create-fluxstack 1.7.5 → 1.8.3

package/app/server/middleware/rateLimit.ts

@@ -1,193 +0,0 @@
-/**
- * Rate Limiting Middleware
- * Implements rate limiting to prevent abuse
- */
-
-import type { Context } from 'elysia'
-
-export interface RateLimitConfig {
-  windowMs: number // Time window in milliseconds
-  maxRequests: number // Maximum requests per window
-  keyGenerator?: (context: Context) => string // Custom key generator
-  skipSuccessfulRequests?: boolean // Don't count successful requests
-  skipFailedRequests?: boolean // Don't count failed requests
-  message?: string // Custom error message
-}
-
-interface RateLimitEntry {
-  count: number
-  resetTime: number
-}
-
-/**
- * In-memory rate limit store
- * In production, you'd want to use Redis or another distributed store
- */
-class MemoryStore {
-  private store = new Map<string, RateLimitEntry>()
-
-  get(key: string): RateLimitEntry | undefined {
-    const entry = this.store.get(key)
-    
-    // Clean up expired entries
-    if (entry && entry.resetTime < Date.now()) {
-      this.store.delete(key)
-      return undefined
-    }
-    
-    return entry
-  }
-
-  set(key: string, entry: RateLimitEntry): void {
-    this.store.set(key, entry)
-  }
-
-  increment(key: string, windowMs: number): RateLimitEntry {
-    const now = Date.now()
-    const existing = this.get(key)
-    
-    if (existing) {
-      existing.count++
-      return existing
-    } else {
-      const newEntry: RateLimitEntry = {
-        count: 1,
-        resetTime: now + windowMs
-      }
-      this.set(key, newEntry)
-      return newEntry
-    }
-  }
-
-  cleanup(): void {
-    const now = Date.now()
-    for (const [key, entry] of this.store.entries()) {
-      if (entry.resetTime < now) {
-        this.store.delete(key)
-      }
-    }
-  }
-}
-
-const store = new MemoryStore()
-
-// Cleanup expired entries every minute
-setInterval(() => {
-  store.cleanup()
-}, 60000)
-
-/**
- * Create rate limiting middleware
- */
-export const rateLimitMiddleware = (config: RateLimitConfig) => ({
-  name: 'rate-limit',
-  
-  beforeHandle: async (context: Context) => {
-    const key = config.keyGenerator 
-      ? config.keyGenerator(context)
-      : getDefaultKey(context)
-    
-    const entry = store.increment(key, config.windowMs)
-    
-    // Add rate limit headers
-    const headers = {
-      'X-RateLimit-Limit': config.maxRequests.toString(),
-      'X-RateLimit-Remaining': Math.max(0, config.maxRequests - entry.count).toString(),
-      'X-RateLimit-Reset': Math.ceil(entry.resetTime / 1000).toString()
-    }
-
-    // Check if rate limit exceeded
-    if (entry.count > config.maxRequests) {
-      return new Response(
-        JSON.stringify({
-          error: config.message || 'Too many requests',
-          retryAfter: Math.ceil((entry.resetTime - Date.now()) / 1000)
-        }),
-        { 
-          status: 429,
-          headers: {
-            'Content-Type': 'application/json',
-            'Retry-After': Math.ceil((entry.resetTime - Date.now()) / 1000).toString(),
-            ...headers
-          }
-        }
-      )
-    }
-
-    // Add headers to successful responses
-    context.set.headers = { ...context.set.headers, ...headers }
-  }
-})
-
-/**
- * Default key generator (IP-based)
- */
-function getDefaultKey(context: Context): string {
-  // Try to get real IP from various headers
-  const forwarded = context.headers['x-forwarded-for']
-  const realIp = context.headers['x-real-ip']
-  const cfConnectingIp = context.headers['cf-connecting-ip']
-  
-  let ip = 'unknown'
-  
-  if (forwarded) {
-    ip = forwarded.split(',')[0].trim()
-  } else if (realIp) {
-    ip = realIp
-  } else if (cfConnectingIp) {
-    ip = cfConnectingIp
-  }
-  
-  return `rate_limit:${ip}`
-}
-
-/**
- * User-based key generator
- */
-export const userKeyGenerator = (context: any): string => {
-  const userId = context.user?.id
-  return userId ? `rate_limit:user:${userId}` : getDefaultKey(context)
-}
-
-/**
- * Endpoint-based key generator
- */
-export const endpointKeyGenerator = (context: Context): string => {
-  const ip = getDefaultKey(context)
-  const path = context.path
-  return `${ip}:${path}`
-}
-
-/**
- * Common rate limit configurations
- */
-export const rateLimitConfigs = {
-  // General API rate limit
-  general: {
-    windowMs: 15 * 60 * 1000, // 15 minutes
-    maxRequests: 100,
-    message: 'Too many requests from this IP, please try again later'
-  },
-
-  // Strict rate limit for authentication endpoints
-  auth: {
-    windowMs: 15 * 60 * 1000, // 15 minutes
-    maxRequests: 5,
-    message: 'Too many authentication attempts, please try again later'
-  },
-
-  // Lenient rate limit for public endpoints
-  public: {
-    windowMs: 15 * 60 * 1000, // 15 minutes
-    maxRequests: 1000,
-    message: 'Rate limit exceeded for public API'
-  },
-
-  // Per-user rate limit
-  perUser: {
-    windowMs: 60 * 1000, // 1 minute
-    maxRequests: 60,
-    keyGenerator: userKeyGenerator,
-    message: 'Too many requests, please slow down'
-  }
-}

package/app/server/middleware/requestLogging.ts

@@ -1,215 +0,0 @@
-/**
- * Request Logging Middleware
- * Logs HTTP requests with timing and context information
- */
-
-import type { Context } from 'elysia'
-
-export interface RequestLogConfig {
-  logLevel?: 'debug' | 'info' | 'warn' | 'error'
-  includeBody?: boolean
-  includeHeaders?: boolean
-  excludePaths?: string[]
-  excludeHeaders?: string[]
-  maxBodyLength?: number
-}
-
-/**
- * Request logging middleware
- */
-export const requestLoggingMiddleware = (config: RequestLogConfig = {}) => ({
-  name: 'request-logging',
-  
-  beforeHandle: async (context: Context) => {
-    // Skip logging for excluded paths
-    if (config.excludePaths?.includes(context.path)) {
-      return
-    }
-
-    const startTime = Date.now()
-    
-    // Store start time for duration calculation
-    context.store = { ...context.store, startTime }
-    
-    // Log request start
-    const requestId = generateRequestId()
-    context.store = { ...context.store, requestId }
-    
-    const logData: any = {
-      requestId,
-      method: context.request.method,
-      path: context.path,
-      query: context.query,
-      userAgent: context.headers['user-agent'],
-      ip: getClientIp(context),
-      timestamp: new Date().toISOString()
-    }
-
-    // Include headers if configured
-    if (config.includeHeaders) {
-      const headers = { ...context.headers }
-      
-      // Remove sensitive headers
-      const excludeHeaders = config.excludeHeaders || [
-        'authorization',
-        'cookie',
-        'x-api-key'
-      ]
-      
-      excludeHeaders.forEach(header => {
-        delete headers[header.toLowerCase()]
-      })
-      
-      logData.headers = headers
-    }
-
-    // Include body if configured
-    if (config.includeBody && context.body) {
-      let body = context.body
-      
-      // Truncate large bodies
-      if (config.maxBodyLength && typeof body === 'string') {
-        if (body.length > config.maxBodyLength) {
-          body = body.substring(0, config.maxBodyLength) + '...[truncated]'
-        }
-      }
-      
-      logData.body = body
-    }
-
-    console.log('📥 Request started', logData)
-  },
-  
-  afterHandle: async (context: Context, response: Response) => {
-    const startTime = context.store?.startTime
-    const requestId = context.store?.requestId
-    
-    if (!startTime) return
-    
-    const duration = Date.now() - startTime
-    
-    const logData: any = {
-      requestId,
-      method: context.request.method,
-      path: context.path,
-      status: response.status,
-      duration: `${duration}ms`,
-      timestamp: new Date().toISOString()
-    }
-
-    // Determine log level based on status code
-    let logLevel = config.logLevel || 'info'
-    
-    if (response.status >= 500) {
-      logLevel = 'error'
-    } else if (response.status >= 400) {
-      logLevel = 'warn'
-    }
-
-    // Add performance warning for slow requests
-    if (duration > 1000) {
-      logData.warning = 'Slow request detected'
-      logLevel = 'warn'
-    }
-
-    const logMessage = `📤 Request completed - ${context.request.method} ${context.path} ${response.status} (${duration}ms)`
-    
-    switch (logLevel) {
-      case 'error':
-        console.error(logMessage, logData)
-        break
-      case 'warn':
-        console.warn(logMessage, logData)
-        break
-      case 'debug':
-        console.debug(logMessage, logData)
-        break
-      default:
-        console.log(logMessage, logData)
-    }
-  },
-  
-  onError: async (context: Context, error: Error) => {
-    const startTime = context.store?.startTime
-    const requestId = context.store?.requestId
-    const duration = startTime ? Date.now() - startTime : 0
-    
-    const logData = {
-      requestId,
-      method: context.request.method,
-      path: context.path,
-      error: error.message,
-      stack: error.stack,
-      duration: `${duration}ms`,
-      timestamp: new Date().toISOString()
-    }
-
-    console.error('💥 Request failed', logData)
-  }
-})
-
-/**
- * Generate unique request ID
- */
-function generateRequestId(): string {
-  return `req_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`
-}
-
-/**
- * Get client IP address
- */
-function getClientIp(context: Context): string {
-  // Try to get real IP from various headers
-  const forwarded = context.headers['x-forwarded-for']
-  const realIp = context.headers['x-real-ip']
-  const cfConnectingIp = context.headers['cf-connecting-ip']
-  
-  if (forwarded) {
-    return forwarded.split(',')[0].trim()
-  }
-  
-  if (realIp) {
-    return realIp
-  }
-  
-  if (cfConnectingIp) {
-    return cfConnectingIp
-  }
-  
-  return 'unknown'
-}
-
-/**
- * Predefined configurations
- */
-export const requestLoggingConfigs = {
-  // Development configuration - verbose logging
-  development: {
-    logLevel: 'debug' as const,
-    includeBody: true,
-    includeHeaders: true,
-    maxBodyLength: 1000,
-    excludeHeaders: ['authorization', 'cookie']
-  },
-
-  // Production configuration - minimal logging
-  production: {
-    logLevel: 'info' as const,
-    includeBody: false,
-    includeHeaders: false,
-    excludePaths: ['/health', '/metrics']
-  },
-
-  // Security-focused configuration
-  security: {
-    logLevel: 'warn' as const,
-    includeBody: false,
-    includeHeaders: true,
-    excludeHeaders: [
-      'authorization',
-      'cookie',
-      'x-api-key',
-      'x-auth-token'
-    ]
-  }
-}

package/app/server/middleware/validation.ts

@@ -1,270 +0,0 @@
-/**
- * Validation Middleware
- * Provides request validation using schemas
- */
-
-import type { Context } from 'elysia'
-
-export interface ValidationSchema {
-  body?: Record<string, any>
-  query?: Record<string, any>
-  params?: Record<string, any>
-}
-
-export interface ValidationError {
-  field: string
-  message: string
-  value?: any
-}
-
-/**
- * Create validation middleware for a specific schema
- */
-export const validationMiddleware = (schema: ValidationSchema) => ({
-  name: 'validation',
-  
-  beforeHandle: async (context: Context) => {
-    const errors: ValidationError[] = []
-
-    // Validate body
-    if (schema.body && context.body) {
-      const bodyErrors = validateObject(context.body, schema.body, 'body')
-      errors.push(...bodyErrors)
-    }
-
-    // Validate query parameters
-    if (schema.query && context.query) {
-      const queryErrors = validateObject(context.query, schema.query, 'query')
-      errors.push(...queryErrors)
-    }
-
-    // Validate path parameters
-    if (schema.params && context.params) {
-      const paramErrors = validateObject(context.params, schema.params, 'params')
-      errors.push(...paramErrors)
-    }
-
-    if (errors.length > 0) {
-      return new Response(
-        JSON.stringify({
-          error: 'Validation failed',
-          details: errors
-        }),
-        { 
-          status: 400, 
-          headers: { 'Content-Type': 'application/json' } 
-        }
-      )
-    }
-  }
-})
-
-/**
- * Validate an object against a schema
- */
-function validateObject(
-  obj: any, 
-  schema: Record<string, any>, 
-  prefix: string
-): ValidationError[] {
-  const errors: ValidationError[] = []
-
-  for (const [field, rules] of Object.entries(schema)) {
-    const value = obj[field]
-    const fieldPath = `${prefix}.${field}`
-
-    // Check required fields
-    if (rules.required && (value === undefined || value === null || value === '')) {
-      errors.push({
-        field: fieldPath,
-        message: `${field} is required`,
-        value
-      })
-      continue
-    }
-
-    // Skip validation if field is not required and not present
-    if (!rules.required && (value === undefined || value === null)) {
-      continue
-    }
-
-    // Type validation
-    if (rules.type) {
-      const typeError = validateType(value, rules.type, fieldPath)
-      if (typeError) {
-        errors.push(typeError)
-        continue
-      }
-    }
-
-    // String validations
-    if (rules.type === 'string' && typeof value === 'string') {
-      if (rules.minLength && value.length < rules.minLength) {
-        errors.push({
-          field: fieldPath,
-          message: `${field} must be at least ${rules.minLength} characters`,
-          value
-        })
-      }
-
-      if (rules.maxLength && value.length > rules.maxLength) {
-        errors.push({
-          field: fieldPath,
-          message: `${field} must be no more than ${rules.maxLength} characters`,
-          value
-        })
-      }
-
-      if (rules.pattern && !new RegExp(rules.pattern).test(value)) {
-        errors.push({
-          field: fieldPath,
-          message: `${field} format is invalid`,
-          value
-        })
-      }
-
-      if (rules.email && !isValidEmail(value)) {
-        errors.push({
-          field: fieldPath,
-          message: `${field} must be a valid email address`,
-          value
-        })
-      }
-    }
-
-    // Number validations
-    if (rules.type === 'number' && typeof value === 'number') {
-      if (rules.min !== undefined && value < rules.min) {
-        errors.push({
-          field: fieldPath,
-          message: `${field} must be at least ${rules.min}`,
-          value
-        })
-      }
-
-      if (rules.max !== undefined && value > rules.max) {
-        errors.push({
-          field: fieldPath,
-          message: `${field} must be no more than ${rules.max}`,
-          value
-        })
-      }
-    }
-
-    // Array validations
-    if (rules.type === 'array' && Array.isArray(value)) {
-      if (rules.minItems && value.length < rules.minItems) {
-        errors.push({
-          field: fieldPath,
-          message: `${field} must have at least ${rules.minItems} items`,
-          value
-        })
-      }
-
-      if (rules.maxItems && value.length > rules.maxItems) {
-        errors.push({
-          field: fieldPath,
-          message: `${field} must have no more than ${rules.maxItems} items`,
-          value
-        })
-      }
-    }
-
-    // Enum validation
-    if (rules.enum && !rules.enum.includes(value)) {
-      errors.push({
-        field: fieldPath,
-        message: `${field} must be one of: ${rules.enum.join(', ')}`,
-        value
-      })
-    }
-  }
-
-  return errors
-}
-
-/**
- * Validate value type
- */
-function validateType(value: any, expectedType: string, fieldPath: string): ValidationError | null {
-  const actualType = Array.isArray(value) ? 'array' : typeof value
-
-  if (actualType !== expectedType) {
-    return {
-      field: fieldPath,
-      message: `Expected ${expectedType}, got ${actualType}`,
-      value
-    }
-  }
-
-  return null
-}
-
-/**
- * Validate email format
- */
-function isValidEmail(email: string): boolean {
-  const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/
-  return emailRegex.test(email)
-}
-
-/**
- * Common validation schemas
- */
-export const commonSchemas = {
-  createUser: {
-    body: {
-      name: {
-        type: 'string',
-        required: true,
-        minLength: 2,
-        maxLength: 100
-      },
-      email: {
-        type: 'string',
-        required: true,
-        email: true,
-        maxLength: 255
-      }
-    }
-  },
-
-  updateUser: {
-    params: {
-      id: {
-        type: 'string',
-        required: true,
-        pattern: '^\\d+$'
-      }
-    },
-    body: {
-      name: {
-        type: 'string',
-        required: false,
-        minLength: 2,
-        maxLength: 100
-      },
-      email: {
-        type: 'string',
-        required: false,
-        email: true,
-        maxLength: 255
-      }
-    }
-  },
-
-  pagination: {
-    query: {
-      page: {
-        type: 'string',
-        required: false,
-        pattern: '^\\d+$'
-      },
-      limit: {
-        type: 'string',
-        required: false,
-        pattern: '^\\d+$'
-      }
-    }
-  }
-}