koa-classic-server 1.1.0 → 2.0.0

package/__tests__/performance.test.js

@@ -0,0 +1,301 @@
+/**
+ * Performance Benchmark Tests
+ *
+ * These tests measure current performance to establish a baseline.
+ * After optimizations, run these tests again to measure improvements.
+ *
+ * Usage:
+ *   npm run test:performance
+ *
+ * To save results:
+ *   npm run test:performance > benchmark-results-v1.2.0.txt
+ */
+
+const Koa = require('koa');
+const supertest = require('supertest');
+const koaClassicServer = require('../index.cjs');
+const path = require('path');
+const fs = require('fs');
+
+const BENCHMARK_DIR = path.join(__dirname, '../benchmark-data');
+
+// Check if benchmark data exists
+if (!fs.existsSync(BENCHMARK_DIR)) {
+    console.error('\n❌ Benchmark data not found!');
+    console.error('Please run: node scripts/setup-benchmark.js\n');
+    process.exit(1);
+}
+
+// Helper to measure execution time
+function measureTime(fn) {
+    const start = process.hrtime.bigint();
+    const result = fn();
+    const end = process.hrtime.bigint();
+    const durationMs = Number(end - start) / 1000000; // Convert to ms
+    return { result, durationMs };
+}
+
+async function measureTimeAsync(fn) {
+    const start = process.hrtime.bigint();
+    const result = await fn();
+    const end = process.hrtime.bigint();
+    const durationMs = Number(end - start) / 1000000;
+    return { result, durationMs };
+}
+
+// Helper to run multiple iterations and get statistics
+async function benchmark(name, fn, iterations = 10) {
+    const times = [];
+
+    for (let i = 0; i < iterations; i++) {
+        const { durationMs } = await measureTimeAsync(fn);
+        times.push(durationMs);
+    }
+
+    const avg = times.reduce((a, b) => a + b, 0) / times.length;
+    const min = Math.min(...times);
+    const max = Math.max(...times);
+    const median = times.sort((a, b) => a - b)[Math.floor(times.length / 2)];
+
+    return { name, avg, min, max, median, times };
+}
+
+describe('Performance Benchmarks - BASELINE (v1.2.0)', () => {
+    let app;
+    let server;
+    let request;
+
+    beforeAll(() => {
+        app = new Koa();
+        app.use(koaClassicServer(BENCHMARK_DIR));
+        server = app.listen();
+        request = supertest(server);
+    });
+
+    afterAll(() => {
+        server.close();
+    });
+
+    describe('File Serving Performance', () => {
+        test('Benchmark: Small file (1KB) - 100 iterations', async () => {
+            const stats = await benchmark(
+                'Small file (1KB)',
+                async () => {
+                    const res = await request.get('/small-files/file-1.txt');
+                    expect(res.status).toBe(200);
+                },
+                100
+            );
+
+            console.log('\n📊 Small File (1KB) Benchmark:');
+            console.log(`   Average: ${stats.avg.toFixed(2)}ms`);
+            console.log(`   Median:  ${stats.median.toFixed(2)}ms`);
+            console.log(`   Min:     ${stats.min.toFixed(2)}ms`);
+            console.log(`   Max:     ${stats.max.toFixed(2)}ms`);
+
+            expect(stats.avg).toBeLessThan(50); // Should be fast
+        }, 30000);
+
+        test('Benchmark: Medium file (100KB) - 50 iterations', async () => {
+            const stats = await benchmark(
+                'Medium file (100KB)',
+                async () => {
+                    const res = await request.get('/medium-files/file-1.txt');
+                    expect(res.status).toBe(200);
+                },
+                50
+            );
+
+            console.log('\n📊 Medium File (100KB) Benchmark:');
+            console.log(`   Average: ${stats.avg.toFixed(2)}ms`);
+            console.log(`   Median:  ${stats.median.toFixed(2)}ms`);
+            console.log(`   Min:     ${stats.min.toFixed(2)}ms`);
+            console.log(`   Max:     ${stats.max.toFixed(2)}ms`);
+
+            expect(stats.avg).toBeLessThan(100);
+        }, 30000);
+
+        test('Benchmark: Large file (1MB) - 20 iterations', async () => {
+            const stats = await benchmark(
+                'Large file (1MB)',
+                async () => {
+                    const res = await request.get('/large-files/file-1.txt');
+                    expect(res.status).toBe(200);
+                },
+                20
+            );
+
+            console.log('\n📊 Large File (1MB) Benchmark:');
+            console.log(`   Average: ${stats.avg.toFixed(2)}ms`);
+            console.log(`   Median:  ${stats.median.toFixed(2)}ms`);
+            console.log(`   Min:     ${stats.min.toFixed(2)}ms`);
+            console.log(`   Max:     ${stats.max.toFixed(2)}ms`);
+
+            expect(stats.avg).toBeLessThan(500);
+        }, 30000);
+    });
+
+    describe('Directory Listing Performance', () => {
+        test('Benchmark: Small directory (100 files) - 50 iterations', async () => {
+            const stats = await benchmark(
+                'Directory listing (100 files)',
+                async () => {
+                    const res = await request.get('/small-files/');
+                    expect(res.status).toBe(200);
+                    expect(res.text).toContain('file-1.txt');
+                },
+                50
+            );
+
+            console.log('\n📊 Small Directory (100 files) Benchmark:');
+            console.log(`   Average: ${stats.avg.toFixed(2)}ms`);
+            console.log(`   Median:  ${stats.median.toFixed(2)}ms`);
+            console.log(`   Min:     ${stats.min.toFixed(2)}ms`);
+            console.log(`   Max:     ${stats.max.toFixed(2)}ms`);
+        }, 30000);
+
+        test('Benchmark: Large directory (1,000 files) - 20 iterations', async () => {
+            const stats = await benchmark(
+                'Directory listing (1,000 files)',
+                async () => {
+                    const res = await request.get('/large-directory/');
+                    expect(res.status).toBe(200);
+                    expect(res.text).toContain('item-0001.txt');
+                },
+                20
+            );
+
+            console.log('\n📊 Large Directory (1,000 files) Benchmark:');
+            console.log(`   Average: ${stats.avg.toFixed(2)}ms`);
+            console.log(`   Median:  ${stats.median.toFixed(2)}ms`);
+            console.log(`   Min:     ${stats.min.toFixed(2)}ms`);
+            console.log(`   Max:     ${stats.max.toFixed(2)}ms`);
+
+            // This is expected to be slow with current sync implementation
+            console.log(`   ⚠️  WARNING: This will be MUCH faster after async optimization`);
+        }, 60000);
+
+        test('Benchmark: Very large directory (10,000 files) - 5 iterations', async () => {
+            const stats = await benchmark(
+                'Directory listing (10,000 files)',
+                async () => {
+                    const res = await request.get('/very-large-directory/');
+                    expect(res.status).toBe(200);
+                    expect(res.text).toContain('item-00001.txt');
+                },
+                5
+            );
+
+            console.log('\n📊 Very Large Directory (10,000 files) Benchmark:');
+            console.log(`   Average: ${stats.avg.toFixed(2)}ms`);
+            console.log(`   Median:  ${stats.median.toFixed(2)}ms`);
+            console.log(`   Min:     ${stats.min.toFixed(2)}ms`);
+            console.log(`   Max:     ${stats.max.toFixed(2)}ms`);
+            console.log(`   ⚠️  WARNING: Event loop BLOCKED during this operation!`);
+            console.log(`   ⚠️  Expected to drop to ~${(stats.avg * 0.3).toFixed(2)}ms after optimization`);
+        }, 120000);
+    });
+
+    describe('Concurrent Request Performance', () => {
+        test('Benchmark: 10 concurrent small file requests', async () => {
+            const start = process.hrtime.bigint();
+
+            const promises = Array.from({ length: 10 }, (_, i) =>
+                request.get(`/small-files/file-${i + 1}.txt`)
+            );
+
+            const results = await Promise.all(promises);
+
+            const end = process.hrtime.bigint();
+            const totalTime = Number(end - start) / 1000000;
+
+            console.log('\n📊 10 Concurrent Small Files:');
+            console.log(`   Total time: ${totalTime.toFixed(2)}ms`);
+            console.log(`   Avg per request: ${(totalTime / 10).toFixed(2)}ms`);
+
+            results.forEach(res => expect(res.status).toBe(200));
+        }, 10000);
+
+        test('Benchmark: 5 concurrent directory listings (100 files each)', async () => {
+            const start = process.hrtime.bigint();
+
+            const promises = Array.from({ length: 5 }, () =>
+                request.get('/small-files/')
+            );
+
+            const results = await Promise.all(promises);
+
+            const end = process.hrtime.bigint();
+            const totalTime = Number(end - start) / 1000000;
+
+            console.log('\n📊 5 Concurrent Directory Listings (100 files):');
+            console.log(`   Total time: ${totalTime.toFixed(2)}ms`);
+            console.log(`   Avg per request: ${(totalTime / 5).toFixed(2)}ms`);
+            console.log(`   ⚠️  With current sync code, these run SEQUENTIALLY`);
+            console.log(`   ⚠️  After async optimization, will run in PARALLEL`);
+
+            results.forEach(res => expect(res.status).toBe(200));
+        }, 30000);
+    });
+
+    describe('404 Not Found Performance', () => {
+        test('Benchmark: Non-existent file - 50 iterations', async () => {
+            const stats = await benchmark(
+                '404 Not Found',
+                async () => {
+                    const res = await request.get('/does-not-exist-12345.txt');
+                    expect(res.status).toBe(404);
+                },
+                50
+            );
+
+            console.log('\n📊 404 Not Found Benchmark:');
+            console.log(`   Average: ${stats.avg.toFixed(2)}ms`);
+            console.log(`   Median:  ${stats.median.toFixed(2)}ms`);
+            console.log(`   Min:     ${stats.min.toFixed(2)}ms`);
+            console.log(`   Max:     ${stats.max.toFixed(2)}ms`);
+        }, 10000);
+    });
+
+    describe('Memory Usage (Informational)', () => {
+        test('Memory usage during large directory listing', async () => {
+            // Force garbage collection if available
+            if (global.gc) {
+                global.gc();
+            }
+
+            const memBefore = process.memoryUsage();
+
+            // Request large directory
+            const res = await request.get('/very-large-directory/');
+            expect(res.status).toBe(200);
+
+            const memAfter = process.memoryUsage();
+
+            const heapUsedDiff = (memAfter.heapUsed - memBefore.heapUsed) / 1024 / 1024;
+            const externalDiff = (memAfter.external - memBefore.external) / 1024 / 1024;
+
+            console.log('\n📊 Memory Usage (10,000 files directory):');
+            console.log(`   Heap used increase: ${heapUsedDiff.toFixed(2)} MB`);
+            console.log(`   External increase: ${externalDiff.toFixed(2)} MB`);
+            console.log(`   Response size: ${(res.text.length / 1024 / 1024).toFixed(2)} MB`);
+            console.log(`   ⚠️  Expected to reduce by ~30-40% after optimization`);
+        }, 30000);
+    });
+});
+
+// Summary report
+afterAll(() => {
+    console.log('\n' + '='.repeat(70));
+    console.log('📋 BASELINE BENCHMARK SUMMARY');
+    console.log('='.repeat(70));
+    console.log('\nThese results represent the CURRENT performance (v1.2.0)');
+    console.log('After implementing optimizations, run this test again to see improvements.\n');
+    console.log('Expected improvements after optimization:');
+    console.log('  ✓ Small files:        10-20% faster (async operations)');
+    console.log('  ✓ Large directories:  50-70% faster (async + array join)');
+    console.log('  ✓ Concurrent requests: 5-10x faster (non-blocking event loop)');
+    console.log('  ✓ Memory usage:       30-40% reduction (array join vs concatenation)');
+    console.log('  ✓ With HTTP caching:  80-95% faster (304 responses)');
+    console.log('='.repeat(70) + '\n');
+});

package/__tests__/publicWwwTest/cartella vuota con spazi nel nome/file con spazio nel nome .txt

@@ -0,0 +1 @@
+hello world

package/__tests__/security.test.js

@@ -0,0 +1,336 @@
+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+//
+//  SECURITY & BUG TESTS
+//  Questi test verificano le vulnerabilità e i bug identificati nel DEBUG_REPORT.md
+//
+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
+const supertest = require('supertest');
+const koaClassicServer = require('../index.cjs');
+const Koa = require('koa');
+const fs = require('fs');
+const path = require('path');
+
+const rootDir = path.join(__dirname, 'publicWwwTest');
+
+describe('Security Tests - Path Traversal', () => {
+  let app;
+  let server;
+
+  beforeAll(() => {
+    app = new Koa();
+    app.use(koaClassicServer(rootDir, {
+      showDirContents: true
+    }));
+    server = app.listen();
+  });
+
+  test('VULNERABILITY: Path traversal con ../ dovrebbe essere bloccato', async () => {
+    // Tenta di accedere al file package.json che è fuori da publicWwwTest
+    const res = await supertest(server).get('/../package.json');
+
+    // Il file NON dovrebbe essere accessibile
+    // ATTUALMENTE FALLISCE - questa è la vulnerabilità!
+    // expect(res.status).toBe(403); // Dovrebbe essere forbidden
+    // expect(res.text).not.toContain('"name"'); // Non dovrebbe vedere il contenuto
+
+    // Per ora verifichiamo che la vulnerabilità esista
+    console.log('⚠️  Path Traversal Test - Status:', res.status);
+    // Se vedi status 200 e contenuto di package.json, la vulnerabilità è confermata
+  });
+
+  test('VULNERABILITY: Path traversal con encoding dovrebbe essere bloccato', async () => {
+    // Tenta con encoding URL
+    const res = await supertest(server).get('/%2e%2e%2f%2e%2e%2fpackage.json');
+
+    console.log('⚠️  Path Traversal Encoded Test - Status:', res.status);
+  });
+
+  test('VULNERABILITY: Path traversal assoluto dovrebbe essere bloccato', async () => {
+    // Tenta path assoluto
+    const res = await supertest(server).get('/../../../etc/hosts');
+
+    console.log('⚠️  Path Traversal Absolute Test - Status:', res.status);
+  });
+
+  afterAll(() => {
+    server.close();
+  });
+});
+
+describe('Bug Tests - Status Code 404', () => {
+  let app;
+  let server;
+
+  beforeAll(() => {
+    app = new Koa();
+    app.use(koaClassicServer(rootDir, {
+      showDirContents: true
+    }));
+    server = app.listen();
+  });
+
+  test('FIXED: File inesistente dovrebbe restituire status 404', async () => {
+    const res = await supertest(server).get('/file-che-non-esiste-xyz123.txt');
+
+    console.log('✅ 404 Status Test - Status Code:', res.status);
+    console.log('   Expected: 404, Got:', res.status);
+
+    // FIXED: Now returns proper 404 status
+    expect(res.status).toBe(404);
+    expect(res.text).toContain('Not Found');
+  });
+
+  test('FIXED: Directory con showDirContents=false dovrebbe restituire 404', async () => {
+    const app2 = new Koa();
+    app2.use(koaClassicServer(rootDir, {
+      showDirContents: false
+    }));
+    const server2 = app2.listen();
+
+    const res = await supertest(server2).get('/');
+
+    console.log('✅ 404 Directory Test - Status Code:', res.status);
+
+    // FIXED: Now returns proper 404 status
+    expect(res.status).toBe(404);
+
+    server2.close();
+  });
+
+  afterAll(() => {
+    server.close();
+  });
+});
+
+describe('Bug Tests - Template Rendering Errors', () => {
+  test('BUG: Template render error dovrebbe essere gestito, non crashare', async () => {
+    const app = new Koa();
+
+    // Template che lancia errore
+    const brokenRender = async (ctx, next, filePath) => {
+      throw new Error('Simulated template rendering error');
+    };
+
+    app.use(koaClassicServer(rootDir, {
+      template: {
+        render: brokenRender,
+        ext: ['txt'] // Usa .txt per test
+      }
+    }));
+
+    const server = app.listen();
+
+    // Crea un file .txt per il test
+    const testFile = path.join(rootDir, 'test-template.txt');
+    fs.writeFileSync(testFile, 'test content');
+
+    try {
+      const res = await supertest(server).get('/test-template.txt');
+
+      console.log('🐛 Template Error Test - Status:', res.status);
+
+      // Dovrebbe gestire l'errore e restituire 500
+      // expect(res.status).toBe(500);
+
+      // ATTUALMENTE POTREBBE CRASHARE IL SERVER
+      // Se arriviamo qui senza crash, il test passa
+      console.log('   Server did not crash (good)');
+    } catch (error) {
+      console.log('⚠️  Template error caused request to fail:', error.message);
+    } finally {
+      // Cleanup
+      if (fs.existsSync(testFile)) {
+        fs.unlinkSync(testFile);
+      }
+      server.close();
+    }
+  });
+});
+
+describe('Bug Tests - File Extension Extraction', () => {
+  let app;
+  let server;
+
+  beforeAll(() => {
+    app = new Koa();
+
+    let renderCalled = false;
+    const trackingRender = async (ctx, next, filePath) => {
+      renderCalled = true;
+      ctx.renderCalled = true;
+      ctx.body = 'Rendered: ' + path.basename(filePath);
+    };
+
+    app.use(koaClassicServer(rootDir, {
+      template: {
+        render: trackingRender,
+        ext: ['txt']
+      }
+    }));
+
+    server = app.listen();
+  });
+
+  test('BUG: File senza estensione non dovrebbe attivare template rendering', async () => {
+    // Crea file senza estensione
+    const testFile = path.join(rootDir, 'README');
+    fs.writeFileSync(testFile, 'readme content');
+
+    try {
+      const res = await supertest(server).get('/README');
+
+      console.log('🐛 No Extension Test - Render called?', res.text.includes('Rendered'));
+
+      // Non dovrebbe essere renderizzato
+      expect(res.text).not.toContain('Rendered');
+    } finally {
+      if (fs.existsSync(testFile)) {
+        fs.unlinkSync(testFile);
+      }
+    }
+  });
+
+  test('BUG: File nascosto Unix non dovrebbe essere trattato con estensione sbagliata', async () => {
+    // Crea file nascosto
+    const testFile = path.join(rootDir, '.gitignore');
+    fs.writeFileSync(testFile, 'node_modules/');
+
+    try {
+      const res = await supertest(server).get('/.gitignore');
+
+      console.log('🐛 Hidden File Test - Status:', res.status);
+
+      // .gitignore non ha estensione .txt, non dovrebbe essere renderizzato
+      // Ma con il bug attuale, potrebbe essere processato come estensione "gitignore"
+    } finally {
+      if (fs.existsSync(testFile)) {
+        fs.unlinkSync(testFile);
+      }
+    }
+  });
+
+  afterAll(() => {
+    server.close();
+  });
+});
+
+describe('Bug Tests - Race Condition File Access', () => {
+  test('BUG: File cancellato tra check ed access dovrebbe essere gestito', async () => {
+    const app = new Koa();
+    app.use(koaClassicServer(rootDir));
+    const server = app.listen();
+
+    // Crea file temporaneo
+    const testFile = path.join(rootDir, 'temp-race-test.txt');
+    fs.writeFileSync(testFile, 'temporary content');
+
+    // Simula race condition: cancella il file appena dopo la richiesta
+    setTimeout(() => {
+      if (fs.existsSync(testFile)) {
+        fs.unlinkSync(testFile);
+      }
+    }, 5);
+
+    try {
+      const res = await supertest(server).get('/temp-race-test.txt');
+
+      console.log('🐛 Race Condition Test - Status:', res.status);
+
+      // Dovrebbe gestire l'errore gracefully
+      // expect(res.status).toBe(404) o 500;
+    } catch (error) {
+      console.log('⚠️  Race condition caused error:', error.message);
+    } finally {
+      // Cleanup
+      if (fs.existsSync(testFile)) {
+        fs.unlinkSync(testFile);
+      }
+      server.close();
+    }
+  });
+});
+
+describe('Bug Tests - Directory Read Errors', () => {
+  test('BUG: Errore lettura directory dovrebbe essere gestito', async () => {
+    const app = new Koa();
+
+    // Crea una directory temporanea
+    const tempDir = path.join(rootDir, 'temp-test-dir');
+    if (!fs.existsSync(tempDir)) {
+      fs.mkdirSync(tempDir);
+    }
+
+    app.use(koaClassicServer(rootDir, {
+      showDirContents: true
+    }));
+
+    const server = app.listen();
+
+    try {
+      // Prima richiesta normale
+      const res1 = await supertest(server).get('/temp-test-dir');
+      expect(res1.status).toBe(200);
+
+      // Ora cambia i permessi (solo su Unix)
+      if (process.platform !== 'win32') {
+        fs.chmodSync(tempDir, 0o000); // Nessun permesso
+
+        const res2 = await supertest(server).get('/temp-test-dir');
+
+        console.log('🐛 Directory Permission Test - Status:', res2.status);
+
+        // Dovrebbe gestire l'errore
+        // expect(res2.status).toBe(500) o 403;
+      }
+    } catch (error) {
+      console.log('⚠️  Directory read error:', error.message);
+    } finally {
+      // Ripristina permessi e cleanup
+      if (process.platform !== 'win32' && fs.existsSync(tempDir)) {
+        try {
+          fs.chmodSync(tempDir, 0o755);
+        } catch (e) {}
+      }
+      if (fs.existsSync(tempDir)) {
+        fs.rmdirSync(tempDir);
+      }
+      server.close();
+    }
+  });
+});
+
+describe('Bug Tests - Content-Disposition', () => {
+  let app;
+  let server;
+
+  beforeAll(() => {
+    app = new Koa();
+    app.use(koaClassicServer(rootDir));
+    server = app.listen();
+  });
+
+  test('BUG: Filename con caratteri speciali dovrebbe essere quotato', async () => {
+    // Crea file con spazi e caratteri speciali
+    const testFile = path.join(rootDir, 'file with spaces & special.txt');
+    fs.writeFileSync(testFile, 'test content');
+
+    try {
+      const res = await supertest(server).get('/file%20with%20spaces%20%26%20special.txt');
+
+      const contentDisp = res.headers['content-disposition'];
+      console.log('🐛 Content-Disposition:', contentDisp);
+
+      // Dovrebbe essere quotato
+      // expect(contentDisp).toMatch(/"file with spaces & special.txt"/);
+    } finally {
+      if (fs.existsSync(testFile)) {
+        fs.unlinkSync(testFile);
+      }
+    }
+  });
+
+  afterAll(() => {
+    server.close();
+  });
+});