cpeak 2.6.0 → 2.8.0

package/dist/index.js

@@ -2,10 +2,318 @@
 import http from "http";
 import fs3 from "fs/promises";
 import { createReadStream } from "fs";
+import { pipeline as pipeline2 } from "stream/promises";
+
+// lib/internal/compression.ts
+import zlib from "zlib";
+import { Readable } from "stream";
+import { Buffer as Buffer2 } from "buffer";
 import { pipeline } from "stream/promises";
+var COMPRESSIBLE_TYPE = /text|json|javascript|css|xml|svg/i;
+var NO_TRANSFORM = /(?:^|,)\s*no-transform\s*(?:,|$)/i;
+function pickEncoding(header) {
+  if (!header) return null;
+  const accepted = {};
+  let wildcard;
+  for (const part of header.split(",")) {
+    const [rawName, ...params] = part.trim().split(";");
+    const name = rawName.trim().toLowerCase();
+    if (!name) continue;
+    let q = 1;
+    for (const p of params) {
+      const m = p.trim().match(/^q=([\d.]+)$/i);
+      if (m) q = Number(m[1]);
+    }
+    if (Number.isNaN(q)) q = 0;
+    if (name === "*") wildcard = q;
+    else accepted[name] = q;
+  }
+  const tryPick = (enc) => {
+    const q = enc in accepted ? accepted[enc] : wildcard;
+    return q !== void 0 && q > 0;
+  };
+  if (tryPick("br")) return "br";
+  if (tryPick("gzip")) return "gzip";
+  if (tryPick("deflate")) return "deflate";
+  return null;
+}
+function appendVary(res, value) {
+  const existing = res.getHeader("Vary");
+  if (!existing) return res.setHeader("Vary", value);
+  const current = String(existing).split(",").map((s) => s.trim()).filter(Boolean);
+  if (current.includes("*") || current.some((v) => v.toLowerCase() === value.toLowerCase()))
+    return;
+  res.setHeader("Vary", [...current, value].join(", "));
+}
+function brotliOptsFor(config) {
+  const userBrotli = config.brotli || {};
+  return {
+    ...userBrotli,
+    params: {
+      [zlib.constants.BROTLI_PARAM_QUALITY]: 4,
+      ...userBrotli.params || {}
+    }
+  };
+}
+function createCompressorStream(encoding, config) {
+  if (encoding === "br")
+    return zlib.createBrotliCompress(brotliOptsFor(config));
+  if (encoding === "gzip") return zlib.createGzip(config.gzip);
+  return zlib.createDeflate(config.deflate);
+}
+function negotiate(res, mime, size, config) {
+  if (!COMPRESSIBLE_TYPE.test(mime)) return { encoding: null, eligible: false };
+  if (res.req?.method === "HEAD") return { encoding: null, eligible: false };
+  const cc = res.getHeader("Cache-Control");
+  if (cc && NO_TRANSFORM.test(String(cc)))
+    return { encoding: null, eligible: false };
+  const existing = res.getHeader("Content-Encoding");
+  if (existing && existing !== "identity")
+    return { encoding: null, eligible: false };
+  if (size < config.threshold) return { encoding: null, eligible: true };
+  const encoding = pickEncoding(
+    String(res.req?.headers["accept-encoding"] || "")
+  );
+  return { encoding, eligible: true };
+}
+function bodyAsReadable(body) {
+  if (Buffer2.isBuffer(body)) return Readable.from([body]);
+  if (typeof body === "string") return Readable.from([Buffer2.from(body)]);
+  return body;
+}
+function resolveCompressionOptions(input) {
+  const options = input === true ? {} : input;
+  return {
+    threshold: options.threshold ?? 1024,
+    brotli: options.brotli ?? {},
+    gzip: options.gzip ?? {},
+    deflate: options.deflate ?? {}
+  };
+}
+async function compressAndSend(res, mime, body, config, size) {
+  res.setHeader("Content-Type", mime);
+  const knownSize = Buffer2.isBuffer(body) ? body.length : typeof body === "string" ? Buffer2.byteLength(body) : size ?? Infinity;
+  const { encoding, eligible } = negotiate(res, mime, knownSize, config);
+  if (!encoding) {
+    if (eligible) appendVary(res, "Accept-Encoding");
+    if (Buffer2.isBuffer(body) || typeof body === "string") {
+      res.setHeader("Content-Length", String(knownSize));
+      res.end(body);
+      return;
+    }
+    if (size !== void 0) res.setHeader("Content-Length", String(size));
+    await pipeline(body, res);
+    return;
+  }
+  res.setHeader("Content-Encoding", encoding);
+  appendVary(res, "Accept-Encoding");
+  await pipeline(
+    bodyAsReadable(body),
+    createCompressorStream(encoding, config),
+    res
+  );
+}
+
+// lib/internal/mimeTypes.ts
+var MIME_TYPES = {
+  html: "text/html",
+  css: "text/css",
+  js: "application/javascript",
+  jpg: "image/jpeg",
+  jpeg: "image/jpeg",
+  png: "image/png",
+  svg: "image/svg+xml",
+  txt: "text/plain",
+  eot: "application/vnd.ms-fontobject",
+  otf: "font/otf",
+  ttf: "font/ttf",
+  woff: "font/woff",
+  woff2: "font/woff2",
+  gif: "image/gif",
+  ico: "image/x-icon",
+  json: "application/json",
+  webmanifest: "application/manifest+json"
+};
+
+// lib/internal/errors.ts
+function frameworkError(message, skipFn, code, status) {
+  const err = new Error(message);
+  Error.captureStackTrace(err, skipFn);
+  err.cpeak_err = true;
+  if (code) err.code = code;
+  if (status) err.status = status;
+  return err;
+}
+var ErrorCode = /* @__PURE__ */ ((ErrorCode2) => {
+  ErrorCode2["MISSING_MIME"] = "CPEAK_ERR_MISSING_MIME";
+  ErrorCode2["FILE_NOT_FOUND"] = "CPEAK_ERR_FILE_NOT_FOUND";
+  ErrorCode2["NOT_A_FILE"] = "CPEAK_ERR_NOT_A_FILE";
+  ErrorCode2["SEND_FILE_FAIL"] = "CPEAK_ERR_SEND_FILE_FAIL";
+  ErrorCode2["INVALID_JSON"] = "CPEAK_ERR_INVALID_JSON";
+  ErrorCode2["PAYLOAD_TOO_LARGE"] = "CPEAK_ERR_PAYLOAD_TOO_LARGE";
+  ErrorCode2["WEAK_SECRET"] = "CPEAK_ERR_WEAK_SECRET";
+  ErrorCode2["COMPRESSION_NOT_ENABLED"] = "CPEAK_ERR_COMPRESSION_NOT_ENABLED";
+  ErrorCode2["DUPLICATE_ROUTE"] = "CPEAK_ERR_DUPLICATE_ROUTE";
+  ErrorCode2["INVALID_ROUTE"] = "CPEAK_ERR_INVALID_ROUTE";
+  return ErrorCode2;
+})(ErrorCode || {});
+
+// lib/internal/router.ts
+function createNode() {
+  return { staticChildren: /* @__PURE__ */ new Map() };
+}
+var Router = class {
+  #treesByMethod = /* @__PURE__ */ new Map();
+  add(method, path2, middleware, handler) {
+    const methodKey = method.toLowerCase();
+    let root = this.#treesByMethod.get(methodKey);
+    if (!root) {
+      root = createNode();
+      this.#treesByMethod.set(methodKey, root);
+    }
+    const segments = splitPath(path2);
+    const paramNames = [];
+    let currentNode = root;
+    for (let i = 0; i < segments.length; i++) {
+      const segment = segments[i];
+      const isLastSegment = i === segments.length - 1;
+      if (segment.length > 1 && segment.startsWith("*")) {
+        throw frameworkError(
+          `Invalid route "${path2}": named wildcards (e.g. "*name") are not supported. Use a plain "*" at the end of the path.`,
+          this.add,
+          "CPEAK_ERR_INVALID_ROUTE" /* INVALID_ROUTE */
+        );
+      }
+      if (segment === "*") {
+        if (!isLastSegment) {
+          throw frameworkError(
+            `Invalid route "${path2}": "*" is only allowed as the final path segment.`,
+            this.add,
+            "CPEAK_ERR_INVALID_ROUTE" /* INVALID_ROUTE */
+          );
+        }
+        if (currentNode.wildcardChild) {
+          throw frameworkError(
+            `Duplicate route: ${method.toUpperCase()} ${path2}`,
+            this.add,
+            "CPEAK_ERR_DUPLICATE_ROUTE" /* DUPLICATE_ROUTE */
+          );
+        }
+        currentNode.wildcardChild = { handler, middleware, paramNames };
+        return;
+      }
+      if (segment.startsWith(":")) {
+        const paramName = segment.slice(1);
+        if (!paramName) {
+          throw frameworkError(
+            `Invalid route "${path2}": empty parameter name.`,
+            this.add,
+            "CPEAK_ERR_INVALID_ROUTE" /* INVALID_ROUTE */
+          );
+        }
+        paramNames.push(paramName);
+        if (!currentNode.paramChild) {
+          currentNode.paramChild = createNode();
+        }
+        currentNode = currentNode.paramChild;
+        continue;
+      }
+      let staticChild = currentNode.staticChildren.get(segment);
+      if (!staticChild) {
+        staticChild = createNode();
+        currentNode.staticChildren.set(segment, staticChild);
+      }
+      currentNode = staticChild;
+    }
+    if (currentNode.handler) {
+      throw frameworkError(
+        `Duplicate route: ${method.toUpperCase()} ${path2}`,
+        this.add,
+        "CPEAK_ERR_DUPLICATE_ROUTE" /* DUPLICATE_ROUTE */
+      );
+    }
+    currentNode.handler = handler;
+    currentNode.middleware = middleware;
+    currentNode.paramNames = paramNames;
+  }
+  find(method, path2) {
+    const root = this.#treesByMethod.get(method.toLowerCase());
+    if (!root) return null;
+    const segments = splitPath(path2);
+    return matchSegments(root, segments, 0, []);
+  }
+};
+function matchSegments(node, segments, segmentIndex, capturedValues) {
+  if (segmentIndex === segments.length) {
+    if (node.handler) {
+      return {
+        middleware: node.middleware,
+        handler: node.handler,
+        params: zipParams(node.paramNames, capturedValues)
+      };
+    }
+    if (node.wildcardChild) {
+      return {
+        middleware: node.wildcardChild.middleware,
+        handler: node.wildcardChild.handler,
+        params: zipParams(node.wildcardChild.paramNames, capturedValues)
+      };
+    }
+    return null;
+  }
+  const segment = segments[segmentIndex];
+  const staticChild = node.staticChildren.get(segment);
+  if (staticChild) {
+    const foundMatch = matchSegments(
+      staticChild,
+      segments,
+      segmentIndex + 1,
+      capturedValues
+    );
+    if (foundMatch) return foundMatch;
+  }
+  if (node.paramChild) {
+    capturedValues.push(safeDecode(segment));
+    const foundMatch = matchSegments(
+      node.paramChild,
+      segments,
+      segmentIndex + 1,
+      capturedValues
+    );
+    if (foundMatch) return foundMatch;
+    capturedValues.pop();
+  }
+  if (node.wildcardChild) {
+    return {
+      middleware: node.wildcardChild.middleware,
+      handler: node.wildcardChild.handler,
+      params: zipParams(node.wildcardChild.paramNames, capturedValues)
+    };
+  }
+  return null;
+}
+function zipParams(names, values) {
+  const params = {};
+  for (let i = 0; i < names.length; i++) {
+    params[names[i]] = values[i];
+  }
+  return params;
+}
+function safeDecode(segment) {
+  try {
+    return decodeURIComponent(segment);
+  } catch {
+    return segment;
+  }
+}
+function splitPath(path2) {
+  if (path2 === "" || path2 === "/") return [];
+  const withoutLeadingSlash = path2.startsWith("/") ? path2.slice(1) : path2;
+  return withoutLeadingSlash.split("/");
+}
 
 // lib/utils/parseJSON.ts
-import { Buffer as Buffer2 } from "buffer";
+import { Buffer as Buffer3 } from "buffer";
 function isJSON(contentType) {
   if (!contentType) return false;
   if (contentType === "application/json") return true;
@@ -38,7 +346,7 @@ var parseJSON = (options = {}) => {
     };
     const onEnd = () => {
       try {
-        const rawBody = chunks.length === 1 ? chunks[0].toString("utf-8") : Buffer2.concat(chunks).toString("utf-8");
+        const rawBody = chunks.length === 1 ? chunks[0].toString("utf-8") : Buffer3.concat(chunks).toString("utf-8");
         req.body = rawBody ? JSON.parse(rawBody) : {};
         next();
       } catch (err) {
@@ -61,30 +369,25 @@ var parseJSON = (options = {}) => {
 // lib/utils/serveStatic.ts
 import fs from "fs";
 import path from "path";
-var MIME_TYPES = {
-  html: "text/html",
-  css: "text/css",
-  js: "application/javascript",
-  jpg: "image/jpeg",
-  jpeg: "image/jpeg",
-  png: "image/png",
-  svg: "image/svg+xml",
-  txt: "text/plain",
-  eot: "application/vnd.ms-fontobject",
-  otf: "font/otf",
-  ttf: "font/ttf",
-  woff: "font/woff",
-  woff2: "font/woff2",
-  gif: "image/gif",
-  ico: "image/x-icon",
-  json: "application/json",
-  webmanifest: "application/manifest+json"
-};
-var serveStatic = (folderPath, newMimeTypes, options) => {
-  if (newMimeTypes) {
-    Object.assign(MIME_TYPES, newMimeTypes);
-  }
+var serveStatic = (folderPath, options) => {
   const prefix = options?.prefix ?? "";
+  const live = options?.live ?? false;
+  if (live) {
+    const resolvedFolder = path.resolve(folderPath);
+    return async function(req, res, next) {
+      const url = req.url;
+      if (typeof url !== "string") return next();
+      const pathname = url.split("?")[0];
+      const unprefixed = prefix ? pathname.slice(prefix.length) : pathname;
+      const filePath = path.join(resolvedFolder, unprefixed);
+      const fileExtension = path.extname(filePath).slice(1);
+      const mime = MIME_TYPES[fileExtension];
+      if (!mime || !filePath.startsWith(resolvedFolder)) return next();
+      const stat = await fs.promises.stat(filePath).catch(() => null);
+      if (stat?.isFile()) return res.sendFile(filePath, mime);
+      next();
+    };
+  }
   function processFolder(folderPath2, parentFolder) {
     const staticFiles = [];
     const files = fs.readdirSync(folderPath2);
@@ -153,13 +456,22 @@ var render = () => {
   return function(req, res, next) {
     res.render = async (path2, data, mime) => {
       if (!mime) {
-        throw frameworkError(
-          `MIME type is missing. You called res.render("${path2}", ...) but forgot to provide the third "mime" argument.`,
-          res.render
-        );
+        const dotIndex = path2.lastIndexOf(".");
+        const fileExtension = dotIndex >= 0 ? path2.slice(dotIndex + 1) : "";
+        mime = MIME_TYPES[fileExtension];
+        if (!mime) {
+          throw frameworkError(
+            `MIME type is missing for "${path2}". Pass it as the third argument or register the extension via cpeak({ mimeTypes: { ${fileExtension || "ext"}: "..." } }).`,
+            res.render
+          );
+        }
       }
       let fileStr = await fs2.readFile(path2, "utf-8");
       const finalStr = renderTemplate(fileStr, data);
+      if (res._compression) {
+        await compressAndSend(res, mime, finalStr, res._compression);
+        return;
+      }
       res.setHeader("Content-Type", mime);
       res.end(finalStr);
     };
@@ -424,25 +736,70 @@ function cookieParser(options = {}) {
   };
 }
 
-// lib/index.ts
-function frameworkError(message, skipFn, code, status) {
-  const err = new Error(message);
-  Error.captureStackTrace(err, skipFn);
-  err.cpeak_err = true;
-  if (code) err.code = code;
-  if (status) err.status = status;
-  return err;
+// lib/utils/cors.ts
+function appendVary2(res, value) {
+  const existing = res.getHeader("Vary");
+  if (!existing) return res.setHeader("Vary", value);
+  const current = String(existing).split(",").map((s) => s.trim()).filter(Boolean);
+  if (current.includes("*") || current.includes(value)) return;
+  res.setHeader("Vary", [...current, value].join(", "));
 }
-var ErrorCode = /* @__PURE__ */ ((ErrorCode2) => {
-  ErrorCode2["MISSING_MIME"] = "CPEAK_ERR_MISSING_MIME";
-  ErrorCode2["FILE_NOT_FOUND"] = "CPEAK_ERR_FILE_NOT_FOUND";
-  ErrorCode2["NOT_A_FILE"] = "CPEAK_ERR_NOT_A_FILE";
-  ErrorCode2["SEND_FILE_FAIL"] = "CPEAK_ERR_SEND_FILE_FAIL";
-  ErrorCode2["INVALID_JSON"] = "CPEAK_ERR_INVALID_JSON";
-  ErrorCode2["PAYLOAD_TOO_LARGE"] = "CPEAK_ERR_PAYLOAD_TOO_LARGE";
-  ErrorCode2["WEAK_SECRET"] = "CPEAK_ERR_WEAK_SECRET";
-  return ErrorCode2;
-})(ErrorCode || {});
+async function isAllowed(origin, rule) {
+  if (rule === true || rule === "*") return true;
+  if (rule === false || !origin) return false;
+  if (typeof rule === "string") return rule === origin;
+  if (Array.isArray(rule)) return rule.includes(origin);
+  if (rule instanceof RegExp) return rule.test(origin);
+  if (typeof rule === "function") return await rule(origin);
+  return false;
+}
+var cors = (options = {}) => {
+  const {
+    origin = "*",
+    methods = "GET,HEAD,PUT,PATCH,POST,DELETE",
+    allowedHeaders,
+    exposedHeaders,
+    credentials = false,
+    maxAge = 86400,
+    preflightContinue = false,
+    optionsSuccessStatus = 204
+  } = options;
+  const methodsStr = Array.isArray(methods) ? methods.join(",") : methods;
+  const allowedHeadersStr = Array.isArray(allowedHeaders) ? allowedHeaders.join(",") : allowedHeaders;
+  const exposedHeadersStr = Array.isArray(exposedHeaders) ? exposedHeaders.join(",") : exposedHeaders;
+  return async (req, res, next) => {
+    const requestOrigin = req.headers.origin;
+    if (!requestOrigin) return next();
+    const allowed = await isAllowed(requestOrigin, origin);
+    if (!allowed) return next();
+    const allowOriginValue = origin === "*" && !credentials ? "*" : requestOrigin;
+    res.setHeader("Access-Control-Allow-Origin", allowOriginValue);
+    if (allowOriginValue !== "*") appendVary2(res, "Origin");
+    if (credentials) res.setHeader("Access-Control-Allow-Credentials", "true");
+    if (exposedHeadersStr)
+      res.setHeader("Access-Control-Expose-Headers", exposedHeadersStr);
+    const isPreflight = req.method === "OPTIONS" && req.headers["access-control-request-method"] !== void 0;
+    if (!isPreflight) return next();
+    res.setHeader("Access-Control-Allow-Methods", methodsStr);
+    if (allowedHeadersStr) {
+      res.setHeader("Access-Control-Allow-Headers", allowedHeadersStr);
+    } else if (origin === "*") {
+      const requested = req.headers["access-control-request-headers"];
+      if (requested) res.setHeader("Access-Control-Allow-Headers", requested);
+    } else {
+      res.setHeader(
+        "Access-Control-Allow-Headers",
+        "Content-Type, Authorization"
+      );
+    }
+    res.setHeader("Access-Control-Max-Age", String(maxAge));
+    if (preflightContinue) return next();
+    res.statusCode = optionsSuccessStatus;
+    res.end();
+  };
+};
+
+// lib/index.ts
 var CpeakIncomingMessage = class extends http.IncomingMessage {
   // We define body and params here for better V8 optimization (not changing the shape of the object at runtime)
   body = void 0;
@@ -465,14 +822,21 @@ var CpeakIncomingMessage = class extends http.IncomingMessage {
   }
 };
 var CpeakServerResponse = class extends http.ServerResponse {
+  // Set per-request from the Cpeak instance. Undefined when compression isn't enabled.
+  _compression;
   // Send a file back to the client
   async sendFile(path2, mime) {
     if (!mime) {
-      throw frameworkError(
-        'MIME type is missing. Use res.sendFile(path, "mime-type").',
-        this.sendFile,
-        "CPEAK_ERR_MISSING_MIME" /* MISSING_MIME */
-      );
+      const dotIndex = path2.lastIndexOf(".");
+      const fileExtension = dotIndex >= 0 ? path2.slice(dotIndex + 1) : "";
+      mime = MIME_TYPES[fileExtension];
+      if (!mime) {
+        throw frameworkError(
+          `MIME type is missing for "${path2}". Pass it as the second argument or register the extension via cpeak({ mimeTypes: { ${fileExtension || "ext"}: "..." } }).`,
+          this.sendFile,
+          "CPEAK_ERR_MISSING_MIME" /* MISSING_MIME */
+        );
+      }
     }
     try {
       const stat = await fs3.stat(path2);
@@ -483,9 +847,19 @@ var CpeakServerResponse = class extends http.ServerResponse {
           "CPEAK_ERR_NOT_A_FILE" /* NOT_A_FILE */
         );
       }
+      if (this._compression) {
+        await compressAndSend(
+          this,
+          mime,
+          createReadStream(path2),
+          this._compression,
+          stat.size
+        );
+        return;
+      }
       this.setHeader("Content-Type", mime);
       this.setHeader("Content-Length", String(stat.size));
-      await pipeline(createReadStream(path2), this);
+      await pipeline2(createReadStream(path2), this);
     } catch (err) {
       if (err?.code === "ENOENT") {
         throw frameworkError(
@@ -517,59 +891,91 @@ var CpeakServerResponse = class extends http.ServerResponse {
     this.writeHead(302, { Location: location });
     this.end();
   }
-  // Send a json data back to the client (for small json data, less than the highWaterMark)
+  // Send a json data back to the client.
+  // This is only good for bodies that their size is less than the highWaterMark value.
   json(data) {
+    const body = JSON.stringify(data);
+    if (this._compression) {
+      return compressAndSend(this, "application/json", body, this._compression);
+    }
     this.setHeader("Content-Type", "application/json");
-    this.end(JSON.stringify(data));
+    this.end(body);
+    return Promise.resolve();
+  }
+  // Explicit compression entry point. A developer can use this in any custom handler to compress arbitrary responses
+  compress(mime, body, size) {
+    if (!this._compression) {
+      throw frameworkError(
+        "compression is not enabled. Pass `compression` to cpeak({ compression: true | { ... } }) to use res.compress.",
+        this.compress,
+        "CPEAK_ERR_COMPRESSION_NOT_ENABLED" /* COMPRESSION_NOT_ENABLED */
+      );
+    }
+    return compressAndSend(this, mime, body, this._compression, size);
   }
 };
 var Cpeak = class {
   #server;
-  #routes;
+  #router;
   #middleware;
   #handleErr;
-  constructor() {
+  #compression;
+  constructor(options = {}) {
     this.#server = http.createServer({
       IncomingMessage: CpeakIncomingMessage,
       ServerResponse: CpeakServerResponse
     });
-    this.#routes = {};
+    this.#router = new Router();
     this.#middleware = [];
+    if (options.compression) {
+      this.#compression = resolveCompressionOptions(options.compression);
+    }
+    if (options.mimeTypes) Object.assign(MIME_TYPES, options.mimeTypes);
     this.#server.on(
       "request",
       async (req, res) => {
+        res._compression = this.#compression;
         const qIndex = req.url?.indexOf("?");
         const urlWithoutQueries = qIndex === -1 ? req.url || "" : req.url?.substring(0, qIndex);
-        const dispatchError = (error) => {
+        const dispatchError = async (error) => {
           if (res.headersSent) {
             req.socket?.destroy();
             return;
           }
           res.setHeader("Connection", "close");
-          this.#handleErr?.(error, req, res);
+          try {
+            await this.#handleErr?.(error, req, res);
+          } catch (handlerFailure) {
+            console.error(
+              "[cpeak] handleErr failed while processing:",
+              error,
+              "\nReason:",
+              handlerFailure
+            );
+            if (!res.headersSent) {
+              try {
+                res.statusCode = 500;
+                res.end();
+              } catch {
+              }
+            }
+          }
         };
         const runHandler = async (req2, res2, middleware, cb, index) => {
           if (index === middleware.length) {
             try {
-              await cb(req2, res2, dispatchError);
+              await cb(req2, res2);
             } catch (error) {
               dispatchError(error);
             }
           } else {
             try {
-              await middleware[index](
-                req2,
-                res2,
-                // The next function
-                async (error) => {
-                  if (error) {
-                    return dispatchError(error);
-                  }
-                  await runHandler(req2, res2, middleware, cb, index + 1);
-                },
-                // Error handler for a route middleware
-                dispatchError
-              );
+              await middleware[index](req2, res2, async (error) => {
+                if (error) {
+                  return dispatchError(error);
+                }
+                await runHandler(req2, res2, middleware, cb, index + 1);
+              });
             } catch (error) {
               dispatchError(error);
             }
@@ -577,25 +983,18 @@ var Cpeak = class {
         };
         const runMiddleware = async (req2, res2, middleware, index) => {
           if (index === middleware.length) {
-            const routes = this.#routes[req2.method?.toLowerCase() || ""];
-            if (routes && typeof routes[Symbol.iterator] === "function")
-              for (const route of routes) {
-                const match = urlWithoutQueries?.match(route.regex);
-                if (match) {
-                  const pathVariables = this.#extractPathVariables(
-                    route.path,
-                    match
-                  );
-                  req2.params = pathVariables;
-                  return await runHandler(
-                    req2,
-                    res2,
-                    route.middleware,
-                    route.cb,
-                    0
-                  );
-                }
-              }
+            const method = req2.method?.toLowerCase() || "";
+            const found = this.#router.find(method, urlWithoutQueries || "");
+            if (found) {
+              req2.params = found.params;
+              return await runHandler(
+                req2,
+                res2,
+                found.middleware,
+                found.handler,
+                0
+              );
+            }
             return res2.status(404).json({ error: `Cannot ${req2.method} ${urlWithoutQueries}` });
           } else {
             try {
@@ -615,14 +1014,12 @@ var Cpeak = class {
     );
   }
   route(method, path2, ...args) {
-    if (!this.#routes[method]) this.#routes[method] = [];
     const cb = args.pop();
     if (!cb || typeof cb !== "function") {
       throw new Error("Route definition must include a handler");
     }
     const middleware = args.flat();
-    const regex = this.#pathToRegex(path2);
-    this.#routes[method].push({ path: path2, regex, middleware, cb });
+    this.#router.add(method, path2, middleware, cb);
   }
   beforeEach(cb) {
     this.#middleware.push(cb);
@@ -630,35 +1027,22 @@ var Cpeak = class {
   handleErr(cb) {
     this.#handleErr = cb;
   }
-  listen(port, cb) {
-    return this.#server.listen(port, cb);
+  listen(...args) {
+    return this.#server.listen(...args);
   }
   address() {
     return this.#server.address();
   }
   close(cb) {
-    this.#server.close(cb);
-  }
-  // ------------------------------
-  // PRIVATE METHODS:
-  // ------------------------------
-  #pathToRegex(path2) {
-    const regexString = "^" + path2.replace(/:\w+/g, "([^/]+)").replace(/\*/g, ".*") + "$";
-    return new RegExp(regexString);
-  }
-  #extractPathVariables(path2, match) {
-    const paramNames = (path2.match(/:\w+/g) || []).map(
-      (param) => param.slice(1)
-    );
-    const params = {};
-    paramNames.forEach((name, index) => {
-      params[name] = match[index + 1];
-    });
-    return params;
+    return this.#server.close(cb);
+  }
+  // A getter for developers who want to access the underlying http server instance for advanced use cases that aren't covered by Cpeak
+  get server() {
+    return this.#server;
   }
 };
-function cpeak() {
-  return new Cpeak();
+function cpeak(options) {
+  return new Cpeak(options);
 }
 export {
   Cpeak,
@@ -667,6 +1051,7 @@ export {
   ErrorCode,
   auth,
   cookieParser,
+  cors,
   cpeak as default,
   frameworkError,
   hashPassword,