hightjs 0.5.0 → 0.5.1

package/README.md

@@ -36,22 +36,6 @@
 
 ---
 
-## 📦 Installation
-
-```bash
-npm install hightjs react@19 react-dom@19
-```
-
-## 🚀 Quick Start
-
-```bash
-npx hight dev
-```
-
-Visit [http://localhost:3000](http://localhost:3000)
-
----
-
 ## 📚 Documentation
 
 For complete documentation, tutorials, and guides, visit:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hightjs",
-  "version": "0.5.0",
+  "version": "0.5.1",
   "description": "HightJS is a high-level framework for building web applications with ease and speed. It provides a robust set of tools and features to streamline development and enhance productivity.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -16,7 +16,8 @@
   "files": [
     "dist",
     "README.md",
-    "dist/global/global.d.ts"
+    "dist/global/global.d.ts",
+    "src"
   ],
   "bin": {
     "hight": "./dist/bin/hightjs.js"

package/src/adapters/express.ts

@@ -0,0 +1,87 @@
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import type { Request as ExpressRequest, Response as ExpressResponse } from 'express';
+import { GenericRequest, GenericResponse, FrameworkAdapter, CookieOptions } from '../types/framework';
+
+export class ExpressAdapter implements FrameworkAdapter {
+    type = 'express' as const;
+
+    parseRequest(req: ExpressRequest): GenericRequest {
+
+        return {
+            method: req.method,
+            url: req.url,
+            headers: req.headers as Record<string, string | string[]>,
+            body: req.body,
+            query: req.query as Record<string, any>,
+            params: req.params,
+            cookies: req.cookies || {},
+            raw: req,
+        };
+    }
+
+    createResponse(res: ExpressResponse): GenericResponse {
+        return new ExpressResponseWrapper(res);
+    }
+}
+
+class ExpressResponseWrapper implements GenericResponse {
+    constructor(private res: ExpressResponse) {}
+
+    get raw() {
+        return this.res;
+    }
+
+    status(code: number): GenericResponse {
+        this.res.status(code);
+        return this;
+    }
+
+    header(name: string, value: string): GenericResponse {
+        this.res.setHeader(name, value);
+        return this;
+    }
+
+    cookie(name: string, value: string, options?: CookieOptions): GenericResponse {
+        this.res.cookie(name, value, options || {});
+        return this;
+    }
+
+    clearCookie(name: string, options?: CookieOptions): GenericResponse {
+        // Filter out the deprecated 'expires' option to avoid Express deprecation warning
+        const { expires, ...filteredOptions } = options || {};
+        this.res.clearCookie(name, filteredOptions);
+        return this;
+    }
+
+    json(data: any): void {
+        this.res.json(data);
+    }
+
+    text(data: string): void {
+        this.res.setHeader('Content-Type', 'text/plain; charset=utf-8');
+        this.res.send(data);
+    }
+
+    send(data: any): void {
+        this.res.send(data);
+    }
+
+    redirect(url: string): void {
+        this.res.redirect(url);
+    }
+}

package/src/adapters/factory.ts

@@ -0,0 +1,112 @@
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { FrameworkAdapter } from '../types/framework';
+import { ExpressAdapter } from './express';
+import { FastifyAdapter } from './fastify';
+import { NativeAdapter } from './native';
+import Console, { Colors} from "../api/console"
+/**
+ * Factory para criar o adapter correto baseado no framework detectado
+ */
+export class FrameworkAdapterFactory {
+    private static adapter: FrameworkAdapter | null = null;
+
+    /**
+     * Detecta automaticamente o framework baseado na requisição/resposta
+     */
+    static detectFramework(req: any, res: any): FrameworkAdapter {
+        // Se já detectamos antes, retorna o mesmo adapter
+        if (this.adapter) {
+            return this.adapter;
+        }
+        const msg = Console.dynamicLine(`  ${Colors.FgYellow}●  ${Colors.Reset}Detecting web framework...`);
+
+        // Detecta Express
+        if (req.app && req.route && res.locals !== undefined) {
+            msg.end(`  ${Colors.FgGreen}●  ${Colors.Reset}Framework detected: Express`);
+            this.adapter = new ExpressAdapter();
+            return this.adapter;
+        }
+
+        // Detecta Fastify
+        if (req.server && req.routerPath !== undefined && res.request) {
+            msg.end(`  ${Colors.FgGreen}●  ${Colors.Reset}Framework detected: Fastify`);
+            this.adapter = new FastifyAdapter();
+            return this.adapter;
+        }
+
+        // Detecta HTTP nativo do Node.js
+        if (req.method !== undefined && req.url !== undefined && req.headers !== undefined &&
+            res.statusCode !== undefined && res.setHeader !== undefined && res.end !== undefined) {
+            msg.end(`  ${Colors.FgGreen}●  ${Colors.Reset}Framework detected: HightJS Native (HTTP)`);
+            this.adapter = new NativeAdapter();
+            return this.adapter;
+        }
+
+        // Fallback mais específico para Express
+        if (res.status && res.send && res.json && res.cookie) {
+            msg.end(`  ${Colors.FgGreen}●  ${Colors.Reset}Framework detected: Express (fallback)`);
+            this.adapter = new ExpressAdapter();
+            return this.adapter;
+        }
+
+        // Fallback mais específico para Fastify
+        if (res.code && res.send && res.type && res.setCookie) {
+            msg.end(`  ${Colors.FgGreen}●  ${Colors.Reset}Framework detected: Fastify (fallback)`);
+            this.adapter = new FastifyAdapter();
+            return this.adapter;
+        }
+
+        // Default para HightJS Native se não conseguir detectar
+        msg.end(`  ${Colors.FgYellow}●  ${Colors.Reset}Unable to detect framework. Using HightJS Native as default.`);
+        this.adapter = new NativeAdapter();
+        return this.adapter;
+    }
+
+    /**
+     * Força o uso de um framework específico
+     */
+    static setFramework(framework: 'express' | 'fastify' | 'native'): void {
+        switch (framework) {
+            case 'express':
+                this.adapter = new ExpressAdapter();
+                break;
+            case 'fastify':
+                this.adapter = new FastifyAdapter();
+                break;
+            case 'native':
+                this.adapter = new NativeAdapter();
+                break;
+            default:
+                throw new Error(`Unsupported framework: ${framework}`);
+        }
+    }
+
+    /**
+     * Reset do adapter (útil para testes)
+     */
+    static reset(): void {
+        this.adapter = null;
+    }
+
+    /**
+     * Retorna o adapter atual (se já foi detectado)
+     */
+    static getCurrentAdapter(): FrameworkAdapter | null {
+        return this.adapter;
+    }
+}

package/src/adapters/fastify.ts

@@ -0,0 +1,104 @@
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Tipos para Fastify (sem import direto para evitar dependência obrigatória)
+interface FastifyRequest {
+    method: string;
+    url: string;
+    headers: Record<string, string | string[]>;
+    body?: any;
+    query?: Record<string, any>;
+    params?: Record<string, string>;
+    cookies?: Record<string, string>;
+}
+
+interface FastifyReply {
+    status(code: number): FastifyReply;
+    header(name: string, value: string): FastifyReply;
+    setCookie(name: string, value: string, options?: any): FastifyReply;
+    clearCookie(name: string, options?: any): FastifyReply;
+    type(contentType: string): FastifyReply;
+    send(data: any): void;
+    redirect(url: string): void;
+}
+
+import { GenericRequest, GenericResponse, FrameworkAdapter, CookieOptions } from '../types/framework';
+
+export class FastifyAdapter implements FrameworkAdapter {
+    type = 'fastify' as const;
+
+    parseRequest(req: FastifyRequest): GenericRequest {
+        return {
+            method: req.method,
+            url: req.url,
+            headers: req.headers as Record<string, string | string[]>,
+            body: req.body,
+            query: req.query as Record<string, any>,
+            params: req.params as Record<string, string>,
+            cookies: req.cookies || {},
+            raw: req
+        };
+    }
+
+    createResponse(reply: FastifyReply): GenericResponse {
+        return new FastifyResponseWrapper(reply);
+    }
+}
+
+class FastifyResponseWrapper implements GenericResponse {
+    constructor(private reply: FastifyReply) {}
+
+    get raw() {
+        return this.reply;
+    }
+
+    status(code: number): GenericResponse {
+        this.reply.status(code);
+        return this;
+    }
+
+    header(name: string, value: string): GenericResponse {
+        this.reply.header(name, value);
+        return this;
+    }
+
+    cookie(name: string, value: string, options?: CookieOptions): GenericResponse {
+        this.reply.setCookie(name, value, options);
+        return this;
+    }
+
+    clearCookie(name: string, options?: CookieOptions): GenericResponse {
+        this.reply.clearCookie(name, options);
+        return this;
+    }
+
+    json(data: any): void {
+        this.reply.send(data);
+    }
+
+    text(data: string): void {
+        this.reply.type('text/plain; charset=utf-8');
+        this.reply.send(data);
+    }
+
+    send(data: any): void {
+        this.reply.send(data);
+    }
+
+    redirect(url: string): void {
+        this.reply.redirect(url);
+    }
+}

package/src/adapters/native.ts

@@ -0,0 +1,234 @@
+/*
+ * This file is part of the HightJS Project.
+ * Copyright (c) 2025 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import type { IncomingMessage, ServerResponse } from 'http';
+import { GenericRequest, GenericResponse, FrameworkAdapter, CookieOptions } from '../types/framework';
+import { parse as parseUrl } from 'url';
+
+// --- Funções Auxiliares de Segurança ---
+
+/**
+ * Remove caracteres de quebra de linha (\r, \n) de uma string para prevenir
+ * ataques de HTTP Header Injection (CRLF Injection).
+ * @param value O valor a ser sanitizado.
+ * @returns A string sanitizada.
+ */
+function sanitizeHeaderValue(value: string | number | boolean): string {
+    return String(value).replace(/[\r\n]/g, '');
+}
+
+/**
+ * Valida se o nome de um cookie contém apenas caracteres permitidos pela RFC 6265.
+ * Isso previne a criação de cookies com nomes inválidos ou maliciosos.
+ * @param name O nome do cookie a ser validado.
+ * @returns `true` se o nome for válido, `false` caso contrário.
+ */
+function isValidCookieName(name: string): boolean {
+    // A RFC 6265 define 'token' como 1 ou mais caracteres que não são controle nem separadores.
+    // Separadores: ( ) < > @ , ; : \ " / [ ] ? = { }
+    const validCookieNameRegex = /^[a-zA-Z0-9!#$%&'*+-.^_`|~]+$/;
+    return validCookieNameRegex.test(name);
+}
+
+
+export class NativeAdapter implements FrameworkAdapter {
+    type = 'native' as const;
+
+    parseRequest(req: IncomingMessage): GenericRequest {
+        const url = parseUrl(req.url || '', true);
+
+        return {
+            method: req.method || 'GET',
+            url: req.url || '/',
+            headers: req.headers as Record<string, string | string[]>,
+            // Adicionado fallback para null para maior segurança caso o body parser não tenha rodado.
+            body: (req as any).body ?? null,
+            // Tipo mais específico para a query.
+            query: url.query as Record<string, string | string[]>,
+            params: {}, // Será preenchido pelo roteador
+            cookies: this.parseCookies(req.headers.cookie || ''),
+            raw: req
+        };
+    }
+
+    createResponse(res: ServerResponse): GenericResponse {
+        return new NativeResponseWrapper(res);
+    }
+
+    private parseCookies(cookieHeader: string): Record<string, string> {
+        const cookies: Record<string, string> = {};
+
+        if (!cookieHeader) return cookies;
+
+        cookieHeader.split(';').forEach(cookie => {
+            const [name, ...rest] = cookie.trim().split('=');
+            if (name && rest.length > 0) {
+                try {
+                    // Tenta decodificar o valor do cookie.
+                    cookies[name] = decodeURIComponent(rest.join('='));
+                } catch (e) {
+                    // Prevenção de crash: Ignora cookies com valores malformados (e.g., URI inválida).
+                    console.error(`Warning: Malformed cookie with name "${name}" was ignored.`);
+                }
+            }
+        });
+
+        return cookies;
+    }
+}
+
+class NativeResponseWrapper implements GenericResponse {
+    private statusCode = 200;
+    private headers: Record<string, string | number> = {};
+    private cookiesToSet: string[] = []; // Array para lidar corretamente com múltiplos cookies.
+    private finished = false;
+
+    constructor(private res: ServerResponse) {}
+
+    get raw() {
+        return this.res;
+    }
+
+    status(code: number): GenericResponse {
+        this.statusCode = code;
+        return this;
+    }
+
+    header(name: string, value: string): GenericResponse {
+        // Medida de segurança CRÍTICA: Previne HTTP Header Injection (CRLF Injection).
+        // Sanitiza tanto o nome quanto o valor do header para remover quebras de linha.
+        const sanitizedName = sanitizeHeaderValue(name);
+        const sanitizedValue = sanitizeHeaderValue(value);
+
+        if (name !== sanitizedName || String(value) !== sanitizedValue) {
+            console.warn(`Warning: Potential HTTP Header Injection attempt detected and sanitized. Original header: "${name}"`);
+        }
+
+
+        this.headers[sanitizedName] = sanitizedValue;
+        return this;
+    }
+
+    cookie(name: string, value: string, options?: CookieOptions): GenericResponse {
+        // Medida de segurança: Valida o nome do cookie.
+        if (!isValidCookieName(name)) {
+            console.error(`Error: Invalid cookie name "${name}". The cookie will not be set.`);
+            return this;
+        }
+
+        let cookieString = `${name}=${encodeURIComponent(value)}`;
+
+        if (options) {
+            // Sanitiza as opções que são strings para prevenir Header Injection.
+            if (options.domain) cookieString += `; Domain=${sanitizeHeaderValue(options.domain)}`;
+            if (options.path) cookieString += `; Path=${sanitizeHeaderValue(options.path)}`;
+            if (options.expires) cookieString += `; Expires=${options.expires.toUTCString()}`;
+            if (options.maxAge) cookieString += `; Max-Age=${options.maxAge}`;
+            if (options.httpOnly) cookieString += '; HttpOnly';
+            if (options.secure) cookieString += '; Secure';
+            if (options.sameSite) {
+                const sameSiteValue = typeof options.sameSite === 'boolean' ? 'Strict' : options.sameSite;
+                cookieString += `; SameSite=${sanitizeHeaderValue(sameSiteValue)}`;
+            }
+        }
+
+        this.cookiesToSet.push(cookieString);
+        return this;
+    }
+
+    clearCookie(name: string, options?: CookieOptions): GenericResponse {
+        const clearOptions = { ...options, expires: new Date(0), maxAge: 0 };
+        return this.cookie(name, '', clearOptions);
+    }
+
+    private writeHeaders(): void {
+        if (this.finished) return;
+
+        this.res.statusCode = this.statusCode;
+
+        Object.entries(this.headers).forEach(([name, value]) => {
+            this.res.setHeader(name, value);
+        });
+
+        // CORREÇÃO: Envia múltiplos cookies corretamente como headers 'Set-Cookie' separados.
+        // O método antigo de juntar com vírgula estava incorreto.
+        if (this.cookiesToSet.length > 0) {
+            this.res.setHeader('Set-Cookie', this.cookiesToSet);
+        }
+    }
+
+    json(data: any): void {
+        if (this.finished) return;
+
+        this.header('Content-Type', 'application/json; charset=utf-8');
+        this.writeHeaders();
+
+        const jsonString = JSON.stringify(data);
+        this.res.end(jsonString);
+        this.finished = true;
+    }
+
+    text(data: string): void {
+        if (this.finished) return;
+
+        this.header('Content-Type', 'text/plain; charset=utf-8');
+        this.writeHeaders();
+
+        this.res.end(data);
+        this.finished = true;
+    }
+
+    send(data: any): void {
+        if (this.finished) return;
+
+        const existingContentType = this.headers['Content-Type'];
+
+        if (typeof data === 'string') {
+            if (!existingContentType) {
+                this.header('Content-Type', 'text/plain; charset=utf-8');
+            }
+            this.writeHeaders();
+            this.res.end(data);
+        } else if (Buffer.isBuffer(data)) {
+            this.writeHeaders();
+            this.res.end(data);
+        } else if (data !== null && typeof data === 'object') {
+            this.json(data); // Reutiliza o método json para consistência
+            return; // O método json já finaliza a resposta
+        } else {
+            if (!existingContentType) {
+                this.header('Content-Type', 'text/plain; charset=utf-8');
+            }
+            this.writeHeaders();
+            this.res.end(String(data));
+        }
+
+        this.finished = true;
+    }
+
+    redirect(url: string): void {
+        if (this.finished) return;
+
+        this.status(302);
+        // A sanitização no método .header() previne que um URL manipulado
+        // cause um ataque de Open Redirect via Header Injection.
+        this.header('Location', url);
+        this.writeHeaders();
+
+        this.res.end();
+        this.finished = true;
+    }
+}