@reldens/server-utils 0.44.0 → 0.46.0

package/.claude/api-reference.md

@@ -77,6 +77,7 @@ Creates Express app servers with modular security components. Supports HTTP, HTT
 - Lifecycle event dispatching
 
 **Configuration Properties:**
+- `http2CdnDomains` - Array of domain configurations for HTTP/2 CDN multi-certificate SNI (optional)
 - `onError` - Custom error handler callback for server errors
 - `onRequestSuccess` - Callback for successful requests
 - `onRequestError` - Callback for failed requests
@@ -84,8 +85,11 @@ Creates Express app servers with modular security components. Supports HTTP, HTT
 
 **Methods:**
 - `createAppServer(config)` - Create and configure server
+- `createHttp2CdnServer()` - Create HTTP/2 CDN server with optional multi-cert SNI
 - `addDomain(domainConfig)` - Add virtual host domain
 - `addDevelopmentDomain(domain)` - Add development domain
+- `dispatch(eventName, eventData)` - Dispatch lifecycle event (wrapper for EventDispatcher)
+- `handleError(errorType, error, context)` - Handle and log error (wrapper for ServerErrorHandler)
 - `enableServeHome(app, callback)` - Enable homepage serving
 - `serveStatics(app, staticPath)` - Serve static files
 - `enableCSP(cspOptions)` - Enable Content Security Policy
@@ -157,6 +161,7 @@ File upload handling with Multer.
 HTTP/2 secure server for CDN-like static file serving.
 
 **Features:**
+- Multi-certificate SNI support for multiple domains
 - Optimized for CSS, JavaScript, images, and fonts
 - Dynamic CORS origin validation with regex pattern support
 - Configurable cache headers per file extension
@@ -167,19 +172,37 @@ HTTP/2 secure server for CDN-like static file serving.
 - Comprehensive error handling (server, TLS, session, stream errors)
 
 **Configuration Properties:**
+- `domains` - Array of domain configurations for multi-certificate SNI (optional)
+- `keyPath` - Path to SSL key file (backward compatibility, single cert mode)
+- `certPath` - Path to SSL certificate file (backward compatibility, single cert mode)
 - `onError` - Custom error handler callback for server errors
 - `onRequestSuccess` - Callback for successful requests
 - `onRequestError` - Callback for failed requests
 - `onEvent` - Callback for lifecycle events
 
+**Multi-Certificate Configuration Example:**
+```javascript
+domains: [
+    {hostname: 'cdn.domain1.com', keyPath: '/path/to/key1.pem', certPath: '/path/to/cert1.pem'},
+    {hostname: 'cdn.domain2.com', keyPath: '/path/to/key2.pem', certPath: '/path/to/cert2.pem'}
+]
+```
+
 **Methods:**
-- `create()` - Create HTTP/2 secure server
+- `create()` - Create HTTP/2 secure server with SNI support
 - `listen()` - Start listening on configured port
 - `close()` - Gracefully close server
+- `dispatch(eventName, eventData)` - Dispatch lifecycle event (wrapper for EventDispatcher)
+- `handleError(errorType, error, context)` - Handle and log error (wrapper for ServerErrorHandler)
 - `handleStream(stream, headers)` - Handle HTTP/2 stream
 - `handleHttp1Request(req, res)` - Handle HTTP/1.1 fallback requests
 - `resolveFilePath(requestPath)` - Resolve file path from request
 - `setupEventHandlers()` - Configure server error event handlers
+- `setupDomainConfiguration()` - Configure single or multi-certificate mode
+- `validateCertificates()` - Validate all domain certificates exist
+- `buildSniContexts()` - Build TLS contexts for each domain
+- `getSniCallback()` - Get SNI callback for certificate selection
+- `buildServerOptions()` - Build HTTP/2 server options with SNI support
 
 ## Utility Classes
 

package/CLAUDE.md

@@ -39,7 +39,7 @@ See `.claude/api-reference.md` for complete API documentation of all classes and
 
 **UploaderFactory** - File upload handling with Multer and multi-level security validation.
 
-**Http2CdnServer** - HTTP/2 secure server for CDN-like static file serving with CORS, cache headers, and callback-based logging.
+**Http2CdnServer** - HTTP/2 secure server for CDN-like static file serving with multi-certificate SNI support, CORS, cache headers, and callback-based logging.
 
 ## Utility Classes Summary
 

package/lib/app-server-factory.js

@@ -115,13 +115,26 @@ class AppServerFactory
         this.http2CdnCorsAllowAll = false;
         this.http2CdnMimeTypes = {};
         this.http2CdnCacheConfig = {};
+        this.http2CdnSecurityHeaders = {};
         this.http2CdnServer = false;
+        this.http2CdnDomains = [];
         this.reverseProxyEnabled = false;
         this.reverseProxyRules = [];
         this.onError = null;
         this.onRequestSuccess = null;
         this.onRequestError = null;
         this.onEvent = null;
+        this.eventSource = 'appServerFactory';
+    }
+
+    dispatch(eventName, eventData)
+    {
+        EventDispatcher.dispatch(this.onEvent, eventName, this.eventSource, this, eventData);
+    }
+
+    handleError(errorType, error, context)
+    {
+        ServerErrorHandler.handleError(this.onError, this.eventSource, this, errorType, error, context);
     }
 
     buildStaticHeaders(res, path)
@@ -167,13 +180,11 @@ class AppServerFactory
             }
             return false;
         }
-        EventDispatcher.dispatch(
-            this.onEvent,
-            'app-server-created',
-            'appServerFactory',
-            this,
-            {port: this.port, useHttps: this.useHttps, isDevelopmentMode: this.isDevelopmentMode}
-        );
+        this.dispatch('app-server-created', {
+            port: this.port,
+            useHttps: this.useHttps,
+            isDevelopmentMode: this.isDevelopmentMode
+        });
         if(this.http2CdnEnabled){
             if(!this.createHttp2CdnServer()){
                 this.error = {message: 'The createHttp2CdnServer() returned false.'};
@@ -191,9 +202,14 @@ class AppServerFactory
         this.http2CdnServer = new Http2CdnServer();
         this.http2CdnServer.enabled = this.http2CdnEnabled;
         this.http2CdnServer.port = this.http2CdnPort;
-        this.http2CdnServer.keyPath = this.http2CdnKeyPath || this.keyPath;
-        this.http2CdnServer.certPath = this.http2CdnCertPath || this.certPath;
-        this.http2CdnServer.httpsChain = this.http2CdnHttpsChain || this.httpsChain;
+        if(this.http2CdnDomains && 0 < this.http2CdnDomains.length){
+            this.http2CdnServer.domains = this.http2CdnDomains;
+        }
+        if(!this.http2CdnDomains || 0 === this.http2CdnDomains.length){
+            this.http2CdnServer.keyPath = this.http2CdnKeyPath || this.keyPath;
+            this.http2CdnServer.certPath = this.http2CdnCertPath || this.certPath;
+            this.http2CdnServer.httpsChain = this.http2CdnHttpsChain || this.httpsChain;
+        }
         this.http2CdnServer.staticPaths = this.http2CdnStaticPaths;
         this.http2CdnServer.cacheConfig = this.http2CdnCacheConfig && 0 < Object.keys(this.http2CdnCacheConfig).length
             ? this.http2CdnCacheConfig
@@ -203,6 +219,9 @@ class AppServerFactory
         }
         this.http2CdnServer.corsOrigins = this.http2CdnCorsOrigins;
         this.http2CdnServer.corsAllowAll = this.http2CdnCorsAllowAll;
+        if(this.http2CdnSecurityHeaders && 0 < Object.keys(this.http2CdnSecurityHeaders).length){
+            this.http2CdnServer.securityHeaders = this.http2CdnSecurityHeaders;
+        }
         this.http2CdnServer.onError = this.onError;
         this.http2CdnServer.onRequestSuccess = this.onRequestSuccess;
         this.http2CdnServer.onRequestError = this.onRequestError;
@@ -215,13 +234,7 @@ class AppServerFactory
             this.error = this.http2CdnServer.error;
             return false;
         }
-        EventDispatcher.dispatch(
-            this.onEvent,
-            'http2-cdn-created',
-            'appServerFactory',
-            this,
-            {port: this.http2CdnPort}
-        );
+        this.dispatch('http2-cdn-created', {port: this.http2CdnPort});
         return true;
     }
 
@@ -430,14 +443,7 @@ class AppServerFactory
                     return next();
                 }
                 this.error = {message: 'No hostname provided and no default domain configured'};
-                ServerErrorHandler.handleError(
-                    this.onError,
-                    'appServerFactory',
-                    this,
-                    'virtual-host-no-hostname',
-                    this.error,
-                    {request: req, response: res}
-                );
+                this.handleError('virtual-host-no-hostname', this.error, {request: req, response: res});
                 return res.status(400).send('Bad Request');
             }
             let domain = this.findDomainConfig(hostname);
@@ -447,10 +453,7 @@ class AppServerFactory
                     return next();
                 }
                 this.error = {message: 'Unknown domain: '+hostname};
-                ServerErrorHandler.handleError(
-                    this.onError,
-                    'appServerFactory',
-                    this,
+                this.handleError(
                     'virtual-host-unknown-domain',
                     this.error,
                     {hostname: hostname, request: req, response: res}
@@ -485,13 +488,7 @@ class AppServerFactory
     {
         if(!this.useHttps){
             let httpServer = http.createServer(this.app);
-            EventDispatcher.dispatch(
-                this.onEvent,
-                'http-server-created',
-                'appServerFactory',
-                this,
-                {port: this.port}
-            );
+            this.dispatch('http-server-created', {port: this.port});
             return httpServer;
         }
         if(this.useVirtualHosts && 0 < this.domains.length){
@@ -520,13 +517,7 @@ class AppServerFactory
             }
         }
         let httpsServer = https.createServer(credentials, this.app);
-        EventDispatcher.dispatch(
-            this.onEvent,
-            'https-server-created',
-            'appServerFactory',
-            this,
-            {port: this.port}
-        );
+        this.dispatch('https-server-created', {port: this.port});
         return httpsServer;
     }
 
@@ -545,10 +536,7 @@ class AppServerFactory
             let key = FileHandler.readFile(domain.keyPath, 'Domain Key');
             if(!key){
                 this.error = {message: 'Could not read domain SSL key: '+domain.keyPath};
-                ServerErrorHandler.handleError(
-                    this.onError,
-                    'appServerFactory',
-                    this,
+                this.handleError(
                     'sni-key-read-failure',
                     this.error,
                     {hostname: hostname, domain: domain, keyPath: domain.keyPath}
@@ -558,10 +546,7 @@ class AppServerFactory
             let cert = FileHandler.readFile(domain.certPath, 'Domain Cert');
             if(!cert){
                 this.error = {message: 'Could not read domain SSL certificate: '+domain.certPath};
-                ServerErrorHandler.handleError(
-                    this.onError,
-                    'appServerFactory',
-                    this,
+                this.handleError(
                     'sni-cert-read-failure',
                     this.error,
                     {hostname: hostname, domain: domain, certPath: domain.certPath}
@@ -572,13 +557,7 @@ class AppServerFactory
             callback(null, ctx);
         };
         let sniServer = https.createServer(httpsOptions, this.app);
-        EventDispatcher.dispatch(
-            this.onEvent,
-            'sni-server-created',
-            'appServerFactory',
-            this,
-            {port: this.port, domainsCount: this.domains.length}
-        );
+        this.dispatch('sni-server-created', {port: this.port, domainsCount: this.domains.length});
         return sniServer;
     }
 
@@ -605,13 +584,7 @@ class AppServerFactory
             return false;
         }
         this.appServer.listen(listenPort);
-        EventDispatcher.dispatch(
-            this.onEvent,
-            'app-server-listening',
-            'appServerFactory',
-            this,
-            {port: listenPort}
-        );
+        this.dispatch('app-server-listening', {port: listenPort});
         return true;
     }
 
@@ -673,13 +646,7 @@ class AppServerFactory
             return false;
         }
         this.domains.push(domainConfig);
-        EventDispatcher.dispatch(
-            this.onEvent,
-            'domain-added',
-            'appServerFactory',
-            this,
-            {hostname: domainConfig.hostname}
-        );
+        this.dispatch('domain-added', {hostname: domainConfig.hostname});
         return true;
     }
 

package/lib/cdn-request-handler.js

@@ -6,7 +6,6 @@
 
 const { FileHandler } = require('./file-handler');
 const { ServerFactoryUtils } = require('./server-factory-utils');
-const { ServerErrorHandler } = require('./server-error-handler');
 
 class CdnRequestHandler
 {
@@ -62,10 +61,7 @@ class CdnRequestHandler
                 requestData.statusCode = 500;
                 requestData.responseTime = Date.now()-startTime;
                 requestData.error = err;
-                ServerErrorHandler.handleError(
-                    this.cdnServer.onError,
-                    'http2CdnServer',
-                    this.cdnServer,
+                this.cdnServer.handleError(
                     requestContext.isHttp2 ? 'stream-error' : 'http1-stream-error',
                     err,
                     {port: this.cdnServer.port, path: requestData.path}
@@ -77,10 +73,7 @@ class CdnRequestHandler
             requestData.statusCode = 500;
             requestData.responseTime = Date.now()-startTime;
             requestData.error = err;
-            ServerErrorHandler.handleError(
-                this.cdnServer.onError,
-                'http2CdnServer',
-                this.cdnServer,
+            this.cdnServer.handleError(
                 requestContext.isHttp2 ? 'handle-stream-error' : 'handle-http1-request-error',
                 err,
                 {port: this.cdnServer.port, path: requestData.path}

package/lib/http2-cdn-server.js

@@ -5,6 +5,7 @@
  */
 
 const http2 = require('http2');
+const tls = require('tls');
 const { FileHandler } = require('./file-handler');
 const { ServerDefaultConfigurations } = require('./server-default-configurations');
 const { ServerFactoryUtils } = require('./server-factory-utils');
@@ -41,22 +42,112 @@ class Http2CdnServer
         this.onRequestError = null;
         this.onEvent = null;
         this.requestHandler = new CdnRequestHandler(this);
+        this.domains = [];
+        this.useMultiCert = false;
+        this.defaultDomain = null;
+        this.sniContexts = {};
+        this.eventSource = 'http2CdnServer';
+    }
+
+    dispatch(eventName, eventData)
+    {
+        EventDispatcher.dispatch(this.onEvent, eventName, this.eventSource, this, eventData);
+    }
+
+    handleError(errorType, error, context)
+    {
+        ServerErrorHandler.handleError(this.onError, this.eventSource, this, errorType, error, context);
     }
 
     create()
     {
-        if(!this.keyPath || !this.certPath){
-            this.error = {message: 'Missing SSL certificates'};
+        this.setupDomainConfiguration();
+        if(!this.validateCertificates()){
             return false;
         }
-        let key = FileHandler.readFile(this.keyPath);
+        if(this.useMultiCert){
+            this.buildSniContexts();
+        }
+        let options = this.buildServerOptions();
+        if(!options){
+            return false;
+        }
+        this.http2Server = http2.createSecureServer(options);
+        this.setupEventHandlers();
+        this.dispatch(
+            'cdn-server-created',
+            {port: this.port, allowHTTP1: this.allowHTTP1, multiCert: this.useMultiCert})
+        ;
+        return true;
+    }
+
+    setupDomainConfiguration()
+    {
+        if(this.domains && 0 < this.domains.length){
+            this.useMultiCert = true;
+            this.defaultDomain = this.domains[0];
+            this.dispatch('cdn-multi-cert-enabled', {domains: this.domains.map(d => d.hostname)});
+            return;
+        }
+        if(this.keyPath && this.certPath){
+            this.useMultiCert = false;
+            this.domains = [{hostname: 'default', keyPath: this.keyPath, certPath: this.certPath}];
+            this.defaultDomain = this.domains[0];
+            this.dispatch('cdn-single-cert-mode', {hostname: this.defaultDomain.hostname});
+            return;
+        }
+        this.error = {message: 'HTTP/2 CDN requires domains array or keyPath/certPath'};
+    }
+
+    validateCertificates()
+    {
+        for(let domain of this.domains){
+            if(!FileHandler.exists(domain.keyPath)){
+                this.error = {message: 'Certificate key not found for '+domain.hostname+': '+domain.keyPath};
+                this.handleError('certificate-key-not-found', this.error, {hostname: domain.hostname, keyPath: domain.keyPath});
+                return false;
+            }
+            if(!FileHandler.exists(domain.certPath)){
+                this.error = {message: 'Certificate file not found for '+domain.hostname+': '+domain.certPath};
+                this.handleError('certificate-not-found', this.error, {hostname: domain.hostname, certPath: domain.certPath});
+                return false;
+            }
+        }
+        return true;
+    }
+
+    buildSniContexts()
+    {
+        for(let domain of this.domains){
+            let key = FileHandler.readFile(domain.keyPath);
+            let cert = FileHandler.readFile(domain.certPath);
+            this.sniContexts[domain.hostname] = tls.createSecureContext({key, cert});
+        }
+    }
+
+    getSniCallback()
+    {
+        return (servername, callback) => {
+            this.dispatch('cdn-sni-request', {servername});
+            let context = this.sniContexts[servername];
+            if(!context){
+                this.dispatch('cdn-sni-fallback', {servername, defaultHostname: this.defaultDomain.hostname});
+                context = this.sniContexts[this.defaultDomain.hostname];
+            }
+            callback(null, context);
+        };
+    }
+
+    buildServerOptions()
+    {
+        let key = FileHandler.readFile(this.defaultDomain.keyPath);
         if(!key){
-            this.error = {message: 'Could not read key from: '+this.keyPath};
+            this.error = {message: 'Could not read key from: '+this.defaultDomain.keyPath};
             return false;
         }
-        let cert = FileHandler.readFile(this.certPath);
+        let cert = FileHandler.readFile(this.defaultDomain.certPath);
         if(!cert){
-            this.error = {message: 'Could not read cert from: '+this.certPath};
+            this.error = {message: 'Could not read cert from: '+this.defaultDomain.certPath};
             return false;
         }
         let options = {key, cert, allowHTTP1: this.allowHTTP1};
@@ -66,16 +157,10 @@ class Http2CdnServer
                 options.ca = ca;
             }
         }
-        this.http2Server = http2.createSecureServer(options);
-        this.setupEventHandlers();
-        EventDispatcher.dispatch(
-            this.onEvent,
-            'cdn-server-created',
-            'http2CdnServer',
-            this,
-            {port: this.port, allowHTTP1: this.allowHTTP1}
-        );
-        return true;
+        if(this.useMultiCert){
+            options.SNICallback = this.getSniCallback();
+        }
+        return options;
     }
 
     setupEventHandlers()
@@ -87,42 +172,15 @@ class Http2CdnServer
             this.handleHttp1Request(req, res);
         });
         this.http2Server.on('error', (err) => {
-            ServerErrorHandler.handleError(
-                this.onError,
-                'http2CdnServer',
-                this,
-                'server-error',
-                err,
-                {port: this.port}
-            );
+            this.handleError('server-error', err, {port: this.port});
         });
         this.http2Server.on('tlsClientError', (err, tlsSocket) => {
-            ServerErrorHandler.handleError(
-                this.onError,
-                'http2CdnServer',
-                this,
-                'tls-client-error',
-                err,
-                {port: this.port, remoteAddress: tlsSocket.remoteAddress}
-            );
+            this.handleError('tls-client-error', err, {port: this.port, remoteAddress: tlsSocket.remoteAddress});
         });
         this.http2Server.on('sessionError', (err) => {
-            ServerErrorHandler.handleError(
-                this.onError,
-                'http2CdnServer',
-                this,
-                'session-error',
-                err,
-                {port: this.port}
-            );
+            this.handleError('session-error', err, {port: this.port});
         });
-        EventDispatcher.dispatch(
-            this.onEvent,
-            'cdn-handlers-setup',
-            'http2CdnServer',
-            this,
-            {port: this.port}
-        );
+        this.dispatch('cdn-handlers-setup', {port: this.port});
     }
 
     invokeRequestSuccess(requestData)
@@ -246,13 +304,7 @@ class Http2CdnServer
             return false;
         }
         this.http2Server.listen(this.port);
-        EventDispatcher.dispatch(
-            this.onEvent,
-            'cdn-server-listening',
-            'http2CdnServer',
-            this,
-            {port: this.port}
-        );
+        this.dispatch('cdn-server-listening', {port: this.port});
         return true;
     }
 

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "@reldens/server-utils",
     "scope": "@reldens",
-    "version": "0.44.0",
+    "version": "0.46.0",
     "description": "Reldens - Server Utils",
     "author": "Damian A. Pastorini",
     "license": "MIT",
@@ -38,10 +38,10 @@
     "dependencies": {
         "body-parser": "2.2.2",
         "compression": "1.8.1",
-        "cors": "2.8.5",
+        "cors": "2.8.6",
         "express": "4.22.1",
         "express-rate-limit": "8.2.1",
-        "express-session": "1.18.2",
+        "express-session": "1.19.0",
         "helmet": "8.1.0",
         "http-proxy-middleware": "3.0.5",
         "multer": "2.0.2",