@mxweb/core 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 MXWeb
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,61 @@
+# @mxweb/core
+
+A NestJS-inspired backend framework for Next.js App Router.
+
+> ⚠️ **Security Notice (CVE-2025-55182)**
+> 
+> This vulnerability affects Next.js. Please ensure you are using a patched version of Next.js:
+> - Next.js 16.x: Use version `16.0.7` or later
+> - Next.js 15.x: Use version `15.1.7` or later
+> - Next.js 14.x: Use version `14.2.25` or later
+> 
+> ```bash
+> npm install next@latest
+> ```
+> 
+> For more details, see the [Next.js security advisory](https://github.com/vercel/next.js/security/advisories).
+
+## Features
+
+- 🏗️ **Feature-based Architecture** - Modular design with Features, Controllers, and Services
+- 💉 **Dependency Injection** - Built-in DI container for managing dependencies
+- 🛡️ **Guards & Interceptors** - Request lifecycle hooks for auth, logging, and more
+- 🔄 **Pipes & Filters** - Data transformation and exception handling
+- 🎯 **Decorators** - Intuitive decorators for clean, declarative code
+- 📦 **Request Scoping** - AsyncLocalStorage-based request context
+
+## Installation
+
+```bash
+npm install @mxweb/core
+# or
+yarn add @mxweb/core
+# or
+pnpm add @mxweb/core
+```
+
+## Quick Start
+
+```ts
+// app/api/[[...path]]/route.ts
+import { Application } from "@mxweb/core";
+import "@/features/product.feature";
+
+const app = Application.create({});
+
+export const GET = app.GET;
+export const POST = app.POST;
+export const PUT = app.PUT;
+export const PATCH = app.PATCH;
+export const DELETE = app.DELETE;
+```
+
+## Documentation
+
+For detailed documentation, guides, and API reference, visit:
+
+👉 **[https://docs.mxweb.io](https://docs.mxweb.io)**
+
+## License
+
+MIT

package/dist/application.d.ts

@@ -0,0 +1,402 @@
+import { NextRequest } from "next/server";
+import { Feature } from "./feature";
+import { Filter, Guard, Interceptor } from "./execute";
+import { ApplicationHooksOptions } from "./hooks";
+import { ApplicationInject, AsyncFn, Pipe, RoutePayload } from "./common";
+/**
+ * Type for application-level dependency injection configuration.
+ * Can be either a plain object or an async function that returns the injects object.
+ *
+ * @example
+ * // Plain object
+ * const injects: ApplicationInjects = {
+ *   db: new DatabaseConnection(),
+ *   config: Config.forRoot(),
+ * };
+ *
+ * // Async function
+ * const injects: ApplicationInjects = async () => ({
+ *   db: await Connection.create(),
+ * });
+ */
+export type ApplicationInjects = AsyncFn<Record<string, ApplicationInject>>;
+/**
+ * Type for CORS origins configuration.
+ * Can be a static array of allowed origins or a function that dynamically resolves origins.
+ *
+ * @example
+ * // Static origins
+ * const cors: ApplicationCors = ["https://example.com", "https://api.example.com"];
+ *
+ * // Dynamic origins from config
+ * const cors: ApplicationCors = async (injects) => {
+ *   const config = injects.get("config");
+ *   return config.get("allowedOrigins");
+ * };
+ */
+export type ApplicationCors = string[] | ((injects: Map<string, ApplicationInject>) => string[] | Promise<string[]>);
+/**
+ * Configuration options for creating an Application instance.
+ *
+ * @template Key - The key used to extract path segments from Next.js catch-all route params
+ *
+ * @example
+ * const options: ApplicationOptions = {
+ *   key: "path",
+ *   injects: { db: Connection.forRoot() },
+ *   guards: [AuthGuard],
+ *   filters: [GlobalExceptionFilter],
+ *   interceptors: [LoggingInterceptor],
+ *   pipes: [ValidationPipe],
+ *   cors: ["https://example.com"],
+ *   onStart: () => console.log("App started"),
+ *   onRequest: (req, method) => console.log(`${method} request`),
+ *   onResponse: (ctx) => console.log("Response sent"),
+ * };
+ */
+export interface ApplicationOptions<Key extends string = "path"> extends ApplicationHooksOptions {
+    /** The key used to extract path segments from catch-all route params. Defaults to "path". */
+    key?: Key;
+    /** Global dependency injection configuration */
+    injects?: ApplicationInjects;
+    /** Global guards applied to all routes */
+    guards?: Guard[];
+    /** Global exception filters applied to all routes */
+    filters?: Filter[];
+    /** Global interceptors applied to all routes */
+    interceptors?: Interceptor[];
+    /** Global pipes applied to all routes */
+    pipes?: Pipe[];
+    /** CORS configuration - allowed origins or resolver function */
+    cors?: ApplicationCors;
+}
+/**
+ * Main Application class for handling HTTP requests in Next.js App Router.
+ *
+ * This class provides a NestJS-inspired framework for building APIs with:
+ * - Dependency injection
+ * - Guards, filters, interceptors, and pipes
+ * - Feature-based modular architecture
+ * - Lifecycle hooks
+ * - CORS support
+ *
+ * @template Key - The key used to extract path segments from Next.js catch-all route params
+ *
+ * @example
+ * ```ts
+ * // In app/api/[[...path]]/route.ts
+ * import { Application } from "@mxweb/core";
+ * import "@/features/products/product.feature";
+ *
+ * const app = Application.create({
+ *   injects: {
+ *     db: Connection.forRoot(),
+ *     config: Config.forRoot(),
+ *   },
+ *   guards: [AuthGuard],
+ *   cors: ["https://example.com"],
+ * });
+ *
+ * export const GET = app.GET;
+ * export const POST = app.POST;
+ * export const PUT = app.PUT;
+ * export const PATCH = app.PATCH;
+ * export const DELETE = app.DELETE;
+ * export const HEAD = app.HEAD;
+ * export const OPTIONS = app.OPTIONS;
+ * ```
+ */
+export declare class Application<Key extends string = "path"> {
+    private readonly request;
+    private readonly method;
+    private readonly payload;
+    /** Registered features (modules) */
+    private static features;
+    /** Global guards */
+    private static guards;
+    /** Global exception filters */
+    private static filters;
+    /** Global interceptors */
+    private static interceptors;
+    /** Global pipes */
+    private static pipes;
+    /** Allowed CORS origins */
+    private static corsOrigins;
+    /** Application configuration options */
+    private static options;
+    /** Application-level hooks manager */
+    private static hooks;
+    /** Flag indicating if features are initialized */
+    private static initialized;
+    /** Promise for pending initialization */
+    private static initPromise;
+    /** Flag indicating if shutdown handlers are registered */
+    private static shutdownRegistered;
+    /** Response builder for this request */
+    private response;
+    /** Matched feature for this request */
+    private feature;
+    /** Matched route for this request */
+    private route;
+    /** Request-scoped hooks manager */
+    private requestHooks;
+    /**
+     * Creates a new Application instance for handling a request.
+     * This constructor is private - use Application.create() to set up the application.
+     *
+     * @param request - The incoming Next.js request
+     * @param method - The HTTP method of the request
+     * @param payload - The route payload containing path params
+     */
+    private constructor();
+    /**
+     * Retrieves a global inject instance by name.
+     *
+     * @template T - The type of the inject instance
+     * @param name - The name of the inject to retrieve
+     * @returns The inject instance if found, undefined otherwise
+     *
+     * @example
+     * const db = Application.getInject<DatabaseConnection>("db");
+     * const config = Application.getInject<Config>("config");
+     */
+    static getInject<T extends ApplicationInject = ApplicationInject>(name: string): T | undefined;
+    /**
+     * Retrieves all registered global injects.
+     *
+     * @returns A new Map containing all inject name-instance pairs
+     *
+     * @example
+     * const injects = Application.getInjects();
+     * for (const [name, instance] of injects) {
+     *   console.log(`Inject: ${name}`);
+     * }
+     */
+    static getInjects(): Map<string, ApplicationInject>;
+    /** Flag indicating if injects have been loaded */
+    private static injectsLoaded;
+    /**
+     * Loads and initializes all application-level injects.
+     * This method is idempotent - subsequent calls will not reload injects.
+     *
+     * @remarks
+     * - Supports both plain object and async function for injects configuration
+     * - Calls onInit lifecycle hook on each inject
+     * - Registers shutdown handlers after loading
+     * - Loads CORS configuration after injects are ready
+     */
+    private static loadInjects;
+    /**
+     * Registers process shutdown handlers for graceful cleanup.
+     * Handles SIGTERM and SIGINT signals to properly destroy injects.
+     *
+     * @remarks
+     * - This method is idempotent - subsequent calls will not re-register handlers
+     * - Destroys feature injects first, then global injects
+     * - Calls onDestroy lifecycle hook on each inject
+     */
+    private static registerShutdown;
+    /**
+     * Loads CORS configuration from options.
+     * Supports both static array and dynamic resolver function.
+     */
+    private static loadCors;
+    /**
+     * Initializes the application by loading features.
+     * This method is idempotent and ensures initialization only happens once.
+     *
+     * @remarks
+     * Features are imported statically in route.ts, this method just marks initialization complete.
+     */
+    private static loadImports;
+    /**
+     * Attempts to match the request path against registered features.
+     *
+     * @param method - The HTTP method of the request
+     * @param path - The request path to match
+     * @returns true if a matching route was found, null otherwise
+     */
+    private isMatchFeature;
+    /**
+     * Executes all guards (global + route-level) for the current request.
+     * Global guards run first, then route-specific guards.
+     *
+     * @returns true if all guards pass, false if any guard denies access
+     *
+     * @remarks
+     * If any guard returns false or throws an error, the request is denied.
+     */
+    private executeGuards;
+    /**
+     * Executes all route middlewares sequentially.
+     * Each middleware must call next() to continue the chain.
+     *
+     * @returns true if all middlewares pass, false if any middleware stops the chain
+     *
+     * @remarks
+     * If a middleware doesn't call next() or throws an error, the request is denied.
+     */
+    private executeMiddlewares;
+    /**
+     * Executes exception filters to handle errors.
+     * Route-level filters run first, then global filters.
+     *
+     * @param error - The error to handle
+     * @returns A Response if a filter handles the error, null otherwise
+     *
+     * @remarks
+     * Filters are tried in order until one returns a Response.
+     * If no filter handles the error, null is returned and default error handling applies.
+     */
+    private executeFilters;
+    /**
+     * Wraps the handler with interceptor chain.
+     * Route-level interceptors are outermost, global interceptors are innermost.
+     *
+     * @template T - The return type of the handler
+     * @param handler - The original handler function to wrap
+     * @returns The result of executing the interceptor chain
+     *
+     * @remarks
+     * Interceptors form a chain where each can modify the request/response.
+     * The chain is built from right to left (last interceptor wraps handler first).
+     */
+    private executeInterceptors;
+    /**
+     * Executes all pipes to transform the input value.
+     * Global pipes run first, then route-level pipes.
+     *
+     * @template T - The type of the value being transformed
+     * @param value - The value to transform
+     * @returns The transformed value after passing through all pipes
+     */
+    private executePipes;
+    /**
+     * Checks if the request origin is allowed by CORS configuration.
+     *
+     * @returns true if the origin is allowed or no CORS is configured, false otherwise
+     */
+    private checkCors;
+    /**
+     * Applies CORS headers to the response.
+     *
+     * @param response - The response to apply headers to
+     * @returns A new Response with CORS headers applied
+     */
+    private applyCorsHeaders;
+    /**
+     * Dispatches the request to the matched route handler.
+     * Executes the full request lifecycle: guards → middlewares → interceptors → handler.
+     *
+     * @returns The HTTP response from the handler or error response
+     *
+     * @remarks
+     * This method:
+     * 1. Executes guards (returns 403 if denied)
+     * 2. Executes middlewares (returns 403 if stopped)
+     * 3. Resolves the route action (controller method or function)
+     * 4. Wraps handler with interceptors
+     * 5. Handles errors with filters and default error handling
+     */
+    private dispatch;
+    /**
+     * Matches the incoming request to a feature and route, then dispatches.
+     *
+     * @returns The HTTP response with CORS headers applied
+     *
+     * @remarks
+     * This method:
+     * 1. Checks CORS (returns 403 if not allowed)
+     * 2. Matches request path against registered features
+     * 3. Loads feature-specific injects
+     * 4. Creates RequestContext
+     * 5. Runs dispatch within executeContext scope
+     * 6. Ensures onResponse hooks are called even on error
+     */
+    private match;
+    /**
+     * Creates a request handler for a specific HTTP method.
+     *
+     * @template Key - The key used to extract path segments from route params
+     * @param method - The HTTP method this handler will process
+     * @returns An async function that handles Next.js requests
+     *
+     * @remarks
+     * The returned handler:
+     * 1. Loads application injects
+     * 2. Initializes features
+     * 3. Creates Application instance
+     * 4. Executes application onRequest hook
+     * 5. Matches and dispatches the request
+     */
+    private static createHandler;
+    /**
+     * Creates and configures the Application with handlers for all HTTP methods.
+     *
+     * @template Key - The key used to extract path segments from catch-all route params
+     * @param options - Configuration options for the application
+     * @returns An object with handlers for each HTTP method (GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS)
+     *
+     * @example
+     * ```ts
+     * const app = Application.create({
+     *   key: "path",
+     *   injects: { db: Connection.forRoot() },
+     *   guards: [AuthGuard],
+     *   cors: ["https://example.com"],
+     *   onStart: () => console.log("App started"),
+     * });
+     *
+     * export const GET = app.GET;
+     * export const POST = app.POST;
+     * // ... etc
+     * ```
+     */
+    static create<Key extends string = "path">(options?: ApplicationOptions<Key>): {
+        GET: (req: NextRequest, payload: RoutePayload<"path">) => Promise<Response>;
+        POST: (req: NextRequest, payload: RoutePayload<"path">) => Promise<Response>;
+        PUT: (req: NextRequest, payload: RoutePayload<"path">) => Promise<Response>;
+        PATCH: (req: NextRequest, payload: RoutePayload<"path">) => Promise<Response>;
+        DELETE: (req: NextRequest, payload: RoutePayload<"path">) => Promise<Response>;
+        HEAD: (req: NextRequest, payload: RoutePayload) => Promise<Response>;
+        OPTIONS: (req: NextRequest) => Promise<Response>;
+    };
+    /**
+     * Creates a handler for HEAD requests.
+     * HEAD requests use the same logic as GET but return only headers (no body).
+     *
+     * @returns An async function that handles HEAD requests
+     */
+    private static createHeadHandler;
+    /**
+     * Creates a handler for OPTIONS requests (CORS preflight).
+     * Returns allowed methods and CORS headers without processing routes.
+     *
+     * @returns An async function that handles OPTIONS requests
+     */
+    private static createOptionsHandler;
+    /**
+     * Registers one or more features (modules) with the application.
+     * Features define controllers, routes, and feature-specific dependencies.
+     * This method supports chaining.
+     *
+     * @param features - One or more features to register
+     * @returns The Application class for method chaining
+     *
+     * @example
+     * ```ts
+     * // Register a single feature
+     * Application.register(productFeature);
+     *
+     * // Register multiple features
+     * Application.register(productFeature, userFeature, orderFeature);
+     *
+     * // Method chaining
+     * Application
+     *   .register(productFeature)
+     *   .register(userFeature)
+     *   .register(orderFeature);
+     * ```
+     */
+    static register(...features: Feature[]): typeof Application;
+}

package/dist/application.js

@@ -0,0 +1 @@
+"use strict";var e=require("./error.js"),t=require("./context.js"),s=require("./response.js"),r=require("./hooks.js"),o=require("./common.js");const n={key:"path"};class i{constructor(e,t,o){this.request=e,this.method=t,this.payload=o,this.feature=null,this.route=null,this.response=new s.ServerResponse,this.requestHooks=new r.RequestHooks(i.hooks)}static getInject(e){return t.executeContext.getInject(e)}static getInjects(){return new Map(t.executeContext.injections)}static async loadInjects(){if(this.injectsLoaded)return;const e=this.options.injects;if(!e)return void(this.injectsLoaded=!0);const s="function"==typeof e?await e():e;for(const[e,r]of Object.entries(s))"function"==typeof r.onInit&&await r.onInit(),t.executeContext.setInject(e,r);this.injectsLoaded=!0,this.registerShutdown(),await this.loadCors()}static registerShutdown(){if(this.shutdownRegistered)return;this.shutdownRegistered=!0;const e=async()=>{for(const e of this.features)await e.destroyInjects();for(const[e,s]of t.executeContext.injections)if("function"==typeof s.onDestroy)try{await s.onDestroy()}catch(e){}process.exit(0)};process.on("SIGTERM",e),process.on("SIGINT",e)}static async loadCors(){const e=this.options.cors;e&&(Array.isArray(e)?this.corsOrigins=e:this.corsOrigins=await e(t.executeContext.injections))}static async loadImports(){if(!this.initialized)return this.initPromise||(this.initPromise=(async()=>{this.initialized=!0})()),this.initPromise}isMatchFeature(e,t){for(const s of i.features)if(this.route=s.matchRoute(e,t),this.route)return this.feature=s,!0;return null}async executeGuards(){const e=this.route?.route.getReflect().getGuards()??new Set,s=[...i.guards,...e];if(!s.length)return!0;for(const e of s)try{const s=new e;if(!await s.canActivate(t.executeContext))return!1}catch{return!1}return!0}async executeMiddlewares(){const e=this.route.route.getMiddlewares();if(!e.length)return!0;for(const s of e){let e=!1;const r=()=>{e=!0};try{if(await s(t.executeContext,r),!e)return!1}catch{return!1}}return!0}async executeFilters(e){const s=[...this.route?.route.getReflect().getFilters()??new Set,...i.filters];for(const r of s)try{const s=new r,o=await s.catch(e,t.executeContext);if(o instanceof Response)return o}catch{continue}return null}async executeInterceptors(e){const s=[...this.route?.route.getReflect().getInterceptors()??new Set,...i.interceptors];if(!s.length)return e();let r=e;for(let e=s.length-1;e>=0;e--){const o=new(0,s[e]),n=r;r=()=>o.intercept(t.executeContext,n)}return r()}async executePipes(e){const t=this.route?.route.getReflect().getPipes()??new Set,s=[...i.pipes,...t];if(!s.length)return e;let r=e;for(const e of s){const t=new e;r=await t.transform(r)}return r}checkCors(){const e=i.corsOrigins;if(!e.length)return!0;const t=this.request.headers.get("origin");return!t||(e.includes("*")||e.includes(t))}applyCorsHeaders(e){const t=i.corsOrigins;if(!t.length)return e;const s=this.request.headers.get("origin");if(!s)return e;const r=new Headers(e.headers);return t.includes("*")?r.set("Access-Control-Allow-Origin","*"):t.includes(s)&&(r.set("Access-Control-Allow-Origin",s),r.set("Vary","Origin")),r.set("Access-Control-Allow-Methods","GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS"),r.set("Access-Control-Allow-Headers","Content-Type, Authorization"),r.set("Access-Control-Max-Age","86400"),new Response(e.body,{status:e.status,statusText:e.statusText,headers:r})}async dispatch(){const s=this.route,r=this.feature,o=t.executeContext.getContextOrThrow();try{if(!await this.executeGuards())return this.response.forbidden();if(!await this.executeMiddlewares())return this.response.forbidden();const e=s.route.getAction();let t=null;if("string"==typeof e){const s=r.getController();"function"==typeof s._initDependencies&&await s._initDependencies(),"function"==typeof s[e]&&(t=s[e].bind(s))}else"function"==typeof e&&(t=e);if(!t)return this.response.internalServer(new Error("Route action handler not found"));await this.executePipes(o);const n=await this.executeInterceptors(()=>t(o));return this.response.success(n)}catch(t){const s=await this.executeFilters(t);if(s)return s;if(t instanceof e.HttpError){switch(t.statusCode){case 400:return this.response.badRequest(t.message,t.error);case 401:return this.response.unauthorized(t.message,t.error);case 403:return this.response.forbidden(t.message,t.error);case 404:return this.response.notFound(t.message,t.error);case 409:return this.response.conflict(t.message,t.error);case 422:return this.response.unprocessableEntity(t.message,t.error);case 429:return this.response.tooManyRequests(t.message,t.error);case 501:return this.response.notImplemented(t.message,t.error);case 502:return this.response.badGateway(t.message,t.error);case 503:return this.response.serviceUnavailable(t.message,t.error);case 504:return this.response.gatewayTimeout(t.message,t.error)}return this.response.internalServer(t)}return this.response.internalServer(t)}}async match(){let e=null;try{if(!this.checkCors())return this.applyCorsHeaders(this.response.forbidden("CORS not allowed"));const s=await this.payload.params,r=i.options.key||n.key,o=s?.[r]?.join("/")||"";if(!this.isMatchFeature(this.method,o))return this.applyCorsHeaders(this.response.notFound("Route not found",{method:this.method,path:o,params:s}));await this.feature.loadInjects(),e={req:this.request,res:this.response,method:this.method,path:o,params:this.route.params,wildcards:this.route.wildcards,reflect:this.route.route.getReflect(),feature:this.feature},this.requestHooks.setFeatureHooks(this.feature.getHooks()),await this.requestHooks.featureRequest(e);const a=await t.executeContext.run(e,()=>this.dispatch());return await this.requestHooks.featureResponse(e),await this.requestHooks.appResponse(e),this.applyCorsHeaders(a)}catch(t){return e&&(await this.requestHooks.featureResponse(e),await this.requestHooks.appResponse(e)),this.applyCorsHeaders(this.response.internalServer(t))}}static createHandler(e){return async(t,s)=>{await i.loadInjects(),await i.loadImports();const r=new i(t,e,s);return await r.requestHooks.appRequest(t,e),await r.match.bind(r)()}}static create(e=n){return this.options=e,this.hooks=new r.ApplicationHooks(this.options),e.guards&&e.guards.forEach(e=>this.guards.add(e)),e.filters&&e.filters.forEach(e=>this.filters.add(e)),e.interceptors&&e.interceptors.forEach(e=>this.interceptors.add(e)),e.pipes&&e.pipes.forEach(e=>this.pipes.add(e)),{[o.RouteMethod.GET]:i.createHandler(o.RouteMethod.GET),[o.RouteMethod.POST]:i.createHandler(o.RouteMethod.POST),[o.RouteMethod.PUT]:i.createHandler(o.RouteMethod.PUT),[o.RouteMethod.PATCH]:i.createHandler(o.RouteMethod.PATCH),[o.RouteMethod.DELETE]:i.createHandler(o.RouteMethod.DELETE),[o.RouteMethod.HEAD]:i.createHeadHandler(),[o.RouteMethod.OPTIONS]:i.createOptionsHandler()}}static createHeadHandler(){return async(e,t)=>{await i.loadInjects(),await i.loadImports();const s=new i(e,o.RouteMethod.HEAD,t);await s.requestHooks.appRequest(e,o.RouteMethod.HEAD);const r=await s.match.bind(s)();return new Response(null,{status:r.status,statusText:r.statusText,headers:r.headers})}}static createOptionsHandler(){return async e=>{await i.loadInjects();const t=this.corsOrigins,r=e.headers.get("origin"),o=s.ServerResponse.options();if(!t.length||!r)return o;const n=new Headers(o.headers);return t.includes("*")?n.set("Access-Control-Allow-Origin","*"):t.includes(r)&&(n.set("Access-Control-Allow-Origin",r),n.set("Vary","Origin")),n.set("Access-Control-Allow-Methods","GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS"),n.set("Access-Control-Allow-Headers","Content-Type, Authorization"),n.set("Access-Control-Max-Age","86400"),new Response(null,{status:204,headers:n})}}static register(...e){return e.forEach(e=>this.features.add(e)),this}}i.features=new Set,i.guards=new Set,i.filters=new Set,i.interceptors=new Set,i.pipes=new Set,i.corsOrigins=[],i.options=n,i.initialized=!1,i.initPromise=null,i.shutdownRegistered=!1,i.injectsLoaded=!1,exports.Application=i;

package/dist/application.mjs

@@ -0,0 +1 @@
+import{HttpError as e}from"./error.mjs";import{executeContext as t}from"./context.mjs";import{ServerResponse as s}from"./response.mjs";import{RequestHooks as r,ApplicationHooks as n}from"./hooks.mjs";import{RouteMethod as o}from"./common.mjs";const i={key:"path"};class a{constructor(e,t,n){this.request=e,this.method=t,this.payload=n,this.feature=null,this.route=null,this.response=new s,this.requestHooks=new r(a.hooks)}static getInject(e){return t.getInject(e)}static getInjects(){return new Map(t.injections)}static async loadInjects(){if(this.injectsLoaded)return;const e=this.options.injects;if(!e)return void(this.injectsLoaded=!0);const s="function"==typeof e?await e():e;for(const[e,r]of Object.entries(s))"function"==typeof r.onInit&&await r.onInit(),t.setInject(e,r);this.injectsLoaded=!0,this.registerShutdown(),await this.loadCors()}static registerShutdown(){if(this.shutdownRegistered)return;this.shutdownRegistered=!0;const e=async()=>{for(const e of this.features)await e.destroyInjects();for(const[e,s]of t.injections)if("function"==typeof s.onDestroy)try{await s.onDestroy()}catch(e){}process.exit(0)};process.on("SIGTERM",e),process.on("SIGINT",e)}static async loadCors(){const e=this.options.cors;e&&(Array.isArray(e)?this.corsOrigins=e:this.corsOrigins=await e(t.injections))}static async loadImports(){if(!this.initialized)return this.initPromise||(this.initPromise=(async()=>{this.initialized=!0})()),this.initPromise}isMatchFeature(e,t){for(const s of a.features)if(this.route=s.matchRoute(e,t),this.route)return this.feature=s,!0;return null}async executeGuards(){const e=this.route?.route.getReflect().getGuards()??new Set,s=[...a.guards,...e];if(!s.length)return!0;for(const e of s)try{const s=new e;if(!await s.canActivate(t))return!1}catch{return!1}return!0}async executeMiddlewares(){const e=this.route.route.getMiddlewares();if(!e.length)return!0;for(const s of e){let e=!1;const r=()=>{e=!0};try{if(await s(t,r),!e)return!1}catch{return!1}}return!0}async executeFilters(e){const s=[...this.route?.route.getReflect().getFilters()??new Set,...a.filters];for(const r of s)try{const s=new r,n=await s.catch(e,t);if(n instanceof Response)return n}catch{continue}return null}async executeInterceptors(e){const s=[...this.route?.route.getReflect().getInterceptors()??new Set,...a.interceptors];if(!s.length)return e();let r=e;for(let e=s.length-1;e>=0;e--){const n=new(0,s[e]),o=r;r=()=>n.intercept(t,o)}return r()}async executePipes(e){const t=this.route?.route.getReflect().getPipes()??new Set,s=[...a.pipes,...t];if(!s.length)return e;let r=e;for(const e of s){const t=new e;r=await t.transform(r)}return r}checkCors(){const e=a.corsOrigins;if(!e.length)return!0;const t=this.request.headers.get("origin");return!t||(e.includes("*")||e.includes(t))}applyCorsHeaders(e){const t=a.corsOrigins;if(!t.length)return e;const s=this.request.headers.get("origin");if(!s)return e;const r=new Headers(e.headers);return t.includes("*")?r.set("Access-Control-Allow-Origin","*"):t.includes(s)&&(r.set("Access-Control-Allow-Origin",s),r.set("Vary","Origin")),r.set("Access-Control-Allow-Methods","GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS"),r.set("Access-Control-Allow-Headers","Content-Type, Authorization"),r.set("Access-Control-Max-Age","86400"),new Response(e.body,{status:e.status,statusText:e.statusText,headers:r})}async dispatch(){const s=this.route,r=this.feature,n=t.getContextOrThrow();try{if(!await this.executeGuards())return this.response.forbidden();if(!await this.executeMiddlewares())return this.response.forbidden();const e=s.route.getAction();let t=null;if("string"==typeof e){const s=r.getController();"function"==typeof s._initDependencies&&await s._initDependencies(),"function"==typeof s[e]&&(t=s[e].bind(s))}else"function"==typeof e&&(t=e);if(!t)return this.response.internalServer(new Error("Route action handler not found"));await this.executePipes(n);const o=await this.executeInterceptors(()=>t(n));return this.response.success(o)}catch(t){const s=await this.executeFilters(t);if(s)return s;if(t instanceof e){switch(t.statusCode){case 400:return this.response.badRequest(t.message,t.error);case 401:return this.response.unauthorized(t.message,t.error);case 403:return this.response.forbidden(t.message,t.error);case 404:return this.response.notFound(t.message,t.error);case 409:return this.response.conflict(t.message,t.error);case 422:return this.response.unprocessableEntity(t.message,t.error);case 429:return this.response.tooManyRequests(t.message,t.error);case 501:return this.response.notImplemented(t.message,t.error);case 502:return this.response.badGateway(t.message,t.error);case 503:return this.response.serviceUnavailable(t.message,t.error);case 504:return this.response.gatewayTimeout(t.message,t.error)}return this.response.internalServer(t)}return this.response.internalServer(t)}}async match(){let e=null;try{if(!this.checkCors())return this.applyCorsHeaders(this.response.forbidden("CORS not allowed"));const s=await this.payload.params,r=a.options.key||i.key,n=s?.[r]?.join("/")||"";if(!this.isMatchFeature(this.method,n))return this.applyCorsHeaders(this.response.notFound("Route not found",{method:this.method,path:n,params:s}));await this.feature.loadInjects(),e={req:this.request,res:this.response,method:this.method,path:n,params:this.route.params,wildcards:this.route.wildcards,reflect:this.route.route.getReflect(),feature:this.feature},this.requestHooks.setFeatureHooks(this.feature.getHooks()),await this.requestHooks.featureRequest(e);const o=await t.run(e,()=>this.dispatch());return await this.requestHooks.featureResponse(e),await this.requestHooks.appResponse(e),this.applyCorsHeaders(o)}catch(t){return e&&(await this.requestHooks.featureResponse(e),await this.requestHooks.appResponse(e)),this.applyCorsHeaders(this.response.internalServer(t))}}static createHandler(e){return async(t,s)=>{await a.loadInjects(),await a.loadImports();const r=new a(t,e,s);return await r.requestHooks.appRequest(t,e),await r.match.bind(r)()}}static create(e=i){return this.options=e,this.hooks=new n(this.options),e.guards&&e.guards.forEach(e=>this.guards.add(e)),e.filters&&e.filters.forEach(e=>this.filters.add(e)),e.interceptors&&e.interceptors.forEach(e=>this.interceptors.add(e)),e.pipes&&e.pipes.forEach(e=>this.pipes.add(e)),{[o.GET]:a.createHandler(o.GET),[o.POST]:a.createHandler(o.POST),[o.PUT]:a.createHandler(o.PUT),[o.PATCH]:a.createHandler(o.PATCH),[o.DELETE]:a.createHandler(o.DELETE),[o.HEAD]:a.createHeadHandler(),[o.OPTIONS]:a.createOptionsHandler()}}static createHeadHandler(){return async(e,t)=>{await a.loadInjects(),await a.loadImports();const s=new a(e,o.HEAD,t);await s.requestHooks.appRequest(e,o.HEAD);const r=await s.match.bind(s)();return new Response(null,{status:r.status,statusText:r.statusText,headers:r.headers})}}static createOptionsHandler(){return async e=>{await a.loadInjects();const t=this.corsOrigins,r=e.headers.get("origin"),n=s.options();if(!t.length||!r)return n;const o=new Headers(n.headers);return t.includes("*")?o.set("Access-Control-Allow-Origin","*"):t.includes(r)&&(o.set("Access-Control-Allow-Origin",r),o.set("Vary","Origin")),o.set("Access-Control-Allow-Methods","GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS"),o.set("Access-Control-Allow-Headers","Content-Type, Authorization"),o.set("Access-Control-Max-Age","86400"),new Response(null,{status:204,headers:o})}}static register(...e){return e.forEach(e=>this.features.add(e)),this}}a.features=new Set,a.guards=new Set,a.filters=new Set,a.interceptors=new Set,a.pipes=new Set,a.corsOrigins=[],a.options=i,a.initialized=!1,a.initPromise=null,a.shutdownRegistered=!1,a.injectsLoaded=!1;export{a as Application};