@morojs/moro 1.6.1 → 1.6.3

package/src/core/middleware/built-in/cookie.ts

@@ -1,85 +0,0 @@
-// Cookie Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { createFrameworkLogger } from '../../logger';
-
-const logger = createFrameworkLogger('CookieMiddleware');
-
-export interface CookieOptions {
-  maxAge?: number;
-  expires?: Date;
-  httpOnly?: boolean;
-  secure?: boolean;
-  sameSite?: 'strict' | 'lax' | 'none';
-  domain?: string;
-  path?: string;
-}
-
-export const cookie = (
-  options: {
-    secret?: string;
-    signed?: boolean;
-  } = {}
-): MiddlewareInterface => ({
-  name: 'cookie',
-  version: '1.0.0',
-  metadata: {
-    name: 'cookie',
-    version: '1.0.0',
-    description: 'Cookie parsing and setting middleware with security features',
-    author: 'MoroJS Team',
-  },
-
-  install: async (hooks: any, options: any = {}) => {
-    logger.debug('Installing cookie middleware', 'Installation');
-
-    hooks.before('request', async (context: HookContext) => {
-      const req = context.request as any;
-      const res = context.response as any;
-
-      // Parse cookies from request
-      req.cookies = parseCookies(req.headers.cookie || '');
-
-      // Add cookie methods to response
-      res.cookie = (name: string, value: string, options: CookieOptions = {}) => {
-        const cookieValue = encodeURIComponent(value);
-        let cookieString = `${name}=${cookieValue}`;
-
-        if (options.maxAge) cookieString += `; Max-Age=${options.maxAge}`;
-        if (options.expires) cookieString += `; Expires=${options.expires.toUTCString()}`;
-        if (options.httpOnly) cookieString += '; HttpOnly';
-        if (options.secure) cookieString += '; Secure';
-        if (options.sameSite) cookieString += `; SameSite=${options.sameSite}`;
-        if (options.domain) cookieString += `; Domain=${options.domain}`;
-        if (options.path) cookieString += `; Path=${options.path}`;
-
-        const existingCookies = res.getHeader('Set-Cookie') || [];
-        const cookies = Array.isArray(existingCookies)
-          ? [...existingCookies]
-          : [existingCookies as string];
-        cookies.push(cookieString);
-        res.setHeader('Set-Cookie', cookies);
-
-        return res;
-      };
-
-      res.clearCookie = (name: string, options: CookieOptions = {}) => {
-        const clearOptions = { ...options, expires: new Date(0), maxAge: 0 };
-        return res.cookie(name, '', clearOptions);
-      };
-    });
-  },
-});
-
-function parseCookies(cookieHeader: string): Record<string, string> {
-  const cookies: Record<string, string> = {};
-  if (!cookieHeader) return cookies;
-
-  cookieHeader.split(';').forEach(cookie => {
-    const [name, value] = cookie.trim().split('=');
-    if (name && value) {
-      cookies[name] = decodeURIComponent(value);
-    }
-  });
-
-  return cookies;
-}

package/src/core/middleware/built-in/cors.ts

@@ -1,38 +0,0 @@
-// CORS Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { createFrameworkLogger } from '../../logger';
-
-const logger = createFrameworkLogger('CorsMiddleware');
-
-export const cors = (options: any = {}): MiddlewareInterface => ({
-  name: 'cors',
-  version: '1.0.0',
-  metadata: {
-    name: 'cors',
-    version: '1.0.0',
-    description: 'Cross-Origin Resource Sharing middleware',
-    author: 'MoroJS Team',
-  },
-
-  install: async (hooks: any, options: any = {}) => {
-    logger.debug('Installing CORS middleware', 'Installation', { options });
-
-    hooks.before('request', async (context: HookContext) => {
-      const response = context.response as any;
-
-      response.setHeader('Access-Control-Allow-Origin', options.origin || '*');
-      response.setHeader(
-        'Access-Control-Allow-Methods',
-        options.methods || 'GET,POST,PUT,DELETE,OPTIONS'
-      );
-      response.setHeader(
-        'Access-Control-Allow-Headers',
-        options.headers || 'Content-Type,Authorization'
-      );
-
-      if (options.credentials) {
-        response.setHeader('Access-Control-Allow-Credentials', 'true');
-      }
-    });
-  },
-});

package/src/core/middleware/built-in/csp.ts

@@ -1,101 +0,0 @@
-// Content Security Policy Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { createFrameworkLogger } from '../../logger';
-
-const logger = createFrameworkLogger('CSPMiddleware');
-
-export const csp = (
-  options: {
-    directives?: {
-      defaultSrc?: string[];
-      scriptSrc?: string[];
-      styleSrc?: string[];
-      imgSrc?: string[];
-      connectSrc?: string[];
-      fontSrc?: string[];
-      objectSrc?: string[];
-      mediaSrc?: string[];
-      frameSrc?: string[];
-      childSrc?: string[];
-      workerSrc?: string[];
-      formAction?: string[];
-      upgradeInsecureRequests?: boolean;
-      blockAllMixedContent?: boolean;
-    };
-    reportOnly?: boolean;
-    reportUri?: string;
-    nonce?: boolean;
-  } = {}
-): MiddlewareInterface => ({
-  name: 'csp',
-  version: '1.0.0',
-  metadata: {
-    name: 'csp',
-    version: '1.0.0',
-    description: 'Content Security Policy middleware with nonce support and violation reporting',
-    author: 'MoroJS Team',
-  },
-
-  install: async (hooks: any, middlewareOptions: any = {}) => {
-    logger.debug('Installing CSP middleware', 'Installation');
-
-    hooks.before('request', async (context: HookContext) => {
-      const req = context.request as any;
-      const res = context.response as any;
-
-      const directives = options.directives || {
-        defaultSrc: ["'self'"],
-        scriptSrc: ["'self'"],
-        styleSrc: ["'self'", "'unsafe-inline'"],
-        imgSrc: ["'self'", 'data:', 'https:'],
-        connectSrc: ["'self'"],
-        fontSrc: ["'self'"],
-        objectSrc: ["'none'"],
-        mediaSrc: ["'self'"],
-        frameSrc: ["'none'"],
-      };
-
-      // Generate nonce if requested
-      let nonce: string | undefined;
-      if (options.nonce) {
-        const crypto = require('crypto');
-        nonce = crypto.randomBytes(16).toString('base64');
-        req.cspNonce = nonce;
-      }
-
-      // Build CSP header value
-      const cspParts: string[] = [];
-
-      for (const [directive, sources] of Object.entries(directives)) {
-        if (directive === 'upgradeInsecureRequests' && sources === true) {
-          cspParts.push('upgrade-insecure-requests');
-        } else if (directive === 'blockAllMixedContent' && sources === true) {
-          cspParts.push('block-all-mixed-content');
-        } else if (Array.isArray(sources)) {
-          let sourceList = sources.join(' ');
-
-          // Add nonce to script-src and style-src if enabled
-          if (nonce && (directive === 'scriptSrc' || directive === 'styleSrc')) {
-            sourceList += ` 'nonce-${nonce}'`;
-          }
-
-          // Convert camelCase to kebab-case
-          const kebabDirective = directive.replace(/([A-Z])/g, '-$1').toLowerCase();
-          cspParts.push(`${kebabDirective} ${sourceList}`);
-        }
-      }
-
-      // Add report-uri if specified
-      if (options.reportUri) {
-        cspParts.push(`report-uri ${options.reportUri}`);
-      }
-
-      const cspValue = cspParts.join('; ');
-      const headerName = options.reportOnly
-        ? 'Content-Security-Policy-Report-Only'
-        : 'Content-Security-Policy';
-
-      res.setHeader(headerName, cspValue);
-    });
-  },
-});

package/src/core/middleware/built-in/csrf.ts

@@ -1,82 +0,0 @@
-// CSRF Protection Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { createFrameworkLogger } from '../../logger';
-
-const logger = createFrameworkLogger('CSRFMiddleware');
-
-export const csrf = (
-  options: {
-    secret?: string;
-    tokenLength?: number;
-    cookieName?: string;
-    headerName?: string;
-    ignoreMethods?: string[];
-    sameSite?: boolean;
-  } = {}
-): MiddlewareInterface => ({
-  name: 'csrf',
-  version: '1.0.0',
-  metadata: {
-    name: 'csrf',
-    version: '1.0.0',
-    description: 'CSRF protection middleware with token generation and validation',
-    author: 'MoroJS Team',
-  },
-
-  install: async (hooks: any, middlewareOptions: any = {}) => {
-    logger.debug('Installing CSRF middleware', 'Installation');
-
-    const secret = options.secret || 'moro-csrf-secret';
-    const tokenLength = options.tokenLength || 32;
-    const cookieName = options.cookieName || '_csrf';
-    const headerName = options.headerName || 'x-csrf-token';
-    const ignoreMethods = options.ignoreMethods || ['GET', 'HEAD', 'OPTIONS'];
-
-    const generateToken = () => {
-      const crypto = require('crypto');
-      return crypto.randomBytes(tokenLength).toString('hex');
-    };
-
-    const verifyToken = (token: string, sessionToken: string) => {
-      return token && sessionToken && token === sessionToken;
-    };
-
-    hooks.before('request', async (context: HookContext) => {
-      const req = context.request as any;
-      const res = context.response as any;
-
-      // Add CSRF token generation method
-      req.csrfToken = () => {
-        if (!req._csrfToken) {
-          req._csrfToken = generateToken();
-          // Set token in cookie
-          res.cookie(cookieName, req._csrfToken, {
-            httpOnly: true,
-            sameSite: options.sameSite !== false ? 'strict' : undefined,
-            secure: req.headers['x-forwarded-proto'] === 'https' || (req.socket as any).encrypted,
-          });
-        }
-        return req._csrfToken;
-      };
-
-      // Skip verification for safe methods
-      if (ignoreMethods.includes(req.method!)) {
-        return;
-      }
-
-      // Get token from header or body
-      const token =
-        req.headers[headerName] || (req.body && req.body._csrf) || (req.query && req.query._csrf);
-
-      // Get session token from cookie
-      const sessionToken = req.cookies?.[cookieName];
-
-      if (!verifyToken(token as string, sessionToken || '')) {
-        const error = new Error('Invalid CSRF token');
-        (error as any).status = 403;
-        (error as any).code = 'CSRF_TOKEN_MISMATCH';
-        throw error;
-      }
-    });
-  },
-});

package/src/core/middleware/built-in/error-tracker.ts

@@ -1,16 +0,0 @@
-// Error tracking middleware
-import { createFrameworkLogger } from '../../logger';
-
-const logger = createFrameworkLogger('ErrorTracker');
-
-export const errorTracker = async (context: any): Promise<void> => {
-  context.onError = (error: Error) => {
-    logger.error('Request error', 'ErrorTracking', {
-      error: error.message,
-      stack: error.stack,
-      url: context.request?.url,
-      method: context.request?.method,
-      timestamp: new Date().toISOString(),
-    });
-  };
-};

package/src/core/middleware/built-in/index.ts

@@ -1,79 +0,0 @@
-// Built-in Middleware Exports
-export { auth } from './auth';
-export { rateLimit } from './rate-limit';
-export { cors } from './cors';
-export { validation } from './validation';
-export { requestLogger } from './request-logger';
-export { performanceMonitor } from './performance-monitor';
-export { errorTracker } from './error-tracker';
-
-// Advanced Security & Performance Middleware
-export { cookie } from './cookie';
-export { csrf } from './csrf';
-export { csp } from './csp';
-export { sse } from './sse';
-export { session } from './session';
-
-// Clean Architecture Middleware
-export { cache } from './cache';
-export { cdn } from './cdn';
-
-// Auth Helpers and Extended Providers
-export {
-  requireAuth,
-  requireRole,
-  requirePermission,
-  requireAdmin,
-  guestOnly,
-  optionalAuth,
-  withAuth,
-  protectedRoute,
-  authUtils,
-  authResponses,
-  sessionHelpers,
-} from './auth-helpers';
-
-export {
-  extendedProviders,
-  enterpriseProviders,
-  createCustomOAuthProvider,
-  createCustomOIDCProvider,
-} from './auth-providers';
-
-// Import for collections
-import { auth } from './auth';
-import { rateLimit } from './rate-limit';
-import { cors } from './cors';
-import { validation } from './validation';
-import { requestLogger } from './request-logger';
-import { performanceMonitor } from './performance-monitor';
-import { errorTracker } from './error-tracker';
-import { cookie } from './cookie';
-import { csrf } from './csrf';
-import { csp } from './csp';
-import { sse } from './sse';
-import { session } from './session';
-import { cache } from './cache';
-import { cdn } from './cdn';
-
-export const builtInMiddleware = {
-  auth,
-  rateLimit,
-  cors,
-  validation,
-  // Advanced middleware
-  cookie,
-  csrf,
-  csp,
-  sse,
-  session,
-  // Clean architecture middleware
-  cache,
-  cdn,
-};
-
-export const simpleMiddleware = {
-  requestLogger,
-  performanceMonitor,
-  errorTracker,
-};

package/src/core/middleware/built-in/performance-monitor.ts

@@ -1,25 +0,0 @@
-// Performance monitoring middleware
-import { createFrameworkLogger } from '../../logger';
-
-const logger = createFrameworkLogger('PerformanceMonitor');
-
-export const performanceMonitor = async (context: any): Promise<void> => {
-  const startTime = Date.now();
-
-  context.onComplete = () => {
-    const duration = Date.now() - startTime;
-
-    // Log slow requests
-    if (duration > 1000) {
-      logger.warn(
-        `Slow request detected: ${context.request?.path} took ${duration}ms`,
-        'SlowRequest',
-        {
-          path: context.request?.path,
-          method: context.request?.method,
-          duration,
-        }
-      );
-    }
-  };
-};

package/src/core/middleware/built-in/rate-limit.ts

@@ -1,60 +0,0 @@
-// Rate Limiting Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks';
-import { createFrameworkLogger } from '../../logger';
-
-const logger = createFrameworkLogger('RateLimitMiddleware');
-
-export const rateLimit = (
-  options: {
-    windowMs?: number;
-    max?: number;
-    message?: string;
-  } = {}
-): MiddlewareInterface => ({
-  name: 'rate-limit',
-  version: '1.0.0',
-  metadata: {
-    name: 'rate-limit',
-    version: '1.0.0',
-    description: 'Rate limiting middleware with configurable windows',
-    author: 'MoroJS Team',
-  },
-
-  install: async (hooks: any, options: any = {}) => {
-    logger.debug('Installing rate limit middleware', 'Installation', {
-      options,
-    });
-
-    const windowMs = options.windowMs || 60000; // 1 minute default
-    const max = options.max || 100; // 100 requests per window
-    const clientCounts = new Map();
-
-    hooks.before('request', async (context: HookContext) => {
-      const req = context.request as any;
-      const clientId = req.connection?.remoteAddress || 'unknown';
-      const now = Date.now();
-
-      if (!clientCounts.has(clientId)) {
-        clientCounts.set(clientId, { count: 0, resetTime: now + windowMs });
-      }
-
-      const client = clientCounts.get(clientId);
-
-      if (now > client.resetTime) {
-        client.count = 0;
-        client.resetTime = now + windowMs;
-      }
-
-      client.count++;
-
-      if (client.count > max) {
-        logger.warn(`Rate limit exceeded for ${clientId}`, 'RateLimit', {
-          clientId,
-          count: client.count,
-          max,
-        });
-        throw new Error(options.message || 'Too many requests');
-      }
-    });
-  },
-});

package/src/core/middleware/built-in/request-logger.ts

@@ -1,14 +0,0 @@
-// Simple request logging middleware
-import { logger } from '../../logger';
-
-export const requestLogger = async (context: any): Promise<void> => {
-  const startTime = Date.now();
-
-  logger.info(`${context.request?.method} ${context.request?.path}`, 'RequestLogger');
-
-  // Log completion after response
-  context.onComplete = () => {
-    const duration = Date.now() - startTime;
-    logger.info(`Request completed in ${duration}ms`, 'RequestLogger');
-  };
-};