npm - @omnizap-system/omnizap - Versions diffs - 2.5.12 - Mend

@omnizap-system/omnizap 2.5.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (425) hide show

package/.clusterfuzzlite/Dockerfile +10 -0
package/.env.example +907 -0
package/.github/codeql/codeql-config.yml +10 -0
package/.github/dependabot.yml +35 -0
package/.github/workflows/ci.yml +73 -0
package/.github/workflows/codeql.yml +106 -0
package/.github/workflows/db-migration-check.yml +98 -0
package/.github/workflows/dependency-review.yml +22 -0
package/.github/workflows/deploy.yml +95 -0
package/.github/workflows/release.yml +106 -0
package/.github/workflows/security-attest-provenance.yml +51 -0
package/.github/workflows/security-gitleaks.yml +34 -0
package/.github/workflows/security-runner-hardening.yml +31 -0
package/.github/workflows/security-scorecard.yml +44 -0
package/.github/workflows/security-zap-baseline.yml +44 -0
package/.github/workflows/security-zap-full-scan.yml +43 -0
package/.github/workflows/security-zizmor.yml +36 -0
package/.github/workflows/wiki-sync.yml +44 -0
package/.gitleaks.toml +15 -0
package/.prettierrc +34 -0
package/CODE_OF_CONDUCT.md +114 -0
package/LICENSE +56 -0
package/README.md +110 -0
package/SECURITY.md +110 -0
package/app/config/index.js +4 -0
package/app/configParts/adminIdentity.js +92 -0
package/app/configParts/baileysConfig.js +1818 -0
package/app/configParts/groupUtils.js +692 -0
package/app/configParts/loggerConfig.js +394 -0
package/app/configParts/messagePersistenceService.js +305 -0
package/app/connection/baileysCompatibility.test.js +40 -0
package/app/connection/baileysDbAuthState.js +344 -0
package/app/connection/socketController.js +2243 -0
package/app/controllers/messageController.js +7 -0
package/app/controllers/messagePipeline/commandMiddleware.js +146 -0
package/app/controllers/messagePipeline/conversationMiddleware.js +183 -0
package/app/controllers/messagePipeline/messagePipelineMiddlewares.test.js +522 -0
package/app/controllers/messagePipeline/postProcessingMiddleware.js +41 -0
package/app/controllers/messagePipeline/preProcessingMiddlewares.js +166 -0
package/app/controllers/messageProcessingPipeline.js +699 -0
package/app/modules/adminModule/AGENT.md +4056 -0
package/app/modules/adminModule/adminAiHelpService.js +56 -0
package/app/modules/adminModule/adminConfigRuntime.js +177 -0
package/app/modules/adminModule/commandConfig.json +7122 -0
package/app/modules/adminModule/groupCommandHandlers.js +1823 -0
package/app/modules/adminModule/groupCommandHandlers.test.js +350 -0
package/app/modules/adminModule/groupEventHandlers.js +399 -0
package/app/modules/aiModule/AGENT.md +547 -0
package/app/modules/aiModule/aiAiHelpService.js +14 -0
package/app/modules/aiModule/aiConfigRuntime.js +135 -0
package/app/modules/aiModule/catCommand.js +967 -0
package/app/modules/aiModule/commandConfig.json +981 -0
package/app/modules/analyticsModule/messageAnalysisEventRepository.js +83 -0
package/app/modules/gameModule/AGENT.md +196 -0
package/app/modules/gameModule/commandConfig.json +366 -0
package/app/modules/gameModule/diceCommand.js +42 -0
package/app/modules/gameModule/gameAiHelpService.js +14 -0
package/app/modules/gameModule/gameConfigRuntime.js +68 -0
package/app/modules/menuModule/AGENT.md +205 -0
package/app/modules/menuModule/commandConfig.json +366 -0
package/app/modules/menuModule/common.js +316 -0
package/app/modules/menuModule/menuAiHelpService.js +14 -0
package/app/modules/menuModule/menuConfigRuntime.js +68 -0
package/app/modules/menuModule/menus.js +66 -0
package/app/modules/playModule/AGENT.md +321 -0
package/app/modules/playModule/commandConfig.json +584 -0
package/app/modules/playModule/playAiHelpService.js +14 -0
package/app/modules/playModule/playCommand.js +1417 -0
package/app/modules/playModule/playConfigRuntime.js +68 -0
package/app/modules/quoteModule/AGENT.md +199 -0
package/app/modules/quoteModule/commandConfig.json +366 -0
package/app/modules/quoteModule/quoteAiHelpService.js +14 -0
package/app/modules/quoteModule/quoteCommand.js +842 -0
package/app/modules/quoteModule/quoteConfigRuntime.js +68 -0
package/app/modules/rpgPokemonModule/AGENT.md +229 -0
package/app/modules/rpgPokemonModule/commandConfig.json +386 -0
package/app/modules/rpgPokemonModule/rpgBattleCanvasRenderer.js +795 -0
package/app/modules/rpgPokemonModule/rpgBattleService.js +2110 -0
package/app/modules/rpgPokemonModule/rpgBattleService.test.js +770 -0
package/app/modules/rpgPokemonModule/rpgEvolutionUtils.js +22 -0
package/app/modules/rpgPokemonModule/rpgPokemonAiHelpService.js +14 -0
package/app/modules/rpgPokemonModule/rpgPokemonCommand.js +174 -0
package/app/modules/rpgPokemonModule/rpgPokemonConfigRuntime.js +68 -0
package/app/modules/rpgPokemonModule/rpgPokemonDomain.js +192 -0
package/app/modules/rpgPokemonModule/rpgPokemonDomain.test.js +93 -0
package/app/modules/rpgPokemonModule/rpgPokemonEvolution.test.js +46 -0
package/app/modules/rpgPokemonModule/rpgPokemonMessages.js +746 -0
package/app/modules/rpgPokemonModule/rpgPokemonRepository.js +1847 -0
package/app/modules/rpgPokemonModule/rpgPokemonService.js +6839 -0
package/app/modules/rpgPokemonModule/rpgProfileCanvasRenderer.js +354 -0
package/app/modules/statsModule/AGENT.md +320 -0
package/app/modules/statsModule/commandConfig.json +540 -0
package/app/modules/statsModule/globalRankingCommand.js +64 -0
package/app/modules/statsModule/rankingCommand.js +41 -0
package/app/modules/statsModule/rankingCommon.js +1305 -0
package/app/modules/statsModule/statsAiHelpService.js +14 -0
package/app/modules/statsModule/statsConfigRuntime.js +68 -0
package/app/modules/stickerModule/AGENT.md +692 -0
package/app/modules/stickerModule/addStickerMetadata.js +239 -0
package/app/modules/stickerModule/commandConfig.json +1216 -0
package/app/modules/stickerModule/convertToWebp.js +367 -0
package/app/modules/stickerModule/stickerAiHelpService.js +14 -0
package/app/modules/stickerModule/stickerCommand.js +446 -0
package/app/modules/stickerModule/stickerConfigRuntime.js +68 -0
package/app/modules/stickerModule/stickerConvertCommand.js +159 -0
package/app/modules/stickerModule/stickerTextCommand.js +653 -0
package/app/modules/stickerPackModule/AGENT.md +215 -0
package/app/modules/stickerPackModule/autoPackCollectorRuntime.js +20 -0
package/app/modules/stickerPackModule/autoPackCollectorService.js +357 -0
package/app/modules/stickerPackModule/commandConfig.json +387 -0
package/app/modules/stickerPackModule/domainEventOutboxRepository.js +227 -0
package/app/modules/stickerPackModule/domainEvents.js +52 -0
package/app/modules/stickerPackModule/semanticReclassificationEngine.js +429 -0
package/app/modules/stickerPackModule/semanticReclassificationEngine.test.js +75 -0
package/app/modules/stickerPackModule/semanticThemeClusterService.js +544 -0
package/app/modules/stickerPackModule/stickerAssetClassificationRepository.js +400 -0
package/app/modules/stickerPackModule/stickerAssetRepository.js +400 -0
package/app/modules/stickerPackModule/stickerAssetReprocessQueueRepository.js +175 -0
package/app/modules/stickerPackModule/stickerAutoPackByTagsRuntime.js +3702 -0
package/app/modules/stickerPackModule/stickerClassificationBackgroundRuntime.js +559 -0
package/app/modules/stickerPackModule/stickerClassificationService.js +557 -0
package/app/modules/stickerPackModule/stickerDedicatedTaskWorkerRuntime.js +249 -0
package/app/modules/stickerPackModule/stickerDomainEventBus.js +65 -0
package/app/modules/stickerPackModule/stickerDomainEventConsumerRuntime.js +208 -0
package/app/modules/stickerPackModule/stickerMarketplaceDriftService.js +99 -0
package/app/modules/stickerPackModule/stickerObjectStorageService.js +285 -0
package/app/modules/stickerPackModule/stickerPackAiHelpService.js +14 -0
package/app/modules/stickerPackModule/stickerPackCommandHandlers.js +1148 -0
package/app/modules/stickerPackModule/stickerPackConfigRuntime.js +68 -0
package/app/modules/stickerPackModule/stickerPackEngagementRepository.js +152 -0
package/app/modules/stickerPackModule/stickerPackErrors.js +30 -0
package/app/modules/stickerPackModule/stickerPackInteractionEventRepository.js +101 -0
package/app/modules/stickerPackModule/stickerPackItemRepository.js +432 -0
package/app/modules/stickerPackModule/stickerPackMarketplaceService.js +313 -0
package/app/modules/stickerPackModule/stickerPackMessageService.js +268 -0
package/app/modules/stickerPackModule/stickerPackRepository.js +450 -0
package/app/modules/stickerPackModule/stickerPackScoreSnapshotRepository.js +179 -0
package/app/modules/stickerPackModule/stickerPackScoreSnapshotRuntime.js +271 -0
package/app/modules/stickerPackModule/stickerPackService.js +733 -0
package/app/modules/stickerPackModule/stickerPackServiceRuntime.js +32 -0
package/app/modules/stickerPackModule/stickerPackUtils.js +107 -0
package/app/modules/stickerPackModule/stickerStorageService.js +559 -0
package/app/modules/stickerPackModule/stickerWorkerPipelineRuntime.js +242 -0
package/app/modules/stickerPackModule/stickerWorkerTaskQueueRepository.js +242 -0
package/app/modules/systemMetricsModule/AGENT.md +193 -0
package/app/modules/systemMetricsModule/commandConfig.json +344 -0
package/app/modules/systemMetricsModule/pingCommand.js +399 -0
package/app/modules/systemMetricsModule/systemMetricsAiHelpService.js +14 -0
package/app/modules/systemMetricsModule/systemMetricsConfigRuntime.js +68 -0
package/app/modules/tiktokModule/AGENT.md +196 -0
package/app/modules/tiktokModule/commandConfig.json +366 -0
package/app/modules/tiktokModule/tiktokAiHelpService.js +14 -0
package/app/modules/tiktokModule/tiktokCommand.js +716 -0
package/app/modules/tiktokModule/tiktokConfigRuntime.js +68 -0
package/app/modules/userModule/AGENT.md +200 -0
package/app/modules/userModule/commandConfig.json +386 -0
package/app/modules/userModule/userAiHelpService.js +14 -0
package/app/modules/userModule/userCommand.js +1155 -0
package/app/modules/userModule/userConfigRuntime.js +68 -0
package/app/modules/waifuPicsModule/AGENT.md +431 -0
package/app/modules/waifuPicsModule/commandConfig.json +780 -0
package/app/modules/waifuPicsModule/waifuPicsAiHelpService.js +14 -0
package/app/modules/waifuPicsModule/waifuPicsCommand.js +586 -0
package/app/modules/waifuPicsModule/waifuPicsConfigRuntime.js +68 -0
package/app/observability/metrics.js +766 -0
package/app/services/ai/aiHelpResponseCacheRepository.js +280 -0
package/app/services/ai/aiLearningRepository.js +400 -0
package/app/services/ai/commandConfigEnrichmentRepository.js +769 -0
package/app/services/ai/commandConfigEnrichmentService.js +452 -0
package/app/services/ai/commandConfigValidationService.js +443 -0
package/app/services/ai/commandToolBuilderService.js +192 -0
package/app/services/ai/conversationRouterService.js +516 -0
package/app/services/ai/geminiService.js +115 -0
package/app/services/ai/geminiService.test.js +87 -0
package/app/services/ai/globalModuleAiHelpService.js +1412 -0
package/app/services/ai/globalToolCallingService.js +203 -0
package/app/services/ai/messageCommandExecutionService.js +391 -0
package/app/services/ai/moduleAiHelpCoreService.js +1099 -0
package/app/services/ai/moduleAiHelpWrapperFactory.js +65 -0
package/app/services/ai/moduleCommandConfigRuntimeService.js +113 -0
package/app/services/ai/moduleToolExecutorService.js +464 -0
package/app/services/ai/moduleToolRegistryService.js +178 -0
package/app/services/ai/toolCandidateSelectorService.js +781 -0
package/app/services/auth/googleWebLinkService.js +80 -0
package/app/services/auth/whatsappLoginLinkService.js +230 -0
package/app/services/external/pokeApiService.js +398 -0
package/app/services/group/groupMetadataService.js +311 -0
package/app/services/infra/dbWriteQueue.js +874 -0
package/app/services/infra/featureFlagService.js +131 -0
package/app/services/infra/queueUtils.js +55 -0
package/app/services/messaging/captchaService.js +491 -0
package/app/services/messaging/messagePersistenceService.js +1 -0
package/app/services/messaging/newsBroadcastService.js +347 -0
package/app/services/sticker/stickerFocusService.js +347 -0
package/app/services/sticker/stickerFocusService.test.js +43 -0
package/app/store/aiPromptStore.js +38 -0
package/app/store/conversationSessionStore.js +131 -0
package/app/store/groupConfigStore.js +58 -0
package/app/store/premiumUserStore.js +54 -0
package/app/utils/antiLink/antiLinkModule.js +700 -0
package/app/utils/http/getImageBufferModule.js +18 -0
package/app/utils/json/jsonSanitizer.js +113 -0
package/app/utils/json/jsonSanitizer.test.js +40 -0
package/app/utils/systemMetrics/systemMetricsModule.js +88 -0
package/app/workers/aiLearningWorker.js +605 -0
package/app/workers/commandConfigEnrichmentWorker.js +242 -0
package/database/index.js +2075 -0
package/database/init.js +151 -0
package/database/migrations/.gitkeep +0 -0
package/database/migrations/20260307_d0_hardening_down.sql +64 -0
package/database/migrations/20260307_d0_hardening_up.sql +79 -0
package/database/migrations/20260307_d1_terms_acceptance_down.sql +11 -0
package/database/migrations/20260307_d1_terms_acceptance_up.sql +37 -0
package/database/migrations/20260307_d2_auth_hardening_down.sql +75 -0
package/database/migrations/20260307_d2_auth_hardening_up.sql +100 -0
package/database/migrations/20260314_d7_canonical_sender_down.sql +53 -0
package/database/migrations/20260314_d7_canonical_sender_up.sql +114 -0
package/database/migrations/20260406_d30_security_analytics_down.sql +95 -0
package/database/migrations/20260406_d30_security_analytics_up.sql +292 -0
package/database/migrations/20260407_d31_web_google_session_token_hardening_down.sql +2 -0
package/database/migrations/20260407_d31_web_google_session_token_hardening_up.sql +17 -0
package/database/migrations/20260408_d32_ai_help_response_cache_down.sql +1 -0
package/database/migrations/20260408_d32_ai_help_response_cache_up.sql +22 -0
package/database/migrations/20260409_d33_ai_learning_tables_down.sql +4 -0
package/database/migrations/20260409_d33_ai_learning_tables_up.sql +52 -0
package/database/migrations/20260410_d34_command_config_enrichment_down.sql +3 -0
package/database/migrations/20260410_d34_command_config_enrichment_up.sql +48 -0
package/database/schema.sql +1186 -0
package/docker-compose.yml +104 -0
package/docs/audits/stickerCatalogController-out-of-scope.md +103 -0
package/docs/audits/stickerCatalogController-symbols.md +58 -0
package/docs/compliance/acceptable-use-policy-2026-03-07.md +35 -0
package/docs/compliance/dpa-b2b-standard-2026-03-07.md +80 -0
package/docs/compliance/monthly-compliance-checklist-2026-03-07.md +88 -0
package/docs/compliance/notice-and-takedown-policy-2026-03-07.md +34 -0
package/docs/compliance/privacy-policy-2026-03-07.md +75 -0
package/docs/compliance/subprocessors-inventory-2026-03-07.md +16 -0
package/docs/database/production-db-evolution-runbook-2026q1.md +365 -0
package/docs/security/dsar-lgpd-runbook-2026-03-07.md +86 -0
package/docs/security/incident-response-lgpd-anpd-runbook-2026-03-07.md +77 -0
package/docs/security/network-hardening-runbook-2026-03-07.md +137 -0
package/docs/seo/omnizap-seo-playbook-br-2026-02-28.md +238 -0
package/docs/seo/satellite-page-template.md +116 -0
package/docs/seo/satellite-pages-phase1.json +364 -0
package/docs/wiki/Home.md +120 -0
package/docs/wiki/pair-extraordinaire-2026-03-08.md +3 -0
package/docs/wiki/recent-changes-2026-03-08.md +47 -0
package/ecosystem.prod.config.cjs +135 -0
package/eslint.config.js +89 -0
package/index.js +488 -0
package/ml/clip_classifier/Dockerfile +18 -0
package/ml/clip_classifier/README.md +118 -0
package/ml/clip_classifier/adaptive_scoring.py +40 -0
package/ml/clip_classifier/classifier.py +654 -0
package/ml/clip_classifier/embedding_store.py +481 -0
package/ml/clip_classifier/env_loader.py +15 -0
package/ml/clip_classifier/llm_label_expander.py +144 -0
package/ml/clip_classifier/main.py +213 -0
package/ml/clip_classifier/requirements.txt +10 -0
package/ml/clip_classifier/similarity_engine.py +74 -0
package/new-logo.png +0 -0
package/observability/alert-rules.yml +60 -0
package/observability/grafana/dashboards/omnizap-mysql.json +136 -0
package/observability/grafana/dashboards/omnizap-overview.json +170 -0
package/observability/grafana/provisioning/dashboards/dashboards.yml +11 -0
package/observability/grafana/provisioning/datasources/datasources.yml +15 -0
package/observability/loki-config.yml +38 -0
package/observability/mysql-setup.sql +46 -0
package/observability/prometheus.yml +35 -0
package/observability/promtail-config.yml +84 -0
package/observability/sticker-catalog-slo.md +83 -0
package/observability/sticker-scale-hardening-rollout.md +128 -0
package/package.json +144 -0
package/public/apple-touch-icon.png +0 -0
package/public/assets/css/commands-react.input.css +71 -0
package/public/assets/css/create-pack-react.input.css +31 -0
package/public/assets/css/home-react.input.css +106 -0
package/public/assets/css/login-react.input.css +58 -0
package/public/assets/css/stickers-react.input.css +18 -0
package/public/assets/css/terms-react.input.css +115 -0
package/public/assets/css/user-react.input.css +57 -0
package/public/assets/images/brand-icon-192.png +0 -0
package/public/assets/images/brand-logo-128.webp +0 -0
package/public/assets/images/hero-banner-1280.jpg +0 -0
package/public/comandos/commands-catalog.json +4517 -0
package/public/css/api-docs.css +161 -0
package/public/css/stickers-admin.css +1288 -0
package/public/css/styles.css +679 -0
package/public/css/systemadm/admin.css +474 -0
package/public/css/systemadm/base.css +73 -0
package/public/css/systemadm/components.css +662 -0
package/public/css/systemadm/layout.css +229 -0
package/public/css/systemadm/tokens.css +56 -0
package/public/favicon-16x16.png +0 -0
package/public/favicon-32x32.png +0 -0
package/public/favicon.ico +0 -0
package/public/js/apps/apiDocsApp.js +235 -0
package/public/js/apps/commandsReactApp.js +528 -0
package/public/js/apps/createPackApp.js +1646 -0
package/public/js/apps/homeReactApp.js +942 -0
package/public/js/apps/loginReactApp.js +496 -0
package/public/js/apps/stickersAdminApp.js +1753 -0
package/public/js/apps/stickersApp.js +3797 -0
package/public/js/apps/termsReactApp.js +528 -0
package/public/js/apps/userApp.js +2540 -0
package/public/js/apps/userProfile/actions.js +66 -0
package/public/js/apps/userReactApp.js +547 -0
package/public/js/catalog.js +950 -0
package/public/pages/api-docs.html +40 -0
package/public/pages/aup.html +158 -0
package/public/pages/comandos.html +41 -0
package/public/pages/dpa.html +227 -0
package/public/pages/home.html +45 -0
package/public/pages/licenca.html +182 -0
package/public/pages/login.html +40 -0
package/public/pages/notice-and-takedown.html +234 -0
package/public/pages/politica-de-privacidade.html +251 -0
package/public/pages/seo-bot-whatsapp-para-grupo.html +350 -0
package/public/pages/seo-bot-whatsapp-sem-programar.html +350 -0
package/public/pages/seo-como-automatizar-avisos-no-whatsapp.html +350 -0
package/public/pages/seo-como-criar-comandos-whatsapp.html +350 -0
package/public/pages/seo-como-evitar-spam-no-whatsapp.html +350 -0
package/public/pages/seo-como-moderar-grupo-whatsapp.html +350 -0
package/public/pages/seo-como-organizar-comunidade-whatsapp.html +350 -0
package/public/pages/seo-melhor-bot-whatsapp-para-grupos.html +350 -0
package/public/pages/stickers-admin.html +31 -0
package/public/pages/stickers-create.html +41 -0
package/public/pages/stickers.html +45 -0
package/public/pages/suboperadores.html +237 -0
package/public/pages/termos-de-uso-texto-integral.html +241 -0
package/public/pages/termos-de-uso.html +41 -0
package/public/pages/user-password-reset.html +32 -0
package/public/pages/user-systemadm.html +508 -0
package/public/pages/user.html +39 -0
package/public/robots.txt +9 -0
package/public/site.webmanifest +24 -0
package/public/sitemap.xml +98 -0
package/schemas/command-config.schema.json +582 -0
package/scripts/baileys-compat-smoke.mjs +12 -0
package/scripts/cache-bust.mjs +142 -0
package/scripts/deploy.sh +916 -0
package/scripts/email-broadcast-terms-update.mjs +170 -0
package/scripts/enrich-command-discovery-fields.mjs +286 -0
package/scripts/generate-command-config-schema.mjs +273 -0
package/scripts/generate-commands-catalog.mjs +308 -0
package/scripts/generate-module-agents.mjs +631 -0
package/scripts/generate-seo-satellite-pages.mjs +400 -0
package/scripts/github-deploy-notify.mjs +174 -0
package/scripts/github-release-notify.mjs +219 -0
package/scripts/release.sh +599 -0
package/scripts/run-codeql-local.sh +116 -0
package/scripts/run-prettier-all.mjs +25 -0
package/scripts/security-smoketest.mjs +581 -0
package/scripts/sticker-catalog-loadtest.mjs +210 -0
package/scripts/sticker-worker-task.mjs +119 -0
package/scripts/sync-readme-snapshot.mjs +133 -0
package/scripts/validate-command-config-schema.mjs +130 -0
package/scripts/validate-command-configs.mjs +15 -0
package/scripts/wiki-sync.sh +191 -0
package/server/auth/googleWebAuth/googleWebAuthRuntime.js +62 -0
package/server/auth/googleWebAuth/googleWebAuthService.js +807 -0
package/server/auth/jwt/webJwtService.js +147 -0
package/server/auth/stickerCatalogAuthContext.js +165 -0
package/server/auth/termsAcceptance/termsAcceptanceHandler.js +189 -0
package/server/auth/userPassword/index.js +14 -0
package/server/auth/userPassword/userPasswordAuthService.js +422 -0
package/server/auth/userPassword/userPasswordCrypto.js +199 -0
package/server/auth/userPassword/userPasswordCrypto.test.js +76 -0
package/server/auth/userPassword/userPasswordRecoveryService.js +728 -0
package/server/auth/validation/authSchemas.js +236 -0
package/server/auth/webAccount/webAccountHandlers.js +1434 -0
package/server/controllers/admin/adminBanService.js +138 -0
package/server/controllers/admin/adminPanelHandlers.js +2083 -0
package/server/controllers/admin/stickerCatalogAdminContext.js +17 -0
package/server/controllers/admin/systemAdminController.js +201 -0
package/server/controllers/email/emailAutomationController.js +239 -0
package/server/controllers/metricsController.js +21 -0
package/server/controllers/seo/stickerCatalogSeoContext.js +514 -0
package/server/controllers/sticker/nonCatalogHandlers.js +303 -0
package/server/controllers/sticker/stickerCatalogController.js +4700 -0
package/server/controllers/system/contactController.js +115 -0
package/server/controllers/system/githubController.js +137 -0
package/server/controllers/system/stickerCatalogSystemContext.js +758 -0
package/server/controllers/system/storageController.js +154 -0
package/server/controllers/system/systemController.js +135 -0
package/server/controllers/system/systemMetricsController.js +156 -0
package/server/controllers/system/visitController.js +90 -0
package/server/controllers/userController.js +145 -0
package/server/email/emailAutomationRuntime.js +225 -0
package/server/email/emailAutomationService.js +125 -0
package/server/email/emailOutboxRepository.js +282 -0
package/server/email/emailTemplateService.js +480 -0
package/server/email/emailTransportService.js +156 -0
package/server/http/clientIp.js +95 -0
package/server/http/httpRequestUtils.js +262 -0
package/server/http/httpRequestUtils.test.js +80 -0
package/server/http/httpServer.js +180 -0
package/server/http/requestContext.js +20 -0
package/server/http/siteRoutingUtils.js +87 -0
package/server/index.js +1 -0
package/server/middleware/cachePolicy.js +26 -0
package/server/middleware/cachePolicyHelpers.js +1 -0
package/server/middleware/endpointRateLimit.js +181 -0
package/server/middleware/rateLimit.js +70 -0
package/server/middleware/requireAdminAuth.js +48 -0
package/server/middleware/securityHeaders.js +97 -0
package/server/routes/admin/systemAdminRouter.js +64 -0
package/server/routes/email/emailAutomationRouter.js +46 -0
package/server/routes/health/healthRouter.js +41 -0
package/server/routes/indexRouter.js +234 -0
package/server/routes/metrics/metricsRouter.js +58 -0
package/server/routes/static/staticPageRouter.js +134 -0
package/server/routes/sticker/catalogHandlers/catalogAdminHttp.js +105 -0
package/server/routes/sticker/catalogHandlers/catalogAuthHttp.js +77 -0
package/server/routes/sticker/catalogHandlers/catalogPublicHttp.js +120 -0
package/server/routes/sticker/catalogHandlers/catalogUploadHttp.js +83 -0
package/server/routes/sticker/catalogRouter.js +77 -0
package/server/routes/sticker/stickerApiRouter.js +84 -0
package/server/routes/sticker/stickerDataRouter.js +145 -0
package/server/routes/sticker/stickerSiteRouter.js +43 -0
package/server/routes/user/userApiPaths.js +66 -0
package/server/routes/user/userRouter.js +65 -0
package/server/utils/safePath.js +26 -0
package/utils/logger/loggerModule.js +35 -0
package/vite.config.mjs +38 -0

package/server/http/clientIp.js ADDED Viewed

@@ -0,0 +1,95 @@
+import { isIP } from 'node:net';
+const parseEnvBool = (value, fallback = false) => {
+  if (value === undefined || value === null || value === '') return fallback;
+  const normalized = String(value).trim().toLowerCase();
+  if (['1', 'true', 'yes', 'y', 'on'].includes(normalized)) return true;
+  if (['0', 'false', 'no', 'n', 'off'].includes(normalized)) return false;
+  return fallback;
+};
+const TRUST_PROXY_HEADERS = parseEnvBool(process.env.APP_TRUST_PROXY, parseEnvBool(process.env.RATE_LIMIT_TRUST_PROXY, false));
+const LOOPBACK_IPS = new Set(['127.0.0.1', '::1', '::ffff:127.0.0.1']);
+const normalizeIpCandidate = (value) => {
+  let raw = String(value || '').trim();
+  if (!raw) return '';
+  if (raw.startsWith('for=')) raw = raw.slice(4).trim();
+  if (raw.startsWith('"') && raw.endsWith('"') && raw.length > 1) raw = raw.slice(1, -1).trim();
+  if (raw === 'unknown') return '';
+  if (raw.startsWith('[')) {
+    const closeBracketIndex = raw.indexOf(']');
+    if (closeBracketIndex > 1) {
+      raw = raw.slice(1, closeBracketIndex).trim();
+    }
+  }
+  const ipv4WithPortMatch = raw.match(/^(\d{1,3}(?:\.\d{1,3}){3}):\d+$/);
+  if (ipv4WithPortMatch?.[1]) raw = ipv4WithPortMatch[1];
+  const zoneIndex = raw.indexOf('%');
+  if (zoneIndex > 0) raw = raw.slice(0, zoneIndex);
+  if (raw.startsWith('::ffff:') && isIP(raw.slice(7)) === 4) raw = raw.slice(7);
+  return isIP(raw) ? raw : '';
+};
+const pickFirstValidIpFromCommaList = (value) => {
+  const raw = Array.isArray(value) ? value.join(',') : String(value || '');
+  if (!raw.trim()) return '';
+  for (const part of raw.split(',')) {
+    const ip = normalizeIpCandidate(part);
+    if (ip) return ip;
+  }
+  return '';
+};
+const pickFirstValidIpFromForwardedHeader = (value) => {
+  const raw = Array.isArray(value) ? value.join(',') : String(value || '');
+  if (!raw.trim()) return '';
+  const entries = raw.split(',');
+  for (const entry of entries) {
+    const directives = entry.split(';');
+    for (const directive of directives) {
+      const trimmed = String(directive || '').trim();
+      if (!trimmed || !trimmed.toLowerCase().startsWith('for=')) continue;
+      const ip = normalizeIpCandidate(trimmed);
+      if (ip) return ip;
+    }
+  }
+  return '';
+};
+const shouldTrustForwardedHeaders = (socketIp = '', explicitTrustProxy = undefined) => {
+  if (typeof explicitTrustProxy === 'boolean') return explicitTrustProxy;
+  if (TRUST_PROXY_HEADERS) return true;
+  return LOOPBACK_IPS.has(socketIp);
+};
+export const resolveClientIp = (req, { fallback = 'unknown', trustProxy = undefined } = {}) => {
+  const socketIp = normalizeIpCandidate(req?.socket?.remoteAddress);
+  if (shouldTrustForwardedHeaders(socketIp, trustProxy)) {
+    const cfConnectingIp = normalizeIpCandidate(req?.headers?.['cf-connecting-ip']);
+    if (cfConnectingIp) return cfConnectingIp;
+    const xRealIp = normalizeIpCandidate(req?.headers?.['x-real-ip']);
+    if (xRealIp) return xRealIp;
+    const forwardedFor = pickFirstValidIpFromCommaList(req?.headers?.['x-forwarded-for']);
+    if (forwardedFor) return forwardedFor;
+    const forwarded = pickFirstValidIpFromForwardedHeader(req?.headers?.forwarded);
+    if (forwarded) return forwarded;
+  }
+  if (socketIp) return socketIp;
+  return fallback;
+};

package/server/http/httpRequestUtils.js ADDED Viewed

@@ -0,0 +1,262 @@
+import { resolveClientIp } from './clientIp.js';
+import { resolveCookieDomainForRequest } from './siteRoutingUtils.js';
+const parseEnvBool = (value, fallback = false) => {
+  if (value === undefined || value === null || value === '') return fallback;
+  const normalized = String(value).trim().toLowerCase();
+  if (['1', 'true', 'yes', 'y', 'on'].includes(normalized)) return true;
+  if (['0', 'false', 'no', 'n', 'off'].includes(normalized)) return false;
+  return fallback;
+};
+const LOOPBACK_IPS = new Set(['127.0.0.1', '::1', '::ffff:127.0.0.1']);
+const shouldTrustForwardedProtoHeader = (req) => {
+  const trustProxyHeaders = parseEnvBool(process.env.APP_TRUST_PROXY, parseEnvBool(process.env.RATE_LIMIT_TRUST_PROXY, false));
+  if (trustProxyHeaders) return true;
+  const socketIp = resolveClientIp(req, { fallback: '', trustProxy: false });
+  return LOOPBACK_IPS.has(socketIp);
+};
+export const sendJson = (req, res, statusCode, payload) => {
+  const body = JSON.stringify(payload)
+    .replace(/</g, '\\u003c')
+    .replace(/>/g, '\\u003e')
+    .replace(/&/g, '\\u0026')
+    .replace(/\u2028/g, '\\u2028')
+    .replace(/\u2029/g, '\\u2029');
+  res.statusCode = statusCode;
+  res.setHeader('Content-Type', 'application/json; charset=utf-8');
+  res.setHeader('Cache-Control', 'no-store');
+  res.setHeader('X-Robots-Tag', 'noindex, nofollow');
+  if (req.method === 'HEAD') {
+    res.end();
+    return;
+  }
+  res.end(body);
+};
+export const sendText = (req, res, statusCode, body, contentType) => {
+  res.statusCode = statusCode;
+  res.setHeader('Content-Type', contentType);
+  if (req.method === 'HEAD') {
+    res.end();
+    return;
+  }
+  res.end(body);
+};
+/**
+ * Envia buffer binário (asset estático) com headers básicos de cache.
+ * @param {import('node:http').IncomingMessage} req
+ * @param {import('node:http').ServerResponse} res
+ * @param {Buffer} buffer
+ * @param {string} [mimetype]
+ * @param {string} [cacheControl]
+ * @returns {void}
+ */
+export const sendAsset = (req, res, buffer, mimetype = 'application/octet-stream', cacheControl = 'public, max-age=86400') => {
+  res.statusCode = 200;
+  res.setHeader('Content-Type', mimetype);
+  res.setHeader('Content-Length', String(Buffer.byteLength(buffer)));
+  res.setHeader('Cache-Control', cacheControl);
+  if (req.method === 'HEAD') {
+    res.end();
+    return;
+  }
+  res.end(buffer);
+};
+export const parseCookies = (req) => {
+  const raw = String(req?.headers?.cookie || '');
+  if (!raw) return {};
+  return raw.split(';').reduce((acc, chunk) => {
+    const [k, ...rest] = chunk.split('=');
+    const key = String(k || '').trim();
+    if (!key) return acc;
+    const value = rest.join('=').trim();
+    try {
+      acc[key] = decodeURIComponent(value);
+    } catch {
+      acc[key] = value;
+    }
+    return acc;
+  }, {});
+};
+export const getCookieValuesFromRequest = (req, cookieName) => {
+  const target = String(cookieName || '').trim();
+  if (!target) return [];
+  const raw = String(req?.headers?.cookie || '');
+  if (!raw) return [];
+  const values = [];
+  for (const chunk of raw.split(';')) {
+    const trimmed = String(chunk || '').trim();
+    if (!trimmed) continue;
+    const separatorIndex = trimmed.indexOf('=');
+    if (separatorIndex <= 0) continue;
+    const key = trimmed.slice(0, separatorIndex).trim();
+    if (key !== target) continue;
+    const encodedValue = trimmed.slice(separatorIndex + 1).trim();
+    if (!encodedValue) continue;
+    let decodedValue = encodedValue;
+    try {
+      decodedValue = decodeURIComponent(encodedValue);
+    } catch (error) {
+      if (error) decodedValue = encodedValue;
+    }
+    const normalizedValue = String(decodedValue || '').trim();
+    if (!normalizedValue) continue;
+    if (!values.includes(normalizedValue)) values.push(normalizedValue);
+  }
+  return values;
+};
+export const isRequestSecure = (req) => {
+  const socketEncrypted = Boolean(req?.socket?.encrypted);
+  const proto = String(req?.headers?.['x-forwarded-proto'] || '')
+    .split(',')[0]
+    .trim()
+    .toLowerCase();
+  if (proto && shouldTrustForwardedProtoHeader(req)) {
+    return proto === 'https';
+  }
+  return socketEncrypted;
+};
+export const resolveRequestRemoteIp = (req) => resolveClientIp(req, { fallback: null });
+/**
+ * Converte um valor para string ISO ou null se inválido.
+ * @param {any} value
+ * @returns {string|null}
+ */
+export const toIsoOrNull = (value) => (value ? new Date(value).toISOString() : null);
+/**
+ * Formata duração em segundos para HH:MM:SS ou Dd HH:MM:SS.
+ * @param {number} totalSeconds
+ * @returns {string}
+ */
+export const formatDuration = (totalSeconds) => {
+  const total = Math.max(0, Math.floor(Number(totalSeconds) || 0));
+  const days = Math.floor(total / 86400);
+  const hours = Math.floor((total % 86400) / 3600);
+  const minutes = Math.floor((total % 3600) / 60);
+  const seconds = total % 60;
+  const hhmmss = [hours, minutes, seconds].map((value) => String(value).padStart(2, '0')).join(':');
+  return days > 0 ? `${days}d ${hhmmss}` : hhmmss;
+};
+/**
+ * Normaliza caminho base garantindo barra inicial e removendo barra final.
+ * @param {string} value
+ * @param {string} fallback
+ * @returns {string}
+ */
+export const normalizeBasePath = (value, fallback) => {
+  const raw = String(value || '').trim() || fallback;
+  const withLeadingSlash = raw.startsWith('/') ? raw : `/${raw}`;
+  const withoutTrailingSlash = withLeadingSlash.length > 1 && withLeadingSlash.endsWith('/') ? withLeadingSlash.slice(0, -1) : withLeadingSlash;
+  return withoutTrailingSlash || fallback;
+};
+/**
+ * Envolve uma promessa com um tempo limite.
+ * @param {Promise<any>} promise
+ * @param {number} timeoutMs
+ * @returns {Promise<any>}
+ */
+export const withTimeout = (promise, timeoutMs) =>
+  Promise.race([
+    promise,
+    new Promise((_, reject) => {
+      setTimeout(() => reject(new Error(`timeout_${timeoutMs}ms`)), timeoutMs);
+    }),
+  ]);
+export const normalizeCatalogVisibility = (value) => {
+  const normalized = String(value || '')
+    .trim()
+    .toLowerCase();
+  if (normalized === 'all') return 'all';
+  if (normalized === 'unlisted') return 'unlisted';
+  return 'public';
+};
+/**
+ * Normaliza o caminho de uma visita web.
+ * @param {string} raw
+ * @returns {string}
+ */
+export const normalizeVisitPath = (raw) => {
+  const normalized = String(raw || '')
+    .trim()
+    .replace(/\s+/g, '')
+    .slice(0, 255);
+  if (!normalized) return '/';
+  return normalized.startsWith('/') ? normalized : `/${normalized}`;
+};
+export const appendSetCookie = (res, cookieValue) => {
+  const current = res.getHeader('Set-Cookie');
+  if (!current) {
+    res.setHeader('Set-Cookie', cookieValue);
+    return;
+  }
+  if (Array.isArray(current)) {
+    res.setHeader('Set-Cookie', [...current, cookieValue]);
+    return;
+  }
+  res.setHeader('Set-Cookie', [String(current), cookieValue]);
+};
+export const buildCookieString = (name, value, req, options = {}) => {
+  const parts = [`${name}=${encodeURIComponent(String(value ?? ''))}`];
+  parts.push(`Path=${options.path || '/'}`);
+  const cookieDomain = options.domain === false ? '' : String(options.domain || resolveCookieDomainForRequest(req)).trim();
+  if (cookieDomain) parts.push(`Domain=${cookieDomain}`);
+  if (options.httpOnly !== false) parts.push('HttpOnly');
+  parts.push(`SameSite=${options.sameSite || 'Lax'}`);
+  if (isRequestSecure(req)) parts.push('Secure');
+  if (Number.isFinite(options.maxAgeSeconds)) parts.push(`Max-Age=${Math.max(0, Math.floor(options.maxAgeSeconds))}`);
+  return parts.join('; ');
+};
+export const readJsonBody = async (req, { maxBytes = 64 * 1024 } = {}) =>
+  new Promise((resolve, reject) => {
+    const chunks = [];
+    let total = 0;
+    req.on('data', (chunk) => {
+      total += chunk.length;
+      if (total > maxBytes) {
+        const error = new Error('Payload excedeu limite permitido.');
+        error.statusCode = 413;
+        reject(error);
+        req.destroy();
+        return;
+      }
+      chunks.push(chunk);
+    });
+    req.on('end', () => {
+      const raw = Buffer.concat(chunks).toString('utf8').trim();
+      if (!raw) {
+        resolve({});
+        return;
+      }
+      try {
+        resolve(JSON.parse(raw));
+      } catch {
+        const error = new Error('JSON invalido.');
+        error.statusCode = 400;
+        reject(error);
+      }
+    });
+    req.on('error', (error) => reject(error));
+  });

package/server/http/httpRequestUtils.test.js ADDED Viewed

@@ -0,0 +1,80 @@
+import assert from 'node:assert/strict';
+import test from 'node:test';
+import { isRequestSecure } from './httpRequestUtils.js';
+const withEnv = (overrides, fn) => {
+  const previous = new Map();
+  for (const [key, value] of Object.entries(overrides)) {
+    previous.set(key, Object.prototype.hasOwnProperty.call(process.env, key) ? process.env[key] : null);
+    if (value === undefined || value === null) {
+      delete process.env[key];
+    } else {
+      process.env[key] = String(value);
+    }
+  }
+  try {
+    return fn();
+  } finally {
+    for (const [key, value] of previous.entries()) {
+      if (value === null) {
+        delete process.env[key];
+      } else {
+        process.env[key] = value;
+      }
+    }
+  }
+};
+const buildReq = ({ forwardedProto = '', remoteAddress = '203.0.113.10', encrypted = false } = {}) => ({
+  headers: forwardedProto ? { 'x-forwarded-proto': forwardedProto } : {},
+  socket: {
+    remoteAddress,
+    encrypted,
+  },
+});
+test('isRequestSecure ignores x-forwarded-proto for untrusted remote proxy', () => {
+  withEnv({ APP_TRUST_PROXY: 'false', RATE_LIMIT_TRUST_PROXY: 'false' }, () => {
+    const req = buildReq({
+      forwardedProto: 'https',
+      remoteAddress: '203.0.113.42',
+      encrypted: false,
+    });
+    assert.equal(isRequestSecure(req), false);
+  });
+});
+test('isRequestSecure accepts x-forwarded-proto over trusted loopback proxy', () => {
+  withEnv({ APP_TRUST_PROXY: 'false', RATE_LIMIT_TRUST_PROXY: 'false' }, () => {
+    const req = buildReq({
+      forwardedProto: 'https',
+      remoteAddress: '127.0.0.1',
+      encrypted: false,
+    });
+    assert.equal(isRequestSecure(req), true);
+  });
+});
+test('isRequestSecure accepts x-forwarded-proto when trust proxy is enabled', () => {
+  withEnv({ APP_TRUST_PROXY: 'true', RATE_LIMIT_TRUST_PROXY: 'false' }, () => {
+    const req = buildReq({
+      forwardedProto: 'https',
+      remoteAddress: '198.51.100.5',
+      encrypted: false,
+    });
+    assert.equal(isRequestSecure(req), true);
+  });
+});
+test('isRequestSecure falls back to socket encryption without trusted forwarded proto', () => {
+  withEnv({ APP_TRUST_PROXY: 'false', RATE_LIMIT_TRUST_PROXY: 'false' }, () => {
+    const req = buildReq({
+      forwardedProto: 'http',
+      remoteAddress: '198.51.100.5',
+      encrypted: true,
+    });
+    assert.equal(isRequestSecure(req), true);
+  });
+});

package/server/http/httpServer.js ADDED Viewed

@@ -0,0 +1,180 @@
+import http from 'node:http';
+import logger from '#logger';
+import { getMetricsServerConfig, isMetricsEnabled, recordHttpRequest, resolveRouteGroup } from '../../app/observability/metrics.js';
+import { applyCachePolicy } from '../middleware/cachePolicy.js';
+import { applySensitiveRouteRateLimit } from '../middleware/endpointRateLimit.js';
+import { applySecurityHeaders } from '../middleware/securityHeaders.js';
+import { getIndexRouteConfigs, routeRequest } from '../routes/indexRouter.js';
+import { parseRequestUrl, normalizeRequestId } from './requestContext.js';
+let server = null;
+let serverStarted = false;
+const sanitizePathForLogs = (pathname) => {
+  const rawPath = String(pathname || '').trim();
+  if (!rawPath) return null;
+  const marker = '/auth/password/recovery/session/';
+  const lower = rawPath.toLowerCase();
+  const markerIndex = lower.indexOf(marker);
+  if (markerIndex < 0) return rawPath;
+  const tokenStart = markerIndex + marker.length;
+  const suffix = rawPath.slice(tokenStart);
+  const nextSlashIndex = suffix.indexOf('/');
+  if (nextSlashIndex < 0) {
+    const rawSegment = String(suffix || '')
+      .trim()
+      .toLowerCase();
+    if (rawSegment === 'request' || rawSegment === 'verify') {
+      return rawPath;
+    }
+    return `${rawPath.slice(0, tokenStart)}[redacted]`;
+  }
+  return `${rawPath.slice(0, tokenStart)}[redacted]${suffix.slice(nextSlashIndex)}`;
+};
+export const startHttpServer = () => {
+  if (!isMetricsEnabled() || serverStarted) return;
+  const { host, port, path: metricsPath } = getMetricsServerConfig();
+  server = http.createServer(async (req, res) => {
+    const requestStartedAt = Date.now();
+    const requestId = normalizeRequestId(req.headers['x-request-id']);
+    res.setHeader('X-Request-Id', requestId);
+    const parsedUrl = parseRequestUrl(req, host, port);
+    const pathname = parsedUrl.pathname;
+    let routeConfigs = null;
+    try {
+      routeConfigs = await getIndexRouteConfigs();
+    } catch (error) {
+      logger.error('Erro ao carregar configuracao de rotas.', {
+        error: error?.message,
+      });
+    }
+    let routeGroup = resolveRouteGroup({
+      pathname,
+      metricsPath,
+      catalogConfig: routeConfigs?.stickerConfig || null,
+      userConfig: routeConfigs?.userConfig || null,
+      systemAdminConfig: routeConfigs?.systemAdminConfig || null,
+    });
+    res.once('finish', () => {
+      recordHttpRequest({
+        durationMs: Date.now() - requestStartedAt,
+        method: req.method,
+        statusCode: res.statusCode,
+        routeGroup,
+      });
+    });
+    try {
+      applySecurityHeaders(req, res);
+      applyCachePolicy(req, res, { pathname });
+      const allowedByRateLimit = await applySensitiveRouteRateLimit(req, res, { pathname });
+      if (!allowedByRateLimit) return;
+      await routeRequest(req, res, {
+        pathname,
+        url: parsedUrl,
+        metricsPath,
+        configs: routeConfigs,
+      });
+      routeGroup = resolveRouteGroup({
+        pathname,
+        metricsPath,
+        catalogConfig: routeConfigs?.stickerConfig || null,
+        userConfig: routeConfigs?.userConfig || null,
+        systemAdminConfig: routeConfigs?.systemAdminConfig || null,
+      });
+    } catch (error) {
+      logger.error('Falha ao processar request HTTP.', {
+        path: sanitizePathForLogs(pathname),
+        method: req.method,
+        error: error?.message,
+      });
+      if (!res.writableEnded) {
+        res.statusCode = 500;
+        res.setHeader('Content-Type', 'application/json; charset=utf-8');
+        res.end(JSON.stringify({ error: 'Internal Server Error' }));
+      }
+    }
+  });
+  server.listen(port, host, () => {
+    serverStarted = true;
+    logger.info('Servidor HTTP iniciado', {
+      host,
+      port,
+      metrics_path: metricsPath,
+    });
+    getIndexRouteConfigs()
+      .then(({ userConfig, systemAdminConfig, stickerConfig }) => {
+        if (userConfig?.webPath) {
+          logger.info('Rotas web de usuario habilitadas', {
+            web_path: userConfig.webPath,
+            api_base_path: userConfig.apiBasePath,
+            host,
+            port,
+          });
+        }
+        if (systemAdminConfig?.webPath) {
+          logger.info('Rotas system admin habilitadas', {
+            web_path: systemAdminConfig.webPath,
+            legacy_web_path: systemAdminConfig.legacyWebPath,
+            api_admin_base_path: systemAdminConfig.apiAdminBasePath,
+            host,
+            port,
+          });
+        }
+        if (stickerConfig?.enabled && stickerConfig?.webPath) {
+          logger.info('Catalogo web de sticker packs habilitado', {
+            web_path: stickerConfig.webPath,
+            api_base_path: stickerConfig.apiBasePath,
+            orphan_api_path: stickerConfig.orphanApiPath,
+            data_public_path: stickerConfig.dataPublicPath,
+            data_public_dir: stickerConfig.dataPublicDir,
+            host,
+            port,
+          });
+        }
+      })
+      .catch((error) => {
+        logger.warn('Nao foi possivel carregar configuracao das rotas na inicializacao.', {
+          error: error?.message,
+        });
+      });
+  });
+  server.on('error', (error) => {
+    logger.error('Falha ao iniciar servidor HTTP', { error: error?.message });
+  });
+};
+export const stopHttpServer = async () => {
+  if (!serverStarted || !server) return;
+  const current = server;
+  server = null;
+  serverStarted = false;
+  await new Promise((resolve, reject) => {
+    current.close((error) => {
+      if (error) {
+        reject(error);
+        return;
+      }
+      resolve();
+    });
+  });
+};

package/server/http/requestContext.js ADDED Viewed

@@ -0,0 +1,20 @@
+import { randomUUID } from 'node:crypto';
+import { URL } from 'node:url';
+export const normalizeRequestId = (value) => {
+  const token = String(value || '')
+    .trim()
+    .replace(/[^a-zA-Z0-9._:-]/g, '')
+    .slice(0, 120);
+  return token || randomUUID();
+};
+export const parseRequestUrl = (req, host, port) => {
+  const fallbackHost = `${host}:${port}`;
+  const requestHost = req.headers.host || fallbackHost;
+  try {
+    return new URL(req.url || '/', `http://${requestHost}`);
+  } catch {
+    return new URL(req.url || '/', 'http://localhost');
+  }
+};