@mpen/routekit 0.1.0 → 0.1.1

package/src/router/middleware/accept-ctx.test.ts

@@ -1,33 +0,0 @@
-#!/usr/bin/env -S bun test
-import { describe, expect, it } from 'bun:test'
-import { HttpMethod } from '@mpen/http'
-import { Router } from '../router'
-import { acceptCtx } from './accept-ctx'
-
-describe(acceptCtx.name, () => {
-    it('adds parsed Accept header values to the context', async () => {
-        const router = new Router()
-
-        router.use(acceptCtx())
-        router.add({
-            method: HttpMethod.GET,
-            path: '/',
-            handler: ({ accept }) => new Response(JSON.stringify(accept)),
-        })
-
-        const request = new Request('https://example.com/', {
-            headers: {
-                accept: 'text/plain;q=0.5, application/json, text/html;q=0.9,application/yaml;q=1',
-            },
-        })
-
-        const response = await router.fetch(request)
-
-        expect(await response.json()).toEqual([
-            { type: 'application/json', q: 1 },
-            { type: 'application/yaml', q: 1 },
-            { type: 'text/html', q: 0.9 },
-            { type: 'text/plain', q: 0.5 },
-        ])
-    })
-})

package/src/router/middleware/accept-ctx.ts

@@ -1,12 +0,0 @@
-import type { AcceptMediaRange, ContextMiddleware } from '../types'
-import { parseAcceptHeader } from '../lib/media-type'
-
-/**
- * Attach parsed Accept header values to the request context.
- *
- * @returns Middleware that adds `accept` to the request context.
- */
-export const acceptCtx = (): ContextMiddleware<{ accept: AcceptMediaRange[] }> => (ctx) => {
-    const header = ctx.request.headers.get('accept')
-    ctx.accept = parseAcceptHeader(header ?? '*/*')
-}

package/src/router/middleware/body-limit.test.ts

@@ -1,112 +0,0 @@
-#!/usr/bin/env -S bun test
-import { describe, expect, it, mock } from 'bun:test'
-import { HttpMethod, HttpStatus } from '@mpen/http'
-import { Router } from '../router'
-import { bodyLimit } from './body-limit'
-
-const encoder = new TextEncoder()
-
-function makeStream(chunks: string[]): ReadableStream<Uint8Array> {
-    return new ReadableStream<Uint8Array>({
-        start(controller) {
-            for (const chunk of chunks) {
-                controller.enqueue(encoder.encode(chunk))
-            }
-            controller.close()
-        },
-    })
-}
-
-describe(bodyLimit.name, () => {
-    it('rejects immediately when Content-Length exceeds maxSize', async () => {
-        const router = new Router()
-        const handler = mock(() => new Response('ok'))
-
-        router.use(bodyLimit({ maxSize: 9 }))
-        router.add({ method: HttpMethod.POST, path: '/upload', handler })
-
-        const request = new Request('https://example.com/upload', {
-            method: HttpMethod.POST,
-            headers: { 'content-length': '10' },
-            body: makeStream(['ok']),
-        })
-
-        const response = await router.fetch(request)
-
-        expect(response.status).toBe(HttpStatus.PAYLOAD_TOO_LARGE)
-        expect(handler).not.toHaveBeenCalled()
-    })
-
-    it('rejects when the streamed body exceeds maxSize', async () => {
-        const router = new Router()
-
-        router.use(bodyLimit({ maxSize: 4 }))
-        router.add({
-            method: HttpMethod.POST,
-            path: '/upload',
-            handler: async ({ request }) => new Response(await request.body.text()),
-        })
-
-        const request = new Request('https://example.com/upload', {
-            method: HttpMethod.POST,
-            body: makeStream(['1234', '5']),
-        })
-
-        const response = await router.fetch(request)
-
-        expect(response.status).toBe(HttpStatus.PAYLOAD_TOO_LARGE)
-    })
-
-    it('rejects when Content-Length does not match the received bytes', async () => {
-        const router = new Router()
-
-        router.use(bodyLimit({ maxSize: 10 }))
-        router.add({
-            method: HttpMethod.POST,
-            path: '/upload',
-            handler: async ({ request }) => new Response(await request.body.text()),
-        })
-
-        const request = new Request('https://example.com/upload', {
-            method: HttpMethod.POST,
-            headers: { 'content-length': '4' },
-            body: makeStream(['abc']),
-        })
-
-        const response = await router.fetch(request)
-
-        expect(response.status).toBe(HttpStatus.BAD_REQUEST)
-    })
-
-    it('allows requests within the limit and matching Content-Length', async () => {
-        const router = new Router()
-
-        router.use(bodyLimit({ maxSize: 10 }))
-        router.add({
-            method: HttpMethod.POST,
-            path: '/upload',
-            handler: async ({ request }) => new Response(await request.body.text()),
-        })
-
-        const request = new Request('https://example.com/upload', {
-            method: HttpMethod.POST,
-            headers: { 'content-length': '5' },
-            body: makeStream(['hello']),
-        })
-
-        const response = await router.fetch(request)
-
-        expect(response.status).toBe(HttpStatus.OK)
-        expect(await response.text()).toBe('hello')
-    })
-
-    it('declares its rejection responses on affected routes', () => {
-        const router = new Router().use(bodyLimit({ maxSize: 10 }))
-        router.add({ method: HttpMethod.POST, path: '/upload', handler: () => new Response() })
-
-        expect(router.getRoutes()[0]?.schema?.response?.body).toEqual({
-            [HttpStatus.BAD_REQUEST]: { type: 'string' },
-            [HttpStatus.PAYLOAD_TOO_LARGE]: { type: 'string' },
-        })
-    })
-})

package/src/router/middleware/body-limit.ts

@@ -1,121 +0,0 @@
-import { HttpStatus } from '@mpen/http'
-import { RequestBodyLengthMismatchError, RequestBodyTooLargeError } from '../request'
-import { text } from '../response/formats/content'
-import { defineMiddleware, type DeclaredMiddleware } from './define'
-import type { AnyContext } from '../types'
-
-export interface MaxContentSizeOptions {
-    maxSize: number
-}
-
-const utf8encoder = new TextEncoder()
-
-function parseContentLength(value: string | null): number | null {
-    if (!value) return null
-    const trimmed = value.trim()
-    if (!trimmed) return null
-    const parsed = Number(trimmed)
-    if (!Number.isFinite(parsed) || !Number.isInteger(parsed) || parsed < 0) return null
-    return parsed
-}
-
-function chunkByteLength(chunk: Uint8Array | string): number {
-    if (typeof chunk === 'string') return utf8encoder.encode(chunk).length
-    return chunk.byteLength
-}
-
-/**
- * Enforce a maximum request body size while preserving access to the incoming stream.
- *
- * @example
- * ```ts
- * router.use(bodyLimit({maxSize: 1024 * 1024}))
- * ```
- *
- * @param options - Configuration for maximum request body size enforcement.
- * @returns Middleware that rejects oversized bodies and mismatched Content-Length values.
- */
-export function bodyLimit<Ctx extends object = AnyContext>(
-    options: MaxContentSizeOptions,
-): DeclaredMiddleware<{}, Ctx> {
-    const textResponse = {
-        schema: { type: 'string' },
-        parse(value: unknown): string {
-            if (typeof value !== 'string') {
-                throw new TypeError('Body limit responses must contain a string body.')
-            }
-            return value
-        },
-    }
-
-    return defineMiddleware({
-        responses: {
-            [HttpStatus.BAD_REQUEST]: textResponse,
-            [HttpStatus.PAYLOAD_TOO_LARGE]: textResponse,
-        },
-        async run(ctx, { next, forward, respond }) {
-            const maxSize = options.maxSize
-            const contentLength = parseContentLength(ctx.request.headers.get('content-length'))
-
-            if (contentLength != null && contentLength > maxSize) {
-                void ctx.request.body.stream()?.cancel()
-                return respond(text('Payload Too Large', { status: HttpStatus.PAYLOAD_TOO_LARGE }))
-            }
-
-            const bodyStream = ctx.request.body.stream()
-            if (!bodyStream) {
-                if (contentLength != null && contentLength !== 0) {
-                    return respond(text('Bad Request', { status: HttpStatus.BAD_REQUEST }))
-                }
-                return forward(await next())
-            }
-
-            const reader = bodyStream.getReader()
-            let bytesRead = 0
-
-            const monitoredBody = new ReadableStream<Uint8Array>({
-                async pull(controller) {
-                    const result = await reader.read()
-                    if (result.done) {
-                        if (contentLength != null && bytesRead !== contentLength) {
-                            controller.error(
-                                new RequestBodyLengthMismatchError(contentLength, bytesRead),
-                            )
-                            return
-                        }
-                        controller.close()
-                        return
-                    }
-
-                    const value = result.value
-                    bytesRead += chunkByteLength(value)
-                    if (bytesRead > maxSize) {
-                        await reader.cancel()
-                        controller.error(new RequestBodyTooLargeError(maxSize, bytesRead))
-                        return
-                    }
-                    controller.enqueue(value)
-                },
-                cancel(reason) {
-                    return reader.cancel(reason)
-                },
-            })
-
-            ctx.request = ctx.request.withBody(ctx.request.body.withStream(monitoredBody))
-
-            try {
-                return forward(await next())
-            } catch (err) {
-                if (err instanceof RequestBodyTooLargeError) {
-                    return respond(
-                        text('Payload Too Large', { status: HttpStatus.PAYLOAD_TOO_LARGE }),
-                    )
-                }
-                if (err instanceof RequestBodyLengthMismatchError) {
-                    return respond(text('Bad Request', { status: HttpStatus.BAD_REQUEST }))
-                }
-                throw err
-            }
-        },
-    })
-}

package/src/router/middleware/cors.test.ts

@@ -1,269 +0,0 @@
-#!/usr/bin/env -S bun test
-import { describe, expect, it, mock } from 'bun:test'
-import { HttpMethod, HttpStatus } from '@mpen/http'
-import { Router } from '../router'
-import { cors } from './cors'
-
-describe(cors.name, () => {
-    it('adds wildcard allow-origin by default', async () => {
-        const router = new Router()
-        router.use(cors({ origin: '*' }))
-        router.add({
-            method: HttpMethod.GET,
-            path: '/data',
-            handler: () => new Response('ok'),
-        })
-
-        const response = await router.fetch(
-            new Request('https://api.example.com/data', {
-                headers: { origin: 'https://app.example.com' },
-            }),
-        )
-
-        expect(response.headers.get('access-control-allow-origin')).toBe('*')
-    })
-
-    it('adds CORS headers to logical response bodies', async () => {
-        const router = new Router()
-        router.use(cors({ origin: '*' }))
-        router.add({
-            method: HttpMethod.GET,
-            path: '/data',
-            handler: () => ({ ok: true }),
-        })
-
-        const response = await router.fetch(
-            new Request('https://api.example.com/data', {
-                headers: { origin: 'https://app.example.com' },
-            }),
-        )
-
-        expect(response.headers.get('access-control-allow-origin')).toBe('*')
-        expect(await response.json()).toEqual({ ok: true })
-    })
-
-    it('supports an origin resolver function', async () => {
-        const router = new Router()
-        router.use(
-            cors({
-                origin: (origin) => (origin?.endsWith('.example.com') ? origin : null),
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/data',
-            handler: () => new Response('ok'),
-        })
-
-        const allowed = await router.fetch(
-            new Request('https://api.example.com/data', {
-                headers: { origin: 'https://app.example.com' },
-            }),
-        )
-
-        const denied = await router.fetch(
-            new Request('https://api.example.com/data', {
-                headers: { origin: 'https://evil.example' },
-            }),
-        )
-
-        expect(allowed.headers.get('access-control-allow-origin')).toBe('https://app.example.com')
-        expect(denied.headers.has('access-control-allow-origin')).toBe(false)
-    })
-
-    it('echoes the origin when credentials are enabled', async () => {
-        const router = new Router()
-        router.use(cors({ origin: '*', credentials: true }))
-        router.add({
-            method: HttpMethod.GET,
-            path: '/data',
-            handler: () => new Response('ok'),
-        })
-
-        const response = await router.fetch(
-            new Request('https://api.example.com/data', {
-                headers: { origin: 'https://app.example.com' },
-            }),
-        )
-
-        expect(response.headers.get('access-control-allow-origin')).toBe('https://app.example.com')
-        expect(response.headers.get('access-control-allow-credentials')).toBe('true')
-        expect(response.headers.get('vary')).toContain('Origin')
-    })
-
-    it('exposes response headers when configured', async () => {
-        const router = new Router()
-        router.use(cors({ origin: '*', exposeHeaders: ['x-trace', 'x-request-id'] }))
-        router.add({
-            method: HttpMethod.GET,
-            path: '/data',
-            handler: () => new Response('ok'),
-        })
-
-        const response = await router.fetch(
-            new Request('https://api.example.com/data', {
-                headers: { origin: 'https://app.example.com' },
-            }),
-        )
-
-        expect(response.headers.get('access-control-expose-headers')).toBe('x-trace, x-request-id')
-    })
-
-    it('accepts a static allowMethods list', async () => {
-        const router = new Router()
-        router.use(cors({ origin: '*', allowMethods: ['GET', 'POST'] }))
-        router.add({
-            method: HttpMethod.OPTIONS,
-            path: '/widgets',
-            handler: () => new Response('ok'),
-        })
-
-        const response = await router.fetch(
-            new Request('https://api.example.com/widgets', {
-                method: HttpMethod.OPTIONS,
-                headers: {
-                    origin: 'https://app.example.com',
-                    'access-control-request-method': 'POST',
-                },
-            }),
-        )
-
-        expect(response.headers.get('access-control-allow-methods')).toBe('GET, POST')
-    })
-
-    it('accepts a dynamic allowMethods resolver', async () => {
-        const router = new Router()
-        router.use(
-            cors({
-                origin: '*',
-                allowMethods: (origin) =>
-                    origin === 'https://app.example.com' ? ['GET'] : ['POST'],
-            }),
-        )
-        router.add({
-            method: HttpMethod.OPTIONS,
-            path: '/widgets',
-            handler: () => new Response('ok'),
-        })
-
-        const response = await router.fetch(
-            new Request('https://api.example.com/widgets', {
-                method: HttpMethod.OPTIONS,
-                headers: {
-                    origin: 'https://app.example.com',
-                    'access-control-request-method': 'POST',
-                },
-            }),
-        )
-
-        expect(response.headers.get('access-control-allow-methods')).toBe('GET')
-    })
-
-    it('allows localhost origins when dev is enabled', async () => {
-        const router = new Router()
-        router.use(cors({ origin: 'https://app.example.com', dev: true }))
-        router.add({
-            method: HttpMethod.GET,
-            path: '/data',
-            handler: () => new Response('ok'),
-        })
-
-        const response = await router.fetch(
-            new Request('https://api.example.com/data', {
-                headers: { origin: 'http://localhost:3000' },
-            }),
-        )
-
-        expect(response.headers.get('access-control-allow-origin')).toBe('http://localhost:3000')
-    })
-
-    it('allows localhost origins when allowLocalhost is enabled', async () => {
-        const router = new Router()
-        router.use(cors({ origin: 'https://app.example.com', allowLocalhost: true }))
-        router.add({
-            method: HttpMethod.GET,
-            path: '/data',
-            handler: () => new Response('ok'),
-        })
-
-        const response = await router.fetch(
-            new Request('https://api.example.com/data', {
-                headers: { origin: 'http://127.0.0.1:3000' },
-            }),
-        )
-
-        expect(response.headers.get('access-control-allow-origin')).toBe('http://127.0.0.1:3000')
-    })
-
-    it('handles CORS preflight requests', async () => {
-        const router = new Router()
-        const handler = mock(() => new Response('ok'))
-        router.use(cors({ origin: '*', maxAge: 600 }))
-        router.add({
-            method: HttpMethod.OPTIONS,
-            path: '/widgets',
-            handler,
-        })
-
-        const response = await router.fetch(
-            new Request('https://api.example.com/widgets', {
-                method: HttpMethod.OPTIONS,
-                headers: {
-                    origin: 'https://app.example.com',
-                    'access-control-request-method': 'POST',
-                    'access-control-request-headers': 'x-test, content-type',
-                },
-            }),
-        )
-
-        expect(response.status).toBe(HttpStatus.NO_CONTENT)
-        expect(handler).not.toHaveBeenCalled()
-        expect(response.headers.get('access-control-allow-origin')).toBe('*')
-        expect(response.headers.get('access-control-allow-methods')).toBe(
-            'GET, HEAD, PUT, POST, DELETE, PATCH',
-        )
-        expect(response.headers.get('access-control-allow-headers')).toBe('x-test, content-type')
-        expect(response.headers.get('access-control-max-age')).toBe('600')
-    })
-
-    it('uses custom allowHeaders and preflightStatus', async () => {
-        const router = new Router()
-        router.use(
-            cors({
-                origin: '*',
-                allowHeaders: ['x-custom', 'content-type'],
-                preflightStatus: HttpStatus.OK,
-            }),
-        )
-        router.add({
-            method: HttpMethod.OPTIONS,
-            path: '/widgets',
-            handler: () => new Response('ok'),
-        })
-
-        const response = await router.fetch(
-            new Request('https://api.example.com/widgets', {
-                method: HttpMethod.OPTIONS,
-                headers: {
-                    origin: 'https://app.example.com',
-                    'access-control-request-method': 'POST',
-                },
-            }),
-        )
-
-        expect(response.status).toBe(HttpStatus.OK)
-        expect(response.headers.get('access-control-allow-headers')).toBe('x-custom, content-type')
-    })
-
-    it('declares only applicable preflight route responses', () => {
-        const router = new Router().use(cors({ origin: '*' }))
-        router.add({ method: HttpMethod.GET, path: '/widgets', handler: () => new Response() })
-        router.add({ method: HttpMethod.OPTIONS, path: '/widgets', handler: () => new Response() })
-
-        const [getRoute, optionsRoute] = router.getRoutes()
-        expect(getRoute?.schema).toBeUndefined()
-        expect(optionsRoute?.schema?.response?.body).toEqual({
-            [HttpStatus.NO_CONTENT]: { type: 'null' },
-        })
-    })
-})