@velox0/cerver 0.1.0

package/lib/validator/validate.js

@@ -0,0 +1,179 @@
+"use strict";
+
+const walk = require("acorn-walk");
+
+/**
+ * Allowed AST node types in cerver route files.
+ * Anything not in this set will be rejected.
+ */
+const ALLOWED_NODES = new Set([
+  "Program",
+  "ExportNamedDeclaration",
+  "ExportDefaultDeclaration",
+  "FunctionDeclaration",
+  "VariableDeclaration",
+  "VariableDeclarator",
+  "BlockStatement",
+  "ExpressionStatement",
+  "ReturnStatement",
+  "IfStatement",
+  "BinaryExpression",
+  "LogicalExpression",
+  "UnaryExpression",
+  "CallExpression",
+  "MemberExpression",
+  "Identifier",
+  "Literal",
+  "TemplateLiteral",
+  "TemplateElement",
+  "ObjectExpression",
+  "Property",
+  "ArrayExpression",
+  "ConditionalExpression",
+  "AssignmentExpression",
+]);
+
+/**
+ * Explicitly banned features with human-readable error messages.
+ */
+const BANNED_NODES = {
+  AwaitExpression: "async/await is not supported",
+  YieldExpression: "generators are not supported",
+  ForStatement: "for loops are not supported",
+  ForInStatement: "for...in loops are not supported",
+  ForOfStatement: "for...of loops are not supported",
+  WhileStatement: "while loops are not supported",
+  DoWhileStatement: "do...while loops are not supported",
+  ClassDeclaration: "classes are not supported",
+  ClassExpression: "class expressions are not supported",
+  NewExpression: "the 'new' operator is not supported",
+  ImportDeclaration: "runtime imports are not supported (use export functions)",
+  ImportExpression: "dynamic imports are not supported",
+  TryStatement: "try/catch is not supported (errors are compile-time)",
+  ThrowStatement: "throw is not supported",
+  WithStatement: "'with' is not supported",
+  ThisExpression: "'this' is not supported",
+  SwitchStatement: "switch statements are not supported (use if/else)",
+  LabeledStatement: "labeled statements are not supported",
+  BreakStatement: "break is not supported",
+  ContinueStatement: "continue is not supported",
+  ArrowFunctionExpression: "arrow functions are not supported (use named function exports)",
+  FunctionExpression: "function expressions are not supported (use named function declarations)",
+  SpreadElement: "spread syntax is not supported",
+  RestElement: "rest parameters are not supported",
+  TaggedTemplateExpression: "tagged templates are not supported",
+  MetaProperty: "meta properties are not supported",
+  SequenceExpression: "comma expressions are not supported",
+  UpdateExpression: "increment/decrement (++/--) is not supported",
+};
+
+/**
+ * Banned function calls.
+ */
+const BANNED_CALLS = new Set([
+  "eval",
+  "Function",
+  "setTimeout",
+  "setInterval",
+  "require",
+  "import",
+]);
+
+/**
+ * Validate a route file AST.
+ * Throws an error with file location on first violation.
+ *
+ * @param {object} ast - ESTree AST from Acorn
+ * @param {string} filePath - For error messages
+ * @param {string} source - Original source for context
+ */
+function validate(ast, filePath, source) {
+  const errors = [];
+
+  function addError(node, message) {
+    const loc = node.loc
+      ? `${filePath}:${node.loc.start.line}:${node.loc.start.column}`
+      : filePath;
+    errors.push(`cerver: error: ${loc} — ${message}`);
+  }
+
+  /* Check top-level structure: only exports allowed */
+  for (const node of ast.body) {
+    if (
+      node.type !== "ExportNamedDeclaration" &&
+      node.type !== "ExportDefaultDeclaration" &&
+      node.type !== "VariableDeclaration" &&
+      node.type !== "ExpressionStatement"
+    ) {
+      addError(
+        node,
+        `top-level ${node.type} is not allowed (only exports and variable declarations)`
+      );
+    }
+
+    /* Validate exported functions are named GET or POST */
+    if (node.type === "ExportNamedDeclaration" && node.declaration) {
+      const decl = node.declaration;
+      if (decl.type === "FunctionDeclaration") {
+        const name = decl.id.name;
+        if (!["GET", "POST"].includes(name)) {
+          addError(
+            decl,
+            `exported function "${name}" is not a valid HTTP method (use GET or POST)`
+          );
+        }
+
+        /* Check async */
+        if (decl.async) {
+          addError(decl, "async functions are not supported");
+        }
+
+        /* Validate parameters: must be (req, res) */
+        if (decl.params.length !== 2) {
+          addError(
+            decl,
+            `handler function "${name}" must have exactly 2 parameters (req, res)`
+          );
+        }
+      }
+    }
+  }
+
+  /* Walk the entire tree checking for banned features */
+  walk.full(ast, (node) => {
+    /* Check banned node types */
+    if (BANNED_NODES[node.type]) {
+      addError(node, BANNED_NODES[node.type]);
+      return;
+    }
+
+    /* Check for unknown node types */
+    if (!ALLOWED_NODES.has(node.type)) {
+      addError(node, `unsupported syntax: ${node.type}`);
+      return;
+    }
+
+    /* Check for banned function calls */
+    if (node.type === "CallExpression") {
+      if (
+        node.callee.type === "Identifier" &&
+        BANNED_CALLS.has(node.callee.name)
+      ) {
+        addError(node, `'${node.callee.name}()' is not allowed`);
+      }
+    }
+
+    /* Validate variable declarations: only const and let */
+    if (node.type === "VariableDeclaration") {
+      if (node.kind === "var") {
+        addError(node, "'var' is not supported (use 'const' or 'let')");
+      }
+    }
+  });
+
+  if (errors.length > 0) {
+    throw new Error(errors.join("\n"));
+  }
+}
+
+module.exports = { validate };

package/package.json

@@ -0,0 +1,28 @@
+{
+  "name": "@velox0/cerver",
+  "version": "0.1.0",
+  "description": "Compile restricted JavaScript server logic into optimized native C binaries",
+  "main": "lib/index.js",
+  "bin": {
+    "cerver": "bin/cerver.js"
+  },
+  "scripts": {
+    "test": "node test/run.js"
+  },
+  "keywords": [
+    "c",
+    "compiler",
+    "http",
+    "server",
+    "native",
+    "binary",
+    "framework"
+  ],
+  "author": "Velox0",
+  "license": "MIT",
+  "dependencies": {
+    "acorn": "^8.14.0",
+    "acorn-walk": "^8.3.4",
+    "commander": "^13.1.0"
+  }
+}

package/runtime/cerver.h

@@ -0,0 +1,185 @@
+/*
+ * cerver.h — Core header for the cerver HTTP runtime.
+ *
+ * This is the only header needed by generated server code.
+ * It defines request/response types, server lifecycle, and
+ * the route dispatch interface.
+ */
+
+#ifndef CERVER_H
+#define CERVER_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+/* ------------------------------------------------------------------ */
+/*  Limits                                                            */
+/* ------------------------------------------------------------------ */
+
+#define CERVER_MAX_HEADERS     64
+#define CERVER_MAX_PARAMS      16
+#define CERVER_MAX_QUERY       32
+#define CERVER_MAX_PATH        2048
+#define CERVER_MAX_HEADER_VAL  4096
+#define CERVER_READ_BUF        8192
+#define CERVER_MAX_ROUTES      256
+
+/* ------------------------------------------------------------------ */
+/*  Key-value pair (used for headers, query params, route params)     */
+/* ------------------------------------------------------------------ */
+
+typedef struct {
+    const char *key;
+    const char *value;
+} cerver_kv_t;
+
+/* ------------------------------------------------------------------ */
+/*  Request                                                           */
+/* ------------------------------------------------------------------ */
+
+typedef struct {
+    /* HTTP method: "GET", "POST", etc. */
+    char method[16];
+
+    /* Decoded path (no query string) */
+    char path[CERVER_MAX_PATH];
+
+    /* Raw query string (after '?') */
+    char query_string[CERVER_MAX_PATH];
+
+    /* Parsed query parameters */
+    cerver_kv_t query[CERVER_MAX_QUERY];
+    int         query_count;
+
+    /* Route parameters (from dynamic segments like :key) */
+    cerver_kv_t params[CERVER_MAX_PARAMS];
+    int         params_count;
+
+    /* Request headers */
+    cerver_kv_t headers[CERVER_MAX_HEADERS];
+    int         header_count;
+
+    /* Request body (for POST) */
+    const char *body;
+    size_t      body_len;
+
+    /* Internal: raw buffer ownership */
+    char       *_raw_buf;
+    size_t      _raw_len;
+} cerver_request_t;
+
+/* ------------------------------------------------------------------ */
+/*  Response                                                          */
+/* ------------------------------------------------------------------ */
+
+typedef struct {
+    int         status;
+    const char *content_type;
+
+    /* Response body — can be heap-allocated or static */
+    const char *body;
+    size_t      body_len;
+
+    /* Extra headers */
+    cerver_kv_t headers[CERVER_MAX_HEADERS];
+    int         header_count;
+
+    /* Internal flag: was body malloc'd? */
+    int         _body_owned;
+} cerver_response_t;
+
+/* Response helpers — called by generated handler code */
+void cerver_res_text(cerver_response_t *res, int status, const char *text);
+void cerver_res_json(cerver_response_t *res, int status, const char *json);
+void cerver_res_html(cerver_response_t *res, int status, const char *html);
+void cerver_res_file(cerver_response_t *res, int status, const char *mime,
+                     const unsigned char *data, size_t len);
+void cerver_res_header(cerver_response_t *res, const char *key, const char *val);
+
+/* ------------------------------------------------------------------ */
+/*  Request helpers                                                   */
+/* ------------------------------------------------------------------ */
+
+const char *cerver_req_param(const cerver_request_t *req, const char *key);
+const char *cerver_req_query(const cerver_request_t *req, const char *key);
+const char *cerver_req_header(const cerver_request_t *req, const char *key);
+
+/* ------------------------------------------------------------------ */
+/*  Route definition                                                  */
+/* ------------------------------------------------------------------ */
+
+typedef void (*cerver_handler_fn)(cerver_request_t *req, cerver_response_t *res);
+
+typedef struct {
+    const char       *method;   /* "GET", "POST" */
+    const char       *pattern;  /* "/", "/art/:key", "/api/projects" */
+    cerver_handler_fn handler;
+} cerver_route_t;
+
+/* ------------------------------------------------------------------ */
+/*  Embedded asset (for --embed builds)                               */
+/* ------------------------------------------------------------------ */
+
+typedef struct {
+    const char          *path;      /* e.g. "/index.html" */
+    const char          *mime_type; /* e.g. "text/html" */
+    const unsigned char *data;
+    size_t               data_len;
+} cerver_asset_t;
+
+/* ------------------------------------------------------------------ */
+/*  Server                                                            */
+/* ------------------------------------------------------------------ */
+
+typedef struct {
+    int              port;
+    int              sock_fd;
+    cerver_route_t  *routes;
+    int              route_count;
+    cerver_asset_t  *assets;
+    int              asset_count;
+    const char      *public_dir;   /* NULL if embedded mode */
+    volatile int     running;
+} cerver_server_t;
+
+/* Server lifecycle */
+int  cerver_init(cerver_server_t *srv, int port);
+int  cerver_add_routes(cerver_server_t *srv, cerver_route_t *routes, int count);
+int  cerver_set_assets(cerver_server_t *srv, cerver_asset_t *assets, int count);
+void cerver_set_public_dir(cerver_server_t *srv, const char *dir);
+int  cerver_listen(cerver_server_t *srv);
+void cerver_shutdown(cerver_server_t *srv);
+
+/* ------------------------------------------------------------------ */
+/*  HTTP parser (internal)                                            */
+/* ------------------------------------------------------------------ */
+
+int cerver_parse_request(const char *raw, size_t len, cerver_request_t *req);
+
+/* ------------------------------------------------------------------ */
+/*  HTTP writer (internal)                                            */
+/* ------------------------------------------------------------------ */
+
+int cerver_write_response(int fd, const cerver_response_t *res);
+
+/* ------------------------------------------------------------------ */
+/*  Router (internal)                                                 */
+/* ------------------------------------------------------------------ */
+
+int cerver_route_match(const cerver_route_t *route, cerver_request_t *req);
+cerver_handler_fn cerver_dispatch(cerver_server_t *srv, cerver_request_t *req);
+
+/* ------------------------------------------------------------------ */
+/*  MIME (internal)                                                   */
+/* ------------------------------------------------------------------ */
+
+const char *cerver_mime_from_path(const char *path);
+
+/* ------------------------------------------------------------------ */
+/*  Static file serving (internal)                                    */
+/* ------------------------------------------------------------------ */
+
+int cerver_serve_static(cerver_server_t *srv, cerver_request_t *req,
+                        cerver_response_t *res);
+
+#endif /* CERVER_H */

package/runtime/http_parser.c

@@ -0,0 +1,195 @@
+/*
+ * http_parser.c — Minimal HTTP/1.1 request parser.
+ *
+ * Parses method, path, query string, and headers from a raw HTTP request.
+ * No external dependencies.
+ */
+
+#include "cerver.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+
+/* ------------------------------------------------------------------ */
+/*  URL-decode a string in-place                                      */
+/* ------------------------------------------------------------------ */
+
+static int hex_val(char c) {
+    if (c >= '0' && c <= '9') return c - '0';
+    if (c >= 'a' && c <= 'f') return c - 'a' + 10;
+    if (c >= 'A' && c <= 'F') return c - 'A' + 10;
+    return -1;
+}
+
+static void url_decode(char *str) {
+    char *src = str;
+    char *dst = str;
+
+    while (*src) {
+        if (*src == '%' && src[1] && src[2]) {
+            int hi = hex_val(src[1]);
+            int lo = hex_val(src[2]);
+            if (hi >= 0 && lo >= 0) {
+                *dst++ = (char)((hi << 4) | lo);
+                src += 3;
+                continue;
+            }
+        }
+        if (*src == '+') {
+            *dst++ = ' ';
+            src++;
+            continue;
+        }
+        *dst++ = *src++;
+    }
+    *dst = '\0';
+}
+
+/* ------------------------------------------------------------------ */
+/*  Parse query string: "a=1&b=2" → key-value pairs                  */
+/* ------------------------------------------------------------------ */
+
+static void parse_query_string(char *qs, cerver_request_t *req) {
+    if (!qs || !*qs) return;
+
+    char *saveptr = NULL;
+    char *pair = strtok_r(qs, "&", &saveptr);
+
+    while (pair && req->query_count < CERVER_MAX_QUERY) {
+        char *eq = strchr(pair, '=');
+        if (eq) {
+            *eq = '\0';
+            req->query[req->query_count].key = pair;
+            req->query[req->query_count].value = eq + 1;
+            url_decode((char *)req->query[req->query_count].key);
+            url_decode((char *)req->query[req->query_count].value);
+        } else {
+            req->query[req->query_count].key = pair;
+            req->query[req->query_count].value = "";
+        }
+        req->query_count++;
+        pair = strtok_r(NULL, "&", &saveptr);
+    }
+}
+
+/* ------------------------------------------------------------------ */
+/*  Parse the HTTP request                                            */
+/* ------------------------------------------------------------------ */
+
+int cerver_parse_request(const char *raw, size_t len, cerver_request_t *req) {
+    if (!raw || len == 0) return -1;
+
+    /* We need a mutable copy because we'll be inserting NUL terminators */
+    char *buf = malloc(len + 1);
+    if (!buf) return -1;
+    memcpy(buf, raw, len);
+    buf[len] = '\0';
+
+    req->_raw_buf = buf;
+    req->_raw_len = len;
+
+    /* ---- Request line: METHOD PATH HTTP/1.x ---- */
+    char *line_end = strstr(buf, "\r\n");
+    if (!line_end) {
+        free(buf);
+        return -1;
+    }
+    *line_end = '\0';
+
+    /* Method */
+    char *sp1 = strchr(buf, ' ');
+    if (!sp1) { free(buf); return -1; }
+    *sp1 = '\0';
+
+    size_t method_len = (size_t)(sp1 - buf);
+    if (method_len >= sizeof(req->method)) method_len = sizeof(req->method) - 1;
+    memcpy(req->method, buf, method_len);
+    req->method[method_len] = '\0';
+
+    /* Path (and maybe query string) */
+    char *path_start = sp1 + 1;
+    char *sp2 = strchr(path_start, ' ');
+    if (sp2) *sp2 = '\0';
+
+    /* Split path and query string */
+    char *qmark = strchr(path_start, '?');
+    if (qmark) {
+        *qmark = '\0';
+        strncpy(req->query_string, qmark + 1, sizeof(req->query_string) - 1);
+        req->query_string[sizeof(req->query_string) - 1] = '\0';
+    }
+
+    /* Decode and store path */
+    url_decode(path_start);
+    strncpy(req->path, path_start, sizeof(req->path) - 1);
+    req->path[sizeof(req->path) - 1] = '\0';
+
+    /* Normalize trailing slash: "/foo/" → "/foo" (but keep "/" as is) */
+    size_t plen = strlen(req->path);
+    if (plen > 1 && req->path[plen - 1] == '/') {
+        req->path[plen - 1] = '\0';
+    }
+
+    /* Parse query string */
+    if (req->query_string[0]) {
+        /* We need a mutable copy for strtok */
+        char *qs_copy = strdup(req->query_string);
+        if (qs_copy) {
+            parse_query_string(qs_copy, req);
+            /* Note: keys/values point into qs_copy which we leak intentionally
+               since the request's lifetime is short (one connection). */
+        }
+    }
+
+    /* ---- Headers ---- */
+    char *hdr_start = line_end + 2; /* skip \r\n */
+    size_t content_length = 0;
+
+    while (hdr_start < buf + len) {
+        char *hdr_end = strstr(hdr_start, "\r\n");
+        if (!hdr_end) break;
+
+        /* Empty line = end of headers */
+        if (hdr_end == hdr_start) {
+            hdr_start = hdr_end + 2;
+            break;
+        }
+
+        *hdr_end = '\0';
+
+        if (req->header_count < CERVER_MAX_HEADERS) {
+            char *colon = strchr(hdr_start, ':');
+            if (colon) {
+                *colon = '\0';
+                char *val = colon + 1;
+                while (*val == ' ') val++;
+
+                req->headers[req->header_count].key = hdr_start;
+                req->headers[req->header_count].value = val;
+                req->header_count++;
+
+                /* Track content-length */
+                if (strcasecmp(hdr_start, "Content-Length") == 0) {
+                    content_length = (size_t)atol(val);
+                }
+            }
+        }
+
+        hdr_start = hdr_end + 2;
+    }
+
+    /* ---- Body (for POST etc.) ---- */
+    if (content_length > 0 && hdr_start < buf + len) {
+        req->body = hdr_start;
+        req->body_len = content_length;
+        /* Ensure we don't read past the buffer */
+        size_t remaining = (size_t)(buf + len - hdr_start);
+        if (req->body_len > remaining) {
+            req->body_len = remaining;
+        }
+    }
+
+    return 0;
+}