barehttp 1.0.0 → 2.1.0

package/lib/middlewares/cookies/cookie-manager.js

@@ -0,0 +1,68 @@
+import { serialize } from 'cookie';
+import { secretsOperator } from './signer.js';
+import { logMe } from '../../logger/index.js';
+export class CookiesManager {
+    options;
+    flow;
+    signer;
+    constructor(options = {}, flow) {
+        this.options = options;
+        this.flow = flow;
+        const secret = this.options.secret || '';
+        const enableRotation = Array.isArray(secret);
+        this.signer = typeof secret === 'string' || enableRotation ? secretsOperator(secret) : null;
+    }
+    setCookie(name, value, options, signer) {
+        const localSigner = signer || this.signer;
+        const opts = options || this.options;
+        const { signed, ...rest } = opts;
+        const normalizedExpires = typeof rest.expires === 'number' ? new Date(rest.expires) : rest.expires;
+        const serializeOptions = {
+            ...rest,
+            expires: normalizedExpires,
+        };
+        if (signed && localSigner) {
+            value = localSigner.sign(value);
+        }
+        const serialized = serialize(name, value, serializeOptions);
+        let setCookie = this.flow.getHeader('Set-Cookie');
+        if (!setCookie) {
+            this.flow.setHeader('Set-Cookie', serialized);
+            return;
+        }
+        if (typeof setCookie === 'string') {
+            setCookie = [setCookie];
+        }
+        setCookie.push(serialized);
+        this.flow.setHeader('Set-Cookie', setCookie);
+    }
+    clearCookie(name, options = {}) {
+        const opts = {
+            path: '/',
+            ...options,
+            expires: new Date(1),
+            signed: undefined,
+            maxAge: undefined,
+        };
+        return this.setCookie(name, '', opts);
+    }
+    parseCookie(rawCookie) {
+        if (!rawCookie)
+            return {};
+        const result = {};
+        const values = rawCookie?.split(';');
+        for (let i = 0; i < values.length - 1; i++) {
+            const split = values[i].trim().split('=');
+            if (split.length == 2)
+                result[split[0]] = split[1];
+        }
+        return result;
+    }
+    unsignCookie(value) {
+        if (!this.signer) {
+            logMe.error('No signer defined for the cookies, unsign wont work');
+            return;
+        }
+        return this.signer.unsign(value);
+    }
+}

package/lib/middlewares/cookies/signer.d.ts

@@ -0,0 +1,8 @@
+export declare function secretsOperator(secret: string | string[]): {
+    sign(value: string): string;
+    unsign(signedValue: any): {
+        valid: boolean;
+        renew: boolean;
+        value: string | null;
+    };
+};

package/lib/middlewares/cookies/signer.js

@@ -0,0 +1,25 @@
+import cookieSignature from 'cookie-signature';
+export function secretsOperator(secret) {
+    const secrets = Array.isArray(secret) ? secret : [secret];
+    const [signingKey] = secrets;
+    return {
+        sign(value) {
+            return cookieSignature.sign(value, signingKey);
+        },
+        unsign(signedValue) {
+            let valid = false;
+            let renew = false;
+            let value = null;
+            for (const key of secrets) {
+                const result = cookieSignature.unsign(signedValue, key);
+                if (result !== false) {
+                    valid = true;
+                    renew = key !== signingKey;
+                    value = result;
+                    break;
+                }
+            }
+            return { valid, renew, value };
+        },
+    };
+}

package/lib/middlewares/cors/cors.d.ts

@@ -0,0 +1,38 @@
+import type { HttpMethodsUnionUppercase } from '../../utils/index.js';
+import type { BareRequest } from '../../request.js';
+export type CorsOptions = {
+    origin?: string | RegExp;
+    methods?: Array<HttpMethodsUnionUppercase>;
+    preflightContinue?: boolean;
+    optionsSuccessStatus?: 200 | 201 | 202 | 203 | 204;
+    allowedHeaders?: string | string[];
+    exposedHeaders?: string | string[];
+    credentials?: boolean;
+    maxAge?: number;
+};
+export declare class Cors {
+    options: CorsOptions;
+    defaults: {
+        origin: string;
+        methods: string[];
+        preflightContinue: boolean;
+        optionsSuccessStatus: number;
+    };
+    computedHeaders: {
+        credentials: {};
+        methods: {};
+        maxAge: {};
+        exposedHeaders: {};
+    };
+    constructor(corsOptions?: CorsOptions);
+    private computeStaticHeaders;
+    private isString;
+    private isOriginAllowed;
+    private configureOrigin;
+    private configureMethods;
+    private configureCredentials;
+    private configureAllowedHeaders;
+    private configureExposedHeaders;
+    private configureMaxAge;
+    corsMiddleware(flow: BareRequest): void;
+}

package/lib/middlewares/cors/cors.js

@@ -0,0 +1,164 @@
+'use strict';
+export class Cors {
+    options;
+    defaults = {
+        origin: '*',
+        methods: ['GET', 'HEAD', 'PUT', 'PATCH', 'POST', 'DELETE'],
+        preflightContinue: false,
+        optionsSuccessStatus: 204,
+    };
+    computedHeaders = {
+        credentials: {},
+        methods: {},
+        maxAge: {},
+        exposedHeaders: {},
+    };
+    constructor(corsOptions = {}) {
+        this.options = Object.assign({}, this.defaults, corsOptions);
+        this.computeStaticHeaders();
+    }
+    computeStaticHeaders() {
+        this.computedHeaders = {
+            credentials: this.configureCredentials(),
+            methods: this.configureMethods(),
+            maxAge: this.configureMaxAge(),
+            exposedHeaders: this.configureExposedHeaders(),
+        };
+    }
+    isString(s) {
+        return typeof s === 'string' || s instanceof String;
+    }
+    isOriginAllowed(origin, allowedOrigin) {
+        if (Array.isArray(allowedOrigin)) {
+            for (let i = 0; i < allowedOrigin.length; ++i) {
+                if (this.isOriginAllowed(origin, allowedOrigin[i])) {
+                    return true;
+                }
+            }
+            return false;
+        }
+        else if (this.isString(allowedOrigin)) {
+            return origin === allowedOrigin;
+        }
+        else if (allowedOrigin instanceof RegExp) {
+            return allowedOrigin.test(origin);
+        }
+        else {
+            return !!allowedOrigin;
+        }
+    }
+    configureOrigin(req) {
+        const requestOrigin = req.headers.origin;
+        const headers = {};
+        let isAllowed;
+        if (!this.options.origin || this.options.origin === '*') {
+            // allow any origin
+            Object.assign(headers, { 'Access-Control-Allow-Origin': '*' });
+        }
+        else if (this.isString(this.options.origin)) {
+            // fixed origin
+            Object.assign(headers, {
+                'Access-Control-Allow-Origin': this.options.origin,
+                Vary: 'Origin',
+            });
+        }
+        else {
+            isAllowed = this.isOriginAllowed(requestOrigin, this.options.origin);
+            // reflect origin
+            Object.assign(headers, {
+                'Access-Control-Allow-Origin': isAllowed ? requestOrigin : false,
+                Vary: 'Origin',
+            });
+        }
+        return headers;
+    }
+    configureMethods() {
+        const { methods } = this.options;
+        return {
+            'Access-Control-Allow-Methods': methods,
+        };
+    }
+    configureCredentials() {
+        if (this.options.credentials === true) {
+            return {
+                'Access-Control-Allow-Credentials': 'true',
+            };
+        }
+        return {};
+    }
+    configureAllowedHeaders(req) {
+        let { allowedHeaders } = this.options;
+        const headers = {};
+        if (!allowedHeaders) {
+            allowedHeaders = req.headers['access-control-request-headers']; // .headers wasn't specified, so reflect the request headers
+            Object.assign(headers, {
+                Vary: 'Access-Control-Request-Headers',
+            });
+        }
+        else if (Array.isArray(allowedHeaders)) {
+            allowedHeaders = allowedHeaders.join(','); // .headers is an array, so turn it into a string
+        }
+        if (allowedHeaders && allowedHeaders.length) {
+            Object.assign(headers, {
+                'Access-Control-Allow-Headers': allowedHeaders,
+            });
+        }
+        return headers;
+    }
+    configureExposedHeaders() {
+        let headers = this.options.exposedHeaders;
+        if (!headers) {
+            return {};
+        }
+        else if (Array.isArray(headers)) {
+            headers = headers.join(','); // .headers is an array, so turn it into a string
+        }
+        if (headers && headers.length) {
+            return {
+                'Access-Control-Expose-Headers': headers,
+            };
+        }
+        return {};
+    }
+    configureMaxAge() {
+        const maxAge = (typeof this.options.maxAge === 'number' || this.options.maxAge) &&
+            this.options.maxAge.toString();
+        if (maxAge && maxAge.length) {
+            return { 'Access-Control-Max-Age': maxAge };
+        }
+        return {};
+    }
+    corsMiddleware(flow) {
+        let headers = {};
+        const req = flow._originalRequest;
+        const method = req.method && req.method.toUpperCase && req.method.toUpperCase();
+        if (method === 'OPTIONS') {
+            // preflight
+            headers = {
+                ...this.configureOrigin(req),
+                ...this.configureAllowedHeaders(req),
+                ...this.computedHeaders.credentials,
+                ...this.computedHeaders.maxAge,
+                ...this.computedHeaders.exposedHeaders,
+                ...this.computedHeaders.methods,
+            };
+            flow.setHeaders(headers);
+            if (!this.options.preflightContinue) {
+                // Safari (and potentially other browsers) need content-length 0,
+                //   for 204 or they just hang waiting for a body
+                flow.status(this.options.optionsSuccessStatus);
+                flow.setHeader('Content-Length', '0');
+                flow.send();
+            }
+        }
+        else {
+            // actual response
+            headers = {
+                ...this.configureOrigin(req),
+                ...this.computedHeaders.credentials,
+                ...this.computedHeaders.exposedHeaders,
+            };
+            flow.setHeaders(headers);
+        }
+    }
+}

package/lib/request.d.ts

@@ -0,0 +1,84 @@
+import { StatusCodesUnion } from './utils/index.js';
+import { CookiesManager } from './middlewares/cookies/cookie-manager.js';
+import type { IncomingMessage, ServerResponse } from 'http';
+type Cacheability = 'public' | 'private' | 'no-cache' | 'no-store';
+type ExpirationType = 'max-age' | 's-maxage' | 'max-stale' | 'min-fresh' | 'stale-while-revalidate' | 'stale-if-error';
+type Revalidation = 'must-revalidate' | 'proxy-revalidate' | 'immutable';
+export type CacheOpts = {
+    cacheability: Cacheability;
+    expirationKind: ExpirationType;
+    /**
+     * Default 3600
+     */
+    expirationSeconds?: number;
+    revalidation?: Revalidation;
+};
+export declare class BareRequest<H extends {
+    [key: string]: string | undefined;
+} = {
+    [key: string]: string | undefined;
+}> {
+    _originalRequest: IncomingMessage;
+    _originalResponse: ServerResponse;
+    ID: {
+        code: string;
+    };
+    params: H;
+    query: {
+        [k: string]: string | undefined;
+    };
+    remoteIp?: string;
+    requestBody?: any;
+    requestHeaders: {
+        [key: string]: any;
+    };
+    statusToSend: number;
+    cm?: CookiesManager;
+    sent: boolean;
+    private cache;
+    private startTime?;
+    private startDate;
+    private remoteClient;
+    private logging;
+    private requestTimeFormat?;
+    private headers;
+    private cookies;
+    private contentType?;
+    private timeout?;
+    constructor(_originalRequest: IncomingMessage, _originalResponse: ServerResponse, options?: {
+        logging?: boolean;
+        requestTimeFormat?: 'ms' | 's';
+    });
+    private readBody;
+    private attachCookieManager;
+    private populateCookies;
+    private classifyRequestBody;
+    private setRemoteClient;
+    private setRequestTime;
+    private cleanHeader;
+    private attachTimeout;
+    private setParams;
+    getHeader(header: string): string | string[];
+    getCookie(cookie: string): string;
+    getCookies(): {
+        [cooke: string]: string;
+    };
+    disableCache(): void;
+    setCache(cacheOpts: CacheOpts): void;
+    addHeader(header: string, value: string | number | string[] | number[]): void;
+    setHeader(header: string, value: string | number | string[] | number[]): void;
+    setHeaders(headers: {
+        [header: string]: string | number | string[] | number[];
+    }): void;
+    addHeaders(headers: {
+        [header: string]: string | number | string[] | number[];
+    }): void;
+    status(status: StatusCodesUnion): this;
+    sendStatus(status: StatusCodesUnion): void;
+    stream<T extends NodeJS.WritableStream>(stream: T): void;
+    json(data: any): void;
+    _send(chunk?: string | ArrayBuffer | NodeJS.ArrayBufferView | SharedArrayBuffer): void;
+    sendStringifiedJson(data: string): void;
+    send(anything?: any): void;
+}
+export {};

package/lib/request.js

@@ -0,0 +1,260 @@
+import hyperid from 'hyperid';
+import { StatusCodes, StatusPhrases } from './utils/index.js';
+import { JSONParse, JSONStringify } from './utils/safe-json.js';
+import { logHttp, logMe } from './logger/index.js';
+import { CookiesManager } from './middlewares/cookies/cookie-manager.js';
+import { types } from 'util';
+import { Writable } from 'stream';
+import url from 'url';
+const generateId = hyperid();
+const statusTuples = Object.entries(StatusCodes).reduce((acc, [name, status]) => {
+    acc[status] = StatusPhrases[name];
+    return acc;
+}, {});
+export class BareRequest {
+    _originalRequest;
+    _originalResponse;
+    ID;
+    params;
+    query = {};
+    remoteIp;
+    requestBody;
+    requestHeaders;
+    statusToSend = 200;
+    cm;
+    sent = false;
+    cache = true;
+    startTime;
+    startDate = new Date();
+    remoteClient = '';
+    logging = false;
+    requestTimeFormat;
+    headers = {};
+    cookies = {};
+    contentType;
+    timeout;
+    constructor(_originalRequest, _originalResponse, options) {
+        this._originalRequest = _originalRequest;
+        this._originalResponse = _originalResponse;
+        this.params = {};
+        this.ID = { code: _originalRequest.headers['x-request-id'] || generateId() };
+        this.remoteIp = _originalRequest.socket.remoteAddress;
+        this.contentType = this._originalRequest.headers['content-type'];
+        this.requestHeaders = this._originalRequest.headers;
+        this.logging = options?.logging ?? false;
+        // this is a placeholder URL base that we need to make class working
+        new url.URL(`http://localhost/${this._originalRequest.url}`).searchParams.forEach((value, name) => (this.query[name] = value));
+        // parsed;
+        _originalRequest['flow'] = this; // to receive flow object later on in the route handler
+        this.addHeaders({
+            'Content-Type': 'text/plain; charset=utf-8',
+            'X-Request-Id': this.ID.code,
+        });
+        if (options?.requestTimeFormat) {
+            this.startTime = process.hrtime();
+            this.requestTimeFormat = options.requestTimeFormat;
+        }
+    }
+    readBody() {
+        switch (this._originalRequest.method) {
+            case 'POST':
+            case 'PATCH':
+            case 'PUT':
+                return new Promise((resolve, reject) => {
+                    const temp = [];
+                    this._originalRequest
+                        .on('data', (chunk) => temp.push(chunk))
+                        .on('end', () => {
+                        const parsed = this.classifyRequestBody(temp);
+                        if (types.isNativeError(parsed))
+                            return reject(parsed);
+                        this.requestBody = parsed;
+                        resolve(parsed);
+                    })
+                        .on('error', reject);
+                });
+            default:
+                return;
+        }
+    }
+    attachCookieManager(opts) {
+        this.cm = new CookiesManager(opts, this);
+    }
+    populateCookies() {
+        this.cookies = this.cm?.parseCookie(this._originalRequest.headers.cookie) || {};
+    }
+    classifyRequestBody(data) {
+        const wholeChunk = Buffer.concat(data);
+        switch (this.contentType) {
+            case 'text/plain':
+                return wholeChunk.toString();
+            case 'application/json':
+                return JSONParse(wholeChunk.toString());
+            case 'application/x-www-form-urlencoded':
+                const store = {};
+                for (const curr of wholeChunk.toString().split('&')) {
+                    const [key, value] = curr.split('=');
+                    if (!key || !value)
+                        return null; // form urlencoded is not correct
+                    store[key] = value;
+                }
+                return store;
+            default:
+                return wholeChunk;
+        }
+    }
+    setRemoteClient(remoteClient) {
+        this.remoteClient = remoteClient;
+    }
+    setRequestTime() {
+        const diff = process.hrtime(this.startTime);
+        const time = diff[0] * (this.requestTimeFormat === 's' ? 1 : 1e3) +
+            diff[1] * (this.requestTimeFormat === 's' ? 1e-9 : 1e-6);
+        this.setHeaders({
+            'X-Processing-Time': time,
+            'X-Processing-Time-Mode': this.requestTimeFormat === 's' ? 'seconds' : 'milliseconds',
+        });
+    }
+    cleanHeader(header) {
+        delete this.headers[header];
+    }
+    attachTimeout(timeout) {
+        if (this.timeout)
+            clearTimeout(this.timeout);
+        this.timeout = setTimeout(() => {
+            this.status(503)._send('Server aborted connection by overtime');
+        }, timeout);
+        // attach listener to clear the timeout
+        this._originalResponse.on('close', () => this.timeout && clearTimeout(this.timeout));
+    }
+    setParams(params) {
+        this.params = params;
+    }
+    // ======== PUBLIC APIS ========
+    getHeader(header) {
+        return this.headers[header];
+    }
+    getCookie(cookie) {
+        return this.cookies[cookie];
+    }
+    getCookies() {
+        return { ...this.cookies };
+    }
+    disableCache() {
+        this.cache = false;
+    }
+    setCache(cacheOpts) {
+        const cacheHeader = [];
+        const directive = 'Cache-Control';
+        if (cacheOpts.cacheability)
+            cacheHeader.push(cacheOpts.cacheability);
+        if (cacheOpts.expirationKind)
+            cacheHeader.push(`${cacheOpts.expirationKind}=${cacheOpts.expirationSeconds ?? 3600}`);
+        if (cacheOpts.revalidation)
+            cacheHeader.push(cacheOpts.revalidation);
+        if (cacheHeader.length > 0)
+            this.setHeader(directive, cacheHeader);
+    }
+    addHeader(header, value) {
+        const old = this.headers[header];
+        const parsedVal = Array.isArray(value) ? value.join(', ') : '' + value;
+        if (old) {
+            this.headers[header] += `, ${parsedVal}`;
+        }
+        else {
+            this.headers[header] = parsedVal;
+        }
+    }
+    setHeader(header, value) {
+        const parsedVal = Array.isArray(value) ? value.join(', ') : '' + value;
+        this.headers[header] = parsedVal;
+    }
+    setHeaders(headers) {
+        for (const [header, value] of Object.entries(headers)) {
+            this.setHeader(header, value);
+        }
+    }
+    addHeaders(headers) {
+        for (const [header, value] of Object.entries(headers)) {
+            this.addHeader(header, value);
+        }
+    }
+    status(status) {
+        this.statusToSend = status;
+        return this;
+    }
+    sendStatus(status) {
+        this.status(status)._send();
+    }
+    stream(stream) {
+        this._originalResponse.pipe(stream, { end: true });
+    }
+    json(data) {
+        // to generate with fast-json-stringify schema issue #1
+        const jsoned = JSONStringify(data);
+        this.setHeader('Content-Type', 'application/json');
+        this._send(jsoned ? jsoned : undefined);
+    }
+    _send(chunk) {
+        if (this._originalResponse.socket?.destroyed) {
+            logMe.error("Tying to send into closed client's stream");
+            return;
+        }
+        if (this._originalResponse.headersSent || this.sent) {
+            logMe.error('Trying to send with the headers already sent');
+            return;
+        }
+        // work basic headers
+        if (typeof chunk !== 'undefined' && chunk !== null)
+            this.setHeader('Content-Length', Buffer.byteLength(chunk, 'utf-8'));
+        if (!this.cache)
+            this.setHeaders({ 'Cache-Control': 'no-store', Expire: 0, Pragma: 'no-cache' });
+        if (this.statusToSend >= 400 && this.statusToSend !== 404 && this.statusToSend !== 410)
+            this.cleanHeader('Cache-Control');
+        if (this.requestTimeFormat)
+            this.setRequestTime();
+        // perform sending
+        this._originalResponse.writeHead(this.statusToSend, '', this.headers);
+        this._originalResponse.end(chunk || statusTuples[this.statusToSend]);
+        this.sent = true;
+        // call logging section
+        if (this.logging === true) {
+            logHttp(this.headers, this.startDate, this.remoteClient, this._originalRequest, this._originalResponse);
+        }
+    }
+    sendStringifiedJson(data) {
+        this.setHeader('Content-Type', 'application/json');
+        this._send(data);
+    }
+    send(anything) {
+        if (this.sent)
+            return;
+        if (typeof anything === 'undefined' || anything === null)
+            return this._send();
+        switch (anything.constructor) {
+            case Uint8Array:
+            case Uint16Array:
+            case Uint32Array:
+                this._send(Buffer.from(anything.buffer));
+                break;
+            case Buffer:
+            case String:
+                this._send(anything);
+                break;
+            case Boolean:
+            case Number:
+                this._send('' + anything);
+                break;
+            case Writable:
+                this.stream(anything);
+                break;
+            case Object:
+            case Array:
+                this.json(anything);
+                break;
+            default:
+                this._send();
+                logMe.warn('Unknown type to send');
+        }
+    }
+}

package/lib/schemas/custom-schema.d.ts

@@ -0,0 +1,32 @@
+import { ts, Type } from 'ts-morph';
+export type StringSchemaType = {
+    type: 'string';
+    nullable: boolean;
+};
+export type NumberSchemaType = {
+    type: 'number';
+    nullable: boolean;
+};
+export type BooleanSchemaType = {
+    type: 'boolean';
+    nullable: boolean;
+};
+export type ArraySchemaType = {
+    type: 'array';
+    items: StringSchemaType | NumberSchemaType | BooleanSchemaType | ArraySchemaType | ObjectSchemaType;
+    nullable: boolean;
+};
+export type ObjectSchemaType = {
+    type: 'object';
+    properties: {
+        [key: string]: StringSchemaType | NumberSchemaType | BooleanSchemaType | ArraySchemaType | ObjectSchemaType;
+    };
+    nullable: boolean;
+};
+export type UnionSchemaType = {
+    type: 'union';
+    anyOf: CustomSchema[];
+    nullable: boolean;
+};
+export type CustomSchema = StringSchemaType | NumberSchemaType | BooleanSchemaType | ArraySchemaType | ObjectSchemaType | UnionSchemaType;
+export declare const generateCustomSchema: (t: Type<ts.Type>) => CustomSchema;