@morojs/moro 1.0.0 → 1.0.1

package/src/core/http/http-server.ts

@@ -1,16 +1,10 @@
 // src/core/http-server.ts
-import { IncomingMessage, ServerResponse, createServer, Server } from "http";
-import { URL } from "url";
-import * as zlib from "zlib";
-import { promisify } from "util";
-import { createFrameworkLogger } from "../logger";
-import {
-  HttpRequest,
-  HttpResponse,
-  HttpHandler,
-  Middleware,
-  RouteEntry,
-} from "../../types/http";
+import { IncomingMessage, ServerResponse, createServer, Server } from 'http';
+import { URL } from 'url';
+import * as zlib from 'zlib';
+import { promisify } from 'util';
+import { createFrameworkLogger } from '../logger';
+import { HttpRequest, HttpResponse, HttpHandler, Middleware, RouteEntry } from '../../types/http';
 
 const gzip = promisify(zlib.gzip);
 const deflate = promisify(zlib.deflate);
@@ -21,7 +15,7 @@ export class MoroHttpServer {
   private globalMiddleware: Middleware[] = [];
   private compressionEnabled = true;
   private compressionThreshold = 1024;
-  private logger = createFrameworkLogger("HttpServer");
+  private logger = createFrameworkLogger('HttpServer');
 
   constructor() {
     this.server = createServer(this.handleRequest.bind(this));
@@ -34,30 +28,26 @@ export class MoroHttpServer {
 
   // Routing methods
   get(path: string, ...handlers: (Middleware | HttpHandler)[]): void {
-    this.addRoute("GET", path, handlers);
+    this.addRoute('GET', path, handlers);
   }
 
   post(path: string, ...handlers: (Middleware | HttpHandler)[]): void {
-    this.addRoute("POST", path, handlers);
+    this.addRoute('POST', path, handlers);
   }
 
   put(path: string, ...handlers: (Middleware | HttpHandler)[]): void {
-    this.addRoute("PUT", path, handlers);
+    this.addRoute('PUT', path, handlers);
   }
 
   delete(path: string, ...handlers: (Middleware | HttpHandler)[]): void {
-    this.addRoute("DELETE", path, handlers);
+    this.addRoute('DELETE', path, handlers);
   }
 
   patch(path: string, ...handlers: (Middleware | HttpHandler)[]): void {
-    this.addRoute("PATCH", path, handlers);
+    this.addRoute('PATCH', path, handlers);
   }
 
-  private addRoute(
-    method: string,
-    path: string,
-    handlers: (Middleware | HttpHandler)[],
-  ): void {
+  private addRoute(method: string, path: string, handlers: (Middleware | HttpHandler)[]): void {
     const { pattern, paramNames } = this.pathToRegex(path);
     const handler = handlers.pop() as HttpHandler;
     const middleware = handlers as Middleware[];
@@ -79,9 +69,9 @@ export class MoroHttpServer {
     const regexPattern = path
       .replace(/\/:([^/]+)/g, (match, paramName) => {
         paramNames.push(paramName);
-        return "/([^/]+)";
+        return '/([^/]+)';
       })
-      .replace(/\//g, "\\/");
+      .replace(/\//g, '\\/');
 
     return {
       pattern: new RegExp(`^${regexPattern}$`),
@@ -89,10 +79,7 @@ export class MoroHttpServer {
     };
   }
 
-  private async handleRequest(
-    req: IncomingMessage,
-    res: ServerResponse,
-  ): Promise<void> {
+  private async handleRequest(req: IncomingMessage, res: ServerResponse): Promise<void> {
     const httpReq = this.enhanceRequest(req);
     const httpRes = this.enhanceResponse(res);
 
@@ -103,7 +90,7 @@ export class MoroHttpServer {
       httpReq.query = Object.fromEntries(url.searchParams);
 
       // Parse body for POST/PUT/PATCH requests
-      if (["POST", "PUT", "PATCH"].includes(req.method!)) {
+      if (['POST', 'PUT', 'PATCH'].includes(req.method!)) {
         httpReq.body = await this.parseBody(req);
       }
 
@@ -118,7 +105,7 @@ export class MoroHttpServer {
       // Find matching route
       const route = this.findRoute(req.method!, httpReq.path);
       if (!route) {
-        httpRes.status(404).json({ success: false, error: "Not found" });
+        httpRes.status(404).json({ success: false, error: 'Not found' });
         return;
       }
 
@@ -137,7 +124,7 @@ export class MoroHttpServer {
       // Execute handler
       await route.handler(httpReq, httpRes);
     } catch (error) {
-      this.logger.error("Request error", "RequestHandler", {
+      this.logger.error('Request error', 'RequestHandler', {
         error: error instanceof Error ? error.message : String(error),
         requestId: httpReq.requestId,
         method: req.method,
@@ -147,7 +134,7 @@ export class MoroHttpServer {
       if (!httpRes.headersSent) {
         httpRes.status(500).json({
           success: false,
-          error: "Internal server error",
+          error: 'Internal server error',
           requestId: httpReq.requestId,
         });
       }
@@ -159,13 +146,13 @@ export class MoroHttpServer {
     httpReq.params = {};
     httpReq.query = {};
     httpReq.body = null;
-    httpReq.path = "";
-    httpReq.ip = req.socket.remoteAddress || "";
+    httpReq.path = '';
+    httpReq.ip = req.socket.remoteAddress || '';
     httpReq.requestId = Math.random().toString(36).substring(7);
     httpReq.headers = req.headers as Record<string, string>;
 
     // Parse cookies
-    httpReq.cookies = this.parseCookies(req.headers.cookie || "");
+    httpReq.cookies = this.parseCookies(req.headers.cookie || '');
 
     return httpReq;
   }
@@ -174,8 +161,8 @@ export class MoroHttpServer {
     const cookies: Record<string, string> = {};
     if (!cookieHeader) return cookies;
 
-    cookieHeader.split(";").forEach((cookie) => {
-      const [name, value] = cookie.trim().split("=");
+    cookieHeader.split(';').forEach(cookie => {
+      const [name, value] = cookie.trim().split('=');
       if (name && value) {
         cookies[name] = decodeURIComponent(value);
       }
@@ -193,31 +180,28 @@ export class MoroHttpServer {
       const jsonString = JSON.stringify(data);
       const buffer = Buffer.from(jsonString);
 
-      httpRes.setHeader("Content-Type", "application/json; charset=utf-8");
+      httpRes.setHeader('Content-Type', 'application/json; charset=utf-8');
 
       // Compression
-      if (
-        this.compressionEnabled &&
-        buffer.length > this.compressionThreshold
-      ) {
-        const acceptEncoding = httpRes.req.headers["accept-encoding"] || "";
+      if (this.compressionEnabled && buffer.length > this.compressionThreshold) {
+        const acceptEncoding = httpRes.req.headers['accept-encoding'] || '';
 
-        if (acceptEncoding.includes("gzip")) {
+        if (acceptEncoding.includes('gzip')) {
           const compressed = await gzip(buffer);
-          httpRes.setHeader("Content-Encoding", "gzip");
-          httpRes.setHeader("Content-Length", compressed.length);
+          httpRes.setHeader('Content-Encoding', 'gzip');
+          httpRes.setHeader('Content-Length', compressed.length);
           httpRes.end(compressed);
           return;
-        } else if (acceptEncoding.includes("deflate")) {
+        } else if (acceptEncoding.includes('deflate')) {
           const compressed = await deflate(buffer);
-          httpRes.setHeader("Content-Encoding", "deflate");
-          httpRes.setHeader("Content-Length", compressed.length);
+          httpRes.setHeader('Content-Encoding', 'deflate');
+          httpRes.setHeader('Content-Length', compressed.length);
           httpRes.end(compressed);
           return;
         }
       }
 
-      httpRes.setHeader("Content-Length", buffer.length);
+      httpRes.setHeader('Content-Length', buffer.length);
       httpRes.end(buffer);
     };
 
@@ -230,22 +214,19 @@ export class MoroHttpServer {
       if (httpRes.headersSent) return;
 
       // Auto-detect content type if not already set
-      if (!httpRes.getHeader("Content-Type")) {
-        if (typeof data === "string") {
+      if (!httpRes.getHeader('Content-Type')) {
+        if (typeof data === 'string') {
           // Check if it's JSON
           try {
             JSON.parse(data);
-            httpRes.setHeader(
-              "Content-Type",
-              "application/json; charset=utf-8",
-            );
+            httpRes.setHeader('Content-Type', 'application/json; charset=utf-8');
           } catch {
             // Default to plain text
-            httpRes.setHeader("Content-Type", "text/plain; charset=utf-8");
+            httpRes.setHeader('Content-Type', 'text/plain; charset=utf-8');
           }
         } else {
           // Buffer data - default to octet-stream
-          httpRes.setHeader("Content-Type", "application/octet-stream");
+          httpRes.setHeader('Content-Type', 'application/octet-stream');
         }
       }
 
@@ -257,33 +238,32 @@ export class MoroHttpServer {
       let cookieString = `${name}=${cookieValue}`;
 
       if (options.maxAge) cookieString += `; Max-Age=${options.maxAge}`;
-      if (options.expires)
-        cookieString += `; Expires=${options.expires.toUTCString()}`;
-      if (options.httpOnly) cookieString += "; HttpOnly";
-      if (options.secure) cookieString += "; Secure";
+      if (options.expires) cookieString += `; Expires=${options.expires.toUTCString()}`;
+      if (options.httpOnly) cookieString += '; HttpOnly';
+      if (options.secure) cookieString += '; Secure';
       if (options.sameSite) cookieString += `; SameSite=${options.sameSite}`;
       if (options.domain) cookieString += `; Domain=${options.domain}`;
       if (options.path) cookieString += `; Path=${options.path}`;
 
-      const existingCookies = httpRes.getHeader("Set-Cookie") || [];
+      const existingCookies = httpRes.getHeader('Set-Cookie') || [];
       const cookies = Array.isArray(existingCookies)
         ? [...existingCookies]
         : [existingCookies as string];
       cookies.push(cookieString);
-      httpRes.setHeader("Set-Cookie", cookies);
+      httpRes.setHeader('Set-Cookie', cookies);
 
       return httpRes;
     };
 
     httpRes.clearCookie = (name: string, options: any = {}) => {
       const clearOptions = { ...options, expires: new Date(0), maxAge: 0 };
-      return httpRes.cookie(name, "", clearOptions);
+      return httpRes.cookie(name, '', clearOptions);
     };
 
     httpRes.redirect = (url: string, status: number = 302) => {
       if (httpRes.headersSent) return;
       httpRes.statusCode = status;
-      httpRes.setHeader("Location", url);
+      httpRes.setHeader('Location', url);
       httpRes.end();
     };
 
@@ -291,8 +271,8 @@ export class MoroHttpServer {
       if (httpRes.headersSent) return;
 
       try {
-        const fs = await import("fs/promises");
-        const path = await import("path");
+        const fs = await import('fs/promises');
+        const path = await import('path');
         const extension = path.extname(filePath);
         const mime = await this.getMimeType(extension);
 
@@ -301,19 +281,19 @@ export class MoroHttpServer {
 
         // Add charset for text-based files
         const contentType = this.addCharsetIfNeeded(mime);
-        httpRes.setHeader("Content-Type", contentType);
-        httpRes.setHeader("Content-Length", stats.size);
+        httpRes.setHeader('Content-Type', contentType);
+        httpRes.setHeader('Content-Length', stats.size);
 
         // Add security headers for file downloads
-        httpRes.setHeader("X-Content-Type-Options", "nosniff");
+        httpRes.setHeader('X-Content-Type-Options', 'nosniff');
 
         // Add caching headers
-        httpRes.setHeader("Last-Modified", stats.mtime.toUTCString());
-        httpRes.setHeader("Cache-Control", "public, max-age=31536000"); // 1 year for static files
+        httpRes.setHeader('Last-Modified', stats.mtime.toUTCString());
+        httpRes.setHeader('Cache-Control', 'public, max-age=31536000'); // 1 year for static files
 
         httpRes.end(data);
       } catch (error) {
-        httpRes.status(404).json({ success: false, error: "File not found" });
+        httpRes.status(404).json({ success: false, error: 'File not found' });
       }
     };
 
@@ -322,37 +302,37 @@ export class MoroHttpServer {
 
   private async getMimeType(ext: string): Promise<string> {
     const mimeTypes: Record<string, string> = {
-      ".html": "text/html",
-      ".css": "text/css",
-      ".js": "application/javascript",
-      ".json": "application/json",
-      ".png": "image/png",
-      ".jpg": "image/jpeg",
-      ".jpeg": "image/jpeg",
-      ".gif": "image/gif",
-      ".svg": "image/svg+xml",
-      ".ico": "image/x-icon",
-      ".pdf": "application/pdf",
-      ".txt": "text/plain",
-      ".xml": "application/xml",
+      '.html': 'text/html',
+      '.css': 'text/css',
+      '.js': 'application/javascript',
+      '.json': 'application/json',
+      '.png': 'image/png',
+      '.jpg': 'image/jpeg',
+      '.jpeg': 'image/jpeg',
+      '.gif': 'image/gif',
+      '.svg': 'image/svg+xml',
+      '.ico': 'image/x-icon',
+      '.pdf': 'application/pdf',
+      '.txt': 'text/plain',
+      '.xml': 'application/xml',
     };
 
-    return mimeTypes[ext.toLowerCase()] || "application/octet-stream";
+    return mimeTypes[ext.toLowerCase()] || 'application/octet-stream';
   }
 
   private addCharsetIfNeeded(mimeType: string): string {
     // Add charset for text-based content types
     const textTypes = [
-      "text/",
-      "application/json",
-      "application/javascript",
-      "application/xml",
-      "image/svg+xml",
+      'text/',
+      'application/json',
+      'application/javascript',
+      'application/xml',
+      'image/svg+xml',
     ];
 
-    const needsCharset = textTypes.some((type) => mimeType.startsWith(type));
+    const needsCharset = textTypes.some(type => mimeType.startsWith(type));
 
-    if (needsCharset && !mimeType.includes("charset")) {
+    if (needsCharset && !mimeType.includes('charset')) {
       return `${mimeType}; charset=utf-8`;
     }
 
@@ -365,27 +345,25 @@ export class MoroHttpServer {
       let totalLength = 0;
       const maxSize = 10 * 1024 * 1024; // 10MB limit
 
-      req.on("data", (chunk: Buffer) => {
+      req.on('data', (chunk: Buffer) => {
         totalLength += chunk.length;
         if (totalLength > maxSize) {
-          reject(new Error("Request body too large"));
+          reject(new Error('Request body too large'));
           return;
         }
         chunks.push(chunk);
       });
 
-      req.on("end", () => {
+      req.on('end', () => {
         try {
           const body = Buffer.concat(chunks);
-          const contentType = req.headers["content-type"] || "";
+          const contentType = req.headers['content-type'] || '';
 
-          if (contentType.includes("application/json")) {
+          if (contentType.includes('application/json')) {
             resolve(JSON.parse(body.toString()));
-          } else if (
-            contentType.includes("application/x-www-form-urlencoded")
-          ) {
+          } else if (contentType.includes('application/x-www-form-urlencoded')) {
             resolve(this.parseUrlEncoded(body.toString()));
-          } else if (contentType.includes("multipart/form-data")) {
+          } else if (contentType.includes('multipart/form-data')) {
             resolve(this.parseMultipart(body, contentType));
           } else {
             resolve(body.toString());
@@ -395,26 +373,26 @@ export class MoroHttpServer {
         }
       });
 
-      req.on("error", reject);
+      req.on('error', reject);
     });
   }
 
   private parseMultipart(
     buffer: Buffer,
-    contentType: string,
+    contentType: string
   ): { fields: Record<string, string>; files: Record<string, any> } {
-    const boundary = contentType.split("boundary=")[1];
+    const boundary = contentType.split('boundary=')[1];
     if (!boundary) {
-      throw new Error("Invalid multipart boundary");
+      throw new Error('Invalid multipart boundary');
     }
 
-    const parts = buffer.toString("binary").split("--" + boundary);
+    const parts = buffer.toString('binary').split('--' + boundary);
     const fields: Record<string, string> = {};
     const files: Record<string, any> = {};
 
     for (let i = 1; i < parts.length - 1; i++) {
       const part = parts[i];
-      const [headers, content] = part.split("\r\n\r\n");
+      const [headers, content] = part.split('\r\n\r\n');
 
       if (!headers || content === undefined) continue;
 
@@ -428,16 +406,14 @@ export class MoroHttpServer {
         if (filenameMatch) {
           // This is a file
           const filename = filenameMatch[1];
-          const mimeType = contentTypeMatch
-            ? contentTypeMatch[1]
-            : "application/octet-stream";
+          const mimeType = contentTypeMatch ? contentTypeMatch[1] : 'application/octet-stream';
           const fileContent = content.substring(0, content.length - 2); // Remove trailing \r\n
 
           files[name] = {
             filename,
             mimetype: mimeType,
-            data: Buffer.from(fileContent, "binary"),
-            size: Buffer.byteLength(fileContent, "binary"),
+            data: Buffer.from(fileContent, 'binary'),
+            size: Buffer.byteLength(fileContent, 'binary'),
           };
         } else {
           // This is a regular field
@@ -459,17 +435,13 @@ export class MoroHttpServer {
   }
 
   private findRoute(method: string, path: string): RouteEntry | null {
-    return (
-      this.routes.find(
-        (route) => route.method === method && route.pattern.test(path),
-      ) || null
-    );
+    return this.routes.find(route => route.method === method && route.pattern.test(path)) || null;
   }
 
   private async executeMiddleware(
     middleware: Middleware[],
     req: HttpRequest,
-    res: HttpResponse,
+    res: HttpResponse
   ): Promise<void> {
     for (const mw of middleware) {
       await new Promise<void>((resolve, reject) => {
@@ -501,13 +473,9 @@ export class MoroHttpServer {
 
   listen(port: number, callback?: () => void): void;
   listen(port: number, host: string, callback?: () => void): void;
-  listen(
-    port: number,
-    host?: string | (() => void),
-    callback?: () => void,
-  ): void {
+  listen(port: number, host?: string | (() => void), callback?: () => void): void {
     // Handle overloaded parameters (port, callback) or (port, host, callback)
-    if (typeof host === "function") {
+    if (typeof host === 'function') {
       callback = host;
       host = undefined;
     }
@@ -520,7 +488,7 @@ export class MoroHttpServer {
   }
 
   close(): Promise<void> {
-    return new Promise((resolve) => {
+    return new Promise(resolve => {
       this.server.close(() => resolve());
     });
   }
@@ -532,26 +500,18 @@ export class MoroHttpServer {
 
 // Built-in middleware
 export const middleware = {
-  cors: (
-    options: { origin?: string; credentials?: boolean } = {},
-  ): Middleware => {
+  cors: (options: { origin?: string; credentials?: boolean } = {}): Middleware => {
     return (req, res, next) => {
-      res.setHeader("Access-Control-Allow-Origin", options.origin || "*");
-      res.setHeader(
-        "Access-Control-Allow-Methods",
-        "GET, POST, PUT, DELETE, OPTIONS",
-      );
-      res.setHeader(
-        "Access-Control-Allow-Headers",
-        "Content-Type, Authorization",
-      );
+      res.setHeader('Access-Control-Allow-Origin', options.origin || '*');
+      res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+      res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
 
       if (options.credentials) {
-        res.setHeader("Access-Control-Allow-Credentials", "true");
+        res.setHeader('Access-Control-Allow-Credentials', 'true');
       }
 
-      if (req.method === "OPTIONS") {
-        res.status(200).send("");
+      if (req.method === 'OPTIONS') {
+        res.status(200).send('');
         return;
       }
 
@@ -561,28 +521,23 @@ export const middleware = {
 
   helmet: (): Middleware => {
     return (req, res, next) => {
-      res.setHeader("X-Content-Type-Options", "nosniff");
-      res.setHeader("X-Frame-Options", "DENY");
-      res.setHeader("X-XSS-Protection", "1; mode=block");
-      res.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
-      res.setHeader(
-        "Strict-Transport-Security",
-        "max-age=31536000; includeSubDomains",
-      );
-      res.setHeader("Content-Security-Policy", "default-src 'self'");
+      res.setHeader('X-Content-Type-Options', 'nosniff');
+      res.setHeader('X-Frame-Options', 'DENY');
+      res.setHeader('X-XSS-Protection', '1; mode=block');
+      res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
+      res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
+      res.setHeader('Content-Security-Policy', "default-src 'self'");
       next();
     };
   },
 
-  compression: (
-    options: { threshold?: number; level?: number } = {},
-  ): Middleware => {
-    const zlib = require("zlib");
+  compression: (options: { threshold?: number; level?: number } = {}): Middleware => {
+    const zlib = require('zlib');
     const threshold = options.threshold || 1024;
     const level = options.level || 6;
 
     return (req, res, next) => {
-      const acceptEncoding = req.headers["accept-encoding"] || "";
+      const acceptEncoding = req.headers['accept-encoding'] || '';
 
       // Override res.json to compress responses
       const originalJson = res.json;
@@ -593,45 +548,37 @@ export const middleware = {
         const buffer = Buffer.from(content);
 
         if (buffer.length < threshold) {
-          return isJson
-            ? originalJson.call(res, data)
-            : originalSend.call(res, data);
+          return isJson ? originalJson.call(res, data) : originalSend.call(res, data);
         }
 
-        if (acceptEncoding.includes("gzip")) {
-          res.setHeader("Content-Encoding", "gzip");
+        if (acceptEncoding.includes('gzip')) {
+          res.setHeader('Content-Encoding', 'gzip');
           zlib.gzip(buffer, { level }, (err: any, compressed: Buffer) => {
             if (err) {
-              return isJson
-                ? originalJson.call(res, data)
-                : originalSend.call(res, data);
+              return isJson ? originalJson.call(res, data) : originalSend.call(res, data);
             }
-            res.setHeader("Content-Length", compressed.length);
+            res.setHeader('Content-Length', compressed.length);
             res.writeHead(res.statusCode || 200, res.getHeaders());
             res.end(compressed);
           });
-        } else if (acceptEncoding.includes("deflate")) {
-          res.setHeader("Content-Encoding", "deflate");
+        } else if (acceptEncoding.includes('deflate')) {
+          res.setHeader('Content-Encoding', 'deflate');
           zlib.deflate(buffer, { level }, (err: any, compressed: Buffer) => {
             if (err) {
-              return isJson
-                ? originalJson.call(res, data)
-                : originalSend.call(res, data);
+              return isJson ? originalJson.call(res, data) : originalSend.call(res, data);
             }
-            res.setHeader("Content-Length", compressed.length);
+            res.setHeader('Content-Length', compressed.length);
             res.writeHead(res.statusCode || 200, res.getHeaders());
             res.end(compressed);
           });
         } else {
-          return isJson
-            ? originalJson.call(res, data)
-            : originalSend.call(res, data);
+          return isJson ? originalJson.call(res, data) : originalSend.call(res, data);
         }
       };
 
       res.json = function (data: any) {
         // Ensure charset is set for Safari compatibility
-        this.setHeader("Content-Type", "application/json; charset=utf-8");
+        this.setHeader('Content-Type', 'application/json; charset=utf-8');
         compressResponse(data, true);
         return this;
       };
@@ -648,7 +595,7 @@ export const middleware = {
   requestLogger: (): Middleware => {
     return (req, res, next) => {
       const start = Date.now();
-      res.on("finish", () => {
+      res.on('finish', () => {
         const duration = Date.now() - start;
         // Request completed - logged by framework
       });
@@ -658,16 +605,16 @@ export const middleware = {
   },
 
   bodySize: (options: { limit?: string } = {}): Middleware => {
-    const limit = options.limit || "10mb";
+    const limit = options.limit || '10mb';
     const limitBytes = parseSize(limit);
 
     return (req, res, next) => {
-      const contentLength = parseInt(req.headers["content-length"] || "0");
+      const contentLength = parseInt(req.headers['content-length'] || '0');
 
       if (contentLength > limitBytes) {
         res.status(413).json({
           success: false,
-          error: "Request entity too large",
+          error: 'Request entity too large',
           limit: limit,
         });
         return;
@@ -681,36 +628,36 @@ export const middleware = {
     root: string;
     maxAge?: number;
     index?: string[];
-    dotfiles?: "allow" | "deny" | "ignore";
+    dotfiles?: 'allow' | 'deny' | 'ignore';
     etag?: boolean;
   }): Middleware => {
     return async (req, res, next) => {
       // Only handle GET and HEAD requests
-      if (req.method !== "GET" && req.method !== "HEAD") {
+      if (req.method !== 'GET' && req.method !== 'HEAD') {
         next();
         return;
       }
 
       try {
-        const fs = await import("fs/promises");
-        const path = await import("path");
-        const crypto = await import("crypto");
+        const fs = await import('fs/promises');
+        const path = await import('path');
+        const crypto = await import('crypto');
 
         let filePath = path.join(options.root, req.path);
 
         // Security: prevent directory traversal
         if (!filePath.startsWith(path.resolve(options.root))) {
-          res.status(403).json({ success: false, error: "Forbidden" });
+          res.status(403).json({ success: false, error: 'Forbidden' });
           return;
         }
 
         // Handle dotfiles
         const basename = path.basename(filePath);
-        if (basename.startsWith(".")) {
-          if (options.dotfiles === "deny") {
-            res.status(403).json({ success: false, error: "Forbidden" });
+        if (basename.startsWith('.')) {
+          if (options.dotfiles === 'deny') {
+            res.status(403).json({ success: false, error: 'Forbidden' });
             return;
-          } else if (options.dotfiles === "ignore") {
+          } else if (options.dotfiles === 'ignore') {
             next();
             return;
           }
@@ -726,7 +673,7 @@ export const middleware = {
 
         // Handle directories
         if (stats.isDirectory()) {
-          const indexFiles = options.index || ["index.html", "index.htm"];
+          const indexFiles = options.index || ['index.html', 'index.htm'];
           let indexFound = false;
 
           for (const indexFile of indexFiles) {
@@ -753,57 +700,52 @@ export const middleware = {
         // Set headers with proper mime type and charset
         const ext = path.extname(filePath);
         const mimeTypes: Record<string, string> = {
-          ".html": "text/html",
-          ".css": "text/css",
-          ".js": "application/javascript",
-          ".json": "application/json",
-          ".png": "image/png",
-          ".jpg": "image/jpeg",
-          ".jpeg": "image/jpeg",
-          ".gif": "image/gif",
-          ".svg": "image/svg+xml",
-          ".ico": "image/x-icon",
-          ".pdf": "application/pdf",
-          ".txt": "text/plain",
-          ".xml": "application/xml",
+          '.html': 'text/html',
+          '.css': 'text/css',
+          '.js': 'application/javascript',
+          '.json': 'application/json',
+          '.png': 'image/png',
+          '.jpg': 'image/jpeg',
+          '.jpeg': 'image/jpeg',
+          '.gif': 'image/gif',
+          '.svg': 'image/svg+xml',
+          '.ico': 'image/x-icon',
+          '.pdf': 'application/pdf',
+          '.txt': 'text/plain',
+          '.xml': 'application/xml',
         };
 
-        const baseMimeType =
-          mimeTypes[ext.toLowerCase()] || "application/octet-stream";
+        const baseMimeType = mimeTypes[ext.toLowerCase()] || 'application/octet-stream';
 
         // Add charset for text-based files
         const textTypes = [
-          "text/",
-          "application/json",
-          "application/javascript",
-          "application/xml",
-          "image/svg+xml",
+          'text/',
+          'application/json',
+          'application/javascript',
+          'application/xml',
+          'image/svg+xml',
         ];
-        const needsCharset = textTypes.some((type) =>
-          baseMimeType.startsWith(type),
-        );
-        const contentType = needsCharset
-          ? `${baseMimeType}; charset=utf-8`
-          : baseMimeType;
+        const needsCharset = textTypes.some(type => baseMimeType.startsWith(type));
+        const contentType = needsCharset ? `${baseMimeType}; charset=utf-8` : baseMimeType;
 
-        res.setHeader("Content-Type", contentType);
-        res.setHeader("Content-Length", stats.size);
+        res.setHeader('Content-Type', contentType);
+        res.setHeader('Content-Length', stats.size);
 
         // Cache headers
         if (options.maxAge) {
-          res.setHeader("Cache-Control", `public, max-age=${options.maxAge}`);
+          res.setHeader('Cache-Control', `public, max-age=${options.maxAge}`);
         }
 
         // ETag support
         if (options.etag !== false) {
           const etag = crypto
-            .createHash("md5")
+            .createHash('md5')
             .update(`${stats.mtime.getTime()}-${stats.size}`)
-            .digest("hex");
-          res.setHeader("ETag", `"${etag}"`);
+            .digest('hex');
+          res.setHeader('ETag', `"${etag}"`);
 
           // Handle conditional requests
-          const ifNoneMatch = req.headers["if-none-match"];
+          const ifNoneMatch = req.headers['if-none-match'];
           if (ifNoneMatch === `"${etag}"`) {
             res.statusCode = 304;
             res.end();
@@ -812,7 +754,7 @@ export const middleware = {
         }
 
         // Handle HEAD requests
-        if (req.method === "HEAD") {
+        if (req.method === 'HEAD') {
           res.end();
           return;
         }
@@ -821,9 +763,7 @@ export const middleware = {
         const data = await fs.readFile(filePath);
         res.end(data);
       } catch (error) {
-        res
-          .status(500)
-          .json({ success: false, error: "Internal server error" });
+        res.status(500).json({ success: false, error: 'Internal server error' });
       }
     };
   },
@@ -834,12 +774,12 @@ export const middleware = {
       maxFileSize?: number;
       maxFiles?: number;
       allowedTypes?: string[];
-    } = {},
+    } = {}
   ): Middleware => {
     return (req, res, next) => {
-      const contentType = req.headers["content-type"] || "";
+      const contentType = req.headers['content-type'] || '';
 
-      if (!contentType.includes("multipart/form-data")) {
+      if (!contentType.includes('multipart/form-data')) {
         next();
         return;
       }
@@ -894,7 +834,7 @@ export const middleware = {
 
   template: (options: {
     views: string;
-    engine?: "moro" | "handlebars" | "ejs";
+    engine?: 'moro' | 'handlebars' | 'ejs';
     cache?: boolean;
     defaultLayout?: string;
   }): Middleware => {
@@ -904,8 +844,8 @@ export const middleware = {
       // Add render method to response
       res.render = async (template: string, data: any = {}) => {
         try {
-          const fs = await import("fs/promises");
-          const path = await import("path");
+          const fs = await import('fs/promises');
+          const path = await import('path');
 
           const templatePath = path.join(options.views, `${template}.html`);
 
@@ -915,7 +855,7 @@ export const middleware = {
           if (options.cache && templateCache.has(templatePath)) {
             templateContent = templateCache.get(templatePath)!;
           } else {
-            templateContent = await fs.readFile(templatePath, "utf-8");
+            templateContent = await fs.readFile(templatePath, 'utf-8');
             if (options.cache) {
               templateCache.set(templatePath, templateContent);
             }
@@ -925,47 +865,37 @@ export const middleware = {
           let rendered = templateContent;
 
           // Handle basic variable substitution
-          rendered = rendered.replace(
-            /\{\{(\w+)\}\}/g,
-            (match: string, key: string) => {
-              return data[key] !== undefined ? String(data[key]) : match;
-            },
-          );
+          rendered = rendered.replace(/\{\{(\w+)\}\}/g, (match: string, key: string) => {
+            return data[key] !== undefined ? String(data[key]) : match;
+          });
 
           // Handle nested object properties like {{user.name}}
-          rendered = rendered.replace(
-            /\{\{([\w.]+)\}\}/g,
-            (match: string, key: string) => {
-              const value = key
-                .split(".")
-                .reduce((obj: any, prop: string) => obj?.[prop], data);
-              return value !== undefined ? String(value) : match;
-            },
-          );
+          rendered = rendered.replace(/\{\{([\w.]+)\}\}/g, (match: string, key: string) => {
+            const value = key.split('.').reduce((obj: any, prop: string) => obj?.[prop], data);
+            return value !== undefined ? String(value) : match;
+          });
 
           // Handle loops: {{#each items}}{{name}}{{/each}}
           rendered = rendered.replace(
             /\{\{#each (\w+)\}\}(.*?)\{\{\/each\}\}/gs,
             (match, arrayKey, template) => {
               const array = data[arrayKey];
-              if (!Array.isArray(array)) return "";
+              if (!Array.isArray(array)) return '';
 
               return array
-                .map((item) => {
+                .map(item => {
                   let itemTemplate = template;
                   // Replace variables in the loop template
                   itemTemplate = itemTemplate.replace(
                     /\{\{(\w+)\}\}/g,
                     (match: string, key: string) => {
-                      return item[key] !== undefined
-                        ? String(item[key])
-                        : match;
-                    },
+                      return item[key] !== undefined ? String(item[key]) : match;
+                    }
                   );
                   return itemTemplate;
                 })
-                .join("");
-            },
+                .join('');
+            }
           );
 
           // Handle conditionals: {{#if condition}}content{{/if}}
@@ -973,24 +903,20 @@ export const middleware = {
             /\{\{#if (\w+)\}\}(.*?)\{\{\/if\}\}/gs,
             (match, conditionKey, content) => {
               const condition = data[conditionKey];
-              return condition ? content : "";
-            },
+              return condition ? content : '';
+            }
           );
 
           // Handle layout
           if (options.defaultLayout) {
-            const layoutPath = path.join(
-              options.views,
-              "layouts",
-              `${options.defaultLayout}.html`,
-            );
+            const layoutPath = path.join(options.views, 'layouts', `${options.defaultLayout}.html`);
             try {
               let layoutContent: string;
 
               if (options.cache && templateCache.has(layoutPath)) {
                 layoutContent = templateCache.get(layoutPath)!;
               } else {
-                layoutContent = await fs.readFile(layoutPath, "utf-8");
+                layoutContent = await fs.readFile(layoutPath, 'utf-8');
                 if (options.cache) {
                   templateCache.set(layoutPath, layoutContent);
                 }
@@ -1002,12 +928,10 @@ export const middleware = {
             }
           }
 
-          res.setHeader("Content-Type", "text/html");
+          res.setHeader('Content-Type', 'text/html');
           res.end(rendered);
         } catch (error) {
-          res
-            .status(500)
-            .json({ success: false, error: "Template rendering failed" });
+          res.status(500).json({ success: false, error: 'Template rendering failed' });
         }
       };
 
@@ -1020,21 +944,17 @@ export const middleware = {
     options: {
       resources?: Array<{ path: string; as: string; type?: string }>;
       condition?: (req: any) => boolean;
-    } = {},
+    } = {}
   ): Middleware => {
     return (req, res, next) => {
       // Add HTTP/2 push capability to response
       (res as any).push = (path: string, options: any = {}) => {
         // Check if HTTP/2 is supported
-        if (
-          req.httpVersion === "2.0" &&
-          (res as any).stream &&
-          (res as any).stream.pushAllowed
-        ) {
+        if (req.httpVersion === '2.0' && (res as any).stream && (res as any).stream.pushAllowed) {
           try {
             const pushStream = (res as any).stream.pushStream({
-              ":method": "GET",
-              ":path": path,
+              ':method': 'GET',
+              ':path': path,
               ...options.headers,
             });
 
@@ -1054,7 +974,7 @@ export const middleware = {
         for (const resource of options.resources) {
           (res as any).push?.(resource.path, {
             headers: {
-              "content-type": resource.type || "text/plain",
+              'content-type': resource.type || 'text/plain',
             },
           });
         }
@@ -1070,29 +990,25 @@ export const middleware = {
       heartbeat?: number;
       retry?: number;
       cors?: boolean;
-    } = {},
+    } = {}
   ): Middleware => {
     return (req, res, next) => {
       // Only handle SSE requests
-      if (req.headers.accept?.includes("text/event-stream")) {
+      if (req.headers.accept?.includes('text/event-stream')) {
         // Set SSE headers
         res.writeHead(200, {
-          "Content-Type": "text/event-stream",
-          "Cache-Control": "no-cache",
-          Connection: "keep-alive",
-          "Access-Control-Allow-Origin": options.cors ? "*" : undefined,
-          "Access-Control-Allow-Headers": options.cors
-            ? "Cache-Control"
-            : undefined,
+          'Content-Type': 'text/event-stream',
+          'Cache-Control': 'no-cache',
+          Connection: 'keep-alive',
+          'Access-Control-Allow-Origin': options.cors ? '*' : undefined,
+          'Access-Control-Allow-Headers': options.cors ? 'Cache-Control' : undefined,
         });
 
         // Add SSE methods to response
         (res as any).sendEvent = (data: any, event?: string, id?: string) => {
           if (id) res.write(`id: ${id}\n`);
           if (event) res.write(`event: ${event}\n`);
-          res.write(
-            `data: ${typeof data === "string" ? data : JSON.stringify(data)}\n\n`,
-          );
+          res.write(`data: ${typeof data === 'string' ? data : JSON.stringify(data)}\n\n`);
         };
 
         (res as any).sendComment = (comment: string) => {
@@ -1107,7 +1023,7 @@ export const middleware = {
         let heartbeatInterval: NodeJS.Timeout | null = null;
         if (options.heartbeat) {
           heartbeatInterval = setInterval(() => {
-            (res as any).sendComment("heartbeat");
+            (res as any).sendComment('heartbeat');
           }, options.heartbeat);
         }
 
@@ -1117,7 +1033,7 @@ export const middleware = {
         }
 
         // Clean up on close
-        req.on("close", () => {
+        req.on('close', () => {
           if (heartbeatInterval) {
             clearInterval(heartbeatInterval);
           }
@@ -1136,14 +1052,14 @@ export const middleware = {
     options: {
       acceptRanges?: string;
       maxRanges?: number;
-    } = {},
+    } = {}
   ): Middleware => {
     return async (req, res, next) => {
       // Add range support to response
       (res as any).sendRange = async (filePath: string, stats?: any) => {
         try {
-          const fs = await import("fs/promises");
-          const path = await import("path");
+          const fs = await import('fs/promises');
+          const path = await import('path');
 
           if (!stats) {
             stats = await fs.stat(filePath);
@@ -1153,11 +1069,11 @@ export const middleware = {
           const range = req.headers.range;
 
           // Set Accept-Ranges header
-          res.setHeader("Accept-Ranges", options.acceptRanges || "bytes");
+          res.setHeader('Accept-Ranges', options.acceptRanges || 'bytes');
 
           if (!range) {
             // No range requested, send entire file
-            res.setHeader("Content-Length", fileSize);
+            res.setHeader('Content-Length', fileSize);
             const data = await fs.readFile(filePath);
             res.end(data);
             return;
@@ -1165,10 +1081,10 @@ export const middleware = {
 
           // Parse range header
           const ranges = range
-            .replace(/bytes=/, "")
-            .split(",")
-            .map((r) => {
-              const [start, end] = r.split("-");
+            .replace(/bytes=/, '')
+            .split(',')
+            .map(r => {
+              const [start, end] = r.split('-');
               return {
                 start: start ? parseInt(start) : 0,
                 end: end ? parseInt(end) : fileSize - 1,
@@ -1177,7 +1093,7 @@ export const middleware = {
 
           // Validate ranges
           if (options.maxRanges && ranges.length > options.maxRanges) {
-            res.status(416).json({ success: false, error: "Too many ranges" });
+            res.status(416).json({ success: false, error: 'Too many ranges' });
             return;
           }
 
@@ -1187,45 +1103,40 @@ export const middleware = {
             const chunkSize = end - start + 1;
 
             if (start >= fileSize || end >= fileSize) {
-              res.status(416).setHeader("Content-Range", `bytes */${fileSize}`);
-              res.json({ success: false, error: "Range not satisfiable" });
+              res.status(416).setHeader('Content-Range', `bytes */${fileSize}`);
+              res.json({ success: false, error: 'Range not satisfiable' });
               return;
             }
 
             res.status(206);
-            res.setHeader("Content-Range", `bytes ${start}-${end}/${fileSize}`);
-            res.setHeader("Content-Length", chunkSize);
+            res.setHeader('Content-Range', `bytes ${start}-${end}/${fileSize}`);
+            res.setHeader('Content-Length', chunkSize);
 
             // Stream the range
-            const stream = require("fs").createReadStream(filePath, {
+            const stream = require('fs').createReadStream(filePath, {
               start,
               end,
             });
             stream.pipe(res);
           } else {
             // Multiple ranges - multipart response
-            const boundary = "MULTIPART_BYTERANGES";
+            const boundary = 'MULTIPART_BYTERANGES';
             res.status(206);
-            res.setHeader(
-              "Content-Type",
-              `multipart/byteranges; boundary=${boundary}`,
-            );
+            res.setHeader('Content-Type', `multipart/byteranges; boundary=${boundary}`);
 
             for (const { start, end } of ranges) {
               if (start >= fileSize || end >= fileSize) continue;
 
               const chunkSize = end - start + 1;
               res.write(`\r\n--${boundary}\r\n`);
-              res.write(
-                `Content-Range: bytes ${start}-${end}/${fileSize}\r\n\r\n`,
-              );
+              res.write(`Content-Range: bytes ${start}-${end}/${fileSize}\r\n\r\n`);
 
-              const stream = require("fs").createReadStream(filePath, {
+              const stream = require('fs').createReadStream(filePath, {
                 start,
                 end,
               });
-              await new Promise((resolve) => {
-                stream.on("end", resolve);
+              await new Promise(resolve => {
+                stream.on('end', resolve);
                 stream.pipe(res, { end: false });
               });
             }
@@ -1233,9 +1144,7 @@ export const middleware = {
             res.end();
           }
         } catch (error) {
-          res
-            .status(500)
-            .json({ success: false, error: "Range request failed" });
+          res.status(500).json({ success: false, error: 'Range request failed' });
         }
       };
 
@@ -1252,17 +1161,17 @@ export const middleware = {
       headerName?: string;
       ignoreMethods?: string[];
       sameSite?: boolean;
-    } = {},
+    } = {}
   ): Middleware => {
-    const secret = options.secret || "moro-csrf-secret";
+    const secret = options.secret || 'moro-csrf-secret';
     const tokenLength = options.tokenLength || 32;
-    const cookieName = options.cookieName || "_csrf";
-    const headerName = options.headerName || "x-csrf-token";
-    const ignoreMethods = options.ignoreMethods || ["GET", "HEAD", "OPTIONS"];
+    const cookieName = options.cookieName || '_csrf';
+    const headerName = options.headerName || 'x-csrf-token';
+    const ignoreMethods = options.ignoreMethods || ['GET', 'HEAD', 'OPTIONS'];
 
     const generateToken = () => {
-      const crypto = require("crypto");
-      return crypto.randomBytes(tokenLength).toString("hex");
+      const crypto = require('crypto');
+      return crypto.randomBytes(tokenLength).toString('hex');
     };
 
     const verifyToken = (token: string, sessionToken: string) => {
@@ -1277,10 +1186,8 @@ export const middleware = {
           // Set token in cookie
           res.cookie(cookieName, (req as any)._csrfToken, {
             httpOnly: true,
-            sameSite: options.sameSite !== false ? "strict" : undefined,
-            secure:
-              req.headers["x-forwarded-proto"] === "https" ||
-              (req.socket as any).encrypted,
+            sameSite: options.sameSite !== false ? 'strict' : undefined,
+            secure: req.headers['x-forwarded-proto'] === 'https' || (req.socket as any).encrypted,
           });
         }
         return (req as any)._csrfToken;
@@ -1294,18 +1201,16 @@ export const middleware = {
 
       // Get token from header or body
       const token =
-        req.headers[headerName] ||
-        (req.body && req.body._csrf) ||
-        (req.query && req.query._csrf);
+        req.headers[headerName] || (req.body && req.body._csrf) || (req.query && req.query._csrf);
 
       // Get session token from cookie
       const sessionToken = req.cookies?.[cookieName];
 
-      if (!verifyToken(token as string, sessionToken || "")) {
+      if (!verifyToken(token as string, sessionToken || '')) {
         res.status(403).json({
           success: false,
-          error: "Invalid CSRF token",
-          code: "CSRF_TOKEN_MISMATCH",
+          error: 'Invalid CSRF token',
+          code: 'CSRF_TOKEN_MISMATCH',
         });
         return;
       }
@@ -1336,14 +1241,14 @@ export const middleware = {
       reportOnly?: boolean;
       reportUri?: string;
       nonce?: boolean;
-    } = {},
+    } = {}
   ): Middleware => {
     return (req, res, next) => {
       const directives = options.directives || {
         defaultSrc: ["'self'"],
         scriptSrc: ["'self'"],
         styleSrc: ["'self'", "'unsafe-inline'"],
-        imgSrc: ["'self'", "data:", "https:"],
+        imgSrc: ["'self'", 'data:', 'https:'],
         connectSrc: ["'self'"],
         fontSrc: ["'self'"],
         objectSrc: ["'none'"],
@@ -1354,8 +1259,8 @@ export const middleware = {
       // Generate nonce if requested
       let nonce: string | undefined;
       if (options.nonce) {
-        const crypto = require("crypto");
-        nonce = crypto.randomBytes(16).toString("base64");
+        const crypto = require('crypto');
+        nonce = crypto.randomBytes(16).toString('base64');
         (req as any).cspNonce = nonce;
       }
 
@@ -1363,25 +1268,20 @@ export const middleware = {
       const cspParts: string[] = [];
 
       for (const [directive, sources] of Object.entries(directives)) {
-        if (directive === "upgradeInsecureRequests" && sources === true) {
-          cspParts.push("upgrade-insecure-requests");
-        } else if (directive === "blockAllMixedContent" && sources === true) {
-          cspParts.push("block-all-mixed-content");
+        if (directive === 'upgradeInsecureRequests' && sources === true) {
+          cspParts.push('upgrade-insecure-requests');
+        } else if (directive === 'blockAllMixedContent' && sources === true) {
+          cspParts.push('block-all-mixed-content');
         } else if (Array.isArray(sources)) {
-          let sourceList = sources.join(" ");
+          let sourceList = sources.join(' ');
 
           // Add nonce to script-src and style-src if enabled
-          if (
-            nonce &&
-            (directive === "scriptSrc" || directive === "styleSrc")
-          ) {
+          if (nonce && (directive === 'scriptSrc' || directive === 'styleSrc')) {
             sourceList += ` 'nonce-${nonce}'`;
           }
 
           // Convert camelCase to kebab-case
-          const kebabDirective = directive
-            .replace(/([A-Z])/g, "-$1")
-            .toLowerCase();
+          const kebabDirective = directive.replace(/([A-Z])/g, '-$1').toLowerCase();
           cspParts.push(`${kebabDirective} ${sourceList}`);
         }
       }
@@ -1391,10 +1291,10 @@ export const middleware = {
         cspParts.push(`report-uri ${options.reportUri}`);
       }
 
-      const cspValue = cspParts.join("; ");
+      const cspValue = cspParts.join('; ');
       const headerName = options.reportOnly
-        ? "Content-Security-Policy-Report-Only"
-        : "Content-Security-Policy";
+        ? 'Content-Security-Policy-Report-Only'
+        : 'Content-Security-Policy';
 
       res.setHeader(headerName, cspValue);
 
@@ -1415,7 +1315,7 @@ function parseSize(size: string): number {
   if (!match) return 1024 * 1024; // Default 1MB
 
   const value = parseFloat(match[1]);
-  const unit = match[2] || "b";
+  const unit = match[2] || 'b';
 
   return Math.round(value * units[unit]);
 }