npm - mastercontroller - Versions diffs - 1.3.22 → 1.3.24 - Mend

mastercontroller 1.3.22 → 1.3.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/MasterRouter.js +26 -8
package/package.json +1 -1

package/MasterRouter.js CHANGED Viewed

@@ -124,14 +124,18 @@ const ROUTER_CONFIG = {
         return paramValue;
     }
+    // Fast path: skip expensive regex checks for simple alphanumeric values
+    if (/^[a-zA-Z0-9_-]+$/.test(paramValue)) {
+        return paramValue;
+    }
     // Check for path traversal attempts
     const pathCheck = detectPathTraversal(paramValue);
     if (!pathCheck.safe) {
         logger.warn({
             code: 'MC_SECURITY_PATH_TRAVERSAL',
             message: 'Path traversal attempt detected in route parameter',
-            param: paramName,
-            value: paramValue
+            context: { param: paramName, value: paramValue }
         });
         // Remove dangerous content
@@ -144,8 +148,7 @@ const ROUTER_CONFIG = {
         logger.warn({
             code: 'MC_SECURITY_SQL_INJECTION',
             message: 'SQL injection attempt detected in route parameter',
-            param: paramName,
-            value: paramValue
+            context: { param: paramName, value: paramValue }
         });
         // Escape to prevent injection
@@ -158,8 +161,7 @@ const ROUTER_CONFIG = {
         logger.warn({
             code: 'MC_SECURITY_COMMAND_INJECTION',
             message: 'Command injection attempt detected in route parameter',
-            param: paramName,
-            value: paramValue
+            context: { param: paramName, value: paramValue }
         });
         // Remove dangerous characters
@@ -810,7 +812,7 @@ class MasterRouter {
              const control = new Control(requestObject);
              const _callEmit = new EventEmitter();
-             _callEmit.on(EVENT_NAMES.CONTROLLER, function(){
+             _callEmit.once(EVENT_NAMES.CONTROLLER, function(){
                 try {
                     control.next = function(){
                         control.__callAfterAction(control, requestObject);
@@ -830,7 +832,18 @@ class MasterRouter {
                     // Execute action
                     Promise.resolve(wrappedAction.call(control, requestObject))
-                        .then(() => {
+                        .then((returnValue) => {
+                            // Auto-send return value as JSON if controller returned data
+                            // and no response was sent yet (e.g., overridden returnJson pattern)
+                            if (returnValue !== undefined && returnValue !== null
+                                && !requestObject.response.headersSent && !requestObject.response._headerSent) {
+                                const json = JSON.stringify(returnValue);
+                                requestObject.response.writeHead(200, {
+                                    'Content-Type': 'application/json',
+                                    'Content-Length': Buffer.byteLength(json, 'utf8')
+                                });
+                                requestObject.response.end(json);
+                            }
                             performanceTracker.end(requestId);
                             // MEMORY LEAK FIX: Clean up event listeners
                             _callEmit.removeAllListeners();
@@ -961,6 +974,11 @@ class MasterRouter {
                 throw new TypeError('Request object must have a valid type (HTTP method)');
             }
+            // Skip route processing for OPTIONS requests already handled by CORS middleware
+            if (rr.type.toLowerCase() === 'options' && (rr.response.headersSent || rr.response._headerSent)) {
+                return;
+            }
             const $that = this;
             // FIX: Use direct reference instead of Object.create() to preserve request/response objects
             // Object.create() puts properties on prototype, causing undefined access issues

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mastercontroller",
-  "version": "1.3.22",
+  "version": "1.3.24",
   "description": "Fortune 500 ready Node.js MVC framework with enterprise security, monitoring, and horizontal scaling",
   "main": "MasterControl.js",
   "license": "MIT",