@morojs/moro 1.6.1 → 1.6.3

package/dist/core/http/http-server.js

@@ -1,82 +1,27 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.middleware = exports.MoroHttpServer = void 0;
 // src/core/http-server.ts
-const http_1 = require("http");
-const zlib = __importStar(require("zlib"));
-const util_1 = require("util");
-const logger_1 = require("../logger");
-const gzip = (0, util_1.promisify)(zlib.gzip);
-const deflate = (0, util_1.promisify)(zlib.deflate);
-class MoroHttpServer {
+import { createServer } from 'http';
+import * as zlib from 'zlib';
+import { createReadStream } from 'fs';
+import * as crypto from 'crypto';
+import { promisify } from 'util';
+import { createFrameworkLogger } from '../logger/index.js';
+import { PathMatcher } from '../routing/path-matcher.js';
+import { ObjectPoolManager } from '../pooling/object-pool-manager.js';
+const gzip = promisify(zlib.gzip);
+const deflate = promisify(zlib.deflate);
+export class MoroHttpServer {
     server;
     routes = [];
     globalMiddleware = [];
     compressionEnabled = true;
     compressionThreshold = 1024;
-    logger = (0, logger_1.createFrameworkLogger)('HttpServer');
+    requestTrackingEnabled = true; // Generate request IDs
+    logger = createFrameworkLogger('HttpServer');
     hookManager;
     requestCounter = 0;
-    // Efficient object pooling with minimal overhead
-    paramObjectPool = [];
-    bufferPool = [];
-    maxPoolSize = 50;
-    // Request handler pooling to avoid function creation overhead
-    middlewareExecutionCache = new Map();
-    // String interning for common values (massive memory savings)
-    static INTERNED_METHODS = new Map([
-        ['GET', 'GET'],
-        ['POST', 'POST'],
-        ['PUT', 'PUT'],
-        ['DELETE', 'DELETE'],
-        ['PATCH', 'PATCH'],
-        ['HEAD', 'HEAD'],
-        ['OPTIONS', 'OPTIONS'],
-    ]);
-    static INTERNED_HEADERS = new Map([
-        ['content-type', 'content-type'],
-        ['content-length', 'content-length'],
-        ['authorization', 'authorization'],
-        ['accept', 'accept'],
-        ['user-agent', 'user-agent'],
-        ['host', 'host'],
-        ['connection', 'connection'],
-        ['cache-control', 'cache-control'],
-    ]);
-    // Pre-compiled response templates for ultra-common responses
+    // Use shared object pool manager
+    poolManager = ObjectPoolManager.getInstance();
+    // Pre-compiled response templates for common responses
     static RESPONSE_TEMPLATES = {
         notFound: Buffer.from('{"success":false,"error":"Not found"}'),
         unauthorized: Buffer.from('{"success":false,"error":"Unauthorized"}'),
@@ -85,7 +30,7 @@ class MoroHttpServer {
         methodNotAllowed: Buffer.from('{"success":false,"error":"Method not allowed"}'),
         rateLimited: Buffer.from('{"success":false,"error":"Rate limit exceeded"}'),
     };
-    // Ultra-fast buffer pool for zero-copy operations (Rust-level performance)
+    // Buffer pool for zero-copy operations
     static BUFFER_SIZES = [64, 256, 1024, 4096, 16384];
     static BUFFER_POOLS = new Map();
     static {
@@ -120,7 +65,7 @@ class MoroHttpServer {
         }
     }
     constructor() {
-        this.server = (0, http_1.createServer)(this.handleRequest.bind(this));
+        this.server = createServer(this.handleRequest.bind(this));
         // Optimize server for high performance (conservative settings for compatibility)
         this.server.keepAliveTimeout = 5000; // 5 seconds
         this.server.headersTimeout = 6000; // 6 seconds
@@ -140,6 +85,10 @@ class MoroHttpServer {
             this.compressionThreshold = Infinity; // Never compress
         }
     }
+    // Configure request tracking (ID generation)
+    setRequestTracking(enabled) {
+        this.requestTrackingEnabled = enabled;
+    }
     // Middleware management
     use(middleware) {
         this.globalMiddleware.push(middleware);
@@ -195,39 +144,33 @@ class MoroHttpServer {
         }
     }
     pathToRegex(path) {
-        const paramNames = [];
-        // Convert parameterized routes to regex
-        const regexPattern = path
-            .replace(/\/:([^/]+)/g, (match, paramName) => {
-            paramNames.push(paramName);
-            return '/([^/]+)';
-        })
-            .replace(/\//g, '\\/');
+        // Use shared PathMatcher for consistent path compilation
+        const compiled = PathMatcher.compile(path);
         return {
-            pattern: new RegExp(`^${regexPattern}$`),
-            paramNames,
+            pattern: compiled.pattern || new RegExp(`^${path.replace(/\//g, '\\/')}$`),
+            paramNames: compiled.paramNames,
         };
     }
     async handleRequest(req, res) {
         const httpReq = this.enhanceRequest(req);
-        const httpRes = this.enhanceResponse(res);
+        const httpRes = this.enhanceResponse(res, httpReq);
         // Store original params for efficient cleanup
         const originalParams = httpReq.params;
         try {
-            // Optimized URL and query parsing
+            // Optimized URL and query parsing with object pooling
             const urlString = req.url;
             const queryIndex = urlString.indexOf('?');
             if (queryIndex === -1) {
-                // No query string - fast path
+                // No query string
                 httpReq.path = urlString;
                 httpReq.query = {};
             }
             else {
-                // Has query string - parse efficiently
+                // Has query string - parse efficiently with pooled object
                 httpReq.path = urlString.substring(0, queryIndex);
-                httpReq.query = this.parseQueryString(urlString.substring(queryIndex + 1));
+                httpReq.query = this.parseQueryStringPooled(urlString.substring(queryIndex + 1));
             }
-            // Ultra-fast method checking - avoid array includes
+            // Method checking - avoid array includes
             const method = req.method;
             if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
                 httpReq.body = await this.parseBody(req);
@@ -248,7 +191,7 @@ class MoroHttpServer {
             // Find matching route
             const route = this.findRoute(req.method, httpReq.path);
             if (!route) {
-                // Ultra-fast 404 response with pre-compiled buffer
+                // 404 response with pre-compiled buffer
                 httpRes.statusCode = 404;
                 httpRes.setHeader('Content-Type', 'application/json; charset=utf-8');
                 httpRes.setHeader('Content-Length', MoroHttpServer.RESPONSE_TEMPLATES.notFound.length);
@@ -271,12 +214,13 @@ class MoroHttpServer {
         }
         catch (error) {
             // Debug: Log the actual error and where it came from
-            this.logger.debug('🚨 MoroJS Request Error Details:', 'RequestHandler');
-            this.logger.debug(`📍 Error type: ${typeof error}`, 'RequestHandler');
-            this.logger.debug(`📍 Error message: ${error instanceof Error ? error.message : String(error)}`, 'RequestHandler');
-            this.logger.debug(`📍 Error stack: ${error instanceof Error ? error.stack : 'No stack trace'}`, 'RequestHandler');
-            this.logger.debug(`📍 Request path: ${req.url}`, 'RequestHandler');
-            this.logger.debug(`📍 Request method: ${req.method}`, 'RequestHandler');
+            this.logger.debug('Request error details', 'RequestHandler', {
+                errorType: typeof error,
+                errorMessage: error instanceof Error ? error.message : String(error),
+                errorStack: error instanceof Error ? error.stack : 'No stack trace',
+                requestPath: req.url,
+                requestMethod: req.method,
+            });
             this.logger.error('Request error', 'RequestHandler', {
                 error: error instanceof Error ? error.message : String(error),
                 requestId: httpReq.requestId,
@@ -293,14 +237,14 @@ class MoroHttpServer {
                     });
                 }
                 else {
-                    // Ultra-defensive fallback - check each method individually
+                    // Defensive fallback - check each method individually
                     if (typeof httpRes.setHeader === 'function') {
                         httpRes.statusCode = 500;
                         httpRes.setHeader('Content-Type', 'application/json');
                     }
                     else {
                         // Even setHeader doesn't exist - object is completely wrong
-                        this.logger.error('❌ Response object is not a proper ServerResponse:', 'RequestHandler', {
+                        this.logger.error('Response object is not a proper ServerResponse', 'RequestHandler', {
                             responseType: typeof httpRes,
                             responseKeys: Object.keys(httpRes),
                         });
@@ -313,7 +257,7 @@ class MoroHttpServer {
                         }));
                     }
                     else {
-                        this.logger.error('❌ Cannot send error response - end() method missing', 'RequestHandler');
+                        this.logger.error('Cannot send error response - end() method missing', 'RequestHandler');
                     }
                 }
             }
@@ -342,50 +286,27 @@ class MoroHttpServer {
             }
         });
     }
-    // Efficient object pooling for parameter objects with ES2022 optimizations
+    // Use shared object pool for parameter objects
     acquireParamObject() {
-        const obj = this.paramObjectPool.pop();
-        if (obj) {
-            // ES2022: Use Object.hasOwn for safer property checks and faster clearing
-            // Clear existing properties more efficiently
-            for (const key in obj) {
-                if (Object.hasOwn(obj, key)) {
-                    delete obj[key];
-                }
-            }
-            return obj;
-        }
-        return {};
+        return this.poolManager.acquireParams();
     }
     releaseParamObject(params) {
-        if (this.paramObjectPool.length < this.maxPoolSize) {
-            this.paramObjectPool.push(params);
-        }
+        this.poolManager.releaseParams(params);
     }
     // Force cleanup of all pooled objects
     forceCleanupPools() {
-        // ES2022: More efficient array clearing
-        this.paramObjectPool.splice(0);
-        this.bufferPool.splice(0);
+        // Use shared pool manager cleanup
+        this.poolManager.clearAll();
         // Force garbage collection if available
-        // Use modern globalThis check with optional chaining
         if (globalThis?.gc) {
             globalThis.gc();
         }
     }
     acquireBuffer(size) {
-        // ES2022: Use findIndex for better performance than find + indexOf
-        const index = this.bufferPool.findIndex(b => b.length >= size);
-        if (index !== -1) {
-            const buffer = this.bufferPool.splice(index, 1)[0];
-            return buffer.subarray(0, size);
-        }
-        return Buffer.allocUnsafe(size);
+        return this.poolManager.acquireBuffer(size);
     }
     releaseBuffer(buffer) {
-        if (this.bufferPool.length < this.maxPoolSize && buffer.length <= 8192) {
-            this.bufferPool.push(buffer);
-        }
+        this.poolManager.releaseBuffer(buffer);
     }
     streamLargeResponse(res, data) {
         res.setHeader('Content-Type', 'application/json; charset=utf-8');
@@ -404,7 +325,7 @@ class MoroHttpServer {
         if (this.pathNormalizationCache.has(path)) {
             return this.pathNormalizationCache.get(path);
         }
-        // Fast normalization: remove trailing slash (except root), decode once
+        // Normalization: remove trailing slash (except root), decode once
         let normalized = path;
         if (normalized.length > 1 && normalized.endsWith('/')) {
             normalized = normalized.slice(0, -1);
@@ -422,8 +343,8 @@ class MoroHttpServer {
         httpReq.body = null;
         httpReq.path = '';
         httpReq.ip = req.socket.remoteAddress || '';
-        // Faster request ID generation
-        httpReq.requestId = Date.now().toString(36) + (++this.requestCounter).toString(36);
+        // Request ID generation using pool manager (if enabled)
+        httpReq.requestId = this.requestTrackingEnabled ? this.poolManager.generateRequestId() : '';
         httpReq.headers = req.headers;
         // Parse cookies
         httpReq.cookies = this.parseCookies(req.headers.cookie || '');
@@ -441,8 +362,10 @@ class MoroHttpServer {
         });
         return cookies;
     }
-    enhanceResponse(res) {
+    enhanceResponse(res, req) {
         const httpRes = res;
+        // Store request reference for access to headers (needed for compression, logging, etc.)
+        httpRes.req = req;
         // BULLETPROOF status method - always works
         httpRes.status = (code) => {
             httpRes.statusCode = code;
@@ -451,28 +374,31 @@ class MoroHttpServer {
         httpRes.json = async (data) => {
             if (httpRes.headersSent)
                 return;
-            // Ultra-fast JSON serialization with zero-copy buffers
+            // JSON serialization with zero-copy buffers
             let jsonString;
             // Enhanced JSON optimization for common API patterns
+            // Only optimize simple patterns without extra fields
             if (data && typeof data === 'object' && 'success' in data) {
-                if ('data' in data && 'error' in data && !('total' in data)) {
-                    // {success, data, error} pattern
+                const keys = Object.keys(data);
+                const keyCount = keys.length;
+                if (keyCount === 3 && 'data' in data && 'error' in data) {
+                    // {success, data, error} pattern (exactly 3 keys)
                     jsonString = `{"success":${data.success},"data":${JSON.stringify(data.data)},"error":${JSON.stringify(data.error)}}`;
                 }
-                else if ('data' in data && 'total' in data && !('error' in data)) {
-                    // {success, data, total} pattern
+                else if (keyCount === 3 && 'data' in data && 'total' in data) {
+                    // {success, data, total} pattern (exactly 3 keys)
                     jsonString = `{"success":${data.success},"data":${JSON.stringify(data.data)},"total":${data.total}}`;
                 }
-                else if ('data' in data && !('error' in data) && !('total' in data)) {
-                    // {success, data} pattern
+                else if (keyCount === 2 && 'data' in data) {
+                    // {success, data} pattern (exactly 2 keys)
                     jsonString = `{"success":${data.success},"data":${JSON.stringify(data.data)}}`;
                 }
-                else if ('error' in data && !('data' in data) && !('total' in data)) {
-                    // {success, error} pattern
+                else if (keyCount === 2 && 'error' in data) {
+                    // {success, error} pattern (exactly 2 keys)
                     jsonString = `{"success":${data.success},"error":${JSON.stringify(data.error)}}`;
                 }
                 else {
-                    // Complex object - use standard JSON.stringify
+                    // Complex object or has additional fields - use standard JSON.stringify
                     jsonString = JSON.stringify(data);
                 }
             }
@@ -555,6 +481,24 @@ class MoroHttpServer {
             httpRes.end(data);
         };
         httpRes.cookie = (name, value, options = {}) => {
+            if (httpRes.headersSent) {
+                const isCritical = options.critical ||
+                    name.includes('session') ||
+                    name.includes('auth') ||
+                    name.includes('csrf');
+                const message = `Cookie '${name}' could not be set - headers already sent`;
+                if (isCritical || options.throwOnLateSet) {
+                    throw new Error(`${message}. This may cause authentication or security issues.`);
+                }
+                else {
+                    this.logger.warn(message, 'CookieWarning', {
+                        cookieName: name,
+                        critical: isCritical,
+                        stackTrace: new Error().stack,
+                    });
+                }
+                return httpRes;
+            }
             const cookieValue = encodeURIComponent(value);
             let cookieString = `${name}=${cookieValue}`;
             if (options.maxAge)
@@ -594,8 +538,8 @@ class MoroHttpServer {
             if (httpRes.headersSent)
                 return;
             try {
-                const fs = await Promise.resolve().then(() => __importStar(require('fs/promises')));
-                const path = await Promise.resolve().then(() => __importStar(require('path')));
+                const fs = await import('fs/promises');
+                const path = await import('path');
                 const extension = path.extname(filePath);
                 const mime = await this.getMimeType(extension);
                 const stats = await fs.stat(filePath);
@@ -615,6 +559,52 @@ class MoroHttpServer {
                 httpRes.status(404).json({ success: false, error: 'File not found' });
             }
         };
+        // Header management utilities
+        httpRes.hasHeader = (name) => {
+            return httpRes.getHeader(name) !== undefined;
+        };
+        // Note: removeHeader is inherited from ServerResponse, we don't override it
+        httpRes.setBulkHeaders = (headers) => {
+            if (httpRes.headersSent) {
+                this.logger.warn('Cannot set headers - headers already sent', 'HeaderWarning', {
+                    attemptedHeaders: Object.keys(headers),
+                });
+                return httpRes;
+            }
+            Object.entries(headers).forEach(([key, value]) => {
+                httpRes.setHeader(key, value);
+            });
+            return httpRes;
+        };
+        httpRes.appendHeader = (name, value) => {
+            if (httpRes.headersSent) {
+                this.logger.warn(`Cannot append to header '${name}' - headers already sent`, 'HeaderWarning');
+                return httpRes;
+            }
+            const existing = httpRes.getHeader(name);
+            if (existing) {
+                const values = Array.isArray(existing) ? existing : [existing.toString()];
+                const newValues = Array.isArray(value) ? value : [value];
+                httpRes.setHeader(name, [...values, ...newValues]);
+            }
+            else {
+                httpRes.setHeader(name, value);
+            }
+            return httpRes;
+        };
+        // Response state utilities
+        httpRes.canSetHeaders = () => {
+            return !httpRes.headersSent;
+        };
+        httpRes.getResponseState = () => {
+            return {
+                headersSent: httpRes.headersSent,
+                statusCode: httpRes.statusCode,
+                headers: httpRes.getHeaders ? httpRes.getHeaders() : {},
+                finished: httpRes.finished || false,
+                writable: httpRes.writable,
+            };
+        };
         return httpRes;
     }
     async getMimeType(ext) {
@@ -733,12 +723,18 @@ class MoroHttpServer {
         }
         return result;
     }
+    // Legacy method for backward compatibility
     parseQueryString(queryString) {
-        const result = {};
+        return this.parseQueryStringPooled(queryString);
+    }
+    // Optimized query string parser with object pooling
+    parseQueryStringPooled(queryString) {
         if (!queryString)
-            return result;
+            return {};
+        const result = this.poolManager.acquireQuery();
         const pairs = queryString.split('&');
-        for (const pair of pairs) {
+        for (let i = 0; i < pairs.length; i++) {
+            const pair = pairs[i];
             const equalIndex = pair.indexOf('=');
             if (equalIndex === -1) {
                 result[decodeURIComponent(pair)] = '';
@@ -757,7 +753,7 @@ class MoroHttpServer {
     dynamicRoutes = [];
     routesBySegmentCount = new Map();
     pathNormalizationCache = new Map();
-    // Ultra-fast CPU cache-friendly optimizations (Rust-level performance)
+    // CPU cache-friendly optimizations
     routeHitCount = new Map(); // Track route popularity for cache optimization
     static HOT_ROUTE_THRESHOLD = 100; // Routes accessed 100+ times get hot path treatment
     findRoute(method, path) {
@@ -802,33 +798,43 @@ class MoroHttpServer {
         }
         return route;
     }
+    // Optimized middleware execution with reduced Promise allocation
     async executeMiddleware(middleware, req, res) {
-        for (const mw of middleware) {
+        for (let i = 0; i < middleware.length; i++) {
             // Short-circuit if response already sent
             if (res.headersSent)
                 return;
+            const mw = middleware[i];
             await new Promise((resolve, reject) => {
-                let nextCalled = false;
+                let resolved = false;
+                // Reuse next function to reduce allocations
                 const next = () => {
-                    if (nextCalled)
+                    if (resolved)
                         return;
-                    nextCalled = true;
+                    resolved = true;
                     resolve();
                 };
                 try {
                     const result = mw(req, res, next);
                     // Handle async middleware
-                    if (result instanceof Promise) {
+                    if (result && typeof result.then === 'function') {
                         result
                             .then(() => {
-                            if (!nextCalled)
+                            if (!resolved)
                                 next();
                         })
                             .catch(reject);
                     }
+                    else if (!resolved) {
+                        // Sync middleware that didn't call next
+                        next();
+                    }
                 }
                 catch (error) {
-                    reject(error);
+                    if (!resolved) {
+                        resolved = true;
+                        reject(error);
+                    }
                 }
             });
         }
@@ -858,10 +864,19 @@ class MoroHttpServer {
     getServer() {
         return this.server;
     }
+    // Performance statistics
+    getPerformanceStats() {
+        const poolStats = this.poolManager.getStats();
+        return {
+            paramObjectPoolSize: poolStats.paramPool.poolSize,
+            queryObjectPoolSize: poolStats.queryPool.poolSize,
+            headerObjectPoolSize: poolStats.headerPool.poolSize,
+            poolManager: poolStats,
+        };
+    }
 }
-exports.MoroHttpServer = MoroHttpServer;
 // Built-in middleware
-exports.middleware = {
+export const middleware = {
     cors: (options = {}) => {
         return (req, res, next) => {
             res.setHeader('Access-Control-Allow-Origin', options.origin || '*');
@@ -889,7 +904,6 @@ exports.middleware = {
         };
     },
     compression: (options = {}) => {
-        const zlib = require('zlib');
         const threshold = options.threshold || 1024;
         const level = options.level || 6;
         return (req, res, next) => {
@@ -904,24 +918,26 @@ exports.middleware = {
                     return isJson ? originalJson.call(res, data) : originalSend.call(res, data);
                 }
                 if (acceptEncoding.includes('gzip')) {
-                    res.setHeader('Content-Encoding', 'gzip');
                     zlib.gzip(buffer, { level }, (err, compressed) => {
                         if (err) {
                             return isJson ? originalJson.call(res, data) : originalSend.call(res, data);
                         }
-                        res.setHeader('Content-Length', compressed.length);
-                        res.writeHead(res.statusCode || 200, res.getHeaders());
+                        if (!res.headersSent) {
+                            res.setHeader('Content-Encoding', 'gzip');
+                            res.setHeader('Content-Length', compressed.length);
+                        }
                         res.end(compressed);
                     });
                 }
                 else if (acceptEncoding.includes('deflate')) {
-                    res.setHeader('Content-Encoding', 'deflate');
                     zlib.deflate(buffer, { level }, (err, compressed) => {
                         if (err) {
                             return isJson ? originalJson.call(res, data) : originalSend.call(res, data);
                         }
-                        res.setHeader('Content-Length', compressed.length);
-                        res.writeHead(res.statusCode || 200, res.getHeaders());
+                        if (!res.headersSent) {
+                            res.setHeader('Content-Encoding', 'deflate');
+                            res.setHeader('Content-Length', compressed.length);
+                        }
                         res.end(compressed);
                     });
                 }
@@ -976,9 +992,9 @@ exports.middleware = {
                 return;
             }
             try {
-                const fs = await Promise.resolve().then(() => __importStar(require('fs/promises')));
-                const path = await Promise.resolve().then(() => __importStar(require('path')));
-                const crypto = await Promise.resolve().then(() => __importStar(require('crypto')));
+                const fs = await import('fs/promises');
+                const path = await import('path');
+                const crypto = await import('crypto');
                 let filePath = path.join(options.root, req.path);
                 // Security: prevent directory traversal
                 if (!filePath.startsWith(path.resolve(options.root))) {
@@ -1146,8 +1162,8 @@ exports.middleware = {
             // Add render method to response
             res.render = async (template, data = {}) => {
                 try {
-                    const fs = await Promise.resolve().then(() => __importStar(require('fs/promises')));
-                    const path = await Promise.resolve().then(() => __importStar(require('path')));
+                    const fs = await import('fs/promises');
+                    const path = await import('path');
                     const templatePath = path.join(options.views, `${template}.html`);
                     let templateContent;
                     // Check cache first
@@ -1265,13 +1281,15 @@ exports.middleware = {
             // Only handle SSE requests
             if (req.headers.accept?.includes('text/event-stream')) {
                 // Set SSE headers
-                res.writeHead(200, {
-                    'Content-Type': 'text/event-stream',
-                    'Cache-Control': 'no-cache',
-                    Connection: 'keep-alive',
-                    'Access-Control-Allow-Origin': options.cors ? '*' : undefined,
-                    'Access-Control-Allow-Headers': options.cors ? 'Cache-Control' : undefined,
-                });
+                if (!res.headersSent) {
+                    res.writeHead(200, {
+                        'Content-Type': 'text/event-stream',
+                        'Cache-Control': 'no-cache',
+                        Connection: 'keep-alive',
+                        'Access-Control-Allow-Origin': options.cors ? '*' : undefined,
+                        'Access-Control-Allow-Headers': options.cors ? 'Cache-Control' : undefined,
+                    });
+                }
                 // Add SSE methods to response
                 res.sendEvent = (data, event, id) => {
                     if (id)
@@ -1315,8 +1333,8 @@ exports.middleware = {
             // Add range support to response
             res.sendRange = async (filePath, stats) => {
                 try {
-                    const fs = await Promise.resolve().then(() => __importStar(require('fs/promises')));
-                    const path = await Promise.resolve().then(() => __importStar(require('path')));
+                    const fs = await import('fs/promises');
+                    const path = await import('path');
                     if (!stats) {
                         stats = await fs.stat(filePath);
                     }
@@ -1352,7 +1370,8 @@ exports.middleware = {
                         const { start, end } = ranges[0];
                         const chunkSize = end - start + 1;
                         if (start >= fileSize || end >= fileSize) {
-                            res.status(416).setHeader('Content-Range', `bytes */${fileSize}`);
+                            res.status(416);
+                            res.setHeader('Content-Range', `bytes */${fileSize}`);
                             res.json({ success: false, error: 'Range not satisfiable' });
                             return;
                         }
@@ -1360,7 +1379,7 @@ exports.middleware = {
                         res.setHeader('Content-Range', `bytes ${start}-${end}/${fileSize}`);
                         res.setHeader('Content-Length', chunkSize);
                         // Stream the range
-                        const stream = require('fs').createReadStream(filePath, {
+                        const stream = createReadStream(filePath, {
                             start,
                             end,
                         });
@@ -1377,12 +1396,12 @@ exports.middleware = {
                             const chunkSize = end - start + 1;
                             res.write(`\r\n--${boundary}\r\n`);
                             res.write(`Content-Range: bytes ${start}-${end}/${fileSize}\r\n\r\n`);
-                            const stream = require('fs').createReadStream(filePath, {
+                            const stream = createReadStream(filePath, {
                                 start,
                                 end,
                             });
                             await new Promise(resolve => {
-                                stream.on('end', resolve);
+                                stream.on('end', () => resolve());
                                 stream.pipe(res, { end: false });
                             });
                         }
@@ -1405,7 +1424,6 @@ exports.middleware = {
         const headerName = options.headerName || 'x-csrf-token';
         const ignoreMethods = options.ignoreMethods || ['GET', 'HEAD', 'OPTIONS'];
         const generateToken = () => {
-            const crypto = require('crypto');
             return crypto.randomBytes(tokenLength).toString('hex');
         };
         const verifyToken = (token, sessionToken) => {
@@ -1462,7 +1480,6 @@ exports.middleware = {
             // Generate nonce if requested
             let nonce;
             if (options.nonce) {
-                const crypto = require('crypto');
                 nonce = crypto.randomBytes(16).toString('base64');
                 req.cspNonce = nonce;
             }