kempo-server 1.10.7 → 2.0.0

package/CONFIG.md

@@ -35,6 +35,7 @@ This json file can have any of the following properties, any property not define
 - [routeFiles](#routefiles)
 - [noRescanPaths](#norescanpaths)
 - [maxRescanAttempts](#maxrescanattempts)
+- [maxBodySize](#maxbodysize)
 - [cache](#cache)
 - [middleware](#middleware)
 
@@ -391,6 +392,16 @@ The maximum number of times to attempt rescanning the file system when a file is
 }
 ```
 
+### maxBodySize
+
+Maximum allowed request body size in bytes. If a request body exceeds this limit, the server responds with `413 Payload Too Large` before the route handler runs. Defaults to `1048576` (1 MB).
+
+```json
+{
+  "maxBodySize": 1048576
+}
+```
+
 ## Configuration Examples
 
 ### Development Environment

package/README.md

@@ -114,11 +114,12 @@ Kempo Server provides a request object that makes working with HTTP requests eas
 - `request.headers` - Request headers object
 - `request.url` - Full request URL
 
+- `request.body` - Pre-parsed request body (JSON → object, form-urlencoded → object, other → raw string, no body → `null`)
+
 ### Methods
-- `await request.json()` - Parse request body as JSON
-- `await request.text()` - Get request body as text
-- `await request.body()` - Get raw request body as string
-- `await request.buffer()` - Get request body as Buffer
+- `await request.json()` - Get cached body parsed as JSON
+- `await request.text()` - Get cached body as text
+- `await request.buffer()` - Get cached body as Buffer
 - `request.get(headerName)` - Get specific header value
 - `request.is(type)` - Check if content-type contains specified type
 
@@ -149,17 +150,12 @@ export default async function(request, response) {
 // api/user/[id]/POST.js
 export default async function(request, response) {
   const { id } = request.params;
+  const { name, email } = request.body;
   
-  try {
-    const updateData = await request.json();
-    
-    // Update user in database
-    const updatedUser = await updateUser(id, updateData);
-    
-    response.json(updatedUser);
-  } catch (error) {
-    response.status(400).json({ error: 'Invalid JSON' });
-  }
+  // request.body is already parsed from JSON
+  const updatedUser = await updateUser(id, { name, email });
+  
+  response.json(updatedUser);
 }
 ```
 
@@ -291,20 +287,14 @@ export default async function(request, response) {
 export default async function(request, response) {
   const { id } = request.params;
   
-  try {
-    const userData = await request.json(); // Parse JSON body easily
-    
-    // Update user in database
-    const updatedUser = {
-      id: id,
-      ...userData,
-      updatedAt: new Date().toISOString()
-    };
-    
-    response.json(updatedUser);
-  } catch (error) {
-    response.status(400).json({ error: 'Invalid JSON' });
-  }
+  // request.body is pre-parsed based on Content-Type
+  const updatedUser = {
+    id: id,
+    ...request.body,
+    updatedAt: new Date().toISOString()
+  };
+  
+  response.json(updatedUser);
 }
 ```
 
@@ -312,19 +302,14 @@ export default async function(request, response) {
 
 ```javascript
 // contact/POST.js
+// With Content-Type: application/x-www-form-urlencoded,
+// request.body is automatically parsed into an object
 export default async function(request, response) {
-  try {
-    const body = await request.text(); // Get raw text body
-    const formData = new URLSearchParams(body);
-    const name = formData.get('name');
-    const email = formData.get('email');
-    
-    // Process form data...
-    
-    response.html('<h1>Thank you for your message!</h1>');
-  } catch (error) {
-    response.status(400).html('<h1>Error processing form</h1>');
-  }
+  const { name, email } = request.body;
+  
+  // Process form data...
+  
+  response.html('<h1>Thank you for your message!</h1>');
 }
 ```
 

package/dist/defaultConfig.js

@@ -1 +1 @@
-export default{allowedMimes:{html:{mime:"text/html",encoding:"utf8"},htm:{mime:"text/html",encoding:"utf8"},shtml:{mime:"text/html",encoding:"utf8"},css:{mime:"text/css",encoding:"utf8"},xml:{mime:"text/xml",encoding:"utf8"},gif:{mime:"image/gif",encoding:"binary"},jpeg:{mime:"image/jpeg",encoding:"binary"},jpg:{mime:"image/jpeg",encoding:"binary"},js:{mime:"application/javascript",encoding:"utf8"},mjs:{mime:"application/javascript",encoding:"utf8"},json:{mime:"application/json",encoding:"utf8"},webp:{mime:"image/webp",encoding:"binary"},png:{mime:"image/png",encoding:"binary"},svg:{mime:"image/svg+xml",encoding:"utf8"},svgz:{mime:"image/svg+xml",encoding:"utf8"},ico:{mime:"image/x-icon",encoding:"binary"},webm:{mime:"video/webm",encoding:"binary"},mp4:{mime:"video/mp4",encoding:"binary"},m4v:{mime:"video/mp4",encoding:"binary"},ogv:{mime:"video/ogg",encoding:"binary"},mp3:{mime:"audio/mpeg",encoding:"binary"},ogg:{mime:"audio/ogg",encoding:"binary"},wav:{mime:"audio/wav",encoding:"binary"},woff:{mime:"font/woff",encoding:"binary"},woff2:{mime:"font/woff2",encoding:"binary"},ttf:{mime:"font/ttf",encoding:"binary"},otf:{mime:"font/otf",encoding:"binary"},eot:{mime:"application/vnd.ms-fontobject",encoding:"binary"},pdf:{mime:"application/pdf",encoding:"binary"},txt:{mime:"text/plain",encoding:"utf8"},webmanifest:{mime:"application/manifest+json",encoding:"utf8"},md:{mime:"text/markdown",encoding:"utf8"},csv:{mime:"text/csv",encoding:"utf8"},doc:{mime:"application/msword",encoding:"binary"},docx:{mime:"application/vnd.openxmlformats-officedocument.wordprocessingml.document",encoding:"binary"},xls:{mime:"application/vnd.ms-excel",encoding:"binary"},xlsx:{mime:"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",encoding:"binary"},ppt:{mime:"application/vnd.ms-powerpoint",encoding:"binary"},pptx:{mime:"application/vnd.openxmlformats-officedocument.presentationml.presentation",encoding:"binary"},avif:{mime:"image/avif",encoding:"binary"},wasm:{mime:"application/wasm",encoding:"binary"}},disallowedRegex:["^/\\..*","\\.config$","\\.env$","\\.git/","\\.htaccess$","\\.htpasswd$","^/node_modules/","^/vendor/","\\.log$","\\.bak$","\\.sql$","\\.ini$","config\\.php$","wp-config\\.php$","\\.DS_Store$","package\\.json$","package-lock\\.json$"],routeFiles:["GET.js","POST.js","PUT.js","DELETE.js","HEAD.js","OPTIONS.js","PATCH.js","CONNECT.js","TRACE.js","index.js"],noRescanPaths:["^/\\.well-known/","/favicon\\.ico$","/robots\\.txt$","/sitemap\\.xml$","/apple-touch-icon","/android-chrome-","/browserconfig\\.xml$","/manifest\\.json$","\\.map$","/__webpack_hmr$","/hot-update\\.","/sockjs-node/"],maxRescanAttempts:3,customRoutes:{},middleware:{cors:{enabled:!1,origin:"*",methods:["GET","POST","PUT","DELETE","OPTIONS"],headers:["Content-Type","Authorization"]},compression:{enabled:!1,threshold:1024},rateLimit:{enabled:!1,maxRequests:100,windowMs:6e4,message:"Too many requests"},security:{enabled:!0,headers:{"X-Content-Type-Options":"nosniff","X-Frame-Options":"DENY","X-XSS-Protection":"1; mode=block"}},logging:{enabled:!0,includeUserAgent:!1,includeResponseTime:!0},custom:[]},cache:{enabled:!1,maxSize:100,maxMemoryMB:50,ttlMs:3e5,maxHeapUsagePercent:70,memoryCheckInterval:3e4,watchFiles:!0,enableMemoryMonitoring:!0}};
+export default{allowedMimes:{html:{mime:"text/html",encoding:"utf8"},htm:{mime:"text/html",encoding:"utf8"},shtml:{mime:"text/html",encoding:"utf8"},css:{mime:"text/css",encoding:"utf8"},xml:{mime:"text/xml",encoding:"utf8"},gif:{mime:"image/gif",encoding:"binary"},jpeg:{mime:"image/jpeg",encoding:"binary"},jpg:{mime:"image/jpeg",encoding:"binary"},js:{mime:"application/javascript",encoding:"utf8"},mjs:{mime:"application/javascript",encoding:"utf8"},json:{mime:"application/json",encoding:"utf8"},webp:{mime:"image/webp",encoding:"binary"},png:{mime:"image/png",encoding:"binary"},svg:{mime:"image/svg+xml",encoding:"utf8"},svgz:{mime:"image/svg+xml",encoding:"utf8"},ico:{mime:"image/x-icon",encoding:"binary"},webm:{mime:"video/webm",encoding:"binary"},mp4:{mime:"video/mp4",encoding:"binary"},m4v:{mime:"video/mp4",encoding:"binary"},ogv:{mime:"video/ogg",encoding:"binary"},mp3:{mime:"audio/mpeg",encoding:"binary"},ogg:{mime:"audio/ogg",encoding:"binary"},wav:{mime:"audio/wav",encoding:"binary"},woff:{mime:"font/woff",encoding:"binary"},woff2:{mime:"font/woff2",encoding:"binary"},ttf:{mime:"font/ttf",encoding:"binary"},otf:{mime:"font/otf",encoding:"binary"},eot:{mime:"application/vnd.ms-fontobject",encoding:"binary"},pdf:{mime:"application/pdf",encoding:"binary"},txt:{mime:"text/plain",encoding:"utf8"},webmanifest:{mime:"application/manifest+json",encoding:"utf8"},md:{mime:"text/markdown",encoding:"utf8"},csv:{mime:"text/csv",encoding:"utf8"},doc:{mime:"application/msword",encoding:"binary"},docx:{mime:"application/vnd.openxmlformats-officedocument.wordprocessingml.document",encoding:"binary"},xls:{mime:"application/vnd.ms-excel",encoding:"binary"},xlsx:{mime:"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",encoding:"binary"},ppt:{mime:"application/vnd.ms-powerpoint",encoding:"binary"},pptx:{mime:"application/vnd.openxmlformats-officedocument.presentationml.presentation",encoding:"binary"},avif:{mime:"image/avif",encoding:"binary"},wasm:{mime:"application/wasm",encoding:"binary"}},disallowedRegex:["^/\\..*","\\.config$","\\.env$","\\.git/","\\.htaccess$","\\.htpasswd$","^/node_modules/","^/vendor/","\\.log$","\\.bak$","\\.sql$","\\.ini$","config\\.php$","wp-config\\.php$","\\.DS_Store$","package\\.json$","package-lock\\.json$"],routeFiles:["GET.js","POST.js","PUT.js","DELETE.js","HEAD.js","OPTIONS.js","PATCH.js","CONNECT.js","TRACE.js","index.js"],noRescanPaths:["^/\\.well-known/","/favicon\\.ico$","/robots\\.txt$","/sitemap\\.xml$","/apple-touch-icon","/android-chrome-","/browserconfig\\.xml$","/manifest\\.json$","\\.map$","/__webpack_hmr$","/hot-update\\.","/sockjs-node/"],maxRescanAttempts:3,customRoutes:{},middleware:{cors:{enabled:!1,origin:"*",methods:["GET","POST","PUT","DELETE","OPTIONS"],headers:["Content-Type","Authorization"]},compression:{enabled:!1,threshold:1024},rateLimit:{enabled:!1,maxRequests:100,windowMs:6e4,message:"Too many requests"},security:{enabled:!0,headers:{"X-Content-Type-Options":"nosniff","X-Frame-Options":"DENY","X-XSS-Protection":"1; mode=block"}},logging:{enabled:!0,includeUserAgent:!1,includeResponseTime:!0},custom:[]},maxBodySize:1048576,cache:{enabled:!1,maxSize:100,maxMemoryMB:50,ttlMs:3e5,maxHeapUsagePercent:70,memoryCheckInterval:3e4,watchFiles:!0,enableMemoryMonitoring:!0}};

package/dist/requestWrapper.js

@@ -1 +1 @@
-import{URL}from"url";export function createRequestWrapper(request,params={}){const url=new URL(request.url,`http://${request.headers.host||"localhost"}`),query=Object.fromEntries(url.searchParams);return{...request,_originalRequest:request,method:request.method,url:request.url,headers:request.headers,params:params,query:query,path:url.pathname,cookies:(()=>{const cookieHeader=request.headers.cookie||request.headers.Cookie;return cookieHeader?cookieHeader.split(";").reduce((cookies,cookie)=>{const[name,...rest]=cookie.trim().split("=");return name&&(cookies[name]=rest.join("=")),cookies},{}):{}})(),body:async()=>new Promise((resolve,reject)=>{let body="";request.on("data",chunk=>{body+=chunk.toString()}),request.on("end",()=>{resolve(body)}),request.on("error",reject)}),async json(){try{const body=await this.body();return JSON.parse(body)}catch(error){throw new Error("Invalid JSON in request body")}},async text(){return this.body()},buffer:async()=>new Promise((resolve,reject)=>{const chunks=[];request.on("data",chunk=>{chunks.push(chunk)}),request.on("end",()=>{resolve(Buffer.concat(chunks))}),request.on("error",reject)}),get:headerName=>request.headers[headerName.toLowerCase()],is(type){return(this.get("content-type")||"").includes(type)}}}export default createRequestWrapper;
+import{URL}from"url";export const readRawBody=req=>void 0!==req._bufferedBody?Promise.resolve(req._bufferedBody):new Promise((resolve,reject)=>{let body="";req.on("data",chunk=>{body+=chunk.toString()}),req.on("end",()=>{resolve(body)}),req.on("error",reject)});export const parseBody=(rawBody,contentType)=>{if(!rawBody)return null;const ct=(contentType||"").toLowerCase();if(ct.includes("application/json"))try{return JSON.parse(rawBody)}catch{return null}return ct.includes("application/x-www-form-urlencoded")?Object.fromEntries(new URLSearchParams(rawBody)):rawBody};export function createRequestWrapper(request,params={}){const url=new URL(request.url,`http://${request.headers.host||"localhost"}`),query=Object.fromEntries(url.searchParams);return{...request,_originalRequest:request,method:request.method,url:request.url,headers:request.headers,params:params,query:query,path:url.pathname,cookies:(()=>{const cookieHeader=request.headers.cookie||request.headers.Cookie;return cookieHeader?cookieHeader.split(";").reduce((cookies,cookie)=>{const[name,...rest]=cookie.trim().split("=");return name&&(cookies[name]=rest.join("=")),cookies},{}):{}})(),body:null,_rawBody:"",async json(){return JSON.parse(this._rawBody)},async text(){return this._rawBody},async buffer(){return Buffer.from(this._rawBody)},get:headerName=>request.headers[headerName.toLowerCase()],is(type){return(this.get("content-type")||"").includes(type)}}}export default createRequestWrapper;

package/dist/router.js

@@ -1 +1 @@
-import path from"path";import{readFile}from"fs/promises";import{pathToFileURL}from"url";import defaultConfig from"./defaultConfig.js";import getFiles from"./getFiles.js";import findFile from"./findFile.js";import serveFile from"./serveFile.js";import MiddlewareRunner from"./middlewareRunner.js";import ModuleCache from"./moduleCache.js";import createRequestWrapper from"./requestWrapper.js";import createResponseWrapper from"./responseWrapper.js";import{corsMiddleware,compressionMiddleware,rateLimitMiddleware,securityMiddleware,loggingMiddleware}from"./builtinMiddleware.js";export default async(flags,log)=>{log("Initializing router",3);const rootPath=path.isAbsolute(flags.root)?flags.root:path.join(process.cwd(),flags.root);log(`Root path: ${rootPath}`,3);let config=defaultConfig;try{const configFileName=flags.config||".config.json",configPath=path.isAbsolute(configFileName)?configFileName:path.join(rootPath,configFileName);if(log(`Config file name: ${configFileName}`,3),log(`Config path: ${configPath}`,3),path.isAbsolute(configFileName))log("Config file name is absolute, skipping validation",4);else{const relativeConfigPath=path.relative(rootPath,configPath);if(log(`Relative config path: ${relativeConfigPath}`,4),log(`Starts with '..': ${relativeConfigPath.startsWith("..")}`,4),relativeConfigPath.startsWith("..")||path.isAbsolute(relativeConfigPath))throw log("Validation failed - throwing error",4),new Error(`Config file must be within the server root directory. Config path: ${configPath}, Root path: ${rootPath}`);log("Validation passed",4)}log(`Loading config from: ${configPath}`,3);const configContent=await readFile(configPath,"utf8"),userConfig=JSON.parse(configContent);config={...defaultConfig,...userConfig,allowedMimes:{...defaultConfig.allowedMimes,...userConfig.allowedMimes||{}},middleware:{...defaultConfig.middleware,...userConfig.middleware||{}},customRoutes:{...defaultConfig.customRoutes,...userConfig.customRoutes||{}},cache:{...defaultConfig.cache,...userConfig.cache||{}}},log("User config loaded and merged with defaults",3)}catch(e){if(e.message.includes("Config file must be within the server root directory"))throw e;log("Using default config (no config file found)",3)}const dis=new Set(config.disallowedRegex);dis.add("^/\\..*"),dis.add("\\.config$"),dis.add("\\.git/"),config.disallowedRegex=[...dis],log(`Config loaded with ${config.disallowedRegex.length} disallowed patterns`,3);let files=await getFiles(rootPath,config,log);log(`Initial scan found ${files.length} files`,2);const middlewareRunner=new MiddlewareRunner;if(config.middleware?.cors?.enabled&&(middlewareRunner.use(corsMiddleware(config.middleware.cors)),log("CORS middleware enabled",3)),config.middleware?.compression?.enabled&&(middlewareRunner.use(compressionMiddleware(config.middleware.compression)),log("Compression middleware enabled",3)),config.middleware?.rateLimit?.enabled&&(middlewareRunner.use(rateLimitMiddleware(config.middleware.rateLimit)),log("Rate limit middleware enabled",3)),config.middleware?.security?.enabled&&(middlewareRunner.use(securityMiddleware(config.middleware.security)),log("Security middleware enabled",3)),config.middleware?.logging?.enabled&&(middlewareRunner.use(loggingMiddleware(config.middleware.logging,log)),log("Logging middleware enabled",3)),config.middleware?.custom&&config.middleware.custom.length>0){log(`Loading ${config.middleware.custom.length} custom middleware files`,3);for(const middlewarePath of config.middleware.custom)try{const resolvedPath=path.isAbsolute(middlewarePath)?middlewarePath:path.resolve(rootPath,middlewarePath),middlewareUrl=pathToFileURL(resolvedPath).href+`?t=${Date.now()}`,customMiddleware=(await import(middlewareUrl)).default;"function"==typeof customMiddleware?(middlewareRunner.use(customMiddleware(config.middleware)),log(`Custom middleware loaded: ${middlewarePath}`,3)):log(`Custom middleware error: ${middlewarePath} does not export a default function`,1)}catch(error){log(`Custom middleware error for ${middlewarePath}: ${error.message}`,1)}}let moduleCache=null;config.cache?.enabled&&(moduleCache=new ModuleCache(config.cache),log(`Module cache initialized: ${config.cache.maxSize} max modules, ${config.cache.maxMemoryMB}MB limit, ${config.cache.ttlMs}ms TTL`,2));const customRoutes=new Map,wildcardRoutes=new Map;if(config.customRoutes&&Object.keys(config.customRoutes).length>0){log(`Processing ${Object.keys(config.customRoutes).length} custom routes`,3);for(const[urlPath,filePath]of Object.entries(config.customRoutes))if(urlPath.includes("*")){const resolvedPath=path.isAbsolute(filePath)?filePath:path.resolve(rootPath,filePath);wildcardRoutes.set(urlPath,resolvedPath),log(`Wildcard route mapped: ${urlPath} -> ${resolvedPath}`,3)}else{const resolvedPath=path.isAbsolute(filePath)?filePath:path.resolve(rootPath,filePath);customRoutes.set(urlPath,resolvedPath),log(`Custom route mapped: ${urlPath} -> ${resolvedPath}`,3)}}const matchWildcardRoute=(requestPath,pattern)=>{const regexPattern=pattern.replace(/\*\*/g,"(.+)").replace(/\*/g,"([^/]+)");return new RegExp(`^${regexPattern}$`).exec(requestPath)},rescanAttempts=new Map,dynamicNoRescanPaths=new Set,shouldSkipRescan=requestPath=>config.noRescanPaths.some(pattern=>new RegExp(pattern).test(requestPath))?(log(`Skipping rescan for configured pattern: ${requestPath}`,3),!0):!!dynamicNoRescanPaths.has(requestPath)&&(log(`Skipping rescan for dynamically blacklisted path: ${requestPath}`,3),!0),handler=async(req,res)=>{const enhancedRequest=createRequestWrapper(req,{}),enhancedResponse=createResponseWrapper(res);await middlewareRunner.run(enhancedRequest,enhancedResponse,async()=>{const requestPath=enhancedRequest.url.split("?")[0];log(`${enhancedRequest.method} ${requestPath}`,4),log(`customRoutes keys: ${Array.from(customRoutes.keys()).join(", ")}`,4);const normalizePath=p=>{try{let np=decodeURIComponent(p);return np.startsWith("/")||(np="/"+np),np.length>1&&np.endsWith("/")&&(np=np.slice(0,-1)),np}catch(e){log(`Warning: Failed to decode URI component "${p}": ${e.message}`,1);let np=p;return np.startsWith("/")||(np="/"+np),np.length>1&&np.endsWith("/")&&(np=np.slice(0,-1)),np}},normalizedRequestPath=normalizePath(requestPath);log(`Normalized requestPath: ${normalizedRequestPath}`,4);let matchedKey=null;for(const key of customRoutes.keys())if(normalizePath(key)===normalizedRequestPath){matchedKey=key;break}if(matchedKey){const customFilePath=customRoutes.get(matchedKey);log(`Serving custom route: ${normalizedRequestPath} -> ${customFilePath}`,3);try{const{stat:stat}=await import("fs/promises");try{await stat(customFilePath),log(`Custom route file exists: ${customFilePath}`,4)}catch(e){return log(`Custom route file does NOT exist: ${customFilePath}`,1),res.writeHead(404,{"Content-Type":"text/plain"}),void res.end("Custom route file not found")}const fileExtension=path.extname(customFilePath).toLowerCase().slice(1),mimeConfig=config.allowedMimes[fileExtension];let mimeType,encoding;"string"==typeof mimeConfig?(mimeType=mimeConfig,encoding=mimeType.startsWith("text/")?"utf8":void 0):(mimeType=mimeConfig?.mime||"application/octet-stream",encoding="utf8"===mimeConfig?.encoding?"utf8":void 0);const fileContent=await readFile(customFilePath,encoding);log(`Serving custom file as ${mimeType} (${fileContent.length} bytes)`,2);const contentType="utf8"===encoding&&mimeType.startsWith("text/")?`${mimeType}; charset=utf-8`:mimeType;return res.writeHead(200,{"Content-Type":contentType}),void res.end(fileContent)}catch(error){return log(`Error serving custom route ${normalizedRequestPath}: ${error.message}`,1),res.writeHead(500,{"Content-Type":"text/plain"}),void res.end("Internal Server Error")}}const wildcardMatch=(requestPath=>{for(const[pattern,filePath]of wildcardRoutes){const matches=matchWildcardRoute(requestPath,pattern);if(matches)return{filePath:filePath,matches:matches}}return null})(requestPath);if(wildcardMatch){const resolvedFilePath=((filePath,matches)=>{let resolvedPath=filePath,matchIndex=1;for(;resolvedPath.includes("**")&&matchIndex<matches.length;)resolvedPath=resolvedPath.replace("**",matches[matchIndex]),matchIndex++;for(;resolvedPath.includes("*")&&matchIndex<matches.length;)resolvedPath=resolvedPath.replace("*",matches[matchIndex]),matchIndex++;return path.isAbsolute(resolvedPath)?resolvedPath:path.resolve(rootPath,resolvedPath)})(wildcardMatch.filePath,wildcardMatch.matches);log(`Serving wildcard route: ${requestPath} -> ${resolvedFilePath}`,3);try{const fileExtension=path.extname(resolvedFilePath).toLowerCase().slice(1),mimeConfig=config.allowedMimes[fileExtension];let mimeType,encoding;"string"==typeof mimeConfig?(mimeType=mimeConfig,encoding=mimeType.startsWith("text/")?"utf8":void 0):(mimeType=mimeConfig?.mime||"application/octet-stream",encoding="utf8"===mimeConfig?.encoding?"utf8":void 0);const fileContent=await readFile(resolvedFilePath,encoding);log(`Serving wildcard file as ${mimeType} (${fileContent.length} bytes)`,4);const contentType="utf8"===encoding&&mimeType.startsWith("text/")?`${mimeType}; charset=utf-8`:mimeType;return res.writeHead(200,{"Content-Type":contentType}),void res.end(fileContent)}catch(error){if("ENOENT"!==error.code)return log(`Error serving wildcard route ${requestPath}: ${error.message}`,1),enhancedResponse.writeHead(500,{"Content-Type":"text/plain"}),void enhancedResponse.end("Internal Server Error");log(`Wildcard route file not found: ${requestPath}`,2)}}const served=await serveFile(files,rootPath,requestPath,req.method,config,req,res,log,moduleCache);if(!served&&config.maxRescanAttempts>0&&!shouldSkipRescan(requestPath)){log("File not found, rescanning directory...",1),files=await getFiles(rootPath,config,log),log(`Rescan found ${files.length} files`,2);await serveFile(files,rootPath,requestPath,enhancedRequest.method,config,enhancedRequest,enhancedResponse,log,moduleCache)?rescanAttempts.delete(requestPath):((requestPath=>{const newAttempts=(rescanAttempts.get(requestPath)||0)+1;rescanAttempts.set(requestPath,newAttempts),newAttempts>config.maxRescanAttempts&&(dynamicNoRescanPaths.add(requestPath),log(`Path ${requestPath} added to dynamic blacklist after ${newAttempts} failed attempts`,1)),log(`Rescan attempt ${newAttempts}/${config.maxRescanAttempts} for: ${requestPath}`,3)})(requestPath),log(`404 - File not found after rescan: ${requestPath}`,1),enhancedResponse.writeHead(404,{"Content-Type":"text/plain"}),enhancedResponse.end("Not Found"))}else served||(shouldSkipRescan(requestPath)?log(`404 - Skipped rescan for: ${requestPath}`,2):log(`404 - File not found: ${requestPath}`,1),enhancedResponse.writeHead(404,{"Content-Type":"text/plain"}),enhancedResponse.end("Not Found"))})};return handler.moduleCache=moduleCache,handler.getStats=()=>moduleCache?.getStats()||null,handler.logCacheStats=()=>moduleCache?.logStats(log),handler.clearCache=()=>moduleCache?.clear(),handler};
+import path from"path";import{readFile}from"fs/promises";import{pathToFileURL}from"url";import defaultConfig from"./defaultConfig.js";import getFiles from"./getFiles.js";import findFile from"./findFile.js";import serveFile from"./serveFile.js";import MiddlewareRunner from"./middlewareRunner.js";import ModuleCache from"./moduleCache.js";import createRequestWrapper,{readRawBody,parseBody}from"./requestWrapper.js";import createResponseWrapper from"./responseWrapper.js";import{corsMiddleware,compressionMiddleware,rateLimitMiddleware,securityMiddleware,loggingMiddleware}from"./builtinMiddleware.js";export default async(flags,log)=>{log("Initializing router",3);const rootPath=path.isAbsolute(flags.root)?flags.root:path.join(process.cwd(),flags.root);log(`Root path: ${rootPath}`,3);let config=defaultConfig;try{const configFileName=flags.config||".config.json",configPath=path.isAbsolute(configFileName)?configFileName:path.join(rootPath,configFileName);if(log(`Config file name: ${configFileName}`,3),log(`Config path: ${configPath}`,3),path.isAbsolute(configFileName))log("Config file name is absolute, skipping validation",4);else{const relativeConfigPath=path.relative(rootPath,configPath);if(log(`Relative config path: ${relativeConfigPath}`,4),log(`Starts with '..': ${relativeConfigPath.startsWith("..")}`,4),relativeConfigPath.startsWith("..")||path.isAbsolute(relativeConfigPath))throw log("Validation failed - throwing error",4),new Error(`Config file must be within the server root directory. Config path: ${configPath}, Root path: ${rootPath}`);log("Validation passed",4)}log(`Loading config from: ${configPath}`,3);const configContent=await readFile(configPath,"utf8"),userConfig=JSON.parse(configContent);config={...defaultConfig,...userConfig,allowedMimes:{...defaultConfig.allowedMimes,...userConfig.allowedMimes||{}},middleware:{...defaultConfig.middleware,...userConfig.middleware||{}},customRoutes:{...defaultConfig.customRoutes,...userConfig.customRoutes||{}},cache:{...defaultConfig.cache,...userConfig.cache||{}}},log("User config loaded and merged with defaults",3)}catch(e){if(e.message.includes("Config file must be within the server root directory"))throw e;log("Using default config (no config file found)",3)}const dis=new Set(config.disallowedRegex);dis.add("^/\\..*"),dis.add("\\.config$"),dis.add("\\.git/"),config.disallowedRegex=[...dis],log(`Config loaded with ${config.disallowedRegex.length} disallowed patterns`,3);let files=await getFiles(rootPath,config,log);log(`Initial scan found ${files.length} files`,2);const middlewareRunner=new MiddlewareRunner;if(config.middleware?.cors?.enabled&&(middlewareRunner.use(corsMiddleware(config.middleware.cors)),log("CORS middleware enabled",3)),config.middleware?.compression?.enabled&&(middlewareRunner.use(compressionMiddleware(config.middleware.compression)),log("Compression middleware enabled",3)),config.middleware?.rateLimit?.enabled&&(middlewareRunner.use(rateLimitMiddleware(config.middleware.rateLimit)),log("Rate limit middleware enabled",3)),config.middleware?.security?.enabled&&(middlewareRunner.use(securityMiddleware(config.middleware.security)),log("Security middleware enabled",3)),config.middleware?.logging?.enabled&&(middlewareRunner.use(loggingMiddleware(config.middleware.logging,log)),log("Logging middleware enabled",3)),config.middleware?.custom&&config.middleware.custom.length>0){log(`Loading ${config.middleware.custom.length} custom middleware files`,3);for(const middlewarePath of config.middleware.custom)try{const resolvedPath=path.isAbsolute(middlewarePath)?middlewarePath:path.resolve(rootPath,middlewarePath),middlewareUrl=pathToFileURL(resolvedPath).href+`?t=${Date.now()}`,customMiddleware=(await import(middlewareUrl)).default;"function"==typeof customMiddleware?(middlewareRunner.use(customMiddleware(config.middleware)),log(`Custom middleware loaded: ${middlewarePath}`,3)):log(`Custom middleware error: ${middlewarePath} does not export a default function`,1)}catch(error){log(`Custom middleware error for ${middlewarePath}: ${error.message}`,1)}}let moduleCache=null;config.cache?.enabled&&(moduleCache=new ModuleCache(config.cache),log(`Module cache initialized: ${config.cache.maxSize} max modules, ${config.cache.maxMemoryMB}MB limit, ${config.cache.ttlMs}ms TTL`,2));const customRoutes=new Map,wildcardRoutes=new Map;if(config.customRoutes&&Object.keys(config.customRoutes).length>0){log(`Processing ${Object.keys(config.customRoutes).length} custom routes`,3);for(const[urlPath,filePath]of Object.entries(config.customRoutes))if(urlPath.includes("*")){const resolvedPath=path.isAbsolute(filePath)?filePath:path.resolve(rootPath,filePath);wildcardRoutes.set(urlPath,resolvedPath),log(`Wildcard route mapped: ${urlPath} -> ${resolvedPath}`,3)}else{const resolvedPath=path.isAbsolute(filePath)?filePath:path.resolve(rootPath,filePath);customRoutes.set(urlPath,resolvedPath),log(`Custom route mapped: ${urlPath} -> ${resolvedPath}`,3)}}const matchWildcardRoute=(requestPath,pattern)=>{const regexPattern=pattern.replace(/\*\*/g,"(.+)").replace(/\*/g,"([^/]+)");return new RegExp(`^${regexPattern}$`).exec(requestPath)},rescanAttempts=new Map,dynamicNoRescanPaths=new Set,shouldSkipRescan=requestPath=>config.noRescanPaths.some(pattern=>new RegExp(pattern).test(requestPath))?(log(`Skipping rescan for configured pattern: ${requestPath}`,3),!0):!!dynamicNoRescanPaths.has(requestPath)&&(log(`Skipping rescan for dynamically blacklisted path: ${requestPath}`,3),!0),handler=async(req,res)=>{if(parseInt(req.headers["content-length"]||"0",10)>config.maxBodySize)return res.writeHead(413,{"Content-Type":"text/plain"}),void res.end("Payload Too Large");const rawBody=await new Promise((resolve,reject)=>{if(["GET","HEAD"].includes(req.method)&&!req.headers["content-length"])return resolve("");let body="",size=0;req.on("data",chunk=>{if(size+=chunk.length,size>config.maxBodySize)return req.destroy(),void reject(new Error("Payload Too Large"));body+=chunk.toString()}),req.on("end",()=>resolve(body)),req.on("error",reject)}).catch(err=>{if("Payload Too Large"===err.message)return res.writeHead(413,{"Content-Type":"text/plain"}),res.end("Payload Too Large"),null;throw err});if(null===rawBody)return;req._bufferedBody=rawBody;const enhancedRequest=createRequestWrapper(req,{}),enhancedResponse=createResponseWrapper(res);enhancedRequest._rawBody=rawBody,enhancedRequest.body=parseBody(rawBody,req.headers["content-type"]),await middlewareRunner.run(enhancedRequest,enhancedResponse,async()=>{const requestPath=enhancedRequest.url.split("?")[0];log(`${enhancedRequest.method} ${requestPath}`,4),log(`customRoutes keys: ${Array.from(customRoutes.keys()).join(", ")}`,4);const normalizePath=p=>{try{let np=decodeURIComponent(p);return np.startsWith("/")||(np="/"+np),np.length>1&&np.endsWith("/")&&(np=np.slice(0,-1)),np}catch(e){log(`Warning: Failed to decode URI component "${p}": ${e.message}`,1);let np=p;return np.startsWith("/")||(np="/"+np),np.length>1&&np.endsWith("/")&&(np=np.slice(0,-1)),np}},normalizedRequestPath=normalizePath(requestPath);log(`Normalized requestPath: ${normalizedRequestPath}`,4);let matchedKey=null;for(const key of customRoutes.keys())if(normalizePath(key)===normalizedRequestPath){matchedKey=key;break}if(matchedKey){const customFilePath=customRoutes.get(matchedKey);log(`Serving custom route: ${normalizedRequestPath} -> ${customFilePath}`,3);try{const{stat:stat}=await import("fs/promises");try{await stat(customFilePath),log(`Custom route file exists: ${customFilePath}`,4)}catch(e){return log(`Custom route file does NOT exist: ${customFilePath}`,1),res.writeHead(404,{"Content-Type":"text/plain"}),void res.end("Custom route file not found")}const fileExtension=path.extname(customFilePath).toLowerCase().slice(1),mimeConfig=config.allowedMimes[fileExtension];let mimeType,encoding;"string"==typeof mimeConfig?(mimeType=mimeConfig,encoding=mimeType.startsWith("text/")?"utf8":void 0):(mimeType=mimeConfig?.mime||"application/octet-stream",encoding="utf8"===mimeConfig?.encoding?"utf8":void 0);const fileContent=await readFile(customFilePath,encoding);log(`Serving custom file as ${mimeType} (${fileContent.length} bytes)`,2);const contentType="utf8"===encoding&&mimeType.startsWith("text/")?`${mimeType}; charset=utf-8`:mimeType;return res.writeHead(200,{"Content-Type":contentType}),void res.end(fileContent)}catch(error){return log(`Error serving custom route ${normalizedRequestPath}: ${error.message}`,1),res.writeHead(500,{"Content-Type":"text/plain"}),void res.end("Internal Server Error")}}const wildcardMatch=(requestPath=>{for(const[pattern,filePath]of wildcardRoutes){const matches=matchWildcardRoute(requestPath,pattern);if(matches)return{filePath:filePath,matches:matches}}return null})(requestPath);if(wildcardMatch){const resolvedFilePath=((filePath,matches)=>{let resolvedPath=filePath,matchIndex=1;for(;resolvedPath.includes("**")&&matchIndex<matches.length;)resolvedPath=resolvedPath.replace("**",matches[matchIndex]),matchIndex++;for(;resolvedPath.includes("*")&&matchIndex<matches.length;)resolvedPath=resolvedPath.replace("*",matches[matchIndex]),matchIndex++;return path.isAbsolute(resolvedPath)?resolvedPath:path.resolve(rootPath,resolvedPath)})(wildcardMatch.filePath,wildcardMatch.matches);log(`Serving wildcard route: ${requestPath} -> ${resolvedFilePath}`,3);try{const fileExtension=path.extname(resolvedFilePath).toLowerCase().slice(1),mimeConfig=config.allowedMimes[fileExtension];let mimeType,encoding;"string"==typeof mimeConfig?(mimeType=mimeConfig,encoding=mimeType.startsWith("text/")?"utf8":void 0):(mimeType=mimeConfig?.mime||"application/octet-stream",encoding="utf8"===mimeConfig?.encoding?"utf8":void 0);const fileContent=await readFile(resolvedFilePath,encoding);log(`Serving wildcard file as ${mimeType} (${fileContent.length} bytes)`,4);const contentType="utf8"===encoding&&mimeType.startsWith("text/")?`${mimeType}; charset=utf-8`:mimeType;return res.writeHead(200,{"Content-Type":contentType}),void res.end(fileContent)}catch(error){if("ENOENT"!==error.code)return log(`Error serving wildcard route ${requestPath}: ${error.message}`,1),enhancedResponse.writeHead(500,{"Content-Type":"text/plain"}),void enhancedResponse.end("Internal Server Error");log(`Wildcard route file not found: ${requestPath}`,2)}}const served=await serveFile(files,rootPath,requestPath,req.method,config,req,res,log,moduleCache);if(!served&&config.maxRescanAttempts>0&&!shouldSkipRescan(requestPath)){log("File not found, rescanning directory...",1),files=await getFiles(rootPath,config,log),log(`Rescan found ${files.length} files`,2);await serveFile(files,rootPath,requestPath,req.method,config,req,res,log,moduleCache)?rescanAttempts.delete(requestPath):((requestPath=>{const newAttempts=(rescanAttempts.get(requestPath)||0)+1;rescanAttempts.set(requestPath,newAttempts),newAttempts>config.maxRescanAttempts&&(dynamicNoRescanPaths.add(requestPath),log(`Path ${requestPath} added to dynamic blacklist after ${newAttempts} failed attempts`,1)),log(`Rescan attempt ${newAttempts}/${config.maxRescanAttempts} for: ${requestPath}`,3)})(requestPath),log(`404 - File not found after rescan: ${requestPath}`,1),enhancedResponse.writeHead(404,{"Content-Type":"text/plain"}),enhancedResponse.end("Not Found"))}else served||(shouldSkipRescan(requestPath)?log(`404 - Skipped rescan for: ${requestPath}`,2):log(`404 - File not found: ${requestPath}`,1),enhancedResponse.writeHead(404,{"Content-Type":"text/plain"}),enhancedResponse.end("Not Found"))})};return handler.moduleCache=moduleCache,handler.getStats=()=>moduleCache?.getStats()||null,handler.logCacheStats=()=>moduleCache?.logStats(log),handler.clearCache=()=>moduleCache?.clear(),handler};

package/dist/serveFile.js

@@ -1 +1 @@
-import path from"path";import{readFile,stat}from"fs/promises";import{pathToFileURL}from"url";import findFile from"./findFile.js";import createRequestWrapper from"./requestWrapper.js";import createResponseWrapper from"./responseWrapper.js";export default async(files,rootPath,requestPath,method,config,req,res,log,moduleCache=null)=>{log(`Attempting to serve: ${requestPath}`,3);const[file,params]=await findFile(files,rootPath,requestPath,method,log);if(!file)return log(`No file found for: ${requestPath}`,3),!1;const fileName=path.basename(file);if(log(`Found file: ${file}`,2),config.routeFiles.includes(fileName)){log(`Executing route file: ${fileName}`,2);try{let module;if(moduleCache&&config.cache?.enabled){const fileStats=await stat(file);if(module=moduleCache.get(file,fileStats),module)log(`Using cached module: ${fileName}`,3);else{const fileUrl=pathToFileURL(file).href+`?t=${Date.now()}`;log(`Loading module from: ${fileUrl}`,3),module=await import(fileUrl);const estimatedSizeKB=fileStats.size/1024;moduleCache.set(file,module,fileStats,estimatedSizeKB),log(`Cached module: ${fileName} (${estimatedSizeKB.toFixed(1)}KB)`,3)}}else{const fileUrl=pathToFileURL(file).href+`?t=${Date.now()}`;log(`Loading module from: ${fileUrl}`,3),module=await import(fileUrl)}if("function"==typeof module.default){log(`Executing route function with params: ${JSON.stringify(params)}`,3);const enhancedRequest=createRequestWrapper(req,params),enhancedResponse=createResponseWrapper(res);return moduleCache&&(enhancedRequest._kempoCache=moduleCache),await module.default(enhancedRequest,enhancedResponse),log(`Route executed successfully: ${fileName}`,2),!0}return log(`Route file does not export a function: ${fileName}`,0),res.writeHead(500,{"Content-Type":"text/plain"}),res.end("Route file does not export a function"),!0}catch(error){return log(`Error loading route file ${fileName}: ${error.message}`,0),res.writeHead(500,{"Content-Type":"text/plain"}),res.end("Internal Server Error"),!0}}else{log(`Serving static file: ${fileName}`,2);try{const fileExtension=path.extname(file).toLowerCase().slice(1),mimeConfig=config.allowedMimes[fileExtension];let mimeType,encoding;"string"==typeof mimeConfig?(mimeType=mimeConfig,encoding=mimeType.startsWith("text/")?"utf8":void 0):(mimeType=mimeConfig?.mime||"application/octet-stream",encoding="utf8"===mimeConfig?.encoding?"utf8":void 0);const fileContent=await readFile(file,encoding);log(`Serving ${file} as ${mimeType} (${fileContent.length} bytes)`,2);const contentType="utf8"===encoding&&mimeType.startsWith("text/")?`${mimeType}; charset=utf-8`:mimeType;return res.writeHead(200,{"Content-Type":contentType}),res.end(fileContent),!0}catch(error){return log(`Error reading file ${file}: ${error.message}`,0),res.writeHead(500,{"Content-Type":"text/plain"}),res.end("Internal Server Error"),!0}}};
+import path from"path";import{readFile,stat}from"fs/promises";import{pathToFileURL}from"url";import findFile from"./findFile.js";import createRequestWrapper,{readRawBody,parseBody}from"./requestWrapper.js";import createResponseWrapper from"./responseWrapper.js";export default async(files,rootPath,requestPath,method,config,req,res,log,moduleCache=null)=>{log(`Attempting to serve: ${requestPath}`,3);const[file,params]=await findFile(files,rootPath,requestPath,method,log);if(!file)return log(`No file found for: ${requestPath}`,3),!1;const fileName=path.basename(file);if(log(`Found file: ${file}`,2),config.routeFiles.includes(fileName)){log(`Executing route file: ${fileName}`,2);try{let module;if(moduleCache&&config.cache?.enabled){const fileStats=await stat(file);if(module=moduleCache.get(file,fileStats),module)log(`Using cached module: ${fileName}`,3);else{const fileUrl=pathToFileURL(file).href+`?t=${Date.now()}`;log(`Loading module from: ${fileUrl}`,3),module=await import(fileUrl);const estimatedSizeKB=fileStats.size/1024;moduleCache.set(file,module,fileStats,estimatedSizeKB),log(`Cached module: ${fileName} (${estimatedSizeKB.toFixed(1)}KB)`,3)}}else{const fileUrl=pathToFileURL(file).href+`?t=${Date.now()}`;log(`Loading module from: ${fileUrl}`,3),module=await import(fileUrl)}if("function"==typeof module.default){log(`Executing route function with params: ${JSON.stringify(params)}`,3);const enhancedRequest=createRequestWrapper(req,params),enhancedResponse=createResponseWrapper(res),rawBody=await readRawBody(req);return enhancedRequest._rawBody=rawBody,enhancedRequest.body=parseBody(rawBody,req.headers["content-type"]),moduleCache&&(enhancedRequest._kempoCache=moduleCache),await module.default(enhancedRequest,enhancedResponse),log(`Route executed successfully: ${fileName}`,2),!0}return log(`Route file does not export a function: ${fileName}`,0),res.writeHead(500,{"Content-Type":"text/plain"}),res.end("Route file does not export a function"),!0}catch(error){return log(`Error loading route file ${fileName}: ${error.message}`,0),res.writeHead(500,{"Content-Type":"text/plain"}),res.end("Internal Server Error"),!0}}else{log(`Serving static file: ${fileName}`,2);try{const fileExtension=path.extname(file).toLowerCase().slice(1),mimeConfig=config.allowedMimes[fileExtension];let mimeType,encoding;"string"==typeof mimeConfig?(mimeType=mimeConfig,encoding=mimeType.startsWith("text/")?"utf8":void 0):(mimeType=mimeConfig?.mime||"application/octet-stream",encoding="utf8"===mimeConfig?.encoding?"utf8":void 0);const fileContent=await readFile(file,encoding);log(`Serving ${file} as ${mimeType} (${fileContent.length} bytes)`,2);const contentType="utf8"===encoding&&mimeType.startsWith("text/")?`${mimeType}; charset=utf-8`:mimeType;return res.writeHead(200,{"Content-Type":contentType}),res.end(fileContent),!0}catch(error){return log(`Error reading file ${file}: ${error.message}`,0),res.writeHead(500,{"Content-Type":"text/plain"}),res.end("Internal Server Error"),!0}}};

package/docs/configuration.html

@@ -30,6 +30,7 @@
       <li><a href="#routeFiles">routeFiles</a> - Files that should be treated as route handlers</li>
       <li><a href="#noRescanPaths">noRescanPaths</a> - Paths that should not trigger file system rescans</li>
       <li><a href="#maxRescanAttempts">maxRescanAttempts</a> - Maximum number of rescan attempts</li>
+      <li><a href="#maxBodySize">maxBodySize</a> - Maximum request body size in bytes</li>
       <li><a href="#cache">cache</a> - Module caching configuration</li>
       <li><a href="#middleware">middleware</a> - Middleware configuration</li>
     </ul>
@@ -121,6 +122,10 @@
     <p>The maximum number of times to attempt rescanning the file system when a file is not found. Defaults to 3.</p>
     <pre><code class="hljs json">{<br />  <span class="hljs-attr">"maxRescanAttempts"</span>: <span class="hljs-number">3</span><br />}</code></pre>
 
+    <h3 id="maxBodySize">maxBodySize</h3>
+    <p>Maximum allowed request body size in bytes. If a request body exceeds this limit, the server responds with <code>413 Payload Too Large</code> before the route handler runs. Defaults to <code>1048576</code> (1 MB).</p>
+    <pre><code class="hljs json">{<br />  <span class="hljs-attr">"maxBodySize"</span>: <span class="hljs-number">1048576</span><br />}</code></pre>
+
     <h3 id="middleware">middleware</h3>
     <p>Configuration for built-in and custom middleware. Middleware runs before your route handlers and can modify requests, responses, or handle requests entirely.</p>
     <pre><code class="hljs json">{<br />  <span class="hljs-attr">"middleware"</span>: {<br />    <span class="hljs-attr">"cors"</span>: {<br />      <span class="hljs-attr">"enabled"</span>: <span class="hljs-literal">true</span>,<br />      <span class="hljs-attr">"origin"</span>: <span class="hljs-string">"*"</span><br />    },<br />    <span class="hljs-attr">"compression"</span>: {<br />      <span class="hljs-attr">"enabled"</span>: <span class="hljs-literal">true</span><br />    },<br />    <span class="hljs-attr">"custom"</span>: [<span class="hljs-string">"./middleware/auth.js"</span>]<br />  }<br />}</code></pre>

package/docs/request-response.html

@@ -21,6 +21,7 @@
     <ul>
       <li><code>request.params</code> - Route parameters from dynamic routes (e.g., <code>{ id: "123", info: "info" }</code>)</li>
       <li><code>request.query</code> - Query string parameters as an object (e.g., <code>{ page: "1", limit: "10" }</code>)</li>
+      <li><code>request.body</code> - Pre-parsed request body (see <a href="#body-parsing">Body Parsing</a> below)</li>
       <li><code>request.path</code> - The pathname of the request URL</li>
       <li><code>request.method</code> - HTTP method (GET, POST, etc.)</li>
       <li><code>request.headers</code> - Request headers object</li>
@@ -29,14 +30,28 @@
     
     <h3>Methods</h3>
     <ul>
-      <li><code>await request.json()</code> - Parse request body as JSON</li>
-      <li><code>await request.text()</code> - Get request body as text</li>
-      <li><code>await request.body()</code> - Get raw request body as string</li>
-      <li><code>await request.buffer()</code> - Get request body as Buffer</li>
+      <li><code>await request.json()</code> - Parse cached body as JSON</li>
+      <li><code>await request.text()</code> - Get cached body as text</li>
+      <li><code>await request.buffer()</code> - Get cached body as Buffer</li>
       <li><code>request.get(headerName)</code> - Get specific header value</li>
       <li><code>request.is(type)</code> - Check if content-type contains specified type</li>
     </ul>
 
+    <h3 id="body-parsing">Body Parsing</h3>
+    <p><code>request.body</code> is eagerly parsed before your route handler runs. The parsing strategy depends on the <code>Content-Type</code> header:</p>
+    <table>
+      <thead>
+        <tr><th>Content-Type</th><th><code>request.body</code> value</th></tr>
+      </thead>
+      <tbody>
+        <tr><td><code>application/json</code></td><td>Parsed object via <code>JSON.parse()</code>. If parsing fails, <code>null</code>.</td></tr>
+        <tr><td><code>application/x-www-form-urlencoded</code></td><td>Parsed object via <code>URLSearchParams</code></td></tr>
+        <tr><td>No body (GET, HEAD, Content-Length: 0)</td><td><code>null</code></td></tr>
+        <tr><td>Any other Content-Type</td><td>Raw string</td></tr>
+      </tbody>
+    </table>
+    <p>The convenience methods <code>request.json()</code>, <code>request.text()</code>, and <code>request.buffer()</code> still exist and return promises for backward compatibility, but they resolve immediately from the cached body.</p>
+
     <h2>Response Object</h2>
     <p>Kempo Server also provides a response object that makes sending responses easier:</p>
     
@@ -60,10 +75,10 @@
     <pre><code class="hljs javascript"><span class="hljs-comment">// api/user/[id]/GET.js</span><br /><span class="hljs-keyword">export</span> <span class="hljs-keyword">default</span> <span class="hljs-keyword">async</span> <span class="hljs-function"><span class="hljs-keyword">function</span>(<span class="hljs-params">request, response</span>) </span>{<br />  <span class="hljs-keyword">const</span> { id } = request.params;<br />  <span class="hljs-keyword">const</span> { includeDetails } = request.query;<br />  <br />  <span class="hljs-comment">// Fetch user data from database</span><br />  <span class="hljs-keyword">const</span> userData = <span class="hljs-keyword">await</span> getUserById(id);<br />  <br />  <span class="hljs-keyword">if</span> (!userData) {<br />    <span class="hljs-keyword">return</span> response.status(<span class="hljs-number">404</span>).json({ error: <span class="hljs-string">'User not found'</span> });<br />  }<br />  <br />  response.json(userData);<br />}</code></pre>
 
     <h3>Handling JSON Data</h3>
-    <pre><code class="hljs javascript"><span class="hljs-comment">// api/user/[id]/POST.js</span><br /><span class="hljs-keyword">export</span> <span class="hljs-keyword">default</span> <span class="hljs-keyword">async</span> <span class="hljs-function"><span class="hljs-keyword">function</span>(<span class="hljs-params">request, response</span>) </span>{<br />  <span class="hljs-keyword">const</span> { id } = request.params;<br />  <br />  <span class="hljs-keyword">try</span> {<br />    <span class="hljs-keyword">const</span> updateData = <span class="hljs-keyword">await</span> request.json();<br />    <br />    <span class="hljs-comment">// Update user in database</span><br />    <span class="hljs-keyword">const</span> updatedUser = <span class="hljs-keyword">await</span> updateUser(id, updateData);<br />    <br />    response.json(updatedUser);<br />  } <span class="hljs-keyword">catch</span> (error) {<br />    response.status(<span class="hljs-number">400</span>).json({ error: <span class="hljs-string">'Invalid JSON'</span> });<br />  }<br />}</code></pre>
+    <pre><code class="hljs javascript"><span class="hljs-comment">// api/user/[id]/POST.js</span><br /><span class="hljs-keyword">export</span> <span class="hljs-keyword">default</span> <span class="hljs-keyword">async</span> <span class="hljs-function"><span class="hljs-keyword">function</span>(<span class="hljs-params">request, response</span>) </span>{<br />  <span class="hljs-keyword">const</span> { id } = request.params;<br />  <span class="hljs-keyword">const</span> { name, email } = request.body;<br />  <br />  <span class="hljs-comment">// request.body is already parsed from JSON</span><br />  <span class="hljs-keyword">const</span> updatedUser = <span class="hljs-keyword">await</span> updateUser(id, { name, email });<br />  <br />  response.json(updatedUser);<br />}</code></pre>
 
     <h3>Working with Form Data</h3>
-    <pre><code class="hljs javascript"><span class="hljs-comment">// contact/POST.js</span><br /><span class="hljs-keyword">export</span> <span class="hljs-keyword">default</span> <span class="hljs-keyword">async</span> <span class="hljs-function"><span class="hljs-keyword">function</span>(<span class="hljs-params">request, response</span>) </span>{<br />  <span class="hljs-keyword">try</span> {<br />    <span class="hljs-keyword">const</span> body = <span class="hljs-keyword">await</span> request.text();<br />    <span class="hljs-keyword">const</span> formData = <span class="hljs-keyword">new</span> URLSearchParams(body);<br />    <span class="hljs-keyword">const</span> name = formData.get(<span class="hljs-string">'name'</span>);<br />    <span class="hljs-keyword">const</span> email = formData.get(<span class="hljs-string">'email'</span>);<br />    <span class="hljs-keyword">const</span> message = formData.get(<span class="hljs-string">'message'</span>);<br />    <br />    <span class="hljs-comment">// Process form data...</span><br />    <span class="hljs-keyword">await</span> sendContactEmail({ name, email, message });<br />    <br />    response.html(<span class="hljs-string">'&lt;h1&gt;Thank you for your message!&lt;/h1&gt;'</span>);<br />  } <span class="hljs-keyword">catch</span> (error) {<br />    response.status(<span class="hljs-number">400</span>).html(<span class="hljs-string">'&lt;h1&gt;Error processing form&lt;/h1&gt;'</span>);<br />  }<br />}</code></pre>
+    <pre><code class="hljs javascript"><span class="hljs-comment">// contact/POST.js</span><br /><span class="hljs-comment">// With Content-Type: application/x-www-form-urlencoded,</span><br /><span class="hljs-comment">// request.body is automatically parsed into an object</span><br /><span class="hljs-keyword">export</span> <span class="hljs-keyword">default</span> <span class="hljs-keyword">async</span> <span class="hljs-function"><span class="hljs-keyword">function</span>(<span class="hljs-params">request, response</span>) </span>{<br />  <span class="hljs-keyword">const</span> { name, email, message } = request.body;<br />  <br />  <span class="hljs-keyword">await</span> sendContactEmail({ name, email, message });<br />  <br />  response.html(<span class="hljs-string">'&lt;h1&gt;Thank you for your message!&lt;/h1&gt;'</span>);<br />}</code></pre>
 
     <h3>Checking Headers</h3>
     <pre><code class="hljs javascript"><span class="hljs-comment">// api/upload/POST.js</span><br /><span class="hljs-keyword">export</span> <span class="hljs-keyword">default</span> <span class="hljs-keyword">async</span> <span class="hljs-function"><span class="hljs-keyword">function</span>(<span class="hljs-params">request, response</span>) </span>{<br />  <span class="hljs-comment">// Check if request contains JSON data</span><br />  <span class="hljs-keyword">if</span> (request.is(<span class="hljs-string">'application/json'</span>)) {<br />    <span class="hljs-keyword">const</span> data = <span class="hljs-keyword">await</span> request.json();<br />    <span class="hljs-comment">// Handle JSON data</span><br />  }<br />  <br />  <span class="hljs-comment">// Check specific headers</span><br />  <span class="hljs-keyword">const</span> authHeader = request.get(<span class="hljs-string">'authorization'</span>);<br />  <span class="hljs-keyword">const</span> userAgent = request.get(<span class="hljs-string">'user-agent'</span>);<br />  <br />  <span class="hljs-comment">// Check request method</span><br />  <span class="hljs-keyword">if</span> (request.method === <span class="hljs-string">'POST'</span>) {<br />    <span class="hljs-comment">// Handle POST request</span><br />  }<br />  <br />  response.json({ success: <span class="hljs-literal">true</span> });<br />}</code></pre>

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "kempo-server",
   "type": "module",
-  "version": "1.10.7",
+  "version": "2.0.0",
   "description": "A lightweight, zero-dependency, file based routing server.",
   "exports": {
     "./utils/cli": "./dist/utils/cli.js",

package/src/defaultConfig.js

@@ -128,6 +128,7 @@ export default {
       // Example: "./middleware/auth.js"
     ]
   },
+  maxBodySize: 1048576,              // 1MB default max body size
   cache: {
     enabled: false,                  // Disabled by default - opt-in for performance  
     maxSize: 100,                    // Maximum number of cached modules

package/src/requestWrapper.js

@@ -1,5 +1,31 @@
 import { URL } from 'url';
 
+export const readRawBody = req => {
+  if(req._bufferedBody !== undefined) return Promise.resolve(req._bufferedBody);
+  return new Promise((resolve, reject) => {
+    let body = '';
+    req.on('data', chunk => { body += chunk.toString(); });
+    req.on('end', () => { resolve(body); });
+    req.on('error', reject);
+  });
+};
+
+export const parseBody = (rawBody, contentType) => {
+  if(!rawBody) return null;
+  const ct = (contentType || '').toLowerCase();
+  if(ct.includes('application/json')) {
+    try {
+      return JSON.parse(rawBody);
+    } catch {
+      return null;
+    }
+  }
+  if(ct.includes('application/x-www-form-urlencoded')) {
+    return Object.fromEntries(new URLSearchParams(rawBody));
+  }
+  return rawBody;
+};
+
 /**
  * Creates an enhanced request object with Express-like functionality
  * @param {IncomingMessage} request - The original Node.js request object
@@ -37,50 +63,20 @@ export function createRequestWrapper(request, params = {}) {
     path: url.pathname,
     cookies: parseCookies(),
     
-    // Body parsing methods
-    async body() {
-      return new Promise((resolve, reject) => {
-        let body = '';
-        
-        request.on('data', chunk => {
-          body += chunk.toString();
-        });
-        
-        request.on('end', () => {
-          resolve(body);
-        });
-        
-        request.on('error', reject);
-      });
-    },
-    
+    // Body — set to null initially; populated by router/serveFile before handler
+    body: null,
+    _rawBody: '',
+
     async json() {
-      try {
-        const body = await this.body();
-        return JSON.parse(body);
-      } catch (error) {
-        throw new Error('Invalid JSON in request body');
-      }
+      return JSON.parse(this._rawBody);
     },
-    
+
     async text() {
-      return this.body();
+      return this._rawBody;
     },
-    
+
     async buffer() {
-      return new Promise((resolve, reject) => {
-        const chunks = [];
-        
-        request.on('data', chunk => {
-          chunks.push(chunk);
-        });
-        
-        request.on('end', () => {
-          resolve(Buffer.concat(chunks));
-        });
-        
-        request.on('error', reject);
-      });
+      return Buffer.from(this._rawBody);
     },
     
     // Utility methods

package/src/router.js

@@ -7,7 +7,7 @@ import findFile from './findFile.js';
 import serveFile from './serveFile.js';
 import MiddlewareRunner from './middlewareRunner.js';
 import ModuleCache from './moduleCache.js';
-import createRequestWrapper from './requestWrapper.js';
+import createRequestWrapper, { readRawBody, parseBody } from './requestWrapper.js';
 import createResponseWrapper from './responseWrapper.js';
 import { 
   corsMiddleware, 
@@ -267,9 +267,48 @@ export default async (flags, log) => {
   };
   
   const requestHandler = async (req, res) => {
+    // Buffer body once early so both middleware and route handlers can access it
+    const contentLength = parseInt(req.headers['content-length'] || '0', 10);
+    if(contentLength > config.maxBodySize) {
+      res.writeHead(413, { 'Content-Type': 'text/plain' });
+      res.end('Payload Too Large');
+      return;
+    }
+
+    const rawBody = await new Promise((resolve, reject) => {
+      const noBody = ['GET', 'HEAD'].includes(req.method) && !req.headers['content-length'];
+      if(noBody) return resolve('');
+      let body = '';
+      let size = 0;
+      req.on('data', chunk => {
+        size += chunk.length;
+        if(size > config.maxBodySize) {
+          req.destroy();
+          reject(new Error('Payload Too Large'));
+          return;
+        }
+        body += chunk.toString();
+      });
+      req.on('end', () => resolve(body));
+      req.on('error', reject);
+    }).catch(err => {
+      if(err.message === 'Payload Too Large') {
+        res.writeHead(413, { 'Content-Type': 'text/plain' });
+        res.end('Payload Too Large');
+        return null;
+      }
+      throw err;
+    });
+    if(rawBody === null) return;
+    req._bufferedBody = rawBody;
+
     // Create enhanced request and response wrappers before middleware
     const enhancedRequest = createRequestWrapper(req, {});
     const enhancedResponse = createResponseWrapper(res);
+
+    // Populate body from buffered data
+    enhancedRequest._rawBody = rawBody;
+    enhancedRequest.body = parseBody(rawBody, req.headers['content-type']);
     
     await middlewareRunner.run(enhancedRequest, enhancedResponse, async () => {
       const requestPath = enhancedRequest.url.split('?')[0];
@@ -395,7 +434,7 @@ export default async (flags, log) => {
         log(`Rescan found ${files.length} files`, 2);
         
         // Try to serve again after rescan
-        const reserved = await serveFile(files, rootPath, requestPath, enhancedRequest.method, config, enhancedRequest, enhancedResponse, log, moduleCache);
+        const reserved = await serveFile(files, rootPath, requestPath, req.method, config, req, res, log, moduleCache);
         
         if (!reserved) {
           trackRescanAttempt(requestPath);

package/src/serveFile.js

@@ -2,7 +2,7 @@ import path from 'path';
 import { readFile, stat } from 'fs/promises';
 import { pathToFileURL } from 'url';
 import findFile from './findFile.js';
-import createRequestWrapper from './requestWrapper.js';
+import createRequestWrapper, { readRawBody, parseBody } from './requestWrapper.js';
 import createResponseWrapper from './responseWrapper.js';
 
 export default async (files, rootPath, requestPath, method, config, req, res, log, moduleCache = null) => {
@@ -57,6 +57,11 @@ export default async (files, rootPath, requestPath, method, config, req, res, lo
         // Create enhanced request and response wrappers
         const enhancedRequest = createRequestWrapper(req, params);
         const enhancedResponse = createResponseWrapper(res);
+
+        // Populate body from buffered data
+        const rawBody = await readRawBody(req);
+        enhancedRequest._rawBody = rawBody;
+        enhancedRequest.body = parseBody(rawBody, req.headers['content-type']);
         
         // Make module cache accessible for admin endpoints
         if (moduleCache) {

package/tests/requestWrapper.node-test.js

@@ -1,5 +1,5 @@
 import {createMockReq} from './utils/mock-req.js';
-import createRequestWrapper from '../src/requestWrapper.js';
+import createRequestWrapper, {readRawBody, parseBody} from '../src/requestWrapper.js';
 
 export default {
   'parses query and path and provides params': async ({pass, fail}) => {
@@ -12,27 +12,35 @@ export default {
     
     pass('parsed url');
   },
-  'body/json/text/buffer helpers work': async ({pass, fail}) => {
+  'body/json/text/buffer helpers work with _rawBody': async ({pass, fail}) => {
     const payload = {a: 1};
-    // Each body reader must have its own stream instance
-    const reqText = createMockReq({method: 'POST', url: '/', headers: {host: 'x', 'content-type': 'application/json'}, body: JSON.stringify(payload)});
-    const text = await createRequestWrapper(reqText).text();
-    if(text !== JSON.stringify(payload)) return fail('text');
+    const raw = JSON.stringify(payload);
 
-    const reqJson = createMockReq({method: 'POST', url: '/', headers: {host: 'x', 'content-type': 'application/json'}, body: JSON.stringify(payload)});
-    const obj = await createRequestWrapper(reqJson).json();
+    const reqText = createMockReq({method: 'POST', url: '/', headers: {host: 'x', 'content-type': 'application/json'}, body: raw});
+    const wText = createRequestWrapper(reqText);
+    wText._rawBody = await readRawBody(reqText);
+    if((await wText.text()) !== raw) return fail('text');
+
+    const reqJson = createMockReq({method: 'POST', url: '/', headers: {host: 'x', 'content-type': 'application/json'}, body: raw});
+    const wJson = createRequestWrapper(reqJson);
+    wJson._rawBody = await readRawBody(reqJson);
+    const obj = await wJson.json();
     if(obj.a !== 1) return fail('json');
 
     const reqBuf = createMockReq({url: '/', headers: {host: 'x'}, body: 'abc'});
-    const buf = await createRequestWrapper(reqBuf).buffer();
+    const wBuf = createRequestWrapper(reqBuf);
+    wBuf._rawBody = await readRawBody(reqBuf);
+    const buf = await wBuf.buffer();
     if(!(Buffer.isBuffer(buf) && buf.toString() === 'abc')) return fail('buffer');
-    
+
     pass('helpers');
   },
   'invalid json throws': async ({pass, fail}) => {
     const req = createMockReq({url: '/', headers: {host: 'x'}, body: 'not json'});
+    const w = createRequestWrapper(req);
+    w._rawBody = await readRawBody(req);
     try {
-      await createRequestWrapper(req).json();
+      await w.json();
       fail('should throw');
     } catch(e){
       pass('threw');
@@ -46,5 +54,43 @@ export default {
     if(w.is('text/plain') !== true) return fail('is');
     
     pass('header helpers');
+  },
+  'body property is null by default': async ({pass, fail}) => {
+    const req = createMockReq({url: '/', headers: {host: 'x'}});
+    const w = createRequestWrapper(req);
+    if(w.body !== null) return fail('expected null');
+    pass('body null');
+  },
+  'parseBody returns parsed JSON for application/json': async ({pass, fail}) => {
+    const result = parseBody('{"a":1}', 'application/json');
+    if(result?.a !== 1) return fail('json parse');
+    pass('json');
+  },
+  'parseBody returns null for invalid JSON': async ({pass, fail}) => {
+    const result = parseBody('not json', 'application/json');
+    if(result !== null) return fail('expected null');
+    pass('invalid json');
+  },
+  'parseBody returns object for urlencoded': async ({pass, fail}) => {
+    const result = parseBody('a=1&b=2', 'application/x-www-form-urlencoded');
+    if(result?.a !== '1' || result?.b !== '2') return fail('urlencoded');
+    pass('urlencoded');
+  },
+  'parseBody returns raw string for unknown content-type': async ({pass, fail}) => {
+    const result = parseBody('hello', 'text/plain');
+    if(result !== 'hello') return fail('expected raw string');
+    pass('raw string');
+  },
+  'parseBody returns null for empty body': async ({pass, fail}) => {
+    const result = parseBody('', 'application/json');
+    if(result !== null) return fail('expected null');
+    pass('empty body');
+  },
+  'readRawBody uses _bufferedBody when present': async ({pass, fail}) => {
+    const req = createMockReq({url: '/', headers: {host: 'x'}, body: 'stream data'});
+    req._bufferedBody = 'cached data';
+    const result = await readRawBody(req);
+    if(result !== 'cached data') return fail('expected cached data');
+    pass('buffered');
   }
 };

package/tests/serveFile.node-test.js

@@ -29,7 +29,9 @@ export default {
         const cfg = JSON.parse(JSON.stringify(defaultConfig));
         const files = [path.join(dir, 'api/GET.js')];
         const res = createMockRes();
-        const ok = await serveFile(files, dir, '/api', 'GET', cfg, createMockReq(), res, log);
+        const req = createMockReq();
+        req._bufferedBody = '';
+        const ok = await serveFile(files, dir, '/api', 'GET', cfg, req, res, log);
         if(ok !== true) return fail('served route');
         if(res.statusCode !== 201) return fail('route status');
         if(!res.getBody().toString().includes('ok')) return fail('body contains ok');
@@ -43,7 +45,9 @@ export default {
         const cfg = JSON.parse(JSON.stringify(defaultConfig));
         const files = [path.join(dir, 'api/no-default.js')];
         const res = createMockRes();
-        const ok = await serveFile(files, dir, '/api', 'GET', cfg, createMockReq(), res, log);
+        const req = createMockReq();
+        req._bufferedBody = '';
+        const ok = await serveFile(files, dir, '/api', 'GET', cfg, req, res, log);
         if(ok !== true) return fail('handled');
         if(res.statusCode !== 500) return fail('500');
       });