@morojs/moro 1.5.16 → 1.6.0

package/src/core/logger/filters.ts

@@ -1,5 +1,5 @@
 // Advanced Logger Filters
-import { LogEntry, LogFilter } from '../../types/logger';
+import { LogEntry, LogFilter } from '../../types/logger.js';
 
 // Level-based filter
 export const levelFilter = (minLevel: string): LogFilter => ({

package/src/core/logger/index.ts

@@ -6,8 +6,8 @@ export {
   configureGlobalLogger,
   applyLoggingConfiguration,
   destroyGlobalLogger,
-} from './logger';
-export * from './filters';
+} from './logger.js';
+export * from './filters.js';
 
 export type {
   LogLevel,
@@ -18,4 +18,4 @@ export type {
   LogFilter,
   LogMetrics,
   ColorScheme,
-} from '../../types/logger';
+} from '../../types/logger.js';

package/src/core/logger/logger.ts

@@ -10,7 +10,7 @@ import {
   LogFilter,
   LogMetrics,
   ColorScheme,
-} from '../../types/logger';
+} from '../../types/logger.js';
 
 export class MoroLogger implements Logger {
   private level: LogLevel = 'info';
@@ -343,6 +343,11 @@ export class MoroLogger implements Logger {
     context?: string,
     metadata?: Record<string, any>
   ): void {
+    // Prevent logging after destroy() is called (important for test cleanup)
+    if (this.isDestroyed) {
+      return;
+    }
+
     // Quick level check - use parent level if available (for child loggers)
     const effectiveLevel = this.parent ? this.parent.level : this.level;
     if (MoroLogger.LEVELS[level] < MoroLogger.LEVELS[effectiveLevel as LogLevel]) {
@@ -739,6 +744,9 @@ export class MoroLogger implements Logger {
     this.flushTimeout = setTimeout(() => {
       this.flushBuffer();
     }, this.flushInterval);
+
+    // Unref the timeout so it doesn't prevent process exit (important for tests)
+    this.flushTimeout.unref();
   }
 
   public flushBuffer(): void {

package/src/core/logger/outputs.ts

@@ -1,7 +1,7 @@
 // Advanced Logger Outputs
 import { writeFile, appendFile, mkdir } from 'fs/promises';
 import { join, dirname } from 'path';
-import { LogEntry, LogOutput } from '../../types/logger';
+import { LogEntry, LogOutput } from '../../types/logger.js';
 
 // File output for persistent logging
 export class FileOutput implements LogOutput {

package/src/core/middleware/built-in/adapters/cache/file.ts

@@ -1,6 +1,7 @@
 // File System Cache Adapter
-import { CacheAdapter } from '../../../../../types/cache';
-import { createFrameworkLogger } from '../../../../logger';
+import { CacheAdapter } from '../../../../../types/cache.js';
+import { createFrameworkLogger } from '../../../../logger/index.js';
+import crypto from 'crypto';
 
 const logger = createFrameworkLogger('FileCacheAdapter');
 
@@ -22,7 +23,6 @@ export class FileCacheAdapter implements CacheAdapter {
   }
 
   private getFilePath(key: string): string {
-    const crypto = require('crypto');
     const hash = crypto.createHash('md5').update(key).digest('hex');
     return `${this.cacheDir}/${hash}.json`;
   }

package/src/core/middleware/built-in/adapters/cache/index.ts

@@ -1,12 +1,12 @@
 // Cache Adapters
-export { MemoryCacheAdapter } from './memory';
-export { RedisCacheAdapter } from './redis';
-export { FileCacheAdapter } from './file';
+export { MemoryCacheAdapter } from './memory.js';
+export { RedisCacheAdapter } from './redis.js';
+export { FileCacheAdapter } from './file.js';
 
-import { MemoryCacheAdapter } from './memory';
-import { RedisCacheAdapter } from './redis';
-import { FileCacheAdapter } from './file';
-import { CacheAdapter } from '../../../../../types/cache';
+import { MemoryCacheAdapter } from './memory.js';
+import { RedisCacheAdapter } from './redis.js';
+import { FileCacheAdapter } from './file.js';
+import { CacheAdapter } from '../../../../../types/cache.js';
 
 // Adapter factory function for auto-loading
 export function createCacheAdapter(type: string, options: any = {}): CacheAdapter {

package/src/core/middleware/built-in/adapters/cache/memory.ts

@@ -1,6 +1,6 @@
 // Memory Cache Adapter
-import { CacheAdapter } from '../../../../../types/cache';
-import { createFrameworkLogger } from '../../../../logger';
+import { CacheAdapter } from '../../../../../types/cache.js';
+import { createFrameworkLogger } from '../../../../logger/index.js';
 
 const logger = createFrameworkLogger('MemoryCacheAdapter');
 

package/src/core/middleware/built-in/adapters/cache/redis.ts

@@ -1,6 +1,7 @@
 // Redis Cache Adapter
-import { CacheAdapter } from '../../../../../types/cache';
-import { createFrameworkLogger } from '../../../../logger';
+import { CacheAdapter } from '../../../../../types/cache.js';
+import { createFrameworkLogger } from '../../../../logger/index.js';
+import { resolveUserPackage } from '../../../../utilities/package-utils.js';
 
 const logger = createFrameworkLogger('RedisCacheAdapter');
 
@@ -16,9 +17,22 @@ export class RedisCacheAdapter implements CacheAdapter {
       keyPrefix?: string;
     } = {}
   ) {
+    this.initPromise = this.initialize(options);
+  }
+
+  private initPromise: Promise<void>;
+
+  private async initialize(options: {
+    host?: string;
+    port?: number;
+    password?: string;
+    db?: number;
+    keyPrefix?: string;
+  }): Promise<void> {
     try {
-      const redis = require('redis');
-      this.client = redis.createClient({
+      const redisPath = resolveUserPackage('redis');
+      const redis = await import(redisPath);
+      this.client = redis.default.createClient({
         host: options.host || 'localhost',
         port: options.port || 6379,
         password: options.password,

package/src/core/middleware/built-in/adapters/cdn/azure.ts

@@ -1,6 +1,6 @@
 // Azure CDN Adapter
-import { CDNAdapter } from '../../../../../types/cdn';
-import { createFrameworkLogger } from '../../../../logger';
+import { CDNAdapter } from '../../../../../types/cdn.js';
+import { createFrameworkLogger } from '../../../../logger/index.js';
 
 const logger = createFrameworkLogger('AzureCDNAdapter');
 

package/src/core/middleware/built-in/adapters/cdn/cloudflare.ts

@@ -1,6 +1,6 @@
 // Cloudflare CDN Adapter
-import { CDNAdapter } from '../../../../../types/cdn';
-import { createFrameworkLogger } from '../../../../logger';
+import { CDNAdapter } from '../../../../../types/cdn.js';
+import { createFrameworkLogger } from '../../../../logger/index.js';
 
 const logger = createFrameworkLogger('CloudflareCDNAdapter');
 

package/src/core/middleware/built-in/adapters/cdn/cloudfront.ts

@@ -1,6 +1,7 @@
 // AWS CloudFront CDN Adapter
-import { CDNAdapter } from '../../../../../types/cdn';
-import { createFrameworkLogger } from '../../../../logger';
+import { CDNAdapter } from '../../../../../types/cdn.js';
+import { createFrameworkLogger } from '../../../../logger/index.js';
+import { resolveUserPackage } from '../../../../utilities/package-utils.js';
 
 const logger = createFrameworkLogger('CloudFrontCDNAdapter');
 
@@ -15,16 +16,26 @@ export class CloudFrontCDNAdapter implements CDNAdapter {
     distributionId: string;
   }) {
     this.distributionId = options.distributionId;
+    this.initPromise = this.initialize(options);
+  }
+
+  private initPromise: Promise<void>;
 
+  private async initialize(options: {
+    accessKeyId: string;
+    secretAccessKey: string;
+    region: string;
+  }): Promise<void> {
     try {
-      const AWS = require('aws-sdk');
-      AWS.config.update({
+      const awsPath = resolveUserPackage('aws-sdk');
+      const AWS = await import(awsPath);
+      AWS.default.config.update({
         accessKeyId: options.accessKeyId,
         secretAccessKey: options.secretAccessKey,
         region: options.region,
       });
 
-      this.cloudfront = new AWS.CloudFront();
+      this.cloudfront = new AWS.default.CloudFront();
       logger.info('CloudFront CDN adapter initialized', 'CloudFront');
     } catch (error) {
       logger.error('AWS SDK not available', 'CloudFront');

package/src/core/middleware/built-in/adapters/cdn/index.ts

@@ -1,12 +1,12 @@
 // CDN Adapters
-export { CloudflareCDNAdapter } from './cloudflare';
-export { CloudFrontCDNAdapter } from './cloudfront';
-export { AzureCDNAdapter } from './azure';
+export { CloudflareCDNAdapter } from './cloudflare.js';
+export { CloudFrontCDNAdapter } from './cloudfront.js';
+export { AzureCDNAdapter } from './azure.js';
 
-import { CloudflareCDNAdapter } from './cloudflare';
-import { CloudFrontCDNAdapter } from './cloudfront';
-import { AzureCDNAdapter } from './azure';
-import { CDNAdapter } from '../../../../../types/cdn';
+import { CloudflareCDNAdapter } from './cloudflare.js';
+import { CloudFrontCDNAdapter } from './cloudfront.js';
+import { AzureCDNAdapter } from './azure.js';
+import { CDNAdapter } from '../../../../../types/cdn.js';
 
 // Adapter factory function for auto-loading
 export function createCDNAdapter(type: string, options: any = {}): CDNAdapter {

package/src/core/middleware/built-in/adapters/index.ts

@@ -1,7 +1,7 @@
 // Adapters Index
-export * from './cache';
-export * from './cdn';
+export * from './cache/index.js';
+export * from './cdn/index.js';
 
 // Re-export factory functions for convenience
-export { createCacheAdapter } from './cache';
-export { createCDNAdapter } from './cdn';
+export { createCacheAdapter } from './cache/index.js';
+export { createCDNAdapter } from './cdn/index.js';

package/src/core/middleware/built-in/auth-helpers.ts

@@ -1,5 +1,5 @@
 // Auth Helper Middleware and Utilities
-import { AuthRequest } from '../../../types/auth';
+import { AuthRequest } from '../../../types/auth.js';
 
 export interface AuthGuardOptions {
   redirectTo?: string;

package/src/core/middleware/built-in/auth-providers.ts

@@ -1,5 +1,5 @@
 // Extended Auth.js Provider Configurations
-import { AuthProvider } from '../../../types/auth';
+import { AuthProvider } from '../../../types/auth.js';
 
 /**
  * Popular OAuth Providers for Auth.js

package/src/core/middleware/built-in/auth.ts

@@ -1,7 +1,8 @@
 // Auth.js Authentication Middleware
 
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { createFrameworkLogger } from '../../logger';
+import crypto from 'crypto';
+import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
+import { createFrameworkLogger } from '../../logger/index.js';
 import {
   AuthOptions,
   AuthProvider,
@@ -11,7 +12,8 @@ import {
   OAuthProvider,
   CredentialsProvider,
   EmailProvider,
-} from '../../../types/auth';
+} from '../../../types/auth.js';
+import { safeVerifyJWT, createAuthErrorResponse } from './jwt-helpers.js';
 
 const logger = createFrameworkLogger('AuthMiddleware');
 
@@ -186,27 +188,59 @@ export const auth = (options: AuthOptions): MiddlewareInterface => ({
             session = await authInstance.getSession({ req: { ...req, token } });
           }
         } catch (error: any) {
-          // Handle specific JWT errors gracefully
+          // Handle specific JWT errors gracefully and return proper HTTP responses
           if (error.name === 'TokenExpiredError') {
             logger.debug('JWT token expired', 'TokenValidation', {
               message: error.message,
               expiredAt: error.expiredAt,
             });
+
+            // If this is a protected route request, return a proper 401 response
+            if (req.headers.accept?.includes('application/json')) {
+              return res.status(401).json(
+                createAuthErrorResponse({
+                  type: 'expired',
+                  message: error.message,
+                  expiredAt: error.expiredAt,
+                })
+              );
+            }
           } else if (error.name === 'JsonWebTokenError') {
             logger.debug('Invalid JWT token format', 'TokenValidation', {
               message: error.message,
             });
+
+            // If this is a protected route request, return a proper 401 response
+            if (req.headers.accept?.includes('application/json')) {
+              return res.status(401).json(
+                createAuthErrorResponse({
+                  type: 'invalid',
+                  message: error.message,
+                })
+              );
+            }
           } else if (error.name === 'NotBeforeError') {
             logger.debug('JWT token not active yet', 'TokenValidation', {
               message: error.message,
               date: error.date,
             });
+
+            // If this is a protected route request, return a proper 401 response
+            if (req.headers.accept?.includes('application/json')) {
+              return res.status(401).json(
+                createAuthErrorResponse({
+                  type: 'malformed',
+                  message: error.message,
+                  date: error.date,
+                })
+              );
+            }
           } else {
             logger.debug('JWT token validation failed', 'TokenValidation', {
               error: error.message || error,
             });
           }
-          // Continue with unauthenticated state - don't throw
+          // Continue with unauthenticated state for non-API requests
         }
       }
 
@@ -298,44 +332,34 @@ async function initializeAuthJS(config: AuthOptions): Promise<any> {
     },
 
     verifyJWT: async (token: string) => {
-      // Require jsonwebtoken for JWT verification
-      let jwt: any;
-      try {
-        jwt = require('jsonwebtoken');
-      } catch (error) {
-        throw new Error(
-          'JWT verification requires the "jsonwebtoken" package. ' +
-            'Please install it with: npm install jsonwebtoken @types/jsonwebtoken'
-        );
-      }
+      const secret = process.env.JWT_SECRET || config.jwt?.secret || config.secret || '';
+
+      // Use the safe JWT verification function
+      const result = await safeVerifyJWT(token, secret);
+
+      if (!result.success) {
+        // Create a custom error that includes the structured error information
+        const customError = new Error(result.error?.message || 'JWT verification failed');
+
+        // Add the error type information for upstream handling
+        (customError as any).jwtErrorType = result.error?.type;
+        (customError as any).jwtErrorDetails = result.error;
+
+        // Map the safe error types back to standard JWT error names for compatibility
+        if (result.error?.type === 'expired') {
+          customError.name = 'TokenExpiredError';
+          (customError as any).expiredAt = result.error.expiredAt;
+        } else if (result.error?.type === 'invalid') {
+          customError.name = 'JsonWebTokenError';
+        } else if (result.error?.type === 'malformed') {
+          customError.name = 'NotBeforeError';
+          (customError as any).date = result.error.date;
+        }
 
-      const secret = process.env.JWT_SECRET || config.jwt?.secret || config.secret;
-      if (!secret) {
-        throw new Error(
-          'JWT verification requires a secret. ' +
-            'Please set JWT_SECRET environment variable, or provide jwt.secret or secret in auth config.'
-        );
+        throw customError;
       }
 
-      try {
-        const decoded = jwt.verify(token, secret);
-        return decoded;
-      } catch (error: any) {
-        // Handle specific JWT errors gracefully
-        if (error.name === 'TokenExpiredError') {
-          // Token expired - handled gracefully by auth middleware
-          throw error;
-        } else if (error.name === 'JsonWebTokenError') {
-          // Invalid token format
-          throw error;
-        } else if (error.name === 'NotBeforeError') {
-          // Token not active yet
-          throw error;
-        } else {
-          // Other JWT errors
-          throw new Error(`JWT verification failed: ${error.message}`);
-        }
-      }
+      return result.payload;
     },
 
     signIn: async (provider?: string, options?: any) => {
@@ -355,7 +379,6 @@ async function initializeAuthJS(config: AuthOptions): Promise<any> {
 
     getCsrfToken: async () => {
       // Basic CSRF token generation
-      const crypto = require('crypto');
       return crypto.randomBytes(32).toString('hex');
     },
   };

package/src/core/middleware/built-in/cache.ts

@@ -1,8 +1,9 @@
 // Built-in Cache Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { CacheAdapter, CacheOptions, CachedResponse } from '../../../types/cache';
-import { createFrameworkLogger } from '../../logger';
-import { createCacheAdapter } from './adapters/cache';
+import crypto from 'crypto';
+import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
+import { CacheAdapter, CacheOptions, CachedResponse } from '../../../types/cache.js';
+import { createFrameworkLogger } from '../../logger/index.js';
+import { createCacheAdapter } from './adapters/cache/index.js';
 
 const logger = createFrameworkLogger('CacheMiddleware');
 
@@ -197,7 +198,6 @@ export const cache = (options: CacheOptions = {}): MiddlewareInterface => ({
       // Add ETag generation
       if (options.etag !== false) {
         res.generateETag = (content: string | Buffer) => {
-          const crypto = require('crypto');
           const hash = crypto.createHash('md5').update(content).digest('hex');
           const prefix = options.etag === 'weak' ? 'W/' : '';
           return `${prefix}"${hash}"`;

package/src/core/middleware/built-in/cdn.ts

@@ -1,8 +1,8 @@
 // Built-in CDN Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { CDNAdapter, CDNOptions } from '../../../types/cdn';
-import { createFrameworkLogger } from '../../logger';
-import { createCDNAdapter } from './adapters/cdn';
+import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
+import { CDNAdapter, CDNOptions } from '../../../types/cdn.js';
+import { createFrameworkLogger } from '../../logger/index.js';
+import { createCDNAdapter } from './adapters/cdn/index.js';
 
 const logger = createFrameworkLogger('CDNMiddleware');
 

package/src/core/middleware/built-in/cookie.ts

@@ -1,6 +1,6 @@
 // Cookie Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { createFrameworkLogger } from '../../logger';
+import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
+import { createFrameworkLogger } from '../../logger/index.js';
 
 const logger = createFrameworkLogger('CookieMiddleware');
 

package/src/core/middleware/built-in/cors.ts

@@ -1,6 +1,6 @@
 // CORS Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { createFrameworkLogger } from '../../logger';
+import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
+import { createFrameworkLogger } from '../../logger/index.js';
 
 const logger = createFrameworkLogger('CorsMiddleware');
 

package/src/core/middleware/built-in/csp.ts

@@ -1,6 +1,7 @@
 // Content Security Policy Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { createFrameworkLogger } from '../../logger';
+import crypto from 'crypto';
+import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
+import { createFrameworkLogger } from '../../logger/index.js';
 
 const logger = createFrameworkLogger('CSPMiddleware');
 
@@ -58,7 +59,6 @@ export const csp = (
       // Generate nonce if requested
       let nonce: string | undefined;
       if (options.nonce) {
-        const crypto = require('crypto');
         nonce = crypto.randomBytes(16).toString('base64');
         req.cspNonce = nonce;
       }

package/src/core/middleware/built-in/csrf.ts

@@ -1,6 +1,7 @@
 // CSRF Protection Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { createFrameworkLogger } from '../../logger';
+import crypto from 'crypto';
+import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
+import { createFrameworkLogger } from '../../logger/index.js';
 
 const logger = createFrameworkLogger('CSRFMiddleware');
 
@@ -33,7 +34,6 @@ export const csrf = (
     const ignoreMethods = options.ignoreMethods || ['GET', 'HEAD', 'OPTIONS'];
 
     const generateToken = () => {
-      const crypto = require('crypto');
       return crypto.randomBytes(tokenLength).toString('hex');
     };
 

package/src/core/middleware/built-in/error-tracker.ts

@@ -1,5 +1,5 @@
 // Error tracking middleware
-import { createFrameworkLogger } from '../../logger';
+import { createFrameworkLogger } from '../../logger/index.js';
 
 const logger = createFrameworkLogger('ErrorTracker');
 

package/src/core/middleware/built-in/index.ts

@@ -1,22 +1,22 @@
 // Built-in Middleware Exports
-export { auth } from './auth';
-export { rateLimit } from './rate-limit';
-export { cors } from './cors';
-export { validation } from './validation';
-export { requestLogger } from './request-logger';
-export { performanceMonitor } from './performance-monitor';
-export { errorTracker } from './error-tracker';
+export { auth } from './auth.js';
+export { rateLimit } from './rate-limit.js';
+export { cors } from './cors.js';
+export { validation } from './validation.js';
+export { requestLogger } from './request-logger.js';
+export { performanceMonitor } from './performance-monitor.js';
+export { errorTracker } from './error-tracker.js';
 
 // Advanced Security & Performance Middleware
-export { cookie } from './cookie';
-export { csrf } from './csrf';
-export { csp } from './csp';
-export { sse } from './sse';
-export { session } from './session';
+export { cookie } from './cookie.js';
+export { csrf } from './csrf.js';
+export { csp } from './csp.js';
+export { sse } from './sse.js';
+export { session } from './session.js';
 
 // Clean Architecture Middleware
-export { cache } from './cache';
-export { cdn } from './cdn';
+export { cache } from './cache.js';
+export { cdn } from './cdn.js';
 
 // Auth Helpers and Extended Providers
 export {
@@ -31,7 +31,7 @@ export {
   authUtils,
   authResponses,
   sessionHelpers,
-} from './auth-helpers';
+} from './auth-helpers.js';
 
 // JWT Utilities for Custom Middleware
 export {
@@ -39,30 +39,30 @@ export {
   extractJWTFromHeader,
   createAuthErrorResponse,
   type JWTVerificationResult,
-} from './jwt-helpers';
+} from './jwt-helpers.js';
 
 export {
   extendedProviders,
   enterpriseProviders,
   createCustomOAuthProvider,
   createCustomOIDCProvider,
-} from './auth-providers';
+} from './auth-providers.js';
 
 // Import for collections
-import { auth } from './auth';
-import { rateLimit } from './rate-limit';
-import { cors } from './cors';
-import { validation } from './validation';
-import { requestLogger } from './request-logger';
-import { performanceMonitor } from './performance-monitor';
-import { errorTracker } from './error-tracker';
-import { cookie } from './cookie';
-import { csrf } from './csrf';
-import { csp } from './csp';
-import { sse } from './sse';
-import { session } from './session';
-import { cache } from './cache';
-import { cdn } from './cdn';
+import { auth } from './auth.js';
+import { rateLimit } from './rate-limit.js';
+import { cors } from './cors.js';
+import { validation } from './validation.js';
+import { requestLogger } from './request-logger.js';
+import { performanceMonitor } from './performance-monitor.js';
+import { errorTracker } from './error-tracker.js';
+import { cookie } from './cookie.js';
+import { csrf } from './csrf.js';
+import { csp } from './csp.js';
+import { sse } from './sse.js';
+import { session } from './session.js';
+import { cache } from './cache.js';
+import { cdn } from './cdn.js';
 
 export const builtInMiddleware = {
   auth,