db-model-router 1.0.9 → 1.0.11

package/src/cli/generate-migration.js

@@ -317,6 +317,10 @@ function generateCreateTableSQL(tableName, tableDef, adapter) {
   const pk = tableDef.pk;
 
   for (const [colName, rule] of Object.entries(tableDef.columns)) {
+    // Skip dot-notation keys — they are object sub-key validation rules,
+    // not standalone database columns. Only the parent object column is created.
+    if (colName.includes(".")) continue;
+
     const { sqlType, nullable, isAutoIncrement } = mapColumnType(rule, adapter);
     let line = `  ${quoteIdent(colName, adapter)} ${sqlType}`;
 

package/src/cli/generate-route.js

@@ -40,7 +40,7 @@ export default router;
 
 /**
  * Generate a parent route file that includes its own CRUD and mounts child routes.
- * e.g., routes/users.js mounts posts under /:user_id/posts
+ * e.g., routes/orders/index.js mounts order_items under /:order_id/items
  *
  * @param {string} tableName - Parent table name
  * @param {Array<{child, foreignKey}>} children - Child relationships for this parent
@@ -56,7 +56,7 @@ import { ${varName} } from "#models";
   // Import child routes
   for (const child of children) {
     const childVar = safeVarName(child.child);
-    code += `import ${childVar}Route from "./${tableName}/${child.child}.js";\n`;
+    code += `import ${childVar}Route from "./${child.child}/index.js";\n`;
   }
 
   code += `
@@ -129,7 +129,7 @@ function generateRoutesIndexFile(tableNames, relationships = [], options = {}) {
   for (const table of tableNames) {
     if (nestedChildren.has(table)) continue;
     const varName = safeVarName(table);
-    imports += `import ${varName}Route from "./${table}.js";\n`;
+    imports += `import ${varName}Route from "./${table}/index.js";\n`;
   }
 
   // Import docs route if openapi is generated

package/src/schema/schema-validator.js

@@ -16,7 +16,7 @@ const VALID_ADAPTERS = new Set([
 const VALID_FRAMEWORKS = new Set(["express", "ultimate-express"]);
 
 const COLUMN_RULE_RE =
-  /^(required\|)?(string|integer|numeric|boolean|object|datetime|auto_increment)$/;
+  /^(required\|)?(string|integer|numeric|boolean|object|datetime|auto_increment)(:[^|]+)?(\|[^|]+)*$/;
 
 class SchemaValidationError extends Error {
   constructor(errors) {

package/.env

@@ -1,7 +0,0 @@
-DB_HOST=3.111.128.240
-DB_NAME="partner"
-DB_USER="root"
-DB_PASS="FN4WyP2jwruMF6"
-DB_PORT=3306
-PORT=3000
-DB_TYPE=mysql

package/db-manager/demo/cockroachdb.env

@@ -1,6 +0,0 @@
-DB_TYPE=cockroachdb
-DB_HOST=localhost
-DB_PORT=26257
-DB_NAME=defaultdb
-DB_USER=root
-DB_PASS=

package/db-manager/demo/dynamodb.env

@@ -1,7 +0,0 @@
-DB_TYPE=dynamodb
-DB_HOST=localhost
-DB_PORT=8000
-DB_NAME=us-east-1
-AWS_REGION=us-east-1
-AWS_ACCESS_KEY_ID=fakeKey
-AWS_SECRET_ACCESS_KEY=fakeSecret

package/db-manager/demo/mongodb.env

@@ -1,4 +0,0 @@
-DB_TYPE=mongodb
-DB_HOST=localhost
-DB_PORT=27017
-DB_NAME=test_db

package/db-manager/demo/mssql.env

@@ -1,6 +0,0 @@
-DB_TYPE=mssql
-DB_HOST=localhost
-DB_PORT=1433
-DB_NAME=master
-DB_USER=sa
-DB_PASS=Password123!

package/db-manager/demo/mysql.env

@@ -1,6 +0,0 @@
-DB_TYPE=mysql
-DB_HOST=localhost
-DB_PORT=3306
-DB_NAME=test_db
-DB_USER=root
-DB_PASS=password

package/db-manager/demo/oracle.env

@@ -1,6 +0,0 @@
-DB_TYPE=oracle
-DB_HOST=localhost
-DB_PORT=1521
-DB_NAME=FREEPDB1
-DB_USER=system
-DB_PASS=oracle

package/db-manager/demo/postgres.env

@@ -1,6 +0,0 @@
-DB_TYPE=postgres
-DB_HOST=localhost
-DB_PORT=5432
-DB_NAME=test_db
-DB_USER=postgres
-DB_PASS=password

package/db-manager/demo/redis.env

@@ -1,4 +0,0 @@
-DB_TYPE=redis
-DB_HOST=localhost
-DB_PORT=6379
-DB_NAME=0

package/db-manager/demo/seeds/cockroachdb.sql

@@ -1,32 +0,0 @@
--- CockroachDB seed data for DB Manager demo
--- Creates users and products tables with sample data
-
-DROP TABLE IF EXISTS users;
-DROP TABLE IF EXISTS products;
-
-CREATE TABLE users (
-    id SERIAL PRIMARY KEY,
-    name VARCHAR(255) NOT NULL,
-    email VARCHAR(255) NOT NULL,
-    created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
-);
-
-CREATE TABLE products (
-    id SERIAL PRIMARY KEY,
-    name VARCHAR(255) NOT NULL,
-    price NUMERIC(10,2) NOT NULL DEFAULT 0,
-    stock INTEGER NOT NULL DEFAULT 0,
-    created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
-);
-
-INSERT INTO users (name, email) VALUES ('Alice', 'alice@example.com');
-INSERT INTO users (name, email) VALUES ('Bob', 'bob@example.com');
-INSERT INTO users (name, email) VALUES ('Charlie', 'charlie@example.com');
-INSERT INTO users (name, email) VALUES ('Diana', 'diana@example.com');
-INSERT INTO users (name, email) VALUES ('Eve', 'eve@example.com');
-
-INSERT INTO products (name, price, stock) VALUES ('Widget', 9.99, 100);
-INSERT INTO products (name, price, stock) VALUES ('Gadget', 24.99, 50);
-INSERT INTO products (name, price, stock) VALUES ('Doohickey', 4.99, 200);
-INSERT INTO products (name, price, stock) VALUES ('Thingamajig', 49.99, 25);
-INSERT INTO products (name, price, stock) VALUES ('Whatchamacallit', 14.99, 75);

package/db-manager/demo/seeds/mssql.sql

@@ -1,32 +0,0 @@
--- MSSQL seed data for DB Manager demo
--- Creates users and products tables with sample data
-
-IF OBJECT_ID('dbo.users', 'U') IS NOT NULL DROP TABLE dbo.users;
-IF OBJECT_ID('dbo.products', 'U') IS NOT NULL DROP TABLE dbo.products;
-
-CREATE TABLE users (
-    id INT IDENTITY(1,1) PRIMARY KEY,
-    name NVARCHAR(255) NOT NULL,
-    email NVARCHAR(255) NOT NULL,
-    created_at DATETIME2 NOT NULL DEFAULT GETDATE()
-);
-
-CREATE TABLE products (
-    id INT IDENTITY(1,1) PRIMARY KEY,
-    name NVARCHAR(255) NOT NULL,
-    price DECIMAL(10,2) NOT NULL DEFAULT 0,
-    stock INT NOT NULL DEFAULT 0,
-    created_at DATETIME2 NOT NULL DEFAULT GETDATE()
-);
-
-INSERT INTO users (name, email) VALUES ('Alice', 'alice@example.com');
-INSERT INTO users (name, email) VALUES ('Bob', 'bob@example.com');
-INSERT INTO users (name, email) VALUES ('Charlie', 'charlie@example.com');
-INSERT INTO users (name, email) VALUES ('Diana', 'diana@example.com');
-INSERT INTO users (name, email) VALUES ('Eve', 'eve@example.com');
-
-INSERT INTO products (name, price, stock) VALUES ('Widget', 9.99, 100);
-INSERT INTO products (name, price, stock) VALUES ('Gadget', 24.99, 50);
-INSERT INTO products (name, price, stock) VALUES ('Doohickey', 4.99, 200);
-INSERT INTO products (name, price, stock) VALUES ('Thingamajig', 49.99, 25);
-INSERT INTO products (name, price, stock) VALUES ('Whatchamacallit', 14.99, 75);

package/db-manager/demo/seeds/mysql.sql

@@ -1,32 +0,0 @@
--- MySQL seed data for DB Manager demo
--- Creates users and products tables with sample data
-
-DROP TABLE IF EXISTS users;
-DROP TABLE IF EXISTS products;
-
-CREATE TABLE users (
-    id INT AUTO_INCREMENT PRIMARY KEY,
-    name VARCHAR(255) NOT NULL,
-    email VARCHAR(255) NOT NULL,
-    created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
-);
-
-CREATE TABLE products (
-    id INT AUTO_INCREMENT PRIMARY KEY,
-    name VARCHAR(255) NOT NULL,
-    price DECIMAL(10,2) NOT NULL DEFAULT 0,
-    stock INT NOT NULL DEFAULT 0,
-    created_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
-);
-
-INSERT INTO users (name, email) VALUES ('Alice', 'alice@example.com');
-INSERT INTO users (name, email) VALUES ('Bob', 'bob@example.com');
-INSERT INTO users (name, email) VALUES ('Charlie', 'charlie@example.com');
-INSERT INTO users (name, email) VALUES ('Diana', 'diana@example.com');
-INSERT INTO users (name, email) VALUES ('Eve', 'eve@example.com');
-
-INSERT INTO products (name, price, stock) VALUES ('Widget', 9.99, 100);
-INSERT INTO products (name, price, stock) VALUES ('Gadget', 24.99, 50);
-INSERT INTO products (name, price, stock) VALUES ('Doohickey', 4.99, 200);
-INSERT INTO products (name, price, stock) VALUES ('Thingamajig', 49.99, 25);
-INSERT INTO products (name, price, stock) VALUES ('Whatchamacallit', 14.99, 75);

package/db-manager/demo/seeds/oracle.sql

@@ -1,43 +0,0 @@
--- Oracle seed data for DB Manager demo
--- Creates users and products tables with sample data
-
-BEGIN
-    EXECUTE IMMEDIATE 'DROP TABLE users CASCADE CONSTRAINTS';
-EXCEPTION
-    WHEN OTHERS THEN NULL;
-END;
-/
-
-BEGIN
-    EXECUTE IMMEDIATE 'DROP TABLE products CASCADE CONSTRAINTS';
-EXCEPTION
-    WHEN OTHERS THEN NULL;
-END;
-/
-
-CREATE TABLE users (
-    id NUMBER GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
-    name VARCHAR2(255) NOT NULL,
-    email VARCHAR2(255) NOT NULL,
-    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL
-);
-
-CREATE TABLE products (
-    id NUMBER GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
-    name VARCHAR2(255) NOT NULL,
-    price NUMBER(10,2) DEFAULT 0 NOT NULL,
-    stock NUMBER DEFAULT 0 NOT NULL,
-    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL
-);
-
-INSERT INTO users (name, email) VALUES ('Alice', 'alice@example.com');
-INSERT INTO users (name, email) VALUES ('Bob', 'bob@example.com');
-INSERT INTO users (name, email) VALUES ('Charlie', 'charlie@example.com');
-INSERT INTO users (name, email) VALUES ('Diana', 'diana@example.com');
-INSERT INTO users (name, email) VALUES ('Eve', 'eve@example.com');
-
-INSERT INTO products (name, price, stock) VALUES ('Widget', 9.99, 100);
-INSERT INTO products (name, price, stock) VALUES ('Gadget', 24.99, 50);
-INSERT INTO products (name, price, stock) VALUES ('Doohickey', 4.99, 200);
-INSERT INTO products (name, price, stock) VALUES ('Thingamajig', 49.99, 25);
-INSERT INTO products (name, price, stock) VALUES ('Whatchamacallit', 14.99, 75);

package/db-manager/demo/seeds/postgres.sql

@@ -1,32 +0,0 @@
--- PostgreSQL seed data for DB Manager demo
--- Creates users and products tables with sample data
-
-DROP TABLE IF EXISTS users;
-DROP TABLE IF EXISTS products;
-
-CREATE TABLE users (
-    id SERIAL PRIMARY KEY,
-    name VARCHAR(255) NOT NULL,
-    email VARCHAR(255) NOT NULL,
-    created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
-);
-
-CREATE TABLE products (
-    id SERIAL PRIMARY KEY,
-    name VARCHAR(255) NOT NULL,
-    price NUMERIC(10,2) NOT NULL DEFAULT 0,
-    stock INTEGER NOT NULL DEFAULT 0,
-    created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
-);
-
-INSERT INTO users (name, email) VALUES ('Alice', 'alice@example.com');
-INSERT INTO users (name, email) VALUES ('Bob', 'bob@example.com');
-INSERT INTO users (name, email) VALUES ('Charlie', 'charlie@example.com');
-INSERT INTO users (name, email) VALUES ('Diana', 'diana@example.com');
-INSERT INTO users (name, email) VALUES ('Eve', 'eve@example.com');
-
-INSERT INTO products (name, price, stock) VALUES ('Widget', 9.99, 100);
-INSERT INTO products (name, price, stock) VALUES ('Gadget', 24.99, 50);
-INSERT INTO products (name, price, stock) VALUES ('Doohickey', 4.99, 200);
-INSERT INTO products (name, price, stock) VALUES ('Thingamajig', 49.99, 25);
-INSERT INTO products (name, price, stock) VALUES ('Whatchamacallit', 14.99, 75);

package/db-manager/demo/seeds/sqlite3.sql

@@ -1,32 +0,0 @@
--- SQLite3 seed data for DB Manager demo
--- Creates users and products tables with sample data
-
-DROP TABLE IF EXISTS users;
-DROP TABLE IF EXISTS products;
-
-CREATE TABLE users (
-    id INTEGER PRIMARY KEY AUTOINCREMENT,
-    name TEXT NOT NULL,
-    email TEXT NOT NULL,
-    created_at TEXT NOT NULL DEFAULT (datetime('now'))
-);
-
-CREATE TABLE products (
-    id INTEGER PRIMARY KEY AUTOINCREMENT,
-    name TEXT NOT NULL,
-    price REAL NOT NULL DEFAULT 0,
-    stock INTEGER NOT NULL DEFAULT 0,
-    created_at TEXT NOT NULL DEFAULT (datetime('now'))
-);
-
-INSERT INTO users (name, email) VALUES ('Alice', 'alice@example.com');
-INSERT INTO users (name, email) VALUES ('Bob', 'bob@example.com');
-INSERT INTO users (name, email) VALUES ('Charlie', 'charlie@example.com');
-INSERT INTO users (name, email) VALUES ('Diana', 'diana@example.com');
-INSERT INTO users (name, email) VALUES ('Eve', 'eve@example.com');
-
-INSERT INTO products (name, price, stock) VALUES ('Widget', 9.99, 100);
-INSERT INTO products (name, price, stock) VALUES ('Gadget', 24.99, 50);
-INSERT INTO products (name, price, stock) VALUES ('Doohickey', 4.99, 200);
-INSERT INTO products (name, price, stock) VALUES ('Thingamajig', 49.99, 25);
-INSERT INTO products (name, price, stock) VALUES ('Whatchamacallit', 14.99, 75);

package/db-manager/demo/sqlite3.env

@@ -1,2 +0,0 @@
-DB_TYPE=sqlite3
-DB_NAME=./db-manager/demo/demo.sqlite

package/demo/.dockerignore

@@ -1,7 +0,0 @@
-node_modules
-npm-debug.log
-.env
-.env.example
-.git
-.gitignore
-data

package/demo/.env.example

@@ -1,15 +0,0 @@
-# Server
-PORT=3000
-API_BASE_PATH=/api
-
-# Database
-DB_TYPE=sqlite3
-DB_NAME=./data/data.db
-
-# Session
-SESSION_SECRET=your_session_secret
-
-# Logging
-APP_NAME=your_app_name
-LOG_LEVEL=info
-LOKI_HOST=http://your-loki-host:3100

package/demo/Dockerfile

@@ -1,20 +0,0 @@
-FROM node:alpine
-
-WORKDIR /app
-
-# Install dependencies
-COPY package*.json ./
-RUN npm ci --omit=dev
-
-# Copy application files
-COPY app.js ./
-COPY commons/ ./commons/
-COPY middleware/ ./middleware/
-COPY route/ ./route/
-COPY migrations/ ./migrations/
-
-# Expose port
-EXPOSE 3000
-
-# Start the application
-CMD ["node", "app.js"]

package/demo/app.js

@@ -1,39 +0,0 @@
-import express from "express";
-import "./commons/db.js";
-import configureSession from "./commons/session.js";
-import applySecurity from "./commons/security.js";
-import logger from "./middleware/logger.js";
-import routes from "./routes/index.js";
-import { fileURLToPath } from 'node:url';
-import path from "path";
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-const app = express();
-const PORT = process.env.PORT || 3000;
-
-// Middleware
-app.use(express.json());
-app.use(express.urlencoded({ extended: true }));
-
-// Security (helmet, rate limiting, custom headers)
-applySecurity(app);
-
-// Session
-app.use(configureSession());
-
-// Logger
-app.use(logger);
-
-// Routes
-app.use(process.env.API_BASE_PATH || "/api", routes);
-
-// Error handler
-app.use((err, req, res, next) => {
-  console.error(err.stack);
-  res.status(500).json({ type: "danger", message: "Internal Server Error" });
-});
-
-app.listen(PORT, () => {
-  console.log(`Server running on port ${PORT}`);
-});
-
-export default app;

package/demo/commons/add_migration.js

@@ -1,43 +0,0 @@
-#!/usr/bin/env node
-import fs from "fs";
-import path from "path";
-import { fileURLToPath } from "url";
-
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-
-/**
- * Create a new timestamped migration file.
- * @param {string} migrationsDir - absolute path to migrations folder
- * @param {string} [name] - migration name (default: "migration")
- * @returns {string} the created filename
- */
-export default function addMigration(migrationsDir, name) {
-  const migrationName = name || "migration";
-  const now = new Date();
-  const y = String(now.getFullYear()).padStart(4, "0");
-  const mo = String(now.getMonth() + 1).padStart(2, "0");
-  const d = String(now.getDate()).padStart(2, "0");
-  const h = String(now.getHours()).padStart(2, "0");
-  const mi = String(now.getMinutes()).padStart(2, "0");
-  const s = String(now.getSeconds()).padStart(2, "0");
-  const ts = `${y}${mo}${d}${h}${mi}${s}`;
-
-  const filename = `${ts}_${migrationName}.sql`;
-  const filePath = path.join(migrationsDir, filename);
-
-  if (!fs.existsSync(migrationsDir)) {
-    fs.mkdirSync(migrationsDir, { recursive: true });
-  }
-
-  fs.writeFileSync(filePath, "-- Write your migration SQL here\n");
-  console.log(`Created migration: ${filename}`);
-  return filename;
-}
-
-// Run as standalone script
-const isMain = process.argv[1] && fs.realpathSync(process.argv[1]) === fs.realpathSync(fileURLToPath(import.meta.url));
-if (isMain) {
-  const migrationsDir = path.join(__dirname, "../migrations");
-  const name = process.argv[2] || "migration";
-  addMigration(migrationsDir, name);
-}

package/demo/commons/db.js

@@ -1,17 +0,0 @@
-import "dotenv/config";
-import dbModelRouter from "db-model-router";
-
-// Initialize database adapter
-dbModelRouter.init("sqlite3");
-
-// Connect to database
-dbModelRouter.db.connect({
-  database: process.env.DB_NAME || "./data/data.db",
-});
-
-// Make db available globally across the application
-const db = dbModelRouter.db;
-global.db = db;
-
-export { db };
-export default db;

package/demo/commons/migrate.js

@@ -1,68 +0,0 @@
-#!/usr/bin/env node
-import fs from "fs";
-import path from "path";
-import crypto from "crypto";
-import { fileURLToPath } from "url";
-
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-
-/**
- * Run all pending SQL migrations from the migrations directory.
- * @param {object} db - db-model-router db instance
- * @param {string} migrationsDir - absolute path to migrations folder
- */
-export default async function runMigrations(db, migrationsDir) {
-  const files = fs.readdirSync(migrationsDir)
-    .filter(f => f.endsWith(".sql"))
-    .sort();
-
-  let executed;
-  try {
-    const result = await db.query("SELECT filename FROM _migrations");
-    executed = new Set((result || []).map(r => r.filename));
-  } catch (e) {
-    executed = new Set();
-  }
-
-  let ran = 0;
-  for (const file of files) {
-    if (executed.has(file)) {
-      console.log(`  Skipping (already executed): ${file}`);
-      continue;
-    }
-    const filePath = path.join(migrationsDir, file);
-    const content = fs.readFileSync(filePath, "utf8");
-    const checksum = crypto.createHash("md5").update(content).digest("hex");
-
-    console.log(`  Running migration: ${file}`);
-    await db.query(content);
-    await db.query(
-      "INSERT INTO _migrations (filename, checksum) VALUES (?, ?)",
-      [file, checksum]
-    );
-    console.log(`  Completed: ${file}`);
-    ran++;
-  }
-
-  if (ran === 0) {
-    console.log("No pending migrations.");
-  } else {
-    console.log(`\n${ran} migration(s) complete.`);
-  }
-}
-
-// Run as standalone script
-const isMain = process.argv[1] && fs.realpathSync(process.argv[1]) === fs.realpathSync(fileURLToPath(import.meta.url));
-if (isMain) {
-  await import("dotenv/config");
-  const pkg = await import("db-model-router");
-  const mod = pkg.default || pkg;
-  mod.init("sqlite3");
-  mod.db.connect({
-    database: process.env.DB_NAME || "./data/data.db",
-});
-  const migrationsDir = path.join(__dirname, "../migrations");
-  runMigrations(mod.db, migrationsDir)
-    .then(() => process.exit(0))
-    .catch(err => { console.error("Migration failed:", err); process.exit(1); });
-}

package/demo/commons/modules.js

@@ -1,18 +0,0 @@
-/**
- * Registry of all SaaS module names.
- * This is the single source of truth for valid module identifiers
- * used by the permission system.
- *
- * @type {string[]}
- */
-export const modules = ["users", "tenants", "roles", "permissions", "webhooks"];
-
-/**
- * Check whether a given name is a registered module.
- *
- * @param {string} name - The module name to validate
- * @returns {boolean} True if the name exists in the modules registry
- */
-export function isValidModule(name) {
-  return modules.includes(name);
-}

package/demo/commons/password.js

@@ -1,36 +0,0 @@
-import crypto from "crypto";
-
-/**
- * Hash a password using scrypt with a random salt.
- * Returns a string in the format "salt:derivedKey" (both hex-encoded).
- *
- * @param {string} password - The plaintext password to hash
- * @returns {Promise<string>} The hashed password string
- */
-export function hashPassword(password) {
-  const salt = crypto.randomBytes(16).toString("hex");
-  return new Promise((resolve, reject) => {
-    crypto.scrypt(password, salt, 64, (err, derivedKey) => {
-      if (err) reject(err);
-      resolve(salt + ":" + derivedKey.toString("hex"));
-    });
-  });
-}
-
-/**
- * Verify a password against a previously hashed value.
- * Uses timing-safe comparison to prevent timing attacks.
- *
- * @param {string} password - The plaintext password to verify
- * @param {string} hash - The stored hash in "salt:derivedKey" format
- * @returns {Promise<boolean>} True if the password matches, false otherwise
- */
-export function verifyPassword(password, hash) {
-  const [salt, key] = hash.split(":");
-  return new Promise((resolve, reject) => {
-    crypto.scrypt(password, salt, 64, (err, derivedKey) => {
-      if (err) reject(err);
-      resolve(crypto.timingSafeEqual(Buffer.from(key, "hex"), derivedKey));
-    });
-  });
-}

package/demo/commons/security.js

@@ -1,30 +0,0 @@
-import helmet from "helmet";
-import rateLimit from "express-rate-limit";
-
-/**
- * Apply security middleware to the Express app.
- * Includes: Helmet, rate limiting, custom security headers.
- * @param {import("express").Application} app
- */
-export default function applySecurity(app) {
-  // Helmet — sets various HTTP headers for security
-  app.use(helmet());
-
-  // Rate limiting
-  app.use(rateLimit({
-    windowMs: 15 * 60 * 1000,
-    max: 100,
-    standardHeaders: true,
-    legacyHeaders: false,
-  }));
-
-  // Custom security headers (override or extend as needed)
-  app.use((req, res, next) => {
-    res.setHeader("X-Content-Type-Options", "nosniff");
-    res.setHeader("X-Frame-Options", "DENY");
-    res.setHeader("X-XSS-Protection", "1; mode=block");
-    res.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
-    res.removeHeader("X-Powered-By");
-    next();
-  });
-}

package/demo/commons/session.js

@@ -1,13 +0,0 @@
-import session from "express-session";
-
-/**
- * Configure and return session middleware.
- * Session store: memory
- */
-export default function configureSession() {
-  return session({
-    secret: process.env.SESSION_SECRET || "change-me",
-    resave: false,
-    saveUninitialized: false,
-  });
-}