@johntalton/http-core 1.0.1 → 1.0.3

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@johntalton/http-core",
   "type": "module",
-  "version": "1.0.1",
+  "version": "1.0.3",
   "license": "MIT",
   "exports": {
     ".": "./src/index.js"
@@ -15,7 +15,7 @@
   "scripts": {
   },
   "dependencies": {
-    "@johntalton/http-util": "^5.0.0",
+    "@johntalton/http-util": "^5.1.2",
     "@johntalton/sse-util": "^1.0.0"
   }
 }

package/src/epilogue.js

@@ -1,5 +1,5 @@
-import { Response } from '@johntalton/http-util/response/object'
 import { MIME_TYPE_JSON } from '@johntalton/http-util/headers'
+import { Response } from '@johntalton/http-util/response/object'
 import { ServerSentEvents } from '@johntalton/sse-util'
 
 /** @import { ServerHttp2Stream } from 'node:http2' */
@@ -34,9 +34,10 @@ function addSSEPortHandler(stream, port, streamId, shutdownSignal) {
 	port.onmessage = message => {
 		const { data } = message
 		console.log('sending sse data', streamId, data)
-		// ServerSentEvents.messageToEventStreamLines(data)
-		ServerSentEvents.lineGen(data)
-			.forEach(line => stream.write(line))
+
+		for(const line of ServerSentEvents.lineGen(data)) {
+			stream.write(line)
+		}
 	}
 }
 
@@ -53,17 +54,18 @@ export function epilogue(state) {
 		case 'trace': { Response.trace(stream, state.method, state.url, state.headers, meta) } break
 		//
 		case 'preflight': { Response.preflight(stream, state.methods, state.supportedQueryTypes, undefined, meta) } break
-		// case 'no-content': { Response.noContent(stream, state.etag, meta)} break
+		case 'no-content': { Response.noContent(stream, state.etag, meta)} break
 		// case 'accepted': { Response.accepted(stream, meta) } break
 		case 'created': { Response.created(stream, new URL(state.location, meta.origin), state.etag, meta) } break
 		case 'not-modified': { Response.notModified(stream, state.etag, state.age, { priv: true, maxAge: 60 }, meta) } break
 
 		//
 		// case 'multiple-choices': { Response.multipleChoices(stream, meta) } break
-		// case 'gone': { Response.gone(stream, meta) } break
-		// case 'moved-permanently': { Response.movedPermanently(stream, state.location, meta) } break
-		// case 'see-other': { Response.seeOther(stream, state.location, meta) } break
-		// case 'temporary-redirect': { Response.temporaryRedirect(stream, state.location, meta) } break
+		case 'gone': { Response.gone(stream, meta) } break
+		case 'moved-permanently': { Response.movedPermanently(stream, state.location, meta) } break
+		case 'see-other': { Response.seeOther(stream, state.location, meta) } break
+		case 'temporary-redirect': { Response.temporaryRedirect(stream, state.location, meta) } break
+		case 'permanent-redirect': { Response.permanentRedirect(stream, state.location, meta) } break
 
 		//
 		case '404': { Response.notFound(stream, state.message, meta) } break
@@ -74,13 +76,14 @@ export function epilogue(state) {
 		case 'unprocessable': { Response.unprocessable(stream, meta) } break
 		case 'precondition-failed': { Response.preconditionFailed(stream, meta) } break
 		case 'not-satisfiable': { Response.rangeNotSatisfiable(stream, { size: state.contentLength }, meta) } break
-		// case 'content-too-large': { Response.contentTooLarge(stream, meta) } break
-		// case 'insufficient-storage': { Response.insufficientStorage(stream, meta) } break
-		// case 'too-many-requests': { Response.tooManyRequests(stream, state.limit, state.policies, meta) } break
-		// case 'unauthorized': { Response.unauthorized(stream, meta) } break
+		case 'content-too-large': { Response.contentTooLarge(stream, meta) } break
+		case 'insufficient-storage': { Response.insufficientStorage(stream, meta) } break
+		case 'too-many-requests': { Response.tooManyRequests(stream, state.limit, state.policies, meta) } break
+		case 'unauthorized': { Response.unauthorized(stream, state.challenge, meta) } break
+		case 'forbidden': { Response.forbidden(stream, meta) } break
 		case 'unavailable': { Response.unavailable(stream, state.message, state.retryAfter, meta)} break
 		case 'not-implemented': { Response.notImplemented(stream, state.message, meta)} break
-		// case 'timeout': { Response.timeout(stream, meta) } break
+		case 'timeout': { Response.timeout(stream, meta) } break
 
 		//
 		case 'sse': {

package/src/index.js

@@ -1,11 +1,12 @@
-import http2 from 'node:http2'
-import fs from 'node:fs'
+/** biome-ignore-all lint/nursery/noExcessiveLinesPerFile: legacy */
 import crypto from 'node:crypto'
+import fs from 'node:fs'
+import http2 from 'node:http2'
 
 import { HTTP_METHOD_QUERY } from '@johntalton/http-util/response'
 
-import { preamble } from './preamble.js'
 import { epilogue } from './epilogue.js'
+import { preamble } from './preamble.js'
 
 const {
 	HTTP2_METHOD_GET,
@@ -18,6 +19,12 @@ const {
 	HTTP2_METHOD_TRACE
 } = http2.constants
 
+const {
+	SSL_OP_NO_TLSv1,
+	SSL_OP_NO_TLSv1_1,
+	SSL_OP_NO_TLSv1_2,
+} = crypto.constants
+
 export const KNOWN_METHODS = [
 	HTTP2_METHOD_GET,
 	HTTP2_METHOD_HEAD,
@@ -35,14 +42,46 @@ export const KNOWN_METHODS = [
 
 /** @import { Metadata } from '@johntalton/http-util/response' */
 /** @import { BodyFuture } from '@johntalton/http-util/body' */
-/** @import { EtagItem, IMFFixDate, ContentRangeDirective } from '@johntalton/http-util/headers' */
+/** @import { EtagItem, IMFFixDate, ContentRangeDirective, RateLimitPolicyInfo, RateLimitInfo, ChallengeItem } from '@johntalton/http-util/headers' */
 /** @import { SendBody } from '@johntalton/http-util/response' */
 
 /** @typedef {(state: RouteRequest|RouteAction) => Promise<RouteAction>} Router */
 
 /** @typedef {'request'} RouteTypeRequest */
-/** @typedef {'partial-bytes'|'bytes'|'json'|'404'|'sse'|'error'|'preflight'|'not-allowed'|'trace'|'created'|'unsupported-media'|'not-modified'|'precondition-failed'|'unprocessable'|'not-acceptable'|'conflict'|'not-implemented'|'unavailable'|'not-satisfiable'} RouteType */
-/** @typedef {'GET'|'HEAD'|'POST'|'PUT'|'OPTIONS'|'DELETE'|'TRACE'} RouteMethod */
+/** @typedef {
+	'partial-bytes' |
+	'bytes' |
+	'json' |
+	'404' |
+	'sse' |
+	'error' |
+	'preflight' |
+	'not-allowed' |
+	'trace' |
+	'created' |
+	'unsupported-media' |
+	'not-modified' |
+	'precondition-failed' |
+	'unprocessable' |
+	'not-acceptable' |
+	'conflict' |
+	'not-implemented' |
+	'unavailable' |
+	'not-satisfiable' |
+	'see-other' |
+	'temporary-redirect' |
+	'permanent-redirect' |
+	'moved-permanently' |
+	'gone' |
+	'no-content' |
+	'content-too-large' |
+	'insufficient-storage' |
+	'too-many-requests' |
+	'unauthorized' |
+	'forbidden' |
+	'timeout'
+} RouteType */
+/** @typedef {'GET'|'HEAD'|'POST'|'PUT'|'PATCH'|'OPTIONS'|'DELETE'|'TRACE'|'QUERY'} RouteMethod */
 
 /** @typedef {string & { readonly _brand: 'sid' }} StreamID */
 
@@ -271,6 +310,85 @@ export const KNOWN_METHODS = [
  */
 /** @typedef {RouteBase & RouteNotSatisfiableBase} RouteNotSatisfiable */
 
+/**
+ * @typedef {Object} RouteSeeOtherBase
+ * @property {'see-other'} type
+ * @property {URL} location
+ */
+/** @typedef {RouteBase & RouteSeeOtherBase} RouteSeeOther */
+
+/**
+ * @typedef {Object} RouteTemporaryRedirectBase
+ * @property {'temporary-redirect'} type
+ * @property {URL} location
+ */
+/** @typedef {RouteBase & RouteTemporaryRedirectBase} RouteTemporaryRedirect */
+
+/**
+ * @typedef {Object} RoutePermanentRedirectBase
+ * @property {'permanent-redirect'} type
+ * @property {URL} location
+ */
+/** @typedef {RouteBase & RoutePermanentRedirectBase} RoutePermanentRedirect */
+
+/**
+ * @typedef {Object} RouteMovedPermanentlyBase
+ * @property {'moved-permanently'} type
+ * @property {URL} location
+ */
+/** @typedef {RouteBase & RouteMovedPermanentlyBase} RouteMovedPermanently */
+
+/**
+ * @typedef {Object} RouteNoContentBase
+ * @property {'no-content'} type
+ * @property {EtagItem|undefined} [etag]
+ */
+/** @typedef {RouteBase & RouteNoContentBase} RouteNoContent */
+
+/**
+ * @typedef {Object} RouteGoneBase
+ * @property {'gone'} type
+ */
+/** @typedef {RouteBase & RouteGoneBase} RouteGone */
+
+/**
+ * @typedef {Object} RouteContentTooLargeBase
+ * @property {'content-too-large'} type
+ */
+/** @typedef {RouteBase & RouteContentTooLargeBase} RouteContentTooLarge */
+
+/**
+ * @typedef {Object} RouteInsufficientStorageBase
+ * @property {'insufficient-storage'} type
+ */
+/** @typedef {RouteBase & RouteInsufficientStorageBase} RouteInsufficientStorage */
+
+/**
+ * @typedef {Object} RouteTooManyRequestsBase
+ * @property {'too-many-requests'} type
+ * @property {RateLimitInfo} limit
+ * @property {Array<RateLimitPolicyInfo>} policies
+ */
+/** @typedef {RouteBase & RouteTooManyRequestsBase} RouteTooManyRequests */
+
+/**
+ * @typedef {Object} RouteUnauthorizedBase
+ * @property {'unauthorized'} type
+ * @property {Array<ChallengeItem>} challenge
+ */
+/** @typedef {RouteBase & RouteUnauthorizedBase} RouteUnauthorized */
+
+/**
+ * @typedef {Object} RouteForbiddenBase
+ * @property {'forbidden'} type
+ */
+/** @typedef {RouteBase & RouteForbiddenBase} RouteForbidden */
+
+/**
+ * @typedef {Object} RouteTimeoutBase
+ * @property {'timeout'} type
+ */
+/** @typedef {RouteBase & RouteTimeoutBase} RouteTimeout */
 
 /**
  * @typedef {Object} RouteSSEBase
@@ -301,7 +419,19 @@ export const KNOWN_METHODS = [
 	RouteNotImplemented |
 	RouteUnavailable |
 	RoutePartialBytes |
-	RouteNotSatisfiable
+	RouteNotSatisfiable |
+	RouteSeeOther |
+	RouteTemporaryRedirect |
+	RoutePermanentRedirect |
+	RouteMovedPermanently |
+	RouteNoContent |
+	RouteGone |
+	RouteContentTooLarge |
+	RouteInsufficientStorage |
+	RouteTooManyRequests |
+	RouteUnauthorized |
+	RouteForbidden |
+	RouteTimeout
 } RouteAction */
 
 /** @typedef {Record<string, string|undefined>} RouteMatches */
@@ -311,7 +441,7 @@ export const KNOWN_METHODS = [
  * @param {Http2Stream} stream
  * @returns {stream is ServerHttp2Stream}
  */
-function isServerStream(stream) {
+export function isServerStream(stream) {
 	if(stream === null) { return false }
 	return true
 }
@@ -347,19 +477,19 @@ export function isValidMethod(method) {
  */
 export function closeCodeToString(rstCode) {
 	if(rstCode === http2.constants.NGHTTP2_NO_ERROR) { return '(No Error)' }
-	else if(rstCode === http2.constants.NGHTTP2_PROTOCOL_ERROR) { return '(Protocol Error)' }
-	else if(rstCode === http2.constants.NGHTTP2_INTERNAL_ERROR) { return '(Internal Error)' }
-	else if(rstCode === http2.constants.NGHTTP2_FLOW_CONTROL_ERROR) { return '(Flow Control Error)' }
-	else if(rstCode === http2.constants.NGHTTP2_SETTINGS_TIMEOUT) { return '(Settings Timeout)' }
-	else if(rstCode === http2.constants.NGHTTP2_STREAM_CLOSED) { return '(Closed)' }
-	else if(rstCode === http2.constants.NGHTTP2_FRAME_SIZE_ERROR) { return '(Frame Size Error)' }
-	else if(rstCode === http2.constants.NGHTTP2_REFUSED_STREAM) { return '(Refused)' }
-	else if(rstCode === http2.constants.NGHTTP2_CANCEL) { return '(Cancel)' }
-	else if(rstCode === http2.constants.NGHTTP2_COMPRESSION_ERROR) { return '(Compression Error)' }
-	else if(rstCode === http2.constants.NGHTTP2_CONNECT_ERROR) { return '(Connect Error)' }
-	else if(rstCode === http2.constants.NGHTTP2_ENHANCE_YOUR_CALM) { return '(Chill)' }
-	else if(rstCode === http2.constants.NGHTTP2_INADEQUATE_SECURITY) { return '(Inadequate Security)' }
-	else if(rstCode === http2.constants.NGHTTP2_HTTP_1_1_REQUIRED) { return '(HTTP 1.1 Requested)' }
+	if(rstCode === http2.constants.NGHTTP2_PROTOCOL_ERROR) { return '(Protocol Error)' }
+	if(rstCode === http2.constants.NGHTTP2_INTERNAL_ERROR) { return '(Internal Error)' }
+	if(rstCode === http2.constants.NGHTTP2_FLOW_CONTROL_ERROR) { return '(Flow Control Error)' }
+	if(rstCode === http2.constants.NGHTTP2_SETTINGS_TIMEOUT) { return '(Settings Timeout)' }
+	if(rstCode === http2.constants.NGHTTP2_STREAM_CLOSED) { return '(Closed)' }
+	if(rstCode === http2.constants.NGHTTP2_FRAME_SIZE_ERROR) { return '(Frame Size Error)' }
+	if(rstCode === http2.constants.NGHTTP2_REFUSED_STREAM) { return '(Refused)' }
+	if(rstCode === http2.constants.NGHTTP2_CANCEL) { return '(Cancel)' }
+	if(rstCode === http2.constants.NGHTTP2_COMPRESSION_ERROR) { return '(Compression Error)' }
+	if(rstCode === http2.constants.NGHTTP2_CONNECT_ERROR) { return '(Connect Error)' }
+	if(rstCode === http2.constants.NGHTTP2_ENHANCE_YOUR_CALM) { return '(Chill)' }
+	if(rstCode === http2.constants.NGHTTP2_INADEQUATE_SECURITY) { return '(Inadequate Security)' }
+	if(rstCode === http2.constants.NGHTTP2_HTTP_1_1_REQUIRED) { return '(HTTP 1.1 Requested)' }
 
 	return `(${rstCode})`
 }
@@ -372,16 +502,10 @@ export const REQUEST_ID_SIZE = 5
 export function requestId() {
 	const buffer = new Uint8Array(REQUEST_ID_SIZE)
 	crypto.getRandomValues(buffer)
-	// @ts-ignore
+	// @ts-expect-error
 	return buffer.toHex()
 }
 
-const {
-	SSL_OP_NO_TLSv1,
-	SSL_OP_NO_TLSv1_1,
-	SSL_OP_NO_TLSv1_2,
-} = crypto.constants
-
 /**
  * @typedef {Object} H2CoreOptions
  * @property {Config} config

package/src/preamble.js

@@ -3,24 +3,30 @@ import { TLSSocket } from 'node:tls'
 
 import { requestBody } from '@johntalton/http-util/body'
 import {
-	MIME_TYPE_JSON,
-	MIME_TYPE_TEXT,
-	MIME_TYPE_XML,
-	MIME_TYPE_EVENT_STREAM,
-	MIME_TYPE_MESSAGE_HTTP,
-	parseContentType,
-
 	Accept,
 	AcceptEncoding,
 	AcceptLanguage,
 
-	Forwarded,
+	Conditional,
+	ETag,
+
 	FORWARDED_KEY_FOR,
+	Forwarded,
 	KNOWN_FORWARDED_KEYS,
-	Conditional,
-	ETag
+
+	MIME_TYPE_EVENT_STREAM,
+	MIME_TYPE_JSON,
+	MIME_TYPE_MESSAGE_HTTP,
+	MIME_TYPE_TEXT,
+	MIME_TYPE_XML,
+	parseContentType
 } from '@johntalton/http-util/headers'
-import { ENCODER_MAP, HTTP_HEADER_FORWARDED, HTTP_HEADER_ORIGIN } from '@johntalton/http-util/response'
+import {
+	ENCODER_MAP,
+	HTTP_HEADER_FORWARDED,
+	HTTP_HEADER_ORIGIN
+} from '@johntalton/http-util/response'
+
 import { isValidHeader, isValidLikeHeader, isValidMethod } from './index.js'
 
 /** @import { ServerHttp2Stream, IncomingHttpHeaders } from 'node:http2' */
@@ -29,8 +35,8 @@ import { isValidHeader, isValidLikeHeader, isValidMethod } from './index.js'
 const { HTTP2_METHOD_OPTIONS, HTTP2_METHOD_TRACE } = http2.constants
 
 const {
-	HTTP2_HEADER_METHOD,
 	HTTP2_HEADER_AUTHORITY,
+	HTTP2_HEADER_METHOD,
 	HTTP2_HEADER_SCHEME,
 	HTTP2_HEADER_PATH,
 	HTTP2_HEADER_AUTHORIZATION,
@@ -73,8 +79,10 @@ const ALLOWED_ORIGINS = (process.env['ALLOWED_ORIGINS'] ?? '').split(',').map(s
 
 const ALLOW_TRACE = process.env['ALLOW_TRACE'] === 'true'
 
-const BODY_TIMEOUT_SEC = 2 * 1000
-const BODY_BYTE_LENGTH = 1000 * 1000
+const MSEC_PER_SEC = 1000
+const BODY_TIMEOUT_MSEC = 2 * MSEC_PER_SEC
+const BYTE_PER_K = 1024
+const BODY_BYTE_LENGTH = BYTE_PER_K * BYTE_PER_K
 
 // const ipRateLimitStore = new Map()
 // const ipRateLimitPolicy = {
@@ -139,10 +147,8 @@ export function preamble(config, streamId, stream, headers, servername, shutdown
 	// const secFetchDest = header[HTTP_HEADER_SEC_FETCH_DEST]
 
 	//
-	const allowedOrigin = (origin !== undefined) ?
-		((ALLOWED_ORIGINS.includes(origin) || ALLOWED_ORIGINS.includes('*')) ?
-		(URL.canParse(origin) ?
-		origin : undefined) : undefined) : undefined
+	const allowedOrigin = (ALLOWED_ORIGINS.includes('*') || ((origin !== undefined) && URL.canParse(origin) && ALLOWED_ORIGINS.includes(origin))) ? origin : undefined
+
 
 	/** @type {RouteRequest|RouteAction} */
 	const state = {
@@ -249,7 +255,7 @@ export function preamble(config, streamId, stream, headers, servername, shutdown
 	//
 	if(method === HTTP2_METHOD_TRACE) {
 		if(!ALLOW_TRACE) { return { ...state, type: 'not-allowed', method, methods: [], url: requestUrl }}
-		const maxForwardsValue = maxForwards !== undefined ? parseInt(maxForwards) : 0
+		const maxForwardsValue = maxForwards !== undefined ? Number.parseInt(maxForwards) : 0
 		const preambleEnd = performance.now()
 		state.meta.performance.push({ name: 'preamble-trace', duration: preambleEnd - preambleStart })
 		if(acceptObject.type !== MIME_TYPE_MESSAGE_HTTP) { return { ...state, type: 'not-acceptable', acceptableMediaTypes: [ MIME_TYPE_MESSAGE_HTTP ] } }
@@ -259,14 +265,14 @@ export function preamble(config, streamId, stream, headers, servername, shutdown
 	//
 	// setup future body
 	//
-	const contentLength = fullContentLength === undefined ? undefined : parseInt(fullContentLength, 10)
+	const contentLength = fullContentLength === undefined ? undefined : Number.parseInt(fullContentLength, 10)
 	const body = requestBody(stream, {
 		byteLimit: BODY_BYTE_LENGTH,
 		contentLength,
 		contentType,
 		signal: AbortSignal.any([
 			shutdownSignal,
-			AbortSignal.timeout(BODY_TIMEOUT_SEC)
+			AbortSignal.timeout(BODY_TIMEOUT_MSEC)
 		])
 	})