hightjs 0.1.1

package/package.json

@@ -0,0 +1,72 @@
+{
+  "name": "hightjs",
+  "version": "0.1.1",
+  "description": "HightJS is a high-level framework for building web applications with ease and speed. It provides a robust set of tools and features to streamline development and enhance productivity.",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "author": "itsmuzin",
+  "license": "Apache-2.0",
+  "scripts": {
+    "build": "tsc"
+  },
+  "bin": {
+    "hight": "./dist/bin/hightjs.js"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.js"
+    },
+    "./client": {
+      "types": "./dist/client.d.ts",
+      "import": "./dist/client.js",
+      "require": "./dist/client.js"
+    },
+    "./helpers": {
+      "types": "./dist/helpers.d.ts",
+      "import": "./dist/helpers.js",
+      "require": "./dist/helpers.js"
+    },
+    "./auth": {
+      "types": "./dist/auth/index.d.ts",
+      "import": "./dist/auth/index.js",
+      "require": "./dist/auth/index.js"
+    },
+    "./auth/react": {
+      "types": "./dist/auth/react/index.d.ts",
+      "import": "./dist/auth/react/index.js",
+      "require": "./dist/auth/react/index.js"
+    },
+    "./eslint": {
+      "types": "./dist/eslint/index.d.ts",
+      "import": "./dist/eslint/index.js",
+      "require": "./dist/eslint/index.js"
+    }
+  },
+  "devDependencies": {
+    "@types/express": "^4.17.21",
+    "@types/node": "^20.11.24",
+    "@types/react": "^19.2.0",
+    "@types/react-dom": "^19.2.0",
+    "@types/ws": "^8.18.1",
+    "ts-loader": "^9.5.4",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.9.3"
+  },
+  "dependencies": {
+    "@fastify/cookie": "^11.0.2",
+    "@fastify/formbody": "^8.0.2",
+    "boxen": "^8.0.1",
+    "chokidar": "^3.5.3",
+    "commander": "^14.0.1",
+    "cookie-parser": "^1.4.7",
+    "esbuild": "^0.25.10",
+    "express": "^4.0.0",
+    "fastify": "^5.6.1",
+    "framer-motion": "^12.23.22",
+    "react": "^19.2.0",
+    "react-dom": "^19.2.0",
+    "ws": "^8.18.1"
+  }
+}

package/src/adapters/express.ts

@@ -0,0 +1,70 @@
+import type { Request as ExpressRequest, Response as ExpressResponse } from 'express';
+import { GenericRequest, GenericResponse, FrameworkAdapter, CookieOptions } from '../types/framework';
+
+export class ExpressAdapter implements FrameworkAdapter {
+    type = 'express' as const;
+
+    parseRequest(req: ExpressRequest): GenericRequest {
+        return {
+            method: req.method,
+            url: req.url,
+            headers: req.headers as Record<string, string | string[]>,
+            body: req.body,
+            query: req.query as Record<string, any>,
+            params: req.params,
+            cookies: req.cookies || {},
+            raw: req
+        };
+    }
+
+    createResponse(res: ExpressResponse): GenericResponse {
+        return new ExpressResponseWrapper(res);
+    }
+}
+
+class ExpressResponseWrapper implements GenericResponse {
+    constructor(private res: ExpressResponse) {}
+
+    get raw() {
+        return this.res;
+    }
+
+    status(code: number): GenericResponse {
+        this.res.status(code);
+        return this;
+    }
+
+    header(name: string, value: string): GenericResponse {
+        this.res.setHeader(name, value);
+        return this;
+    }
+
+    cookie(name: string, value: string, options?: CookieOptions): GenericResponse {
+        this.res.cookie(name, value, options || {});
+        return this;
+    }
+
+    clearCookie(name: string, options?: CookieOptions): GenericResponse {
+        // Filter out the deprecated 'expires' option to avoid Express deprecation warning
+        const { expires, ...filteredOptions } = options || {};
+        this.res.clearCookie(name, filteredOptions);
+        return this;
+    }
+
+    json(data: any): void {
+        this.res.json(data);
+    }
+
+    text(data: string): void {
+        this.res.setHeader('Content-Type', 'text/plain; charset=utf-8');
+        this.res.send(data);
+    }
+
+    send(data: any): void {
+        this.res.send(data);
+    }
+
+    redirect(url: string): void {
+        this.res.redirect(url);
+    }
+}

package/src/adapters/factory.ts

@@ -0,0 +1,96 @@
+import { FrameworkAdapter } from '../types/framework';
+import { ExpressAdapter } from './express';
+import { FastifyAdapter } from './fastify';
+import { NativeAdapter } from './native';
+import Console, { Colors} from "../api/console"
+/**
+ * Factory para criar o adapter correto baseado no framework detectado
+ */
+export class FrameworkAdapterFactory {
+    private static adapter: FrameworkAdapter | null = null;
+
+    /**
+     * Detecta automaticamente o framework baseado na requisição/resposta
+     */
+    static detectFramework(req: any, res: any): FrameworkAdapter {
+        // Se já detectamos antes, retorna o mesmo adapter
+        if (this.adapter) {
+            return this.adapter;
+        }
+        const msg = Console.dynamicLine(`  ${Colors.FgYellow}●  ${Colors.Reset}Detectando framework web...`);
+
+        // Detecta Express
+        if (req.app && req.route && res.locals !== undefined) {
+            msg.end(`  ${Colors.FgGreen}●  ${Colors.Reset}Framework detectado: Express`);
+            this.adapter = new ExpressAdapter();
+            return this.adapter;
+        }
+
+        // Detecta Fastify
+        if (req.server && req.routerPath !== undefined && res.request) {
+            msg.end(`  ${Colors.FgGreen}●  ${Colors.Reset}Framework detectado: Fastify`);
+            this.adapter = new FastifyAdapter();
+            return this.adapter;
+        }
+
+        // Detecta HTTP nativo do Node.js
+        if (req.method !== undefined && req.url !== undefined && req.headers !== undefined &&
+            res.statusCode !== undefined && res.setHeader !== undefined && res.end !== undefined) {
+            msg.end(`  ${Colors.FgGreen}●  ${Colors.Reset}Framework detectado: HightJS Native (HTTP)`);
+            this.adapter = new NativeAdapter();
+            return this.adapter;
+        }
+
+        // Fallback mais específico para Express
+        if (res.status && res.send && res.json && res.cookie) {
+            msg.end(`  ${Colors.FgGreen}●  ${Colors.Reset}Framework detectado: Express (fallback)`);
+            this.adapter = new ExpressAdapter();
+            return this.adapter;
+        }
+
+        // Fallback mais específico para Fastify
+        if (res.code && res.send && res.type && res.setCookie) {
+            msg.end(`  ${Colors.FgGreen}●  ${Colors.Reset}Framework detectado: Fastify (fallback)`);
+            this.adapter = new FastifyAdapter();
+            return this.adapter;
+        }
+
+        // Default para HightJS Native se não conseguir detectar
+        msg.end(`  ${Colors.FgYellow}●  ${Colors.Reset}Não foi possível detectar o framework. Usando HightJS Native como padrão.`);
+        this.adapter = new NativeAdapter();
+        return this.adapter;
+    }
+
+    /**
+     * Força o uso de um framework específico
+     */
+    static setFramework(framework: 'express' | 'fastify' | 'native'): void {
+        switch (framework) {
+            case 'express':
+                this.adapter = new ExpressAdapter();
+                break;
+            case 'fastify':
+                this.adapter = new FastifyAdapter();
+                break;
+            case 'native':
+                this.adapter = new NativeAdapter();
+                break;
+            default:
+                throw new Error(`Framework não suportado: ${framework}`);
+        }
+    }
+
+    /**
+     * Reset do adapter (útil para testes)
+     */
+    static reset(): void {
+        this.adapter = null;
+    }
+
+    /**
+     * Retorna o adapter atual (se já foi detectado)
+     */
+    static getCurrentAdapter(): FrameworkAdapter | null {
+        return this.adapter;
+    }
+}

package/src/adapters/fastify.ts

@@ -0,0 +1,88 @@
+// Tipos para Fastify (sem import direto para evitar dependência obrigatória)
+interface FastifyRequest {
+    method: string;
+    url: string;
+    headers: Record<string, string | string[]>;
+    body?: any;
+    query?: Record<string, any>;
+    params?: Record<string, string>;
+    cookies?: Record<string, string>;
+}
+
+interface FastifyReply {
+    status(code: number): FastifyReply;
+    header(name: string, value: string): FastifyReply;
+    setCookie(name: string, value: string, options?: any): FastifyReply;
+    clearCookie(name: string, options?: any): FastifyReply;
+    type(contentType: string): FastifyReply;
+    send(data: any): void;
+    redirect(url: string): void;
+}
+
+import { GenericRequest, GenericResponse, FrameworkAdapter, CookieOptions } from '../types/framework';
+
+export class FastifyAdapter implements FrameworkAdapter {
+    type = 'fastify' as const;
+
+    parseRequest(req: FastifyRequest): GenericRequest {
+        return {
+            method: req.method,
+            url: req.url,
+            headers: req.headers as Record<string, string | string[]>,
+            body: req.body,
+            query: req.query as Record<string, any>,
+            params: req.params as Record<string, string>,
+            cookies: req.cookies || {},
+            raw: req
+        };
+    }
+
+    createResponse(reply: FastifyReply): GenericResponse {
+        return new FastifyResponseWrapper(reply);
+    }
+}
+
+class FastifyResponseWrapper implements GenericResponse {
+    constructor(private reply: FastifyReply) {}
+
+    get raw() {
+        return this.reply;
+    }
+
+    status(code: number): GenericResponse {
+        this.reply.status(code);
+        return this;
+    }
+
+    header(name: string, value: string): GenericResponse {
+        this.reply.header(name, value);
+        return this;
+    }
+
+    cookie(name: string, value: string, options?: CookieOptions): GenericResponse {
+        this.reply.setCookie(name, value, options);
+        return this;
+    }
+
+    clearCookie(name: string, options?: CookieOptions): GenericResponse {
+        this.reply.clearCookie(name, options);
+        return this;
+    }
+
+    json(data: any): void {
+        this.reply.send(data);
+    }
+
+    text(data: string): void {
+        this.reply.type('text/plain; charset=utf-8');
+        this.reply.send(data);
+    }
+
+    send(data: any): void {
+        this.reply.send(data);
+    }
+
+    redirect(url: string): void {
+        this.reply.redirect(url);
+    }
+}

package/src/adapters/native.ts

@@ -0,0 +1,223 @@
+import type { IncomingMessage, ServerResponse } from 'http';
+import { GenericRequest, GenericResponse, FrameworkAdapter, CookieOptions } from '../types/framework';
+import { parse as parseUrl } from 'url';
+
+// --- Funções Auxiliares de Segurança ---
+
+/**
+ * Remove caracteres de quebra de linha (\r, \n) de uma string para prevenir
+ * ataques de HTTP Header Injection (CRLF Injection).
+ * @param value O valor a ser sanitizado.
+ * @returns A string sanitizada.
+ */
+function sanitizeHeaderValue(value: string | number | boolean): string {
+    return String(value).replace(/[\r\n]/g, '');
+}
+
+/**
+ * Valida se o nome de um cookie contém apenas caracteres permitidos pela RFC 6265.
+ * Isso previne a criação de cookies com nomes inválidos ou maliciosos.
+ * @param name O nome do cookie a ser validado.
+ * @returns `true` se o nome for válido, `false` caso contrário.
+ */
+function isValidCookieName(name: string): boolean {
+    // A RFC 6265 define 'token' como 1 ou mais caracteres que não são controle nem separadores.
+    // Separadores: ( ) < > @ , ; : \ " / [ ] ? = { }
+    const validCookieNameRegex = /^[a-zA-Z0-9!#$%&'*+-.^_`|~]+$/;
+    return validCookieNameRegex.test(name);
+}
+
+
+export class NativeAdapter implements FrameworkAdapter {
+    type = 'native' as const;
+
+    parseRequest(req: IncomingMessage): GenericRequest {
+        const url = parseUrl(req.url || '', true);
+
+        return {
+            method: req.method || 'GET',
+            url: req.url || '/',
+            headers: req.headers as Record<string, string | string[]>,
+            // Adicionado fallback para null para maior segurança caso o body parser não tenha rodado.
+            body: (req as any).body ?? null,
+            // Tipo mais específico para a query.
+            query: url.query as Record<string, string | string[]>,
+            params: {}, // Será preenchido pelo roteador
+            cookies: this.parseCookies(req.headers.cookie || ''),
+            raw: req
+        };
+    }
+
+    createResponse(res: ServerResponse): GenericResponse {
+        return new NativeResponseWrapper(res);
+    }
+
+    private parseCookies(cookieHeader: string): Record<string, string> {
+        const cookies: Record<string, string> = {};
+
+        if (!cookieHeader) return cookies;
+
+        cookieHeader.split(';').forEach(cookie => {
+            const [name, ...rest] = cookie.trim().split('=');
+            if (name && rest.length > 0) {
+                try {
+                    // Tenta decodificar o valor do cookie.
+                    cookies[name] = decodeURIComponent(rest.join('='));
+                } catch (e) {
+                    // Prevenção de crash: Ignora cookies com valores malformados (e.g., URI inválida).
+                    console.error(`Aviso: Cookie malformado com nome "${name}" foi ignorado.`);
+                }
+            }
+        });
+
+        return cookies;
+    }
+}
+
+class NativeResponseWrapper implements GenericResponse {
+    private statusCode = 200;
+    private headers: Record<string, string | number> = {};
+    private cookiesToSet: string[] = []; // Array para lidar corretamente com múltiplos cookies.
+    private finished = false;
+
+    constructor(private res: ServerResponse) {}
+
+    get raw() {
+        return this.res;
+    }
+
+    status(code: number): GenericResponse {
+        this.statusCode = code;
+        return this;
+    }
+
+    header(name: string, value: string): GenericResponse {
+        // Medida de segurança CRÍTICA: Previne HTTP Header Injection (CRLF Injection).
+        // Sanitiza tanto o nome quanto o valor do header para remover quebras de linha.
+        const sanitizedName = sanitizeHeaderValue(name);
+        const sanitizedValue = sanitizeHeaderValue(value);
+
+        if (name !== sanitizedName || String(value) !== sanitizedValue) {
+            console.warn(`Aviso: Tentativa potencial de HTTP Header Injection foi detectada e sanitizada. Header original: "${name}"`);
+        }
+
+        // Evita setar o header 'Set-Cookie' diretamente para não conflitar com o método cookie().
+        if (sanitizedName.toLowerCase() === 'set-cookie') {
+            console.warn(`Aviso: Use o método .cookie() para definir cookies, não o .header().`);
+            return this;
+        }
+
+        this.headers[sanitizedName] = sanitizedValue;
+        return this;
+    }
+
+    cookie(name: string, value: string, options?: CookieOptions): GenericResponse {
+        // Medida de segurança: Valida o nome do cookie.
+        if (!isValidCookieName(name)) {
+            console.error(`Erro: Nome de cookie inválido "${name}". O cookie não será definido.`);
+            return this;
+        }
+
+        let cookieString = `${name}=${encodeURIComponent(value)}`;
+
+        if (options) {
+            // Sanitiza as opções que são strings para prevenir Header Injection.
+            if (options.domain) cookieString += `; Domain=${sanitizeHeaderValue(options.domain)}`;
+            if (options.path) cookieString += `; Path=${sanitizeHeaderValue(options.path)}`;
+            if (options.expires) cookieString += `; Expires=${options.expires.toUTCString()}`;
+            if (options.maxAge) cookieString += `; Max-Age=${options.maxAge}`;
+            if (options.httpOnly) cookieString += '; HttpOnly';
+            if (options.secure) cookieString += '; Secure';
+            if (options.sameSite) {
+                const sameSiteValue = typeof options.sameSite === 'boolean' ? 'Strict' : options.sameSite;
+                cookieString += `; SameSite=${sanitizeHeaderValue(sameSiteValue)}`;
+            }
+        }
+
+        this.cookiesToSet.push(cookieString);
+        return this;
+    }
+
+    clearCookie(name: string, options?: CookieOptions): GenericResponse {
+        const clearOptions = { ...options, expires: new Date(0), maxAge: 0 };
+        return this.cookie(name, '', clearOptions);
+    }
+
+    private writeHeaders(): void {
+        if (this.finished) return;
+
+        this.res.statusCode = this.statusCode;
+
+        Object.entries(this.headers).forEach(([name, value]) => {
+            this.res.setHeader(name, value);
+        });
+
+        // CORREÇÃO: Envia múltiplos cookies corretamente como headers 'Set-Cookie' separados.
+        // O método antigo de juntar com vírgula estava incorreto.
+        if (this.cookiesToSet.length > 0) {
+            this.res.setHeader('Set-Cookie', this.cookiesToSet);
+        }
+    }
+
+    json(data: any): void {
+        if (this.finished) return;
+
+        this.header('Content-Type', 'application/json; charset=utf-8');
+        this.writeHeaders();
+
+        const jsonString = JSON.stringify(data);
+        this.res.end(jsonString);
+        this.finished = true;
+    }
+
+    text(data: string): void {
+        if (this.finished) return;
+
+        this.header('Content-Type', 'text/plain; charset=utf-8');
+        this.writeHeaders();
+
+        this.res.end(data);
+        this.finished = true;
+    }
+
+    send(data: any): void {
+        if (this.finished) return;
+
+        const existingContentType = this.headers['Content-Type'];
+
+        if (typeof data === 'string') {
+            if (!existingContentType) {
+                this.header('Content-Type', 'text/plain; charset=utf-8');
+            }
+            this.writeHeaders();
+            this.res.end(data);
+        } else if (Buffer.isBuffer(data)) {
+            this.writeHeaders();
+            this.res.end(data);
+        } else if (data !== null && typeof data === 'object') {
+            this.json(data); // Reutiliza o método json para consistência
+            return; // O método json já finaliza a resposta
+        } else {
+            if (!existingContentType) {
+                this.header('Content-Type', 'text/plain; charset=utf-8');
+            }
+            this.writeHeaders();
+            this.res.end(String(data));
+        }
+
+        this.finished = true;
+    }
+
+    redirect(url: string): void {
+        if (this.finished) return;
+
+        this.status(302);
+        // A sanitização no método .header() previne que um URL manipulado
+        // cause um ataque de Open Redirect via Header Injection.
+        this.header('Location', url);
+        this.writeHeaders();
+
+        this.res.end();
+        this.finished = true;
+    }
+}