npm - kempo-server - Versions diffs - 1.2.1 → 1.3.0 - Mend

kempo-server 1.2.1 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/builtinMiddleware.js ADDED Viewed

@@ -0,0 +1,136 @@
+// Built-in middleware functions for Kempo Server
+import zlib from 'zlib';
+// CORS Middleware
+export const corsMiddleware = (config) => {
+  return async (req, res, next) => {
+    const origin = req.headers.origin;
+    const allowedOrigins = Array.isArray(config.origin) ? config.origin : [config.origin];
+    if (config.origin === '*' || allowedOrigins.includes(origin)) {
+      res.setHeader('Access-Control-Allow-Origin', origin || '*');
+    }
+    res.setHeader('Access-Control-Allow-Methods', config.methods.join(', '));
+    res.setHeader('Access-Control-Allow-Headers', config.headers.join(', '));
+    // Handle preflight requests
+    if (req.method === 'OPTIONS') {
+      res.writeHead(200);
+      res.end();
+      return;
+    }
+    await next();
+  };
+};
+// Compression Middleware
+export const compressionMiddleware = (config) => {
+  return async (req, res, next) => {
+    const acceptEncoding = req.headers['accept-encoding'] || '';
+    if (!acceptEncoding.includes('gzip')) {
+      return await next();
+    }
+    const originalEnd = res.end;
+    const originalWrite = res.write;
+    const chunks = [];
+    res.write = function(chunk) {
+      if (chunk) chunks.push(Buffer.from(chunk));
+      return true;
+    };
+    res.end = function(chunk) {
+      if (chunk) chunks.push(Buffer.from(chunk));
+      const buffer = Buffer.concat(chunks);
+      // Only compress if above threshold
+      if (buffer.length >= config.threshold) {
+        zlib.gzip(buffer, (err, compressed) => {
+          if (!err && compressed.length < buffer.length) {
+            res.setHeader('Content-Encoding', 'gzip');
+            res.setHeader('Content-Length', compressed.length);
+            originalEnd.call(res, compressed);
+          } else {
+            originalEnd.call(res, buffer);
+          }
+        });
+      } else {
+        originalEnd.call(res, buffer);
+      }
+    };
+    await next();
+  };
+};
+// Rate Limiting Middleware
+export const rateLimitMiddleware = (config) => {
+  const requestCounts = new Map();
+  return async (req, res, next) => {
+    const clientId = req.socket.remoteAddress;
+    const now = Date.now();
+    const windowStart = now - config.windowMs;
+    if (!requestCounts.has(clientId)) {
+      requestCounts.set(clientId, []);
+    }
+    const requests = requestCounts.get(clientId);
+    const recentRequests = requests.filter(time => time > windowStart);
+    if (recentRequests.length >= config.maxRequests) {
+      res.writeHead(429, { 'Content-Type': 'text/plain' });
+      res.end(config.message);
+      return;
+    }
+    recentRequests.push(now);
+    requestCounts.set(clientId, recentRequests);
+    await next();
+  };
+};
+// Security Headers Middleware
+export const securityMiddleware = (config) => {
+  return async (req, res, next) => {
+    for (const [header, value] of Object.entries(config.headers)) {
+      res.setHeader(header, value);
+    }
+    await next();
+  };
+};
+// Logging Middleware
+export const loggingMiddleware = (config, log) => {
+  return async (req, res, next) => {
+    const startTime = Date.now();
+    const userAgent = config.includeUserAgent ? req.headers['user-agent'] : '';
+    // Store original end to capture response
+    const originalEnd = res.end;
+    res.end = function(...args) {
+      const responseTime = Date.now() - startTime;
+      let logMessage = `${req.method} ${req.url}`;
+      if (config.includeResponseTime) {
+        logMessage += ` - ${responseTime}ms`;
+      }
+      if (config.includeUserAgent && userAgent) {
+        logMessage += ` - ${userAgent}`;
+      }
+      log(logMessage, 1);
+      originalEnd.apply(res, args);
+    };
+    await next();
+  };
+};

package/defaultConfig.js CHANGED Viewed

@@ -90,5 +90,41 @@ export default {
   customRoutes: {
     // Example: "/vendor/bootstrap.css": "./node_modules/bootstrap/dist/css/bootstrap.min.css"
     // Wildcard example: "kempo/*": "./node_modules/kempo/dust/*"
+  },
+  middleware: {
+    // Built-in middleware configuration
+    cors: {
+      enabled: false,
+      origin: "*",
+      methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
+      headers: ["Content-Type", "Authorization"]
+    },
+    compression: {
+      enabled: false,
+      threshold: 1024 // Only compress files larger than 1KB
+    },
+    rateLimit: {
+      enabled: false,
+      maxRequests: 100,
+      windowMs: 60000, // 1 minute
+      message: "Too many requests"
+    },
+    security: {
+      enabled: true,
+      headers: {
+        "X-Content-Type-Options": "nosniff",
+        "X-Frame-Options": "DENY",
+        "X-XSS-Protection": "1; mode=block"
+      }
+    },
+    logging: {
+      enabled: true,
+      includeUserAgent: false,
+      includeResponseTime: true
+    },
+    // Custom middleware files
+    custom: [
+      // Example: "./middleware/auth.js"
+    ]
   }
 }

package/example-middleware.js ADDED Viewed

@@ -0,0 +1,23 @@
+// Example custom middleware file
+// This would be placed in your project directory and referenced in config
+export default async function authMiddleware(req, res, next) {
+  // Example: Check for API key in headers
+  const apiKey = req.headers['x-api-key'];
+  // Skip auth for public routes
+  if (req.url.startsWith('/public/')) {
+    return await next();
+  }
+  if (!apiKey || apiKey !== process.env.API_KEY) {
+    res.writeHead(401, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: 'Unauthorized' }));
+    return;
+  }
+  // Add user info to request for downstream use
+  req.user = { authenticated: true, apiKey };
+  await next();
+}

package/example.config.json ADDED Viewed

@@ -0,0 +1,50 @@
+{
+  "allowedMimes": {
+    "html": "text/html",
+    "css": "text/css",
+    "js": "application/javascript",
+    "json": "application/json",
+    "png": "image/png",
+    "jpg": "image/jpeg"
+  },
+  "middleware": {
+    "cors": {
+      "enabled": true,
+      "origin": ["http://localhost:3000", "https://mydomain.com"],
+      "methods": ["GET", "POST", "PUT", "DELETE"],
+      "headers": ["Content-Type", "Authorization", "X-API-Key"]
+    },
+    "compression": {
+      "enabled": true,
+      "threshold": 512
+    },
+    "rateLimit": {
+      "enabled": true,
+      "maxRequests": 50,
+      "windowMs": 60000,
+      "message": "Rate limit exceeded. Please try again later."
+    },
+    "security": {
+      "enabled": true,
+      "headers": {
+        "X-Content-Type-Options": "nosniff",
+        "X-Frame-Options": "SAMEORIGIN",
+        "X-XSS-Protection": "1; mode=block",
+        "Strict-Transport-Security": "max-age=31536000; includeSubDomains"
+      }
+    },
+    "logging": {
+      "enabled": true,
+      "includeUserAgent": true,
+      "includeResponseTime": true
+    },
+    "custom": [
+      "./middleware/auth.js",
+      "./middleware/analytics.js"
+    ]
+  },
+  "customRoutes": {
+    "api/*": "./api-handlers/*",
+    "/vendor/bootstrap.css": "./node_modules/bootstrap/dist/css/bootstrap.min.css"
+  }
+}

package/middlewareRunner.js ADDED Viewed

@@ -0,0 +1,25 @@
+// Middleware runner for Kempo Server
+export default class MiddlewareRunner {
+  constructor() {
+    this.middlewares = [];
+  }
+  use(middleware) {
+    this.middlewares.push(middleware);
+  }
+  async run(req, res, finalHandler) {
+    let index = 0;
+    const next = async () => {
+      if (index >= this.middlewares.length) {
+        return await finalHandler();
+      }
+      const middleware = this.middlewares[index++];
+      await middleware(req, res, next);
+    };
+    await next();
+  }
+}

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "kempo-server",
   "type": "module",
-  "version": "1.2.1",
+  "version": "1.3.0",
   "description": "A lightweight, zero-dependency, file based routing server.",
   "main": "index.js",
   "bin": {

package/router.js CHANGED Viewed

@@ -5,6 +5,14 @@ import defaultConfig from './defaultConfig.js';
 import getFiles from './getFiles.js';
 import findFile from './findFile.js';
 import serveFile from './serveFile.js';
+import MiddlewareRunner from './middlewareRunner.js';
+import {
+  corsMiddleware,
+  compressionMiddleware,
+  rateLimitMiddleware,
+  securityMiddleware,
+  loggingMiddleware
+} from './builtinMiddleware.js';
 export default async (flags, log) => {
   log('Initializing router', 2);
@@ -39,6 +47,57 @@ export default async (flags, log) => {
   let files = await getFiles(rootPath, config, log);
   log(`Initial scan found ${files.length} files`, 1);
+  // Initialize middleware runner
+  const middlewareRunner = new MiddlewareRunner();
+  // Load built-in middleware based on config
+  if (config.middleware?.cors?.enabled) {
+    middlewareRunner.use(corsMiddleware(config.middleware.cors));
+    log('CORS middleware enabled', 2);
+  }
+  if (config.middleware?.compression?.enabled) {
+    middlewareRunner.use(compressionMiddleware(config.middleware.compression));
+    log('Compression middleware enabled', 2);
+  }
+  if (config.middleware?.rateLimit?.enabled) {
+    middlewareRunner.use(rateLimitMiddleware(config.middleware.rateLimit));
+    log('Rate limit middleware enabled', 2);
+  }
+  if (config.middleware?.security?.enabled) {
+    middlewareRunner.use(securityMiddleware(config.middleware.security));
+    log('Security middleware enabled', 2);
+  }
+  if (config.middleware?.logging?.enabled) {
+    middlewareRunner.use(loggingMiddleware(config.middleware.logging, log));
+    log('Logging middleware enabled', 2);
+  }
+  // Load custom middleware files
+  if (config.middleware?.custom && config.middleware.custom.length > 0) {
+    log(`Loading ${config.middleware.custom.length} custom middleware files`, 2);
+    for (const middlewarePath of config.middleware.custom) {
+      try {
+        const resolvedPath = path.resolve(middlewarePath);
+        const middlewareModule = await import(pathToFileURL(resolvedPath));
+        const customMiddleware = middlewareModule.default;
+        if (typeof customMiddleware === 'function') {
+          middlewareRunner.use(customMiddleware(config.middleware));
+          log(`Custom middleware loaded: ${middlewarePath}`, 2);
+        } else {
+          log(`Custom middleware error: ${middlewarePath} does not export a default function`, 1);
+        }
+      } catch (error) {
+        log(`Custom middleware error for ${middlewarePath}: ${error.message}`, 1);
+      }
+    }
+  }
   // Process custom routes - resolve paths and validate files exist
   const customRoutes = new Map();
   const wildcardRoutes = new Map();
@@ -146,80 +205,82 @@ export default async (flags, log) => {
   };
   return async (req, res) => {
-    const requestPath = req.url.split('?')[0];
-    log(`${req.method} ${requestPath}`, 0);
-    // Check custom routes first
-    if (customRoutes.has(requestPath)) {
-      const customFilePath = customRoutes.get(requestPath);
-      log(`Serving custom route: ${requestPath} -> ${customFilePath}`, 2);
+    await middlewareRunner.run(req, res, async () => {
+      const requestPath = req.url.split('?')[0];
+      log(`${req.method} ${requestPath}`, 0);
-      try {
-        const fileContent = await readFile(customFilePath);
-        const fileExtension = path.extname(customFilePath).toLowerCase().slice(1);
-        const mimeType = config.allowedMimes[fileExtension] || 'application/octet-stream';
+      // Check custom routes first
+      if (customRoutes.has(requestPath)) {
+        const customFilePath = customRoutes.get(requestPath);
+        log(`Serving custom route: ${requestPath} -> ${customFilePath}`, 2);
-        log(`Serving custom file as ${mimeType} (${fileContent.length} bytes)`, 2);
-        res.writeHead(200, { 'Content-Type': mimeType });
-        res.end(fileContent);
-        return; // Successfully served custom route
-      } catch (error) {
-        log(`Error serving custom route ${requestPath}: ${error.message}`, 0);
-        res.writeHead(500, { 'Content-Type': 'text/plain' });
-        res.end('Internal Server Error');
-        return;
+        try {
+          const fileContent = await readFile(customFilePath);
+          const fileExtension = path.extname(customFilePath).toLowerCase().slice(1);
+          const mimeType = config.allowedMimes[fileExtension] || 'application/octet-stream';
+          log(`Serving custom file as ${mimeType} (${fileContent.length} bytes)`, 2);
+          res.writeHead(200, { 'Content-Type': mimeType });
+          res.end(fileContent);
+          return; // Successfully served custom route
+        } catch (error) {
+          log(`Error serving custom route ${requestPath}: ${error.message}`, 0);
+          res.writeHead(500, { 'Content-Type': 'text/plain' });
+          res.end('Internal Server Error');
+          return;
+        }
       }
-    }
-    // Check wildcard routes
-    const wildcardMatch = findWildcardRoute(requestPath);
-    if (wildcardMatch) {
-      const resolvedFilePath = resolveWildcardPath(wildcardMatch.filePath, wildcardMatch.matches);
-      log(`Serving wildcard route: ${requestPath} -> ${resolvedFilePath}`, 2);
-      try {
-        const fileContent = await readFile(resolvedFilePath);
-        const fileExtension = path.extname(resolvedFilePath).toLowerCase().slice(1);
-        const mimeType = config.allowedMimes[fileExtension] || 'application/octet-stream';
+      // Check wildcard routes
+      const wildcardMatch = findWildcardRoute(requestPath);
+      if (wildcardMatch) {
+        const resolvedFilePath = resolveWildcardPath(wildcardMatch.filePath, wildcardMatch.matches);
+        log(`Serving wildcard route: ${requestPath} -> ${resolvedFilePath}`, 2);
-        log(`Serving wildcard file as ${mimeType} (${fileContent.length} bytes)`, 2);
-        res.writeHead(200, { 'Content-Type': mimeType });
-        res.end(fileContent);
-        return; // Successfully served wildcard route
-      } catch (error) {
-        log(`Error serving wildcard route ${requestPath}: ${error.message}`, 0);
-        res.writeHead(500, { 'Content-Type': 'text/plain' });
-        res.end('Internal Server Error');
-        return;
+        try {
+          const fileContent = await readFile(resolvedFilePath);
+          const fileExtension = path.extname(resolvedFilePath).toLowerCase().slice(1);
+          const mimeType = config.allowedMimes[fileExtension] || 'application/octet-stream';
+          log(`Serving wildcard file as ${mimeType} (${fileContent.length} bytes)`, 2);
+          res.writeHead(200, { 'Content-Type': mimeType });
+          res.end(fileContent);
+          return; // Successfully served wildcard route
+        } catch (error) {
+          log(`Error serving wildcard route ${requestPath}: ${error.message}`, 0);
+          res.writeHead(500, { 'Content-Type': 'text/plain' });
+          res.end('Internal Server Error');
+          return;
+        }
       }
-    }
-    // Try to serve the file normally
-    const served = await serveFile(files, rootPath, requestPath, req.method, config, req, res, log);
-    // If not served and scan flag is enabled, try rescanning once (with blacklist check)
-    if (!served && flags.scan && !shouldSkipRescan(requestPath)) {
-      trackRescanAttempt(requestPath);
-      log('File not found, rescanning directory...', 1);
-      files = await getFiles(rootPath, config, log);
-      log(`Rescan found ${files.length} files`, 2);
-      // Try to serve again after rescan
-      const reserved = await serveFile(files, rootPath, requestPath, req.method, config, req, res, log);
+      // Try to serve the file normally
+      const served = await serveFile(files, rootPath, requestPath, req.method, config, req, res, log);
-      if (!reserved) {
-        log(`404 - File not found after rescan: ${requestPath}`, 1);
+      // If not served and scan flag is enabled, try rescanning once (with blacklist check)
+      if (!served && flags.scan && !shouldSkipRescan(requestPath)) {
+        trackRescanAttempt(requestPath);
+        log('File not found, rescanning directory...', 1);
+        files = await getFiles(rootPath, config, log);
+        log(`Rescan found ${files.length} files`, 2);
+        // Try to serve again after rescan
+        const reserved = await serveFile(files, rootPath, requestPath, req.method, config, req, res, log);
+        if (!reserved) {
+          log(`404 - File not found after rescan: ${requestPath}`, 1);
+          res.writeHead(404, { 'Content-Type': 'text/plain' });
+          res.end('Not Found');
+        }
+      } else if (!served) {
+        if (shouldSkipRescan(requestPath)) {
+          log(`404 - Skipped rescan for: ${requestPath}`, 2);
+        } else {
+          log(`404 - File not found: ${requestPath}`, 1);
+        }
         res.writeHead(404, { 'Content-Type': 'text/plain' });
         res.end('Not Found');
       }
-    } else if (!served) {
-      if (shouldSkipRescan(requestPath)) {
-        log(`404 - Skipped rescan for: ${requestPath}`, 2);
-      } else {
-        log(`404 - File not found: ${requestPath}`, 1);
-      }
-      res.writeHead(404, { 'Content-Type': 'text/plain' });
-      res.end('Not Found');
-    }
+    });
   }
 }