odac 1.0.1 → 1.2.0

package/src/Request.js

@@ -3,14 +3,16 @@ const nodeCrypto = require('crypto')
 class OdacRequest {
   #odac
   #complete = false
-  #cookies = {received: [], sent: []}
+  #cookies = {data: {}, sent: []}
   data = {post: {}, get: {}, url: {}}
   #event = {data: [], end: []}
   #headers = {Server: 'Odac'}
   #status = 200
   #timeout = null
   #earlyHints = null
+  #sessions = {}
   variables = {}
+  sharedData = {}
   isAjaxLoad = false
   ajaxLoad = null
   clientSkeleton = null
@@ -26,6 +28,7 @@ class OdacRequest {
     this.host = req.headers.host
     this.ssl = this.header('x-odac-connection-ssl') === 'true'
     this.ip = (this.header('x-odac-connection-remoteaddress') ?? req.connection.remoteAddress).replace('::ffff:', '')
+    this.language = req.headers['accept-language']?.split(',')[0] ?? 'en'
     delete this.req.headers['x-odac-connection-ssl']
     delete this.req.headers['x-odac-connection-remoteaddress']
     let route = req.headers.host.split('.')[0]
@@ -36,21 +39,17 @@ class OdacRequest {
     }
     this.#data()
     if (!Odac.Request) Odac.Request = {}
-    if (!this.cookie('odac_client') || !this.session('_client') || this.session('_client') !== this.cookie('odac_client')) {
-      let client = nodeCrypto
-        .createHash('md5')
-        .update(this.ip + this.id + Date.now().toString() + Math.random().toString())
-        .digest('hex')
-      this.cookie('odac_client', client, {expires: null, httpOnly: false})
-      this.session('_client', client)
-    }
   }
 
   // - ABORT REQUEST
   async abort(code) {
     this.status(code)
     let result = {401: 'Unauthorized', 404: 'Not Found', 408: 'Request Timeout'}[code] ?? null
-    if (Odac.Route.routes[this.route].error && Odac.Route.routes[this.route].error[code])
+    if (
+      Odac.Route.routes[this.route].error &&
+      Odac.Route.routes[this.route].error[code] &&
+      typeof Odac.Route.routes[this.route].error[code].cache === 'function'
+    )
       result = await Odac.Route.routes[this.route].error[code].cache(this.#odac)
     this.end(result)
   }
@@ -58,22 +57,21 @@ class OdacRequest {
   // - SET COOKIE
   cookie(key, value, options = {}) {
     if (value === undefined) {
-      if (this.#cookies.sent[key]) return this.#cookies.sent[key]
-      if (this.#cookies.received[key]) return this.#cookies.received[key]
+      if (this.#cookies.data[key]) return this.#cookies.data[key]
       value =
         this.req.headers.cookie
           ?.split('; ')
           .find(c => c.startsWith(key + '='))
           ?.split('=')[1] ?? null
       if (value && value.startsWith('{') && value.endsWith('}')) value = JSON.parse(value)
-      this.#cookies.received[key] = value
       return value
     }
+    this.#cookies.data[key] = value
     if (options.path === undefined) options.path = '/'
     if (options.expires === undefined) options.expires = new Date(Date.now() + 1000 * 60 * 60 * 24 * 365).toUTCString()
     if (options.secure === undefined) options.secure = true
     if (options.httpOnly === undefined) options.httpOnly = true
-    if (options.sameSite === undefined) options.sameSite = 'Strict'
+    if (options.sameSite === undefined) options.sameSite = 'Lax'
     if (typeof value === 'object') value = JSON.stringify(value)
     let cookie = `${key}=${value}`
     for (const option of Object.keys(options)) if (options[option]) cookie += `; ${option}=${options[option]}`
@@ -86,8 +84,8 @@ class OdacRequest {
       let data = split[1].split('&')
       for (let i = 0; i < data.length; i++) {
         if (data[i].indexOf('=') === -1) continue
-        let key = data[i].split('=')[0]
-        let val = data[i].split('=')[1]
+        let key = decodeURIComponent(data[i].split('=')[0])
+        let val = decodeURIComponent(data[i].split('=')[1] || '')
         this.data.get[key] = val
       }
     }
@@ -101,7 +99,14 @@ class OdacRequest {
       } else {
         if (body.length > 0 && body.indexOf('Content-Disposition') === -1) return
         if (body.indexOf('Content-Disposition') > -1) {
-          let boundary = body.split('\r\n')[0].split('; ')[1].split('=')[1]
+          let boundary = body.split('\r\n')[0]
+          if (boundary.includes('boundary=')) {
+            try {
+              boundary = boundary.split('boundary=')[1].split(';')[0].trim()
+            } catch {
+              // ignore
+            }
+          }
           let data = body.split(boundary)
           for (let i = 0; i < data.length; i++) {
             if (data[i].indexOf('Content-Disposition') === -1) continue
@@ -203,6 +208,7 @@ class OdacRequest {
   redirect(url) {
     this.header('Location', url)
     this.status(302)
+    this.end()
   }
 
   // - GET REQUEST
@@ -225,56 +231,63 @@ class OdacRequest {
     })
   }
 
+  setSession() {
+    if (!this.cookie('odac_client') || !this.session('_client') || this.session('_client') !== this.cookie('odac_client')) {
+      let client = nodeCrypto.randomBytes(16).toString('hex')
+      this.cookie('odac_client', client, {expires: null, httpOnly: false})
+      this.session('_client', client)
+    }
+  }
+
   // - SESSION
   session(key, value) {
-    if (!Odac.Request.session) Odac.Request.session = {}
-    if (!Odac.Request.sessionLocks) Odac.Request.sessionLocks = {}
-
     let pri = nodeCrypto
-      .createHash('md5')
+      .createHash('sha256')
       .update(this.req.headers['user-agent'] ?? '.')
       .digest('hex')
-    let pub = this.cookie('candy_session')
-
-    if (!pub || !Odac.Request.session[pub + '-' + pri]) {
-      const lockKey = `${this.ip}-${pri}`
+    let pub = this.cookie('odac_session')
+    if (!pub || !Odac.Storage.get(`sess:${pub}:${pri}:_created`)) {
+      const lockKey = `lock:${this.ip}:${pri}`
       const now = Date.now()
 
-      if (Odac.Request.sessionLocks[lockKey]) {
-        const lock = Odac.Request.sessionLocks[lockKey]
-        if (now - lock.timestamp < 5000 && Odac.Request.session[`${lock.sessionId}-${pri}`]) {
-          pub = lock.sessionId
+      const existingLock = Odac.Storage.get(lockKey)
+      if (existingLock) {
+        if (now - existingLock.timestamp < 2000 && Odac.Storage.get(`sess:${existingLock.sessionId}:${pri}:_created`)) {
+          pub = existingLock.sessionId
         } else {
-          delete Odac.Request.sessionLocks[lockKey]
+          Odac.Storage.remove(lockKey)
         }
       }
 
       if (!pub) {
-        const sessionLockValues = Object.values(Odac.Request.sessionLocks)
-        const activeSessions = new Set(sessionLockValues.map(l => l.sessionId))
         do {
-          pub = nodeCrypto
-            .createHash('md5')
-            .update(this.ip + this.id + Date.now().toString() + Math.random().toString())
-            .digest('hex')
-        } while (Odac.Request.session[`${pub}-${pri}`] || activeSessions.has(pub))
-
-        Odac.Request.sessionLocks[lockKey] = {sessionId: pub, timestamp: now}
-        Odac.Request.session[`${pub}-${pri}`] = {}
-        this.cookie('candy_session', `${pub}`)
-
+          pub = nodeCrypto.randomBytes(16).toString('hex')
+        } while (Odac.Storage.get(`sess:${pub}:${pri}:_created`))
+        Odac.Storage.put(lockKey, {sessionId: pub, timestamp: now})
+        Odac.Storage.put(`sess:${pub}:${pri}:_created`, now)
+        this.cookie('odac_session', `${pub}`)
         setTimeout(() => {
-          if (Odac.Request.sessionLocks[lockKey]?.timestamp === now) {
-            delete Odac.Request.sessionLocks[lockKey]
+          const lock = Odac.Storage.get(lockKey)
+          if (lock?.timestamp === now) {
+            Odac.Storage.remove(lockKey)
           }
-        }, 5000)
+        }, 2000)
       }
     }
 
-    if (!Odac.Request.session[pub + '-' + pri]) Odac.Request.session[pub + '-' + pri] = {}
-    if (value === undefined) return Odac.Request.session[pub + '-' + pri][key] ?? null
-    else if (value === null) delete Odac.Request.session[pub + '-' + pri][key]
-    else Odac.Request.session[pub + '-' + pri][key] = value
+    const dbKey = `sess:${pub}:${pri}:${key}`
+    if (value === undefined) {
+      if (Object.prototype.hasOwnProperty.call(this.#sessions, dbKey)) return this.#sessions[dbKey]
+      const dbValue = Odac.Storage.get(dbKey) ?? null
+      return dbValue
+    } else if (value === null) {
+      delete this.#sessions[dbKey]
+      delete this.#sessions[dbKey]
+      Odac.Storage.remove(dbKey)
+    } else {
+      this.#sessions[dbKey] = value
+      Odac.Storage.put(dbKey, value)
+    }
   }
 
   // - SET
@@ -283,6 +296,15 @@ class OdacRequest {
     else this.variables[key] = {value: value, ajax: ajax}
   }
 
+  // - SHARE DATA (Client Side)
+  share(key, value) {
+    if (typeof key === 'object' && key !== null) {
+      Object.assign(this.sharedData, key)
+    } else {
+      this.sharedData[key] = value
+    }
+  }
+
   // - HTTP CODE
   status(code) {
     this.#status = code

package/src/Route/Cron.js

@@ -1,4 +1,5 @@
 const fs = require('fs')
+const cluster = require('node:cluster')
 
 class Cron {
   #interval = null
@@ -6,7 +7,9 @@ class Cron {
 
   init() {
     if (this.#interval) return
-    this.#interval = setInterval(this.check.bind(this), 60 * 1000) // Check every minute
+    if (cluster.isPrimary) {
+      this.#interval = setInterval(this.check.bind(this), 60 * 1000) // Check every minute
+    }
   }
 
   check() {
@@ -57,7 +60,7 @@ class Cron {
             if (job.lastRun && Math.floor(unix / 86400) % condition.value !== 0) shouldRun = false
             break
           case 'everyWeekDay':
-            if (job.lastRun && weekDay % condition.value !== 0) shouldRun = false
+            if (condition.value !== weekDay) shouldRun = false
             break
           case 'everyMonth':
             if (job.lastRun && (year * 12 + month) % condition.value !== 0) shouldRun = false
@@ -78,7 +81,9 @@ class Cron {
           if (job.function || fs.existsSync(job.path)) {
             if (!job.function) job.function = require(job.path)
             if (job.function && typeof job.function === 'function') {
-              job.function()
+              const _odac = global.Odac.instance(null, 'cron')
+              job.function(_odac)
+              if (_odac.cleanup) _odac.cleanup()
             }
           }
         } catch (error) {
@@ -106,22 +111,61 @@ class Cron {
       updated: new Date()
     })
     let id = this.#jobs.length - 1
-    return {
-      minute: value => this.#jobs[id].condition.push({type: 'minute', value: value}),
-      hour: value => this.#jobs[id].condition.push({type: 'hour', value: value}),
-      day: value => this.#jobs[id].condition.push({type: 'day', value: value}),
-      weekDay: value => this.#jobs[id].condition.push({type: 'weekDay', value: value}),
-      month: value => this.#jobs[id].condition.push({type: 'month', value: value}),
-      year: value => this.#jobs[id].condition.push({type: 'year', value: value}),
-      yearDay: value => this.#jobs[id].condition.push({type: 'yearDay', value: value}),
-      everyMinute: value => this.#jobs[id].condition.push({type: 'everyMinute', value: value}),
-      everyHour: value => this.#jobs[id].condition.push({type: 'everyHour', value: value}),
-      everyDay: value => this.#jobs[id].condition.push({type: 'everyDay', value: value}),
-      everyWeekDay: value => this.#jobs[id].condition.push({type: 'everyWeekDay', value: value}),
-      everyMonth: value => this.#jobs[id].condition.push({type: 'everyMonth', value: value}),
-      everyYear: value => this.#jobs[id].condition.push({type: 'everyYear', value: value}),
-      everyYearDay: value => this.#jobs[id].condition.push({type: 'everyYearDay', value: value})
+    const addCondition = (type, value) => {
+      this.#jobs[id].condition.push({type, value})
+      return chain
+    }
+
+    const chain = {
+      minute: value => addCondition('minute', value),
+      hour: value => addCondition('hour', value),
+      day: value => addCondition('day', value),
+      at: time => {
+        if (!/^\d{1,2}:\d{1,2}$/.test(time)) throw new Error('Invalid time format for .at(). Use HH:MM')
+        const [h, m] = time.split(':')
+        addCondition('hour', parseInt(h))
+        addCondition('minute', parseInt(m))
+        return chain
+      },
+      raw: pattern => {
+        const parts = pattern.split(' ').filter(p => p.trim() !== '')
+        if (parts.length !== 5) throw new Error('Invalid cron expression. Expected 5 fields (min hour day month weekDay)')
+
+        const [min, hour, day, month, weekDay] = parts
+        const parse = (val, type, everyType) => {
+          if (val === '*') return
+          if (val.startsWith('*/') && everyType) {
+            addCondition(everyType, parseInt(val.split('/')[1]))
+            return
+          }
+          if (!isNaN(val)) {
+            addCondition(type, parseInt(val))
+            return
+          }
+          throw new Error(`Unsupported cron value '${val}' for ${type}`)
+        }
+
+        parse(min, 'minute', 'everyMinute')
+        parse(hour, 'hour', 'everyHour')
+        parse(day, 'day', 'everyDay')
+        parse(month, 'month', 'everyMonth')
+        parse(weekDay, 'weekDay', null)
+
+        return chain
+      },
+      weekDay: value => addCondition('weekDay', value),
+      month: value => addCondition('month', value),
+      year: value => addCondition('year', value),
+      yearDay: value => addCondition('yearDay', value),
+      everyMinute: value => addCondition('everyMinute', value),
+      everyHour: value => addCondition('everyHour', value),
+      everyDay: value => addCondition('everyDay', value),
+      everyWeekDay: value => addCondition('everyWeekDay', value),
+      everyMonth: value => addCondition('everyMonth', value),
+      everyYear: value => addCondition('everyYear', value),
+      everyYearDay: value => addCondition('everyYearDay', value)
     }
+    return chain
   }
 }
 

package/src/Route/Internal.js

@@ -1,3 +1,5 @@
+const nodeCrypto = require('crypto')
+
 class Internal {
   static #validateField(validator, field, validation, value) {
     const rules = validation.rule.split('|')
@@ -107,7 +109,7 @@ class Internal {
     })
 
     if (!registerResult.success) {
-      if (registerResult.error === 'Database connection not configured') {
+      if (registerResult.error === 'Database connection failed') {
         return Odac.return({
           result: {success: false},
           errors: {_odac_form: 'Service temporarily unavailable. Please try again later.'}
@@ -247,7 +249,7 @@ class Internal {
     const loginResult = await Odac.Auth.login(credentials)
 
     if (!loginResult.success) {
-      if (loginResult.error === 'Database connection not configured') {
+      if (loginResult.error === 'Database connection failed') {
         return Odac.return({
           result: {success: false},
           errors: {_odac_form: 'Service temporarily unavailable. Please try again later.'}
@@ -272,6 +274,117 @@ class Internal {
     })
   }
 
+  static async magicLogin(Odac) {
+    const token = await Odac.request('_odac_magic_login_token')
+    if (!token) {
+      return Odac.return({
+        result: {success: false},
+        errors: {_odac_form: 'Invalid request'}
+      })
+    }
+
+    const formData = Odac.Request.session(`_magic_login_form_${token}`)
+    if (!formData) {
+      return Odac.return({
+        result: {success: false},
+        errors: {_odac_form: 'Form session expired. Please refresh the page.'}
+      })
+    }
+
+    if (formData.expires < Date.now()) {
+      Odac.Request.session(`_magic_login_form_${token}`, null)
+      return Odac.return({
+        result: {success: false},
+        errors: {_odac_form: 'Form session expired. Please refresh the page.'}
+      })
+    }
+
+    // Basic security checks
+    if (
+      formData.sessionId !== Odac.Request.session('_client') ||
+      formData.userAgent !== Odac.Request.header('user-agent') ||
+      formData.ip !== Odac.Request.ip
+    ) {
+      return Odac.return({
+        result: {success: false},
+        errors: {_odac_form: 'Invalid request security token'}
+      })
+    }
+
+    const config = formData.config
+    const validator = Odac.validator()
+    let email = ''
+
+    // Validate inputs (expecting email)
+    for (const field of config.fields) {
+      const value = await Odac.request(field.name)
+      for (const validation of field.validations) {
+        this.#validateField(validator, field, validation, value)
+      }
+      if (field.name === 'email') email = value
+    }
+
+    if (await validator.error()) {
+      return validator.result()
+    }
+
+    if (!email) {
+      return Odac.return({
+        result: {success: false},
+        errors: {email: 'Email is required'}
+      })
+    }
+
+    const result = await Odac.Auth.magic(email, {
+      autoRegister: false, // config.autoRegister
+      redirect: config.redirect
+    })
+
+    if (!result.success) {
+      return Odac.return({
+        result: {success: false},
+        errors: {_odac_form: result.error || 'Failed to send magic link'}
+      })
+    }
+
+    Odac.Request.session(`_magic_login_form_${token}`, null)
+
+    return Odac.return({
+      result: {
+        success: true,
+        message: result.message || 'Magic link sent! Please check your email.',
+        // We might want to keep them on page or redirect to a "check email" page
+        redirect: config.redirect
+      }
+    })
+  }
+
+  static async magicVerify(Odac) {
+    const token = await Odac.request('token')
+    const email = await Odac.request('email')
+
+    if (!token || !email) {
+      return Odac.Request.end('Invalid verification link.')
+    }
+
+    const result = await Odac.Auth.verifyMagicLink(token, email)
+
+    if (!result.success) {
+      return Odac.Request.end(`Verification failed: ${result.error}`)
+    }
+
+    // Redirect to a specific URL if provided, otherwise default to home or a configured dashboard page.
+    let redirectUrl = (await Odac.request('redirect_url')) || Odac.Config.auth?.magicLinkRedirect || '/'
+
+    // Security: Prevent open redirect attacks by only allowing relative paths
+    if (redirectUrl && (!redirectUrl.startsWith('/') || redirectUrl.startsWith('//'))) {
+      redirectUrl = '/'
+    }
+
+    Odac.Request.redirect(redirectUrl)
+    Odac.Request.end('')
+  }
+
   static async processForm(Odac) {
     const token = await Odac.request('_odac_form_token')
     if (!token) return
@@ -384,18 +497,14 @@ class Internal {
 
     if (Odac.formConfig.table) {
       try {
-        const mysql = Odac.Mysql
+        const table = Odac.DB[Odac.formConfig.table]
 
         for (const field of Odac.formUniqueFields) {
           if (Odac.formData[field.name] == null) continue
 
-          const existingRecord = await mysql.query(`SELECT id FROM ?? WHERE ?? = ? LIMIT 1`, [
-            Odac.formConfig.table,
-            field.name,
-            Odac.formData[field.name]
-          ])
+          const existingRecord = await table.where(field.name, Odac.formData[field.name]).first()
 
-          if (existingRecord && existingRecord.length > 0) {
+          if (existingRecord) {
             const errorMessage = field.message || `This ${field.name} is already registered`
             return Odac.return({
               result: {success: false},
@@ -404,7 +513,7 @@ class Internal {
           }
         }
 
-        await mysql.query('INSERT INTO ?? SET ?', [Odac.formConfig.table, Odac.formData])
+        await table.insert(Odac.formData)
 
         Odac.Request.session(`_custom_form_${token}`, null)
 
@@ -416,10 +525,10 @@ class Internal {
           }
         })
       } catch (error) {
-        if (error.message === 'Database connection not configured') {
+        if (error.message === 'Database connection failed') {
           return Odac.return({
             result: {success: false},
-            errors: {_odac_form: 'Database not configured. Please check your config.json'}
+            errors: {_odac_form: 'Database not configured. Please check your odac.json'}
           })
         }
 
@@ -430,6 +539,100 @@ class Internal {
       }
     }
 
+    if (Odac.formConfig.action) {
+      const actionParts = Odac.formConfig.action.split('.')
+      if (actionParts.length === 2) {
+        const controllerName = actionParts[0]
+        const methodName = actionParts[1]
+
+        // Dynamically load controller
+        // We need to access Odac.Route.class to find the controller path/module
+        // Or use require directly if we know the path structure.
+        // Since we are in framework/src/Route/Internal.js, controllers are in framework/controller/ OR app/controller/
+        // Ideally Odac.Route.class has the loaded controllers.
+
+        let controllerModule = null
+
+        if (Odac.Route && Odac.Route.class && Odac.Route.class[controllerName]) {
+          controllerModule = Odac.Route.class[controllerName].module
+        } else {
+          // Try to require it if not loaded (though Route.js should have loaded it)
+          // This fallback might be tricky with absolute paths, relying on Route.class is safer.
+        }
+
+        if (controllerModule) {
+          try {
+            // Create Form Helper Object
+            const formHelper = {
+              data: Odac.formData,
+
+              error: (field, message) => {
+                return Odac.return({
+                  result: {success: false},
+                  errors: {[field]: message}
+                })
+              },
+
+              success: (message, redirect = null) => {
+                const finalRedirect = redirect || Odac.formConfig.redirect
+                let newToken = null
+
+                // Only rotate token if we are staying on the page (no redirect)
+                if (!finalRedirect) {
+                  newToken = nodeCrypto.randomBytes(32).toString('hex')
+
+                  if (formData && formData.config) {
+                    const newFormData = {
+                      ...formData,
+                      config: {...formData.config, token: newToken},
+                      created: Date.now(),
+                      expires: Date.now() + 30 * 60 * 1000
+                    }
+                    Odac.Request.session(`_custom_form_${newToken}`, newFormData)
+                  }
+                }
+
+                Odac.Request.session(`_custom_form_${token}`, null)
+
+                return Odac.return({
+                  result: {
+                    success: true,
+                    message: message,
+                    redirect: finalRedirect,
+                    _token: newToken
+                  }
+                })
+              }
+            }
+
+            // Handle Class-based Controller
+            if (typeof controllerModule === 'function' && controllerModule.prototype) {
+              const instance = new controllerModule(Odac)
+              if (typeof instance[methodName] === 'function') {
+                return await instance[methodName](formHelper)
+              }
+            }
+            // Handle Object-based Controller (Backwards Compatibility)
+            else if (typeof controllerModule[methodName] === 'function') {
+              return await controllerModule[methodName](Odac, formHelper)
+            }
+          } catch (e) {
+            console.error(e)
+            return Odac.return({
+              result: {success: false},
+              errors: {_odac_form: 'An error occurred while processing your request.'}
+            })
+          }
+        }
+
+        console.error(`Action ${Odac.formConfig.action} not found or invalid.`)
+        return Odac.return({
+          result: {success: false},
+          errors: {_odac_form: 'An error occurred while processing your request.'}
+        })
+      }
+    }
+
     Odac.Request.session(`_custom_form_${token}`, null)
 
     return null

package/src/Route/Middleware.js

@@ -1,7 +1,8 @@
 class MiddlewareChain {
-  constructor(route, middlewares) {
+  constructor(route, middlewares, isAuth = false) {
     this._route = route
     this._middlewares = middlewares
+    this._isAuth = isAuth
     this.auth = {
       page: (path, authFile, file) => this.authPage(path, authFile, file),
       post: (path, authFile, file) => this.authPost(path, authFile, file),
@@ -15,7 +16,8 @@ class MiddlewareChain {
     return this
   }
 
-  page(path, file) {
+  page(path, file, fallback) {
+    if (this._isAuth) return this.authPage(path, file, fallback)
     this._route._pendingMiddlewares = [...this._middlewares]
     this._route.page(path, file)
     this._route._pendingMiddlewares = []
@@ -23,6 +25,7 @@ class MiddlewareChain {
   }
 
   post(path, file, options) {
+    if (this._isAuth) return this.authPost(path, file, options)
     this._route._pendingMiddlewares = [...this._middlewares]
     this._route.post(path, file, options)
     this._route._pendingMiddlewares = []
@@ -30,6 +33,7 @@ class MiddlewareChain {
   }
 
   get(path, file, options) {
+    if (this._isAuth) return this.authGet(path, file, options)
     this._route._pendingMiddlewares = [...this._middlewares]
     this._route.get(path, file, options)
     this._route._pendingMiddlewares = []
@@ -37,6 +41,7 @@ class MiddlewareChain {
   }
 
   ws(path, handler, options) {
+    if (this._isAuth) return this.authWs(path, handler, options)
     this._route._pendingMiddlewares = [...this._middlewares]
     this._route.ws(path, handler, options)
     this._route._pendingMiddlewares = []