slower 1.1.27 → 2.0.0

package/index.js

@@ -1 +1,52 @@
-module.exports = require('./lib/router');
+const Slower = require('./src/slower');
+module.exports = Slower;
+
+// TODO __
+// const setSocketSecurityHeaders = (req) => {
+//     // This should be set in a regular website:
+//     // Forces the use of HTTPS for a long time, including subDomains - and prevent MitM attacks
+//     // Does not work in servers that don't allow HTTPS (like this one)
+//     // req.setHeader('Strict-Transport-Security', ['max-age=31536000', 'includeSubDomains']); // Only works on HTTPS
+//     // This blocks requests with MIME type different from style/css and */script
+//     // This denies the main security policy - Usually, when using a website, 
+//     // this should be highly customized, but, for simple sites, it can be left like that:
+//     req.setHeader('Content-Security-Policy', [
+//         'default-src=none',
+//         'script-src=self',
+//         'connect-src=self',
+//         'img-src=self',
+//         'style-src=self',
+//         'frame-ancestors=none',
+//         'form-action=self',
+//         // 'upgrade-insecure-requests' // Only works on HTTPS
+//     ]);
+//     // Isolates the browsing context exclusively to same-origin documents. 
+//     // Cross-origin documents are not loaded in the same browsing context.
+//     req.setHeader('Cross-Origin-Opener-Policy', 'same-origin');
+//     // The HTTP Cross-Origin-Resource-Policy response header conveys a desire 
+//     // that the browser blocks no-cors cross-origin/cross-site requests to the given resource.
+//     req.setHeader('Cross-Origin-Resource-Policy', 'same-site');
+//     // A new HTTP response header that instructs the browser 
+//     // to prevent synchronous scripting access between same-site cross-origin pages.
+//     req.setHeader('Origin-Agent-Cluster', '?1');
+//     // Blocks information about the website when sending 
+//     // local requests or redirections to other sites
+//     req.setHeader('Referrer-Policy', 'no-referrer');
+//     // Enabling this makes all URLs in a page (even the cross domain ones)
+//     // to be prefetched - This is dangerouns in terms of DNS queries
+//     req.setHeader('X-DNS-Prefetch-Control', 'off');
+//     // A legacy header, just for IE, and is highly dangerous
+//     // Not setting this as disabled can cause malicious 
+//     // HTML+JS code to be loaded in the wrong context
+//     req.setHeader('X-Download-Options', 'noopen');
+//     // Blocks attempts to display the website as an IFrame
+//     // If another website tries to display this website as a frame,
+//     // this header will block it
+//     req.setHeader('X-Frame-Options', 'DENY');
+//     // Set the unnecessary XSS-Protection legacy header to disabled
+//     // This header increases the number of vulnerabilities, and is used only in IE
+//     req.setHeader('X-XSS-Protection', 0);
+//     // Remove X-Powered-By - This header allows attackers to 
+//     // gather information about the application engine
+//     if (req.hasHeader('X-Powered-By')) req.removeHeader('X-Powered-By');
+// }

package/package.json

@@ -1,15 +1,16 @@
 {
+	"dependencies": {
+		"path-to-regexp": "^6.2.2"
+	},
 	"name": "slower",
-	"version": "1.1.27",
-	"description": "A package for simple HTTP server routing.",
+	"version": "2.0.0",
 	"main": "index.js",
-	"directories": {
-		"lib": "lib"
-	},
+	"devDependencies": {},
 	"scripts": {
 		"test": "echo \"Error: no test specified\" && exit 1"
 	},
 	"keywords": [],
 	"author": "Tomás Luchesi <no.mad.devtech@gmail.com>",
-	"license": "MIT"
+	"license": "MIT",
+	"description": ""
 }

package/src/decorators.js

@@ -0,0 +1,228 @@
+const fs = require('node:fs');
+const MIME_TABLE = require('./mimetable.json');
+const utils = require('./utils');
+
+/**
+ * Receives and configures the HTTP Response object
+ * @param {http.ServerResponse} response 
+ * @returns {http.ServerResponse} 
+ * @exposes .status()
+ * @exposes .send()
+ * @exposes .json()
+ * @exposes .file()
+ */
+function setupResponse (response) {
+    /**
+     * Sets the response status code
+     * @chainable
+     * @param {number} statusCode The response status code
+     * @returns {http.ServerResponse}
+     */
+    response.status = function (statusCode) {
+        response.statusCode = statusCode;
+        return response;
+    };
+
+    /**
+     * Sets a response header to a specified value
+     * @chainable
+     * @overload
+     * @param {string} header 
+     * @param {string} value 
+     * @returns {http.ServerResponse}
+     * @info Pass in an object of "header":"value" entries 
+     *       to set multiple headers at once
+     * @example
+     *  res.set('Content-Length', 1000)
+     */
+    /**
+     * Sets multiple response headers to specified values
+     * @chainable
+     * @overload
+     * @param {object} headers
+     * @returns {http.ServerResponse}
+     * @example
+     *  res.set({ 'Content-Length':1000, 'Content-Type':'text/plain' })
+     */
+    response.set = function (header, value) {
+        if (typeof header === 'string')
+            response.setHeader(header, value);
+        else
+            for (let prop of header)
+                response.setHeader(prop, header[prop]);
+        return response;
+    }
+
+    /**
+     * An alias for 'res.getHeader()'.
+     * @param {string} header 
+     * @returns {string}
+     */
+    response.get = function(header) {
+        return response.getHeader(header);
+    }
+
+    /**
+     * Sets the Content-Type header with a specific MIME type.
+     * @chainable
+     * @param {string} mime The MIME type to set (can be: complete, like "text/html" or from a file extension, like "html")
+     * @returns {http.ServerResponse}
+     * @info And if no type is specified, binary type is used (application/octet-stream)
+     */
+    response.type = function (mime) {
+        let mimetype = MIME_TABLE[mime] || mime || MIME_TABLE[extension] || MIME_TABLE['default'];
+        response.setHeader('Content-type', mimetype);
+        return response;
+    }
+
+    /**
+     * Sends a string or buffer as JSON and ends the response
+     * @param {string|Buffer} data 
+     * @returns {undefined}
+     */
+    response.json = function json (data) {
+        if (response.statusCode === undefined) response.status(200);
+        response.setHeader('Content-type', 'application/json');
+        response.write(JSON.stringify(data));
+        response.end();
+        return undefined;
+    }
+
+    /**
+     * Sends a string or buffer as HTML data and ends the response
+     * @param {string|Buffer} data 
+     * @returns {undefined}
+     */
+    response.send = function (data) {
+        if (response.statusCode === undefined) response.status(200);
+        if (!response.getHeader('Content-Type')) 
+            response.setHeader('Content-Type', 'text/html');
+        response.write(data);
+        response.end();
+        return undefined;
+    };
+
+    /**
+     * Sends a file and ends the response
+     * @param {String} filename The name of the file to send
+     * @returns {undefined}
+     */
+    response.file = function (filename) {
+        if (response.statusCode === undefined) response.status(200);
+        if (!response.getHeader('Content-Type')) {
+            let extension = (filename||'').split('.').slice(-1)[0];
+            response.setHeader('Content-Type', MIME_TABLE[extension] || MIME_TABLE['default']);
+        }
+        const stream = fs.createReadStream(filename);
+        stream.pipe(response);
+        return undefined;
+    }
+
+    /**
+    * Renders an HTML document and sends it to client
+    * @param {string} filename The file to use as rendering View
+    * @param {object} locals The properties to replace in the View
+    * @info The locals object may contain either strings or functions or objects with 'toString' method.
+    * @returns {undefined}
+    * @example
+    *   // In 'home.html:
+    *       <h2>{{user}}</h2> has <h2>{{count}}</h2> items
+    *   // In server.js: (generates a new random item for each request)
+    *       res.render('./views/home.html', { user: 'Mike', count: () => randomInt() });
+    */
+    response.render = function (filename, locals = {}) {
+        let html = fs.readFileSync(filename, 'utf-8');
+        for (let item in locals) {
+            html = html.replace(
+                new RegExp('{{'+item+'}}', 'gim'), 
+                typeof locals[item] === 'function' ?
+                    locals[item]() : locals[item]?.toString() || ''
+            );
+        }
+        response.setHeader('Content-type', 'text/html');
+        response.write(html);
+        response.end();
+        return undefined;
+    }
+        
+    /**
+     * Sets the 'Location' header and redirects to a given path, URL, or link.
+     * @param {string} location An URL, link, path, or the string 'back' to set the target
+     * @returns {http.undefined}
+     * @info If location is not passed, it is assumed to be '/'
+     * @info If location is set to the string 'back' it redirects to the link in the request 'Referrer' header
+     * @example
+     *  // Redirecting out of the site to the clients previous URL:
+     *      res.status(300).redirect('back');
+     *  // Redirecting to other page in current domain:
+     *      res.status(300).redirect('/other/page');
+     *  // Redirecting to other URL:
+     *      res.status(300).redirect('http://example.com');
+     */
+    response.redirect = function (location) {
+        response.setHeader('Location', location === 'back' ? request.getHeader('Referrer') : location || '/');
+        response.end();
+        return undefined;
+    }
+
+
+    return response;
+}
+
+/**
+ * Receives and configures the HTTP Request object
+ * @param {http.IncomingMessage} request 
+ * @returns {http.IncomingMessage}
+ * @exposes req.body
+ * @exposes req.urlParts
+ * @exposes req.query
+ * @exposes req.session = { port, rport, host, rhost }
+ */
+function setupRequest (request) {
+    /**
+     * @property
+     * Holds the request body data as a buffer
+     */
+    return new Promise (resolve => {
+        // Set classical socket locals
+        request.session = {
+            port: request.socket.localPort,
+            rport: request.socket.remotePort,
+            host: utils.normalizeAddress(request.socket.localAddress),
+            rhost: utils.normalizeAddress(request.socket.remoteAddress)
+        };
+
+        
+        /**
+         * An alias for 'req.getHeader()'.
+         * @param {string} header 
+         * @returns {string}
+         */
+        request.get = function(header) {
+            return request.getHeader(header);
+        }
+
+        // Add req.params placeholder, it is added in the main router, not here
+        request.params = undefined;
+
+        // Add a req.query object, containing the pairs of key=value queries (if any)
+        request.query = utils.getURLQueryString(request.url);
+
+        request.urlParts = request.url.split('/').filter(Boolean);
+        request.body = [];
+        request.on('timeout', () => reject(new Error('Timeout')));
+        request.on('data', chunk => request.body.push(chunk));
+        request.on('error', (err) => reject(err));
+        request.on('end', () => {
+            let tmp = Buffer.concat(request.body);
+            request.body = {
+                buffer: tmp,
+                text: () => tmp.toString(),
+                json: () => JSON.parse(tmp)
+            }
+            return resolve(request);
+        });
+    });
+}
+
+module.exports = { setupRequest, setupResponse };

package/src/slower.js

@@ -0,0 +1,153 @@
+
+const http = require('node:http');
+const https = require('node:https');
+const path = require('node:path');
+const { createReadStream } = require('node:fs');
+const { pipeline } = require('node:stream/promises');
+
+const { match } = require('path-to-regexp');
+
+const { setupRequest, setupResponse } = require('./decorators');
+const utils = require('./utils');
+
+const MIME_TABLE = require('./mimetable.json');
+const HTTP_VERBS = http.METHODS.map(v => v.toLowerCase());
+
+class SlowerRouter {
+    #server;
+
+    // You can create it with HTTPS options here
+    /**
+     * Use HTTPS server instead of HTTP. 
+     * Pass in all regular HTTPS options as parameters.
+     * 'key' and 'cert' options are required for HTTPS.
+     * @param {object} options 
+     * @returns {http.Server|https.Server}
+     * @example
+     *  SlowerRouter({https:true, key:'...', cert:'...'}); // Create HTTPS server
+     *  SlowerRouter(); // Create regular HTTP
+     */
+    constructor (options = {}) {
+        this.METHODS = HTTP_VERBS;
+        this.layers = new Map();
+
+        // Create basic route shortcuts
+        // get(), post(), put(), delete()
+        for (let verb of HTTP_VERBS) {
+            this.layers.set(verb, new Map());
+            this[verb] = function (path, callback) {
+                return this.#setRoute(verb, path, callback);
+            };
+        }
+
+        if (options.https) 
+            this.#server = https.createServer(options);
+        else
+            this.#server = http.createServer(options);
+
+        this.#server.on('request', this.#requestHandlerWrapper(this));
+    }
+    
+    #requestHandlerWrapper () {
+        // Save the 'this' scope
+        // Inside the requestHandler function, 'this' corresponds to the http.Server instance
+        const self = this;
+
+        return (async function requestHandler (req, res) {
+            // Get all routes that match the URL and join with middlewares to cycle
+            let foundRoutes = utils.getMatchingRoute(req.url, req.method, self.layers);
+            let layers = foundRoutes;
+
+            // Set properties on request and response objects
+            req = await setupRequest(req);
+            res = await setupResponse(res);
+
+            // Cycle throught all middlewares and proper routes and call with 'next()' as third argument
+            ;(async function cycleMatching (routes) {
+                if (routes.length === 0) return;
+                let route = routes[0];
+                if (route.params) req.params = route.params;
+                if (route.callback) route = route.callback;
+                route(req, res, async () => cycleMatching(routes.slice(1)));
+            })(layers);
+        });
+    }
+
+    listen (...v) { return this.#server.listen(...v); }
+    close (callback) { return this.#server.close(callback); }
+
+    // Add any type of route
+    #setRoute (method, path, handler) {
+        if (typeof method !== 'string') 
+            throw new Error('<SlowerRouter>.route :: "method" parameter must be of type String');
+        if (typeof path !== 'string' && path?.constructor?.name !== 'RegExp')
+            throw new Error('<SlowerRouter>.route :: "path" parameter must be of type String or RegExp');
+        if (typeof handler !== 'function')
+            throw new Error('<SlowerRouter>.route :: "handler" parameter must be of type Function');
+        if (!this.layers.get(method))
+            this.layers.set(method, new Map());
+        if (typeof path === 'string') 
+            path = match(path, { decode: decodeURIComponent }); // 'path' is a function now
+        this.layers.get(method).set(path, handler);
+        return this;
+    }
+
+    // Add middleware
+    /**
+     * Create a middleware for all HTTP methods, for a specific path
+     * @overload
+     * @param {String} path 
+     * @param {Function} handler 
+     * @returns {SlowerRouter}
+     */
+    /**
+     * Create a global middleware (all paths and all HTTP methods)
+     * @overload 
+     * @param {Function} handler 
+     * @returns {SlowerRouter}
+     */
+    all (path, handler) {
+        if (typeof path === 'string')
+            for (let verb of HTTP_VERBS) this.#setRoute(verb, path, handler);
+        else if (typeof path !== 'function')
+            throw new Error('<SlowerRouter>.use :: "handler" parameter must be of type Function');
+        else for (let verb of HTTP_VERBS) this.#setRoute(verb, '/(.{0,})', path);
+        // this.middlewares.add(handlerA);
+        return this;
+    }
+    // Just a more comprehensive call to app.all for defining middlewares
+    use (...b) { this.all(...b); return this; };
+
+    /**
+     * Serve static files from a directory
+     * @param {String} directoryPath The directory to serve
+     * @param {String} mountPath A path to use as mounting point
+     * @returns {SlowerRouter}
+     * @example
+     * // Using a mounting poing:
+     *  app.static('./public', '/files') // Access with 'GET /files/{filename}'
+     * 
+     * // Not using a mounting point:
+     *  app.static('./public') // Access with 'GET /public/{filename}'
+     * 
+     * // Using root ('/') as mounting point:
+     *  app.static('./public', '/') // Access with 'GET /{filename}'
+     */
+    static (directoryPath, mountPath = '') {
+        let folderRelative = directoryPath.replace('./', '');
+        for (const file of utils.getFiles(directoryPath)) {
+            let pathWithoutBase = '/' + file.replace(folderRelative, '').replaceAll('\\', '/');
+            if (mountPath) pathWithoutBase = mountPath + '/' + pathWithoutBase.slice(1).split('/').slice(1).join('/');
+            pathWithoutBase = pathWithoutBase.replaceAll('//', '/');
+            this.get(pathWithoutBase, async (req, res, next) => {
+                const relativePath = path.join(__dirname, '../../', file); // TODO: Test this as module, and maybe replace '../../' with '../'
+                const fileStream = createReadStream(relativePath);
+                res.setHeader('Content-Type', MIME_TABLE[utils.getFileExtension(file)] || MIME_TABLE['default']);
+                return await pipeline(fileStream, res);
+            });
+        }
+        return this;
+    }
+}
+
+module.exports = Slower = options => new SlowerRouter(options);

package/src/utils.js

@@ -0,0 +1,61 @@
+
+
+// https://dev.to/thiagomr/como-funciona-o-express-js-criando-um-http-server-express-like-do-zero-sem-frameworks-125p
+
+// https://dev.to/wesleymreng7/creating-your-own-expressjs-from-scratch-part-1-basics-methods-and-routing-a8
+// https://dev.to/wesleymreng7/creating-your-own-expressjs-from-scratch-part-2-middlewares-and-controllers-2fbc
+// https://dev.to/wesleymreng7/creating-your-own-expressjs-from-scratch-part-3-treating-request-and-response-objects-4ecf
+// https://dev.to/wesleymreng7/creating-your-own-expressjs-from-scratch-part-4-modular-router-and-global-middlewares-560m
+// https://dev.to/wesleymreng7/creating-your-own-expressjs-from-scratch-part-5-serving-static-files-3e11
+// https://dev.to/wesleymreng7/creating-your-own-expressjs-from-scratch-part-6-creating-a-body-parser-middleware-15e7
+
+// https://thecodebarbarian.com/write-your-own-express-from-scratch
+
+const { statSync, readdirSync } = require('node:fs')
+const { join } = require('node:path');
+const { parse } = require('node:querystring');
+
+function* getFiles(folder) {
+    const files = readdirSync(folder);
+    for (const file of files) {
+        const absolutePath = join(folder, file)
+        if (statSync(absolutePath).isDirectory()) {
+            yield* getFiles(absolutePath)
+        }
+        else {
+            yield absolutePath.replaceAll('..\\','')
+        }
+    }
+}
+
+const getMatchingRoute = (url, method, layers) => {
+    method = method.toLowerCase();
+    let list = [];
+    // Get only the layers from the proper HTTP verb
+    let routes = layers.get(method) || new Map();
+    // Iterate through all routes, and get the one that match
+    for (let [ pathFn, callback ] of routes) {
+        let params = pathFn(getURLPathBody(url));
+        // Return the matching route
+        if (!!params) {
+            // add to list
+            let built = ({ callback });
+            if (params.params && params.params['0'] === undefined)
+                built['params'] = params.params;
+            list.push(built);
+        }
+    }
+    return list;
+}
+
+const normalizeAddress = addr => addr.startsWith('::') ? addr : addr.substring(addr.indexOf(':',2)+1);
+
+const getFileExtension = (fname) => fname.split('.').filter(Boolean).slice(-1)[0];
+
+// /page?foo=bar&abc=123    ->  /page
+const getURLPathBody = (urlPath = '') => urlPath.split('?')[0] || '';
+
+// /page?foo=bar&abc=123    ->  { foo: 'bar', abc: '123' }
+const getURLQueryString = (urlPath = '') => parse((urlPath.split('?')[1] || '').split('#')[0]);
+
+module.exports = { getMatchingRoute, getFiles, normalizeAddress, getFileExtension, getURLPathBody, getURLQueryString };

package/TODO

@@ -1 +0,0 @@
-o metodo setStatic quebra quando se usa ambos {*} e {%} ou {?} com {*}, pois ele faz a substituição do nome do arquivo por {*}^em vez de fazer pelo nome do URL