npm - mastercontroller - Versions diffs - 1.2.14 → 1.3.1 - Mend

mastercontroller 1.2.14 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/.claude/settings.local.json +2 -1
package/MasterControl.js +150 -101
package/MasterCors.js +29 -0
package/MasterPipeline.js +344 -0
package/MasterRouter.js +44 -22
package/MasterSession.js +19 -0
package/MasterTimeout.js +332 -0
package/MasterTools.js +40 -13
package/README.md +1632 -36
package/docs/timeout-and-error-handling.md +712 -0
package/error/MasterErrorRenderer.js +529 -0
package/package.json +5 -5
package/security/SecurityMiddleware.js +73 -1
package/security/SessionSecurity.js +99 -2

package/security/SessionSecurity.js CHANGED Viewed

@@ -25,8 +25,8 @@ class SessionSecurity {
     this.domain = options.domain || null;
     this.path = options.path || '/';
-    // Session fingerprinting
-    this.useFingerprint = options.useFingerprint !== false;
+    // Session fingerprinting (disabled by default like ASP.NET Core)
+    this.useFingerprint = options.useFingerprint === true;
     // Start cleanup interval
     this._startCleanup();
@@ -407,6 +407,103 @@ const SESSION_BEST_PRACTICES = {
   }
 };
+// MasterController Integration
+const master = require('../MasterControl');
+// Create MasterController-compatible wrapper
+class MasterSessionSecurity {
+  constructor() {
+    this._instance = null;
+    this._options = {};
+  }
+  /**
+   * Initialize session security (Rails/Django style)
+   * Auto-registers with middleware pipeline
+   */
+  init(options = {}) {
+    this._options = options;
+    this._instance = new SessionSecurity(options);
+    // Auto-register with pipeline if available
+    if (master.pipeline) {
+      master.pipeline.use(this._instance.middleware());
+    }
+    return this;
+  }
+  /**
+   * Get middleware function
+   */
+  middleware() {
+    if (!this._instance) {
+      this.init();
+    }
+    return this._instance.middleware();
+  }
+  /**
+   * Destroy session
+   */
+  destroy(req, res) {
+    if (!this._instance) {
+      throw new Error('SessionSecurity not initialized. Call master.session.init() first.');
+    }
+    return this._instance.destroySession(req, res);
+  }
+  /**
+   * Get session by ID
+   */
+  getSession(sessionId) {
+    if (!this._instance) {
+      throw new Error('SessionSecurity not initialized. Call master.session.init() first.');
+    }
+    return this._instance.getSession(sessionId);
+  }
+  /**
+   * Touch session (extend expiry)
+   */
+  touch(sessionId) {
+    if (!this._instance) {
+      throw new Error('SessionSecurity not initialized. Call master.session.init() first.');
+    }
+    return this._instance.touch(sessionId);
+  }
+  /**
+   * Get session count (monitoring)
+   */
+  getSessionCount() {
+    if (!this._instance) {
+      throw new Error('SessionSecurity not initialized. Call master.session.init() first.');
+    }
+    return this._instance.getSessionCount();
+  }
+  /**
+   * Clear all sessions (testing only)
+   */
+  clearAllSessions() {
+    if (!this._instance) {
+      throw new Error('SessionSecurity not initialized. Call master.session.init() first.');
+    }
+    return this._instance.clearAllSessions();
+  }
+  /**
+   * Get recommended settings for environment
+   */
+  getBestPractices(env) {
+    return SESSION_BEST_PRACTICES[env] || SESSION_BEST_PRACTICES.development;
+  }
+}
+// Auto-register with MasterController
+master.extend("session", MasterSessionSecurity);
 module.exports = {
   SessionSecurity,
   session,