@morojs/moro 1.6.1 → 1.6.2

package/src/core/logger/outputs.ts

@@ -1,7 +1,7 @@
 // Advanced Logger Outputs
 import { writeFile, appendFile, mkdir } from 'fs/promises';
 import { join, dirname } from 'path';
-import { LogEntry, LogOutput } from '../../types/logger';
+import { LogEntry, LogOutput } from '../../types/logger.js';
 
 // File output for persistent logging
 export class FileOutput implements LogOutput {
@@ -29,7 +29,6 @@ export class FileOutput implements LogOutput {
 
       // TODO: Implement log rotation if needed
     } catch (error) {
-      // Use console.error as fallback since this is the logger itself
       console.error('File logger error:', error);
     }
   }
@@ -77,7 +76,6 @@ export class WebhookOutput implements LogOutput {
         throw new Error(`Webhook failed: ${response.status}`);
       }
     } catch (error) {
-      // Use console.error as fallback since this is the logger itself
       console.error('Webhook logger error:', error);
     }
   }

package/src/core/middleware/built-in/adapters/cache/file.ts

@@ -1,6 +1,7 @@
 // File System Cache Adapter
-import { CacheAdapter } from '../../../../../types/cache';
-import { createFrameworkLogger } from '../../../../logger';
+import { CacheAdapter } from '../../../../../types/cache.js';
+import { createFrameworkLogger } from '../../../../logger/index.js';
+import crypto from 'crypto';
 
 const logger = createFrameworkLogger('FileCacheAdapter');
 
@@ -22,7 +23,6 @@ export class FileCacheAdapter implements CacheAdapter {
   }
 
   private getFilePath(key: string): string {
-    const crypto = require('crypto');
     const hash = crypto.createHash('md5').update(key).digest('hex');
     return `${this.cacheDir}/${hash}.json`;
   }

package/src/core/middleware/built-in/adapters/cache/index.ts

@@ -1,12 +1,12 @@
 // Cache Adapters
-export { MemoryCacheAdapter } from './memory';
-export { RedisCacheAdapter } from './redis';
-export { FileCacheAdapter } from './file';
+export { MemoryCacheAdapter } from './memory.js';
+export { RedisCacheAdapter } from './redis.js';
+export { FileCacheAdapter } from './file.js';
 
-import { MemoryCacheAdapter } from './memory';
-import { RedisCacheAdapter } from './redis';
-import { FileCacheAdapter } from './file';
-import { CacheAdapter } from '../../../../../types/cache';
+import { MemoryCacheAdapter } from './memory.js';
+import { RedisCacheAdapter } from './redis.js';
+import { FileCacheAdapter } from './file.js';
+import { CacheAdapter } from '../../../../../types/cache.js';
 
 // Adapter factory function for auto-loading
 export function createCacheAdapter(type: string, options: any = {}): CacheAdapter {

package/src/core/middleware/built-in/adapters/cache/memory.ts

@@ -1,6 +1,6 @@
 // Memory Cache Adapter
-import { CacheAdapter } from '../../../../../types/cache';
-import { createFrameworkLogger } from '../../../../logger';
+import { CacheAdapter } from '../../../../../types/cache.js';
+import { createFrameworkLogger } from '../../../../logger/index.js';
 
 const logger = createFrameworkLogger('MemoryCacheAdapter');
 

package/src/core/middleware/built-in/adapters/cache/redis.ts

@@ -1,6 +1,7 @@
 // Redis Cache Adapter
-import { CacheAdapter } from '../../../../../types/cache';
-import { createFrameworkLogger } from '../../../../logger';
+import { CacheAdapter } from '../../../../../types/cache.js';
+import { createFrameworkLogger } from '../../../../logger/index.js';
+import { resolveUserPackage } from '../../../../utilities/package-utils.js';
 
 const logger = createFrameworkLogger('RedisCacheAdapter');
 
@@ -16,9 +17,22 @@ export class RedisCacheAdapter implements CacheAdapter {
       keyPrefix?: string;
     } = {}
   ) {
+    this.initPromise = this.initialize(options);
+  }
+
+  private initPromise: Promise<void>;
+
+  private async initialize(options: {
+    host?: string;
+    port?: number;
+    password?: string;
+    db?: number;
+    keyPrefix?: string;
+  }): Promise<void> {
     try {
-      const redis = require('redis');
-      this.client = redis.createClient({
+      const redisPath = resolveUserPackage('redis');
+      const redis = await import(redisPath);
+      this.client = redis.default.createClient({
         host: options.host || 'localhost',
         port: options.port || 6379,
         password: options.password,

package/src/core/middleware/built-in/adapters/cdn/azure.ts

@@ -1,6 +1,6 @@
 // Azure CDN Adapter
-import { CDNAdapter } from '../../../../../types/cdn';
-import { createFrameworkLogger } from '../../../../logger';
+import { CDNAdapter } from '../../../../../types/cdn.js';
+import { createFrameworkLogger } from '../../../../logger/index.js';
 
 const logger = createFrameworkLogger('AzureCDNAdapter');
 

package/src/core/middleware/built-in/adapters/cdn/cloudflare.ts

@@ -1,6 +1,6 @@
 // Cloudflare CDN Adapter
-import { CDNAdapter } from '../../../../../types/cdn';
-import { createFrameworkLogger } from '../../../../logger';
+import { CDNAdapter } from '../../../../../types/cdn.js';
+import { createFrameworkLogger } from '../../../../logger/index.js';
 
 const logger = createFrameworkLogger('CloudflareCDNAdapter');
 

package/src/core/middleware/built-in/adapters/cdn/cloudfront.ts

@@ -1,6 +1,7 @@
 // AWS CloudFront CDN Adapter
-import { CDNAdapter } from '../../../../../types/cdn';
-import { createFrameworkLogger } from '../../../../logger';
+import { CDNAdapter } from '../../../../../types/cdn.js';
+import { createFrameworkLogger } from '../../../../logger/index.js';
+import { resolveUserPackage } from '../../../../utilities/package-utils.js';
 
 const logger = createFrameworkLogger('CloudFrontCDNAdapter');
 
@@ -15,16 +16,26 @@ export class CloudFrontCDNAdapter implements CDNAdapter {
     distributionId: string;
   }) {
     this.distributionId = options.distributionId;
+    this.initPromise = this.initialize(options);
+  }
+
+  private initPromise: Promise<void>;
 
+  private async initialize(options: {
+    accessKeyId: string;
+    secretAccessKey: string;
+    region: string;
+  }): Promise<void> {
     try {
-      const AWS = require('aws-sdk');
-      AWS.config.update({
+      const awsPath = resolveUserPackage('aws-sdk');
+      const AWS = await import(awsPath);
+      AWS.default.config.update({
         accessKeyId: options.accessKeyId,
         secretAccessKey: options.secretAccessKey,
         region: options.region,
       });
 
-      this.cloudfront = new AWS.CloudFront();
+      this.cloudfront = new AWS.default.CloudFront();
       logger.info('CloudFront CDN adapter initialized', 'CloudFront');
     } catch (error) {
       logger.error('AWS SDK not available', 'CloudFront');

package/src/core/middleware/built-in/adapters/cdn/index.ts

@@ -1,12 +1,12 @@
 // CDN Adapters
-export { CloudflareCDNAdapter } from './cloudflare';
-export { CloudFrontCDNAdapter } from './cloudfront';
-export { AzureCDNAdapter } from './azure';
+export { CloudflareCDNAdapter } from './cloudflare.js';
+export { CloudFrontCDNAdapter } from './cloudfront.js';
+export { AzureCDNAdapter } from './azure.js';
 
-import { CloudflareCDNAdapter } from './cloudflare';
-import { CloudFrontCDNAdapter } from './cloudfront';
-import { AzureCDNAdapter } from './azure';
-import { CDNAdapter } from '../../../../../types/cdn';
+import { CloudflareCDNAdapter } from './cloudflare.js';
+import { CloudFrontCDNAdapter } from './cloudfront.js';
+import { AzureCDNAdapter } from './azure.js';
+import { CDNAdapter } from '../../../../../types/cdn.js';
 
 // Adapter factory function for auto-loading
 export function createCDNAdapter(type: string, options: any = {}): CDNAdapter {

package/src/core/middleware/built-in/adapters/index.ts

@@ -1,7 +1,7 @@
 // Adapters Index
-export * from './cache';
-export * from './cdn';
+export * from './cache/index.js';
+export * from './cdn/index.js';
 
 // Re-export factory functions for convenience
-export { createCacheAdapter } from './cache';
-export { createCDNAdapter } from './cdn';
+export { createCacheAdapter } from './cache/index.js';
+export { createCDNAdapter } from './cdn/index.js';

package/src/core/middleware/built-in/auth-helpers.ts

@@ -1,5 +1,5 @@
 // Auth Helper Middleware and Utilities
-import { AuthRequest } from '../../../types/auth';
+import { AuthRequest } from '../../../types/auth.js';
 
 export interface AuthGuardOptions {
   redirectTo?: string;

package/src/core/middleware/built-in/auth-providers.ts

@@ -1,5 +1,5 @@
 // Extended Auth.js Provider Configurations
-import { AuthProvider } from '../../../types/auth';
+import { AuthProvider } from '../../../types/auth.js';
 
 /**
  * Popular OAuth Providers for Auth.js

package/src/core/middleware/built-in/auth.ts

@@ -1,7 +1,8 @@
 // Auth.js Authentication Middleware
 
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { createFrameworkLogger } from '../../logger';
+import crypto from 'crypto';
+import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
+import { createFrameworkLogger } from '../../logger/index.js';
 import {
   AuthOptions,
   AuthProvider,
@@ -11,7 +12,8 @@ import {
   OAuthProvider,
   CredentialsProvider,
   EmailProvider,
-} from '../../../types/auth';
+} from '../../../types/auth.js';
+import { safeVerifyJWT, createAuthErrorResponse } from './jwt-helpers.js';
 
 const logger = createFrameworkLogger('AuthMiddleware');
 
@@ -151,7 +153,15 @@ export const auth = (options: AuthOptions): MiddlewareInterface => ({
           return authInstance.getSession({ req });
         },
         getToken: async () => {
-          return authInstance.verifyJWT(authRequest.token || '');
+          try {
+            return authInstance.verifyJWT(authRequest.token || '');
+          } catch (error: any) {
+            // Handle JWT errors gracefully in getToken method
+            logger.debug('Failed to verify token in getToken', 'TokenValidation', {
+              error: error.message,
+            });
+            return null;
+          }
         },
         getCsrfToken: async () => {
           return authInstance.getCsrfToken();
@@ -177,8 +187,60 @@ export const auth = (options: AuthOptions): MiddlewareInterface => ({
           if (decoded) {
             session = await authInstance.getSession({ req: { ...req, token } });
           }
-        } catch (error) {
-          logger.debug('Invalid JWT token', 'TokenValidation', { error });
+        } catch (error: any) {
+          // Handle specific JWT errors gracefully and return proper HTTP responses
+          if (error.name === 'TokenExpiredError') {
+            logger.debug('JWT token expired', 'TokenValidation', {
+              message: error.message,
+              expiredAt: error.expiredAt,
+            });
+
+            // If this is a protected route request, return a proper 401 response
+            if (req.headers.accept?.includes('application/json')) {
+              return res.status(401).json(
+                createAuthErrorResponse({
+                  type: 'expired',
+                  message: error.message,
+                  expiredAt: error.expiredAt,
+                })
+              );
+            }
+          } else if (error.name === 'JsonWebTokenError') {
+            logger.debug('Invalid JWT token format', 'TokenValidation', {
+              message: error.message,
+            });
+
+            // If this is a protected route request, return a proper 401 response
+            if (req.headers.accept?.includes('application/json')) {
+              return res.status(401).json(
+                createAuthErrorResponse({
+                  type: 'invalid',
+                  message: error.message,
+                })
+              );
+            }
+          } else if (error.name === 'NotBeforeError') {
+            logger.debug('JWT token not active yet', 'TokenValidation', {
+              message: error.message,
+              date: error.date,
+            });
+
+            // If this is a protected route request, return a proper 401 response
+            if (req.headers.accept?.includes('application/json')) {
+              return res.status(401).json(
+                createAuthErrorResponse({
+                  type: 'malformed',
+                  message: error.message,
+                  date: error.date,
+                })
+              );
+            }
+          } else {
+            logger.debug('JWT token validation failed', 'TokenValidation', {
+              error: error.message || error,
+            });
+          }
+          // Continue with unauthenticated state for non-API requests
         }
       }
 
@@ -229,11 +291,11 @@ export const auth = (options: AuthOptions): MiddlewareInterface => ({
   },
 });
 
-// Mock Auth.js implementation (would be replaced with actual Auth.js)
+// Auth.js implementation with proper JWT handling
 async function initializeAuthJS(config: AuthOptions): Promise<any> {
   return {
     handler: async (req: any, res: any) => {
-      // Mock Auth.js request handler
+      // Basic Auth.js request handler
       const path = req.url.replace(config.basePath!, '');
 
       if (path.startsWith('/signin')) {
@@ -254,7 +316,7 @@ async function initializeAuthJS(config: AuthOptions): Promise<any> {
     },
 
     getSession: async ({ req }: { req: any }) => {
-      // Mock session retrieval
+      // Basic session retrieval
       const sessionId =
         req.cookies?.['next-auth.session-token'] ||
         req.cookies?.['__Secure-next-auth.session-token'];
@@ -270,34 +332,53 @@ async function initializeAuthJS(config: AuthOptions): Promise<any> {
     },
 
     verifyJWT: async (token: string) => {
-      // Mock JWT verification
-      try {
-        // In real implementation, use jose or jsonwebtoken
-        const payload = JSON.parse(Buffer.from(token.split('.')[1], 'base64').toString());
-        return payload;
-      } catch {
-        return null;
+      const secret = process.env.JWT_SECRET || config.jwt?.secret || config.secret || '';
+
+      // Use the safe JWT verification function
+      const result = await safeVerifyJWT(token, secret);
+
+      if (!result.success) {
+        // Create a custom error that includes the structured error information
+        const customError = new Error(result.error?.message || 'JWT verification failed');
+
+        // Add the error type information for upstream handling
+        (customError as any).jwtErrorType = result.error?.type;
+        (customError as any).jwtErrorDetails = result.error;
+
+        // Map the safe error types back to standard JWT error names for compatibility
+        if (result.error?.type === 'expired') {
+          customError.name = 'TokenExpiredError';
+          (customError as any).expiredAt = result.error.expiredAt;
+        } else if (result.error?.type === 'invalid') {
+          customError.name = 'JsonWebTokenError';
+        } else if (result.error?.type === 'malformed') {
+          customError.name = 'NotBeforeError';
+          (customError as any).date = result.error.date;
+        }
+
+        throw customError;
       }
+
+      return result.payload;
     },
 
     signIn: async (provider?: string, options?: any) => {
-      // Mock sign in
+      // Basic sign in redirect
       return { url: `${config.basePath}/signin${provider ? `/${provider}` : ''}` };
     },
 
     signOut: async (options?: any) => {
-      // Mock sign out
+      // Basic sign out redirect
       return { url: `${config.basePath}/signout` };
     },
 
     updateSession: async (session: any) => {
-      // Mock session update
+      // Basic session update
       return session;
     },
 
     getCsrfToken: async () => {
-      // Mock CSRF token generation
-      const crypto = require('crypto');
+      // Basic CSRF token generation
       return crypto.randomBytes(32).toString('hex');
     },
   };

package/src/core/middleware/built-in/cache.ts

@@ -1,8 +1,9 @@
 // Built-in Cache Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { CacheAdapter, CacheOptions, CachedResponse } from '../../../types/cache';
-import { createFrameworkLogger } from '../../logger';
-import { createCacheAdapter } from './adapters/cache';
+import crypto from 'crypto';
+import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
+import { CacheAdapter, CacheOptions, CachedResponse } from '../../../types/cache.js';
+import { createFrameworkLogger } from '../../logger/index.js';
+import { createCacheAdapter } from './adapters/cache/index.js';
 
 const logger = createFrameworkLogger('CacheMiddleware');
 
@@ -188,14 +189,15 @@ export const cache = (options: CacheOptions = {}): MiddlewareInterface => ({
           parts.push(`stale-while-revalidate=${directives.staleWhileRevalidate}`);
         }
 
-        res.setHeader('Cache-Control', parts.join(', '));
+        if (!res.headersSent) {
+          res.setHeader('Cache-Control', parts.join(', '));
+        }
         return res;
       };
 
       // Add ETag generation
       if (options.etag !== false) {
         res.generateETag = (content: string | Buffer) => {
-          const crypto = require('crypto');
           const hash = crypto.createHash('md5').update(content).digest('hex');
           const prefix = options.etag === 'weak' ? 'W/' : '';
           return `${prefix}"${hash}"`;

package/src/core/middleware/built-in/cdn.ts

@@ -1,8 +1,8 @@
 // Built-in CDN Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { CDNAdapter, CDNOptions } from '../../../types/cdn';
-import { createFrameworkLogger } from '../../logger';
-import { createCDNAdapter } from './adapters/cdn';
+import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
+import { CDNAdapter, CDNOptions } from '../../../types/cdn.js';
+import { createFrameworkLogger } from '../../logger/index.js';
+import { createCDNAdapter } from './adapters/cdn/index.js';
 
 const logger = createFrameworkLogger('CDNMiddleware');
 

package/src/core/middleware/built-in/cookie.ts

@@ -1,6 +1,6 @@
 // Cookie Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { createFrameworkLogger } from '../../logger';
+import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
+import { createFrameworkLogger } from '../../logger/index.js';
 
 const logger = createFrameworkLogger('CookieMiddleware');
 

package/src/core/middleware/built-in/cors.ts

@@ -1,6 +1,6 @@
 // CORS Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { createFrameworkLogger } from '../../logger';
+import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
+import { createFrameworkLogger } from '../../logger/index.js';
 
 const logger = createFrameworkLogger('CorsMiddleware');
 

package/src/core/middleware/built-in/csp.ts

@@ -1,6 +1,7 @@
 // Content Security Policy Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { createFrameworkLogger } from '../../logger';
+import crypto from 'crypto';
+import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
+import { createFrameworkLogger } from '../../logger/index.js';
 
 const logger = createFrameworkLogger('CSPMiddleware');
 
@@ -58,7 +59,6 @@ export const csp = (
       // Generate nonce if requested
       let nonce: string | undefined;
       if (options.nonce) {
-        const crypto = require('crypto');
         nonce = crypto.randomBytes(16).toString('base64');
         req.cspNonce = nonce;
       }

package/src/core/middleware/built-in/csrf.ts

@@ -1,6 +1,7 @@
 // CSRF Protection Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { createFrameworkLogger } from '../../logger';
+import crypto from 'crypto';
+import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
+import { createFrameworkLogger } from '../../logger/index.js';
 
 const logger = createFrameworkLogger('CSRFMiddleware');
 
@@ -33,7 +34,6 @@ export const csrf = (
     const ignoreMethods = options.ignoreMethods || ['GET', 'HEAD', 'OPTIONS'];
 
     const generateToken = () => {
-      const crypto = require('crypto');
       return crypto.randomBytes(tokenLength).toString('hex');
     };
 

package/src/core/middleware/built-in/error-tracker.ts

@@ -1,5 +1,5 @@
 // Error tracking middleware
-import { createFrameworkLogger } from '../../logger';
+import { createFrameworkLogger } from '../../logger/index.js';
 
 const logger = createFrameworkLogger('ErrorTracker');
 

package/src/core/middleware/built-in/index.ts

@@ -1,22 +1,22 @@
 // Built-in Middleware Exports
-export { auth } from './auth';
-export { rateLimit } from './rate-limit';
-export { cors } from './cors';
-export { validation } from './validation';
-export { requestLogger } from './request-logger';
-export { performanceMonitor } from './performance-monitor';
-export { errorTracker } from './error-tracker';
+export { auth } from './auth.js';
+export { rateLimit } from './rate-limit.js';
+export { cors } from './cors.js';
+export { validation } from './validation.js';
+export { requestLogger } from './request-logger.js';
+export { performanceMonitor } from './performance-monitor.js';
+export { errorTracker } from './error-tracker.js';
 
 // Advanced Security & Performance Middleware
-export { cookie } from './cookie';
-export { csrf } from './csrf';
-export { csp } from './csp';
-export { sse } from './sse';
-export { session } from './session';
+export { cookie } from './cookie.js';
+export { csrf } from './csrf.js';
+export { csp } from './csp.js';
+export { sse } from './sse.js';
+export { session } from './session.js';
 
 // Clean Architecture Middleware
-export { cache } from './cache';
-export { cdn } from './cdn';
+export { cache } from './cache.js';
+export { cdn } from './cdn.js';
 
 // Auth Helpers and Extended Providers
 export {
@@ -31,30 +31,38 @@ export {
   authUtils,
   authResponses,
   sessionHelpers,
-} from './auth-helpers';
+} from './auth-helpers.js';
+
+// JWT Utilities for Custom Middleware
+export {
+  safeVerifyJWT,
+  extractJWTFromHeader,
+  createAuthErrorResponse,
+  type JWTVerificationResult,
+} from './jwt-helpers.js';
 
 export {
   extendedProviders,
   enterpriseProviders,
   createCustomOAuthProvider,
   createCustomOIDCProvider,
-} from './auth-providers';
+} from './auth-providers.js';
 
 // Import for collections
-import { auth } from './auth';
-import { rateLimit } from './rate-limit';
-import { cors } from './cors';
-import { validation } from './validation';
-import { requestLogger } from './request-logger';
-import { performanceMonitor } from './performance-monitor';
-import { errorTracker } from './error-tracker';
-import { cookie } from './cookie';
-import { csrf } from './csrf';
-import { csp } from './csp';
-import { sse } from './sse';
-import { session } from './session';
-import { cache } from './cache';
-import { cdn } from './cdn';
+import { auth } from './auth.js';
+import { rateLimit } from './rate-limit.js';
+import { cors } from './cors.js';
+import { validation } from './validation.js';
+import { requestLogger } from './request-logger.js';
+import { performanceMonitor } from './performance-monitor.js';
+import { errorTracker } from './error-tracker.js';
+import { cookie } from './cookie.js';
+import { csrf } from './csrf.js';
+import { csp } from './csp.js';
+import { sse } from './sse.js';
+import { session } from './session.js';
+import { cache } from './cache.js';
+import { cdn } from './cdn.js';
 
 export const builtInMiddleware = {
   auth,