aetherframework-middleware 1.0.0

package/src/middleware/security.js

@@ -0,0 +1,114 @@
+// security.js - Security headers middleware for AetherJS
+// High-performance implementation with pre-computed headers
+
+/**
+ * Parse Permissions-Policy directives string
+ */
+function parsePermissionsPolicy(directivesString) {
+  if (!directivesString || typeof directivesString !== "string") {
+    return null;
+  }
+  const directives = {};
+  const pairs = directivesString.split(/[,;]/);
+  for (const pair of pairs) {
+    const trimmed = pair.trim();
+    if (!trimmed) continue;
+    const equalIndex = trimmed.indexOf("=");
+    if (equalIndex !== -1) {
+      const feature = trimmed.substring(0, equalIndex).trim();
+      const value = trimmed.substring(equalIndex + 1).trim();
+      if (feature && value) directives[feature] = value;
+    }
+  }
+  return Object.keys(directives).length > 0 ? directives : null;
+}
+
+/**
+ * Create security headers middleware for AetherJS
+ * @param {Object} options - Security headers configuration
+ * @returns {Function} - Standard AetherJS middleware (ctx, next)
+ */
+function createSecurityMiddleware(options = {}) {
+  const envConfig = {
+    hstsEnabled: process.env.SECURITY_HSTS_ENABLED,
+    hstsMaxAge: process.env.SECURITY_HSTS_MAX_AGE,
+    noSniffEnabled: process.env.SECURITY_NO_SNIFF,
+    xssFilterEnabled: process.env.SECURITY_XSS_FILTER,
+    frameguardAction: process.env.SECURITY_FRAMEGUARD_ACTION,
+    hidePoweredBy: process.env.SECURITY_HIDE_POWERED_BY,
+    referrerPolicy: process.env.SECURITY_REFERRER_POLICY,
+  };
+
+  const defaults = {
+    hsts: {
+      enabled: envConfig.hstsEnabled !== "false",
+      maxAge: envConfig.hstsMaxAge ? parseInt(envConfig.hstsMaxAge) : 31536000,
+      includeSubDomains: true,
+      preload: false,
+    },
+    noSniff: { enabled: envConfig.noSniffEnabled !== "false" },
+    xssFilter: { enabled: envConfig.xssFilterEnabled !== "false" },
+    frameguard: { enabled: true, action: envConfig.frameguardAction || "DENY" },
+    hidePoweredBy: envConfig.hidePoweredBy !== "false",
+    referrerPolicy: {
+      enabled: true,
+      value: envConfig.referrerPolicy || "strict-origin-when-cross-origin",
+    },
+    permissionsPolicy: {
+      enabled: true,
+      directives: { camera: "()", microphone: "()", geolocation: "()" },
+    },
+  };
+
+  // Deep merge simple version for performance
+  const config = { ...defaults, ...options };
+
+  // 🚀 性能优化：预计算所有 Header 字符串，避免在请求响应循环中构造字符串
+  const staticHeaders = [];
+
+  if (config.hsts.enabled) {
+    let val = `max-age=${config.hsts.maxAge}${config.hsts.includeSubDomains ? "; includeSubDomains" : ""}${config.hsts.preload ? "; preload" : ""}`;
+    staticHeaders.push(["Strict-Transport-Security", val]);
+  }
+  if (config.noSniff.enabled)
+    staticHeaders.push(["X-Content-Type-Options", "nosniff"]);
+  if (config.xssFilter.enabled)
+    staticHeaders.push(["X-XSS-Protection", "1; mode=block"]);
+  if (config.frameguard.enabled)
+    staticHeaders.push([
+      "X-Frame-Options",
+      config.frameguard.action.toUpperCase(),
+    ]);
+  if (config.referrerPolicy.enabled)
+    staticHeaders.push(["Referrer-Policy", config.referrerPolicy.value]);
+  if (config.permissionsPolicy.enabled) {
+    const p = Object.entries(config.permissionsPolicy.directives)
+      .map(([f, v]) => `${f}=${v}`)
+      .join(", ");
+    staticHeaders.push(["Permissions-Policy", p]);
+  }
+
+  /**
+   * 💡 修复后的核心中间件函数
+   * 使用 (context, next) 签名替代旧版的 (context, signal)
+   */
+  return async function securityMiddleware(context, next) {
+    console.log("Security middleware executing for URL:", context.url);
+    // 1. 批量写入预计算的 Header
+    for (let i = 0; i < staticHeaders.length; i++) {
+      context.setHeader(staticHeaders[i][0], staticHeaders[i][1]);
+    }
+
+    // 2. 移除敏感 Header
+    if (config.hidePoweredBy && context._response) {
+      context._response.removeHeader("X-Powered-By");
+    }
+
+    // 3. 💡 修复点：调用标准 next() 而不是 signal.next()
+    if (typeof next === "function") {
+      return next();
+    }
+  };
+}
+
+export default createSecurityMiddleware;

package/src/middleware/session.js

@@ -0,0 +1,167 @@
+/**
+ * @license MIT
+ * Copyright (c) 2026-present, GameCuft & AetherJS Contributors.
+ * SPDX-License-Identifier: MIT
+ * @module @aether/middleware/session
+ */
+
+import crypto from "crypto";
+
+// 🚀 极致优化：用最原始、无任何对象分配的 for 循环单点查找 Cookie，把 GC 开销降到绝对零度
+function getCookieValue(cookieHeader, name) {
+  if (!cookieHeader) return undefined;
+  const target = name + "=";
+  const len = cookieHeader.length;
+  let pos = 0;
+  while (pos < len) {
+    pos = cookieHeader.indexOf(target, pos);
+    if (pos === -1) break;
+    // 确保是独立的 cookie 名，而不是别的前缀
+    if (
+      pos === 0 ||
+      cookieHeader.charCodeAt(pos - 1) === 32 ||
+      cookieHeader.charCodeAt(pos - 1) === 59
+    ) {
+      pos += target.length;
+      let end = cookieHeader.indexOf(";", pos);
+      if (end === -1) end = len;
+      return cookieHeader.substring(pos, end).trim();
+    }
+    pos += 1;
+  }
+  return undefined;
+}
+
+// 🚀 放弃长 UUID，改用 16 字节的高性能十六进制 ID，缩短 Cookie 长度，减轻网络和压缩中间件开销
+const genId = () => crypto.randomBytes(16).toString("hex");
+
+class MemoryStore {
+  constructor() {
+    this.cache = new Map();
+  }
+  async get(id) {
+    const s = this.cache.get(id);
+    if (!s) return null;
+    if (Date.now() > s.exp) {
+      this.cache.delete(id);
+      return null;
+    }
+    return s.data;
+  }
+  async set(id, data, ttl) {
+    this.cache.set(id, { data, exp: Date.now() + ttl });
+  }
+  async delete(id) {
+    this.cache.delete(id);
+  }
+  prune() {
+    const now = Date.now();
+    for (const [k, v] of this.cache) if (now > v.exp) this.cache.delete(k);
+  }
+}
+
+export class SessionManager {
+  constructor(options = {}) {
+    const { store, ...restOptions } = options;
+    this.config = {
+      enabled: process.env.SESSION_ENABLED !== "false",
+      maxAge: parseInt(process.env.SESSION_MAX_AGE) || 86400000,
+      cookieName: process.env.SESSION_COOKIE_NAME || "aether_sid",
+      ...restOptions,
+    };
+    this.config.store =
+      store && typeof store === "object" ? store : new MemoryStore();
+    if (this.config.store instanceof MemoryStore) {
+      this.cleanup = setInterval(
+        () => this.config.store.prune(),
+        60000,
+      ).unref();
+    }
+  }
+
+  middleware() {
+    if (!this.config.enabled)
+      return (ctx, next) => next && (next.next ? next.next() : next());
+
+    const { store, maxAge, cookieName } = this.config;
+    const cookieSuffix = `; HttpOnly; Secure; SameSite=Strict; Max-Age=${Math.floor(maxAge / 1000)}; Path=/`;
+
+    return async (ctx, next) => {
+      ctx.state ??= {};
+
+      const sid = getCookieValue(ctx.getHeader("cookie"), cookieName);
+      let sessionData = sid ? await store.get(sid) : null;
+
+      // 🚀 策略调整：如果没拿到，先给个空对象，绝不提前写库、不提前设 Cookie
+      let isNew = false;
+      if (!sessionData) {
+        sessionData = {};
+        isNew = true;
+      }
+
+      const sessionState = { id: sid, data: sessionData, dirty: false };
+
+      ctx.session = {
+        get: (key) => sessionState.data[key],
+        set: (key, val) => {
+          sessionState.data[key] = val;
+          sessionState.dirty = true;
+        },
+        delete: (key) => {
+          delete sessionState.data[key];
+          sessionState.dirty = true;
+        },
+        clear: () => {
+          sessionState.data = {};
+          sessionState.dirty = true;
+        },
+        destroy: async () => {
+          if (sessionState.id) await store.delete(sessionState.id);
+          sessionState.id = null;
+          sessionState.data = {};
+          sessionState.dirty = false;
+          ctx.setHeader(
+            "Set-Cookie",
+            `${cookieName}=; HttpOnly; Secure; SameSite=Strict; Max-Age=0; Path=/`,
+          );
+        },
+        regenerate: async () => {
+          if (sessionState.id) await store.delete(sessionState.id);
+          sessionState.id = genId();
+          await store.set(sessionState.id, sessionState.data, maxAge);
+          ctx.setHeader(
+            "Set-Cookie",
+            `${cookieName}=${sessionState.id}${cookieSuffix}`,
+          );
+          sessionState.dirty = false;
+          isNew = false;
+        },
+      };
+
+      // 🚀 用最稳妥且隔离良好的 try...finally 确保管道顺畅，同时将落盘逻辑卡死在“确实有改动”的关口
+      try {
+        if (next) {
+          next.next ? await next.next() : await next();
+        }
+      } finally {
+        if (sessionState.dirty) {
+          // 如果是新 session 且路由往里写了数据，在此刻才真正生成 ID 并下发 Cookie
+          if (isNew || !sessionState.id) {
+            sessionState.id = genId();
+            ctx.setHeader(
+              "Set-Cookie",
+              `${cookieName}=${sessionState.id}${cookieSuffix}`,
+            );
+          }
+          await store.set(sessionState.id, sessionState.data, maxAge);
+        }
+      }
+    };
+  }
+
+  destroy() {
+    if (this.cleanup) clearInterval(this.cleanup);
+  }
+}
+
+export default SessionManager;

package/src/utils/atomic-ops.js

@@ -0,0 +1,125 @@
+// atomic-ops.js - Atomic operations for AetherJS
+// Thread-safe state management using synchronous operations
+
+/**
+ * AtomicCounter - Thread-safe counter
+ */
+class AtomicCounter {
+    constructor(initialValue = 0) {
+        this.value = initialValue;
+    }
+    
+    /**
+     * Increment counter
+     * @param {number} delta - Amount to increment
+     * @returns {number} - New value
+     */
+    increment(delta = 1) {
+        this.value += delta;
+        return this.value;
+    }
+    
+    /**
+     * Decrement counter
+     * @param {number} delta - Amount to decrement
+     * @returns {number} - New value
+     */
+    decrement(delta = 1) {
+        this.value -= delta;
+        return this.value;
+    }
+    
+    /**
+     * Get current value
+     * @returns {number} - Current value
+     */
+    get() {
+        return this.value;
+    }
+    
+    /**
+     * Set value
+     * @param {number} value - New value
+     */
+    set(value) {
+        this.value = value;
+    }
+    
+    /**
+     * Compare and swap
+     * @param {number} expected - Expected value
+     * @param {number} newValue - New value
+     * @returns {boolean} - Whether swap succeeded
+     */
+    compareAndSwap(expected, newValue) {
+        if (this.value === expected) {
+            this.value = newValue;
+            return true;
+        }
+        return false;
+    }
+}
+
+/**
+ * AtomicFlag - Thread-safe boolean flag
+ */
+class AtomicFlag {
+    constructor(initialValue = false) {
+        this.value = initialValue;
+    }
+    
+    /**
+     * Set flag to true
+     * @returns {boolean} - Previous value
+     */
+    set() {
+        const prev = this.value;
+        this.value = true;
+        return prev;
+    }
+    
+    /**
+     * Set flag to false
+     * @returns {boolean} - Previous value
+     */
+    clear() {
+        const prev = this.value;
+        this.value = false;
+        return prev;
+    }
+    
+    /**
+     * Toggle flag
+     * @returns {boolean} - New value
+     */
+    toggle() {
+        this.value = !this.value;
+        return this.value;
+    }
+    
+    /**
+     * Get current value
+     * @returns {boolean} - Current value
+     */
+    get() {
+        return this.value;
+    }
+}
+
+/**
+ * Factory functions
+ */
+function createAtomicCounter(initialValue = 0) {
+    return new AtomicCounter(initialValue);
+}
+
+function createAtomicFlag(initialValue = false) {
+    return new AtomicFlag(initialValue);
+}
+
+export default {
+    createAtomicCounter,
+    createAtomicFlag,
+    AtomicCounter,
+    AtomicFlag
+};

package/src/utils/env-loader.js

@@ -0,0 +1,124 @@
+// env-loader.js - Environment variable loader for AetherJS
+// Supports .env file parsing and hot-reloading
+
+import fs from 'fs';
+import path from 'path';
+/**
+ * Parse .env file content
+ * @param {string} content - .env file content
+ * @returns {Object} - Parsed environment variables
+ */
+function parseEnvContent(content) {
+    const env = {};
+    const lines = content.split('\n');
+    
+    for (const line of lines) {
+        // Skip comments and empty lines
+        const trimmedLine = line.trim();
+        if (!trimmedLine || trimmedLine.startsWith('#')) {
+            continue;
+        }
+        
+        // Split key=value
+        const equalIndex = trimmedLine.indexOf('=');
+        if (equalIndex === -1) {
+            continue;
+        }
+        
+        const key = trimmedLine.substring(0, equalIndex).trim();
+        let value = trimmedLine.substring(equalIndex + 1).trim();
+        
+        // Remove quotes if present
+        if ((value.startsWith('"') && value.endsWith('"')) ||
+            (value.startsWith("'") && value.endsWith("'"))) {
+            value = value.substring(1, value.length - 1);
+        }
+        
+        // Set environment variable
+        env[key] = value;
+    }
+    
+    return env;
+}
+
+/**
+ * Load environment variables from .env file
+ * @param {string} envPath - Path to .env file
+ * @param {boolean} override - Whether to override existing env vars
+ * @returns {Object} - Loaded environment variables
+ */
+function loadEnv(envPath = '.env', override = false) {
+    const absolutePath = path.resolve(process.cwd(), envPath);
+    
+    if (!fs.existsSync(absolutePath)) {
+        console.warn(`AetherJS: .env file not found at ${absolutePath}`);
+        return {};
+    }
+    
+    try {
+        const content = fs.readFileSync(absolutePath, 'utf8');
+        const env = parseEnvContent(content);
+        
+        // Set environment variables
+        for (const [key, value] of Object.entries(env)) {
+            if (override || process.env[key] === undefined) {
+                process.env[key] = value;
+            }
+        }
+        
+        return env;
+    } catch (error) {
+        console.error(`AetherJS: Error loading .env file: ${error.message}`);
+        return {};
+    }
+}
+
+/**
+ * Watch .env file for changes and reload
+ * @param {string} envPath - Path to .env file
+ * @param {Function} callback - Callback when env changes
+ * @returns {Object} - Watcher object with close method
+ */
+function watchEnv(envPath = '.env', callback) {
+    const absolutePath = path.resolve(process.cwd(), envPath);
+    
+    if (!fs.existsSync(absolutePath)) {
+        console.warn(`AetherJS: .env file not found at ${absolutePath}`);
+        return { close: () => {} };
+    }
+    
+    let lastContent = fs.readFileSync(absolutePath, 'utf8');
+    
+    const watcher = fs.watch(absolutePath, (eventType) => {
+        if (eventType === 'change') {
+            try {
+                const newContent = fs.readFileSync(absolutePath, 'utf8');
+                if (newContent !== lastContent) {
+                    lastContent = newContent;
+                    const newEnv = parseEnvContent(newContent);
+                    
+                    // Update process.env
+                    for (const [key, value] of Object.entries(newEnv)) {
+                        process.env[key] = value;
+                    }
+                    
+                    if (callback) {
+                        callback(newEnv);
+                    }
+                }
+            } catch (error) {
+                console.error(`AetherJS: Error reloading .env file: ${error.message}`);
+            }
+        }
+    });
+    
+    return {
+        close: () => watcher.close()
+    };
+}
+export default {
+    loadEnv,
+    watchEnv,
+    parseEnvContent
+};
+

package/src/utils/memory-pool.js

@@ -0,0 +1,93 @@
+// memory-pool.js - Memory pool management for AetherJS
+// Zero-copy buffer management for high-performance operations
+
+/**
+ * MemoryPool - Manages a pool of reusable buffers
+ */
+class MemoryPool {
+    constructor(options = {}) {
+        this.bufferSize = options.bufferSize || 8192; // 8KB default
+        this.poolSize = options.poolSize || 100;
+        this.buffers = [];
+        this.available = [];
+        this.stats = {
+            allocated: 0,
+            reused: 0,
+            created: 0
+        };
+        
+        // Initialize pool
+        for (let i = 0; i < this.poolSize; i++) {
+            const buffer = Buffer.allocUnsafe(this.bufferSize);
+            this.buffers.push(buffer);
+            this.available.push(i);
+        }
+    }
+    
+    /**
+     * Get a buffer from the pool
+     * @returns {Buffer} - Buffer from pool
+     */
+    get() {
+        if (this.available.length > 0) {
+            const index = this.available.pop();
+            this.stats.reused++;
+            return this.buffers[index];
+        }
+        
+        // Pool exhausted, create new buffer
+        const buffer = Buffer.allocUnsafe(this.bufferSize);
+        this.buffers.push(buffer);
+        this.stats.created++;
+        this.stats.allocated++;
+        return buffer;
+    }
+    
+    /**
+     * Return a buffer to the pool
+     * @param {Buffer} buffer - Buffer to return
+     */
+    release(buffer) {
+        const index = this.buffers.indexOf(buffer);
+        if (index !== -1 && !this.available.includes(index)) {
+            // Clear buffer content for security
+            buffer.fill(0);
+            this.available.push(index);
+        }
+    }
+    
+    /**
+     * Get pool statistics
+     * @returns {Object} - Pool stats
+     */
+    getStats() {
+        return {
+            ...this.stats,
+            totalBuffers: this.buffers.length,
+            availableBuffers: this.available.length,
+            utilization: ((this.buffers.length - this.available.length) / this.buffers.length * 100).toFixed(2) + '%'
+        };
+    }
+    
+    /**
+     * Destroy pool and free memory
+     */
+    destroy() {
+        this.buffers = [];
+        this.available = [];
+        this.stats = { allocated: 0, reused: 0, created: 0 };
+    }
+}
+
+/**
+ * Factory function to create memory pool instances
+ * @param {Object} options - Pool configuration
+ * @returns {MemoryPool} - Memory pool instance
+ */
+function createMemoryPool(options = {}) {
+    return new MemoryPool(options);
+}
+
+
+
+export default createMemoryPool;