npm - @morojs/moro - Versions diffs - 1.6.2 → 1.6.3 - Mend

@morojs/moro 1.6.2 → 1.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (366) hide show

package/src/core/middleware/built-in/cdn.ts DELETED Viewed

@@ -1,124 +0,0 @@
-// Built-in CDN Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
-import { CDNAdapter, CDNOptions } from '../../../types/cdn.js';
-import { createFrameworkLogger } from '../../logger/index.js';
-import { createCDNAdapter } from './adapters/cdn/index.js';
-const logger = createFrameworkLogger('CDNMiddleware');
-export const cdn = (options: CDNOptions = {}): MiddlewareInterface => ({
-  name: 'cdn',
-  version: '1.0.0',
-  metadata: {
-    name: 'cdn',
-    version: '1.0.0',
-    description: 'Built-in CDN middleware with pluggable provider adapters',
-    author: 'MoroJS Team',
-  },
-  install: async (hooks: any, middlewareOptions: any = {}) => {
-    logger.debug('Installing CDN middleware', 'Installation');
-    // Initialize CDN adapter
-    let cdnAdapter: CDNAdapter | null = null;
-    if (options.adapter && typeof options.adapter === 'object' && 'purge' in options.adapter) {
-      cdnAdapter = options.adapter as CDNAdapter;
-    } else if (typeof options.adapter === 'string') {
-      cdnAdapter = createCDNAdapter(options.adapter, options.adapterOptions);
-    }
-    if (!cdnAdapter) {
-      logger.warn('No CDN adapter configured, CDN features will be disabled', 'Installation');
-      return;
-    }
-    hooks.before('request', async (context: HookContext) => {
-      const req = context.request as any;
-      const res = context.response as any;
-      // Set CDN headers on all responses
-      if (cdnAdapter) {
-        cdnAdapter.setHeaders(res);
-      }
-      // Add CDN methods to response
-      res.purgeCDN = async (urls?: string[]) => {
-        if (!cdnAdapter) {
-          logger.warn('CDN purge requested but no adapter configured', 'CDNPurge');
-          return;
-        }
-        try {
-          const urlsToPurge = urls || [req.path];
-          await cdnAdapter.purge(urlsToPurge);
-          logger.info(`CDN cache purged: ${urlsToPurge.join(', ')}`, 'CDNPurge');
-        } catch (error) {
-          logger.error('CDN purge failed', 'CDNError', { error, urls });
-          throw error;
-        }
-      };
-      res.prefetchCDN = async (urls: string[]) => {
-        if (!cdnAdapter || !cdnAdapter.prefetch) {
-          logger.warn('CDN prefetch requested but not supported by adapter', 'CDNPrefetch');
-          return;
-        }
-        try {
-          await cdnAdapter.prefetch(urls);
-          logger.info(`CDN prefetch requested: ${urls.join(', ')}`, 'CDNPrefetch');
-        } catch (error) {
-          logger.error('CDN prefetch failed', 'CDNError', { error, urls });
-        }
-      };
-      res.getCDNStats = async () => {
-        if (!cdnAdapter || !cdnAdapter.getStats) {
-          logger.warn('CDN stats requested but not supported by adapter', 'CDNStats');
-          return null;
-        }
-        try {
-          const stats = await cdnAdapter.getStats();
-          logger.debug('CDN stats retrieved', 'CDNStats');
-          return stats;
-        } catch (error) {
-          logger.error('CDN stats retrieval failed', 'CDNError', { error });
-          return null;
-        }
-      };
-    });
-    // Auto-invalidation on certain patterns
-    if (options.autoInvalidate && options.invalidationPatterns) {
-      hooks.after('response', async (context: HookContext) => {
-        const req = context.request as any;
-        const res = context.response as any;
-        // Check if this request matches invalidation patterns
-        const shouldInvalidate = options.invalidationPatterns?.some(pattern => {
-          const regex = new RegExp(pattern);
-          return regex.test(req.path);
-        });
-        if (shouldInvalidate && cdnAdapter) {
-          try {
-            await cdnAdapter.purge([req.path]);
-            logger.debug(`Auto-invalidated CDN cache for: ${req.path}`, 'CDNAutoInvalidate');
-          } catch (error) {
-            logger.error('CDN auto-invalidation failed', 'CDNError', {
-              error,
-              path: req.path,
-            });
-          }
-        }
-      });
-    }
-    logger.info('CDN middleware installed', 'Installation', {
-      adapter: typeof options.adapter === 'string' ? options.adapter : 'custom',
-      autoInvalidate: !!options.autoInvalidate,
-    });
-  },
-});

package/src/core/middleware/built-in/cookie.ts DELETED Viewed

@@ -1,85 +0,0 @@
-// Cookie Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
-import { createFrameworkLogger } from '../../logger/index.js';
-const logger = createFrameworkLogger('CookieMiddleware');
-export interface CookieOptions {
-  maxAge?: number;
-  expires?: Date;
-  httpOnly?: boolean;
-  secure?: boolean;
-  sameSite?: 'strict' | 'lax' | 'none';
-  domain?: string;
-  path?: string;
-}
-export const cookie = (
-  options: {
-    secret?: string;
-    signed?: boolean;
-  } = {}
-): MiddlewareInterface => ({
-  name: 'cookie',
-  version: '1.0.0',
-  metadata: {
-    name: 'cookie',
-    version: '1.0.0',
-    description: 'Cookie parsing and setting middleware with security features',
-    author: 'MoroJS Team',
-  },
-  install: async (hooks: any, options: any = {}) => {
-    logger.debug('Installing cookie middleware', 'Installation');
-    hooks.before('request', async (context: HookContext) => {
-      const req = context.request as any;
-      const res = context.response as any;
-      // Parse cookies from request
-      req.cookies = parseCookies(req.headers.cookie || '');
-      // Add cookie methods to response
-      res.cookie = (name: string, value: string, options: CookieOptions = {}) => {
-        const cookieValue = encodeURIComponent(value);
-        let cookieString = `${name}=${cookieValue}`;
-        if (options.maxAge) cookieString += `; Max-Age=${options.maxAge}`;
-        if (options.expires) cookieString += `; Expires=${options.expires.toUTCString()}`;
-        if (options.httpOnly) cookieString += '; HttpOnly';
-        if (options.secure) cookieString += '; Secure';
-        if (options.sameSite) cookieString += `; SameSite=${options.sameSite}`;
-        if (options.domain) cookieString += `; Domain=${options.domain}`;
-        if (options.path) cookieString += `; Path=${options.path}`;
-        const existingCookies = res.getHeader('Set-Cookie') || [];
-        const cookies = Array.isArray(existingCookies)
-          ? [...existingCookies]
-          : [existingCookies as string];
-        cookies.push(cookieString);
-        res.setHeader('Set-Cookie', cookies);
-        return res;
-      };
-      res.clearCookie = (name: string, options: CookieOptions = {}) => {
-        const clearOptions = { ...options, expires: new Date(0), maxAge: 0 };
-        return res.cookie(name, '', clearOptions);
-      };
-    });
-  },
-});
-function parseCookies(cookieHeader: string): Record<string, string> {
-  const cookies: Record<string, string> = {};
-  if (!cookieHeader) return cookies;
-  cookieHeader.split(';').forEach(cookie => {
-    const [name, value] = cookie.trim().split('=');
-    if (name && value) {
-      cookies[name] = decodeURIComponent(value);
-    }
-  });
-  return cookies;
-}

package/src/core/middleware/built-in/cors.ts DELETED Viewed

@@ -1,38 +0,0 @@
-// CORS Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
-import { createFrameworkLogger } from '../../logger/index.js';
-const logger = createFrameworkLogger('CorsMiddleware');
-export const cors = (options: any = {}): MiddlewareInterface => ({
-  name: 'cors',
-  version: '1.0.0',
-  metadata: {
-    name: 'cors',
-    version: '1.0.0',
-    description: 'Cross-Origin Resource Sharing middleware',
-    author: 'MoroJS Team',
-  },
-  install: async (hooks: any, options: any = {}) => {
-    logger.debug('Installing CORS middleware', 'Installation', { options });
-    hooks.before('request', async (context: HookContext) => {
-      const response = context.response as any;
-      response.setHeader('Access-Control-Allow-Origin', options.origin || '*');
-      response.setHeader(
-        'Access-Control-Allow-Methods',
-        options.methods || 'GET,POST,PUT,DELETE,OPTIONS'
-      );
-      response.setHeader(
-        'Access-Control-Allow-Headers',
-        options.headers || 'Content-Type,Authorization'
-      );
-      if (options.credentials) {
-        response.setHeader('Access-Control-Allow-Credentials', 'true');
-      }
-    });
-  },
-});

package/src/core/middleware/built-in/csp.ts DELETED Viewed

@@ -1,101 +0,0 @@
-// Content Security Policy Middleware
-import crypto from 'crypto';
-import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
-import { createFrameworkLogger } from '../../logger/index.js';
-const logger = createFrameworkLogger('CSPMiddleware');
-export const csp = (
-  options: {
-    directives?: {
-      defaultSrc?: string[];
-      scriptSrc?: string[];
-      styleSrc?: string[];
-      imgSrc?: string[];
-      connectSrc?: string[];
-      fontSrc?: string[];
-      objectSrc?: string[];
-      mediaSrc?: string[];
-      frameSrc?: string[];
-      childSrc?: string[];
-      workerSrc?: string[];
-      formAction?: string[];
-      upgradeInsecureRequests?: boolean;
-      blockAllMixedContent?: boolean;
-    };
-    reportOnly?: boolean;
-    reportUri?: string;
-    nonce?: boolean;
-  } = {}
-): MiddlewareInterface => ({
-  name: 'csp',
-  version: '1.0.0',
-  metadata: {
-    name: 'csp',
-    version: '1.0.0',
-    description: 'Content Security Policy middleware with nonce support and violation reporting',
-    author: 'MoroJS Team',
-  },
-  install: async (hooks: any, middlewareOptions: any = {}) => {
-    logger.debug('Installing CSP middleware', 'Installation');
-    hooks.before('request', async (context: HookContext) => {
-      const req = context.request as any;
-      const res = context.response as any;
-      const directives = options.directives || {
-        defaultSrc: ["'self'"],
-        scriptSrc: ["'self'"],
-        styleSrc: ["'self'", "'unsafe-inline'"],
-        imgSrc: ["'self'", 'data:', 'https:'],
-        connectSrc: ["'self'"],
-        fontSrc: ["'self'"],
-        objectSrc: ["'none'"],
-        mediaSrc: ["'self'"],
-        frameSrc: ["'none'"],
-      };
-      // Generate nonce if requested
-      let nonce: string | undefined;
-      if (options.nonce) {
-        nonce = crypto.randomBytes(16).toString('base64');
-        req.cspNonce = nonce;
-      }
-      // Build CSP header value
-      const cspParts: string[] = [];
-      for (const [directive, sources] of Object.entries(directives)) {
-        if (directive === 'upgradeInsecureRequests' && sources === true) {
-          cspParts.push('upgrade-insecure-requests');
-        } else if (directive === 'blockAllMixedContent' && sources === true) {
-          cspParts.push('block-all-mixed-content');
-        } else if (Array.isArray(sources)) {
-          let sourceList = sources.join(' ');
-          // Add nonce to script-src and style-src if enabled
-          if (nonce && (directive === 'scriptSrc' || directive === 'styleSrc')) {
-            sourceList += ` 'nonce-${nonce}'`;
-          }
-          // Convert camelCase to kebab-case
-          const kebabDirective = directive.replace(/([A-Z])/g, '-$1').toLowerCase();
-          cspParts.push(`${kebabDirective} ${sourceList}`);
-        }
-      }
-      // Add report-uri if specified
-      if (options.reportUri) {
-        cspParts.push(`report-uri ${options.reportUri}`);
-      }
-      const cspValue = cspParts.join('; ');
-      const headerName = options.reportOnly
-        ? 'Content-Security-Policy-Report-Only'
-        : 'Content-Security-Policy';
-      res.setHeader(headerName, cspValue);
-    });
-  },
-});

package/src/core/middleware/built-in/csrf.ts DELETED Viewed

@@ -1,82 +0,0 @@
-// CSRF Protection Middleware
-import crypto from 'crypto';
-import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
-import { createFrameworkLogger } from '../../logger/index.js';
-const logger = createFrameworkLogger('CSRFMiddleware');
-export const csrf = (
-  options: {
-    secret?: string;
-    tokenLength?: number;
-    cookieName?: string;
-    headerName?: string;
-    ignoreMethods?: string[];
-    sameSite?: boolean;
-  } = {}
-): MiddlewareInterface => ({
-  name: 'csrf',
-  version: '1.0.0',
-  metadata: {
-    name: 'csrf',
-    version: '1.0.0',
-    description: 'CSRF protection middleware with token generation and validation',
-    author: 'MoroJS Team',
-  },
-  install: async (hooks: any, middlewareOptions: any = {}) => {
-    logger.debug('Installing CSRF middleware', 'Installation');
-    const secret = options.secret || 'moro-csrf-secret';
-    const tokenLength = options.tokenLength || 32;
-    const cookieName = options.cookieName || '_csrf';
-    const headerName = options.headerName || 'x-csrf-token';
-    const ignoreMethods = options.ignoreMethods || ['GET', 'HEAD', 'OPTIONS'];
-    const generateToken = () => {
-      return crypto.randomBytes(tokenLength).toString('hex');
-    };
-    const verifyToken = (token: string, sessionToken: string) => {
-      return token && sessionToken && token === sessionToken;
-    };
-    hooks.before('request', async (context: HookContext) => {
-      const req = context.request as any;
-      const res = context.response as any;
-      // Add CSRF token generation method
-      req.csrfToken = () => {
-        if (!req._csrfToken) {
-          req._csrfToken = generateToken();
-          // Set token in cookie
-          res.cookie(cookieName, req._csrfToken, {
-            httpOnly: true,
-            sameSite: options.sameSite !== false ? 'strict' : undefined,
-            secure: req.headers['x-forwarded-proto'] === 'https' || (req.socket as any).encrypted,
-          });
-        }
-        return req._csrfToken;
-      };
-      // Skip verification for safe methods
-      if (ignoreMethods.includes(req.method!)) {
-        return;
-      }
-      // Get token from header or body
-      const token =
-        req.headers[headerName] || (req.body && req.body._csrf) || (req.query && req.query._csrf);
-      // Get session token from cookie
-      const sessionToken = req.cookies?.[cookieName];
-      if (!verifyToken(token as string, sessionToken || '')) {
-        const error = new Error('Invalid CSRF token');
-        (error as any).status = 403;
-        (error as any).code = 'CSRF_TOKEN_MISMATCH';
-        throw error;
-      }
-    });
-  },
-});

package/src/core/middleware/built-in/error-tracker.ts DELETED Viewed

@@ -1,16 +0,0 @@
-// Error tracking middleware
-import { createFrameworkLogger } from '../../logger/index.js';
-const logger = createFrameworkLogger('ErrorTracker');
-export const errorTracker = async (context: any): Promise<void> => {
-  context.onError = (error: Error) => {
-    logger.error('Request error', 'ErrorTracking', {
-      error: error.message,
-      stack: error.stack,
-      url: context.request?.url,
-      method: context.request?.method,
-      timestamp: new Date().toISOString(),
-    });
-  };
-};

package/src/core/middleware/built-in/index.ts DELETED Viewed

@@ -1,87 +0,0 @@
-// Built-in Middleware Exports
-export { auth } from './auth.js';
-export { rateLimit } from './rate-limit.js';
-export { cors } from './cors.js';
-export { validation } from './validation.js';
-export { requestLogger } from './request-logger.js';
-export { performanceMonitor } from './performance-monitor.js';
-export { errorTracker } from './error-tracker.js';
-// Advanced Security & Performance Middleware
-export { cookie } from './cookie.js';
-export { csrf } from './csrf.js';
-export { csp } from './csp.js';
-export { sse } from './sse.js';
-export { session } from './session.js';
-// Clean Architecture Middleware
-export { cache } from './cache.js';
-export { cdn } from './cdn.js';
-// Auth Helpers and Extended Providers
-export {
-  requireAuth,
-  requireRole,
-  requirePermission,
-  requireAdmin,
-  guestOnly,
-  optionalAuth,
-  withAuth,
-  protectedRoute,
-  authUtils,
-  authResponses,
-  sessionHelpers,
-} from './auth-helpers.js';
-// JWT Utilities for Custom Middleware
-export {
-  safeVerifyJWT,
-  extractJWTFromHeader,
-  createAuthErrorResponse,
-  type JWTVerificationResult,
-} from './jwt-helpers.js';
-export {
-  extendedProviders,
-  enterpriseProviders,
-  createCustomOAuthProvider,
-  createCustomOIDCProvider,
-} from './auth-providers.js';
-// Import for collections
-import { auth } from './auth.js';
-import { rateLimit } from './rate-limit.js';
-import { cors } from './cors.js';
-import { validation } from './validation.js';
-import { requestLogger } from './request-logger.js';
-import { performanceMonitor } from './performance-monitor.js';
-import { errorTracker } from './error-tracker.js';
-import { cookie } from './cookie.js';
-import { csrf } from './csrf.js';
-import { csp } from './csp.js';
-import { sse } from './sse.js';
-import { session } from './session.js';
-import { cache } from './cache.js';
-import { cdn } from './cdn.js';
-export const builtInMiddleware = {
-  auth,
-  rateLimit,
-  cors,
-  validation,
-  // Advanced middleware
-  cookie,
-  csrf,
-  csp,
-  sse,
-  session,
-  // Clean architecture middleware
-  cache,
-  cdn,
-};
-export const simpleMiddleware = {
-  requestLogger,
-  performanceMonitor,
-  errorTracker,
-};