kempo-server 1.3.0 → 1.4.1

package/README.md

@@ -12,7 +12,7 @@ npm install kempo-server
 
 2. Add it to your `package.json` scripts, use the `--root` flag to tell it where the root of your site is.
 
-```json
+```
 {
   ...
   "scripts": {
@@ -213,7 +213,7 @@ export default async function(request, response) {
 
 To configure the server create a `.config.json` within the root directory of your server (`public` in the start example [above](#getting-started)).
 
-This json file can have any of the following 6 properties, any property not defined will use the "Default Config".
+This json file can have any of the following properties, any property not defined will use the "Default Config".
 
 - [allowedMimes](#allowedmimes)
 - [disallowedRegex](#disallowedregex)
@@ -221,6 +221,189 @@ This json file can have any of the following 6 properties, any property not defi
 - [routeFiles](#routefiles)
 - [noRescanPaths](#norescanpaths)
 - [maxRescanAttempts](#maxrescanattempts)
+- [middleware](#middleware)
+
+## Middleware
+
+Kempo Server includes a powerful middleware system that allows you to add functionality like authentication, logging, CORS, compression, and more. Middleware runs before your route handlers and can modify requests, responses, or handle requests entirely.
+
+### Built-in Middleware
+
+#### CORS
+Enable Cross-Origin Resource Sharing for your API:
+
+```json
+{
+  "middleware": {
+    "cors": {
+      "enabled": true,
+      "origin": "*",
+      "methods": ["GET", "POST", "PUT", "DELETE"],
+      "headers": ["Content-Type", "Authorization"]
+    }
+  }
+}
+```
+
+#### Compression
+Automatically compress responses with gzip:
+
+```json
+{
+  "middleware": {
+    "compression": {
+      "enabled": true,
+      "threshold": 1024
+    }
+  }
+}
+```
+
+#### Rate Limiting
+Limit requests per client to prevent abuse:
+
+```json
+{
+  "middleware": {
+    "rateLimit": {
+      "enabled": true,
+      "maxRequests": 100,
+      "windowMs": 60000,
+      "message": "Too many requests"
+    }
+  }
+}
+```
+
+#### Security Headers
+Add security headers to all responses:
+
+```json
+{
+  "middleware": {
+    "security": {
+      "enabled": true,
+      "headers": {
+        "X-Content-Type-Options": "nosniff",
+        "X-Frame-Options": "DENY",
+        "X-XSS-Protection": "1; mode=block"
+      }
+    }
+  }
+}
+```
+
+#### Request Logging
+Log requests with configurable detail:
+
+```json
+{
+  "middleware": {
+    "logging": {
+      "enabled": true,
+      "includeUserAgent": true,
+      "includeResponseTime": true
+    }
+  }
+}
+```
+
+### Custom Middleware
+
+Create your own middleware by writing JavaScript files and referencing them in your config:
+
+```json
+{
+  "middleware": {
+    "custom": ["./middleware/auth.js", "./middleware/analytics.js"]
+  }
+}
+```
+
+#### Custom Middleware Example
+
+```javascript
+// middleware/auth.js
+export default (config) => {
+  return async (req, res, next) => {
+    const token = req.headers.authorization;
+    
+    if (!token) {
+      req.user = null;
+      return await next();
+    }
+    
+    try {
+      // Verify JWT token (example)
+      const user = verifyToken(token);
+      req.user = user;
+      req.permissions = await getUserPermissions(user.id);
+      
+      // Add helper methods
+      req.hasPermission = (permission) => req.permissions.includes(permission);
+      
+    } catch (error) {
+      req.user = null;
+    }
+    
+    await next();
+  };
+};
+```
+
+#### Using Enhanced Requests in Routes
+
+Your route files can now access the enhanced request object:
+
+```javascript
+// api/user/profile/GET.js
+export default async (req, res, params) => {
+  if (!req.user) {
+    return res.status(401).json({ error: 'Authentication required' });
+  }
+  
+  if (!req.hasPermission('user:read')) {
+    return res.status(403).json({ error: 'Insufficient permissions' });
+  }
+  
+  const profile = await getUserProfile(req.user.id);
+  res.json(profile);
+};
+```
+
+### Middleware Order
+
+Middleware executes in this order:
+1. Built-in middleware (cors, compression, rateLimit, security, logging)
+2. Custom middleware (in the order listed in config)
+3. Your route handlers
+
+### Route Interception
+
+Middleware can intercept and handle routes completely, useful for authentication endpoints:
+
+```javascript
+// middleware/auth-routes.js
+export default (config) => {
+  return async (req, res, next) => {
+    const url = new URL(req.url, `http://${req.headers.host}`);
+    
+    // Handle login endpoint
+    if (req.method === 'POST' && url.pathname === '/auth/login') {
+      const credentials = await req.json();
+      const token = await authenticateUser(credentials);
+      
+      if (token) {
+        return res.json({ token, success: true });
+      } else {
+        return res.status(401).json({ error: 'Invalid credentials' });
+      }
+    }
+    
+    await next();
+  };
+};
+```
 
 ### allowedMimes
 
@@ -333,6 +516,8 @@ The maximum number of times to attempt rescanning the file system when a file is
 - **Zero Dependencies** - No external dependencies required
 - **File-based Routing** - Routes are defined by your directory structure
 - **Dynamic Routes** - Support for parameterized routes with square bracket syntax
+- **Wildcard Routes** - Map entire directory structures with wildcard patterns
+- **Middleware System** - Built-in and custom middleware support for authentication, logging, CORS, and more
 - **Request Object** - Request handling with built-in body parsing
 - **Response Object** - Response handling with chainable methods
 - **Multiple HTTP Methods** - Support for GET, POST, PUT, DELETE, and more
@@ -340,8 +525,8 @@ The maximum number of times to attempt rescanning the file system when a file is
 - **HTML Routes** - Support for both JavaScript and HTML route handlers
 - **Query Parameters** - Easy access to URL query parameters
 - **Configurable** - Customize behavior with a simple JSON config file
-- **Security** - Built-in protection against serving sensitive files
-- **Performance** - Smart file system caching and rescan optimization
+- **Security** - Built-in protection against serving sensitive files plus security headers middleware
+- **Performance** - Smart file system caching, rescan optimization, and optional compression
 
 ## Examples
 
@@ -440,3 +625,23 @@ Kempo Server supports several command line options to customize its behavior:
 ```bash
 kempo-server --root public --port 8080 --host 0.0.0.0 --verbose
 ```
+
+## Documentation
+
+For complete documentation, visit the [Kempo Server Documentation](docs/index.html).
+
+### Quick Links
+
+- [Getting Started](docs/getting-started.html) - Installation and basic setup
+- [Routes & Routing](docs/routing.html) - File-based routing and dynamic routes
+- [Request & Response](docs/request-response.html) - Working with HTTP requests and responses
+- [Configuration](docs/configuration.html) - Server configuration options
+- [Middleware](docs/middleware.html) - Built-in and custom middleware
+- [Examples & Demos](docs/examples.html) - Code examples and interactive demos
+
+The documentation includes:
+- **Interactive examples** - Try API endpoints directly in your browser
+- **Complete code samples** - Real-world examples for common use cases
+- **Configuration guides** - Detailed setup instructions
+- **Middleware documentation** - Authentication, logging, CORS, and custom middleware
+- **Best practices** - Tips for production deployments

package/docs/configuration.html

@@ -0,0 +1,117 @@
+<html lang="en" theme="auto">
+<head>
+  <meta charset='utf-8'>
+  <meta http-equiv='X-UA-Compatible' content='IE=edge'>
+  <title>Configuration - Kempo Server</title>
+  <meta name='viewport' content='width=device-width, initial-scale=1'>
+  <link rel="stylesheet" href="essential.css" />
+</head>
+<body>
+  <main>
+    <a href="./" class="btn">Home</a>
+    <h1>Configuration</h1>
+    <p>Customize Kempo Server's behavior with a simple JSON configuration file.</p>
+
+    <h2>Configuration File</h2>
+    <p>To configure the server create a <code>.config.json</code> within the root directory of your server (<code>public</code> in the start example).</p>
+    <p>This json file can have any of the following properties. Any property not defined will use the default configuration.</p>
+
+    <h2>Configuration Options</h2>
+    <ul>
+      <li><a href="#allowedMimes">allowedMimes</a> - File types that can be served</li>
+      <li><a href="#disallowedRegex">disallowedRegex</a> - Patterns for paths that should be blocked</li>
+      <li><a href="#customRoutes">customRoutes</a> - Custom route mappings</li>
+      <li><a href="#routeFiles">routeFiles</a> - Files that should be treated as route handlers</li>
+      <li><a href="#noRescanPaths">noRescanPaths</a> - Paths that should not trigger file system rescans</li>
+      <li><a href="#maxRescanAttempts">maxRescanAttempts</a> - Maximum number of rescan attempts</li>
+      <li><a href="#middleware">middleware</a> - Middleware configuration</li>
+    </ul>
+
+    <h3 id="allowedMimes">allowedMimes</h3>
+    <p>An object mapping file extensions to their MIME types. Files with extensions not in this list will not be served.</p>
+    <pre><code class="hljs json">{<br />  <span class="hljs-attr">"allowedMimes"</span>: {<br />    <span class="hljs-attr">"html"</span>: <span class="hljs-string">"text/html"</span>,<br />    <span class="hljs-attr">"css"</span>: <span class="hljs-string">"text/css"</span>,<br />    <span class="hljs-attr">"js"</span>: <span class="hljs-string">"application/javascript"</span>,<br />    <span class="hljs-attr">"json"</span>: <span class="hljs-string">"application/json"</span>,<br />    <span class="hljs-attr">"png"</span>: <span class="hljs-string">"image/png"</span>,<br />    <span class="hljs-attr">"jpg"</span>: <span class="hljs-string">"image/jpeg"</span>,<br />    <span class="hljs-attr">"jpeg"</span>: <span class="hljs-string">"image/jpeg"</span>,<br />    <span class="hljs-attr">"gif"</span>: <span class="hljs-string">"image/gif"</span>,<br />    <span class="hljs-attr">"svg"</span>: <span class="hljs-string">"image/svg+xml"</span>,<br />    <span class="hljs-attr">"woff"</span>: <span class="hljs-string">"font/woff"</span>,<br />    <span class="hljs-attr">"woff2"</span>: <span class="hljs-string">"font/woff2"</span><br />  }<br />}</code></pre>
+
+    <h3 id="disallowedRegex">disallowedRegex</h3>
+    <p>An array of regular expressions that match paths that should never be served. This provides security by preventing access to sensitive files.</p>
+    <pre><code class="hljs json">{<br />  <span class="hljs-attr">"disallowedRegex"</span>: [<br />    <span class="hljs-string">"^/\\..*"</span>,        <span class="hljs-comment">// Hidden files (starting with .)</span><br />    <span class="hljs-string">"\\.env$"</span>,        <span class="hljs-comment">// Environment files</span><br />    <span class="hljs-string">"\\.config$"</span>,     <span class="hljs-comment">// Configuration files</span><br />    <span class="hljs-string">"password"</span>,      <span class="hljs-comment">// Files containing "password"</span><br />    <span class="hljs-string">"node_modules"</span>,  <span class="hljs-comment">// Node modules directory</span><br />    <span class="hljs-string">"\\.git"</span>          <span class="hljs-comment">// Git directory</span><br />  ]<br />}</code></pre>
+
+    <h3 id="routeFiles">routeFiles</h3>
+    <p>An array of filenames that should be treated as route handlers and executed as JavaScript modules.</p>
+    <pre><code class="hljs json">{<br />  <span class="hljs-attr">"routeFiles"</span>: [<br />    <span class="hljs-string">"GET.js"</span>,<br />    <span class="hljs-string">"POST.js"</span>,<br />    <span class="hljs-string">"PUT.js"</span>,<br />    <span class="hljs-string">"DELETE.js"</span>,<br />    <span class="hljs-string">"PATCH.js"</span>,<br />    <span class="hljs-string">"HEAD.js"</span>,<br />    <span class="hljs-string">"OPTIONS.js"</span>,<br />    <span class="hljs-string">"index.js"</span><br />  ]<br />}</code></pre>
+
+    <h3 id="noRescanPaths">noRescanPaths</h3>
+    <p>An array of regex patterns for paths that should not trigger a file system rescan. This improves performance for common static assets.</p>
+    <pre><code class="hljs json">{<br />  <span class="hljs-attr">"noRescanPaths"</span>: [<br />    <span class="hljs-string">"/favicon\\.ico$"</span>,<br />    <span class="hljs-string">"/robots\\.txt$"</span>,<br />    <span class="hljs-string">"\\.map$"</span>,<br />    <span class="hljs-string">"\\.css$"</span>,<br />    <span class="hljs-string">"\\.js$"</span>,<br />    <span class="hljs-string">"\\.png$"</span>,<br />    <span class="hljs-string">"\\.jpg$"</span>,<br />    <span class="hljs-string">"\\.jpeg$"</span>,<br />    <span class="hljs-string">"\\.gif$"</span><br />  ]<br />}</code></pre>
+
+    <h3 id="customRoutes">customRoutes</h3>
+    <p>An object mapping custom route paths to file paths. Useful for aliasing or serving files from outside the document root.</p>
+    
+    <h4>Basic Routes</h4>
+    <p>Map specific paths to files:</p>
+    <pre><code class="hljs json">{<br />  <span class="hljs-attr">"customRoutes"</span>: {<br />    <span class="hljs-attr">"/vendor/bootstrap.css"</span>: <span class="hljs-string">"./node_modules/bootstrap/dist/css/bootstrap.min.css"</span>,<br />    <span class="hljs-attr">"/api/status"</span>: <span class="hljs-string">"./status.js"</span>,<br />    <span class="hljs-attr">"/health"</span>: <span class="hljs-string">"./health-check.js"</span><br />  }<br />}</code></pre>
+
+    <h4>Wildcard Routes</h4>
+    <p>Wildcard routes allow you to map entire directory structures using the <code>*</code> wildcard:</p>
+    <pre><code class="hljs json">{<br />  <span class="hljs-attr">"customRoutes"</span>: {<br />    <span class="hljs-attr">"kempo/*"</span>: <span class="hljs-string">"./node_modules/kempo/dist/*"</span>,<br />    <span class="hljs-attr">"assets/*"</span>: <span class="hljs-string">"./static-files/*"</span>,<br />    <span class="hljs-attr">"docs/*"</span>: <span class="hljs-string">"./documentation/*"</span>,<br />    <span class="hljs-attr">"lib/*"</span>: <span class="hljs-string">"./node_modules/my-library/build/*"</span><br />  }<br />}</code></pre>
+
+    <p>With wildcard routes:</p>
+    <ul>
+      <li><code>kempo/styles.css</code> would serve <code>./node_modules/kempo/dist/styles.css</code></li>
+      <li><code>assets/logo.png</code> would serve <code>./static-files/logo.png</code></li>
+      <li><code>docs/readme.md</code> would serve <code>./documentation/readme.md</code></li>
+      <li><code>lib/utils.js</code> would serve <code>./node_modules/my-library/build/utils.js</code></li>
+    </ul>
+    <p>The <code>*</code> wildcard matches any single path segment (anything between <code>/</code> characters). Multiple wildcards can be used in a single route pattern.</p>
+
+    <h3 id="maxRescanAttempts">maxRescanAttempts</h3>
+    <p>The maximum number of times to attempt rescanning the file system when a file is not found. Defaults to 3.</p>
+    <pre><code class="hljs json">{<br />  <span class="hljs-attr">"maxRescanAttempts"</span>: <span class="hljs-number">3</span><br />}</code></pre>
+
+    <h3 id="middleware">middleware</h3>
+    <p>Configuration for built-in and custom middleware. Middleware runs before your route handlers and can modify requests, responses, or handle requests entirely.</p>
+    <pre><code class="hljs json">{<br />  <span class="hljs-attr">"middleware"</span>: {<br />    <span class="hljs-attr">"cors"</span>: {<br />      <span class="hljs-attr">"enabled"</span>: <span class="hljs-literal">true</span>,<br />      <span class="hljs-attr">"origin"</span>: <span class="hljs-string">"*"</span><br />    },<br />    <span class="hljs-attr">"compression"</span>: {<br />      <span class="hljs-attr">"enabled"</span>: <span class="hljs-literal">true</span><br />    },<br />    <span class="hljs-attr">"custom"</span>: [<span class="hljs-string">"./middleware/auth.js"</span>]<br />  }<br />}</code></pre>
+
+    <h2>Complete Configuration Example</h2>
+    <p>Here's a complete example of a <code>.config.json</code> file:</p>
+    <pre><code class="hljs json">{<br />  <span class="hljs-attr">"allowedMimes"</span>: {<br />    <span class="hljs-attr">"html"</span>: <span class="hljs-string">"text/html"</span>,<br />    <span class="hljs-attr">"css"</span>: <span class="hljs-string">"text/css"</span>,<br />    <span class="hljs-attr">"js"</span>: <span class="hljs-string">"application/javascript"</span>,<br />    <span class="hljs-attr">"json"</span>: <span class="hljs-string">"application/json"</span>,<br />    <span class="hljs-attr">"png"</span>: <span class="hljs-string">"image/png"</span>,<br />    <span class="hljs-attr">"jpg"</span>: <span class="hljs-string">"image/jpeg"</span>,<br />    <span class="hljs-attr">"jpeg"</span>: <span class="hljs-string">"image/jpeg"</span>,<br />    <span class="hljs-attr">"gif"</span>: <span class="hljs-string">"image/gif"</span>,<br />    <span class="hljs-attr">"svg"</span>: <span class="hljs-string">"image/svg+xml"</span>,<br />    <span class="hljs-attr">"woff"</span>: <span class="hljs-string">"font/woff"</span>,<br />    <span class="hljs-attr">"woff2"</span>: <span class="hljs-string">"font/woff2"</span><br />  },<br />  <span class="hljs-attr">"disallowedRegex"</span>: [<br />    <span class="hljs-string">"^/\\..*"</span>,<br />    <span class="hljs-string">"\\.env$"</span>,<br />    <span class="hljs-string">"\\.config$"</span>,<br />    <span class="hljs-string">"password"</span>,<br />    <span class="hljs-string">"node_modules"</span>,<br />    <span class="hljs-string">"\\.git"</span><br />  ],<br />  <span class="hljs-attr">"routeFiles"</span>: [<br />    <span class="hljs-string">"GET.js"</span>,<br />    <span class="hljs-string">"POST.js"</span>,<br />    <span class="hljs-string">"PUT.js"</span>,<br />    <span class="hljs-string">"DELETE.js"</span>,<br />    <span class="hljs-string">"PATCH.js"</span>,<br />    <span class="hljs-string">"HEAD.js"</span>,<br />    <span class="hljs-string">"OPTIONS.js"</span>,<br />    <span class="hljs-string">"index.js"</span><br />  ],<br />  <span class="hljs-attr">"noRescanPaths"</span>: [<br />    <span class="hljs-string">"/favicon\\.ico$"</span>,<br />    <span class="hljs-string">"/robots\\.txt$"</span>,<br />    <span class="hljs-string">"\\.map$"</span>,<br />    <span class="hljs-string">"\\.css$"</span>,<br />    <span class="hljs-string">"\\.js$"</span>,<br />    <span class="hljs-string">"\\.png$"</span>,<br />    <span class="hljs-string">"\\.jpg$"</span>,<br />    <span class="hljs-string">"\\.jpeg$"</span>,<br />    <span class="hljs-string">"\\.gif$"</span><br />  ],<br />  <span class="hljs-attr">"customRoutes"</span>: {<br />    <span class="hljs-attr">"/vendor/bootstrap.css"</span>: <span class="hljs-string">"./node_modules/bootstrap/dist/css/bootstrap.min.css"</span>,<br />    <span class="hljs-attr">"/vendor/jquery.js"</span>: <span class="hljs-string">"./node_modules/jquery/dist/jquery.min.js"</span>,<br />    <span class="hljs-attr">"assets/*"</span>: <span class="hljs-string">"./static-files/*"</span>,<br />    <span class="hljs-attr">"docs/*"</span>: <span class="hljs-string">"./documentation/*"</span><br />  },<br />  <span class="hljs-attr">"maxRescanAttempts"</span>: <span class="hljs-number">3</span>,<br />  <span class="hljs-attr">"middleware"</span>: {<br />    <span class="hljs-attr">"cors"</span>: {<br />      <span class="hljs-attr">"enabled"</span>: <span class="hljs-literal">true</span>,<br />      <span class="hljs-attr">"origin"</span>: <span class="hljs-string">"*"</span>,<br />      <span class="hljs-attr">"methods"</span>: [<span class="hljs-string">"GET"</span>, <span class="hljs-string">"POST"</span>, <span class="hljs-string">"PUT"</span>, <span class="hljs-string">"DELETE"</span>],<br />      <span class="hljs-attr">"headers"</span>: [<span class="hljs-string">"Content-Type"</span>, <span class="hljs-string">"Authorization"</span>]<br />    },<br />    <span class="hljs-attr">"compression"</span>: {<br />      <span class="hljs-attr">"enabled"</span>: <span class="hljs-literal">true</span>,<br />      <span class="hljs-attr">"threshold"</span>: <span class="hljs-number">1024</span><br />    },<br />    <span class="hljs-attr">"security"</span>: {<br />      <span class="hljs-attr">"enabled"</span>: <span class="hljs-literal">true</span>,<br />      <span class="hljs-attr">"headers"</span>: {<br />        <span class="hljs-attr">"X-Content-Type-Options"</span>: <span class="hljs-string">"nosniff"</span>,<br />        <span class="hljs-attr">"X-Frame-Options"</span>: <span class="hljs-string">"DENY"</span>,<br />        <span class="hljs-attr">"X-XSS-Protection"</span>: <span class="hljs-string">"1; mode=block"</span><br />      }<br />    },<br />    <span class="hljs-attr">"custom"</span>: [<br />      <span class="hljs-string">"./middleware/auth.js"</span>,<br />      <span class="hljs-string">"./middleware/logging.js"</span><br />    ]<br />  }<br />}</code></pre>
+
+    <h2>Environment-Specific Configuration</h2>
+    <p>You can create different configuration files for different environments:</p>
+    
+    <h3>Development Configuration</h3>
+    <p>Create <code>.config.dev.json</code> for development:</p>
+    <pre><code class="hljs json">{<br />  <span class="hljs-attr">"allowedMimes"</span>: {<br />    <span class="hljs-attr">"html"</span>: <span class="hljs-string">"text/html"</span>,<br />    <span class="hljs-attr">"css"</span>: <span class="hljs-string">"text/css"</span>,<br />    <span class="hljs-attr">"js"</span>: <span class="hljs-string">"application/javascript"</span>,<br />    <span class="hljs-attr">"json"</span>: <span class="hljs-string">"application/json"</span>,<br />    <span class="hljs-attr">"map"</span>: <span class="hljs-string">"application/json"</span><br />  },<br />  <span class="hljs-attr">"middleware"</span>: {<br />    <span class="hljs-attr">"cors"</span>: {<br />      <span class="hljs-attr">"enabled"</span>: <span class="hljs-literal">true</span>,<br />      <span class="hljs-attr">"origin"</span>: <span class="hljs-string">"*"</span><br />    },<br />    <span class="hljs-attr">"compression"</span>: {<br />      <span class="hljs-attr">"enabled"</span>: <span class="hljs-literal">false</span><br />    }<br />  }<br />}</code></pre>
+
+    <h3>Production Configuration</h3>
+    <p>Create <code>.config.prod.json</code> for production:</p>
+    <pre><code class="hljs json">{<br />  <span class="hljs-attr">"allowedMimes"</span>: {<br />    <span class="hljs-attr">"html"</span>: <span class="hljs-string">"text/html"</span>,<br />    <span class="hljs-attr">"css"</span>: <span class="hljs-string">"text/css"</span>,<br />    <span class="hljs-attr">"js"</span>: <span class="hljs-string">"application/javascript"</span>,<br />    <span class="hljs-attr">"json"</span>: <span class="hljs-string">"application/json"</span>,<br />    <span class="hljs-attr">"png"</span>: <span class="hljs-string">"image/png"</span>,<br />    <span class="hljs-attr">"jpg"</span>: <span class="hljs-string">"image/jpeg"</span><br />  },<br />  <span class="hljs-attr">"disallowedRegex"</span>: [<br />    <span class="hljs-string">"^/\\..*"</span>,<br />    <span class="hljs-string">"\\.env$"</span>,<br />    <span class="hljs-string">"\\.config$"</span>,<br />    <span class="hljs-string">"password"</span>,<br />    <span class="hljs-string">"node_modules"</span>,<br />    <span class="hljs-string">"\\.git"</span>,<br />    <span class="hljs-string">"\\.map$"</span><br />  ],<br />  <span class="hljs-attr">"middleware"</span>: {<br />    <span class="hljs-attr">"cors"</span>: {<br />      <span class="hljs-attr">"enabled"</span>: <span class="hljs-literal">true</span>,<br />      <span class="hljs-attr">"origin"</span>: <span class="hljs-string">"https://yourdomain.com"</span><br />    },<br />    <span class="hljs-attr">"compression"</span>: {<br />      <span class="hljs-attr">"enabled"</span>: <span class="hljs-literal">true</span>,<br />      <span class="hljs-attr">"threshold"</span>: <span class="hljs-number">1024</span><br />    },<br />    <span class="hljs-attr">"security"</span>: {<br />      <span class="hljs-attr">"enabled"</span>: <span class="hljs-literal">true</span>,<br />      <span class="hljs-attr">"headers"</span>: {<br />        <span class="hljs-attr">"X-Content-Type-Options"</span>: <span class="hljs-string">"nosniff"</span>,<br />        <span class="hljs-attr">"X-Frame-Options"</span>: <span class="hljs-string">"DENY"</span>,<br />        <span class="hljs-attr">"X-XSS-Protection"</span>: <span class="hljs-string">"1; mode=block"</span>,<br />        <span class="hljs-attr">"Strict-Transport-Security"</span>: <span class="hljs-string">"max-age=31536000; includeSubDomains"</span><br />      }<br />    }<br />  }<br />}</code></pre>
+
+    <h2>Configuration Tips</h2>
+    
+    <h3>Security Best Practices</h3>
+    <ul>
+      <li>Always include patterns to block sensitive files in <code>disallowedRegex</code></li>
+      <li>Use strict CORS settings in production</li>
+      <li>Enable security headers middleware</li>
+      <li>Don't serve source maps in production</li>
+    </ul>
+
+    <h3>Performance Optimization</h3>
+    <ul>
+      <li>Use <code>noRescanPaths</code> for static assets to improve performance</li>
+      <li>Enable compression for larger files</li>
+      <li>Use custom routes to serve files from CDN or optimized locations</li>
+      <li>Limit <code>maxRescanAttempts</code> to prevent excessive file system scanning</li>
+    </ul>
+
+    <h3>Development vs Production</h3>
+    <ul>
+      <li>Enable source maps in development, disable in production</li>
+      <li>Use relaxed CORS in development, strict in production</li>
+      <li>Enable compression in production for better performance</li>
+      <li>Add more security headers in production</li>
+    </ul>
+  </main>
+  <div style="height:25vh"></div>
+</body>
+</html>