navis.js 4.0.0 → 5.0.0

package/README.md

@@ -120,7 +120,7 @@ navis metrics
 - ✅ **LambdaHandler** - Optimized handler with warm-up support
 - ✅ **Cold start tracking** - Monitor and log cold start metrics
 
-### v4 (Current)
+### v4
 
 - ✅ **Advanced routing** - Route parameters (`:id`), nested routes, PATCH method
 - ✅ **Request validation** - Schema-based validation with comprehensive rules
@@ -129,6 +129,15 @@ navis metrics
 - ✅ **Rate limiting** - In-memory rate limiting with configurable windows
 - ✅ **Enhanced error handling** - Custom error classes and error handler middleware
 
+### v5 (Current)
+
+- ✅ **Caching layer** - In-memory cache with TTL and Redis adapter
+- ✅ **CORS support** - Cross-Origin Resource Sharing middleware
+- ✅ **Security headers** - Protection against common attacks
+- ✅ **Response compression** - Gzip and Brotli compression
+- ✅ **Health checks** - Liveness and readiness probes
+- ✅ **Graceful shutdown** - Clean shutdown handling
+
 ## API Reference
 
 ### NavisApp
@@ -314,6 +323,7 @@ See the `examples/` directory:
 - `lambda.js` - AWS Lambda handler example
 - `lambda-optimized.js` - Optimized Lambda handler with cold start optimizations (v3.1)
 - `v4-features-demo.js` - v4 features demonstration (routing, validation, auth, rate limiting, etc.)
+- `v5-features-demo.js` - v5 features demonstration (caching, CORS, security, compression, health checks, etc.)
 - `service-client-demo.js` - ServiceClient usage example
 - `v2-features-demo.js` - v2 features demonstration (retry, circuit breaker, etc.)
 - `v3-features-demo.js` - v3 features demonstration (messaging, observability, etc.)
@@ -329,14 +339,18 @@ Resilience patterns: retry, circuit breaker, service discovery, CLI generators
 ### v3 ✅
 Advanced features: async messaging (SQS/Kafka/NATS), observability, enhanced CLI
 
-### v4 ✅ (Current)
+### v4 ✅
 Production-ready: advanced routing, validation, authentication, rate limiting, error handling
 
+### v5 ✅ (Current)
+Enterprise-grade: caching, CORS, security headers, compression, health checks, graceful shutdown
+
 ## Documentation
 
 - [V2 Features Guide](./V2_FEATURES.md) - Complete v2 features documentation
 - [V3 Features Guide](./V3_FEATURES.md) - Complete v3 features documentation
 - [V4 Features Guide](./V4_FEATURES.md) - Complete v4 features documentation
+- [V5 Features Guide](./V5_FEATURES.md) - Complete v5 features documentation
 - [Lambda Optimization Guide](./LAMBDA_OPTIMIZATION.md) - Lambda cold start optimization guide (v3.1)
 - [Verification Guide v2](./VERIFY_V2.md) - How to verify v2 features
 - [Verification Guide v3](./VERIFY_V3.md) - How to verify v3 features

package/examples/v5-features-demo.js

@@ -0,0 +1,167 @@
+/**
+ * Navis.js v5 Features Demo
+ * Demonstrates caching, CORS, security, compression, health checks, and graceful shutdown
+ */
+
+const {
+  NavisApp,
+  response,
+  Cache,
+  cache,
+  cors,
+  security,
+  compress,
+  createHealthChecker,
+  gracefulShutdown,
+} = require('../src/index');
+
+const app = new NavisApp();
+
+// ============================================
+// CORS Middleware
+// ============================================
+app.use(cors({
+  origin: ['http://localhost:3000', 'https://example.com'],
+  methods: ['GET', 'POST', 'PUT', 'DELETE'],
+  credentials: true,
+}));
+
+// ============================================
+// Security Headers
+// ============================================
+app.use(security({
+  helmet: true,
+  hsts: true,
+  noSniff: true,
+  xssFilter: true,
+  frameOptions: 'DENY',
+  referrerPolicy: 'no-referrer',
+}));
+
+// ============================================
+// Response Compression
+// ============================================
+app.use(compress({
+  level: 6,
+  threshold: 1024,
+  algorithm: 'gzip',
+}));
+
+// ============================================
+// Caching
+// ============================================
+const cacheStore = new Cache({
+  maxSize: 1000,
+  defaultTTL: 3600000, // 1 hour
+});
+
+// Cached route
+app.get('/users/:id', cache({
+  cacheStore,
+  ttl: 1800, // 30 minutes
+  keyGenerator: (req) => `user:${req.params.id}`,
+}), (req, res) => {
+  // Simulate database query
+  const user = {
+    id: req.params.id,
+    name: 'John Doe',
+    email: 'john@example.com',
+  };
+  
+  response.success(res, user);
+});
+
+// Non-cached route
+app.get('/users/:id/posts', (req, res) => {
+  response.success(res, {
+    userId: req.params.id,
+    posts: [],
+  });
+});
+
+// ============================================
+// Health Checks
+// ============================================
+const healthChecker = createHealthChecker({
+  livenessPath: '/health/live',
+  readinessPath: '/health/ready',
+  checks: {
+    database: async () => {
+      // Simulate database check
+      return true;
+    },
+    cache: async () => {
+      // Check cache
+      return cacheStore.size() >= 0;
+    },
+  },
+});
+
+app.use(healthChecker.middleware());
+
+// ============================================
+// Routes
+// ============================================
+app.get('/', (req, res) => {
+  response.success(res, {
+    message: 'Navis.js v5 Features Demo',
+    features: [
+      'Caching',
+      'CORS',
+      'Security Headers',
+      'Compression',
+      'Health Checks',
+      'Graceful Shutdown',
+    ],
+  });
+});
+
+app.get('/cache-stats', (req, res) => {
+  response.success(res, {
+    size: cacheStore.size(),
+    keys: cacheStore.keys().slice(0, 10), // First 10 keys
+  });
+});
+
+app.post('/cache/clear', (req, res) => {
+  cacheStore.clear();
+  response.success(res, { message: 'Cache cleared' });
+});
+
+// ============================================
+// Start Server
+// ============================================
+const PORT = 3000;
+const server = app.listen(PORT, () => {
+  console.log(`\n🚀 Navis.js v5 Features Demo Server`);
+  console.log(`📡 Listening on http://localhost:${PORT}\n`);
+  console.log('Available endpoints:');
+  console.log('  GET  /');
+  console.log('  GET  /users/:id (cached)');
+  console.log('  GET  /users/:id/posts');
+  console.log('  GET  /health/live (liveness)');
+  console.log('  GET  /health/ready (readiness)');
+  console.log('  GET  /cache-stats');
+  console.log('  POST /cache/clear');
+  console.log('\n💡 Test with:');
+  console.log('  curl http://localhost:3000/');
+  console.log('  curl http://localhost:3000/users/123');
+  console.log('  curl http://localhost:3000/health/ready');
+});
+
+// ============================================
+// Graceful Shutdown
+// ============================================
+gracefulShutdown(server, {
+  timeout: 10000,
+  onShutdown: async () => {
+    console.log('Cleaning up...');
+    // Close database connections
+    // Close cache connections
+    cacheStore.destroy();
+    console.log('Cleanup complete');
+  },
+});
+
+module.exports = app;
+

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "navis.js",
-  "version": "4.0.0",
+  "version": "5.0.0",
   "description": "A lightweight, serverless-first, microservice API framework designed for AWS Lambda and Node.js",
   "main": "src/index.js",
   "bin": {

package/src/cache/cache.js

@@ -0,0 +1,157 @@
+/**
+ * In-Memory Cache
+ * v5: Simple in-memory caching with TTL support
+ */
+
+class Cache {
+  constructor(options = {}) {
+    this.store = new Map();
+    this.maxSize = options.maxSize || 1000;
+    this.defaultTTL = options.defaultTTL || 3600000; // 1 hour in ms
+    this.cleanupInterval = options.cleanupInterval || 60000; // 1 minute
+    
+    // Start cleanup interval
+    this.intervalId = setInterval(() => {
+      this._cleanup();
+    }, this.cleanupInterval);
+  }
+
+  /**
+   * Set a value in cache
+   * @param {string} key - Cache key
+   * @param {*} value - Value to cache
+   * @param {number} ttl - Time to live in milliseconds
+   */
+  set(key, value, ttl = null) {
+    const expiration = Date.now() + (ttl || this.defaultTTL);
+    
+    // Remove oldest entries if at max size
+    if (this.store.size >= this.maxSize && !this.store.has(key)) {
+      this._evictOldest();
+    }
+    
+    this.store.set(key, {
+      value,
+      expiration,
+    });
+  }
+
+  /**
+   * Get a value from cache
+   * @param {string} key - Cache key
+   * @returns {*} - Cached value or null
+   */
+  get(key) {
+    const entry = this.store.get(key);
+    
+    if (!entry) {
+      return null;
+    }
+    
+    // Check if expired
+    if (Date.now() > entry.expiration) {
+      this.store.delete(key);
+      return null;
+    }
+    
+    return entry.value;
+  }
+
+  /**
+   * Check if key exists in cache
+   * @param {string} key - Cache key
+   * @returns {boolean} - True if key exists and not expired
+   */
+  has(key) {
+    const entry = this.store.get(key);
+    
+    if (!entry) {
+      return false;
+    }
+    
+    if (Date.now() > entry.expiration) {
+      this.store.delete(key);
+      return false;
+    }
+    
+    return true;
+  }
+
+  /**
+   * Delete a key from cache
+   * @param {string} key - Cache key
+   * @returns {boolean} - True if key was deleted
+   */
+  delete(key) {
+    return this.store.delete(key);
+  }
+
+  /**
+   * Clear all cache entries
+   */
+  clear() {
+    this.store.clear();
+  }
+
+  /**
+   * Get cache size
+   * @returns {number} - Number of entries
+   */
+  size() {
+    return this.store.size;
+  }
+
+  /**
+   * Get all keys
+   * @returns {Array} - Array of cache keys
+   */
+  keys() {
+    return Array.from(this.store.keys());
+  }
+
+  /**
+   * Cleanup expired entries
+   * @private
+   */
+  _cleanup() {
+    const now = Date.now();
+    for (const [key, entry] of this.store.entries()) {
+      if (now > entry.expiration) {
+        this.store.delete(key);
+      }
+    }
+  }
+
+  /**
+   * Evict oldest entry (LRU-like)
+   * @private
+   */
+  _evictOldest() {
+    let oldestKey = null;
+    let oldestExpiration = Infinity;
+    
+    for (const [key, entry] of this.store.entries()) {
+      if (entry.expiration < oldestExpiration) {
+        oldestExpiration = entry.expiration;
+        oldestKey = key;
+      }
+    }
+    
+    if (oldestKey) {
+      this.store.delete(oldestKey);
+    }
+  }
+
+  /**
+   * Destroy cache (cleanup)
+   */
+  destroy() {
+    if (this.intervalId) {
+      clearInterval(this.intervalId);
+    }
+    this.clear();
+  }
+}
+
+module.exports = Cache;
+

package/src/cache/redis-cache.js

@@ -0,0 +1,174 @@
+/**
+ * Redis Cache Adapter
+ * v5: Redis-based caching (requires redis package)
+ */
+
+class RedisCache {
+  constructor(options = {}) {
+    this.client = null;
+    this.defaultTTL = options.defaultTTL || 3600; // 1 hour in seconds
+    this.prefix = options.prefix || 'navis:';
+    this.connected = false;
+    
+    // Try to require redis (optional dependency)
+    try {
+      const redis = require('redis');
+      this.redis = redis;
+    } catch (error) {
+      throw new Error('Redis package not installed. Install with: npm install redis');
+    }
+  }
+
+  /**
+   * Connect to Redis
+   * @param {Object} options - Redis connection options
+   */
+  async connect(options = {}) {
+    if (this.connected && this.client) {
+      return;
+    }
+
+    const {
+      url = process.env.REDIS_URL || 'redis://localhost:6379',
+      socket = {},
+      ...otherOptions
+    } = options;
+
+    this.client = this.redis.createClient({
+      url,
+      socket: {
+        reconnectStrategy: (retries) => {
+          if (retries > 10) {
+            return new Error('Too many reconnection attempts');
+          }
+          return Math.min(retries * 100, 3000);
+        },
+        ...socket,
+      },
+      ...otherOptions,
+    });
+
+    this.client.on('error', (err) => {
+      console.error('Redis Client Error:', err);
+    });
+
+    await this.client.connect();
+    this.connected = true;
+  }
+
+  /**
+   * Disconnect from Redis
+   */
+  async disconnect() {
+    if (this.client && this.connected) {
+      await this.client.quit();
+      this.connected = false;
+    }
+  }
+
+  /**
+   * Set a value in cache
+   * @param {string} key - Cache key
+   * @param {*} value - Value to cache
+   * @param {number} ttl - Time to live in seconds
+   */
+  async set(key, value, ttl = null) {
+    if (!this.connected) {
+      throw new Error('Redis not connected. Call connect() first.');
+    }
+
+    const fullKey = this.prefix + key;
+    const serialized = JSON.stringify(value);
+    const expiration = ttl || this.defaultTTL;
+
+    if (expiration > 0) {
+      await this.client.setEx(fullKey, expiration, serialized);
+    } else {
+      await this.client.set(fullKey, serialized);
+    }
+  }
+
+  /**
+   * Get a value from cache
+   * @param {string} key - Cache key
+   * @returns {*} - Cached value or null
+   */
+  async get(key) {
+    if (!this.connected) {
+      throw new Error('Redis not connected. Call connect() first.');
+    }
+
+    const fullKey = this.prefix + key;
+    const serialized = await this.client.get(fullKey);
+
+    if (!serialized) {
+      return null;
+    }
+
+    try {
+      return JSON.parse(serialized);
+    } catch (error) {
+      return null;
+    }
+  }
+
+  /**
+   * Check if key exists in cache
+   * @param {string} key - Cache key
+   * @returns {boolean} - True if key exists
+   */
+  async has(key) {
+    if (!this.connected) {
+      return false;
+    }
+
+    const fullKey = this.prefix + key;
+    const exists = await this.client.exists(fullKey);
+    return exists === 1;
+  }
+
+  /**
+   * Delete a key from cache
+   * @param {string} key - Cache key
+   * @returns {boolean} - True if key was deleted
+   */
+  async delete(key) {
+    if (!this.connected) {
+      return false;
+    }
+
+    const fullKey = this.prefix + key;
+    const result = await this.client.del(fullKey);
+    return result > 0;
+  }
+
+  /**
+   * Clear all cache entries with prefix
+   */
+  async clear() {
+    if (!this.connected) {
+      return;
+    }
+
+    const keys = await this.client.keys(this.prefix + '*');
+    if (keys.length > 0) {
+      await this.client.del(keys);
+    }
+  }
+
+  /**
+   * Get cache size (approximate)
+   * @returns {number} - Number of keys with prefix
+   */
+  async size() {
+    if (!this.connected) {
+      return 0;
+    }
+
+    const keys = await this.client.keys(this.prefix + '*');
+    return keys.length;
+  }
+}
+
+module.exports = RedisCache;
+

package/src/core/app.js

@@ -238,6 +238,7 @@ class NavisApp {
    * Start HTTP server (Node.js)
    * @param {number} port - Port number
    * @param {Function} callback - Optional callback
+   * @returns {Object} - HTTP server instance
    */
   listen(port = 3000, callback) {
     this.server = http.createServer((req, res) => {
@@ -251,6 +252,14 @@ class NavisApp {
 
     return this.server;
   }
+
+  /**
+   * Get server instance
+   * @returns {Object|null} - HTTP server instance
+   */
+  getServer() {
+    return this.server;
+  }
 }
 
 module.exports = NavisApp;

package/src/core/graceful-shutdown.js

@@ -0,0 +1,77 @@
+/**
+ * Graceful Shutdown Handler
+ * v5: Clean shutdown handling for Node.js servers
+ */
+
+/**
+ * Graceful shutdown handler
+ * @param {Object} server - HTTP server instance
+ * @param {Object} options - Shutdown options
+ */
+function gracefulShutdown(server, options = {}) {
+  const {
+    timeout = 10000, // 10 seconds default
+    onShutdown = async () => {}, // Cleanup function
+    signals = ['SIGTERM', 'SIGINT'],
+    log = console.log,
+  } = options;
+
+  let isShuttingDown = false;
+
+  const shutdown = async (signal) => {
+    if (isShuttingDown) {
+      return;
+    }
+
+    isShuttingDown = true;
+    log(`Received ${signal}, starting graceful shutdown...`);
+
+    // Stop accepting new connections
+    server.close(() => {
+      log('HTTP server closed');
+    });
+
+    // Set timeout for forced shutdown
+    const shutdownTimer = setTimeout(() => {
+      log('Forced shutdown after timeout');
+      process.exit(1);
+    }, timeout);
+
+    try {
+      // Run cleanup
+      await onShutdown();
+      clearTimeout(shutdownTimer);
+      log('Graceful shutdown completed');
+      process.exit(0);
+    } catch (error) {
+      clearTimeout(shutdownTimer);
+      log('Error during shutdown:', error);
+      process.exit(1);
+    }
+  };
+
+  // Register signal handlers
+  for (const signal of signals) {
+    process.on(signal, () => shutdown(signal));
+  }
+
+  // Handle uncaught exceptions
+  process.on('uncaughtException', async (error) => {
+    log('Uncaught exception:', error);
+    await shutdown('uncaughtException');
+  });
+
+  // Handle unhandled promise rejections
+  process.on('unhandledRejection', async (reason, promise) => {
+    log('Unhandled rejection:', reason);
+    await shutdown('unhandledRejection');
+  });
+
+  return {
+    shutdown: () => shutdown('manual'),
+    isShuttingDown: () => isShuttingDown,
+  };
+}
+
+module.exports = gracefulShutdown;
+

package/src/health/health-checker.js

@@ -0,0 +1,120 @@
+/**
+ * Health Check Middleware
+ * v5: Liveness and readiness probes
+ */
+
+class HealthChecker {
+  constructor(options = {}) {
+    this.checks = options.checks || {};
+    this.livenessPath = options.livenessPath || '/health/live';
+    this.readinessPath = options.readinessPath || '/health/ready';
+    this.enabled = options.enabled !== false;
+  }
+
+  /**
+   * Add a health check
+   * @param {string} name - Check name
+   * @param {Function} checkFn - Async function that returns true/false or throws
+   */
+  addCheck(name, checkFn) {
+    this.checks[name] = checkFn;
+  }
+
+  /**
+   * Remove a health check
+   * @param {string} name - Check name
+   */
+  removeCheck(name) {
+    delete this.checks[name];
+  }
+
+  /**
+   * Run all checks
+   * @param {boolean} includeReadiness - Include readiness checks
+   * @returns {Promise<Object>} - Health status
+   */
+  async runChecks(includeReadiness = true) {
+    const results = {};
+    let allHealthy = true;
+
+    for (const [name, checkFn] of Object.entries(this.checks)) {
+      try {
+        const result = await checkFn();
+        results[name] = {
+          status: result === false ? 'unhealthy' : 'healthy',
+          timestamp: new Date().toISOString(),
+        };
+        
+        if (result === false) {
+          allHealthy = false;
+        }
+      } catch (error) {
+        results[name] = {
+          status: 'unhealthy',
+          error: error.message,
+          timestamp: new Date().toISOString(),
+        };
+        allHealthy = false;
+      }
+    }
+
+    return {
+      status: allHealthy ? 'healthy' : 'unhealthy',
+      checks: results,
+      timestamp: new Date().toISOString(),
+    };
+  }
+
+  /**
+   * Create health check middleware
+   * @returns {Function} - Middleware function
+   */
+  middleware() {
+    return async (req, res, next) => {
+      if (!this.enabled) {
+        return next();
+      }
+
+      const path = req.path || req.url;
+
+      // Liveness probe (always returns 200 if service is running)
+      if (path === this.livenessPath) {
+        res.statusCode = 200;
+        res.headers = res.headers || {};
+        res.headers['Content-Type'] = 'application/json';
+        res.body = {
+          status: 'alive',
+          timestamp: new Date().toISOString(),
+        };
+        return;
+      }
+
+      // Readiness probe (checks all health checks)
+      if (path === this.readinessPath) {
+        const healthStatus = await this.runChecks(true);
+        res.statusCode = healthStatus.status === 'healthy' ? 200 : 503;
+        res.headers = res.headers || {};
+        res.headers['Content-Type'] = 'application/json';
+        res.body = healthStatus;
+        return;
+      }
+
+      next();
+    };
+  }
+}
+
+/**
+ * Create health checker
+ * @param {Object} options - Health checker options
+ * @returns {HealthChecker} - Health checker instance
+ */
+function createHealthChecker(options = {}) {
+  return new HealthChecker(options);
+}
+
+module.exports = {
+  HealthChecker,
+  createHealthChecker,
+};
+

package/src/index.js

@@ -47,6 +47,16 @@ const {
   notFoundHandler,
 } = require('./errors/error-handler');
 
+// v5: Enterprise Features
+const Cache = require('./cache/cache');
+const RedisCache = require('./cache/redis-cache');
+const cache = require('./middleware/cache-middleware');
+const cors = require('./middleware/cors');
+const security = require('./middleware/security');
+const compress = require('./middleware/compression');
+const { HealthChecker, createHealthChecker } = require('./health/health-checker');
+const gracefulShutdown = require('./core/graceful-shutdown');
+
 module.exports = {
   // Core
   NavisApp,
@@ -100,6 +110,17 @@ module.exports = {
   asyncHandler,
   notFoundHandler,
   
+  // v5: Enterprise Features
+  Cache,
+  RedisCache,
+  cache,
+  cors,
+  security,
+  compress,
+  HealthChecker,
+  createHealthChecker,
+  gracefulShutdown,
+  
   // Utilities
   response: {
     success,

package/src/middleware/cache-middleware.js

@@ -0,0 +1,105 @@
+/**
+ * Cache Middleware
+ * v5: Response caching middleware
+ */
+
+const crypto = require('crypto');
+
+/**
+ * Create cache middleware
+ * @param {Object} options - Cache options
+ * @returns {Function} - Middleware function
+ */
+function cache(options = {}) {
+  const {
+    ttl = 3600, // 1 hour in seconds
+    keyGenerator = (req) => {
+      // Default: method + path + query string
+      const queryStr = JSON.stringify(req.query || {});
+      return `${req.method}:${req.path}:${queryStr}`;
+    },
+    cacheStore = null, // Must be provided
+    skipCache = (req, res) => {
+      // Skip cache for non-GET requests or if status >= 400
+      return req.method !== 'GET' || (res.statusCode && res.statusCode >= 400);
+    },
+    vary = [], // Vary headers
+  } = options;
+
+  if (!cacheStore) {
+    throw new Error('cacheStore is required');
+  }
+
+  return async (req, res, next) => {
+    // Generate cache key
+    const cacheKey = keyGenerator(req);
+    
+    // Check if should skip cache
+    if (skipCache(req, res)) {
+      return next();
+    }
+
+    // Try to get from cache
+    try {
+      const cached = await (cacheStore.get ? cacheStore.get(cacheKey) : cacheStore.get(cacheKey));
+      
+      if (cached) {
+        // Set cache headers
+        res.headers = res.headers || {};
+        res.headers['X-Cache'] = 'HIT';
+        res.headers['Cache-Control'] = `public, max-age=${ttl}`;
+        
+        // Set Vary headers
+        if (vary.length > 0) {
+          res.headers['Vary'] = vary.join(', ');
+        }
+
+        // Return cached response
+        res.statusCode = cached.statusCode || 200;
+        res.body = cached.body;
+        return;
+      }
+    } catch (error) {
+      // Cache error - continue without cache
+      console.error('Cache get error:', error);
+    }
+
+    // Cache miss - continue to handler
+    res.headers = res.headers || {};
+    res.headers['X-Cache'] = 'MISS';
+
+    // Store original end/finish to capture response
+    const originalBody = res.body;
+    const originalStatusCode = res.statusCode;
+
+    // Wrap response to cache it
+    const originalFinish = res.finish || (() => {});
+    res.finish = async function(...args) {
+      // Only cache successful GET requests
+      if (req.method === 'GET' && res.statusCode < 400) {
+        try {
+          const cacheValue = {
+            statusCode: res.statusCode,
+            body: res.body,
+            headers: res.headers,
+          };
+
+          if (cacheStore.set) {
+            await cacheStore.set(cacheKey, cacheValue, ttl * 1000);
+          } else {
+            cacheStore.set(cacheKey, cacheValue, ttl * 1000);
+          }
+        } catch (error) {
+          console.error('Cache set error:', error);
+        }
+      }
+
+      return originalFinish.apply(this, args);
+    };
+
+    next();
+  };
+}
+
+module.exports = cache;
+

package/src/middleware/compression.js

@@ -0,0 +1,97 @@
+/**
+ * Response Compression Middleware
+ * v5: Gzip and Brotli compression support
+ */
+
+const zlib = require('zlib');
+
+/**
+ * Compression middleware
+ * @param {Object} options - Compression options
+ * @returns {Function} - Middleware function
+ */
+function compress(options = {}) {
+  const {
+    level = 6, // Compression level (1-9)
+    threshold = 1024, // Minimum size to compress (bytes)
+    algorithm = 'gzip', // 'gzip' or 'brotli'
+    filter = (req, res) => {
+      // Default: compress JSON and text responses
+      const contentType = res.headers?.['content-type'] || '';
+      return contentType.includes('application/json') ||
+             contentType.includes('text/') ||
+             contentType.includes('application/javascript');
+    },
+  } = options;
+
+  return async (req, res, next) => {
+    // Store original body setter
+    const originalBody = res.body;
+    const originalEnd = res.end || (() => {});
+
+    // Wrap response to compress before sending
+    res.end = function(...args) {
+      // Check if should compress
+      if (!filter(req, res)) {
+        return originalEnd.apply(this, args);
+      }
+
+      // Get response body
+      let body = res.body;
+      if (typeof body === 'object') {
+        body = JSON.stringify(body);
+      } else if (typeof body !== 'string') {
+        body = String(body);
+      }
+
+      // Check threshold
+      if (Buffer.byteLength(body, 'utf8') < threshold) {
+        return originalEnd.apply(this, args);
+      }
+
+      // Check if client supports compression
+      const acceptEncoding = req.headers['accept-encoding'] || req.headers['Accept-Encoding'] || '';
+      const supportsGzip = acceptEncoding.includes('gzip');
+      const supportsBrotli = acceptEncoding.includes('br');
+
+      // Choose compression algorithm
+      let compressed;
+      let encoding;
+
+      if (algorithm === 'brotli' && supportsBrotli) {
+        try {
+          compressed = zlib.brotliCompressSync(body, { params: { [zlib.constants.BROTLI_PARAM_QUALITY]: level } });
+          encoding = 'br';
+        } catch (error) {
+          // Fallback to gzip if brotli fails
+          compressed = zlib.gzipSync(body, { level });
+          encoding = 'gzip';
+        }
+      } else if (supportsGzip) {
+        compressed = zlib.gzipSync(body, { level });
+        encoding = 'gzip';
+      } else {
+        // No compression support
+        return originalEnd.apply(this, args);
+      }
+
+      // Set compression headers
+      res.headers = res.headers || {};
+      res.headers['Content-Encoding'] = encoding;
+      res.headers['Vary'] = 'Accept-Encoding';
+      
+      // Update content length
+      res.headers['Content-Length'] = compressed.length.toString();
+
+      // Update body with compressed data
+      res.body = compressed;
+
+      return originalEnd.apply(this, args);
+    };
+
+    next();
+  };
+}
+
+module.exports = compress;
+

package/src/middleware/cors.js

@@ -0,0 +1,86 @@
+/**
+ * CORS Middleware
+ * v5: Cross-Origin Resource Sharing support
+ */
+
+/**
+ * CORS middleware
+ * @param {Object} options - CORS options
+ * @returns {Function} - Middleware function
+ */
+function cors(options = {}) {
+  const {
+    origin = '*',
+    methods = ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
+    allowedHeaders = ['Content-Type', 'Authorization', 'X-Requested-With'],
+    exposedHeaders = [],
+    credentials = false,
+    maxAge = 86400, // 24 hours
+    preflightContinue = false,
+  } = options;
+
+  // Normalize origin
+  const allowedOrigins = Array.isArray(origin) ? origin : [origin];
+  const isWildcard = allowedOrigins.includes('*');
+
+  return async (req, res, next) => {
+    const requestOrigin = req.headers.origin || req.headers.Origin;
+
+    // Determine allowed origin
+    let allowedOrigin = null;
+    if (isWildcard) {
+      allowedOrigin = '*';
+    } else if (requestOrigin && allowedOrigins.includes(requestOrigin)) {
+      allowedOrigin = requestOrigin;
+    } else if (allowedOrigins.length === 1 && allowedOrigins[0] !== '*') {
+      allowedOrigin = allowedOrigins[0];
+    }
+
+    // Handle preflight requests
+    if (req.method === 'OPTIONS') {
+      res.headers = res.headers || {};
+      
+      if (allowedOrigin) {
+        res.headers['Access-Control-Allow-Origin'] = allowedOrigin;
+      }
+      
+      res.headers['Access-Control-Allow-Methods'] = methods.join(', ');
+      res.headers['Access-Control-Allow-Headers'] = allowedHeaders.join(', ');
+      res.headers['Access-Control-Max-Age'] = maxAge.toString();
+
+      if (credentials) {
+        res.headers['Access-Control-Allow-Credentials'] = 'true';
+      }
+
+      if (exposedHeaders.length > 0) {
+        res.headers['Access-Control-Expose-Headers'] = exposedHeaders.join(', ');
+      }
+
+      if (!preflightContinue) {
+        res.statusCode = 204;
+        res.body = null;
+        return;
+      }
+    }
+
+    // Set CORS headers for all responses
+    res.headers = res.headers || {};
+    
+    if (allowedOrigin) {
+      res.headers['Access-Control-Allow-Origin'] = allowedOrigin;
+    }
+
+    if (credentials && allowedOrigin && allowedOrigin !== '*') {
+      res.headers['Access-Control-Allow-Credentials'] = 'true';
+    }
+
+    if (exposedHeaders.length > 0) {
+      res.headers['Access-Control-Expose-Headers'] = exposedHeaders.join(', ');
+    }
+
+    next();
+  };
+}
+
+module.exports = cors;
+

package/src/middleware/security.js

@@ -0,0 +1,107 @@
+/**
+ * Security Headers Middleware
+ * v5: Security headers for protection against common attacks
+ */
+
+/**
+ * Security headers middleware
+ * @param {Object} options - Security options
+ * @returns {Function} - Middleware function
+ */
+function security(options = {}) {
+  const {
+    helmet = true,
+    hsts = true,
+    hstsMaxAge = 31536000, // 1 year
+    hstsIncludeSubDomains = true,
+    hstsPreload = false,
+    noSniff = true,
+    xssFilter = true,
+    frameOptions = 'DENY', // DENY, SAMEORIGIN, or false
+    contentSecurityPolicy = false,
+    cspDirectives = {},
+    referrerPolicy = 'no-referrer',
+    permissionsPolicy = {},
+  } = options;
+
+  return async (req, res, next) => {
+    res.headers = res.headers || {};
+
+    // X-Content-Type-Options
+    if (noSniff) {
+      res.headers['X-Content-Type-Options'] = 'nosniff';
+    }
+
+    // X-XSS-Protection
+    if (xssFilter) {
+      res.headers['X-XSS-Protection'] = '1; mode=block';
+    }
+
+    // X-Frame-Options
+    if (frameOptions) {
+      res.headers['X-Frame-Options'] = frameOptions;
+    }
+
+    // Strict-Transport-Security (HSTS)
+    if (hsts && req.headers['x-forwarded-proto'] === 'https') {
+      let hstsValue = `max-age=${hstsMaxAge}`;
+      if (hstsIncludeSubDomains) {
+        hstsValue += '; includeSubDomains';
+      }
+      if (hstsPreload) {
+        hstsValue += '; preload';
+      }
+      res.headers['Strict-Transport-Security'] = hstsValue;
+    }
+
+    // Content-Security-Policy
+    if (contentSecurityPolicy) {
+      const directives = {
+        'default-src': ["'self'"],
+        'script-src': ["'self'"],
+        'style-src': ["'self'", "'unsafe-inline'"],
+        'img-src': ["'self'", 'data:', 'https:'],
+        'font-src': ["'self'"],
+        'connect-src': ["'self'"],
+        ...cspDirectives,
+      };
+
+      const cspValue = Object.entries(directives)
+        .map(([key, values]) => {
+          const valuesStr = Array.isArray(values) ? values.join(' ') : values;
+          return `${key} ${valuesStr}`;
+        })
+        .join('; ');
+
+      res.headers['Content-Security-Policy'] = cspValue;
+    }
+
+    // Referrer-Policy
+    if (referrerPolicy) {
+      res.headers['Referrer-Policy'] = referrerPolicy;
+    }
+
+    // Permissions-Policy (formerly Feature-Policy)
+    if (Object.keys(permissionsPolicy).length > 0) {
+      const policyValue = Object.entries(permissionsPolicy)
+        .map(([feature, allowlist]) => {
+          const allowlistStr = Array.isArray(allowlist) ? allowlist.join(', ') : allowlist;
+          return `${feature}=${allowlistStr}`;
+        })
+        .join(', ');
+
+      res.headers['Permissions-Policy'] = policyValue;
+    }
+
+    // X-Powered-By removal (security through obscurity)
+    if (helmet) {
+      // Remove X-Powered-By if present
+      delete res.headers['X-Powered-By'];
+    }
+
+    next();
+  };
+}
+
+module.exports = security;
+