@nitronjs/framework 0.1.0

package/lib/Route/Manager.js

@@ -0,0 +1,265 @@
+
+import Loader from "./Loader.js";
+import Paths from "../Core/Paths.js";
+import Config from "../Core/Config.js";
+
+class Route {
+    static #routes = [];
+    static #kernel = null;
+
+    static getSessionConfig() {
+        return Config.all("session");
+    }
+
+    static async getKernel() {
+        if (!this.#kernel) {
+            this.#kernel = (await import(Paths.kernelUrl())).default;
+        }
+        return this.#kernel;
+    }
+
+    static async setup(server) {
+        // Setup global route helper for SSR
+        globalThis.route = (name, params, query) => this.route(name, params, query);
+
+        const Kernel = await this.getKernel();
+
+        for (const route of this.#routes) {
+            if (this.#shouldApplyCsrf(route)) {
+                route.middlewares.unshift("verify-csrf");
+            }
+
+            route.middlewares = route.middlewares.map(middleware => {
+                const [name, param] = middleware.split(":");
+
+                if (!Kernel.routeMiddlewares[name]) {
+                    throw new Error(`Middleware '${name}' is not defined in Kernel.js`);
+                }
+
+                // Wrap middleware handler for hot reload
+                const handler = Loader.wrapHandler(Kernel.routeMiddlewares[name].handler);
+
+                return (request, response) => {
+                    return handler(request, response, param);
+                }
+            });
+
+            // Wrap controller handler for hot reload
+            const handler = Loader.wrapHandler(route.handler);
+
+            server.route({
+                method: route.method,
+                url: route.url,
+                preHandler: route.middlewares,
+                handler
+            });
+        }
+    }
+
+    // Get route manifest for client-side routing
+    static getClientManifest() {
+        const manifest = {};
+        for (const route of this.#routes) {
+            if (route.name) {
+                manifest[route.name] = route.url;
+            }
+        }
+        return manifest;
+    }
+    
+    static get (url, handler) {
+        return this.#add("GET", url, handler);
+    }
+
+    static post (url, handler) {
+        return this.#add("POST", url, handler);
+    }
+
+    static put (url, handler) {
+        return this.#add("PUT", url, handler);
+    }
+
+    static delete (url, handler) {
+        return this.#add("DELETE", url, handler);
+    }
+
+    static prefix (url) {
+        return this.#addGroup(url, [], [], null);
+    }
+
+    static middleware (handlers) {
+        if (typeof handlers === 'string') {
+            return this.#addGroup("", [handlers], [], null);
+        }
+        else if (Array.isArray(handlers)) {
+            return this.#addGroup("", handlers, [], null);
+        }
+    }
+
+    static name (name) {
+        return this.#addGroup("", [], [], name);
+    }
+
+    static #add (method, url, handler) {
+        const route = {
+            method,
+            url,
+            handler,
+            middlewares: []
+        };
+
+        this.#routes.push(route);
+
+        return new RouteItem(route);
+    }
+
+    static #addGroup (prefix, middlewares, routes, name) {
+        const options = {
+            prefix,
+            middlewares,
+            routes,
+            name
+        };
+
+        return new RouteGroup(options, this.#routes);
+    }
+
+    static #resolveRouteName (name, params = {}) {
+        const route = this.#routes.find(r => r.name === name);
+
+        if (!route) {
+            throw new Error(`Route '${name}' is not defined`);
+        }
+
+        let url = route.url;
+
+        for (const key in params) {
+            url = url.replace(`:${key}`, params[key]);
+        }
+
+        return url;
+    }
+
+    static #shouldApplyCsrf (route) {
+        const sessionConfig = this.getSessionConfig();
+        const csrf = sessionConfig.csrf;
+        
+        if (!csrf.enabled) {
+            return false;
+        }
+        
+        if (!csrf.methods.includes(route.method)) {
+            return false;
+        }
+        
+        for (const pattern of csrf.except) {
+            if (this.#matchPattern(route.url, pattern)) {
+                return false;
+            }
+        }
+        
+        return true;
+    }
+    
+    static #matchPattern (url, pattern) {
+        if (url === pattern) {
+            return true;
+        }
+        
+        if (pattern.includes('*')) {
+            const regex = new RegExp('^' + pattern.replace(/\*/g, '.*') + '$');
+
+            return regex.test(url);
+        }
+        
+        return false;
+    }
+
+    static route (name, params = {}, query = {}) {
+        let url = this.#resolveRouteName(name, params);
+        
+        if (query && Object.keys(query).length > 0) {
+            url += '?' + new URLSearchParams(query).toString();
+        }
+        
+        return url;
+    }
+}
+
+class RouteItem {
+    constructor (route) {
+        this.route = route;
+    }
+
+    middleware (handlers) {
+        if (typeof handlers === 'string') {
+            this.route.middlewares.push(handlers);
+        }
+        else if (Array.isArray(handlers)) {
+            this.route.middlewares.push(...handlers);
+        }
+
+        return this;
+    }
+
+    name (name) {
+        this.route.name = name;
+
+        return this;
+    }
+}
+
+class RouteGroup {
+    constructor (options, routes) {
+        this.groupOptions = options;
+        this.routes = routes;
+    }
+
+    prefix (url) {
+        this.groupOptions.prefix = url;
+
+        return this;
+    }
+
+    middleware (handlers) {
+        if (typeof handlers === 'string') {
+            this.groupOptions.middlewares.push(handlers);
+        }
+        else if (Array.isArray(handlers)) {
+            this.groupOptions.middlewares.push(...handlers);
+        }
+
+        return this;
+    }
+
+    name (name) {
+        this.groupOptions.name = name;
+
+        return this;
+    }
+
+    group (callback) {
+        const beforeRoutes = this.routes.length;
+        callback();
+        const newRoutes = this.routes.slice(beforeRoutes);
+
+        for (const route of newRoutes) {
+            if (this.groupOptions.prefix) {
+                if (route.url === "/") {
+                    route.url = this.groupOptions.prefix;
+                }
+                else {
+                    route.url = this.groupOptions.prefix + route.url;
+                }
+            }
+
+            if (route.name && this.groupOptions.name) {
+                route.name = this.groupOptions.name + route.name;
+            }
+
+            route.middlewares.unshift(...this.groupOptions.middlewares);
+        }
+    }
+}
+
+export default Route;

package/lib/Runtime/Entry.js

@@ -0,0 +1,11 @@
+import Server from "../Http/Server.js";
+
+export async function start() {
+  await Server.start();
+}
+
+// Auto-start when run directly
+const isMain = process.argv[1]?.endsWith("Entry.js");
+if (isMain) {
+  start();
+}

package/lib/Session/File.js

@@ -0,0 +1,299 @@
+import fs from "fs/promises";
+import path from "path";
+import Paths from "../Core/Paths.js";
+
+/**
+ * File Session Store
+ * 
+ * Stores sessions as individual JSON files on disk.
+ * Uses atomic writes to prevent corruption.
+ * 
+ * Features:
+ * - One file per session (session_<id>.json)
+ * - Atomic write operations (temp file + rename)
+ * - Automatic directory creation
+ * - Garbage collection for expired sessions
+ */
+class File {
+    #storagePath;
+    ready; // Promise for Manager to wait on initialization
+
+    constructor() {
+        // Store sessions in storage/framework/sessions/
+        this.#storagePath = Paths.storageSessions;
+        this.ready = this.#initialize();
+    }
+
+    /**
+     * Initialize storage: create directory and cleanup corrupted files
+     */
+    async #initialize() {
+        try {
+            await fs.mkdir(this.#storagePath, { recursive: true });
+            
+            // Cleanup empty/corrupted files from previous crash (silent)
+            await this.#cleanupCorruptedFiles();
+        }
+        catch (error) {
+            console.error('[File Store] Initialization failed:', error.message);
+            throw error;
+        }
+    }
+
+    /**
+     * Cleanup empty or corrupted session files (startup only)
+     */
+    async #cleanupCorruptedFiles() {
+        try {
+            const files = await fs.readdir(this.#storagePath);
+            let cleaned = 0;
+
+            for (const file of files) {
+                if (!file.startsWith('session_') || file.endsWith('.tmp')) {
+                    continue;
+                }
+
+                const filePath = path.join(this.#storagePath, file);
+                
+                try {
+                    const content = await fs.readFile(filePath, 'utf8');
+                    
+                    // Check if empty or invalid JSON
+                    if (!content || content.trim() === '') {
+                        await fs.unlink(filePath);
+                        cleaned++;
+                    }
+                    else {
+                        JSON.parse(content); // Validate JSON
+                    }
+                }
+                catch {
+                    // Corrupted or unreadable - delete
+                    await fs.unlink(filePath).catch(() => {});
+                    cleaned++;
+                }
+            }
+
+            if (cleaned > 0) {
+                console.log(`[File Store] Cleaned ${cleaned} corrupted session files`);
+            }
+        }
+        catch (error) {
+            // Non-critical, ignore
+        }
+    }
+
+    /**
+     * Get session file path
+     */
+    #getFilePath (sessionId) {
+        return path.join(this.#storagePath, `session_${sessionId}.json`);
+    }
+
+    /**
+     * Get temporary file path for atomic writes
+     */
+    #getTempFilePath (sessionId) {
+        return path.join(this.#storagePath, `session_${sessionId}.json.tmp`);
+    }
+
+    /**
+     * Retrieve session data by ID
+     * @param {string} sessionId - Session identifier
+     * @returns {object|null} Session data or null if not found
+     */
+    async get (sessionId) {
+        await this.ready;
+        
+        // Guard: Validate session ID length
+        if (!sessionId || sessionId.length > 128) {
+            return null;
+        }
+        
+        try {
+            const filePath = this.#getFilePath(sessionId);
+            const content = await fs.readFile(filePath, 'utf8');
+            
+            // Validate JSON before parsing
+            if (!content || content.trim() === '') {
+                // Silent cleanup - empty files are normal during hot-reload
+                await fs.unlink(filePath).catch(() => {});
+
+                return null;
+            }
+            
+            return JSON.parse(content);
+        }
+        catch (error) {
+            // File not found
+            if (error.code === 'ENOENT') {
+                return null;
+            }
+            
+            // Corrupted file - silent cleanup
+            if (error instanceof SyntaxError) {
+                const filePath = this.#getFilePath(sessionId);
+                await fs.unlink(filePath).catch(() => {});
+                return null;
+            }
+            
+            // Only log unexpected errors
+            if (error.code !== 'EBUSY' && error.code !== 'EPERM') {
+                console.error('[File Store] Read error:', error.message);
+            }
+            return null;
+        }
+    }
+
+    /**
+     * Store session data with retry and atomic write
+     * @param {string} sessionId - Session identifier
+     * @param {object} sessionData - Session data to store
+     */
+    async set (sessionId, sessionData) {
+        await this.ready;
+        
+        // Guard: Validate session ID length
+        if (!sessionId || sessionId.length > 128) {
+            return;
+        }
+        
+        const filePath = this.#getFilePath(sessionId);
+        const tempPath = this.#getTempFilePath(sessionId);
+        const jsonContent = process.env.APP_DEV === "true"
+            ? JSON.stringify(sessionData, null, 2)
+            : JSON.stringify(sessionData);
+        
+        // Retry mechanism for Windows file locking
+        const maxRetries = 3;
+        const retryDelay = 50; // ms
+        
+        for (let attempt = 0; attempt < maxRetries; attempt++) {
+            try {
+                // Write to temp file first (with restricted permissions on Unix)
+                const writeOptions = process.platform === 'win32' 
+                    ? { encoding: 'utf8' }
+                    : { encoding: 'utf8', mode: 0o600 };
+                
+                await fs.writeFile(tempPath, jsonContent, writeOptions);
+                
+                // Atomic rename (cross-platform)
+                try {
+                    await fs.rename(tempPath, filePath);
+                }
+                catch (renameError) {
+                    // Windows: EPERM if target exists and is locked
+                    if (renameError.code === 'EPERM' || renameError.code === 'EEXIST') {
+                        try {
+                            await fs.unlink(filePath);
+                        }
+                        catch {}
+                        await fs.rename(tempPath, filePath);
+                    }
+                    else {
+                        throw renameError;
+                    }
+                }
+                
+                return; // Success
+            }
+            catch (error) {
+                const isLastAttempt = attempt === maxRetries - 1;
+                const isLockError = ['EBUSY', 'EPERM', 'ENOENT'].includes(error.code);
+                
+                // Clean up temp file on error
+                try {
+                    await fs.unlink(tempPath);
+                }
+                catch {}
+                
+                // If file locked and not last attempt, retry
+                if (isLockError && !isLastAttempt) {
+                    await new Promise(resolve => setTimeout(resolve, retryDelay * (attempt + 1)));
+                    continue;
+                }
+                
+                // Last attempt or non-lock error - log it
+                if (isLastAttempt || !isLockError) {
+                    console.error('[File Store] Write failed after retries:', error.message);
+                }
+                return;
+            }
+        }
+    }
+
+    /**
+     * Delete session file
+     * @param {string} sessionId - Session identifier
+     */
+    async delete(sessionId) {
+        await this.ready;
+        
+        // Guard: Validate session ID length
+        if (!sessionId || sessionId.length > 128) {
+            return;
+        }
+        
+        try {
+            const filePath = this.#getFilePath(sessionId);
+            await fs.unlink(filePath);
+        }
+        catch (error) {
+            // Ignore file-not-found, log other errors
+            if (error.code !== 'ENOENT') {
+                console.error('[File Store] Delete error:', error.message);
+            }
+        }
+    }
+
+    /**
+     * Garbage collection - remove expired session files
+     * @param {number} lifetime - Max session lifetime in milliseconds
+     * @returns {number} Number of deleted sessions
+     */
+    async gc (lifetime) {
+        await this.ready;
+        
+        try {
+            const files = await fs.readdir(this.#storagePath);
+            let deletedCount = 0;
+            const now = Date.now();
+
+            for (const file of files) {
+                // Only process session files, skip temp files
+                if (!file.startsWith('session_') || file.endsWith('.tmp')) {
+                    continue;
+                }
+
+                const filePath = path.join(this.#storagePath, file);
+
+                try {
+                    const content = await fs.readFile(filePath, 'utf8');
+                    const sessionData = JSON.parse(content);
+                    
+                    // Delete if expired
+                    const lastActivity = sessionData.lastActivity || sessionData.createdAt;
+                    if (now - lastActivity > lifetime) {
+                        await fs.unlink(filePath);
+                        deletedCount++;
+                    }
+                }
+                catch (error) {
+                    // Corrupted or unreadable file - delete it
+                    if (error.code !== 'ENOENT') {
+                        await fs.unlink(filePath).catch(() => {});
+                        deletedCount++;
+                    }
+                }
+            }
+
+            return deletedCount;
+        }
+        catch (error) {
+            console.error('[File Store] GC error:', error.message);
+            return 0;
+        }
+    }
+}
+
+export default File;