odac 1.0.0 → 1.1.0

package/src/Route.js

@@ -74,7 +74,7 @@ class Route {
     post: (path, authFile, file) => this.authPost(path, authFile, file),
     get: (path, authFile, file) => this.authGet(path, authFile, file),
     ws: (path, handler, options) => this.authWs(path, handler, options),
-    use: (...middlewares) => new MiddlewareChain(this, [...middlewares.flat()])
+    use: (...middlewares) => new MiddlewareChain(this, [...middlewares.flat()], true)
   }
 
   async #runMiddlewares(Odac, middlewares) {
@@ -90,8 +90,13 @@ class Route {
 
       const result = await middleware(Odac)
 
+      if (Odac.Request.res.finished) {
+        return false
+      }
+
       if (result === false) {
-        return Odac.Request.abort(403)
+        await Odac.Request.abort(403)
+        return false
       }
 
       if (result !== undefined && result !== true) {
@@ -101,15 +106,15 @@ class Route {
   }
 
   async #executeController(Odac, controller) {
-    const middlewareResult = await this.#runMiddlewares(Odac, controller.middlewares)
-    if (middlewareResult !== undefined) return middlewareResult
-
     if (controller.params) {
       for (let key in controller.params) {
         Odac.Request.data.url[key] = controller.params[key]
       }
     }
 
+    const middlewareResult = await this.#runMiddlewares(Odac, controller.middlewares)
+    if (middlewareResult !== undefined) return middlewareResult
+
     if (typeof controller.cache === 'function') {
       return controller.cache(Odac)
     }
@@ -153,7 +158,6 @@ class Route {
       Odac.Request.clientSkeleton = Odac.Request.header('X-Odac-Skeleton')
     }
     if (Odac.Config && Odac.Config.route && Odac.Config.route[url]) {
-      Odac.Config.route[url] = Odac.Config.route[url].replace('${odac}', `${__dir}/node_modules/odac`)
       if (fs.existsSync(Odac.Config.route[url])) {
         let stat = fs.lstatSync(Odac.Config.route[url])
         if (stat.isFile()) {
@@ -174,6 +178,10 @@ class Route {
       if (controller) {
         if (!method.startsWith('#') || (await Odac.Auth.check())) {
           Odac.Request.header('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0')
+          Odac.Request.setSession()
+          const page = controller.cache?.file || controller.file
+          if (typeof page === 'string') Odac.Request.page = page
+
           if (
             ['post', 'get'].includes(Odac.Request.method) &&
             controller.token &&
@@ -187,12 +195,16 @@ class Route {
     }
     let authPageController = this.#controller(Odac.Request.route, '#page', url)
     if (authPageController && (await Odac.Auth.check())) {
-      Odac.Request.page = authPageController.cache?.file || authPageController.file
+      Odac.Request.setSession()
+      const page = authPageController.cache?.file || authPageController.file
+      if (typeof page === 'string') Odac.Request.page = page
       return await this.#executeController(Odac, authPageController)
     }
     let pageController = this.#controller(Odac.Request.route, 'page', url)
     if (pageController) {
-      Odac.Request.page = pageController.cache?.file || pageController.file
+      Odac.Request.setSession()
+      const page = pageController.cache?.file || pageController.file
+      if (typeof page === 'string') Odac.Request.page = page
       return await this.#executeController(Odac, pageController)
     }
     if (url && !url.includes('/../') && fs.existsSync(`${__dir}/public${url}`)) {
@@ -206,9 +218,10 @@ class Route {
         Odac.Request.header('Content-Type', type)
         Odac.Request.header('Cache-Control', 'public, max-age=31536000')
         Odac.Request.header('Content-Length', stat.size)
-        return fs.readFileSync(`${__dir}/public${url}`)
+        return fs.createReadStream(`${__dir}/public${url}`)
       }
     }
+
     return Odac.Request.abort(404)
   }
 
@@ -237,7 +250,8 @@ class Route {
           params: params,
           cache: this.routes[route][method][key].cache,
           token: this.routes[route][method][key].token,
-          middlewares: this.routes[route][method][key].middlewares
+          middlewares: this.routes[route][method][key].middlewares,
+          file: this.routes[route][method][key].file
         }
     }
     return false
@@ -268,18 +282,22 @@ class Route {
     if (this.loading) return
     this.loading = true
     this.#loadMiddlewares()
-    for (const file of fs.readdirSync(`${__dir}/controller/`)) {
-      if (!file.endsWith('.js')) continue
-      let name = file.replace('.js', '')
-      if (!Odac.Route.class) Odac.Route.class = {}
-      if (Odac.Route.class[name]) {
-        if (Odac.Route.class[name].mtime >= fs.statSync(Odac.Route.class[name].path).mtimeMs + 1000) continue
-        delete require.cache[require.resolve(Odac.Route.class[name].path)]
-      }
-      Odac.Route.class[name] = {
-        path: `${__dir}/controller/${file}`,
-        mtime: fs.statSync(`${__dir}/controller/${file}`).mtimeMs,
-        module: require(`${__dir}/controller/${file}`)
+    const classDir = `${__dir}/class/`
+    if (fs.existsSync(classDir)) {
+      for (const file of fs.readdirSync(classDir)) {
+        if (!file.endsWith('.js')) continue
+        let name = file.replace('.js', '')
+        if (!Odac.Route.class) Odac.Route.class = {}
+        if (Odac.Route.class[name]) {
+          const fileStat = fs.statSync(Odac.Route.class[name].path)
+          if (Odac.Route.class[name].mtime >= fileStat.mtimeMs || Date.now() < fileStat.mtimeMs + 1000) continue
+          delete require.cache[require.resolve(Odac.Route.class[name].path)]
+        }
+        Odac.Route.class[name] = {
+          path: `${__dir}/class/${file}`,
+          mtime: fs.statSync(`${__dir}/class/${file}`).mtimeMs,
+          module: require(`${__dir}/class/${file}`)
+        }
       }
     }
     let dir = fs.readdirSync(`${__dir}/route/`)
@@ -290,7 +308,10 @@ class Route {
       if (!routes2[Odac.Route.buff] || routes2[Odac.Route.buff] < mtime - 1000) {
         delete require.cache[require.resolve(`${__dir}/route/${file}`)]
         routes2[Odac.Route.buff] = mtime
-        require(`${__dir}/route/${file}`)
+        const routeModule = require(`${__dir}/route/${file}`)
+        if (typeof routeModule === 'function') {
+          routeModule(Odac)
+        }
       }
       for (const type of ['page', '#page', 'post', '#post', 'get', '#get', 'error']) {
         if (!this.routes[Odac.Route.buff]) continue
@@ -354,7 +375,7 @@ class Route {
     )
 
     this.set(
-      ['POST', 'GET', 'PUT', 'PATCH', 'DELETE'],
+      'POST',
       '/_odac/form',
       async Odac => {
         const csrfToken = await Odac.request('_token')
@@ -375,6 +396,28 @@ class Route {
       {token: true}
     )
 
+    this.set(
+      'POST',
+      '/_odac/magic-login',
+      async Odac => {
+        const csrfToken = await Odac.request('_token')
+        if (!csrfToken || !Odac.token(csrfToken)) {
+          return Odac.Request.abort(401)
+        }
+        return await Internal.magicLogin(Odac)
+      },
+      {token: true}
+    )
+
+    this.set(
+      'GET',
+      '/_odac/magic-verify',
+      async Odac => {
+        return await Internal.magicVerify(Odac)
+      },
+      {token: false}
+    )
+
     delete Odac.Route.buff
   }
 
@@ -387,6 +430,11 @@ class Route {
       if (result instanceof Promise) result = await result
       const Stream = require('./Stream.js')
       if (result instanceof Stream) return
+      if (result && typeof result.pipe === 'function') {
+        param.Request.print()
+        result.pipe(param.Request.res)
+        return
+      }
       if (param.Request.res.finished || param.Request.res.writableEnded) {
         param.cleanup()
         return
@@ -453,7 +501,10 @@ class Route {
       this.routes[Odac.Route.buff][type][url].path = path
       this.routes[Odac.Route.buff][type][url].loaded = routes2[Odac.Route.buff]
       this.routes[Odac.Route.buff][type][url].token = options.token ?? true
+
       this.routes[Odac.Route.buff][type][url].middlewares = this._pendingMiddlewares.length > 0 ? [...this._pendingMiddlewares] : undefined
+    } else if (file && typeof file === 'string') {
+      console.error(`\x1b[31m[Odac]\x1b[0m Controller not found: \x1b[33m${path}\x1b[0m`)
     }
 
     return this
@@ -462,6 +513,7 @@ class Route {
   page(path, file) {
     if (typeof file === 'object' && !Array.isArray(file)) {
       this.set('page', path, _odac => {
+        _odac.set(file)
         _odac.View.set(file)
         return
       })
@@ -482,16 +534,20 @@ class Route {
   }
 
   authPage(path, authFile, file) {
-    if (typeof authFile === 'object' && !Array.isArray(authFile)) {
+    if (typeof authFile === 'object' && authFile !== null && !Array.isArray(authFile)) {
       this.set('#page', path, _odac => {
+        _odac.set(authFile)
         _odac.View.set(authFile)
         return
       })
       if (typeof file === 'object' && !Array.isArray(file)) {
         this.set('page', path, _odac => {
+          _odac.set(file)
           _odac.View.set(file)
           return
         })
+      } else if (file) {
+        this.set('page', path, file)
       }
       return this
     }
@@ -499,6 +555,7 @@ class Route {
     if (file) {
       if (typeof file === 'object' && !Array.isArray(file)) {
         this.set('page', path, _odac => {
+          _odac.set(file)
           _odac.View.set(file)
           return
         })
@@ -546,6 +603,26 @@ class Route {
     const {token = true} = options
     const requireAuth = type === '#ws'
 
+    if (typeof handler !== 'function') {
+      let path = `${__dir}/controller/${type.replace('#', '')}/${handler}.js`
+      if (typeof handler === 'string' && handler.includes('.')) {
+        let arr = handler.split('.')
+        path = `${__dir}/controller/${arr[0]}/${type.replace('#', '')}/${arr.slice(1).join('.')}.js`
+      }
+
+      if (fs.existsSync(path)) {
+        handler = require(path)
+      } else {
+        console.error(`\x1b[31m[Odac]\x1b[0m WebSocket Controller not found: \x1b[33m${path}\x1b[0m`)
+        return
+      }
+    }
+
+    if (typeof handler !== 'function') {
+      console.error(`\x1b[31m[Odac]\x1b[0m Invalid WebSocket handler (not a function).`)
+      return
+    }
+
     const wrappedHandler = async (ws, Odac) => {
       Odac.ws = ws
 
@@ -603,7 +680,10 @@ class Route {
           }
         }
       }
-      return handler(Odac)
+      const res = handler(Odac)
+      if (res instanceof Promise) await res
+      ws.resume()
+      return res
     }
 
     this.#wsServer.route(path, wrappedHandler)

package/src/Server.js

@@ -1,22 +1,91 @@
-const http = require(`http`)
+const http = require('http')
+const nodeCrypto = require('crypto')
+const cluster = require('node:cluster')
+const os = require('node:os')
 
 module.exports = {
   init: function () {
     let args = process.argv.slice(2)
     if (args[0] == 'framework' && args[1] == 'run') args = args.slice(2)
     let port = parseInt(args[0] ?? '1071')
-    console.log(`Odac Server running on \x1b]8;;http://127.0.0.1:${port}\x1b\\\x1b[4mhttp://127.0.0.1:${port}\x1b[0m\x1b]8;;\x1b\\.`)
 
-    const server = http.createServer((req, res) => {
-      return Odac.Route.request(req, res)
-    })
+    if (cluster.isPrimary) {
+      const numCPUs = os.cpus().length
+      let isShuttingDown = false
 
-    server.on('upgrade', (req, socket, head) => {
-      const id = `${Date.now()}${Math.random().toString(36).substr(2, 9)}`
-      const param = Odac.instance(id, req, null)
-      Odac.Route.handleWebSocketUpgrade(req, socket, head, param)
-    })
+      console.log(`Odac Server running on \x1b]8;;http://127.0.0.1:${port}\x1b\\\x1b[4mhttp://127.0.0.1:${port}\x1b[0m\x1b]8;;\x1b\\.`)
 
-    server.listen(port)
+      // Start session garbage collector (runs every hour, expires after 7 days)
+      Odac.Storage.startSessionGC()
+
+      for (let i = 0; i < numCPUs; i++) {
+        cluster.fork()
+      }
+
+      cluster.on('exit', () => {
+        // Don't restart workers during shutdown
+        if (!isShuttingDown) {
+          cluster.fork()
+        }
+      })
+
+      // Graceful shutdown handler for primary
+      const gracefulShutdown = signal => {
+        if (isShuttingDown) return
+        isShuttingDown = true
+
+        console.log(`\n\x1b[33m[Shutdown]\x1b[0m ${signal} received, shutting down gracefully...`)
+
+        // Disconnect all workers
+        for (const id in cluster.workers) {
+          cluster.workers[id].send('shutdown')
+          cluster.workers[id].disconnect()
+        }
+
+        let workersAlive = Object.keys(cluster.workers).length
+
+        cluster.on('exit', () => {
+          workersAlive--
+          if (workersAlive === 0) {
+            console.log('\x1b[32m[Shutdown]\x1b[0m All workers stopped.')
+            Odac.Storage.close()
+            console.log('\x1b[32m[Shutdown]\x1b[0m Storage closed. Goodbye!')
+            process.exit(0)
+          }
+        })
+
+        // Force exit after 30 seconds
+        setTimeout(() => {
+          console.error('\x1b[31m[Shutdown]\x1b[0m Timeout! Forcing exit...')
+          process.exit(1)
+        }, 30000)
+      }
+
+      process.on('SIGTERM', () => gracefulShutdown('SIGTERM'))
+      process.on('SIGINT', () => gracefulShutdown('SIGINT'))
+    } else {
+      const server = http.createServer((req, res) => {
+        return Odac.Route.request(req, res)
+      })
+
+      server.on('upgrade', (req, socket, head) => {
+        const id = nodeCrypto.randomBytes(16).toString('hex')
+        const param = Odac.instance(id, req, null)
+        Odac.Route.handleWebSocketUpgrade(req, socket, head, param)
+      })
+
+      server.listen(port)
+
+      // Graceful shutdown handler for worker
+      process.on('message', msg => {
+        if (msg === 'shutdown') {
+          console.log(`\x1b[36m[Worker ${process.pid}]\x1b[0m Closing server...`)
+          server.close(() => {
+            console.log(`\x1b[36m[Worker ${process.pid}]\x1b[0m Server closed.`)
+            process.exit(0)
+          })
+        }
+      })
+    }
   }
 }

package/src/Storage.js

@@ -0,0 +1,165 @@
+const fs = require('fs')
+const path = require('path')
+
+class OdacStorage {
+  constructor() {
+    this.db = null
+    this.ready = false
+  }
+
+  init() {
+    const {open} = require('lmdb')
+
+    const storagePath = path.join(global.__dir, 'storage')
+    const dbPath = path.join(storagePath, 'sessions.db')
+
+    try {
+      // Ensure storage directory exists
+      if (!fs.existsSync(storagePath)) {
+        fs.mkdirSync(storagePath, {recursive: true})
+      }
+
+      this.db = open({
+        path: dbPath,
+        compression: true
+      })
+      this.ready = true
+    } catch (error) {
+      console.error('\x1b[31m[Storage Error]\x1b[0m Failed to initialize LMDB:', error.message)
+      console.error('\x1b[33m[Storage]\x1b[0m Path:', dbPath)
+      this.ready = false
+    }
+  }
+
+  // --- Basic KV Operations ---
+
+  get(key) {
+    if (!this.ready) return null
+    return this.db.get(key) ?? null
+  }
+
+  put(key, value) {
+    if (!this.ready) return false
+    return this.db.put(key, value)
+  }
+
+  remove(key) {
+    if (!this.ready) return false
+    return this.db.remove(key)
+  }
+
+  // --- Range Operations ---
+
+  getRange(options = {}) {
+    if (!this.ready) return []
+    return this.db.getRange(options)
+  }
+
+  getKeys(options = {}) {
+    if (!this.ready) return []
+    return this.db.getKeys(options)
+  }
+
+  // --- Session Garbage Collector ---
+
+  startSessionGC(intervalMs = 60 * 60 * 1000, expirationMs = 7 * 24 * 60 * 60 * 1000) {
+    if (!this.ready) {
+      console.warn('[Storage] GC not started: Storage not ready')
+      return null
+    }
+
+    const BATCH_THRESHOLD = 10000
+    const BATCH_SIZE = 1000
+
+    return setInterval(() => {
+      try {
+        // Count sessions to decide mode
+        let sessionCount = 0
+        // eslint-disable-next-line
+        for (const _ of this.db.getKeys({start: 'sess:', end: 'sess:~', limit: BATCH_THRESHOLD + 1})) {
+          sessionCount++
+          if (sessionCount > BATCH_THRESHOLD) break
+        }
+
+        if (sessionCount > BATCH_THRESHOLD) {
+          this._cleanSessionsBatch(expirationMs, BATCH_SIZE)
+        } else {
+          this._cleanSessionsSimple(expirationMs)
+        }
+      } catch (error) {
+        console.error('\x1b[31m[Storage GC Error]\x1b[0m', error.message)
+      }
+    }, intervalMs)
+  }
+
+  // Simple mode: Load all sessions at once (fast for small datasets)
+  _cleanSessionsSimple(expirationMs) {
+    const now = Date.now()
+    let count = 0
+
+    for (const {key, value} of this.db.getRange({start: 'sess:', end: 'sess:~', snapshot: false})) {
+      if (key.endsWith(':_created') && now - value > expirationMs) {
+        const prefix = key.replace(':_created', '')
+        for (const subKey of this.db.getKeys({start: prefix, end: prefix + '~'})) {
+          this.db.remove(subKey)
+        }
+        count++
+      }
+    }
+
+    if (count > 0) {
+      console.log(`\x1b[36m[Storage GC]\x1b[0m Cleaned ${count} expired sessions.`)
+    }
+  }
+
+  // Batch mode: Process sessions in chunks (memory-safe for large datasets)
+  _cleanSessionsBatch(expirationMs, batchSize) {
+    const now = Date.now()
+    let count = 0
+    let cursor = 'sess:'
+    let hasMore = true
+
+    console.log('\x1b[36m[Storage GC]\x1b[0m Running in batch mode...')
+
+    while (hasMore) {
+      hasMore = false
+      let lastKey = null
+
+      for (const {key, value} of this.db.getRange({start: cursor, end: 'sess:~', limit: batchSize, snapshot: false})) {
+        lastKey = key
+        hasMore = true
+
+        if (key.endsWith(':_created') && now - value > expirationMs) {
+          const prefix = key.replace(':_created', '')
+          for (const subKey of this.db.getKeys({start: prefix, end: prefix + '~'})) {
+            this.db.remove(subKey)
+          }
+          count++
+        }
+      }
+
+      if (lastKey) {
+        cursor = lastKey + '\0'
+      }
+    }
+
+    if (count > 0) {
+      console.log(`\x1b[36m[Storage GC]\x1b[0m Cleaned ${count} expired sessions (batch mode).`)
+    }
+  }
+
+  // --- Utility ---
+
+  close() {
+    if (this.db) {
+      this.db.close()
+      this.ready = false
+    }
+  }
+
+  isReady() {
+    return this.ready
+  }
+}
+
+module.exports = new OdacStorage()

package/src/Validator.js

@@ -1,3 +1,82 @@
+const https = require('https')
+const fs = require('fs')
+const os = require('os')
+const path = require('path')
+
+let disposableDomains = null
+const CACHE_FILE = path.join(os.tmpdir(), 'odac_disposable_domains.conf')
+const SOURCE_URL = 'https://hub.odac.run/blocklist/disposable-emails'
+
+async function loadDisposableDomains() {
+  if (disposableDomains instanceof Set) return
+
+  disposableDomains = new Set()
+  let content = ''
+  let shouldUpdate = true
+
+  try {
+    try {
+      const fd = fs.openSync(CACHE_FILE, 'r')
+      try {
+        const stats = fs.fstatSync(fd)
+        const ageInHours = (new Date() - stats.mtime) / (1000 * 60 * 60)
+        if (ageInHours < 24) {
+          content = fs.readFileSync(fd, 'utf8')
+          shouldUpdate = false
+        }
+      } finally {
+        fs.closeSync(fd)
+      }
+    } catch {
+      // Cache error check failed, proceed to validation update
+    }
+
+    if (shouldUpdate) {
+      try {
+        content = await new Promise((resolve, reject) => {
+          const req = https.get(SOURCE_URL, res => {
+            if (res.statusCode !== 200) {
+              res.resume()
+              reject(new Error(`Failed to fetch: ${res.statusCode}`))
+              return
+            }
+            let data = ''
+            res.on('data', chunk => (data += chunk))
+            res.on('end', () => resolve(data))
+          })
+          req.on('error', reject)
+          req.end()
+        })
+        const tempFile = `${CACHE_FILE}_${Date.now()}_${Math.random().toString(36).slice(2)}`
+        const fd = fs.openSync(tempFile, 'wx')
+        try {
+          // Sanitize content before writing to file to avoid injection attacks
+          const sanitizedContent = content.replace(/[^a-zA-Z0-9.\-\n\r]/g, '')
+          fs.writeSync(fd, sanitizedContent)
+        } finally {
+          fs.closeSync(fd)
+        }
+        fs.renameSync(tempFile, CACHE_FILE)
+      } catch {
+        if (fs.existsSync(CACHE_FILE)) {
+          content = fs.readFileSync(CACHE_FILE, 'utf8')
+        }
+      }
+    }
+
+    if (content) {
+      content.split('\n').forEach(line => {
+        const domain = line.trim().toLowerCase()
+        if (domain && !domain.startsWith('#')) {
+          disposableDomains.add(domain)
+        }
+      })
+    }
+  } catch (error) {
+    console.error('Validator Warning: Could not load disposable domains.', error.message)
+  }
+}
+
 class Validator {
   #checklist = {}
   #completed = false
@@ -88,9 +167,12 @@ class Validator {
           } else {
             for (const rule of rules.includes('|') ? rules.split('|') : [rules]) {
               let vars = rule.split(':')
-              let inverse = vars[0].startsWith('!')
+              let ruleName = vars[0].trim()
+              let inverse = ruleName.startsWith('!')
+              if (inverse) ruleName = ruleName.substr(1)
+
               if (!error) {
-                switch (inverse ? vars[0].substr(1) : vars[0]) {
+                switch (ruleName) {
                   case 'required':
                     error = value === undefined || value === '' || value === null
                     break
@@ -204,6 +286,9 @@ class Validator {
                     }
                     break
                   }
+                  case 'disposable':
+                    error = value && value !== '' && !(await Validator.isDisposable(value))
+                    break
                 }
                 if (inverse) error = !error
               }
@@ -220,6 +305,13 @@ class Validator {
     this.#completed = true
   }
 
+  static async isDisposable(email) {
+    if (!email || typeof email !== 'string') return false
+    await loadDisposableDomains()
+    const domain = email.split('@').pop().toLowerCase()
+    return disposableDomains && disposableDomains.has(domain)
+  }
+
   var(name, value = null) {
     if (this.#completed) this.#completed = false
     this.#method = 'VAR'