npm - navis.js - Versions diffs - 4.0.0 → 5.2.0 - Mend

navis.js 4.0.0 → 5.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/README.md +37 -2
package/examples/v5-features-demo.js +167 -0
package/examples/v5.1-features-demo.js +192 -0
package/examples/v5.2-features-demo.js +153 -0
package/package.json +1 -1
package/src/cache/cache.js +157 -0
package/src/cache/redis-cache.js +174 -0
package/src/core/app.js +9 -0
package/src/core/graceful-shutdown.js +77 -0
package/src/core/versioning.js +124 -0
package/src/db/db-pool.js +195 -0
package/src/docs/swagger.js +188 -0
package/src/health/health-checker.js +120 -0
package/src/index.js +51 -0
package/src/middleware/cache-middleware.js +105 -0
package/src/middleware/compression.js +97 -0
package/src/middleware/cors.js +86 -0
package/src/middleware/security.js +107 -0
package/src/middleware/upload.js +151 -0
package/src/sse/server-sent-events.js +171 -0
package/src/testing/test-helper.js +167 -0
package/src/websocket/websocket-server.js +301 -0

package/src/middleware/compression.js ADDED Viewed

@@ -0,0 +1,97 @@
+/**
+ * Response Compression Middleware
+ * v5: Gzip and Brotli compression support
+ */
+const zlib = require('zlib');
+/**
+ * Compression middleware
+ * @param {Object} options - Compression options
+ * @returns {Function} - Middleware function
+ */
+function compress(options = {}) {
+  const {
+    level = 6, // Compression level (1-9)
+    threshold = 1024, // Minimum size to compress (bytes)
+    algorithm = 'gzip', // 'gzip' or 'brotli'
+    filter = (req, res) => {
+      // Default: compress JSON and text responses
+      const contentType = res.headers?.['content-type'] || '';
+      return contentType.includes('application/json') ||
+             contentType.includes('text/') ||
+             contentType.includes('application/javascript');
+    },
+  } = options;
+  return async (req, res, next) => {
+    // Store original body setter
+    const originalBody = res.body;
+    const originalEnd = res.end || (() => {});
+    // Wrap response to compress before sending
+    res.end = function(...args) {
+      // Check if should compress
+      if (!filter(req, res)) {
+        return originalEnd.apply(this, args);
+      }
+      // Get response body
+      let body = res.body;
+      if (typeof body === 'object') {
+        body = JSON.stringify(body);
+      } else if (typeof body !== 'string') {
+        body = String(body);
+      }
+      // Check threshold
+      if (Buffer.byteLength(body, 'utf8') < threshold) {
+        return originalEnd.apply(this, args);
+      }
+      // Check if client supports compression
+      const acceptEncoding = req.headers['accept-encoding'] || req.headers['Accept-Encoding'] || '';
+      const supportsGzip = acceptEncoding.includes('gzip');
+      const supportsBrotli = acceptEncoding.includes('br');
+      // Choose compression algorithm
+      let compressed;
+      let encoding;
+      if (algorithm === 'brotli' && supportsBrotli) {
+        try {
+          compressed = zlib.brotliCompressSync(body, { params: { [zlib.constants.BROTLI_PARAM_QUALITY]: level } });
+          encoding = 'br';
+        } catch (error) {
+          // Fallback to gzip if brotli fails
+          compressed = zlib.gzipSync(body, { level });
+          encoding = 'gzip';
+        }
+      } else if (supportsGzip) {
+        compressed = zlib.gzipSync(body, { level });
+        encoding = 'gzip';
+      } else {
+        // No compression support
+        return originalEnd.apply(this, args);
+      }
+      // Set compression headers
+      res.headers = res.headers || {};
+      res.headers['Content-Encoding'] = encoding;
+      res.headers['Vary'] = 'Accept-Encoding';
+      // Update content length
+      res.headers['Content-Length'] = compressed.length.toString();
+      // Update body with compressed data
+      res.body = compressed;
+      return originalEnd.apply(this, args);
+    };
+    next();
+  };
+}
+module.exports = compress;

package/src/middleware/cors.js ADDED Viewed

@@ -0,0 +1,86 @@
+/**
+ * CORS Middleware
+ * v5: Cross-Origin Resource Sharing support
+ */
+/**
+ * CORS middleware
+ * @param {Object} options - CORS options
+ * @returns {Function} - Middleware function
+ */
+function cors(options = {}) {
+  const {
+    origin = '*',
+    methods = ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS'],
+    allowedHeaders = ['Content-Type', 'Authorization', 'X-Requested-With'],
+    exposedHeaders = [],
+    credentials = false,
+    maxAge = 86400, // 24 hours
+    preflightContinue = false,
+  } = options;
+  // Normalize origin
+  const allowedOrigins = Array.isArray(origin) ? origin : [origin];
+  const isWildcard = allowedOrigins.includes('*');
+  return async (req, res, next) => {
+    const requestOrigin = req.headers.origin || req.headers.Origin;
+    // Determine allowed origin
+    let allowedOrigin = null;
+    if (isWildcard) {
+      allowedOrigin = '*';
+    } else if (requestOrigin && allowedOrigins.includes(requestOrigin)) {
+      allowedOrigin = requestOrigin;
+    } else if (allowedOrigins.length === 1 && allowedOrigins[0] !== '*') {
+      allowedOrigin = allowedOrigins[0];
+    }
+    // Handle preflight requests
+    if (req.method === 'OPTIONS') {
+      res.headers = res.headers || {};
+      if (allowedOrigin) {
+        res.headers['Access-Control-Allow-Origin'] = allowedOrigin;
+      }
+      res.headers['Access-Control-Allow-Methods'] = methods.join(', ');
+      res.headers['Access-Control-Allow-Headers'] = allowedHeaders.join(', ');
+      res.headers['Access-Control-Max-Age'] = maxAge.toString();
+      if (credentials) {
+        res.headers['Access-Control-Allow-Credentials'] = 'true';
+      }
+      if (exposedHeaders.length > 0) {
+        res.headers['Access-Control-Expose-Headers'] = exposedHeaders.join(', ');
+      }
+      if (!preflightContinue) {
+        res.statusCode = 204;
+        res.body = null;
+        return;
+      }
+    }
+    // Set CORS headers for all responses
+    res.headers = res.headers || {};
+    if (allowedOrigin) {
+      res.headers['Access-Control-Allow-Origin'] = allowedOrigin;
+    }
+    if (credentials && allowedOrigin && allowedOrigin !== '*') {
+      res.headers['Access-Control-Allow-Credentials'] = 'true';
+    }
+    if (exposedHeaders.length > 0) {
+      res.headers['Access-Control-Expose-Headers'] = exposedHeaders.join(', ');
+    }
+    next();
+  };
+}
+module.exports = cors;

package/src/middleware/security.js ADDED Viewed

@@ -0,0 +1,107 @@
+/**
+ * Security Headers Middleware
+ * v5: Security headers for protection against common attacks
+ */
+/**
+ * Security headers middleware
+ * @param {Object} options - Security options
+ * @returns {Function} - Middleware function
+ */
+function security(options = {}) {
+  const {
+    helmet = true,
+    hsts = true,
+    hstsMaxAge = 31536000, // 1 year
+    hstsIncludeSubDomains = true,
+    hstsPreload = false,
+    noSniff = true,
+    xssFilter = true,
+    frameOptions = 'DENY', // DENY, SAMEORIGIN, or false
+    contentSecurityPolicy = false,
+    cspDirectives = {},
+    referrerPolicy = 'no-referrer',
+    permissionsPolicy = {},
+  } = options;
+  return async (req, res, next) => {
+    res.headers = res.headers || {};
+    // X-Content-Type-Options
+    if (noSniff) {
+      res.headers['X-Content-Type-Options'] = 'nosniff';
+    }
+    // X-XSS-Protection
+    if (xssFilter) {
+      res.headers['X-XSS-Protection'] = '1; mode=block';
+    }
+    // X-Frame-Options
+    if (frameOptions) {
+      res.headers['X-Frame-Options'] = frameOptions;
+    }
+    // Strict-Transport-Security (HSTS)
+    if (hsts && req.headers['x-forwarded-proto'] === 'https') {
+      let hstsValue = `max-age=${hstsMaxAge}`;
+      if (hstsIncludeSubDomains) {
+        hstsValue += '; includeSubDomains';
+      }
+      if (hstsPreload) {
+        hstsValue += '; preload';
+      }
+      res.headers['Strict-Transport-Security'] = hstsValue;
+    }
+    // Content-Security-Policy
+    if (contentSecurityPolicy) {
+      const directives = {
+        'default-src': ["'self'"],
+        'script-src': ["'self'"],
+        'style-src': ["'self'", "'unsafe-inline'"],
+        'img-src': ["'self'", 'data:', 'https:'],
+        'font-src': ["'self'"],
+        'connect-src': ["'self'"],
+        ...cspDirectives,
+      };
+      const cspValue = Object.entries(directives)
+        .map(([key, values]) => {
+          const valuesStr = Array.isArray(values) ? values.join(' ') : values;
+          return `${key} ${valuesStr}`;
+        })
+        .join('; ');
+      res.headers['Content-Security-Policy'] = cspValue;
+    }
+    // Referrer-Policy
+    if (referrerPolicy) {
+      res.headers['Referrer-Policy'] = referrerPolicy;
+    }
+    // Permissions-Policy (formerly Feature-Policy)
+    if (Object.keys(permissionsPolicy).length > 0) {
+      const policyValue = Object.entries(permissionsPolicy)
+        .map(([feature, allowlist]) => {
+          const allowlistStr = Array.isArray(allowlist) ? allowlist.join(', ') : allowlist;
+          return `${feature}=${allowlistStr}`;
+        })
+        .join(', ');
+      res.headers['Permissions-Policy'] = policyValue;
+    }
+    // X-Powered-By removal (security through obscurity)
+    if (helmet) {
+      // Remove X-Powered-By if present
+      delete res.headers['X-Powered-By'];
+    }
+    next();
+  };
+}
+module.exports = security;

package/src/middleware/upload.js ADDED Viewed

@@ -0,0 +1,151 @@
+/**
+ * File Upload Middleware
+ * v5.1: Multipart form data and file upload handling
+ */
+const fs = require('fs');
+const path = require('path');
+const crypto = require('crypto');
+/**
+ * File upload middleware
+ * @param {Object} options - Upload options
+ * @returns {Function} - Middleware function
+ */
+function upload(options = {}) {
+  const {
+    dest = '/tmp/uploads',
+    limits = {
+      fileSize: 5 * 1024 * 1024, // 5MB default
+      files: 10, // Max 10 files
+    },
+    fileFilter = null, // Function to filter files
+    preserveExtension = true,
+    generateFilename = (file) => {
+      // Generate unique filename
+      const ext = preserveExtension ? path.extname(file.originalName || '') : '';
+      return `${crypto.randomBytes(16).toString('hex')}${ext}`;
+    },
+  } = options;
+  // Ensure destination directory exists
+  if (!fs.existsSync(dest)) {
+    fs.mkdirSync(dest, { recursive: true });
+  }
+  return async (req, res, next) => {
+    // Check content type
+    const contentType = req.headers['content-type'] || req.headers['Content-Type'] || '';
+    if (!contentType.includes('multipart/form-data')) {
+      return next();
+    }
+    // Parse multipart form data (simplified implementation)
+    // In production, use a library like busboy or multer
+    try {
+      req.files = [];
+      req.body = req.body || {};
+      // For Lambda, body is already parsed
+      if (req.event && req.event.isBase64Encoded) {
+        // Handle base64 encoded body
+        const body = Buffer.from(req.event.body, 'base64').toString();
+        // Parse multipart data (simplified)
+        // In production, use proper multipart parser
+      }
+      // For Node.js HTTP, parse from request stream
+      if (req.on && typeof req.on === 'function') {
+        await parseMultipart(req, dest, limits, fileFilter, generateFilename, (files, fields) => {
+          req.files = files;
+          req.body = { ...req.body, ...fields };
+        });
+      }
+      next();
+    } catch (error) {
+      res.statusCode = 400;
+      res.body = { error: error.message || 'File upload failed' };
+    }
+  };
+}
+/**
+ * Parse multipart form data (simplified)
+ * @private
+ */
+function parseMultipart(req, dest, limits, fileFilter, generateFilename, callback) {
+  return new Promise((resolve, reject) => {
+    const files = [];
+    const fields = {};
+    let totalSize = 0;
+    let fileCount = 0;
+    // Simplified multipart parser
+    // In production, use busboy or multer
+    let buffer = '';
+    req.on('data', (chunk) => {
+      buffer += chunk.toString();
+      totalSize += chunk.length;
+      if (totalSize > limits.fileSize) {
+        reject(new Error('File size exceeds limit'));
+        return;
+      }
+    });
+    req.on('end', () => {
+      // Basic multipart parsing (simplified)
+      // This is a placeholder - in production use proper parser
+      try {
+        callback(files, fields);
+        resolve();
+      } catch (error) {
+        reject(error);
+      }
+    });
+    req.on('error', reject);
+  });
+}
+/**
+ * Save uploaded file
+ * @param {Object} file - File object
+ * @param {string} dest - Destination directory
+ * @param {Function} generateFilename - Filename generator
+ * @returns {Promise<string>} - File path
+ */
+async function saveFile(file, dest, generateFilename) {
+  const filename = generateFilename(file);
+  const filepath = path.join(dest, filename);
+  // Ensure directory exists
+  const dir = path.dirname(filepath);
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true });
+  }
+  // Write file
+  if (file.buffer) {
+    fs.writeFileSync(filepath, file.buffer);
+  } else if (file.stream) {
+    // Handle stream
+    const writeStream = fs.createWriteStream(filepath);
+    file.stream.pipe(writeStream);
+    await new Promise((resolve, reject) => {
+      writeStream.on('finish', resolve);
+      writeStream.on('error', reject);
+    });
+  }
+  return filepath;
+}
+module.exports = {
+  upload,
+  saveFile,
+};

package/src/sse/server-sent-events.js ADDED Viewed

@@ -0,0 +1,171 @@
+/**
+ * Server-Sent Events (SSE) Support
+ * v5.2: Real-time event streaming to clients
+ */
+class SSEServer {
+  constructor() {
+    this.clients = new Map();
+  }
+  /**
+   * SSE middleware
+   * @returns {Function} - Middleware function
+   */
+  middleware() {
+    return async (req, res, next) => {
+      // Check if this is an SSE request
+      const accept = req.headers.accept || req.headers.Accept || '';
+      if (accept.includes('text/event-stream')) {
+        // Set SSE headers
+        res.headers = res.headers || {};
+        res.headers['Content-Type'] = 'text/event-stream';
+        res.headers['Cache-Control'] = 'no-cache';
+        res.headers['Connection'] = 'keep-alive';
+        res.headers['X-Accel-Buffering'] = 'no'; // Disable nginx buffering
+        // Create SSE client
+        const clientId = this._generateId();
+        const client = {
+          id: clientId,
+          req,
+          res,
+          send: (data, event = null, id = null) => this._send(client, data, event, id),
+          close: () => this._close(client),
+        };
+        this.clients.set(clientId, client);
+        // Send initial connection message
+        this._send(client, { type: 'connected', clientId }, 'connection', clientId);
+        // Handle client disconnect
+        req.on('close', () => {
+          this._close(client);
+        });
+        // Attach SSE methods to response
+        res.sse = {
+          send: (data, event, id) => client.send(data, event, id),
+          close: () => client.close(),
+        };
+        // Don't call next() - SSE keeps connection open
+        return;
+      }
+      next();
+    };
+  }
+  /**
+   * Send SSE message
+   * @private
+   */
+  _send(client, data, event = null, id = null) {
+    if (!client.res || client.res.destroyed) {
+      return false;
+    }
+    let message = '';
+    // Event ID
+    if (id !== null) {
+      message += `id: ${id}\n`;
+    }
+    // Event type
+    if (event) {
+      message += `event: ${event}\n`;
+    }
+    // Data
+    const dataStr = typeof data === 'string' ? data : JSON.stringify(data);
+    message += `data: ${dataStr}\n\n`;
+    try {
+      // For Node.js HTTP response
+      if (client.res.write) {
+        client.res.write(message);
+      } else {
+        // For Lambda, accumulate messages
+        if (!client.res.sseMessages) {
+          client.res.sseMessages = [];
+        }
+        client.res.sseMessages.push(message);
+      }
+      return true;
+    } catch (error) {
+      console.error('SSE send error:', error);
+      return false;
+    }
+  }
+  /**
+   * Close SSE connection
+   * @private
+   */
+  _close(client) {
+    this.clients.delete(client.id);
+    if (client.res && client.res.end) {
+      try {
+        client.res.end();
+      } catch (error) {
+        // Ignore
+      }
+    }
+  }
+  /**
+   * Broadcast to all clients
+   * @param {*} data - Message data
+   * @param {string} event - Event type
+   */
+  broadcast(data, event = null) {
+    for (const client of this.clients.values()) {
+      this._send(client, data, event);
+    }
+  }
+  /**
+   * Get all connected clients
+   * @returns {Array} - Array of client objects
+   */
+  getClients() {
+    return Array.from(this.clients.values());
+  }
+  /**
+   * Generate unique client ID
+   * @private
+   */
+  _generateId() {
+    return `${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
+  }
+}
+/**
+ * Create SSE server
+ * @returns {SSEServer} - SSE server instance
+ */
+function createSSEServer() {
+  return new SSEServer();
+}
+/**
+ * SSE middleware helper
+ * @returns {Function} - Middleware function
+ */
+function sse() {
+  const sseServer = createSSEServer();
+  return sseServer.middleware();
+}
+module.exports = {
+  SSEServer,
+  createSSEServer,
+  sse,
+};