@syntay/fastay 0.1.7 → 0.1.8

package/dist/app.d.ts

@@ -75,6 +75,45 @@ export type CreateAppOptions = {
      * Default: "/api"
      */
     baseRoute?: string;
+    /**
+     * Configuration to enable CORS (Cross-Origin Resource Sharing) in Fastay.
+     */
+    enableCors?: {
+        /**
+         * If true, permite requisições de qualquer origem.
+         * Default: false
+         */
+        allowAnyOrigin?: boolean;
+        /**
+         * Lista de origens específicas permitidas para envio de cookies.
+         * Exemplo: ["http://localhost:3000", "https://meusite.com"]
+         */
+        cookieOrigins?: string[];
+        /**
+         * Se true, habilita envio de cookies cross-origin.
+         * Default: false
+         */
+        credentials?: boolean;
+        /**
+         * Lista de métodos HTTP permitidos, separados por vírgula.
+         * Default: "GET,POST,PUT,PATCH,DELETE,OPTIONS"
+         */
+        methods?: string;
+        /**
+         * Lista de cabeçalhos permitidos na requisição.
+         * Default: "Content-Type, Authorization"
+         */
+        headers?: string;
+        /**
+         * Cabeçalhos expostos ao cliente.
+         * Exemplo: ["X-Custom-Header"]
+         */
+        exposedHeaders?: string;
+        /**
+         * Tempo máximo de cache para requisições prévias (preflight), em segundos.
+         */
+        maxAge?: number;
+    };
     /**
      * Port on which `.listen()` will run the server.
      * Default: 3000

package/dist/app.js

@@ -95,6 +95,34 @@ export async function createApp(opts) {
     app.use((req, res, next) => {
         res.setHeader('X-Powered-By', 'Syntay Engine');
         req.cookies = new RequestCookies(req.headers.cookie);
+        const corsOpts = opts?.enableCors || {};
+        // Determina a origem
+        let origin = '*';
+        if (corsOpts.credentials && corsOpts.cookieOrigins?.length) {
+            // Se a origem estiver na lista de cookieOrigins, permite cookies
+            if (req.headers.origin &&
+                corsOpts.cookieOrigins.includes(req.headers.origin)) {
+                origin = req.headers.origin;
+            }
+            else {
+                origin = ''; // bloqueia cookies para outras origens
+            }
+        }
+        else if (!corsOpts.credentials && corsOpts.allowAnyOrigin) {
+            origin = '*';
+        }
+        res.setHeader('Access-Control-Allow-Origin', origin);
+        res.setHeader('Access-Control-Allow-Credentials', corsOpts.credentials ? 'true' : 'false');
+        res.setHeader('Access-Control-Allow-Methods', corsOpts.methods || 'GET,POST,PUT,PATCH,DELETE,OPTIONS');
+        res.setHeader('Access-Control-Allow-Headers', corsOpts.headers || 'Content-Type, Authorization');
+        if (corsOpts.exposedHeaders) {
+            res.setHeader('Access-Control-Expose-Headers', corsOpts.exposedHeaders);
+        }
+        if (corsOpts.maxAge) {
+            res.setHeader('Access-Control-Max-Age', corsOpts.maxAge.toString());
+        }
+        if (req.method === 'OPTIONS')
+            return res.sendStatus(204);
         next();
     });
     // load routes

package/dist/index.d.ts

@@ -2,3 +2,4 @@ export { createApp } from './app.js';
 export { createMiddleware } from './middleware.js';
 export type { CreateAppOptions } from './app.js';
 export type { Request, Response, Next } from './types';
+export { cookies } from './utils/cookies.js';

package/dist/index.js

@@ -1,2 +1,3 @@
 export { createApp } from './app.js';
 export { createMiddleware } from './middleware.js';
+export { cookies } from './utils/cookies.js';

package/dist/utils/cookies.d.ts

@@ -7,3 +7,4 @@ export declare class RequestCookies {
     has(name: string): boolean;
     all(): Record<string, string>;
 }
+export declare const cookies: typeof RequestCookies;

package/dist/utils/cookies.js

@@ -25,3 +25,4 @@ export class RequestCookies {
         return obj;
     }
 }
+export const cookies = RequestCookies;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@syntay/fastay",
-  "version": "0.1.7",
+  "version": "0.1.8",
   "description": "Framework backend moderno baseado em Express.js, para criar APIs rapidamente",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -28,7 +28,9 @@
     "access": "public"
   },
   "dependencies": {
+    "chokidar": "^4.0.3",
     "express": "^5.1.0",
+    "import-fresh": "^3.3.1",
     "pino": "^10.1.0",
     "pino-pretty": "^13.1.2"
   },

package/src/app.ts

@@ -96,6 +96,52 @@ export type CreateAppOptions = {
    */
   baseRoute?: string;
 
+  /**
+   * Configuration to enable CORS (Cross-Origin Resource Sharing) in Fastay.
+   */
+  enableCors?: {
+    /**
+     * If true, permite requisições de qualquer origem.
+     * Default: false
+     */
+    allowAnyOrigin?: boolean;
+
+    /**
+     * Lista de origens específicas permitidas para envio de cookies.
+     * Exemplo: ["http://localhost:3000", "https://meusite.com"]
+     */
+    cookieOrigins?: string[];
+
+    /**
+     * Se true, habilita envio de cookies cross-origin.
+     * Default: false
+     */
+    credentials?: boolean;
+
+    /**
+     * Lista de métodos HTTP permitidos, separados por vírgula.
+     * Default: "GET,POST,PUT,PATCH,DELETE,OPTIONS"
+     */
+    methods?: string;
+
+    /**
+     * Lista de cabeçalhos permitidos na requisição.
+     * Default: "Content-Type, Authorization"
+     */
+    headers?: string;
+
+    /**
+     * Cabeçalhos expostos ao cliente.
+     * Exemplo: ["X-Custom-Header"]
+     */
+    exposedHeaders?: string;
+
+    /**
+     * Tempo máximo de cache para requisições prévias (preflight), em segundos.
+     */
+    maxAge?: number;
+  };
+
   /**
    * Port on which `.listen()` will run the server.
    * Default: 3000
@@ -218,6 +264,49 @@ export async function createApp(opts?: CreateAppOptions) {
   app.use((req: Request, res: Response, next: Next) => {
     res.setHeader('X-Powered-By', 'Syntay Engine');
     (req as any).cookies = new RequestCookies(req.headers.cookie);
+
+    const corsOpts = opts?.enableCors || {};
+
+    // Determina a origem
+    let origin = '*';
+
+    if (corsOpts.credentials && corsOpts.cookieOrigins?.length) {
+      // Se a origem estiver na lista de cookieOrigins, permite cookies
+      if (
+        req.headers.origin &&
+        corsOpts.cookieOrigins.includes(req.headers.origin)
+      ) {
+        origin = req.headers.origin;
+      } else {
+        origin = ''; // bloqueia cookies para outras origens
+      }
+    } else if (!corsOpts.credentials && corsOpts.allowAnyOrigin) {
+      origin = '*';
+    }
+
+    res.setHeader('Access-Control-Allow-Origin', origin);
+    res.setHeader(
+      'Access-Control-Allow-Credentials',
+      corsOpts.credentials ? 'true' : 'false'
+    );
+    res.setHeader(
+      'Access-Control-Allow-Methods',
+      corsOpts.methods || 'GET,POST,PUT,PATCH,DELETE,OPTIONS'
+    );
+    res.setHeader(
+      'Access-Control-Allow-Headers',
+      corsOpts.headers || 'Content-Type, Authorization'
+    );
+
+    if (corsOpts.exposedHeaders) {
+      res.setHeader('Access-Control-Expose-Headers', corsOpts.exposedHeaders);
+    }
+
+    if (corsOpts.maxAge) {
+      res.setHeader('Access-Control-Max-Age', corsOpts.maxAge.toString());
+    }
+
+    if (req.method === 'OPTIONS') return res.sendStatus(204);
     next();
   });
 

package/src/index.ts

@@ -2,3 +2,4 @@ export { createApp } from './app.js';
 export { createMiddleware } from './middleware.js';
 export type { CreateAppOptions } from './app.js';
 export type { Request, Response, Next } from './types';
+export { cookies } from './utils/cookies.js';

package/src/utils/cookies.ts

@@ -30,3 +30,5 @@ export class RequestCookies {
     return obj;
   }
 }
+
+export const cookies = RequestCookies;