npm - @rip-lang/api - Versions diffs - 0.5.0 - Mend

@rip-lang/api 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/middleware.rip ADDED Viewed

@@ -0,0 +1,394 @@
+# ==============================================================================
+# @rip-lang/api/middleware — Built-in Middleware
+# ==============================================================================
+#
+# Usage:
+#   import { cors, logger, compress, cookies, sessions } from '@rip-lang/api/middleware'
+#   import { session } from '@rip-lang/api'
+#
+#   use logger()
+#   use cors origin: 'https://myapp.com'
+#   use compress()
+#   use cookies()
+#   use sessions()
+#
+#   before ->
+#     session.userId = 123   # Works anywhere via AsyncLocalStorage
+#
+# Note: read() and session work automatically — no setup required!
+#
+# ==============================================================================
+# ==============================================================================
+# cors — Cross-Origin Resource Sharing
+# ==============================================================================
+#
+# Options:
+#   origin: '*' | string | string[] | (origin) -> boolean
+#   methods: 'GET,POST,...' | string[]
+#   headers: 'Content-Type,...' | string[]
+#   credentials: boolean
+#   maxAge: number (seconds)
+#   exposeHeaders: string | string[]
+#
+export cors = (opts = {}) ->
+  origin = opts.origin or '*'
+  methods = opts.methods or 'GET,POST,PUT,PATCH,DELETE,OPTIONS'
+  headers = opts.headers or 'Content-Type,Authorization,X-Requested-With'
+  credentials = opts.credentials or false
+  maxAge = opts.maxAge or 86400
+  exposeHeaders = opts.exposeHeaders or ''
+  # Normalize arrays to comma-separated strings
+  methods = methods.join(',') if Array.isArray(methods)
+  headers = headers.join(',') if Array.isArray(headers)
+  exposeHeaders = exposeHeaders.join(',') if Array.isArray(exposeHeaders)
+  (c, next) ->
+    requestOrigin = c.req.header('Origin')
+    # Determine allowed origin
+    allowedOrigin = if typeof origin is 'function'
+      if origin(requestOrigin) then requestOrigin else null
+    else if Array.isArray(origin)
+      if origin.includes(requestOrigin) then requestOrigin else null
+    else if origin is '*'
+      '*'
+    else
+      origin
+    return next!() unless allowedOrigin
+    # Set CORS headers
+    c.header 'Access-Control-Allow-Origin', allowedOrigin
+    c.header 'Access-Control-Allow-Methods', methods
+    c.header 'Access-Control-Allow-Headers', headers
+    if credentials
+      c.header 'Access-Control-Allow-Credentials', 'true'
+    if exposeHeaders
+      c.header 'Access-Control-Expose-Headers', exposeHeaders
+    # Handle preflight OPTIONS request
+    if c.req.method is 'OPTIONS'
+      c.header 'Access-Control-Max-Age', String(maxAge)
+      return c.body null, 204
+    await next()
+# ==============================================================================
+# logger — Request Logging
+# ==============================================================================
+#
+# Options:
+#   format: 'tiny' | 'short' | 'dev' | 'full' | (info) -> string
+#   skip: (c) -> boolean
+#   stream: { write: (msg) -> } (default: console)
+#
+export logger = (opts = {}) ->
+  format = opts.format or 'dev'
+  skip = opts.skip or null
+  stream = opts.stream or { write: (msg) -> console.log msg.trim() }
+  formatters =
+    tiny: (info) -> "#{info.method} #{info.path} #{info.status} - #{info.ms}ms"
+    short: (info) -> "#{info.method} #{info.path} #{info.status} #{info.size} - #{info.ms}ms"
+    dev: (info) ->
+      color = if info.status >= 500 then '\x1b[31m'      # red
+      else if info.status >= 400 then '\x1b[33m'         # yellow
+      else if info.status >= 300 then '\x1b[36m'         # cyan
+      else '\x1b[32m'                                    # green
+      reset = '\x1b[0m'
+      "#{info.method} #{info.path} #{color}#{info.status}#{reset} - #{info.ms}ms"
+    full: (info) -> "[#{info.time}] #{info.method} #{info.path} #{info.status} #{info.size} - #{info.ms}ms"
+  (c, next) ->
+    return next!() if skip?(c)
+    start = Date.now()
+    await next()
+    ms = Date.now() - start
+    info =
+      method: c.req.method
+      path: c.req.path
+      status: c._response?.status or 200
+      ms: ms
+      size: c._response?.headers?.get('Content-Length') or '-'
+      time: new Date().toISOString()
+    msg = if typeof format is 'function' then format(info) else formatters[format]?(info) or formatters.dev(info)
+    stream.write "#{msg}\n"
+# ==============================================================================
+# compress — Response Compression (gzip, deflate)
+# ==============================================================================
+#
+# Options:
+#   threshold: number (min bytes to compress, default 1024)
+#   encodings: string[] (default ['gzip', 'deflate'])
+#
+# Note: Requires Bun's built-in compression support
+#
+export compress = (opts = {}) ->
+  threshold = opts.threshold or 1024
+  encodings = opts.encodings or ['gzip', 'deflate']
+  (c, next) ->
+    await next()
+    # Skip if no response body
+    response = c._response
+    return unless response?
+    # Check Accept-Encoding header
+    acceptEncoding = c.req.header('Accept-Encoding') or ''
+    # Find supported encoding
+    encoding = null
+    for enc in encodings
+      if acceptEncoding.includes(enc)
+        encoding = enc
+        break
+    return unless encoding
+    # Get body and check threshold
+    try
+      body = response.body
+      return unless body
+      # Clone to read the body
+      clone = response.clone()
+      text = clone.text!
+      return if text.length < threshold
+      # Compress using Bun's built-in CompressionStream
+      compressed = if encoding is 'gzip'
+        new Response(text).body.pipeThrough(new CompressionStream('gzip'))
+      else if encoding is 'deflate'
+        new Response(text).body.pipeThrough(new CompressionStream('deflate'))
+      else
+        return
+      # Create new response with compressed body
+      headers = new Headers(response.headers)
+      headers.set 'Content-Encoding', encoding
+      headers.delete 'Content-Length'  # Length changed
+      c._response = new Response compressed,
+        status: response.status
+        headers: headers
+    catch
+      # If compression fails, keep original response
+      return
+# ==============================================================================
+# cookies — Cookie Parsing and Setting
+# ==============================================================================
+#
+# Options:
+#   secret: string (for signed cookies)
+#   secure: boolean (HTTPS only, default false)
+#   httpOnly: boolean (default true)
+#   sameSite: 'Strict' | 'Lax' | 'None' (default 'Lax')
+#   maxAge: number (seconds)
+#   path: string (default '/')
+#
+# Adds to context:
+#   c.cookie(name) — get cookie value
+#   c.cookie(name, value, opts) — set cookie
+#   c.clearCookie(name) — delete cookie
+#
+export cookies = (opts = {}) ->
+  defaults =
+    secure: opts.secure or false
+    httpOnly: opts.httpOnly ? true
+    sameSite: opts.sameSite or 'Lax'
+    path: opts.path or '/'
+    maxAge: opts.maxAge
+  (c, next) ->
+    # Parse cookies from header
+    cookieHeader = c.req.header('Cookie') or ''
+    parsed = {}
+    for pair in cookieHeader.split(';')
+      [key, val] = pair.trim().split('=')
+      parsed[key] = decodeURIComponent(val) if key and val
+    # Store pending Set-Cookie headers
+    setCookies = []
+    # Get cookie value
+    c.cookie = (name, value, cookieOpts) ->
+      if value is undefined
+        # Getter
+        return parsed[name]
+      # Setter
+      cookieOpts = { ...defaults, ...cookieOpts }
+      parts = ["#{encodeURIComponent(name)}=#{encodeURIComponent(value)}"]
+      parts.push "Path=#{cookieOpts.path}" if cookieOpts.path
+      parts.push "Max-Age=#{cookieOpts.maxAge}" if cookieOpts.maxAge?
+      parts.push "HttpOnly" if cookieOpts.httpOnly
+      parts.push "Secure" if cookieOpts.secure
+      parts.push "SameSite=#{cookieOpts.sameSite}" if cookieOpts.sameSite
+      setCookies.push parts.join('; ')
+    # Clear cookie
+    c.clearCookie = (name, cookieOpts = {}) ->
+      c.cookie name, '', { ...cookieOpts, maxAge: 0 }
+    await next()
+    # Apply Set-Cookie headers
+    for cookie in setCookies
+      c.header 'Set-Cookie', cookie, append: true
+# ==============================================================================
+# session — Session Management (requires cookies middleware)
+# ==============================================================================
+#
+# Options:
+#   name: string (cookie name, default 'session')
+#   maxAge: number (seconds, default 86400 = 24 hours)
+#   secure: boolean (HTTPS only)
+#   httpOnly: boolean (default true)
+#   sameSite: 'Strict' | 'Lax' | 'None' (default 'Lax')
+#
+# Usage:
+#   import { session } from '@rip-lang/api'
+#
+#   before ->
+#     session.userId = 123
+#
+#   get '/profile', ->
+#     { userId: session.userId }
+#
+export sessions = (opts = {}) ->
+  cookieName = opts.name or 'session'
+  maxAge = opts.maxAge or 86400
+  secure = opts.secure or false
+  httpOnly = opts.httpOnly ? true
+  sameSite = opts.sameSite or 'Lax'
+  (c, next) ->
+    # Parse existing session from cookie
+    raw = c.cookie?(cookieName)
+    try
+      c.session = if raw then JSON.parse(atob(raw)) else {}
+    catch
+      c.session = {}
+    # Track original for change detection
+    original = JSON.stringify(c.session)
+    await next()
+    # Save session if changed
+    current = JSON.stringify(c.session)
+    if current isnt original and c._response?
+      encoded = btoa(current)
+      parts = ["#{cookieName}=#{encoded}"]
+      parts.push "Path=/"
+      parts.push "Max-Age=#{maxAge}"
+      parts.push "HttpOnly" if httpOnly
+      parts.push "Secure" if secure
+      parts.push "SameSite=#{sameSite}"
+      cookie = parts.join('; ')
+      # Clone response with new header
+      headers = new Headers(c._response.headers)
+      headers.append 'Set-Cookie', cookie
+      c._response = new Response c._response.body,
+        status: c._response.status
+        headers: headers
+# ==============================================================================
+# secureHeaders — Security Headers
+# ==============================================================================
+#
+# Sets common security headers:
+#   X-Content-Type-Options: nosniff
+#   X-Frame-Options: DENY
+#   X-XSS-Protection: 1; mode=block
+#   Referrer-Policy: strict-origin-when-cross-origin
+#   Content-Security-Policy (optional)
+#
+export secureHeaders = (opts = {}) ->
+  (c, next) ->
+    c.header 'X-Content-Type-Options', 'nosniff'
+    c.header 'X-Frame-Options', opts.frameOptions or 'DENY'
+    c.header 'X-XSS-Protection', '1; mode=block'
+    c.header 'Referrer-Policy', opts.referrerPolicy or 'strict-origin-when-cross-origin'
+    if opts.contentSecurityPolicy
+      c.header 'Content-Security-Policy', opts.contentSecurityPolicy
+    if opts.hsts
+      maxAge = opts.hstsMaxAge or 31536000
+      c.header 'Strict-Transport-Security', "max-age=#{maxAge}; includeSubDomains"
+    await next()
+# ==============================================================================
+# timeout — Request Timeout
+# ==============================================================================
+#
+# Options:
+#   ms: number (timeout in milliseconds, default 30000)
+#   message: string (error message)
+#   status: number (status code, default 408)
+#
+export timeout = (opts = {}) ->
+  ms = opts.ms or 30000
+  message = opts.message or 'Request Timeout'
+  status = opts.status or 408
+  (c, next) ->
+    timer = null
+    timedOut = false
+    timeoutPromise = new Promise (_, reject) ->
+      timer = setTimeout ->
+        timedOut = true
+        reject new Error message
+      , ms
+    try
+      await Promise.race [next(), timeoutPromise]
+    catch err
+      if timedOut
+        return c.json { error: message }, status
+      throw err
+    finally
+      clearTimeout timer if timer
+# ==============================================================================
+# bodyLimit — Request Body Size Limit
+# ==============================================================================
+#
+# Options:
+#   maxSize: number (bytes, default 1MB)
+#   message: string (error message)
+#
+export bodyLimit = (opts = {}) ->
+  maxSize = opts.maxSize or 1024 * 1024  # 1MB default
+  message = opts.message or 'Request body too large'
+  (c, next) ->
+    contentLength = parseInt(c.req.header('Content-Length') or '0')
+    if contentLength > maxSize
+      return c.json { error: message }, 413
+    await next()

package/package.json ADDED Viewed

@@ -0,0 +1,43 @@
+{
+  "name": "@rip-lang/api",
+  "version": "0.5.0",
+  "description": "Pure Rip API framework — elegant, fast, zero dependencies",
+  "type": "module",
+  "main": "api.rip",
+  "exports": {
+    ".": "./api.rip",
+    "./middleware": "./middleware.rip"
+  },
+  "scripts": {
+    "build": "rip api.rip",
+    "test": "echo \"Tests coming soon\" && exit 0"
+  },
+  "keywords": [
+    "api",
+    "web-framework",
+    "routing",
+    "middleware",
+    "validation",
+    "sinatra",
+    "rip"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/shreeve/rip-lang.git",
+    "directory": "packages/api"
+  },
+  "homepage": "https://github.com/shreeve/rip-lang/tree/main/packages/api#readme",
+  "bugs": {
+    "url": "https://github.com/shreeve/rip-lang/issues"
+  },
+  "author": "Steve Shreeve <steve.shreeve@gmail.com>",
+  "license": "MIT",
+  "peerDependencies": {
+    "rip-lang": "^2.0.0"
+  },
+  "files": [
+    "api.rip",
+    "middleware.rip",
+    "README.md"
+  ]
+}