@morojs/moro 1.6.1 → 1.6.3

package/dist/core/middleware/built-in/cors/middleware.js

@@ -0,0 +1,22 @@
+import { CORSCore } from './core.js';
+/**
+ * Create CORS middleware for use in middleware chains
+ *
+ * @example
+ * ```ts
+ * const corsMw = createCORSMiddleware({
+ *   origin: 'https://example.com',
+ *   credentials: true
+ * });
+ *
+ * app.use(corsMw);
+ * ```
+ */
+export function createCORSMiddleware(options = {}) {
+    const corsCore = new CORSCore(options);
+    return async (_req, res, next) => {
+        corsCore.applyCORS(res);
+        await next();
+    };
+}
+//# sourceMappingURL=middleware.js.map

package/dist/core/middleware/built-in/cors/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../../../src/core/middleware/built-in/cors/middleware.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,QAAQ,EAAoB,MAAM,WAAW,CAAC;AAEvD;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,oBAAoB,CAAC,UAAuB,EAAE;IAC5D,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,CAAC;IAEvC,OAAO,KAAK,EAAE,IAAiB,EAAE,GAAiB,EAAE,IAAyB,EAAE,EAAE;QAC/E,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACxB,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;AACJ,CAAC"}

package/dist/core/middleware/built-in/csp/core.d.ts

@@ -0,0 +1,45 @@
+import { HttpResponse } from '../../../../types/http.js';
+export interface CSPDirectives {
+    defaultSrc?: string[];
+    scriptSrc?: string[];
+    styleSrc?: string[];
+    imgSrc?: string[];
+    connectSrc?: string[];
+    fontSrc?: string[];
+    objectSrc?: string[];
+    mediaSrc?: string[];
+    frameSrc?: string[];
+    childSrc?: string[];
+    workerSrc?: string[];
+    formAction?: string[];
+    upgradeInsecureRequests?: boolean;
+    blockAllMixedContent?: boolean;
+}
+export interface CSPOptions {
+    directives?: CSPDirectives;
+    reportOnly?: boolean;
+    reportUri?: string;
+    nonce?: boolean;
+}
+/**
+ * Generate a cryptographically secure nonce for CSP
+ */
+export declare function generateNonce(): string;
+/**
+ * Build CSP header value from directives
+ */
+export declare function buildCSPHeader(directives: CSPDirectives, nonce?: string, reportUri?: string): string;
+/**
+ * CSPCore - Core Content Security Policy management logic
+ * Used directly by the router for route-based CSP
+ */
+export declare class CSPCore {
+    private options;
+    private defaultDirectives;
+    constructor(options?: CSPOptions);
+    /**
+     * Apply CSP header to response
+     * Returns the generated nonce if nonce support is enabled
+     */
+    applyCSP(res: HttpResponse): string | undefined;
+}

package/dist/core/middleware/built-in/csp/core.js

@@ -0,0 +1,88 @@
+// CSP Core - Reusable Content Security Policy logic
+import crypto from 'crypto';
+// ===== Core Logic =====
+/**
+ * Generate a cryptographically secure nonce for CSP
+ */
+export function generateNonce() {
+    return crypto.randomBytes(16).toString('base64');
+}
+/**
+ * Convert camelCase directive name to kebab-case
+ */
+function toKebabCase(str) {
+    return str.replace(/([A-Z])/g, '-$1').toLowerCase();
+}
+/**
+ * Build CSP header value from directives
+ */
+export function buildCSPHeader(directives, nonce, reportUri) {
+    const cspParts = [];
+    for (const [directive, sources] of Object.entries(directives)) {
+        if (directive === 'upgradeInsecureRequests' && sources === true) {
+            cspParts.push('upgrade-insecure-requests');
+            continue;
+        }
+        if (directive === 'blockAllMixedContent' && sources === true) {
+            cspParts.push('block-all-mixed-content');
+            continue;
+        }
+        if (Array.isArray(sources)) {
+            let sourceList = sources.join(' ');
+            // Add nonce to script-src and style-src if enabled
+            if (nonce && (directive === 'scriptSrc' || directive === 'styleSrc')) {
+                sourceList += ` 'nonce-${nonce}'`;
+            }
+            // Convert camelCase to kebab-case
+            const kebabDirective = toKebabCase(directive);
+            cspParts.push(`${kebabDirective} ${sourceList}`);
+        }
+    }
+    // Add report-uri if specified
+    if (reportUri) {
+        cspParts.push(`report-uri ${reportUri}`);
+    }
+    return cspParts.join('; ');
+}
+/**
+ * CSPCore - Core Content Security Policy management logic
+ * Used directly by the router for route-based CSP
+ */
+export class CSPCore {
+    options;
+    defaultDirectives;
+    constructor(options = {}) {
+        this.options = options;
+        this.defaultDirectives = {
+            defaultSrc: ["'self'"],
+            scriptSrc: ["'self'"],
+            styleSrc: ["'self'", "'unsafe-inline'"],
+            imgSrc: ["'self'", 'data:', 'https:'],
+            connectSrc: ["'self'"],
+            fontSrc: ["'self'"],
+            objectSrc: ["'none'"],
+            mediaSrc: ["'self'"],
+            frameSrc: ["'none'"],
+        };
+    }
+    /**
+     * Apply CSP header to response
+     * Returns the generated nonce if nonce support is enabled
+     */
+    applyCSP(res) {
+        const directives = this.options.directives || this.defaultDirectives;
+        // Generate nonce if requested
+        let nonce;
+        if (this.options.nonce) {
+            nonce = generateNonce();
+        }
+        // Build CSP header value
+        const cspValue = buildCSPHeader(directives, nonce, this.options.reportUri);
+        const headerName = this.options.reportOnly
+            ? 'Content-Security-Policy-Report-Only'
+            : 'Content-Security-Policy';
+        res.setHeader(headerName, cspValue);
+        return nonce;
+    }
+}
+//# sourceMappingURL=core.js.map

package/dist/core/middleware/built-in/csp/core.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"core.js","sourceRoot":"","sources":["../../../../../src/core/middleware/built-in/csp/core.ts"],"names":[],"mappings":"AAAA,oDAAoD;AACpD,OAAO,MAAM,MAAM,QAAQ,CAAC;AA6B5B,yBAAyB;AAEzB;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,OAAO,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;AACtD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAC5B,UAAyB,EACzB,KAAc,EACd,SAAkB;IAElB,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9D,IAAI,SAAS,KAAK,yBAAyB,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YAChE,QAAQ,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;YAC3C,SAAS;QACX,CAAC;QAED,IAAI,SAAS,KAAK,sBAAsB,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;YACzC,SAAS;QACX,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,IAAI,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAEnC,mDAAmD;YACnD,IAAI,KAAK,IAAI,CAAC,SAAS,KAAK,WAAW,IAAI,SAAS,KAAK,UAAU,CAAC,EAAE,CAAC;gBACrE,UAAU,IAAI,WAAW,KAAK,GAAG,CAAC;YACpC,CAAC;YAED,kCAAkC;YAClC,MAAM,cAAc,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;YAC9C,QAAQ,CAAC,IAAI,CAAC,GAAG,cAAc,IAAI,UAAU,EAAE,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,IAAI,SAAS,EAAE,CAAC;QACd,QAAQ,CAAC,IAAI,CAAC,cAAc,SAAS,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,OAAO;IACV,OAAO,CAAa;IACpB,iBAAiB,CAAgB;IAEzC,YAAY,UAAsB,EAAE;QAClC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,iBAAiB,GAAG;YACvB,UAAU,EAAE,CAAC,QAAQ,CAAC;YACtB,SAAS,EAAE,CAAC,QAAQ,CAAC;YACrB,QAAQ,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC;YACvC,MAAM,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC;YACrC,UAAU,EAAE,CAAC,QAAQ,CAAC;YACtB,OAAO,EAAE,CAAC,QAAQ,CAAC;YACnB,SAAS,EAAE,CAAC,QAAQ,CAAC;YACrB,QAAQ,EAAE,CAAC,QAAQ,CAAC;YACpB,QAAQ,EAAE,CAAC,QAAQ,CAAC;SACrB,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,QAAQ,CAAC,GAAiB;QACxB,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,IAAI,CAAC,iBAAiB,CAAC;QAErE,8BAA8B;QAC9B,IAAI,KAAyB,CAAC;QAC9B,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACvB,KAAK,GAAG,aAAa,EAAE,CAAC;QAC1B,CAAC;QAED,yBAAyB;QACzB,MAAM,QAAQ,GAAG,cAAc,CAAC,UAAU,EAAE,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAE3E,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU;YACxC,CAAC,CAAC,qCAAqC;YACvC,CAAC,CAAC,yBAAyB,CAAC;QAE9B,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAEpC,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}

package/dist/core/middleware/built-in/csp/hook.d.ts

@@ -0,0 +1,22 @@
+import { MiddlewareInterface } from '../../../../types/hooks.js';
+import { type CSPOptions } from './core.js';
+/**
+ * CSP hook for global usage
+ * Registers with the hooks system for application-wide Content Security Policy
+ *
+ * @example
+ * ```ts
+ * import { csp } from '@/middleware/built-in/csp';
+ *
+ * app.use(csp({
+ *   directives: {
+ *     defaultSrc: ["'self'"],
+ *     scriptSrc: ["'self'", 'https://cdn.example.com'],
+ *     styleSrc: ["'self'", "'unsafe-inline'"]
+ *   },
+ *   nonce: true,
+ *   reportUri: '/csp-report'
+ * }));
+ * ```
+ */
+export declare const csp: (options?: CSPOptions) => MiddlewareInterface;

package/dist/core/middleware/built-in/csp/hook.js

@@ -0,0 +1,47 @@
+import { createFrameworkLogger } from '../../../logger/index.js';
+import { CSPCore } from './core.js';
+const logger = createFrameworkLogger('CSPMiddleware');
+/**
+ * CSP hook for global usage
+ * Registers with the hooks system for application-wide Content Security Policy
+ *
+ * @example
+ * ```ts
+ * import { csp } from '@/middleware/built-in/csp';
+ *
+ * app.use(csp({
+ *   directives: {
+ *     defaultSrc: ["'self'"],
+ *     scriptSrc: ["'self'", 'https://cdn.example.com'],
+ *     styleSrc: ["'self'", "'unsafe-inline'"]
+ *   },
+ *   nonce: true,
+ *   reportUri: '/csp-report'
+ * }));
+ * ```
+ */
+export const csp = (options = {}) => ({
+    name: 'csp',
+    version: '1.0.0',
+    metadata: {
+        name: 'csp',
+        version: '1.0.0',
+        description: 'Content Security Policy middleware with nonce support and violation reporting',
+        author: 'MoroJS Team',
+    },
+    install: async (hooks, middlewareOptions = {}) => {
+        logger.debug('Installing CSP middleware', 'Installation', { options: middlewareOptions });
+        const config = { ...options, ...middlewareOptions };
+        const cspCore = new CSPCore(config);
+        hooks.before('request', async (context) => {
+            const req = context.request;
+            const res = context.response;
+            const nonce = cspCore.applyCSP(res);
+            // Attach nonce to request if generated
+            if (nonce) {
+                req.cspNonce = nonce;
+            }
+        });
+    },
+});
+//# sourceMappingURL=hook.js.map

package/dist/core/middleware/built-in/csp/hook.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hook.js","sourceRoot":"","sources":["../../../../../src/core/middleware/built-in/csp/hook.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,OAAO,EAAmB,MAAM,WAAW,CAAC;AAErD,MAAM,MAAM,GAAG,qBAAqB,CAAC,eAAe,CAAC,CAAC;AAEtD;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,CAAC,MAAM,GAAG,GAAG,CAAC,UAAsB,EAAE,EAAuB,EAAE,CAAC,CAAC;IACrE,IAAI,EAAE,KAAK;IACX,OAAO,EAAE,OAAO;IAChB,QAAQ,EAAE;QACR,IAAI,EAAE,KAAK;QACX,OAAO,EAAE,OAAO;QAChB,WAAW,EAAE,+EAA+E;QAC5F,MAAM,EAAE,aAAa;KACtB;IAED,OAAO,EAAE,KAAK,EAAE,KAAU,EAAE,oBAAyB,EAAE,EAAE,EAAE;QACzD,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE,cAAc,EAAE,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC,CAAC;QAE1F,MAAM,MAAM,GAAG,EAAE,GAAG,OAAO,EAAE,GAAG,iBAAiB,EAAE,CAAC;QACpD,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QAEpC,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,OAAoB,EAAE,EAAE;YACrD,MAAM,GAAG,GAAG,OAAO,CAAC,OAAc,CAAC;YACnC,MAAM,GAAG,GAAG,OAAO,CAAC,QAAe,CAAC;YAEpC,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAEpC,uCAAuC;YACvC,IAAI,KAAK,EAAE,CAAC;gBACV,GAAG,CAAC,QAAQ,GAAG,KAAK,CAAC;YACvB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF,CAAC,CAAC"}

package/dist/core/middleware/built-in/csp/index.d.ts

@@ -0,0 +1,3 @@
+export { CSPCore, generateNonce, buildCSPHeader, type CSPDirectives, type CSPOptions, } from './core.js';
+export { createCSPMiddleware } from './middleware.js';
+export { csp } from './hook.js';

package/dist/core/middleware/built-in/csp/index.js

@@ -0,0 +1,9 @@
+// CSP - Main entry point
+// Re-exports all public APIs for the CSP built-in
+// Core (for direct use by router and custom implementations)
+export { CSPCore, generateNonce, buildCSPHeader, } from './core.js';
+// Middleware (for middleware chains)
+export { createCSPMiddleware } from './middleware.js';
+// Hook (for global registration)
+export { csp } from './hook.js';
+//# sourceMappingURL=index.js.map

package/dist/core/middleware/built-in/csp/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/core/middleware/built-in/csp/index.ts"],"names":[],"mappings":"AAAA,yBAAyB;AACzB,kDAAkD;AAElD,6DAA6D;AAC7D,OAAO,EACL,OAAO,EACP,aAAa,EACb,cAAc,GAGf,MAAM,WAAW,CAAC;AAEnB,qCAAqC;AACrC,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAEtD,iCAAiC;AACjC,OAAO,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC"}

package/dist/core/middleware/built-in/csp/middleware.d.ts

@@ -0,0 +1,19 @@
+import { StandardMiddleware } from '../../../../types/hooks.js';
+import { type CSPOptions } from './core.js';
+/**
+ * Create CSP middleware for use in middleware chains
+ *
+ * @example
+ * ```ts
+ * const cspMw = createCSPMiddleware({
+ *   directives: {
+ *     defaultSrc: ["'self'"],
+ *     scriptSrc: ["'self'", "'unsafe-inline'"]
+ *   },
+ *   nonce: true
+ * });
+ *
+ * app.use(cspMw);
+ * ```
+ */
+export declare function createCSPMiddleware(options?: CSPOptions): StandardMiddleware;

package/dist/core/middleware/built-in/csp/middleware.js

@@ -0,0 +1,29 @@
+import { CSPCore } from './core.js';
+/**
+ * Create CSP middleware for use in middleware chains
+ *
+ * @example
+ * ```ts
+ * const cspMw = createCSPMiddleware({
+ *   directives: {
+ *     defaultSrc: ["'self'"],
+ *     scriptSrc: ["'self'", "'unsafe-inline'"]
+ *   },
+ *   nonce: true
+ * });
+ *
+ * app.use(cspMw);
+ * ```
+ */
+export function createCSPMiddleware(options = {}) {
+    const cspCore = new CSPCore(options);
+    return async (req, res, next) => {
+        const nonce = cspCore.applyCSP(res);
+        // Attach nonce to request if generated
+        if (nonce) {
+            req.cspNonce = nonce;
+        }
+        await next();
+    };
+}
+//# sourceMappingURL=middleware.js.map

package/dist/core/middleware/built-in/csp/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../../../src/core/middleware/built-in/csp/middleware.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAmB,MAAM,WAAW,CAAC;AAErD;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,mBAAmB,CAAC,UAAsB,EAAE;IAC1D,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IAErC,OAAO,KAAK,EAAE,GAAgB,EAAE,GAAiB,EAAE,IAAyB,EAAE,EAAE;QAC9E,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAEpC,uCAAuC;QACvC,IAAI,KAAK,EAAE,CAAC;YACT,GAAW,CAAC,QAAQ,GAAG,KAAK,CAAC;QAChC,CAAC;QAED,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;AACJ,CAAC"}

package/dist/core/middleware/built-in/csrf/core.d.ts

@@ -0,0 +1,28 @@
+import { HttpRequest, HttpResponse } from '../../../../types/http.js';
+export interface CSRFOptions {
+    secret?: string;
+    tokenLength?: number;
+    cookieName?: string;
+    headerName?: string;
+    ignoreMethods?: string[];
+    sameSite?: boolean;
+}
+/**
+ * CSRFCore - Core CSRF protection logic
+ * Used directly by the router for route-based CSRF protection
+ * Can be instantiated for use in middleware or hooks
+ */
+export declare class CSRFCore {
+    private secret;
+    private tokenLength;
+    private cookieName;
+    private headerName;
+    private ignoreMethods;
+    private sameSite;
+    constructor(options?: CSRFOptions);
+    generateToken(): string;
+    verifyToken(token: string, sessionToken: string): boolean;
+    attachToken(req: HttpRequest, res: HttpResponse): Promise<string>;
+    validateToken(req: HttpRequest): Promise<void>;
+    getCookieName(): string;
+}

package/dist/core/middleware/built-in/csrf/core.js

@@ -0,0 +1,69 @@
+// CSRF Core - Reusable CSRF protection logic
+import crypto from 'crypto';
+import { createFrameworkLogger } from '../../../logger/index.js';
+const logger = createFrameworkLogger('CSRFCore');
+// ===== Core Logic =====
+/**
+ * CSRFCore - Core CSRF protection logic
+ * Used directly by the router for route-based CSRF protection
+ * Can be instantiated for use in middleware or hooks
+ */
+export class CSRFCore {
+    secret;
+    tokenLength;
+    cookieName;
+    headerName;
+    ignoreMethods;
+    sameSite;
+    constructor(options = {}) {
+        this.secret = options.secret || 'moro-csrf-secret';
+        this.tokenLength = options.tokenLength || 32;
+        this.cookieName = options.cookieName || '_csrf';
+        this.headerName = options.headerName || 'x-csrf-token';
+        this.ignoreMethods = options.ignoreMethods || ['GET', 'HEAD', 'OPTIONS'];
+        this.sameSite = options.sameSite !== false;
+    }
+    generateToken() {
+        return crypto.randomBytes(this.tokenLength).toString('hex');
+    }
+    verifyToken(token, sessionToken) {
+        return !!(token && sessionToken && token === sessionToken);
+    }
+    async attachToken(req, res) {
+        let token = req._csrfToken;
+        if (!token) {
+            token = this.generateToken();
+            req._csrfToken = token;
+            // Set token in cookie
+            res.cookie(this.cookieName, token, {
+                httpOnly: true,
+                sameSite: this.sameSite ? 'strict' : undefined,
+                secure: req.headers['x-forwarded-proto'] === 'https' || req.socket.encrypted,
+            });
+        }
+        return token;
+    }
+    async validateToken(req) {
+        // Skip verification for safe methods
+        const method = req.method || 'GET';
+        if (this.ignoreMethods.includes(method)) {
+            return;
+        }
+        // Get token from header or body
+        const token = req.headers[this.headerName] ||
+            (req.body && req.body._csrf) ||
+            (req.query && req.query._csrf);
+        // Get session token from cookie
+        const sessionToken = req.cookies?.[this.cookieName];
+        if (!this.verifyToken(token, sessionToken || '')) {
+            const error = new Error('Invalid CSRF token');
+            error.status = 403;
+            error.code = 'CSRF_TOKEN_MISMATCH';
+            throw error;
+        }
+    }
+    getCookieName() {
+        return this.cookieName;
+    }
+}
+//# sourceMappingURL=core.js.map

package/dist/core/middleware/built-in/csrf/core.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"core.js","sourceRoot":"","sources":["../../../../../src/core/middleware/built-in/csrf/core.ts"],"names":[],"mappings":"AAAA,6CAA6C;AAC7C,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAGjE,MAAM,MAAM,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC;AAajD,yBAAyB;AAEzB;;;;GAIG;AACH,MAAM,OAAO,QAAQ;IACX,MAAM,CAAS;IACf,WAAW,CAAS;IACpB,UAAU,CAAS;IACnB,UAAU,CAAS;IACnB,aAAa,CAAW;IACxB,QAAQ,CAAU;IAE1B,YAAY,UAAuB,EAAE;QACnC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,kBAAkB,CAAC;QACnD,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC;QAC7C,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC;QAChD,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,cAAc,CAAC;QACvD,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;QACzE,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,KAAK,KAAK,CAAC;IAC7C,CAAC;IAED,aAAa;QACX,OAAO,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC9D,CAAC;IAED,WAAW,CAAC,KAAa,EAAE,YAAoB;QAC7C,OAAO,CAAC,CAAC,CAAC,KAAK,IAAI,YAAY,IAAI,KAAK,KAAK,YAAY,CAAC,CAAC;IAC7D,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,GAAgB,EAAE,GAAiB;QACnD,IAAI,KAAK,GAAI,GAAW,CAAC,UAAU,CAAC;QAEpC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,KAAK,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;YAC5B,GAAW,CAAC,UAAU,GAAG,KAAK,CAAC;YAEhC,sBAAsB;YACtB,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE;gBACjC,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;gBAC9C,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,KAAK,OAAO,IAAK,GAAG,CAAC,MAAc,CAAC,SAAS;aACtF,CAAC,CAAC;QACL,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,GAAgB;QAClC,qCAAqC;QACrC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,KAAK,CAAC;QACnC,IAAI,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACxC,OAAO;QACT,CAAC;QAED,gCAAgC;QAChC,MAAM,KAAK,GACT,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC;YAC5B,CAAE,GAAW,CAAC,IAAI,IAAK,GAAW,CAAC,IAAI,CAAC,KAAK,CAAC;YAC9C,CAAE,GAAW,CAAC,KAAK,IAAK,GAAW,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEnD,gCAAgC;QAChC,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAEpD,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,KAAe,EAAE,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;YAC3D,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;YAC7C,KAAa,CAAC,MAAM,GAAG,GAAG,CAAC;YAC3B,KAAa,CAAC,IAAI,GAAG,qBAAqB,CAAC;YAC5C,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;CACF"}

package/dist/core/middleware/built-in/csrf/hook.d.ts

@@ -0,0 +1,17 @@
+import { MiddlewareInterface } from '../../../../types/hooks.js';
+import { type CSRFOptions } from './core.js';
+/**
+ * CSRF hook for global usage
+ * Registers with the hooks system for application-wide CSRF protection
+ *
+ * @example
+ * ```ts
+ * import { csrf } from '@/middleware/built-in/csrf';
+ *
+ * app.use(csrf({
+ *   cookieName: '_csrf',
+ *   ignoreMethods: ['GET', 'HEAD', 'OPTIONS']
+ * }));
+ * ```
+ */
+export declare const csrf: (options?: CSRFOptions) => MiddlewareInterface;

package/dist/core/middleware/built-in/csrf/hook.js

@@ -0,0 +1,45 @@
+import { createFrameworkLogger } from '../../../logger/index.js';
+import { CSRFCore } from './core.js';
+const logger = createFrameworkLogger('CSRFMiddleware');
+/**
+ * CSRF hook for global usage
+ * Registers with the hooks system for application-wide CSRF protection
+ *
+ * @example
+ * ```ts
+ * import { csrf } from '@/middleware/built-in/csrf';
+ *
+ * app.use(csrf({
+ *   cookieName: '_csrf',
+ *   ignoreMethods: ['GET', 'HEAD', 'OPTIONS']
+ * }));
+ * ```
+ */
+export const csrf = (options = {}) => ({
+    name: 'csrf',
+    version: '1.0.0',
+    metadata: {
+        name: 'csrf',
+        version: '1.0.0',
+        description: 'CSRF protection middleware with token generation and validation',
+        author: 'MoroJS Team',
+    },
+    install: async (hooks, middlewareOptions = {}) => {
+        logger.debug('Installing CSRF middleware', 'Installation');
+        const config = {
+            ...options,
+            ...middlewareOptions,
+        };
+        const csrfCore = new CSRFCore(config);
+        hooks.before('request', async (context) => {
+            const req = context.request;
+            const res = context.response;
+            // Add CSRF token generation method
+            req.csrfToken = () => csrfCore.attachToken(req, res);
+            // Validate token for non-safe methods
+            await csrfCore.validateToken(req);
+        });
+        logger.info('CSRF middleware installed', 'Installation');
+    },
+});
+//# sourceMappingURL=hook.js.map

package/dist/core/middleware/built-in/csrf/hook.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hook.js","sourceRoot":"","sources":["../../../../../src/core/middleware/built-in/csrf/hook.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,QAAQ,EAAoB,MAAM,WAAW,CAAC;AAEvD,MAAM,MAAM,GAAG,qBAAqB,CAAC,gBAAgB,CAAC,CAAC;AAEvD;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,MAAM,IAAI,GAAG,CAAC,UAAuB,EAAE,EAAuB,EAAE,CAAC,CAAC;IACvE,IAAI,EAAE,MAAM;IACZ,OAAO,EAAE,OAAO;IAChB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,OAAO;QAChB,WAAW,EAAE,iEAAiE;QAC9E,MAAM,EAAE,aAAa;KACtB;IAED,OAAO,EAAE,KAAK,EAAE,KAAU,EAAE,oBAAyB,EAAE,EAAE,EAAE;QACzD,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE,cAAc,CAAC,CAAC;QAE3D,MAAM,MAAM,GAAgB;YAC1B,GAAG,OAAO;YACV,GAAG,iBAAiB;SACrB,CAAC;QAEF,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;QAEtC,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,OAAoB,EAAE,EAAE;YACrD,MAAM,GAAG,GAAG,OAAO,CAAC,OAAc,CAAC;YACnC,MAAM,GAAG,GAAG,OAAO,CAAC,QAAe,CAAC;YAEpC,mCAAmC;YACnC,GAAG,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAErD,sCAAsC;YACtC,MAAM,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE,cAAc,CAAC,CAAC;IAC3D,CAAC;CACF,CAAC,CAAC"}

package/dist/core/middleware/built-in/csrf/index.d.ts

@@ -0,0 +1,3 @@
+export { CSRFCore, type CSRFOptions } from './core.js';
+export { createCSRFMiddleware } from './middleware.js';
+export { csrf } from './hook.js';

package/dist/core/middleware/built-in/csrf/index.js

@@ -0,0 +1,9 @@
+// CSRF - Main entry point
+// Re-exports all public APIs for the CSRF built-in
+// Core (for direct use by router and custom implementations)
+export { CSRFCore } from './core.js';
+// Middleware (for middleware chains)
+export { createCSRFMiddleware } from './middleware.js';
+// Hook (for global registration)
+export { csrf } from './hook.js';
+//# sourceMappingURL=index.js.map

package/dist/core/middleware/built-in/csrf/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/core/middleware/built-in/csrf/index.ts"],"names":[],"mappings":"AAAA,0BAA0B;AAC1B,mDAAmD;AAEnD,6DAA6D;AAC7D,OAAO,EAAE,QAAQ,EAAoB,MAAM,WAAW,CAAC;AAEvD,qCAAqC;AACrC,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAEvD,iCAAiC;AACjC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC"}

package/dist/core/middleware/built-in/csrf/middleware.d.ts

@@ -0,0 +1,16 @@
+import { StandardMiddleware } from '../../../../types/hooks.js';
+import { type CSRFOptions } from './core.js';
+/**
+ * Create CSRF middleware for use in middleware chains
+ *
+ * @example
+ * ```ts
+ * const csrfMw = createCSRFMiddleware({
+ *   cookieName: '_csrf',
+ *   headerName: 'x-csrf-token'
+ * });
+ *
+ * app.use(csrfMw);
+ * ```
+ */
+export declare function createCSRFMiddleware(options?: CSRFOptions): StandardMiddleware;

package/dist/core/middleware/built-in/csrf/middleware.js

@@ -0,0 +1,34 @@
+import { createFrameworkLogger } from '../../../logger/index.js';
+import { CSRFCore } from './core.js';
+const logger = createFrameworkLogger('CSRFMiddleware');
+/**
+ * Create CSRF middleware for use in middleware chains
+ *
+ * @example
+ * ```ts
+ * const csrfMw = createCSRFMiddleware({
+ *   cookieName: '_csrf',
+ *   headerName: 'x-csrf-token'
+ * });
+ *
+ * app.use(csrfMw);
+ * ```
+ */
+export function createCSRFMiddleware(options = {}) {
+    const csrfCore = new CSRFCore(options);
+    return async (req, res, next) => {
+        try {
+            // Add CSRF token generation method
+            req.csrfToken = () => csrfCore.attachToken(req, res);
+            // Validate token for non-safe methods
+            await csrfCore.validateToken(req);
+            // Execute next middleware
+            await next();
+        }
+        catch (error) {
+            logger.error('CSRF middleware error', 'CSRFError', { error });
+            throw error;
+        }
+    };
+}
+//# sourceMappingURL=middleware.js.map

package/dist/core/middleware/built-in/csrf/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../../../src/core/middleware/built-in/csrf/middleware.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAEjE,OAAO,EAAE,QAAQ,EAAoB,MAAM,WAAW,CAAC;AAEvD,MAAM,MAAM,GAAG,qBAAqB,CAAC,gBAAgB,CAAC,CAAC;AAEvD;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,oBAAoB,CAAC,UAAuB,EAAE;IAC5D,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,CAAC;IAEvC,OAAO,KAAK,EAAE,GAAgB,EAAE,GAAiB,EAAE,IAAyB,EAAE,EAAE;QAC9E,IAAI,CAAC;YACH,mCAAmC;YAClC,GAAW,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAE9D,sCAAsC;YACtC,MAAM,QAAQ,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;YAElC,0BAA0B;YAC1B,MAAM,IAAI,EAAE,CAAC;QACf,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,WAAW,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC9D,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/core/middleware/built-in/error-tracker/index.d.ts

@@ -0,0 +1 @@
+export { errorTracker } from './middleware.js';

package/dist/core/middleware/built-in/error-tracker/index.js

@@ -0,0 +1,4 @@
+// Error Tracker - Main entry point
+// Re-exports the error tracker middleware
+export { errorTracker } from './middleware.js';
+//# sourceMappingURL=index.js.map

package/dist/core/middleware/built-in/error-tracker/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/core/middleware/built-in/error-tracker/index.ts"],"names":[],"mappings":"AAAA,mCAAmC;AACnC,0CAA0C;AAE1C,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/core/middleware/built-in/error-tracker/middleware.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Error tracking middleware
+ * Captures and logs errors that occur during request processing
+ *
+ * @example
+ * ```ts
+ * import { errorTracker } from '@/middleware/built-in/error-tracker';
+ *
+ * app.use(errorTracker);
+ * ```
+ */
+export declare const errorTracker: (context: any) => Promise<void>;

package/dist/core/middleware/built-in/error-tracker/middleware.js

@@ -0,0 +1,26 @@
+// Error Tracker Middleware
+import { createFrameworkLogger } from '../../../logger/index.js';
+const logger = createFrameworkLogger('ErrorTracker');
+/**
+ * Error tracking middleware
+ * Captures and logs errors that occur during request processing
+ *
+ * @example
+ * ```ts
+ * import { errorTracker } from '@/middleware/built-in/error-tracker';
+ *
+ * app.use(errorTracker);
+ * ```
+ */
+export const errorTracker = async (context) => {
+    context.onError = (error) => {
+        logger.error('Request error', 'ErrorTracking', {
+            error: error.message,
+            stack: error.stack,
+            url: context.request?.url,
+            method: context.request?.method,
+            timestamp: new Date().toISOString(),
+        });
+    };
+};
+//# sourceMappingURL=middleware.js.map

package/dist/core/middleware/built-in/error-tracker/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../../../src/core/middleware/built-in/error-tracker/middleware.ts"],"names":[],"mappings":"AAAA,2BAA2B;AAC3B,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAEjE,MAAM,MAAM,GAAG,qBAAqB,CAAC,cAAc,CAAC,CAAC;AAErD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,KAAK,EAAE,OAAY,EAAiB,EAAE;IAChE,OAAO,CAAC,OAAO,GAAG,CAAC,KAAY,EAAE,EAAE;QACjC,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,eAAe,EAAE;YAC7C,KAAK,EAAE,KAAK,CAAC,OAAO;YACpB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG;YACzB,MAAM,EAAE,OAAO,CAAC,OAAO,EAAE,MAAM;YAC/B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC,CAAC;AACJ,CAAC,CAAC"}