@reldens/server-utils 0.42.0 → 0.44.0

package/CLAUDE.md

@@ -21,215 +21,74 @@ npm test
 
 ## Architecture
 
-### Core Classes
-
-**FileHandler** (`lib/file-handler.js`):
-- Singleton wrapper for Node.js fs and path modules
-- Used instead of direct require('fs') or require('path') throughout Reldens
-- Key file operations:
-  - `exists(filePath)` - Check if file/directory exists
-  - `readFile(filePath)` - Read file contents
-  - `writeFile(filePath, content)` - Write file
-  - `createFolder(folderPath)` - Create directory recursively
-  - `remove(fullPath)` - Remove file/folder recursively
-  - `copyFile(from, to)` - Copy file
-  - `copyFolderSync(from, to)` - Copy folder recursively
-  - `moveFile(from, to)` - Move/rename file
-- Path operations:
-  - `joinPaths(...paths)` - Join path segments
-  - `getFileName(filePath)` - Get file name (basename)
-  - `getFolderName(filePath)` - Get directory name (dirname)
-  - `getRelativePath(from, to)` - Calculate relative path
-  - `normalizePath(filePath)` - Normalize path
-  - `isAbsolutePath(filePath)` - Check if path is absolute
-- File inspection:
-  - `isFile(filePath)` - Check if path is a file
-  - `isFolder(dirPath)` - Check if path is a folder
-  - `getFileSize(filePath)` - Get file size in bytes
-  - `getFileStats(filePath)` - Get file stats
-  - `getFilesInFolder(dirPath, extensions)` - List files with optional filtering
-  - `fetchSubFoldersList(folder, options)` - Get subfolder list
-- JSON operations:
-  - `fetchFileJson(filePath)` - Read and parse JSON file
-  - `isValidJson(filePath)` - Validate JSON file
-- Security features:
-  - `generateSecureFilename(originalName)` - Generate secure random filename
-  - `validateFileType(filePath, type, allowedTypes, maxSize)` - Validate file
-  - `detectFileType(filePath)` - Detect MIME type from magic numbers
-  - `quarantineFile(filePath, reason)` - Move suspicious file to quarantine
-  - `isValidPath(filePath)` - Validate path for security
-  - `sanitizePath(filePath)` - Sanitize path string
-- Advanced operations:
-  - `walkDirectory(dirPath, callback)` - Recursively process directory tree
-  - `getDirectorySize(dirPath)` - Calculate total directory size
-  - `emptyDirectory(dirPath)` - Remove all contents from directory
-  - `compareFiles(file1, file2)` - Compare file contents
-  - `appendToFile(filePath, content)` - Append to file
-  - `prependToFile(filePath, content)` - Prepend to file
-  - `replaceInFile(filePath, searchValue, replaceValue)` - Replace in file
-- All methods include built-in error handling, no need for try/catch
-- DO NOT use FileHandler.exists to validate other FileHandler methods
-- DO NOT enclose FileHandler methods in try/catch blocks
+See `.claude/package-architecture.md` for detailed information about:
+- Design philosophy and independence principles
+- Callback-based extensibility pattern
+- Available callbacks (onError, onRequestSuccess, onRequestError, onEvent)
+- Integration patterns
 
-**AppServerFactory** (`lib/app-server-factory.js`):
-- Creates Express app servers with modular security components
-- Supports HTTP, HTTPS, HTTP/2
-- Key features:
-  - Virtual host management with SNI support
-  - HTTP/2 CDN server integration
-  - Reverse proxy with WebSocket support
-  - Development mode detection and configuration
-- Security configurers (modular):
-  - `DevelopmentModeDetector` - Auto-detect development environment
-  - `ProtocolEnforcer` - HTTP/HTTPS protocol enforcement
-  - `SecurityConfigurer` - Helmet integration and XSS protection
-  - `CorsConfigurer` - CORS with dynamic origin validation
-  - `RateLimitConfigurer` - Global and endpoint-specific rate limiting
-  - `ReverseProxyConfigurer` - Domain-based reverse proxy
-- Methods:
-  - `createAppServer(config)` - Create and configure server
-  - `addDomain(domainConfig)` - Add virtual host domain
-  - `addDevelopmentDomain(domain)` - Add development domain
-  - `enableServeHome(app, callback)` - Enable homepage serving
-  - `serveStatics(app, staticPath)` - Serve static files
-  - `enableCSP(cspOptions)` - Enable Content Security Policy
-  - `listen(port)` - Start server listening
-  - `close()` - Gracefully close server
-
-**Encryptor** (`lib/encryptor.js`):
-- Singleton for cryptographic operations
-- Password hashing:
-  - `encryptPassword(password)` - Hash password with PBKDF2 (100k iterations, SHA-512)
-  - `validatePassword(password, storedPassword)` - Validate password against hash
-- Data encryption:
-  - `encryptData(data, key)` - Encrypt data with AES-256-GCM
-  - `decryptData(encryptedData, key)` - Decrypt AES-256-GCM data
-  - `generateSecretKey()` - Generate 256-bit secret key
-- Token generation:
-  - `generateSecureToken(length)` - Generate cryptographically secure token
-  - `generateTOTP(secret, timeStep)` - Generate time-based OTP
-- Hashing and verification:
-  - `hashData(data, algorithm)` - Hash with SHA-256, SHA-512, or MD5
-  - `generateHMAC(data, secret, algorithm)` - Generate HMAC signature
-  - `verifyHMAC(data, secret, signature, algorithm)` - Verify HMAC signature
-  - `constantTimeCompare(a, b)` - Constant-time string comparison
-
-**UploaderFactory** (`lib/uploader-factory.js`):
-- File upload handling with Multer
-- Multi-level security validation:
-  - Filename security validation
-  - MIME type validation
-  - File extension validation
-  - File size validation
-  - Content validation using magic numbers
-  - Dangerous extension filtering
-- Features:
-  - Multiple file upload support with field mapping
-  - Secure filename generation option
-  - Automatic cleanup on validation failure
-  - Custom error response handling
-  - Per-field destination mapping
-- Methods:
-  - `createUploader(fields, buckets, allowedFileTypes)` - Create upload middleware
-  - `validateFilenameSecurity(filename)` - Validate filename
-  - `validateFile(file, allowedType, callback)` - Validate during upload
-  - `validateFileContents(file, allowedType)` - Validate after upload
-  - `convertToRegex(key)` - Convert MIME type patterns to regex
-
-**Http2CdnServer** (`lib/http2-cdn-server.js`):
-- HTTP/2 secure server for CDN-like static file serving
-- Features:
-  - Optimized for CSS, JavaScript, images, and fonts
-  - Dynamic CORS origin validation with regex pattern support
-  - Configurable cache headers per file extension
-  - Comprehensive MIME type detection
-  - HTTP/1.1 fallback support
-  - Security headers (X-Content-Type-Options, X-Frame-Options, Vary)
-  - Query string stripping for cache optimization
-- Methods:
-  - `create()` - Create HTTP/2 secure server
-  - `listen()` - Start listening on configured port
-  - `close()` - Gracefully close server
-  - `handleStream(stream, headers)` - Handle HTTP/2 stream
-  - `resolveFilePath(requestPath)` - Resolve file path from request
-
-### Utility Classes
-
-**ServerDefaultConfigurations** (`lib/server-default-configurations.js`):
-- Static class providing default configurations
-- `mimeTypes` - Comprehensive MIME type mappings for common file extensions
-- `cacheConfig` - Default cache max-age settings (1 year for CSS/JS/fonts, 30 days for images)
-
-**ServerFactoryUtils** (`lib/server-factory-utils.js`):
-- Static utility methods for server operations
-- `getCacheConfigForPath(path, cacheConfig)` - Get cache config for file path
-- `validateOrigin(origin, corsOrigins, corsAllowAll)` - Validate CORS origin (supports strings and RegExp)
-- `stripQueryString(url)` - Remove query string from URL
-
-**ServerHeaders** (`lib/server-headers.js`):
-- Centralized header management
-- HTTP/2 headers configuration
-- Express security headers
-- Cache control headers
-- Proxy forwarding headers
-- `buildCacheControlHeader(maxAge)` - Build cache control header string
-
-### Security Configurers (in `lib/app-server-factory/`)
-
-**DevelopmentModeDetector** (`development-mode-detector.js`):
-- Auto-detects development environment
-- Checks NODE_ENV, domain patterns, and configured domains
-- Built-in patterns: localhost, 127.0.0.1, .local, .test, .dev, .staging, etc.
-- `detect(config)` - Detect if in development mode
-- `matchesPattern(domain)` - Check if domain matches development pattern
-
-**ProtocolEnforcer** (`protocol-enforcer.js`):
-- Enforces HTTP/HTTPS protocol consistency
-- Development mode awareness
-- Automatic redirects when protocol doesn't match configuration
-- `setup(app, config)` - Setup protocol enforcement middleware
-
-**SecurityConfigurer** (`security-configurer.js`):
-- Helmet integration with CSP management
-- XSS protection with request body sanitization
-- Development-friendly CSP configuration
-- Supports CSP directive merging or override
-- `setupHelmet(app, config)` - Setup Helmet middleware
-- `setupXssProtection(app, config)` - Setup XSS protection
-- `enableCSP(app, cspOptions)` - Enable Content Security Policy
-- `addExternalDomainsToCsp(directives, externalDomains)` - Add external domains to CSP
-
-**CorsConfigurer** (`cors-configurer.js`):
-- Dynamic CORS origin validation
-- Development domain support with automatic port variations
-- Credential support configuration
-- `setup(app, config)` - Setup CORS middleware
-- `extractDevelopmentOrigins(domainMapping)` - Extract development origins
-- `normalizeHost(originOrHost)` - Normalize host string
-
-**RateLimitConfigurer** (`rate-limit-configurer.js`):
-- Global and endpoint-specific rate limiting
-- Development mode multiplier for lenient limits
-- IP-based key generation option
-- `setup(app, config)` - Setup global rate limiting
-- `createHomeLimiter()` - Create homepage-specific limiter
-
-**ReverseProxyConfigurer** (`reverse-proxy-configurer.js`):
-- Domain-based reverse proxy routing
-- WebSocket support
-- SSL termination
-- Header preservation (X-Forwarded-For, X-Forwarded-Proto, X-Forwarded-Host)
-- Virtual host integration
-- Graceful error handling (502 Bad Gateway, 504 Gateway Timeout)
-- `setup(app, config)` - Setup reverse proxy
-- `createProxyMiddleware(rule)` - Create proxy middleware for rule
-- `handleProxyError(err, req, res)` - Handle proxy errors
+See `.claude/api-reference.md` for complete API documentation of all classes and methods.
+
+## Core Classes Summary
+
+**FileHandler** - Singleton wrapper for Node.js fs and path modules. Used instead of direct require('fs') or require('path') throughout Reldens.
+
+**AppServerFactory** - Creates Express app servers with modular security components. Supports HTTP, HTTPS, HTTP/2, virtual hosts, CDN integration, reverse proxy, and callback-based logging.
+
+**Encryptor** - Singleton for cryptographic operations including password hashing, data encryption, token generation, and HMAC verification.
+
+**UploaderFactory** - File upload handling with Multer and multi-level security validation.
+
+**Http2CdnServer** - HTTP/2 secure server for CDN-like static file serving with CORS, cache headers, and callback-based logging.
+
+## Utility Classes Summary
+
+**RequestLogger** - Express middleware for request logging that invokes callbacks based on status codes.
+
+**EventDispatcher** - Static utility for dispatching lifecycle events with structured event data.
+
+**ServerErrorHandler** - Centralized error handling with structured error context.
+
+**ServerDefaultConfigurations** - Static class providing MIME types and cache configurations.
+
+**ServerFactoryUtils** - Static utility methods for cache config, CORS validation, and URL manipulation.
+
+**ServerHeaders** - Centralized header management for HTTP/2, security, cache, and proxy headers.
+
+## Security Configurers Summary
+
+Located in `lib/app-server-factory/`:
+- **DevelopmentModeDetector** - Auto-detect development environment
+- **ProtocolEnforcer** - HTTP/HTTPS protocol enforcement
+- **SecurityConfigurer** - Helmet integration and XSS protection
+- **CorsConfigurer** - CORS with dynamic origin validation
+- **RateLimitConfigurer** - Global and endpoint-specific rate limiting
+- **ReverseProxyConfigurer** - Domain-based reverse proxy with WebSocket support
 
 ## Important Notes
 
+### FileHandler Usage
 - **ALWAYS use FileHandler** instead of Node.js fs/path modules
 - FileHandler methods have built-in error handling - no try/catch needed
 - DO NOT enclose FileHandler methods in try/catch blocks
 - DO NOT use FileHandler.exists to validate other FileHandler methods (e.g., before createFolder)
+
+### Callback System
+- Package provides callback hooks (onError, onRequestSuccess, onRequestError, onEvent)
+- Applications provide implementations via configuration
+- Package does NOT import @reldens/utils Logger
+- Applications wire callbacks to their own logging/monitoring systems
+
+### Server Configuration
 - AppServerFactory handles all Express server configuration
 - All server utilities support both HTTP and HTTPS
+- Virtual hosts with SNI support for multiple domains
+- HTTP/2 CDN server integration for static file serving
+- Reverse proxy with WebSocket support
+
+### Security
+- Multi-level validation for file uploads
+- XSS protection with request body sanitization
+- CSP management with Helmet integration
+- CORS with dynamic origin validation (supports strings and RegExp)
+- Rate limiting with development mode awareness

package/README.md

@@ -25,6 +25,7 @@ A Node.js server toolkit providing secure application server creation, HTTP/2 CD
 - Static file serving with security headers
 - Compression middleware with smart filtering
 - Input validation utilities
+- Custom error handling with callback support
 
 ### Http2CdnServer
 - Dedicated HTTP/2 server for static asset delivery
@@ -37,6 +38,8 @@ A Node.js server toolkit providing secure application server creation, HTTP/2 CD
 - Standalone or integrated with AppServerFactory
 - Multiple static path support
 - Separate SSL certificate support from main server
+- Comprehensive error handling (server, TLS, session, stream errors)
+- Custom error handler callback support
 
 #### Modular Security Components
 The AppServerFactory now uses specialized security configurers:
@@ -47,6 +50,7 @@ The AppServerFactory now uses specialized security configurers:
 - **RateLimitConfigurer** - Global and endpoint-specific rate limiting
 - **ReverseProxyConfigurer** - Domain-based reverse proxy with WebSocket support
 - **SecurityConfigurer** - Helmet integration with CSP management and XSS protection
+- **ServerErrorHandler** - Centralized error handling with custom callback support
 
 ### FileHandler
 - Secure file system operations with path validation
@@ -63,6 +67,8 @@ The AppServerFactory now uses specialized security configurers:
 - Directory walking with callback processing
 - File comparison and relative path calculations
 - Comprehensive error handling with detailed context
+- Read stream creation for efficient file streaming
+- File modification time retrieval
 
 ### Encryptor
 - Password hashing using PBKDF2 with configurable iterations
@@ -174,6 +180,34 @@ if(cdnServer.create()){
 }
 ```
 
+### Custom Error Handling
+
+Configure custom error handlers for server errors:
+
+```javascript
+let appServerFactory = new AppServerFactory();
+
+appServerFactory.onError = (errorData) => {
+    console.error('Server error:', errorData.key);
+    console.error('Error details:', errorData.error);
+    console.error('Context:', errorData);
+};
+
+let serverResult = appServerFactory.createAppServer({
+    port: 443,
+    useHttps: true,
+    http2CdnEnabled: true,
+    autoListen: true
+});
+```
+
+The `onError` callback receives structured error data:
+- `instanceName` - Name of the component (e.g., 'http2CdnServer', 'appServerFactory')
+- `instance` - Reference to the component instance
+- `key` - Error type identifier (e.g., 'server-error', 'tls-client-error', 'proxy-error')
+- `error` - The actual error object
+- `...context` - Additional context data (port, path, hostname, etc.)
+
 ### HTTPS Server with Optimized Caching
 
 ```javascript
@@ -225,6 +259,18 @@ if(FileHandler.createFolder('/path/to/new/folder')){
 // Generate a secure filename
 let secureFilename = FileHandler.generateSecureFilename('user-upload.jpg');
 console.log('Secure filename:', secureFilename);
+
+// Create a read stream for efficient file handling
+let stream = FileHandler.createReadStream('/path/to/large-file.txt');
+if(stream){
+    stream.pipe(response);
+}
+
+// Get file modification time
+let modTime = FileHandler.getFileModificationTime('/path/to/file.txt');
+if(modTime){
+    console.log('Last modified:', modTime);
+}
 ```
 
 ### Password Encryption
@@ -515,7 +561,10 @@ let serverResult = appServerFactory.createAppServer({
 - Header preservation (X-Forwarded-For, X-Forwarded-Proto, X-Forwarded-Host)
 - Virtual host integration
 - Path-based routing
-- Graceful error handling
+- Comprehensive error handling with proper HTTP status codes:
+  - 502 Bad Gateway for connection refused errors
+  - 504 Gateway Timeout for timeout errors
+  - 500 Internal Server Error for other proxy errors
 
 #### Rule Properties
 
@@ -569,6 +618,15 @@ reverseProxyRules: [
 - `reverseProxyEnabled` - Enable reverse proxy (default: false)
 - `reverseProxyRules` - Array of proxy rules (default: [])
 
+### AppServerFactory Error Handling
+
+- `onError` - Custom error handler callback function receiving error data:
+  - `instanceName` - Component name (e.g., 'appServerFactory', 'http2CdnServer')
+  - `instance` - Component instance reference
+  - `key` - Error type identifier (e.g., 'server-error', 'virtual-host-error')
+  - `error` - The error object
+  - Additional context data (port, hostname, path, etc.)
+
 ### Http2CdnServer Methods
 
 - `create()` - Creates HTTP/2 secure server
@@ -591,6 +649,7 @@ reverseProxyRules: [
 - `securityHeaders` - Custom security headers
 - `varyHeader` - Vary header value (default: 'Accept-Encoding, Origin')
 - `mimeTypes` - MIME type mappings
+- `onError` - Custom error handler callback
 
 ### FileHandler Methods
 
@@ -620,6 +679,8 @@ reverseProxyRules: [
 - `walkDirectory(path, callback)` - Recursively processes a directory tree
 - `getDirectorySize(path)` - Calculates total directory size
 - `emptyDirectory(path)` - Removes all contents from directory
+- `createReadStream(path, options)` - Creates readable stream for file
+- `getFileModificationTime(path)` - Gets file last modification time
 
 ### Encryptor Methods
 
@@ -643,6 +704,16 @@ reverseProxyRules: [
 - `validateFileContents(file, allowedType)` - Validates file content after upload
 - `convertToRegex(key)` - Converts MIME type patterns to regex
 
+### ServerErrorHandler Methods
+
+- `handleError(onErrorCallback, instanceName, instance, key, error, context)` - Static method for centralized error handling
+  - `onErrorCallback` - Custom error handler function (optional)
+  - `instanceName` - Name of the component ('http2CdnServer', 'appServerFactory', etc.)
+  - `instance` - Reference to the component instance
+  - `key` - Error type identifier
+  - `error` - The error object
+  - `context` - Additional context object (port, hostname, path, etc.)
+
 ## Security Features
 
 ### Path Traversal Protection
@@ -668,7 +739,15 @@ Industry-standard encryption using PBKDF2 for passwords, AES-256-GCM for data en
 
 ## Error Handling
 
-All methods include comprehensive error handling with detailed error objects containing context information. Errors are logged appropriately and never expose sensitive system information.
+All server components include comprehensive error handling with centralized error management through the ServerErrorHandler class. Custom error handlers can be configured via the `onError` callback to process errors according to application requirements. Errors are logged appropriately and never expose sensitive system information.
+
+Error handling features:
+- Centralized error management with ServerErrorHandler
+- Custom error callback support across all components
+- Structured error context with instance details and metadata
+- Graceful HTTP status codes for proxy errors (502, 504, 500)
+- TLS and session error handling for HTTP/2 servers
+- Virtual host and SNI certificate error handling
 
 ---
 

package/lib/app-server-factory/cors-configurer.js

@@ -5,6 +5,7 @@
  */
 
 const cors = require('cors');
+const { EventDispatcher } = require('../event-dispatcher');
 
 class CorsConfigurer
 {
@@ -18,6 +19,7 @@ class CorsConfigurer
         this.corsHeaders = ['Content-Type','Authorization'];
         this.developmentCorsOrigins = [];
         this.developmentPorts = [];
+        this.onEvent = null;
     }
 
     setup(app, config)
@@ -28,6 +30,7 @@ class CorsConfigurer
         this.corsMethods = config.corsMethods || this.corsMethods;
         this.corsHeaders = config.corsHeaders || this.corsHeaders;
         this.developmentPorts = config.developmentPorts || this.developmentPorts;
+        this.onEvent = config.onEvent || null;
         if(!this.useCors){
             return;
         }
@@ -58,6 +61,13 @@ class CorsConfigurer
             };
         }
         app.use(cors(corsOptions));
+        EventDispatcher.dispatch(
+            this.onEvent,
+            'cors-configured',
+            'corsConfigurer',
+            this,
+            {useCors: this.useCors, isDevelopmentMode: this.isDevelopmentMode, corsOrigin: this.corsOrigin}
+        );
     }
 
     extractDevelopmentOrigins(domainMapping)

package/lib/app-server-factory/development-mode-detector.js

@@ -4,6 +4,8 @@
  *
  */
 
+const { EventDispatcher } = require('../event-dispatcher');
+
 class DevelopmentModeDetector
 {
 
@@ -27,10 +29,12 @@ class DevelopmentModeDetector
         ];
         this.developmentEnvironments = ['development', 'dev', 'test'];
         this.env = process?.env?.NODE_ENV || 'production';
+        this.onEvent = null;
     }
 
     detect(config = {})
     {
+        this.onEvent = config.onEvent || null;
         if(config.developmentPatterns){
             this.developmentPatterns = config.developmentPatterns;
         }
@@ -38,11 +42,25 @@ class DevelopmentModeDetector
             this.developmentEnvironments = config.developmentEnvironments;
         }
         if(this.developmentEnvironments.includes(this.env)){
+            EventDispatcher.dispatch(
+                this.onEvent,
+                'development-mode-detected',
+                'developmentModeDetector',
+                this,
+                {detectionMethod: 'environment', env: this.env}
+            );
             return true;
         }
         if(config.developmentDomains && 0 < config.developmentDomains.length){
             for(let domain of config.developmentDomains){
                 if(this.matchesPattern(domain)){
+                    EventDispatcher.dispatch(
+                        this.onEvent,
+                        'development-mode-detected',
+                        'developmentModeDetector',
+                        this,
+                        {detectionMethod: 'developmentDomain', domain: domain}
+                    );
                     return true;
                 }
             }
@@ -53,6 +71,13 @@ class DevelopmentModeDetector
                     continue;
                 }
                 if(this.matchesPattern(domainConfig.hostname)){
+                    EventDispatcher.dispatch(
+                        this.onEvent,
+                        'development-mode-detected',
+                        'developmentModeDetector',
+                        this,
+                        {detectionMethod: 'domainPattern', hostname: domainConfig.hostname}
+                    );
                     return true;
                 }
             }

package/lib/app-server-factory/protocol-enforcer.js

@@ -4,6 +4,8 @@
  *
  */
 
+const { EventDispatcher } = require('../event-dispatcher');
+
 class ProtocolEnforcer
 {
 
@@ -12,6 +14,7 @@ class ProtocolEnforcer
         this.isDevelopmentMode = false;
         this.useHttps = false;
         this.enforceProtocol = true;
+        this.onEvent = null;
     }
 
     setup(app, config)
@@ -19,6 +22,7 @@ class ProtocolEnforcer
         this.isDevelopmentMode = config.isDevelopmentMode || false;
         this.useHttps = config.useHttps || false;
         this.enforceProtocol = config.enforceProtocol !== false;
+        this.onEvent = config.onEvent || null;
         app.use((req, res, next) => {
             let forwardedProto = req.get('X-Forwarded-Proto');
             let protocol = (forwardedProto || req.protocol || '').toLowerCase();
@@ -41,6 +45,13 @@ class ProtocolEnforcer
             res.set('X-Forwarded-Proto', protocol);
             next();
         });
+        EventDispatcher.dispatch(
+            this.onEvent,
+            'protocol-enforcement-enabled',
+            'protocolEnforcer',
+            this,
+            {isDevelopmentMode: this.isDevelopmentMode, useHttps: this.useHttps, enforceProtocol: this.enforceProtocol}
+        );
     }
 
 }

package/lib/app-server-factory/rate-limit-configurer.js

@@ -5,6 +5,7 @@
  */
 
 const rateLimit = require('express-rate-limit');
+const { EventDispatcher } = require('../event-dispatcher');
 
 class RateLimitConfigurer
 {
@@ -19,6 +20,7 @@ class RateLimitConfigurer
         this.applyKeyGenerator = false;
         this.tooManyRequestsMessage = 'Too many requests, please try again later.';
         this.rateLimit = rateLimit;
+        this.onEvent = null;
     }
 
     setup(app, config)
@@ -30,6 +32,7 @@ class RateLimitConfigurer
         this.developmentMultiplier = Number(config.developmentMultiplier || this.developmentMultiplier);
         this.applyKeyGenerator = config.applyKeyGenerator || false;
         this.tooManyRequestsMessage = config.tooManyRequestsMessage || this.tooManyRequestsMessage;
+        this.onEvent = config.onEvent || null;
         if(!this.globalRateLimit){
             return;
         }
@@ -49,6 +52,13 @@ class RateLimitConfigurer
             };
         }
         app.use(this.rateLimit(limiterParams));
+        EventDispatcher.dispatch(
+            this.onEvent,
+            'rate-limiting-configured',
+            'rateLimitConfigurer',
+            this,
+            {globalRateLimit: this.globalRateLimit, maxRequests: limiterParams.limit, windowMs: this.windowMs}
+        );
     }
 
     createHomeLimiter()

package/lib/app-server-factory/reverse-proxy-configurer.js

@@ -6,6 +6,8 @@
 
 const { createProxyMiddleware } = require('http-proxy-middleware');
 const { ServerHeaders } = require('../server-headers');
+const { ServerErrorHandler } = require('../server-error-handler');
+const { EventDispatcher } = require('../event-dispatcher');
 
 class ReverseProxyConfigurer
 {
@@ -22,6 +24,8 @@ class ReverseProxyConfigurer
             logLevel: 'warn'
         };
         this.serverHeaders = new ServerHeaders();
+        this.onError = null;
+        this.onEvent = null;
     }
 
     setup(app, config)
@@ -30,10 +34,19 @@ class ReverseProxyConfigurer
         this.useVirtualHosts = config.useVirtualHosts || false;
         this.reverseProxyRules = config.reverseProxyRules || [];
         this.reverseProxyOptions = config.reverseProxyOptions || this.reverseProxyOptions;
+        this.onError = config.onError || null;
+        this.onEvent = config.onEvent || null;
         if(0 === this.reverseProxyRules.length){
             return;
         }
         this.applyRules(app);
+        EventDispatcher.dispatch(
+            this.onEvent,
+            'reverse-proxy-configured',
+            'reverseProxyConfigurer',
+            this,
+            {rulesCount: this.reverseProxyRules.length, useVirtualHosts: this.useVirtualHosts}
+        );
     }
 
     applyRules(app)
@@ -100,7 +113,9 @@ class ReverseProxyConfigurer
             options.logLevel = rule.logLevel;
         }
         options.target = rule.target;
-        options.onError = this.handleProxyError.bind(this);
+        options.onError = (err, req, res) => {
+            this.handleProxyError(err, req, res);
+        };
         options.onProxyReq = (proxyReq, req) => {
             if(req.headers['x-forwarded-for']){
                 return;
@@ -115,6 +130,16 @@ class ReverseProxyConfigurer
 
     handleProxyError(err, req, res)
     {
+        let hostname = req.get('host') || 'unknown';
+        let requestPath = req.path || req.url || 'unknown';
+        ServerErrorHandler.handleError(
+            this.onError,
+            'reverseProxyConfigurer',
+            this,
+            'proxy-error',
+            err,
+            {request: req, response: res, hostname: hostname, path: requestPath}
+        );
         if(res.headersSent){
             return;
         }