mastercontroller 1.3.35 → 1.3.36

package/MasterControl.js

@@ -902,7 +902,7 @@ class MasterControl {
                 return; // Terminal - don't call next()
             }
 
-            await next(); // Not static, continue pipeline
+            if (typeof next === 'function') await next(); // Not static, continue pipeline
         });
 
         // 2. Timeout Tracking (optional - disabled by default until init)
@@ -924,7 +924,7 @@ class MasterControl {
                 ctx.params.formData = params.formData;
             }
 
-            await next();
+            if (typeof next === 'function') await next();
         });
 
         // 4. Load Scoped Services (per request - always needed)
@@ -938,7 +938,7 @@ class MasterControl {
                 const className = $that._scopedList[key];
                 $that.requestList[key] = new className();
             }
-            await next();
+            if (typeof next === 'function') await next();
         });
 
         // 4. HSTS Header (if enabled for HTTPS)
@@ -954,7 +954,7 @@ class MasterControl {
                 }
                 ctx.response.setHeader('Strict-Transport-Security', hstsValue);
             }
-            await next();
+            if (typeof next === 'function') await next();
         });
 
         // 5. Routing and Error Handler are registered in start() so that user

package/MasterCors.js

@@ -243,7 +243,7 @@ class MasterCors{
 
 			// Regular request - apply CORS headers
 			$that.load({ request: ctx.request, response: ctx.response });
-			await next();
+			if (typeof next === 'function') await next();
 		};
 	}
 }

package/MasterPipeline.js

@@ -116,12 +116,12 @@ class MasterPipeline {
                 // Execute branch pipeline
                 await branch.execute(ctx);
                 // Stop if response already sent (e.g., auth rejection)
-                if (!ctx.response.headersSent && !ctx.response.writableEnded) {
+                if (!ctx.response.headersSent && !ctx.response.writableEnded && typeof next === 'function') {
                     await next();
                 }
             } else {
                 // Skip branch, continue main pipeline
-                await next();
+                if (typeof next === 'function') await next();
             }
         };
 

package/MasterTimeout.js

@@ -483,7 +483,7 @@ class MasterTimeout {
 
         return async (ctx, next) => {
             if (!$that.enabled) {
-                await next();
+                if (typeof next === 'function') await next();
                 return;
             }
 
@@ -493,7 +493,7 @@ class MasterTimeout {
                 requestId = $that.startTracking(ctx);
                 ctx.requestId = requestId;
 
-                await next();
+                if (typeof next === 'function') await next();
             } catch (err) {
                 // Stop tracking on error (with error handling)
                 if (requestId) {

package/monitoring/HealthCheck.js

@@ -55,7 +55,8 @@ class HealthCheck {
 
       // Only handle health check endpoint
       if (requestPath !== self.options.endpoint) {
-        return await next();
+        if (typeof next === 'function') return await next();
+        return;
       }
 
       // Log health check request
@@ -226,7 +227,8 @@ class HealthCheck {
       const requestPath = req.url.split('?')[0];
 
       if (requestPath !== self.options.endpoint) {
-        return next();
+        if (typeof next === 'function') return next();
+        return;
       }
 
       try {

package/monitoring/PrometheusExporter.js

@@ -142,7 +142,7 @@ class PrometheusExporter {
 
       try {
         // Continue pipeline
-        await next();
+        if (typeof next === 'function') await next();
 
         // Record metrics on success
         const duration = (Date.now() - startTime) / 1000; // Convert to seconds

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mastercontroller",
-  "version": "1.3.35",
+  "version": "1.3.36",
   "description": "Fortune 500 ready Node.js MVC framework with enterprise security, monitoring, and horizontal scaling",
   "main": "MasterControl.js",
   "license": "MIT",

package/security/CSPConfig.js

@@ -95,7 +95,8 @@ class CSPConfig {
   middleware() {
     return (req, res, next) => {
       if (!this.enabled) {
-        return next();
+        if (typeof next === 'function') next();
+        return;
       }
 
       // Generate nonce for this request if needed
@@ -111,7 +112,7 @@ class CSPConfig {
       const headerName = this.reportOnly ? 'Content-Security-Policy-Report-Only' : 'Content-Security-Policy';
       res.setHeader(headerName, headerValue);
 
-      next();
+      if (typeof next === 'function') next();
     };
   }
 

package/security/SecurityEnforcement.js

@@ -163,7 +163,7 @@ class SecurityEnforcement {
 			SecurityEnforcement._applySecurityHeaders(ctx.response);
 
 			// Continue to next middleware
-			await next();
+			if (typeof next === 'function') await next();
 		};
 	}
 

package/security/SecurityMiddleware.js

@@ -74,7 +74,8 @@ class SecurityMiddleware {
    */
   securityHeadersMiddleware(req, res, next) {
     if (!this.headersEnabled) {
-      return next();
+      if (typeof next === 'function') next();
+      return;
     }
 
     // Apply standard security headers
@@ -96,7 +97,7 @@ class SecurityMiddleware {
       }
     }
 
-    next();
+    if (typeof next === 'function') next();
   }
 
   /**
@@ -104,7 +105,8 @@ class SecurityMiddleware {
    */
   corsMiddleware(req, res, next) {
     if (!this.corsEnabled) {
-      return next();
+      if (typeof next === 'function') next();
+      return;
     }
 
     const origin = req.headers.origin;
@@ -125,7 +127,7 @@ class SecurityMiddleware {
       return;
     }
 
-    next();
+    if (typeof next === 'function') next();
   }
 
   /**
@@ -133,7 +135,8 @@ class SecurityMiddleware {
    */
   rateLimitMiddleware(req, res, next) {
     if (!this.rateLimitEnabled) {
-      return next();
+      if (typeof next === 'function') next();
+      return;
     }
 
     const identifier = this._getClientIdentifier(req);
@@ -209,7 +212,7 @@ class SecurityMiddleware {
     res.setHeader('X-RateLimit-Remaining', remaining);
     res.setHeader('X-RateLimit-Reset', new Date(resetTime).toISOString());
 
-    next();
+    if (typeof next === 'function') next();
   }
 
   /**
@@ -217,13 +220,15 @@ class SecurityMiddleware {
    */
   csrfMiddleware(req, res, next) {
     if (!this.csrfEnabled) {
-      return next();
+      if (typeof next === 'function') next();
+      return;
     }
 
     // Skip CSRF for safe methods
     const safeMethods = ['GET', 'HEAD', 'OPTIONS'];
     if (safeMethods.includes(req.method)) {
-      return next();
+      if (typeof next === 'function') next();
+      return;
     }
 
     // Get CSRF token from request
@@ -291,7 +296,7 @@ class SecurityMiddleware {
     }
 
     // Token valid, continue
-    next();
+    if (typeof next === 'function') next();
   }
 
   /**
@@ -489,7 +494,7 @@ function pipelineSecurityHeaders(options = {}) {
     instance.securityHeadersMiddleware(ctx.request, ctx.response, oldNext);
 
     // Continue pipeline if next was called
-    if (nextCalled) {
+    if (nextCalled && typeof next === 'function') {
       await next();
     }
   };
@@ -504,7 +509,7 @@ function pipelineCors(options = {}) {
     instance.corsMiddleware(ctx.request, ctx.response, oldNext);
 
     // CORS might terminate for OPTIONS - check if response ended
-    if (!ctx.response.writableEnded && nextCalled) {
+    if (!ctx.response.writableEnded && nextCalled && typeof next === 'function') {
       await next();
     }
   };
@@ -519,7 +524,7 @@ function pipelineRateLimit(options = {}) {
     instance.rateLimitMiddleware(ctx.request, ctx.response, oldNext);
 
     // Rate limit might terminate - check if response ended
-    if (!ctx.response.writableEnded && nextCalled) {
+    if (!ctx.response.writableEnded && nextCalled && typeof next === 'function') {
       await next();
     }
   };
@@ -534,7 +539,7 @@ function pipelineCsrf(options = {}) {
     instance.csrfMiddleware(ctx.request, ctx.response, oldNext);
 
     // CSRF might terminate - check if response ended
-    if (!ctx.response.writableEnded && nextCalled) {
+    if (!ctx.response.writableEnded && nextCalled && typeof next === 'function') {
       await next();
     }
   };

package/security/SessionSecurity.js

@@ -90,7 +90,9 @@ class SessionSecurity {
         };
       }
 
-      next();
+      if (typeof next === 'function') {
+        next();
+      }
     };
   }
 

package/security/adapters/RedisCSRFStore.js

@@ -318,7 +318,8 @@ class RedisCSRFStore {
             message: 'CSRF check skipped - no session ID',
             path: ctx.request.url
           });
-          return await next();
+          if (typeof next === 'function') return await next();
+          return;
         }
 
         // Skip CSRF check for safe methods
@@ -326,7 +327,8 @@ class RedisCSRFStore {
         if (ignoreMethods.includes(method)) {
           // Ensure token exists for this session
           await self.get(sessionId);
-          return await next();
+          if (typeof next === 'function') return await next();
+          return;
         }
 
         // Get token from request (header or body)
@@ -373,7 +375,7 @@ class RedisCSRFStore {
         }
 
         // Token valid, continue pipeline
-        await next();
+        if (typeof next === 'function') await next();
 
       } catch (error) {
         logger.error({

package/security/adapters/RedisRateLimiter.js

@@ -441,7 +441,7 @@ class RedisRateLimiter {
         }
 
         // Request allowed, continue pipeline
-        await next();
+        if (typeof next === 'function') await next();
 
       } catch (error) {
         logger.error({
@@ -451,7 +451,7 @@ class RedisRateLimiter {
         });
 
         // On error, allow request (fail open)
-        await next();
+        if (typeof next === 'function') await next();
       }
     };
   }