azurajs 3.0.1 → 3.0.2

package/src/plugins/JWTPlugin.ts

@@ -0,0 +1,132 @@
+import { createHmac } from "node:crypto";
+import type { JWTOptions, PluginHandler } from "../types/plugins/plugin.type.js";
+import type { AzuraRequest } from "../types/common.type.js";
+
+function base64urlEncode(data: string | Buffer): string {
+  const buf = typeof data === "string" ? Buffer.from(data) : data;
+  return buf.toString("base64url");
+}
+
+function base64urlDecode(str: string): string {
+  return Buffer.from(str, "base64url").toString("utf-8");
+}
+
+const ALGO_MAP: Record<string, string> = {
+  HS256: "sha256",
+  HS384: "sha384",
+  HS512: "sha512",
+};
+
+export interface JWTPayload {
+  [key: string]: any;
+  iat?: number;
+  exp?: number;
+  iss?: string;
+  aud?: string;
+  sub?: string;
+}
+
+export function signJWT(payload: JWTPayload, secret: string, options: { algorithm?: string; expiresIn?: string | number } = {}): string {
+  const algorithm = options.algorithm ?? "HS256";
+  const header = base64urlEncode(JSON.stringify({ alg: algorithm, typ: "JWT" }));
+
+  const now = Math.floor(Date.now() / 1000);
+  const body: JWTPayload = { ...payload, iat: now };
+
+  if (options.expiresIn) {
+    body.exp = now + parseExpiration(options.expiresIn);
+  }
+
+  const encodedPayload = base64urlEncode(JSON.stringify(body));
+  const signature = createHmac(ALGO_MAP[algorithm] ?? "sha256", secret)
+    .update(`${header}.${encodedPayload}`)
+    .digest("base64url");
+
+  return `${header}.${encodedPayload}.${signature}`;
+}
+
+export function verifyJWT(token: string, secret: string, options: { algorithm?: string } = {}): JWTPayload {
+  const parts = token.split(".");
+  if (parts.length !== 3) throw new Error("Invalid token format");
+
+  const [header, payload, signature] = parts;
+  const algorithm = options.algorithm ?? "HS256";
+
+  const expectedSig = createHmac(ALGO_MAP[algorithm] ?? "sha256", secret)
+    .update(`${header}.${payload}`)
+    .digest("base64url");
+
+  if (signature !== expectedSig) throw new Error("Invalid token signature");
+
+  const decoded = JSON.parse(base64urlDecode(payload)) as JWTPayload;
+
+  if (decoded.exp && decoded.exp < Math.floor(Date.now() / 1000)) {
+    throw new Error("Token expired");
+  }
+
+  return decoded;
+}
+
+function parseExpiration(exp: string | number): number {
+  if (typeof exp === "number") return exp;
+  const match = exp.match(/^(\d+)(s|m|h|d)$/);
+  if (!match) return 3600;
+  const val = parseInt(match[1], 10);
+  switch (match[2]) {
+    case "s": return val;
+    case "m": return val * 60;
+    case "h": return val * 3600;
+    case "d": return val * 86400;
+    default: return 3600;
+  }
+}
+
+function extractToken(req: AzuraRequest): string | null {
+  const auth = req.headers.authorization;
+  if (auth?.startsWith("Bearer ")) return auth.slice(7);
+  return (req.query.token as string) ?? req.cookies?.token ?? null;
+}
+
+export function JWTPlugin(options: JWTOptions): PluginHandler {
+  const {
+    secret,
+    algorithm = "HS256",
+    paths = [],
+    exclude = [],
+    getToken,
+  } = options;
+
+  return (ctx, next) => {
+    const { req, res } = ctx;
+    const path = req.pathname;
+
+    if (exclude.some((p) => path.startsWith(p))) {
+      next();
+      return;
+    }
+
+    if (paths.length > 0 && !paths.some((p) => path.startsWith(p))) {
+      next();
+      return;
+    }
+
+    const token = getToken ? getToken(req) : extractToken(req);
+
+    if (!token) {
+      res.statusCode = 401;
+      res.setHeader("Content-Type", "application/json");
+      res.end(JSON.stringify({ error: { statusCode: 401, message: "No token provided" } }));
+      return;
+    }
+
+    try {
+      const payload = verifyJWT(token, secret, { algorithm });
+      req.user = payload;
+      next();
+    } catch (err: any) {
+      res.statusCode = 401;
+      res.setHeader("Content-Type", "application/json");
+      res.end(JSON.stringify({ error: { statusCode: 401, message: err.message ?? "Invalid token" } }));
+    }
+  };
+}

package/src/plugins/MultipartPlugin.ts

@@ -0,0 +1,168 @@
+import { randomBytes } from "node:crypto";
+import { writeFileSync, mkdirSync, existsSync } from "node:fs";
+import { join } from "node:path";
+import type { MultipartOptions, PluginHandler } from "../types/plugins/plugin.type.js";
+
+export interface UploadedFile {
+  fieldname: string;
+  filename: string;
+  mimetype: string;
+  size: number;
+  buffer: Buffer;
+  path?: string;
+}
+
+export function MultipartPlugin(options: MultipartOptions = {}): PluginHandler {
+  const {
+    maxFileSize = 10 * 1024 * 1024,
+    maxFiles = 10,
+    maxFieldSize = 1024 * 1024,
+    maxFields = 50,
+    allowedMimeTypes,
+    uploadDir,
+  } = options;
+
+  if (uploadDir && !existsSync(uploadDir)) {
+    mkdirSync(uploadDir, { recursive: true });
+  }
+
+  return async (ctx, next) => {
+    const { req } = ctx;
+    const contentType = req.headers["content-type"] ?? "";
+
+    if (!contentType.startsWith("multipart/form-data")) {
+      next();
+      return;
+    }
+
+    const boundaryMatch = contentType.match(/boundary=([^\s;]+)/);
+    if (!boundaryMatch) {
+      next();
+      return;
+    }
+
+    const boundary = boundaryMatch[1];
+
+    try {
+      const { fields, files } = await parseMultipart(req as any, boundary, {
+        maxFileSize,
+        maxFiles,
+        maxFieldSize,
+        maxFields,
+        allowedMimeTypes,
+      });
+
+      if (uploadDir) {
+        for (const file of files) {
+          const ext = file.filename.includes(".")
+            ? file.filename.slice(file.filename.lastIndexOf("."))
+            : "";
+          const savedName = `${randomBytes(16).toString("hex")}${ext}`;
+          const savePath = join(uploadDir, savedName);
+          writeFileSync(savePath, file.buffer);
+          file.path = savePath;
+        }
+      }
+
+      (req as any).files = files;
+      (req as any).body = { ...((req as any).body ?? {}), ...fields };
+
+      next();
+    } catch (err: any) {
+      const { res } = ctx;
+      res.statusCode = 400;
+      res.setHeader("Content-Type", "application/json");
+      res.end(JSON.stringify({ error: { statusCode: 400, message: err.message } }));
+    }
+  };
+}
+
+interface ParseOptions {
+  maxFileSize: number;
+  maxFiles: number;
+  maxFieldSize: number;
+  maxFields: number;
+  allowedMimeTypes?: string[];
+}
+
+async function parseMultipart(
+  req: NodeJS.ReadableStream,
+  boundary: string,
+  opts: ParseOptions,
+): Promise<{ fields: Record<string, string>; files: UploadedFile[] }> {
+  const raw = await collectBody(req);
+  const delimiter = Buffer.from(`--${boundary}`);
+  const endDelimiter = Buffer.from(`--${boundary}--`);
+
+  const fields: Record<string, string> = {};
+  const files: UploadedFile[] = [];
+  let fieldCount = 0;
+
+  let start = bufferIndexOf(raw, delimiter, 0);
+  if (start === -1) return { fields, files };
+  start += delimiter.length + 2; // skip delimiter + CRLF
+
+  while (start < raw.length) {
+    const end = bufferIndexOf(raw, delimiter, start);
+    if (end === -1) break;
+
+    const part = raw.subarray(start, end - 2); // -2 for trailing CRLF before delimiter
+    const headerEnd = bufferIndexOf(part, Buffer.from("\r\n\r\n"), 0);
+    if (headerEnd === -1) { start = end + delimiter.length + 2; continue; }
+
+    const headerStr = part.subarray(0, headerEnd).toString("utf-8");
+    const body = part.subarray(headerEnd + 4);
+
+    const nameMatch = headerStr.match(/name="([^"]+)"/);
+    const filenameMatch = headerStr.match(/filename="([^"]*)"/);
+    const typeMatch = headerStr.match(/Content-Type:\s*(.+)/i);
+
+    if (filenameMatch && nameMatch) {
+      if (files.length >= opts.maxFiles) throw new Error("Too many files");
+      if (body.length > opts.maxFileSize) throw new Error(`File ${filenameMatch[1]} exceeds max size`);
+
+      const mimetype = typeMatch?.[1]?.trim() ?? "application/octet-stream";
+      if (opts.allowedMimeTypes && !opts.allowedMimeTypes.includes(mimetype)) {
+        throw new Error(`File type ${mimetype} not allowed`);
+      }
+
+      files.push({
+        fieldname: nameMatch[1],
+        filename: filenameMatch[1],
+        mimetype,
+        size: body.length,
+        buffer: Buffer.from(body),
+      });
+    } else if (nameMatch) {
+      if (++fieldCount > opts.maxFields) throw new Error("Too many fields");
+      if (body.length > opts.maxFieldSize) throw new Error(`Field ${nameMatch[1]} exceeds max size`);
+      fields[nameMatch[1]] = body.toString("utf-8");
+    }
+
+    start = end + delimiter.length;
+    if (bufferIndexOf(raw, endDelimiter, end) === end) break;
+    start += 2;
+  }
+
+  return { fields, files };
+}
+
+function collectBody(stream: NodeJS.ReadableStream): Promise<Buffer> {
+  return new Promise((resolve, reject) => {
+    const chunks: Buffer[] = [];
+    stream.on("data", (chunk: Buffer) => chunks.push(chunk));
+    stream.on("end", () => resolve(Buffer.concat(chunks)));
+    stream.on("error", reject);
+  });
+}
+
+function bufferIndexOf(buf: Buffer, search: Buffer, offset: number): number {
+  for (let i = offset; i <= buf.length - search.length; i++) {
+    let found = true;
+    for (let j = 0; j < search.length; j++) {
+      if (buf[i + j] !== search[j]) { found = false; break; }
+    }
+    if (found) return i;
+  }
+  return -1;
+}

package/src/plugins/ProxyPlugin.ts

@@ -0,0 +1,89 @@
+import { request as httpRequest } from "node:http";
+import { request as httpsRequest } from "node:https";
+import { URL } from "node:url";
+import type { ProxyOptions, PluginHandler } from "../types/plugins/plugin.type.js";
+
+export function ProxyPlugin(options: ProxyOptions): PluginHandler {
+  const {
+    target,
+    pathRewrite = {},
+    changeOrigin = true,
+    timeout = 30_000,
+    headers: extraHeaders = {},
+    onProxyReq,
+    onProxyRes,
+  } = options;
+
+  const targetUrl = new URL(target);
+  const isHttps = targetUrl.protocol === "https:";
+  const requestFn = isHttps ? httpsRequest : httpRequest;
+
+  return (ctx, next) => {
+    const { req, res } = ctx;
+
+    let targetPath = req.pathname;
+    for (const [from, to] of Object.entries(pathRewrite)) {
+      targetPath = targetPath.replace(new RegExp(from), to);
+    }
+
+    const search = req.url?.includes("?") ? req.url.slice(req.url.indexOf("?")) : "";
+    const fullPath = targetPath + search;
+
+    const proxyHeaders: Record<string, string> = {};
+    for (const [key, val] of Object.entries(req.headers)) {
+      if (val) proxyHeaders[key] = Array.isArray(val) ? val.join(", ") : val;
+    }
+
+    if (changeOrigin) {
+      proxyHeaders.host = targetUrl.host;
+    }
+
+    Object.assign(proxyHeaders, extraHeaders);
+
+    const proxyReq = requestFn(
+      {
+        hostname: targetUrl.hostname,
+        port: targetUrl.port || (isHttps ? 443 : 80),
+        path: fullPath,
+        method: req.method,
+        headers: proxyHeaders,
+        timeout,
+      },
+      (proxyRes) => {
+        onProxyRes?.(proxyRes, res as any);
+
+        res.statusCode = proxyRes.statusCode ?? 502;
+        for (const [key, val] of Object.entries(proxyRes.headers)) {
+          if (val) res.setHeader(key, val);
+        }
+
+        proxyRes.pipe(res);
+      },
+    );
+
+    proxyReq.on("error", (err) => {
+      if (!res.headersSent) {
+        res.statusCode = 502;
+        res.setHeader("Content-Type", "application/json");
+        res.end(JSON.stringify({ error: { statusCode: 502, message: "Bad Gateway", details: err.message } }));
+      }
+    });
+
+    proxyReq.on("timeout", () => {
+      proxyReq.destroy();
+      if (!res.headersSent) {
+        res.statusCode = 504;
+        res.setHeader("Content-Type", "application/json");
+        res.end(JSON.stringify({ error: { statusCode: 504, message: "Gateway Timeout" } }));
+      }
+    });
+
+    onProxyReq?.(proxyReq, req as any);
+
+    if (req.method !== "GET" && req.method !== "HEAD") {
+      req.pipe(proxyReq);
+    } else {
+      proxyReq.end();
+    }
+  };
+}

package/src/plugins/RateLimitPlugin.ts

@@ -0,0 +1,96 @@
+import type { RateLimitOptions, PluginHandler } from "../types/plugins/plugin.type.js";
+import type { AzuraRequest } from "../types/common.type.js";
+
+interface SlidingWindowEntry {
+  count: number;
+  resetTime: number;
+}
+
+class MemoryStore {
+  private store = new Map<string, SlidingWindowEntry>();
+  private cleanupInterval: ReturnType<typeof setInterval>;
+
+  constructor(windowMs: number) {
+    this.cleanupInterval = setInterval(() => {
+      const now = Date.now();
+      for (const [key, entry] of this.store) {
+        if (now >= entry.resetTime) this.store.delete(key);
+      }
+    }, windowMs);
+    if (this.cleanupInterval.unref) this.cleanupInterval.unref();
+  }
+
+  increment(key: string, windowMs: number): { totalHits: number; resetTime: Date } {
+    const now = Date.now();
+    const entry = this.store.get(key);
+
+    if (!entry || now >= entry.resetTime) {
+      const resetTime = now + windowMs;
+      this.store.set(key, { count: 1, resetTime });
+      return { totalHits: 1, resetTime: new Date(resetTime) };
+    }
+
+    entry.count++;
+    return { totalHits: entry.count, resetTime: new Date(entry.resetTime) };
+  }
+
+  decrement(key: string): void {
+    const entry = this.store.get(key);
+    if (entry && entry.count > 0) entry.count--;
+  }
+
+  resetKey(key: string): void {
+    this.store.delete(key);
+  }
+
+  destroy(): void {
+    clearInterval(this.cleanupInterval);
+    this.store.clear();
+  }
+}
+
+export function RateLimitPlugin(options: RateLimitOptions = {}): PluginHandler {
+  const {
+    windowMs = 60_000,
+    max = 100,
+    message = { error: { statusCode: 429, message: "Too many requests, please try again later" } },
+    statusCode = 429,
+    keyGenerator = (req: AzuraRequest) => req.ip,
+    skipSuccessfulRequests = false,
+    skipFailedRequests = false,
+  } = options;
+
+  const memStore = new MemoryStore(windowMs);
+
+  return (ctx, next) => {
+    const { req, res } = ctx;
+    const key = keyGenerator(req);
+    const { totalHits, resetTime } = memStore.increment(key, windowMs);
+
+    res.setHeader("X-RateLimit-Limit", String(max));
+    res.setHeader("X-RateLimit-Remaining", String(Math.max(0, max - totalHits)));
+    res.setHeader("X-RateLimit-Reset", String(Math.ceil(resetTime.getTime() / 1000)));
+
+    if (totalHits > max) {
+      res.setHeader("Retry-After", String(Math.ceil(windowMs / 1000)));
+      res.statusCode = statusCode;
+      const body = typeof message === "string" ? message : JSON.stringify(message);
+      res.setHeader("Content-Type", typeof message === "string" ? "text/plain" : "application/json");
+      res.end(body);
+      return;
+    }
+
+    const origEnd = res.end;
+    res.end = function (...args: any[]) {
+      if (skipSuccessfulRequests && res.statusCode < 400) {
+        memStore.decrement(key);
+      }
+      if (skipFailedRequests && res.statusCode >= 400) {
+        memStore.decrement(key);
+      }
+      return (origEnd as any).apply(this, args);
+    };
+
+    next();
+  };
+}

package/src/plugins/RequestIdPlugin.ts

@@ -0,0 +1,21 @@
+import { randomUUID } from "node:crypto";
+import type { RequestIdOptions, PluginHandler } from "../types/plugins/plugin.type.js";
+
+export function RequestIdPlugin(options: RequestIdOptions = {}): PluginHandler {
+  const {
+    header = "X-Request-Id",
+    generator = randomUUID,
+  } = options;
+
+  return (ctx, next) => {
+    const { req, res } = ctx;
+
+    const existingId = req.headers[header.toLowerCase()] as string | undefined;
+    const requestId = existingId ?? generator();
+
+    req.requestId = requestId;
+    res.setHeader(header, requestId);
+
+    next();
+  };
+}

package/src/plugins/SSEPlugin.ts

@@ -0,0 +1,114 @@
+import type { SSEOptions, PluginHandler } from "../types/plugins/plugin.type.js";
+import type { AzuraResponse } from "../types/common.type.js";
+
+export interface SSEClient {
+  id: string;
+  res: AzuraResponse;
+  send(event: string, data: any, id?: string): void;
+  close(): void;
+}
+
+export class SSEManager {
+  private clients = new Map<string, SSEClient>();
+  private clientCounter = 0;
+
+  addClient(res: AzuraResponse): SSEClient {
+    const id = `sse-${++this.clientCounter}-${Date.now()}`;
+
+    res.setHeader("Content-Type", "text/event-stream");
+    res.setHeader("Cache-Control", "no-cache");
+    res.setHeader("Connection", "keep-alive");
+    res.setHeader("X-Accel-Buffering", "no");
+    res.statusCode = 200;
+    res.flushHeaders();
+
+    const client: SSEClient = {
+      id,
+      res,
+      send(event: string, data: any, eventId?: string) {
+        const serialized = typeof data === "string" ? data : JSON.stringify(data);
+        let message = "";
+        if (eventId) message += `id: ${eventId}\n`;
+        message += `event: ${event}\n`;
+        message += `data: ${serialized}\n\n`;
+        res.write(message);
+      },
+      close() {
+        res.end();
+      },
+    };
+
+    this.clients.set(id, client);
+
+    res.on("close", () => {
+      this.clients.delete(id);
+    });
+
+    return client;
+  }
+
+  broadcast(event: string, data: any, id?: string): void {
+    for (const client of this.clients.values()) {
+      client.send(event, data, id);
+    }
+  }
+
+  getClient(id: string): SSEClient | undefined {
+    return this.clients.get(id);
+  }
+
+  getClientCount(): number {
+    return this.clients.size;
+  }
+
+  closeAll(): void {
+    for (const client of this.clients.values()) {
+      client.close();
+    }
+    this.clients.clear();
+  }
+}
+
+export function SSEPlugin(options: SSEOptions): PluginHandler {
+  const {
+    path,
+    heartbeatInterval = 30_000,
+    retry = 3000,
+    maxClients = 1000,
+  } = options;
+
+  const manager = new SSEManager();
+
+  let heartbeat: ReturnType<typeof setInterval> | null = null;
+  if (heartbeatInterval > 0) {
+    heartbeat = setInterval(() => {
+      manager.broadcast("heartbeat", { time: Date.now() });
+    }, heartbeatInterval);
+    if (heartbeat.unref) heartbeat.unref();
+  }
+
+  const plugin: PluginHandler & { manager: SSEManager } = Object.assign(
+    (ctx: any, next: any) => {
+      const { req, res } = ctx;
+
+      if (req.pathname !== path || req.method !== "GET") {
+        next();
+        return;
+      }
+
+      if (manager.getClientCount() >= maxClients) {
+        res.statusCode = 503;
+        res.setHeader("Content-Type", "application/json");
+        res.end(JSON.stringify({ error: { statusCode: 503, message: "Too many SSE connections" } }));
+        return;
+      }
+
+      const client = manager.addClient(res as any);
+      res.write(`retry: ${retry}\n\n`);
+      client.send("connected", { clientId: client.id });
+    },
+    { manager },
+  );
+
+  return plugin;
+}