skyguard-js 1.2.0 → 1.2.1

package/README.md

@@ -428,6 +428,227 @@ app.get("/me", (request: Request) => {
 });
 ```
 
+For **database-backed sessions**, configure `DatabaseSessionStorage` once with an adapter that maps to your DB client/ORM. This keeps the framework **DB-engine agnostic** (MySQL, MariaDB, SQLite, PostgreSQL, SQL Server, Oracle, etc.).
+
+```ts
+import {
+  sessions,
+  DatabaseSessionStorage,
+  type SessionDatabaseAdapter,
+} from "skyguard-js";
+
+const sessionAdapter: SessionDatabaseAdapter = {
+  async findById(id) {
+    // query row by id and return: { data: parsedJson, expiresAt: unixMs }
+    return null;
+  },
+  async upsert(id, payload) {
+    // insert/update row depending on your DB driver
+  },
+  async deleteById(id) {
+    // delete row by id
+  },
+  async deleteExpired(now) {
+    // delete rows where expiresAt <= now
+  },
+};
+
+DatabaseSessionStorage.configure(sessionAdapter);
+
+app.middlewares(sessions(DatabaseSessionStorage));
+```
+
+### Concrete DB adapter examples
+
+> Suggested table shape (portable across engines):
+>
+> - `id` (string/varchar, primary key)
+> - `data` (JSON/TEXT containing serialized object)
+> - `expires_at` (bigint/timestamp in unix milliseconds)
+
+To keep the code cleaner, you should create a separate file where you can configure the database sessions, such as `src/sessions/config.ts`
+
+#### Prisma (MySQL / PostgreSQL / SQLite / SQL Server / CockroachDB)
+
+```ts
+import { PrismaClient } from "@prisma/client";
+import {
+  DatabaseSessionStorage,
+  type SessionDatabaseAdapter,
+} from "skyguard-js";
+
+const prisma = new PrismaClient();
+
+// model Session {
+//   id        String @id
+//   data      String
+//   expiresAt BigInt @map("expires_at")
+//   @@map("sessions")
+// }
+
+const adapter: SessionDatabaseAdapter = {
+  async findById(id) {
+    const row = await prisma.session.findUnique({ where: { id } });
+    if (!row) return null;
+    return { data: JSON.parse(row.data), expiresAt: Number(row.expiresAt) };
+  },
+  async upsert(id, payload) {
+    await prisma.session.upsert({
+      where: { id },
+      update: {
+        data: JSON.stringify(payload.data),
+        expiresAt: BigInt(payload.expiresAt),
+      },
+      create: {
+        id,
+        data: JSON.stringify(payload.data),
+        expiresAt: BigInt(payload.expiresAt),
+      },
+    });
+  },
+  async deleteById(id) {
+    await prisma.session.deleteMany({ where: { id } });
+  },
+  async deleteExpired(now) {
+    await prisma.session.deleteMany({
+      where: { expiresAt: { lte: BigInt(now) } },
+    });
+  },
+};
+
+DatabaseSessionStorage.configure(adapter);
+```
+
+#### TypeORM (MySQL / MariaDB / PostgreSQL / SQLite / MSSQL / Oracle)
+
+```ts
+import {
+  DataSource,
+  Entity,
+  Column,
+  PrimaryColumn,
+  LessThanOrEqual,
+} from "typeorm";
+import {
+  DatabaseSessionStorage,
+  type SessionDatabaseAdapter,
+} from "skyguard-js";
+
+@Entity({ name: "sessions" })
+class SessionEntity {
+  @PrimaryColumn({ type: "varchar", length: 64 })
+  id!: string;
+
+  @Column({ type: "text" })
+  data!: string;
+
+  @Column({ name: "expires_at", type: "bigint" })
+  expiresAt!: string;
+}
+
+const ds = new DataSource({ /* your db config */ entities: [SessionEntity] });
+await ds.initialize();
+const repo = ds.getRepository(SessionEntity);
+
+const adapter: SessionDatabaseAdapter = {
+  async findById(id) {
+    const row = await repo.findOneBy({ id });
+    if (!row) return null;
+    return { data: JSON.parse(row.data), expiresAt: Number(row.expiresAt) };
+  },
+  async upsert(id, payload) {
+    await repo.save({
+      id,
+      data: JSON.stringify(payload.data),
+      expiresAt: String(payload.expiresAt),
+    });
+  },
+  async deleteById(id) {
+    await repo.delete({ id });
+  },
+  async deleteExpired(now) {
+    await repo.delete({ expiresAt: LessThanOrEqual(String(now)) });
+  },
+};
+
+DatabaseSessionStorage.configure(adapter);
+```
+
+#### mysql2 (MySQL)
+
+```ts
+import mysql from "mysql2/promise";
+import {
+  DatabaseSessionStorage,
+  type SessionDatabaseAdapter,
+} from "skyguard-js";
+
+const pool = mysql.createPool({ uri: process.env.DATABASE_URL });
+
+const adapter: SessionDatabaseAdapter = {
+  async findById(id) {
+    const [rows] = await pool.query<any[]>(
+      "SELECT data, expires_at FROM sessions WHERE id = ? LIMIT 1",
+      [id],
+    );
+    const row = rows[0];
+    if (!row) return null;
+    return { data: JSON.parse(row.data), expiresAt: Number(row.expires_at) };
+  },
+  async upsert(id, payload) {
+    await pool.query(
+      `INSERT INTO sessions (id, data, expires_at) VALUES (?, ?, ?)
+       ON DUPLICATE KEY UPDATE data = VALUES(data), expires_at = VALUES(expires_at)`,
+      [id, JSON.stringify(payload.data), payload.expiresAt],
+    );
+  },
+  async deleteById(id) {
+    await pool.query("DELETE FROM sessions WHERE id = ?", [id]);
+  },
+  async deleteExpired(now) {
+    await pool.query("DELETE FROM sessions WHERE expires_at <= ?", [now]);
+  },
+};
+
+DatabaseSessionStorage.configure(adapter);
+```
+
+#### sqlite3 (SQLite)
+
+```ts
+import sqlite3 from "sqlite3";
+import { open } from "sqlite";
+import { type SessionDatabaseAdapter } from "skyguard-js";
+
+const db = await open({ filename: "./sessions.db", driver: sqlite3.Database });
+
+const adapter: SessionDatabaseAdapter = {
+  async findById(id) {
+    const row = await db.get<{ data: string; expires_at: number }>(
+      "SELECT data, expires_at FROM sessions WHERE id = ? LIMIT 1",
+      [id],
+    );
+    if (!row) return null;
+    return { data: JSON.parse(row.data), expiresAt: Number(row.expires_at) };
+  },
+  async upsert(id, payload) {
+    await db.run(
+      `INSERT INTO sessions (id, data, expires_at) VALUES (?, ?, ?)
+       ON CONFLICT(id) DO UPDATE SET data = excluded.data, expires_at = excluded.expires_at`,
+      [id, JSON.stringify(payload.data), payload.expiresAt],
+    );
+  },
+  async deleteById(id) {
+    await db.run("DELETE FROM sessions WHERE id = ?", [id]);
+  },
+  async deleteExpired(now) {
+    await db.run("DELETE FROM sessions WHERE expires_at <= ?", [now]);
+  },
+};
+
+DatabaseSessionStorage.configure(adapter);
+```
+
 ---
 
 ## 🛡️ Security

package/dist/app.d.ts

@@ -1,4 +1,5 @@
 import { RouterGroup } from "./routing";
+import { type LogFormat } from "./http";
 import type { Middleware, RouteHandler } from "./types";
 import { type TemplateEngineFunction } from "./views/engineTemplate";
 /**
@@ -19,13 +20,15 @@ import { type TemplateEngineFunction } from "./views/engineTemplate";
  * from the runtime platform (Node, Bun, Deno, etc.)
  * through {@link HttpAdapter} and {@link Server}.
  */
-export declare class App {
+declare class App {
     /** Main routing system */
     private router;
     /** Static file handler (optional) */
     private staticFileHandler;
     /** View engine for rendering templates (optional) */
     private viewEngine;
+    /** Logger configuration */
+    private loggerOptions;
     /**
      * Bootstraps and configures the application.
      *
@@ -107,6 +110,21 @@ export declare class App {
      * @param port - TCP port to listen on
      */
     run(port: number, callback: VoidFunction, hostname?: string): void;
+    /**
+     * Configures HTTP request logger output format and optional file output.
+     *
+     * Supported formats are inspired by morgan:
+     * - "combined"
+     * - "common"
+     * - "dev"
+     * - "short"
+     * - "tiny"
+     *
+     * @example
+     * app.logger("common");
+     * app.logger("combined", "./logs/http.log");
+     */
+    logger(format?: LogFormat, filePath?: string): void;
     /**
      * Sets a global prefix for all routes.
      *
@@ -159,3 +177,4 @@ export declare class App {
     private handleError;
 }
 export declare const createApp: () => App;
+export {};

package/dist/app.js

@@ -1,10 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createApp = exports.App = void 0;
+exports.createApp = void 0;
 const routing_1 = require("./routing");
 const http_1 = require("./http");
 const validationException_1 = require("./exceptions/validationException");
 const node_path_1 = require("node:path");
+const node_fs_1 = require("node:fs");
 const fileStaticHandler_1 = require("./static/fileStaticHandler");
 const node_http_1 = require("node:http");
 const httpExceptions_1 = require("./exceptions/httpExceptions");
@@ -35,6 +36,10 @@ class App {
     staticFileHandler = null;
     /** View engine for rendering templates (optional) */
     viewEngine;
+    /** Logger configuration */
+    loggerOptions = {
+        format: "dev",
+    };
     /**
      * Bootstraps and configures the application.
      *
@@ -144,12 +149,37 @@ class App {
      */
     run(port, callback, hostname = "127.0.0.1") {
         (0, node_http_1.createServer)((req, res) => {
-            const adapter = new http_1.NodeHttpAdapter(req, res);
+            const adapter = new http_1.NodeHttpAdapter(req, res, this.loggerOptions);
             void this.handle(adapter);
         }).listen(port, hostname, () => {
             callback();
         });
     }
+    /**
+     * Configures HTTP request logger output format and optional file output.
+     *
+     * Supported formats are inspired by morgan:
+     * - "combined"
+     * - "common"
+     * - "dev"
+     * - "short"
+     * - "tiny"
+     *
+     * @example
+     * app.logger("common");
+     * app.logger("combined", "./logs/http.log");
+     */
+    logger(format = "dev", filePath) {
+        this.loggerOptions = {
+            ...this.loggerOptions,
+            format,
+        };
+        if (filePath) {
+            this.loggerOptions.fileStream = (0, node_fs_1.createWriteStream)(filePath, {
+                flags: "a",
+            });
+        }
+    }
     /**
      * Sets a global prefix for all routes.
      *
@@ -234,7 +264,6 @@ class App {
         console.error(error);
     }
 }
-exports.App = App;
 const createApp = () => {
     return App.bootstrap();
 };

package/dist/crypto/hasher.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Hasher = void 0;
+const container_1 = require("../container/container");
 const node_crypto_1 = require("node:crypto");
 const node_util_1 = require("node:util");
 /**
@@ -257,4 +258,4 @@ class HasherCrypto {
  * - scrypt is intentionally expensive; concurrency is bounded in batch methods to help prevent
  *   resource exhaustion (especially relevant in containers and small instances).
  */
-exports.Hasher = new HasherCrypto();
+exports.Hasher = container_1.Container.singleton(HasherCrypto);

package/dist/crypto/jwt.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.JWT = void 0;
+const container_1 = require("../container/container");
 const baseException_1 = require("../exceptions/baseException");
 const node_crypto_1 = require("node:crypto");
 class JWTGeneratorException extends baseException_1.BaseException {
@@ -308,4 +309,4 @@ class Jwt {
  * - Expiration handling is **strict**: `verify()` expects `exp` to exist and be in the future.
  * - Input parsing is defensive: malformed tokens or unsupported algorithms yield `null` on verify/decode.
  */
-exports.JWT = new Jwt();
+exports.JWT = container_1.Container.singleton(Jwt);

package/dist/http/index.d.ts

@@ -4,3 +4,4 @@ export { NodeHttpAdapter } from "./nodeNativeHttp";
 export { HttpMethods } from "./httpMethods";
 export { HttpAdapter } from "./httpAdapter";
 export { Logger } from "./logger";
+export type { LogFormat, LoggerOptions } from "./logger";

package/dist/http/logger.d.ts

@@ -1,4 +1,10 @@
 import { IncomingMessage, ServerResponse } from "node:http";
+export type LogFormat = "combined" | "common" | "dev" | "short" | "tiny";
+export type LoggerOptions = {
+    format?: LogFormat;
+    stream?: NodeJS.WritableStream;
+    fileStream?: NodeJS.WritableStream;
+};
 /**
  * Minimal HTTP request logger.
  *
@@ -17,7 +23,9 @@ import { IncomingMessage, ServerResponse } from "node:http";
  */
 export declare class Logger {
     private stream;
-    constructor();
+    private fileStream?;
+    private format;
+    constructor(options?: LoggerOptions);
     /**
      * Logs an HTTP request/response pair.
      *
@@ -37,6 +45,7 @@ export declare class Logger {
      * @param startTime - High-resolution timestamp captured at request start using `process.hrtime.bigint()`.
      */
     log(req: IncomingMessage, res: ServerResponse, startTime: bigint): void;
+    private buildLogLine;
     /**
      * Applies ANSI color codes to an HTTP status code for terminal output.
      *

package/dist/http/logger.js

@@ -19,8 +19,12 @@ exports.Logger = void 0;
  */
 class Logger {
     stream;
-    constructor() {
-        this.stream = process.stdout;
+    fileStream;
+    format;
+    constructor(options = {}) {
+        this.stream = options.stream || process.stdout;
+        this.fileStream = options.fileStream;
+        this.format = options.format || "dev";
     }
     /**
      * Logs an HTTP request/response pair.
@@ -41,14 +45,46 @@ class Logger {
      * @param startTime - High-resolution timestamp captured at request start using `process.hrtime.bigint()`.
      */
     log(req, res, startTime) {
-        const method = req.method || "-";
-        const url = req.url || "-";
-        const contentLength = res.getHeader("content-length") || "-";
         const diff = process.hrtime.bigint() - startTime;
         const responseTime = (Number(diff) / 1_000_000).toFixed(3);
-        const coloredStatus = this.colorizeStatus(res.statusCode);
-        const logLine = `${method} ${url} ${coloredStatus} ${responseTime} ms - ${contentLength.toString()}`;
-        this.stream.write(logLine + "\n");
+        const consoleLine = this.buildLogLine(req, res, responseTime, true);
+        const fileLine = this.buildLogLine(req, res, responseTime, false);
+        this.stream.write(consoleLine + "\n");
+        if (this.fileStream) {
+            this.fileStream.write(fileLine + "\n");
+        }
+    }
+    buildLogLine(req, res, responseTime, useColor) {
+        const method = req.method || "-";
+        const url = req.url || "-";
+        const statusCode = useColor
+            ? this.colorizeStatus(res.statusCode)
+            : String(res.statusCode);
+        const contentLength = res.getHeader("content-length")?.toString() || "-";
+        const remoteAddr = req.socket.remoteAddress || "-";
+        const httpVersion = req.httpVersion || "1.1";
+        const referrerHeader = req.headers.referer || req.headers.referrer;
+        const referrer = Array.isArray(referrerHeader)
+            ? referrerHeader.join(", ")
+            : referrerHeader || "-";
+        const userAgentHeader = req.headers["user-agent"];
+        const userAgent = Array.isArray(userAgentHeader)
+            ? userAgentHeader.join(", ")
+            : userAgentHeader || "-";
+        const date = new Date().toUTCString();
+        if (this.format === "tiny") {
+            return `${method} ${url} ${statusCode} ${contentLength} - ${responseTime} ms`;
+        }
+        if (this.format === "short") {
+            return `${remoteAddr} ${method} ${url} ${statusCode} ${contentLength} - ${responseTime} ms`;
+        }
+        if (this.format === "common") {
+            return `${remoteAddr} - - [${date}] "${method} ${url} HTTP/${httpVersion}" ${statusCode} ${contentLength}`;
+        }
+        if (this.format === "combined") {
+            return `${remoteAddr} - - [${date}] "${method} ${url} HTTP/${httpVersion}" ${statusCode} ${contentLength} "${referrer}" "${userAgent}"`;
+        }
+        return `${method} ${url} ${statusCode} ${responseTime} ms - ${contentLength}`;
     }
     /**
      * Applies ANSI color codes to an HTTP status code for terminal output.

package/dist/http/nodeNativeHttp.d.ts

@@ -2,6 +2,7 @@ import { IncomingMessage, ServerResponse } from "node:http";
 import type { HttpAdapter } from "./httpAdapter";
 import { Response } from "./response";
 import { Request } from "./request";
+import { type LoggerOptions } from "./logger";
 /**
  * Node.js HTTP adapter.
  *
@@ -23,7 +24,7 @@ export declare class NodeHttpAdapter implements HttpAdapter {
      * @param req - Native Node.js incoming request
      * @param res - Native Node.js server response
      */
-    constructor(req: IncomingMessage, res: ServerResponse);
+    constructor(req: IncomingMessage, res: ServerResponse, loggerOptions?: LoggerOptions);
     /**
      * Builds and returns a {@link Request} instance from
      * the incoming Node.js request.

package/dist/http/nodeNativeHttp.js

@@ -26,11 +26,11 @@ class NodeHttpAdapter {
      * @param req - Native Node.js incoming request
      * @param res - Native Node.js server response
      */
-    constructor(req, res) {
+    constructor(req, res, loggerOptions = {}) {
         this.req = req;
         this.res = res;
         this.startTime = process.hrtime.bigint();
-        this.logger = new logger_1.Logger();
+        this.logger = new logger_1.Logger(loggerOptions);
         this.contentParser = new contentParserManager_1.ContentParserManager();
     }
     /**

package/dist/http/request.js

@@ -22,11 +22,11 @@ class Request {
     /** Normalized HTTP method */
     _method;
     /** Parsed request body payload */
-    _body = {};
+    _body = Object.create(null);
     /** Query string parameters */
-    _query = {};
+    _query = Object.create(null);
     /** Dynamic route parameters (path params) */
-    _params = {};
+    _params = Object.create(null);
     /** Session associated with the request */
     _session;
     /**
@@ -35,7 +35,7 @@ class Request {
      * This object can be freely used by middlewares and route handlers to store
      * arbitrary data during the request lifecycle.
      */
-    state = {};
+    state = Object.create(null);
     /** Multiple uploaded files metadata. */
     files;
     constructor(url) {

package/dist/index.d.ts

@@ -1,8 +1,8 @@
 export { createApp } from "./app";
 export { Request, Response } from "./http";
-export { Middleware, RouteHandler } from "./types";
+export type { Middleware, RouteHandler } from "./types";
 export { RouterGroup } from "./routing";
-export { FileSessionStorage, MemorySessionStorage } from "./sessions";
+export { FileSessionStorage, MemorySessionStorage, DatabaseSessionStorage, type SessionDatabaseAdapter, } from "./sessions";
 export { HttpMethods } from "./http/httpMethods";
 export { createUploader } from "./storage/uploader";
 export { StorageType } from "./storage/types";

package/dist/index.js

@@ -14,7 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.rateLimit = exports.csrf = exports.cors = exports.sessions = exports.JWT = exports.Hasher = exports.validateRequest = exports.schema = exports.v = exports.StorageType = exports.createUploader = exports.HttpMethods = exports.MemorySessionStorage = exports.FileSessionStorage = exports.RouterGroup = exports.Response = exports.Request = exports.createApp = void 0;
+exports.rateLimit = exports.csrf = exports.cors = exports.sessions = exports.JWT = exports.Hasher = exports.validateRequest = exports.schema = exports.v = exports.StorageType = exports.createUploader = exports.HttpMethods = exports.DatabaseSessionStorage = exports.MemorySessionStorage = exports.FileSessionStorage = exports.RouterGroup = exports.Response = exports.Request = exports.createApp = void 0;
 var app_1 = require("./app");
 Object.defineProperty(exports, "createApp", { enumerable: true, get: function () { return app_1.createApp; } });
 var http_1 = require("./http");
@@ -25,6 +25,7 @@ Object.defineProperty(exports, "RouterGroup", { enumerable: true, get: function
 var sessions_1 = require("./sessions");
 Object.defineProperty(exports, "FileSessionStorage", { enumerable: true, get: function () { return sessions_1.FileSessionStorage; } });
 Object.defineProperty(exports, "MemorySessionStorage", { enumerable: true, get: function () { return sessions_1.MemorySessionStorage; } });
+Object.defineProperty(exports, "DatabaseSessionStorage", { enumerable: true, get: function () { return sessions_1.DatabaseSessionStorage; } });
 var httpMethods_1 = require("./http/httpMethods");
 Object.defineProperty(exports, "HttpMethods", { enumerable: true, get: function () { return httpMethods_1.HttpMethods; } });
 var uploader_1 = require("./storage/uploader");

package/dist/sessions/databaseSessionStorage.d.ts

@@ -0,0 +1,52 @@
+import { type SessionData, type SessionStorage } from "./sessionStorage";
+/**
+ * Persistence contract for DB-backed sessions.
+ *
+ * Implement this adapter with your DB client/ORM (mysql, mariaDB, sqlite,
+ * postgresql, mssql, oracle, etc.).
+ */
+export interface SessionDatabaseAdapter {
+    findById(id: string): Promise<SessionData | null>;
+    upsert(id: string, payload: SessionData): Promise<void>;
+    deleteById(id: string): Promise<void>;
+    deleteExpired(now: number): Promise<void>;
+}
+/**
+ * Database-backed session storage.
+ *
+ * The storage is DB-engine agnostic. Consumers provide a
+ * {@link SessionDatabaseAdapter} implementation that translates these methods
+ * to the concrete SQL/driver API used by the project.
+ */
+export declare class DatabaseSessionStorage implements SessionStorage {
+    private readonly ttlSeconds;
+    private static adapter;
+    private sessionId;
+    private data;
+    private expiresAt;
+    constructor(ttlSeconds?: number);
+    static configure(adapter: SessionDatabaseAdapter): void;
+    static clearAdapter(): void;
+    static cleanExpiredSessions(now?: number): Promise<void>;
+    load(id: string): Promise<void>;
+    start(): Promise<void>;
+    id(): string | null;
+    get<T = unknown>(key: string, defaultValue?: T): T | undefined;
+    set(key: string, value: unknown): Promise<void>;
+    has(key: string): boolean;
+    remove(key: string): Promise<void>;
+    all(): Record<string, unknown>;
+    clear(): Promise<void>;
+    save(): Promise<void>;
+    touch(): Promise<void>;
+    reload(): Promise<void>;
+    destroy(): Promise<void>;
+    regenerate(): Promise<void>;
+    private static getAdapter;
+    private persist;
+    private readOrFail;
+    private safeDelete;
+    private nextExpiry;
+    private assertValidId;
+    private generateId;
+}

package/dist/sessions/databaseSessionStorage.js

@@ -0,0 +1,166 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DatabaseSessionStorage = void 0;
+const node_crypto_1 = require("node:crypto");
+const httpExceptions_1 = require("../exceptions/httpExceptions");
+const sessionStorage_1 = require("./sessionStorage");
+/**
+ * Database-backed session storage.
+ *
+ * The storage is DB-engine agnostic. Consumers provide a
+ * {@link SessionDatabaseAdapter} implementation that translates these methods
+ * to the concrete SQL/driver API used by the project.
+ */
+class DatabaseSessionStorage {
+    ttlSeconds;
+    static adapter = null;
+    sessionId = null;
+    data = {};
+    expiresAt = 0;
+    constructor(ttlSeconds = 86_400) {
+        this.ttlSeconds = ttlSeconds;
+    }
+    static configure(adapter) {
+        DatabaseSessionStorage.adapter = adapter;
+    }
+    static clearAdapter() {
+        DatabaseSessionStorage.adapter = null;
+    }
+    static async cleanExpiredSessions(now = Date.now()) {
+        await this.getAdapter().deleteExpired(now);
+    }
+    async load(id) {
+        this.assertValidId(id);
+        const payload = await this.readOrFail(id);
+        if (payload.expiresAt <= Date.now()) {
+            await this.safeDelete(id);
+            throw new httpExceptions_1.UnauthorizedError("Session expired");
+        }
+        this.sessionId = id;
+        this.data = { ...payload.data };
+        this.expiresAt = payload.expiresAt;
+        await this.touch();
+    }
+    async start() {
+        if (this.sessionId)
+            return;
+        this.sessionId = this.generateId();
+        this.data = {};
+        this.expiresAt = this.nextExpiry();
+        await this.persist();
+    }
+    id() {
+        return this.sessionId;
+    }
+    get(key, defaultValue) {
+        return this.data[key] ?? defaultValue;
+    }
+    async set(key, value) {
+        if (!this.sessionId)
+            await this.start();
+        this.data[key] = value;
+        await this.save();
+    }
+    has(key) {
+        return key in this.data;
+    }
+    async remove(key) {
+        if (!this.sessionId)
+            return;
+        delete this.data[key];
+        await this.save();
+    }
+    all() {
+        return { ...this.data };
+    }
+    async clear() {
+        if (!this.sessionId)
+            return;
+        this.data = {};
+        await this.save();
+    }
+    async save() {
+        if (!this.sessionId)
+            return;
+        this.expiresAt = this.nextExpiry();
+        await this.persist();
+    }
+    async touch() {
+        if (!this.sessionId)
+            return;
+        this.expiresAt = this.nextExpiry();
+        await this.persist();
+    }
+    async reload() {
+        if (!this.sessionId)
+            return;
+        await this.load(this.sessionId);
+    }
+    async destroy() {
+        if (this.sessionId)
+            await this.safeDelete(this.sessionId);
+        this.sessionId = null;
+        this.data = {};
+        this.expiresAt = 0;
+    }
+    async regenerate() {
+        const previous = this.all();
+        await this.destroy();
+        await this.start();
+        this.data = previous;
+        await this.save();
+    }
+    static getAdapter() {
+        if (!DatabaseSessionStorage.adapter) {
+            throw new httpExceptions_1.InternalServerError("DatabaseSessionStorage adapter not configured");
+        }
+        return DatabaseSessionStorage.adapter;
+    }
+    async persist() {
+        if (!this.sessionId)
+            return;
+        const payload = {
+            data: { ...this.data },
+            expiresAt: this.expiresAt,
+        };
+        try {
+            await DatabaseSessionStorage.getAdapter().upsert(this.sessionId, payload);
+        }
+        catch {
+            throw new httpExceptions_1.InternalServerError("Failed to save session data");
+        }
+    }
+    async readOrFail(id) {
+        try {
+            const payload = await DatabaseSessionStorage.getAdapter().findById(id);
+            if (!payload || typeof payload.expiresAt !== "number" || !payload.data) {
+                throw new httpExceptions_1.UnauthorizedError("Invalid session");
+            }
+            return payload;
+        }
+        catch (error) {
+            if (error instanceof httpExceptions_1.UnauthorizedError)
+                throw error;
+            throw new httpExceptions_1.InternalServerError("Failed to load session data");
+        }
+    }
+    async safeDelete(id) {
+        try {
+            await DatabaseSessionStorage.getAdapter().deleteById(id);
+        }
+        catch {
+            // best-effort cleanup
+        }
+    }
+    nextExpiry() {
+        return Date.now() + this.ttlSeconds * 1000;
+    }
+    assertValidId(id) {
+        if (!sessionStorage_1.SESSION_ID_REGEX.test(id))
+            throw new httpExceptions_1.UnauthorizedError("Invalid session");
+    }
+    generateId() {
+        return (0, node_crypto_1.randomBytes)(32).toString("hex");
+    }
+}
+exports.DatabaseSessionStorage = DatabaseSessionStorage;

package/dist/sessions/fileSessionStorage.js

@@ -29,7 +29,7 @@ class FileSessionStorage {
     /** Currently loaded/active session id, or null when no session is active. */
     sessionId = null;
     /** In-memory session key/value data. */
-    data = {};
+    data = Object.create(null);
     /** Expiration timestamp in milliseconds since epoch. */
     expiresAt = 0;
     /**

package/dist/sessions/index.d.ts

@@ -1,5 +1,6 @@
 export { MemorySessionStorage } from "./memorySessionStorage";
 export { FileSessionStorage } from "./fileSessionStorage";
+export { DatabaseSessionStorage, SessionDatabaseAdapter, } from "./databaseSessionStorage";
 export { Session } from "./session";
 export { SessionStorage } from "./sessionStorage";
 export { parseCookies, serializeCookie } from "./cookies";

package/dist/sessions/index.js

@@ -1,10 +1,12 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.serializeCookie = exports.parseCookies = exports.Session = exports.FileSessionStorage = exports.MemorySessionStorage = void 0;
+exports.serializeCookie = exports.parseCookies = exports.Session = exports.DatabaseSessionStorage = exports.FileSessionStorage = exports.MemorySessionStorage = void 0;
 var memorySessionStorage_1 = require("./memorySessionStorage");
 Object.defineProperty(exports, "MemorySessionStorage", { enumerable: true, get: function () { return memorySessionStorage_1.MemorySessionStorage; } });
 var fileSessionStorage_1 = require("./fileSessionStorage");
 Object.defineProperty(exports, "FileSessionStorage", { enumerable: true, get: function () { return fileSessionStorage_1.FileSessionStorage; } });
+var databaseSessionStorage_1 = require("./databaseSessionStorage");
+Object.defineProperty(exports, "DatabaseSessionStorage", { enumerable: true, get: function () { return databaseSessionStorage_1.DatabaseSessionStorage; } });
 var session_1 = require("./session");
 Object.defineProperty(exports, "Session", { enumerable: true, get: function () { return session_1.Session; } });
 var cookies_1 = require("./cookies");

package/dist/sessions/memorySessionStorage.js

@@ -33,7 +33,7 @@ class MemorySessionStorage {
     /** Currently loaded/active session id, or null when no session is active. */
     sessionId = null;
     /** In-memory session key/value data for the current session. */
-    data = {};
+    data = Object.create(null);
     /**
      * @param ttlSeconds - Session TTL in seconds. Defaults to 86,400 seconds (24 hours).
      */

package/dist/validators/rules/bigIntRule.d.ts

@@ -11,10 +11,4 @@ export interface BigIntRuleOptions extends RuleOptions {
 export declare class BigIntRule extends BaseValidationRule<bigint> {
     constructor();
     validate(context: ValidationContext, options?: BigIntRuleOptions): ValidationError | null;
-    gt(limit: bigint, message?: string): this;
-    gte(limit: bigint, message?: string): this;
-    lt(limit: bigint, message?: string): this;
-    lte(limit: bigint, message?: string): this;
-    positive(message?: string): this;
-    negative(message?: string): this;
 }

package/dist/validators/rules/bigIntRule.js

@@ -25,29 +25,5 @@ class BigIntRule extends validationRule_1.BaseValidationRule {
             return this.createError(field, `${field} must be less than or equal to ${options.lte}`, value);
         return null;
     }
-    gt(limit, message) {
-        this.rules.push({ rule: this, options: { gt: limit, message } });
-        return this;
-    }
-    gte(limit, message) {
-        this.rules.push({ rule: this, options: { gte: limit, message } });
-        return this;
-    }
-    lt(limit, message) {
-        this.rules.push({ rule: this, options: { lt: limit, message } });
-        return this;
-    }
-    lte(limit, message) {
-        this.rules.push({ rule: this, options: { lte: limit, message } });
-        return this;
-    }
-    positive(message) {
-        this.rules.push({ rule: this, options: { positive: true, message } });
-        return this;
-    }
-    negative(message) {
-        this.rules.push({ rule: this, options: { negative: true, message } });
-        return this;
-    }
 }
 exports.BigIntRule = BigIntRule;

package/dist/validators/validationRule.js

@@ -8,7 +8,7 @@ class BaseValidationRule {
     name;
     rules;
     hasOptional = false;
-    defaultValue = undefined;
+    defaultValue;
     converter;
     constructor(name, rules = []) {
         this.name = name;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "skyguard-js",
-  "version": "1.2.0",
+  "version": "1.2.1",
   "description": "A lightweight, dependency-free TypeScript backend framework",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",