npm - @morojs/moro - Versions diffs - 1.6.2 → 1.6.3 - Mend

@morojs/moro 1.6.2 → 1.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (366) hide show

package/src/core/middleware/built-in/jwt-helpers.ts DELETED Viewed

@@ -1,243 +0,0 @@
-/**
- * JWT Error Handling Utilities for Custom Middleware
- *
- * This module provides utilities to help users handle JWT errors gracefully
- * in their custom authentication middleware.
- */
-import { resolveUserPackage } from '../../utilities/package-utils.js';
-export interface JWTVerificationResult {
-  success: boolean;
-  payload?: any;
-  error?: {
-    type: 'expired' | 'invalid' | 'malformed' | 'missing_secret' | 'unknown';
-    message: string;
-    expiredAt?: Date;
-    date?: Date;
-  };
-}
-/**
- * Safely verify a JWT token with proper error handling
- *
- * @param token - The JWT token to verify
- * @param secret - The secret key for verification
- * @param options - Additional JWT verification options
- * @returns JWTVerificationResult with success status and payload or error details
- */
-export async function safeVerifyJWT(
-  token: string,
-  secret: string,
-  options: any = {}
-): Promise<JWTVerificationResult> {
-  // Check if jsonwebtoken is available
-  let jwt: any;
-  try {
-    const jwtPath = resolveUserPackage('jsonwebtoken');
-    jwt = await import(jwtPath);
-  } catch (error) {
-    return {
-      success: false,
-      error: {
-        type: 'missing_secret',
-        message:
-          'JWT verification requires the "jsonwebtoken" package. ' +
-          'Please install it with: npm install jsonwebtoken @types/jsonwebtoken',
-      },
-    };
-  }
-  if (!secret) {
-    return {
-      success: false,
-      error: {
-        type: 'missing_secret',
-        message:
-          'JWT verification requires a secret. ' +
-          'Please provide a secret for token verification.',
-      },
-    };
-  }
-  try {
-    const payload = jwt.verify(token, secret, options);
-    return {
-      success: true,
-      payload,
-    };
-  } catch (error: any) {
-    // Handle specific JWT errors gracefully
-    if (error.name === 'TokenExpiredError') {
-      return {
-        success: false,
-        error: {
-          type: 'expired',
-          message: 'JWT token has expired',
-          expiredAt: error.expiredAt,
-        },
-      };
-    } else if (error.name === 'JsonWebTokenError') {
-      return {
-        success: false,
-        error: {
-          type: 'invalid',
-          message: 'Invalid JWT token format or signature',
-        },
-      };
-    } else if (error.name === 'NotBeforeError') {
-      return {
-        success: false,
-        error: {
-          type: 'malformed',
-          message: 'JWT token is not active yet',
-          date: error.date,
-        },
-      };
-    } else {
-      return {
-        success: false,
-        error: {
-          type: 'unknown',
-          message: `JWT verification failed: ${error.message}`,
-        },
-      };
-    }
-  }
-}
-/**
- * Extract JWT token from Authorization header
- *
- * @param authHeader - The Authorization header value
- * @returns The JWT token or null if not found/invalid format
- */
-export function extractJWTFromHeader(authHeader: string | undefined): string | null {
-  if (!authHeader) {
-    return null;
-  }
-  if (!authHeader.startsWith('Bearer ')) {
-    return null;
-  }
-  const token = authHeader.substring(7);
-  return token.trim() || null;
-}
-/**
- * Create a standardized auth middleware error response
- *
- * @param error - The JWT verification error
- * @returns Standardized error response object
- */
-export function createAuthErrorResponse(error: JWTVerificationResult['error']) {
-  if (!error) {
-    return {
-      success: false,
-      error: 'Authentication failed',
-      message: 'Unknown authentication error',
-    };
-  }
-  switch (error.type) {
-    case 'expired':
-      return {
-        success: false,
-        error: 'Token expired',
-        message: 'Your session has expired. Please sign in again.',
-        expiredAt: error.expiredAt,
-      };
-    case 'invalid':
-      return {
-        success: false,
-        error: 'Invalid token',
-        message: 'The provided authentication token is invalid.',
-      };
-    case 'malformed':
-      return {
-        success: false,
-        error: 'Token not ready',
-        message: 'The authentication token is not yet valid.',
-        availableAt: error.date,
-      };
-    case 'missing_secret':
-      return {
-        success: false,
-        error: 'Configuration error',
-        message: 'Authentication service is not properly configured.',
-      };
-    default:
-      return {
-        success: false,
-        error: 'Authentication failed',
-        message: error.message || 'Authentication verification failed.',
-      };
-  }
-}
-/**
- * Example usage for custom middleware with elegant error handling:
- *
- * ```typescript
- * import { safeVerifyJWT, extractJWTFromHeader, createAuthErrorResponse } from '@morojs/moro';
- *
- * const authMiddleware = async (req: any, res: any, next: any) => {
- *   const token = extractJWTFromHeader(req.headers.authorization);
- *
- *   if (!token) {
- *     return res.status(401).json({
- *       success: false,
- *       error: 'Missing token',
- *       message: 'Authorization header with Bearer token is required'
- *     });
- *   }
- *
- *   const result = safeVerifyJWT(token, process.env.JWT_SECRET!);
- *
- *   if (!result.success) {
- *     // This provides elegant, user-friendly error messages instead of stack traces
- *     const errorResponse = createAuthErrorResponse(result.error);
- *     return res.status(401).json(errorResponse);
- *   }
- *
- *   // Token is valid - attach user info to request
- *   req.user = result.payload;
- *   req.auth = {
- *     user: result.payload,
- *     isAuthenticated: true,
- *     token
- *   };
- *
- *   next();
- * };
- * ```
- *
- * Benefits of using safeVerifyJWT vs raw jsonwebtoken.verify():
- *
- * ❌ Raw approach (shows ugly error messages to users):
- * ```typescript
- * try {
- *   const decoded = jwt.verify(token, secret);
- *   req.user = decoded;
- * } catch (error) {
- *   // This exposes technical details and stack traces to users:
- *   // "Invalid token: TokenExpiredError: jwt expired at /node_modules/jsonwebtoken/verify.js:190:21..."
- *   throw error; // BAD - exposes internal details
- * }
- * ```
- *
- * ✅ Safe approach (shows clean, user-friendly messages):
- * ```typescript
- * const result = safeVerifyJWT(token, secret);
- * if (!result.success) {
- *   // This returns clean messages like:
- *   // { "error": "Token expired", "message": "Your session has expired. Please sign in again." }
- *   return res.status(401).json(createAuthErrorResponse(result.error));
- * }
- * ```
- */

package/src/core/middleware/built-in/performance-monitor.ts DELETED Viewed

@@ -1,25 +0,0 @@
-// Performance monitoring middleware
-import { createFrameworkLogger } from '../../logger/index.js';
-const logger = createFrameworkLogger('PerformanceMonitor');
-export const performanceMonitor = async (context: any): Promise<void> => {
-  const startTime = Date.now();
-  context.onComplete = () => {
-    const duration = Date.now() - startTime;
-    // Log slow requests
-    if (duration > 1000) {
-      logger.warn(
-        `Slow request detected: ${context.request?.path} took ${duration}ms`,
-        'SlowRequest',
-        {
-          path: context.request?.path,
-          method: context.request?.method,
-          duration,
-        }
-      );
-    }
-  };
-};

package/src/core/middleware/built-in/rate-limit.ts DELETED Viewed

@@ -1,60 +0,0 @@
-// Rate Limiting Middleware
-import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
-import { createFrameworkLogger } from '../../logger/index.js';
-const logger = createFrameworkLogger('RateLimitMiddleware');
-export const rateLimit = (
-  options: {
-    windowMs?: number;
-    max?: number;
-    message?: string;
-  } = {}
-): MiddlewareInterface => ({
-  name: 'rate-limit',
-  version: '1.0.0',
-  metadata: {
-    name: 'rate-limit',
-    version: '1.0.0',
-    description: 'Rate limiting middleware with configurable windows',
-    author: 'MoroJS Team',
-  },
-  install: async (hooks: any, options: any = {}) => {
-    logger.debug('Installing rate limit middleware', 'Installation', {
-      options,
-    });
-    const windowMs = options.windowMs || 60000; // 1 minute default
-    const max = options.max || 100; // 100 requests per window
-    const clientCounts = new Map();
-    hooks.before('request', async (context: HookContext) => {
-      const req = context.request as any;
-      const clientId = req.connection?.remoteAddress || 'unknown';
-      const now = Date.now();
-      if (!clientCounts.has(clientId)) {
-        clientCounts.set(clientId, { count: 0, resetTime: now + windowMs });
-      }
-      const client = clientCounts.get(clientId);
-      if (now > client.resetTime) {
-        client.count = 0;
-        client.resetTime = now + windowMs;
-      }
-      client.count++;
-      if (client.count > max) {
-        logger.warn(`Rate limit exceeded for ${clientId}`, 'RateLimit', {
-          clientId,
-          count: client.count,
-          max,
-        });
-        throw new Error(options.message || 'Too many requests');
-      }
-    });
-  },
-});

package/src/core/middleware/built-in/request-logger.ts DELETED Viewed

@@ -1,16 +0,0 @@
-// Simple request logging middleware
-import { createFrameworkLogger } from '../../logger/index.js';
-const logger = createFrameworkLogger('RequestLogger');
-export const requestLogger = async (context: any): Promise<void> => {
-  const startTime = Date.now();
-  logger.info(`${context.request?.method} ${context.request?.path}`, 'RequestLogger');
-  // Log completion after response
-  context.onComplete = () => {
-    const duration = Date.now() - startTime;
-    logger.info(`Request completed in ${duration}ms`, 'RequestLogger');
-  };
-};

package/src/core/middleware/built-in/session.ts DELETED Viewed

@@ -1,287 +0,0 @@
-// Session Middleware
-import crypto from 'crypto';
-import { MiddlewareInterface, HookContext } from '../../../types/hooks.js';
-import { createFrameworkLogger } from '../../logger/index.js';
-import { CacheAdapter } from '../../../types/cache.js';
-import { MemoryCacheAdapter } from './adapters/cache/memory.js';
-import { RedisCacheAdapter } from './adapters/cache/redis.js';
-import { FileCacheAdapter } from './adapters/cache/file.js';
-const logger = createFrameworkLogger('SessionMiddleware');
-export interface SessionOptions {
-  // Session store configuration
-  store?: 'memory' | 'redis' | 'file' | CacheAdapter;
-  storeOptions?: {
-    // Redis options
-    host?: string;
-    port?: number;
-    password?: string;
-    keyPrefix?: string;
-    // File options
-    path?: string;
-    // Memory options
-    max?: number;
-  };
-  // Session configuration
-  secret?: string;
-  name?: string; // Session cookie name
-  genid?: () => string; // Session ID generator
-  rolling?: boolean; // Reset expiry on each request
-  resave?: boolean; // Save session even if not modified
-  saveUninitialized?: boolean; // Save new but not modified sessions
-  // Cookie configuration
-  cookie?: {
-    maxAge?: number; // Session timeout in ms
-    expires?: Date; // Absolute expiry
-    httpOnly?: boolean; // Prevent XSS access
-    secure?: boolean; // HTTPS only
-    sameSite?: 'strict' | 'lax' | 'none';
-    domain?: string;
-    path?: string;
-  };
-  // Security
-  proxy?: boolean; // Trust proxy for secure cookies
-  unset?: 'destroy' | 'keep'; // What to do when session is unset
-}
-export interface SessionData {
-  [key: string]: any;
-  cookie?: {
-    originalMaxAge?: number;
-    expires?: Date;
-    secure?: boolean;
-    httpOnly?: boolean;
-    sameSite?: string;
-  };
-}
-class Session {
-  private data: SessionData = {};
-  private id: string;
-  private store: CacheAdapter;
-  private options: SessionOptions;
-  private isNew: boolean = false;
-  private isModified: boolean = false;
-  constructor(id: string, store: CacheAdapter, options: SessionOptions, isNew: boolean = false) {
-    this.id = id;
-    this.store = store;
-    this.options = options;
-    this.isNew = isNew;
-  }
-  // Proxy to make session.prop = value work
-  static create(
-    id: string,
-    store: CacheAdapter,
-    options: SessionOptions,
-    data: SessionData = {},
-    isNew: boolean = false
-  ): Session {
-    const session = new Session(id, store, options, isNew);
-    session.data = data;
-    return new Proxy(session, {
-      get(target, prop) {
-        if (prop in target) {
-          return target[prop as keyof Session];
-        }
-        return target.data[prop as string];
-      },
-      set(target, prop, value) {
-        if (prop in target) {
-          (target as any)[prop] = value;
-        } else {
-          target.data[prop as string] = value;
-          target.isModified = true;
-        }
-        return true;
-      },
-      has(target, prop) {
-        return prop in target || prop in target.data;
-      },
-      deleteProperty(target, prop) {
-        if (prop in target.data) {
-          delete target.data[prop as string];
-          target.isModified = true;
-          return true;
-        }
-        return false;
-      },
-    });
-  }
-  async save(): Promise<void> {
-    if (this.isModified || this.isNew || this.options.resave) {
-      const ttl = this.options.cookie?.maxAge
-        ? Math.floor(this.options.cookie.maxAge / 1000)
-        : 86400; // 24h default
-      await this.store.set(this.id, this.data, ttl);
-      this.isModified = false;
-      this.isNew = false;
-      logger.debug(`Session saved: ${this.id}`, 'SessionSave');
-    }
-  }
-  async destroy(): Promise<void> {
-    await this.store.del(this.id);
-    this.data = {};
-    this.isModified = false;
-    logger.debug(`Session destroyed: ${this.id}`, 'SessionDestroy');
-  }
-  async regenerate(): Promise<string> {
-    await this.destroy();
-    this.id = this.generateId();
-    this.isNew = true;
-    this.isModified = true;
-    logger.debug(`Session regenerated: ${this.id}`, 'SessionRegenerate');
-    return this.id;
-  }
-  async touch(): Promise<void> {
-    if (this.options.rolling) {
-      this.isModified = true;
-      await this.save();
-    }
-  }
-  private generateId(): string {
-    if (this.options.genid) {
-      return this.options.genid();
-    }
-    return crypto.randomBytes(24).toString('hex');
-  }
-  get sessionID(): string {
-    return this.id;
-  }
-}
-export const session = (options: SessionOptions = {}): MiddlewareInterface => ({
-  name: 'session',
-  version: '1.0.0',
-  metadata: {
-    name: 'session',
-    version: '1.0.0',
-    description: 'Session management middleware with multiple store adapters',
-    author: 'MoroJS Team',
-  },
-  install: async (hooks: any, middlewareOptions: any = {}) => {
-    logger.debug('Installing session middleware', 'Installation');
-    // Merge options
-    const config: SessionOptions = {
-      store: 'memory',
-      name: 'connect.sid',
-      secret: 'moro-session-secret',
-      rolling: false,
-      resave: false,
-      saveUninitialized: false,
-      cookie: {
-        maxAge: 24 * 60 * 60 * 1000, // 24 hours
-        httpOnly: true,
-        secure: false,
-        sameSite: 'lax',
-        path: '/',
-      },
-      unset: 'keep',
-      ...options,
-      ...middlewareOptions,
-    };
-    // Initialize store
-    let store: CacheAdapter;
-    if (typeof config.store === 'string') {
-      switch (config.store) {
-        case 'redis':
-          store = new RedisCacheAdapter({
-            keyPrefix: 'sess:',
-            ...config.storeOptions,
-          });
-          break;
-        case 'file':
-          store = new FileCacheAdapter({
-            cacheDir: config.storeOptions?.path || './sessions',
-          });
-          break;
-        case 'memory':
-        default:
-          store = new MemoryCacheAdapter();
-          break;
-      }
-    } else {
-      store = config.store as CacheAdapter;
-    }
-    // Generate session ID
-    const generateSessionId = (): string => {
-      if (config.genid) {
-        return config.genid();
-      }
-      return crypto.randomBytes(24).toString('hex');
-    };
-    hooks.before('request', async (context: HookContext) => {
-      const req = context.request as any;
-      const res = context.response as any;
-      // Get session ID from cookie
-      let sessionId = req.cookies?.[config.name!];
-      let sessionData: SessionData = {};
-      let isNew = false;
-      if (sessionId) {
-        try {
-          sessionData = (await store.get(sessionId)) || {};
-          logger.debug(`Session loaded: ${sessionId}`, 'SessionLoad');
-        } catch (error) {
-          logger.warn(`Failed to load session: ${sessionId}`, 'SessionLoadError', { error });
-          sessionId = generateSessionId();
-          isNew = true;
-        }
-      } else {
-        sessionId = generateSessionId();
-        isNew = true;
-      }
-      // Create session object
-      req.session = Session.create(sessionId, store, config, sessionData, isNew);
-      // Set session cookie
-      if (isNew || config.rolling) {
-        res.cookie(config.name!, sessionId, {
-          ...config.cookie,
-          secure:
-            config.cookie?.secure || (config.proxy && req.headers['x-forwarded-proto'] === 'https'),
-        });
-      }
-    });
-    hooks.after('response', async (context: HookContext) => {
-      const req = context.request as any;
-      if (req.session) {
-        try {
-          if (config.saveUninitialized || !req.session.isNew || req.session.isModified) {
-            await req.session.save();
-          }
-        } catch (error) {
-          logger.error('Failed to save session', 'SessionSaveError', { error });
-        }
-      }
-    });
-    logger.info(`Session middleware installed with ${config.store} store`, 'Installation');
-  },
-});