unprocessable(stream, meta) } break
+		case 'precondition-failed': { Response.preconditionFailed(stream, meta) } break
+		case 'not-satisfiable': { Response.rangeNotSatisfiable(stream, { size: state.contentLength }, meta) } break
+		// case 'content-too-large': { Response.contentTooLarge(stream, meta) } break
+		// case 'insufficient-storage': { Response.insufficientStorage(stream, meta) } break
+		// case 'too-many-requests': { Response.tooManyRequests(stream, state.limit, state.policies, meta) } break
+		// case 'unauthorized': { Response.unauthorized(stream, meta) } break
+		case 'unavailable': { Response.unavailable(stream, state.message, state.retryAfter, meta)} break
+		case 'not-implemented': { Response.notImplemented(stream, state.message, meta)} break
+		// case 'timeout': { Response.timeout(stream, meta) } break
+
+		//
+		case 'sse': {
+			const { active, bom, port } = state
+
+			Response.sse(stream, { ...meta, active, bom })
+			if(active) { addSSEPortHandler(stream, port, state.streamId, state.shutdownSignal) }
+		}
+		break
+		case 'json': {
+			const { obj, accept, etag } = state
+
+			if(accept.type === MIME_TYPE_JSON) {
+				Response.json(stream, obj, accept.encoding, etag, state.age, { priv: true, maxAge: 60 }, state.supportedQueryTypes, meta)
+			}
+			else {
+				// todo: but we did process the request - is that ok?
+				Response.notAcceptable(stream, [ MIME_TYPE_JSON ], meta)
+			}
+		}
+		break
+		case 'partial-bytes': { Response.partialContent(stream, state.contentType, state.objs, state.contentLength, undefined, state.etag, state.age, { maxAge: state.maxAge }, meta) } break
+		case 'bytes': { Response.bytes(stream, state.contentType, state.obj, state.contentLength, 'identity', state.etag, state.age, { maxAge: state.maxAge }, state.acceptRanges, meta) } break
+
+		//
+		case 'error': {
+			const { cause, error } = state
+			console.log('send error', state.streamId, cause)
+			if(error !== undefined) { console.log(error) }
+			Response.error(stream, cause, meta)
+		} break
+
+		//
+		// case 'void': {} break
+		// case 'request' : { throw new Error('unhandled request') } break
+		default: {
+			/** @type {never} */
+			const neverType = type
+			Response.error(stream, `unknown type ${neverType}`, meta)
+		} break
+	}
+}

package/src/index.js

@@ -0,0 +1,507 @@
+import http2 from 'node:http2'
+import fs from 'node:fs'
+import crypto from 'node:crypto'
+
+import { HTTP_METHOD_QUERY } from '@johntalton/http-util/response'
+
+import { preamble } from './preamble.js'
+import { epilogue } from './epilogue.js'
+
+const {
+	HTTP2_METHOD_GET,
+	HTTP2_METHOD_HEAD,
+	HTTP2_METHOD_POST,
+	HTTP2_METHOD_PUT,
+	HTTP2_METHOD_PATCH,
+	HTTP2_METHOD_OPTIONS,
+	HTTP2_METHOD_DELETE,
+	HTTP2_METHOD_TRACE
+} = http2.constants
+
+export const KNOWN_METHODS = [
+	HTTP2_METHOD_GET,
+	HTTP2_METHOD_HEAD,
+	HTTP2_METHOD_POST,
+	HTTP2_METHOD_PUT,
+	HTTP2_METHOD_PATCH,
+	HTTP2_METHOD_OPTIONS,
+	HTTP2_METHOD_DELETE,
+	HTTP2_METHOD_TRACE,
+	HTTP_METHOD_QUERY
+]
+
+/** @import { Http2Stream, ServerHttp2Stream, IncomingHttpHeaders } from 'node:http2' */
+/** @import { SecureServerOptions } from 'node:http2' */
+
+/** @import { Metadata } from '@johntalton/http-util/response' */
+/** @import { BodyFuture } from '@johntalton/http-util/body' */
+/** @import { EtagItem, IMFFixDate, ContentRangeDirective } from '@johntalton/http-util/headers' */
+/** @import { SendBody } from '@johntalton/http-util/response' */
+
+/** @typedef {(state: RouteRequest|RouteAction) => Promise<RouteAction>} Router */
+
+/** @typedef {'request'} RouteTypeRequest */
+/** @typedef {'partial-bytes'|'bytes'|'json'|'404'|'sse'|'error'|'preflight'|'not-allowed'|'trace'|'created'|'unsupported-media'|'not-modified'|'precondition-failed'|'unprocessable'|'not-acceptable'|'conflict'|'not-implemented'|'unavailable'|'not-satisfiable'} RouteType */
+/** @typedef {'GET'|'HEAD'|'POST'|'PUT'|'OPTIONS'|'DELETE'|'TRACE'} RouteMethod */
+
+/** @typedef {string & { readonly _brand: 'sid' }} StreamID */
+
+/**
+ * @typedef {Object} Config
+ * @property {boolean|undefined} [maintenance_mode]
+ */
+
+/**
+ * @typedef {Object} RouteBase
+ * @property {RouteTypeRequest|RouteType} type
+ * @property {Config} config
+ * @property {StreamID} streamId
+ * @property {ServerHttp2Stream} stream
+ * @property {Metadata} meta
+ * @property {AbortSignal} shutdownSignal
+ */
+
+/**
+ * @typedef {Object} RouteRequestBase
+ * @property {'request'} type
+ * @property {RouteMethod} method
+ * @property {URL} url
+ * @property {IncomingHttpHeaders} headers
+ * @property {BodyFuture} body
+ * @property {RouteRequestAccept} accept
+ * @property {RouteRemoteClient} client
+ * @property {RouteConditions} conditions
+ * @property {string} SNI
+ */
+/** @typedef {RouteBase & RouteRequestBase} RouteRequest */
+
+/**
+ * @typedef {Object} RouteErrorBase
+ * @property {'error'} type
+ * @property {string} cause
+ * @property {Error|undefined} [error]
+ */
+/** @typedef {RouteBase & RouteErrorBase } RouteError */
+
+/**
+ * @typedef {Object} RouteNotAllowedBase
+ * @property {'not-allowed'} type
+ * @property {RouteMethod} method
+ * @property {URL} url
+ * @property {Array<RouteMethod>} methods
+ */
+/** @typedef {RouteBase & RouteNotAllowedBase} RouteNotAllowed */
+
+/**
+ * @typedef {Object} RouteTraceBase
+ * @property {'trace'} type
+ * @property {RouteMethod} method
+ * @property {URL} url
+ * @property {IncomingHttpHeaders} headers
+ * @property {number} maxForwards
+ * @property {RouteRequestAccept} accept
+ */
+/** @typedef {RouteBase & RouteTraceBase} RouteTrace */
+
+/**
+ * @typedef {Object} RouteRequestAccept
+ * @property {string|undefined} type
+ * @property {string|undefined} encoding
+ * @property {string|undefined} language
+ */
+
+/**
+ * @typedef {Object} RouteRemoteClient
+ * @property {string|undefined} family
+ * @property {string|undefined} ip
+ * @property {number|undefined} port
+ */
+
+/**
+ * @typedef {Object} RouteConditions
+ * @property {Array<EtagItem>} match
+ * @property {Array<EtagItem>} noneMatch
+ * @property {IMFFixDate|undefined} modifiedSince
+ * @property {IMFFixDate|undefined} unmodifiedSince
+ * @property {IMFFixDate|EtagItem|undefined} [range]
+ */
+
+/**
+ * @typedef {Object} RoutePreflightBase
+ * @property {'preflight'} type
+ * @property {RouteMethod} method
+ * @property {URL} url
+ * @property {Array<RouteMethod>} methods
+ * @property {Array<string>|undefined} [supportedQueryTypes]
+ */
+/** @typedef {RouteBase & RoutePreflightBase} RoutePreflight */
+
+/**
+ * @typedef {Object} RouteJSONBase
+ * @property {'json'} type
+ * @property {RouteRequestAccept} accept
+ * @property {Record<any, any>} obj
+ * @property {IMFFixDate|string|undefined} [lastModified]
+ * @property {EtagItem|undefined} [etag]
+ * @property {number|undefined} [age]
+ * @property {Array<string>|undefined} [supportedQueryTypes]
+ */
+/** @typedef {RouteBase & RouteJSONBase} RouteJSON */
+
+/**
+ * @typedef {Object} Route404Base
+ * @property {'404'} type
+ * @property {string} method
+ * @property {URL} url
+ * @property {string} message
+ */
+/** @typedef {RouteBase & Route404Base} Route404 */
+
+/**
+ * @typedef {Object} RouteCreatedBase
+ * @property {'created'} type
+ * @property {URL|string} location
+ * @property {EtagItem|undefined} [etag]
+ */
+/** @typedef {RouteBase & RouteCreatedBase} RouteCreated */
+
+/**
+ * @typedef {Object} RouteUnsupportedMediaTypeBase
+ * @property {'unsupported-media'} type
+ * @property {Array<string>|string} acceptableMediaTypes
+ * @property {Array<string>|undefined} [supportedQueryTypes]
+ */
+/** @typedef {RouteBase & RouteUnsupportedMediaTypeBase} RouteUnsupportedMediaType */
+
+/**
+ * @typedef {Object} RouteNotModifiedBase
+ * @property {'not-modified'} type
+ * @property {number} age
+ * @property {EtagItem|undefined} [etag]
+ * @property {number|undefined} [age]
+ */
+/** @typedef {RouteBase & RouteNotModifiedBase} RouteNotModified */
+
+/**
+ * @typedef {Object} RoutePreconditionFailedBase
+ * @property {'precondition-failed'} type
+ * @property {EtagItem|undefined} [etag]
+ */
+/** @typedef {RouteBase & RoutePreconditionFailedBase} RoutePreconditionFailed */
+
+/**
+ * @typedef {Object} RouteNotAcceptableBase
+ * @property {'not-acceptable'} type
+ * @property {Array<string>|undefined} [acceptableMediaTypes]
+ * @property {Array<string>|undefined} [acceptableEncodings]
+ * @property {Array<string>|undefined} [acceptableLanguages]
+ */
+/** @typedef {RouteBase & RouteNotAcceptableBase} RouteNotAcceptable */
+
+/**
+ * @typedef {Object} RouteUnprocessableBase
+ * @property {'unprocessable'} type
+ * @property {string} message
+ */
+/** @typedef {RouteBase & RouteUnprocessableBase} RouteUnprocessable */
+
+/**
+ * @typedef {Object} RouteConflictBase
+ * @property {'conflict'} type
+ * @property {string|undefined} [message]
+ */
+/** @typedef {RouteBase & RouteConflictBase} RouteConflict */
+
+/**
+ * @typedef {Object} RouteNotImplementedBase
+ * @property {'not-implemented'} type
+ * @property {string|undefined} [message]
+ */
+/** @typedef {RouteBase & RouteNotImplementedBase} RouteNotImplemented */
+
+/**
+ * @typedef {Object} RouteUnavailableBase
+ * @property {'unavailable'} type
+ * @property {string|undefined} [message]
+ * @property {number|undefined} [retryAfter]
+ */
+/** @typedef {RouteBase & RouteUnavailableBase} RouteUnavailable */
+
+/**
+ * @typedef {Object} RouteBytesBase
+ * @property {'bytes'} type
+ * @property {string} contentType
+ * @property {number|undefined} [contentLength]
+ * @property {SendBody|undefined} obj
+ * @property {IMFFixDate|string|undefined} [lastModified]
+ * @property {EtagItem|undefined} [etag]
+ * @property {number|undefined} [age]
+ * @property {number|undefined} [maxAge]
+ * @property {'bytes'|'none'|undefined} [acceptRanges]
+ */
+/** @typedef {RouteBase & RouteBytesBase} RouteBytes */
+
+/**
+ * @typedef {Object} PartialBytes
+ * @property {SendBody} obj
+ * @property {ContentRangeDirective} range
+ */
+
+/**
+ * @template T
+ * @typedef {[ T, ...T[] ]} NonEmptyArray
+ */
+
+/**
+ * @typedef {Object} RoutePartialBytesBase
+ * @property {'partial-bytes'} type
+ * @property {NonEmptyArray<PartialBytes>} objs
+ * @property {string} contentType
+ * @property {number|undefined} [contentLength]
+ * @property {EtagItem|undefined} [etag]
+ * @property {number|undefined} [age]
+ * @property {number|undefined} [maxAge]
+ */
+/** @typedef {RouteBase & RoutePartialBytesBase} RoutePartialBytes */
+
+/**
+ * @typedef {Object} RouteNotSatisfiableBase
+ * @property {'not-satisfiable'} type
+ * @property {number} contentLength
+ */
+/** @typedef {RouteBase & RouteNotSatisfiableBase} RouteNotSatisfiable */
+
+
+/**
+ * @typedef {Object} RouteSSEBase
+ * @property {'sse'} type
+ * @property {boolean} active
+ * @property {boolean} bom
+ * @property {MessagePort} port
+ * @property {RouteRequestAccept} accept
+ */
+/** @typedef {RouteBase & RouteSSEBase} RouteSSE */
+
+/** @typedef {
+	RouteError |
+	RouteNotAllowed |
+	RoutePreflight |
+	RouteBytes |
+	RouteJSON |
+	Route404 |
+	RouteSSE |
+	RouteTrace |
+	RouteCreated |
+	RouteUnsupportedMediaType |
+	RouteNotModified |
+	RoutePreconditionFailed |
+	RouteUnprocessable |
+	RouteNotAcceptable |
+	RouteConflict |
+	RouteNotImplemented |
+	RouteUnavailable |
+	RoutePartialBytes |
+	RouteNotSatisfiable
+} RouteAction */
+
+/** @typedef {Record<string, string|undefined>} RouteMatches */
+/** @typedef {(matches: RouteMatches, state: RouteRequest) => Promise<RouteAction>} RouteFunction */
+
+/**
+ * @param {Http2Stream} stream
+ * @returns {stream is ServerHttp2Stream}
+ */
+function isServerStream(stream) {
+	if(stream === null) { return false }
+	return true
+}
+
+/**
+ * @param {string|undefined|Array<string>} header
+ * @returns {header is string}
+ */
+export function isValidHeader(header) {
+	return header !== undefined && isValidLikeHeader(header)
+}
+
+/**
+ * @param {string|undefined|Array<string>} header
+ * @returns {header is string|undefined}
+ */
+export function isValidLikeHeader(header) {
+	return !Array.isArray(header)
+}
+
+/**
+ * @param {string|undefined|Array<string>} method
+ * @returns {method is RouteMethod}
+ */
+export function isValidMethod(method) {
+	if(!isValidHeader(method)) { return false }
+
+	return KNOWN_METHODS.includes(method)
+}
+
+/**
+ * @param {number} rstCode
+ */
+export function closeCodeToString(rstCode) {
+	if(rstCode === http2.constants.NGHTTP2_NO_ERROR) { return '(No Error)' }
+	else if(rstCode === http2.constants.NGHTTP2_PROTOCOL_ERROR) { return '(Protocol Error)' }
+	else if(rstCode === http2.constants.NGHTTP2_INTERNAL_ERROR) { return '(Internal Error)' }
+	else if(rstCode === http2.constants.NGHTTP2_FLOW_CONTROL_ERROR) { return '(Flow Control Error)' }
+	else if(rstCode === http2.constants.NGHTTP2_SETTINGS_TIMEOUT) { return '(Settings Timeout)' }
+	else if(rstCode === http2.constants.NGHTTP2_STREAM_CLOSED) { return '(Closed)' }
+	else if(rstCode === http2.constants.NGHTTP2_FRAME_SIZE_ERROR) { return '(Frame Size Error)' }
+	else if(rstCode === http2.constants.NGHTTP2_REFUSED_STREAM) { return '(Refused)' }
+	else if(rstCode === http2.constants.NGHTTP2_CANCEL) { return '(Cancel)' }
+	else if(rstCode === http2.constants.NGHTTP2_COMPRESSION_ERROR) { return '(Compression Error)' }
+	else if(rstCode === http2.constants.NGHTTP2_CONNECT_ERROR) { return '(Connect Error)' }
+	else if(rstCode === http2.constants.NGHTTP2_ENHANCE_YOUR_CALM) { return '(Chill)' }
+	else if(rstCode === http2.constants.NGHTTP2_INADEQUATE_SECURITY) { return '(Inadequate Security)' }
+	else if(rstCode === http2.constants.NGHTTP2_HTTP_1_1_REQUIRED) { return '(HTTP 1.1 Requested)' }
+
+	return `(${rstCode})`
+}
+
+export const REQUEST_ID_SIZE = 5
+
+/**
+ * @returns {StreamID}
+ */
+export function requestId() {
+	const buffer = new Uint8Array(REQUEST_ID_SIZE)
+	crypto.getRandomValues(buffer)
+	// @ts-ignore
+	return buffer.toHex()
+}
+
+const {
+	SSL_OP_NO_TLSv1,
+	SSL_OP_NO_TLSv1_1,
+	SSL_OP_NO_TLSv1_2,
+} = crypto.constants
+
+/**
+ * @typedef {Object} H2CoreOptions
+ * @property {Config} config
+ * @property {boolean} ipv6Only
+ * @property {string} host
+ * @property {number} port
+ * @property {Array<string>} credentials
+ * @property {string|undefined} serverName
+ */
+
+export class H2CoreServer {
+	#server
+	#controller
+
+	/** @type {H2CoreOptions} */
+	#h2Options
+
+	/**
+	 * @param {Router} router
+	 * @param {Partial<H2CoreOptions>|undefined} [h2Options]
+	 */
+	constructor(router, h2Options) {
+		this.#h2Options = {
+			config: h2Options?.config ?? {},
+			ipv6Only: h2Options?.ipv6Only ?? true,
+			host: h2Options?.host ?? '',
+			port: h2Options?.port ?? 0,
+			credentials: h2Options?.credentials ?? [],
+			serverName: h2Options?.serverName
+		}
+
+		/** @type {SecureServerOptions} */
+		const options = {
+			allowHTTP1: false,
+			secureOptions: SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
+			minVersion: 'TLSv1.3',
+			settings: {
+				enablePush: false
+			},
+			ALPNProtocols: [ 'h2' ]
+		}
+
+		const server = http2.createSecureServer(options)
+		this.#server = server
+
+		this.#controller = new AbortController()
+
+		for(const credentialHost of this.#h2Options.credentials) {
+			server.addContext(credentialHost, {
+				key: fs.readFileSync(`./certificates/${credentialHost}-privkey.pem`, 'utf-8'),
+				cert: fs.readFileSync(`./certificates/${credentialHost}-cert.pem`, 'utf-8')
+			})
+		}
+
+		// server.setTimeout(5 * 1000)
+
+		// server.on('request', (req, res) => res.end('hello'))
+		server.on('drop', data => console.log('Drop', data))
+		server.on('connection', socket => console.log('new connection', socket.remoteAddress))
+		// server.on('secureConnection', socket => console.log('new secure connection'))
+		// server.on('keylog', (data) => console.log('key log', data))
+		server.on('unknownProtocol', socket => { console.log('Unknown Protocol', socket.getProtocol()) ; socket.end() })
+		server.on('tlsClientError', (error, _socket) => {
+			if('code' in error) {
+				if(error.code === 'ERR_SSL_SSL/TLS_ALERT_CERTIFICATE_UNKNOWN') { return }
+				if(error.code === 'ERR_SSL_NO_SUITABLE_SIGNATURE_ALGORITHM') { return }
+				// ERR_SSL_SSL/TLS_ALERT_BAD_CERTIFICATE
+			}
+			console.log('TLS Error', error)
+		})
+		server.on('error', error => console.log('Server Error', error))
+		server.on('sessionError', error => { console.log('session error', error) })
+		server.on('listening', () => console.log('Server Up', this.#h2Options.serverName, server.address()))
+		server.on('close', () => console.log('End of Line'))
+		server.on('session', session => {
+			console.log('new session')
+			session.on('close', () => console.log('session close'))
+			session.on('error', () => console.log('session error'))
+			session.on('frameError', () => console.log('session frameError'))
+			session.on('goaway', () => console.log('session goAway'))
+		})
+		server.on('stream', (stream, headers) => {
+			const streamId = requestId()
+
+			console.log('new stream', streamId, stream.id)
+			stream.on('aborted', () => console.log('stream aborted', streamId))
+			stream.on('close', () => {
+				// if(stream.rstCode !== http2.constants.NGHTTP2_NO_ERROR) {
+					console.log('stream close', streamId, closeCodeToString(stream.rstCode))
+				// }
+			})
+			stream.on('error', error => console.log('stream error', streamId, error.message))
+			stream.on('frameError', (type, code, id) => console.log('stream frameError', streamId, type, code, id))
+
+			// tickle the type
+			if(!isServerStream(stream)) { return }
+
+			// const start = performance.now()
+			const state = preamble(this.#h2Options.config, streamId, stream, headers, this.#h2Options.serverName, this.#controller.signal)
+			router(state)
+				.then(epilogue)
+				.catch(e => epilogue({ ...state, type: 'error', cause: e.message, error: e }))
+				.catch(e => console.error('Top Level Error:', streamId, e))
+				// .finally(() => console.log('perf', streamId, performance.now() - start))
+		})
+	}
+
+	listen() {
+		this.#server.listen({
+			ipv6Only: this.#h2Options.ipv6Only,
+			port: this.#h2Options.port,
+			host: this.#h2Options.host,
+			signal: this.#controller.signal
+		})
+	}
+
+	get closed() { return this.#controller.signal.aborted }
+
+	close() {
+		this.#controller.abort('close')
+		this.#server.close()
+	}
+}

package/src/preamble.js

@@ -0,0 +1,295 @@
+import http2 from 'node:http2'
+import { TLSSocket } from 'node:tls'
+
+import { requestBody } from '@johntalton/http-util/body'
+import {
+	MIME_TYPE_JSON,
+	MIME_TYPE_TEXT,
+	MIME_TYPE_XML,
+	MIME_TYPE_EVENT_STREAM,
+	MIME_TYPE_MESSAGE_HTTP,
+	parseContentType,
+
+	Accept,
+	AcceptEncoding,
+	AcceptLanguage,
+
+	Forwarded,
+	FORWARDED_KEY_FOR,
+	KNOWN_FORWARDED_KEYS,
+	Conditional,
+	ETag
+} from '@johntalton/http-util/headers'
+import { ENCODER_MAP, HTTP_HEADER_FORWARDED, HTTP_HEADER_ORIGIN } from '@johntalton/http-util/response'
+import { isValidHeader, isValidLikeHeader, isValidMethod } from './index.js'
+
+/** @import { ServerHttp2Stream, IncomingHttpHeaders } from 'node:http2' */
+/** @import { Config, RouteRequest, RouteAction, StreamID, RouteConditions } from './index.js' */
+
+const { HTTP2_METHOD_OPTIONS, HTTP2_METHOD_TRACE } = http2.constants
+
+const {
+	HTTP2_HEADER_METHOD,
+	HTTP2_HEADER_AUTHORITY,
+	HTTP2_HEADER_SCHEME,
+	HTTP2_HEADER_PATH,
+	HTTP2_HEADER_AUTHORIZATION,
+	HTTP2_HEADER_CONTENT_TYPE,
+	HTTP2_HEADER_CONTENT_LENGTH,
+	HTTP2_HEADER_ACCEPT,
+	HTTP2_HEADER_ACCEPT_ENCODING,
+	HTTP2_HEADER_ACCEPT_LANGUAGE,
+	// HTTP2_HEADER_REFERER,
+	// HTTP2_HEADER_HOST,
+	// HTTP2_HEADER_VIA,
+	// HTTP2_HEADER_CACHE_CONTROL,
+	HTTP2_HEADER_IF_MATCH,
+	HTTP2_HEADER_IF_MODIFIED_SINCE,
+	HTTP2_HEADER_IF_NONE_MATCH,
+	HTTP2_HEADER_IF_RANGE,
+	HTTP2_HEADER_IF_UNMODIFIED_SINCE,
+	// HTTP2_HEADER_LAST_MODIFIED,
+	HTTP2_HEADER_MAX_FORWARDS,
+	// HTTP2_HEADER_FROM
+} = http2.constants
+
+const DEFAULT_SUPPORTED_LANGUAGES = [ 'en-US', 'en' ]
+const DEFAULT_SUPPORTED_MIME_TYPES = [
+	MIME_TYPE_JSON,
+	MIME_TYPE_XML,
+	MIME_TYPE_TEXT,
+	MIME_TYPE_EVENT_STREAM,
+	MIME_TYPE_MESSAGE_HTTP
+]
+const DEFAULT_SUPPORTED_ENCODINGS = [ ...ENCODER_MAP.keys() ]
+
+const FORWARDED_KEY_SECRET = 'secret'
+const FORWARDED_ACCEPTABLE_KEYS = [ ...KNOWN_FORWARDED_KEYS, FORWARDED_KEY_SECRET ]
+const FORWARDED_REQUIRED = process.env['FORWARDED_REQUIRED'] === 'true'
+const FORWARDED_DROP_RIGHTMOST = (process.env['FORWARDED_SKIP_LIST'] ?? '').split(',').map(s => s.trim()).filter(s => s.length > 0)
+const FORWARDED_SECRET = process.env['FORWARDED_SECRET']
+
+const ALLOWED_ORIGINS = (process.env['ALLOWED_ORIGINS'] ?? '').split(',').map(s => s.trim()).filter(s => s.length > 0)
+
+const ALLOW_TRACE = process.env['ALLOW_TRACE'] === 'true'
+
+const BODY_TIMEOUT_SEC = 2 * 1000
+const BODY_BYTE_LENGTH = 1000 * 1000
+
+// const ipRateLimitStore = new Map()
+// const ipRateLimitPolicy = {
+// 	name: 'ip',
+// 	quota: 25,
+// 	windowSeconds: 15,
+// 	size: 50,
+// 	quotaUnits: 1
+// }
+
+/**
+ * @param {Config} config
+ * @param {StreamID} streamId
+ * @param {ServerHttp2Stream} stream
+ * @param {IncomingHttpHeaders} headers
+ * @param {string|undefined} servername
+ * @param {AbortSignal} shutdownSignal
+ * @returns {RouteRequest|RouteAction}
+ */
+export function preamble(config, streamId, stream, headers, servername, shutdownSignal) {
+	const preambleStart = performance.now()
+
+	//
+	const method = headers[HTTP2_HEADER_METHOD]
+	const fullPathAndQuery = headers[HTTP2_HEADER_PATH]
+	const authority = headers[HTTP2_HEADER_AUTHORITY]
+	const scheme = headers[HTTP2_HEADER_SCHEME]
+	//
+	const authorization = headers[HTTP2_HEADER_AUTHORIZATION]
+	//
+	const fullForwarded = headers[HTTP_HEADER_FORWARDED]
+	//
+	const maxForwards = headers[HTTP2_HEADER_MAX_FORWARDS]
+	//
+	const fullContentType = headers[HTTP2_HEADER_CONTENT_TYPE]
+	const fullContentLength = headers[HTTP2_HEADER_CONTENT_LENGTH]
+	const fullAccept = headers[HTTP2_HEADER_ACCEPT]
+	const fullAcceptEncoding = headers[HTTP2_HEADER_ACCEPT_ENCODING]
+	const fullAcceptLanguage = headers[HTTP2_HEADER_ACCEPT_LANGUAGE]
+	//
+	const origin = headers[HTTP_HEADER_ORIGIN]
+	// const host = header[HTTP2_HEADER_HOST]
+	// const referer = header[HTTP2_HEADER_REFERER]
+	// const UA = header[HTTP_HEADER_USER_AGENT]
+
+	//
+	// const from = headers[HTTP2_HEADER_FROM]
+
+	// Conditions
+	const conditionIfMatch = headers[HTTP2_HEADER_IF_MATCH]
+	const conditionIfNoneMatch = headers[HTTP2_HEADER_IF_NONE_MATCH]
+	const conditionIfModifiedSince = headers[HTTP2_HEADER_IF_MODIFIED_SINCE]
+	const conditionIfUnmodifiedSince = headers[HTTP2_HEADER_IF_UNMODIFIED_SINCE]
+	const conditionIfRange = headers[HTTP2_HEADER_IF_RANGE]
+
+	// // SEC Client Hints
+	// const secUA = header[HTTP_HEADER_SEC_CH_UA]
+	// const secPlatform = header[HTTP_HEADER_SEC_CH_PLATFORM]
+	// const secMobile = header[HTTP_HEADER_SEC_CH_MOBILE]
+	// const secFetchSite = header[HTTP_HEADER_SEC_FETCH_SITE]
+	// const secFetchMode = header[HTTP_HEADER_SEC_FETCH_MODE]
+	// const secFetchDest = header[HTTP_HEADER_SEC_FETCH_DEST]
+
+	//
+	const allowedOrigin = (origin !== undefined) ?
+		((ALLOWED_ORIGINS.includes(origin) || ALLOWED_ORIGINS.includes('*')) ?
+		(URL.canParse(origin) ?
+		origin : undefined) : undefined) : undefined
+
+	/** @type {RouteRequest|RouteAction} */
+	const state = {
+		type: 'error',
+		cause: 'initialize',
+		config,
+		streamId,
+		stream,
+		meta: {
+			servername,
+			performance: [],
+			origin: allowedOrigin,
+			customHeaders: []
+		},
+		shutdownSignal
+	}
+
+	if(shutdownSignal.aborted) {
+		return { ...state, type: 'unavailable', retryAfter: 60 }
+	}
+
+	if(stream.session === undefined) { return { ...state, type: 'error', cause: 'undefined session' } }
+	if(!(stream.session.socket instanceof TLSSocket)) { return { ...state, type: 'error', cause: 'not a TLSSocket' }}
+
+	const family = stream.session.socket.remoteFamily
+	const ip = stream.session.socket.remoteAddress
+	const port = stream.session.socket.remotePort
+
+	const SNI = stream.session.socket.servername // TLS SNI
+	if(SNI === null || SNI === false) { return { ...state, type: 'error', cause: 'invalid or unknown SNI' }}
+
+	//
+	if(!isValidHeader(fullPathAndQuery)) { return { ...state, type: 'error', cause: 'improper path' }}
+	if(!isValidMethod(method)) { return { ...state, type: 'not-implemented', message: 'unknown or invalid method' }}
+
+	if(!isValidLikeHeader(fullContentType)) { return { ...state, type: 'error', cause: 'improper header (content type)' }}
+	if(!isValidLikeHeader(fullContentLength)) { return { ...state, type: 'error', cause: 'improper header (content length)' }}
+	if(!isValidLikeHeader(fullAccept)) { return { ...state, type: 'error', cause: 'improper header (accept)' }}
+	if(!isValidLikeHeader(fullAcceptEncoding)) { return { ...state, type: 'error', cause: 'improper header (accept encoding)' }}
+	if(!isValidLikeHeader(fullAcceptLanguage)) { return { ...state, type: 'error', cause: 'improper header (accept language)' }}
+	if(!isValidLikeHeader(authorization)) { return { ...state, type: 'error', cause: 'improper header (authorization)' }}
+	if(!isValidLikeHeader(maxForwards)) { return { ...state, type: 'error', cause: 'improper header (max forwards)' } }
+	if(!isValidLikeHeader(conditionIfMatch)) { return { ...state, type: 'error', cause: 'improper header (if match)' } }
+	if(!isValidLikeHeader(conditionIfNoneMatch)) { return { ...state, type: 'error', cause: 'improper header (if none match)' } }
+	if(!isValidLikeHeader(conditionIfModifiedSince)) { return { ...state, type: 'error', cause: 'improper header (if modified since)' } }
+	if(!isValidLikeHeader(conditionIfUnmodifiedSince)) { return { ...state, type: 'error', cause: 'improper header (if unmodified since)' } }
+	if(!isValidLikeHeader(conditionIfRange)) { return { ...state, type: 'error', cause: 'improper header (if range)' } }
+
+	//
+	const requestUrl = new URL(fullPathAndQuery, `${scheme}://${authority}`)
+
+	//
+	/** @type {RouteConditions} */
+	const conditions = {
+		match: Conditional.parseEtagList(conditionIfMatch),
+		noneMatch: Conditional.parseEtagList(conditionIfNoneMatch),
+		modifiedSince: Conditional.parseFixDate(conditionIfModifiedSince),
+		unmodifiedSince: Conditional.parseFixDate(conditionIfUnmodifiedSince),
+		range: Conditional.parseFixDate(conditionIfRange) ?? ETag.parse(conditionIfRange)
+	}
+
+	//
+	// Forwarded
+	//
+	const forwardedList = Forwarded.parse(fullForwarded, FORWARDED_ACCEPTABLE_KEYS)
+	const forwarded = Forwarded.selectRightMost(forwardedList, FORWARDED_DROP_RIGHTMOST)
+	const forwardedFor = forwarded?.get(FORWARDED_KEY_FOR)
+	const forwardedSecret = forwarded?.get(FORWARDED_KEY_SECRET)
+
+	if(FORWARDED_REQUIRED && forwarded === undefined) { return { ...state, type: 'error', cause: 'forwarded required' } }
+	if(FORWARDED_REQUIRED && forwardedFor === undefined) { return { ...state, type: 'error', cause: 'forwarded for required' } }
+	if(FORWARDED_REQUIRED && forwardedSecret !== FORWARDED_SECRET) { return { ...state, type: 'error', cause: 'forwarded invalid' } }
+
+	//
+	// Options
+	//
+	if(method === HTTP2_METHOD_OPTIONS) {
+		const preambleEnd = performance.now()
+		state.meta.performance.push({ name: 'preamble-preflight', duration: preambleEnd - preambleStart })
+		return { ...state, type: 'preflight', method, methods: [], url: requestUrl }
+	}
+
+	//
+	// rate limit
+	//
+	// const ipRateLimitKey = `${ip}`
+	// if(!RateLimiter.test(ipRateLimitStore, ipRateLimitKey, ipRateLimitPolicy)) { return { type: 'limit', url: requestUrl, policy: ipRateLimitPolicy, ...defaultReturn } }
+
+	//
+	// content negotiation
+	//
+	const contentType = parseContentType(fullContentType)
+	const acceptedEncoding = AcceptEncoding.select(fullAcceptEncoding, DEFAULT_SUPPORTED_ENCODINGS)
+	const accept = Accept.select(fullAccept, DEFAULT_SUPPORTED_MIME_TYPES)
+	const acceptedLanguage = AcceptLanguage.select(fullAcceptLanguage, DEFAULT_SUPPORTED_LANGUAGES)
+	const acceptObject = {
+		type: accept,
+		encoding: acceptedEncoding,
+		language: acceptedLanguage
+	}
+
+	//
+	// Trace
+	//
+	if(method === HTTP2_METHOD_TRACE) {
+		if(!ALLOW_TRACE) { return { ...state, type: 'not-allowed', method, methods: [], url: requestUrl }}
+		const maxForwardsValue = maxForwards !== undefined ? parseInt(maxForwards) : 0
+		const preambleEnd = performance.now()
+		state.meta.performance.push({ name: 'preamble-trace', duration: preambleEnd - preambleStart })
+		if(acceptObject.type !== MIME_TYPE_MESSAGE_HTTP) { return { ...state, type: 'not-acceptable', acceptableMediaTypes: [ MIME_TYPE_MESSAGE_HTTP ] } }
+		return { ...state, type: 'trace', method, headers, url: requestUrl, maxForwards: maxForwardsValue, accept: acceptObject }
+	}
+
+	//
+	// setup future body
+	//
+	const contentLength = fullContentLength === undefined ? undefined : parseInt(fullContentLength, 10)
+	const body = requestBody(stream, {
+		byteLimit: BODY_BYTE_LENGTH,
+		contentLength,
+		contentType,
+		signal: AbortSignal.any([
+			shutdownSignal,
+			AbortSignal.timeout(BODY_TIMEOUT_SEC)
+		])
+	})
+
+	//
+	// token
+	//
+	// const tokens = getTokens(authorization, requestUrl.searchParams)
+
+	//
+	const preambleEnd = performance.now()
+	state.meta.performance.push({ name: 'preamble', duration: preambleEnd - preambleStart })
+
+	return {
+		...state,
+		type: 'request',
+		method,
+		url: requestUrl,
+		headers,
+		body,
+		// tokens,
+		conditions,
+		accept: acceptObject,
+		client: { family, ip, port },
+		SNI
+	}
+}