slower 2.1.9 → 2.2.0

package/README.md

@@ -0,0 +1,386 @@
+# Slower
+
+A minimal, dependency-free HTTP framework for Node.js.  
+Slower provides a small subset of Express.js–style routing and middleware with a simpler internal model.
+
+Don't want to download 200 megabytes of modules from Express? Then try Slower 😉.
+
+It's just a couple files and a few KB.
+
+This might not be the most robust library, but it is small and lightweight, and it does the job. (Just don't use this in production, please.)
+
+---
+
+#### A word about this:
+
+Sorry for the (really) poorly written documentation, I need time to re-write it.
+If you would like to help, just email me (email on package.json), and I will be more than happy to talk to you.
+
+---
+
+## Features
+
+- No external dependencies
+- Express-like API and functionality (`get`, `post`, `use`, `all`, etc.)
+- Static file serving
+- Sub-routers and route grouping
+- SMALL!
+
+---
+
+## Installation
+
+```sh
+npm install slower
+```
+
+(Or just download this source code and put on a 'lib/slower' folder, it's what I usually do).
+
+---
+
+## Basic Usage
+
+Check `examples/` for some samples on how to use this library.
+
+The basic is: if works on Express, probably works here too (apart from some minor modifications, there is very little difference in the two public APIs)
+
+```js
+const slower = require('slower');
+
+const app = slower();
+
+app.get('/', (req, res) => {
+    res.send('Hello world');
+});
+
+app.listen(3000);
+```
+
+### Template URLs:
+
+The same basic rules that express.js applied are available here, since JS internalized the URLPattern API, and this library uses the pattern matching from URLPattern.
+
+If you have questions, check this guide on URLPattern:
+[https://developer.mozilla.org/en-US/docs/Web/API/URL_Pattern_API#pattern_syntax](https://developer.mozilla.org/en-US/docs/Web/API/URL_Pattern_API#pattern_syntax)
+
+### Routing
+
+#### HTTP Methods
+
+All standard HTTP verbs are supported:
+
+```js
+app.get('/users', handler);
+app.post('/users', handler);
+app.put('/users/:id', handler);
+app.delete('/users/:id', handler);
+```
+
+#### Route Parameters
+
+Routes use URLPattern internally and support named parameters:
+
+```js
+app.get('/users/:id', (req, res) => {
+    res.json({ id: req.params.id });
+});
+```
+
+#### Multiple Handlers / Middleware
+
+Handlers are executed sequentially and receive next():
+
+```js
+app.get('/secure', authMiddleware, (req, res) => {
+    res.send('Authorized');
+});
+```
+
+#### Middleware
+
+`use()`
+Attach middleware for all HTTP methods:
+
+```js
+app.use((req, res, next) => {
+    console.log(req.method, req.url);
+    next();
+});
+```
+
+`all()`
+
+Apply handlers to specific paths or methods:
+
+```js
+app.all('/health', (req, res) => {
+    res.send('OK');
+});
+```
+
+### Request Object (req)
+
+- req.params – route parameters
+- req.query – parsed query string
+- req.body
+- buffer
+- text()
+- json()
+- req.ip – remote IP address
+- req.session
+- host
+- port
+- rhost - remote connected host
+- rport - remote connected port
+
+Example:
+
+```js
+app.post('/data', async (req, res) => {
+    const body = req.body.json();
+    res.json(body);
+});
+```
+
+### Response Object (res)
+
+- res.status(code)
+- res.set(name, value)
+- res.get(name)
+- res.type(mimeOrExtension)
+- res.send(body)
+- res.json(object)
+- res.file(path)
+- res.render(templatePath, data)
+- res.redirect(path)
+
+Example:
+
+```js
+res.status(201).json({ success: true });
+```
+
+### Static Files
+
+Serve a directory of static files:
+
+```js
+app.static('public');
+```
+
+Or mount it at a specific path:
+
+```js
+app.static('public', '/assets');
+```
+
+HTML files are also served without the .html extension automatically.
+
+### Routers
+
+#### Sub-Router
+
+```js
+const router = slower.Router();
+
+router.get('/users', handler);
+router.post('/users', handler);
+
+app.useRouter(router, '/api');
+```
+
+#### Route Groups
+
+```js
+app.route('/users').get(listUsers).post(createUser);
+```
+
+### HTTPS Support
+
+Pass options directly to the underlying server:
+
+```js
+const fs = require('fs');
+
+const app = slower({
+    https: true,
+    key: fs.readFileSync('key.pem'),
+    cert: fs.readFileSync('cert.pem'),
+});
+```
+
+### Fallback page
+
+If no route matches, it returns a default 404 HTML response:
+
+`Cannot {METHOD} /{path}`
+
+Custom fallback behavior can be implemented using middleware.
+
+## Method documentation
+
+### Main Export
+
+```js
+slower(options?: object) : <SlowerRouter>
+```
+
+Creates a new Slower application instance.
+
+- `options` are forwarded to `http.createServer` or `https.createServer`
+- If `options.https === true`, HTTPS is used
+
+---
+
+### Class: \<SlowerRouter\>
+
+Main application router and HTTP server wrapper.
+
+#### Server Control
+
+Start the HTTP/HTTPS server:
+
+```
+<SlowerRouter>.listen(...args) : http.Server
+```
+
+Stops the server:
+
+```
+<SlowerRouter>.close(callback?: function) : void
+```
+
+#### Routing Methods
+
+The following methods share the same signature:
+
+```
+<SlowerRouter>.get(path, ...handlers) : <SlowerRouter>
+
+<SlowerRouter>.post(path, ...handlers) : <SlowerRouter>
+
+<SlowerRouter>.put(path, ...handlers) : <SlowerRouter>
+
+<SlowerRouter>.delete(path, ...handlers) : <SlowerRouter>
+
+<SlowerRouter>.patch(path, ...handlers) : <SlowerRouter>
+
+<SlowerRouter>.options(path, ...handlers) : <SlowerRouter>
+
+<SlowerRouter>.head(path, ...handlers) : <SlowerRouter>
+
+<SlowerRouter>.trace(path, ...handlers) : <SlowerRouter>
+
+<SlowerRouter>.connect(path, ...handlers) : <SlowerRouter>
+```
+
+- `path` may be a string, RegExp, or middleware function
+- Handlers are called sequentially with `(req, res, next)`
+
+#### Middleware
+
+```
+<SlowerRouter>.use(...handlers: function\[\]) : <SlowerRouter>
+```
+
+Registers global middleware for all HTTP methods.
+
+```
+<SlowerRouter>.all(pathOrMethod, ...handlers) : <SlowerRouter>
+```
+
+Registers handlers across multiple HTTP methods depending on the first argument.
+
+#### Static Files
+
+```
+<SlowerRouter>.static(directoryPath: string, mountPath?: string) : <SlowerRouter>
+```
+
+Serves static files from a directory.
+
+#### Routers
+
+```
+<SlowerRouter>.useRouter(router: <SlowerSubRouter>, mountPath?: string) : <SlowerRouter>
+```
+
+Mounts a sub-router at the specified path.
+
+```
+<SlowerRouter>.route(path: string | RegExp) : <SlowerSubRouter>
+```
+
+Creates a route group bound to a single path.
+
+### Class: <\SlowerSubRouter\>
+
+Router container used for grouping routes before mounting.
+
+```
+<SlowerSubRouter>.get(path, ...handlers) : <SlowerSubRouter>
+
+<SlowerSubRouter>.post(path, ...handlers) : <SlowerSubRouter>
+
+<SlowerSubRouter>.put(path, ...handlers) : <SlowerSubRouter>
+
+<SlowerSubRouter>.delete(path, ...handlers) : <SlowerSubRouter>
+
+<SlowerSubRouter>.patch(path, ...handlers) : <SlowerSubRouter>
+
+<SlowerSubRouter>.use(...handlers) : <SlowerSubRouter>
+
+<SlowerSubRouter>.all(pathOrMethod, ...handlers) : <SlowerSubRouter>
+
+<SlowerSubRouter>.static(directoryPath, mountPath?) : <SlowerSubRouter>
+
+<SlowerSubRouter>.route(path) : <SlowerMicroRouter>
+```
+
+### Request Extensions
+
+```
+req.get(headerName: string) : string | undefined
+
+req.body.buffer : Buffer
+
+req.body.text() : string
+
+req.body.json() : any
+
+req.query : object
+
+req.params : object | undefined
+
+req.ip : string
+
+req.session : object
+```
+
+### Response Extensions
+
+```
+res.status(code: number) : res
+
+res.set(name: string | object, value?: string) : res
+
+res.get(name: string) : string | undefined
+
+res.type(type: string) : res
+
+res.send(body: string | Buffer) : void
+
+res.json(data: any) : void
+
+res.file(path: string) : void
+
+res.render(templatePath: string, data?: object) : void
+
+res.redirect(path: string) : void
+```
+
+**License:** MIT
+
+## License
+
+This is MIT-licensed. Just use it.

package/examples/router.js

@@ -0,0 +1,45 @@
+const middlewares = require('./third-party-middlewares');
+const Slower = require('../index');
+
+const app = Slower();
+
+app.use(middlewares.requestTime); // Set timestamp: req.moment
+app.use(middlewares.hashRequest); // Set request ID: req.id
+app.use(middlewares.triageRequest); // Set request validity: req.invalid
+app.use(middlewares.consoleLogger); // Logs to console (according to req.invalid)
+app.use(middlewares.blockMethods); // Blocks request (according to req.invalid)
+app.use(middlewares.nocache); // Prevents cache creation
+
+app.get(
+    '/rea',
+    (req, res, next) => console.log('redirected') || next(),
+    (req, res) => res.status(301).redirect('/admin')
+);
+
+app.get('/admin', (req, res) =>
+    res
+        .status(200)
+        .send(
+            `<h2>${JSON.stringify(req.params)}<br/>${JSON.stringify(req.query)}</h2>`
+        )
+);
+
+app.get('/admins/:id', (req, res) => {
+    res.status(200).send(
+        `<h2>${JSON.stringify(req.params)}<br/>${JSON.stringify(req.query)}<br/></h2>`
+    );
+});
+
+app.get('/headers', (req, res) => res.status(200).json(req.headers));
+
+app.get('/docs/:docname', (req, res) =>
+    res.file(`./${req.params.docname}.html`)
+);
+
+app.all((req, res) => {
+    res.status(404).send('<h2>Error 404 - Page Not Found<h2/>');
+});
+
+app.listen(80, '127.0.0.1', () =>
+    console.log('Listening on http://127.0.0.1:80/')
+);

package/examples/subrouter.js

@@ -0,0 +1,29 @@
+const Slower = require('../index');
+
+(async () => {
+    const appr = Slower.Router();
+    appr.get('/a', (req, res) => res.status(200).end('a'));
+
+    const appf = Slower.Router();
+    appf.get('/c', (req, res) => res.status(200).end('c'));
+    appf.get('/x/:id', (req, res) => res.status(200).end('x=' + req.params.id));
+    appf.all('/d', (req, res) => res.status(200).end('d'));
+
+    const app = Slower();
+    app.useRouter(appr);
+    app.useRouter(appf, '/api');
+    app.get('/b', (req, res) => res.status(200).end('b'));
+    app.all((req, res) => res.status(404).end());
+    app.listen('8000', () => console.log('app started at 8000'));
+})();
+
+/**
+ * TESTING ENDPOINTS:
+ *
+ * /a           Should print 'a'
+ * /b           Should print 'b'
+ * /api/c       Should print 'c'
+ * /api/d       Should print 'd'
+ * /api/x/:id   Should print 'x={ID}'
+ *
+ */

package/examples/third-party-middlewares.js

@@ -0,0 +1,88 @@
+/**
+ * Server middleware to force the client to NOT save any data as cache.
+ * @info This is very useful for development purposes, as browser cache for 
+ *       redirections and scripts is very annoying
+ * @param {http.IncomingMessage} req 
+ * @param {http.ServerResponse} res 
+ * @param {Function} next 
+ * @return {undefined}
+ */
+function nocache (req, res, next) {
+    res.set('Cache-Control', 'no-cache');
+    next();
+}
+
+// Add a timestamp to the request
+function requestTime (req, res, next) {
+    req.moment = Date.now();
+    next();
+}
+
+// Add a hash to the request
+function murmurHash (key, seed = 0) { 
+    const C = { M:0x5bd1e995, R:0x18 };
+    const im32M = (a) => {
+        const c = { o: v => v & 0xffff, i: v => (v >>> 16) & 0xffff };
+        return c.o(a)*59797 + (((c.i(a)*59797 + c.o(a)*23505) << 16) >>> 0);
+    };
+	let len = key.length, h = seed ^ len, i = 0, k = 0;
+	while (len >= 4) {
+		k = key[i++] | (key[i++] << 8) | (key[i++] << 16) | (key[i++] << 24);
+		k = im32M(k);
+		k ^= k >>> C.R;
+		k = im32M(k);
+		h = im32M(h) ^ k;
+		len -= 4;
+	};
+	switch (len) {
+		case 3: h ^= key[i + 2] << 16;
+		case 2: h ^= key[i + 1] << 8;
+		case 1: h ^= key[i];
+			    h = im32M(h);
+	};
+	h ^= h >>> 13;
+	h = im32M(h);
+	h ^= h >>> 15;
+	return h >>> 0;
+}
+function hashRequest (req, res, next) {
+    req.hash = (murmurHash(Date.now().toString() + JSON.stringify(req.session) + req.url)).toString().padStart(10, '0');
+    next();
+}
+
+// Set an 'invalid' property if the request is of a proper method
+// This is used in the 'blockMethods' and 'consoleLogger' middlewares
+function triageRequest (req, res, next) {
+    const allowedMethods = ['GET','POST','PUT','DELETE'];
+    if (!allowedMethods.includes(req.method)) req.invalid = true;
+    next();
+}
+
+// Logs request to console
+const padStringEnd = (str, maxLen) => str.padEnd(maxLen, ' ');
+const colorizeMethod = (req) => (req.invalid ? '\x1b[31m' : '\x1b[32m') + req.method + '\x1b[0m';
+function consoleLogger (req, res, next) {
+    console.log(
+        ' ' +
+        `Hash:${req.hash}    ` +
+        `Time:${new Date(req.moment).toISOString()}    ` + 
+        `${padStringEnd(req.session.rhost + ':' + req.session.rport + '->' + req.session.host + ':' + req.session.port, 32)}    `+
+        `${padStringEnd(colorizeMethod(req), 20)}    ${req.url}`
+    );
+    next();
+}
+
+// Blocks all requests that are not GET, POST, PUT, or DELETE ones
+function blockMethods (req, res, next) {
+    if (req.invalid) res.status(405).end();
+    else next();
+}
+
+module.exports = {
+    nocache,
+    requestTime,
+    hashRequest,
+    consoleLogger,
+    blockMethods,
+    triageRequest
+}

package/package.json

@@ -1,14 +1,10 @@
 {
     "name": "slower",
-    "version": "2.1.9",
+    "version": "2.2.0",
     "main": "index.js",
-    "devDependencies": {},
     "scripts": {
         "test": "echo \"Error: no test specified\" && exit 1"
     },
-    "dependencies": {
-        "path-to-regexp": "^6.2.2"
-    },
     "keywords": [],
     "author": "Tomás Luchesi <no.mad.devtech@gmail.com>",
     "license": "MIT",

package/src/slower.js

@@ -5,8 +5,6 @@ const fs = require('node:fs');
 const { createReadStream } = require('node:fs');
 const { pipeline } = require('node:stream/promises');
 
-const { match } = require('path-to-regexp');
-
 const { setupRequest, setupResponse } = require('./decorators');
 const utils = require('./utils');
 
@@ -119,7 +117,7 @@ class SlowerRouter {
             );
         if (!this.layers.get(method)) this.layers.set(method, new Map());
         if (typeof path === 'string' || path?.constructor?.name !== 'RegExp')
-            path = match(path, { decode: decodeURIComponent }); // 'path' is a function now
+            path = utils.buildURLPatternFunction(path); // 'path' is a function now
         this.layers.get(method).set(path, handler);
         return this;
     }

package/src/utils.js

@@ -1,6 +1,7 @@
 const { statSync, readdirSync } = require('node:fs');
 const { join } = require('node:path');
 const { parse } = require('node:querystring');
+const { URLPattern } = require('node:url');
 
 function* getFiles(folder) {
     const files = readdirSync(folder);
@@ -14,6 +15,20 @@ function* getFiles(folder) {
     }
 }
 
+// This is added to all URLPattern objects, to avoid having it complaining about the
+// absolute URL. As this IP is invalid, it is virtually impossible to receive a request with
+// that origin URL.
+const URL_PATTERN_PREFIX = 'https://0';
+// Wrap the native URLPattern function and add the custom local prefix
+const buildURLPatternFunction = template_url => {
+    const matcher = new URLPattern(template_url, URL_PATTERN_PREFIX);
+    return function (url) {
+        return matcher.test(URL_PATTERN_PREFIX + url) ?
+                matcher.exec(URL_PATTERN_PREFIX + url)
+            :   null;
+    };
+};
+
 const getMatchingRoute = (url, method, layers) => {
     method = method.toLowerCase();
     let list = [];
@@ -21,13 +36,14 @@ const getMatchingRoute = (url, method, layers) => {
     let routes = layers.get(method) || new Map();
     // Iterate through all routes, and get the one that match
     for (let [pathFn, callback] of routes) {
-        let params = pathFn(getURLPathBody(url));
+        let parsed = pathFn(getURLPathBody(url));
         // Return the matching route
-        if (params) {
+        if (parsed) {
             // add to list
-            let built = { callback };
-            if (params.params && params.params['0'] === undefined)
-                built['params'] = params.params;
+            let built = { callback, params: {} };
+            // Only if the first key in the group is not undefined and not '0'
+            if (parsed?.pathname?.groups && !parsed?.pathname?.groups?.['0'])
+                built['params'] = parsed.pathname.groups;
             list.push(built);
         }
     }
@@ -56,7 +72,9 @@ const noLayersFoundFallback = (req, res) =>
                     req.url
                 }</pre></body></html>`
         );
+
 module.exports = {
+    buildURLPatternFunction,
     getMatchingRoute,
     getFiles,
     normalizeAddress,

package/readme.md.old

@@ -1,180 +0,0 @@
-# Slower
-
-Slower is a small web framework, express-like, but simpler and limited.
-It allows for generic route-declaration, fallback pages, and multiple middleware functions.
-
-### API Methods:
-
-```
-app.enableStrictHeaders(): this
-> Enables the use of the set of 'Strict Headers'.
-> These headers increase security levels, and are a good practice to apply.
-> However, using these headers in testing scenarios are not a need, 
-  and may have buggy or negative effects. So, apply those to simulate scenarios only.
-> Headers configured:
-    > Content-Security-Policy
-    > Cross-Origin-Opener-Policy
-    > Cross-Origin-Resource-Policy 
-    > Origin-Agent-Cluster
-    > Referrer-Policy 
-    > X-DNS-Prefetch-Control (disabled)
-    > X-Download-Options
-    > X-Frame-Options
-    > X-XSS-Protection (disabled)
-    > X-Powered-By (removed)
-> Returns the own object instance, so that methods can be chained.
-```
-```
-app.disableStrictHeaders(): this
-> Disables the use of the set of 'Strict Headers'.
-> See 'enableStrictHeaders()' for more information.
-> Returns the own object instance, so that methods can be chained.
-```
-```
-app.setRoute(string: path = '/', string: type = 'GET', function: callback): this
-> Creates a new route for path defined in 'path', responding to the HTTP verb defined in 'type' argument.
-> The callback is executed when the route is accessed.
-> Returns the own object instance, so that methods can be chained.
-```
-```
-app.setMiddleware(function: callback): this
-> Sets a new middleware function: callback function will be accessed for every server access.
-> Many middlewares can be defined, and will be applied in the order they are defined.
-> Returns the own object instance, so that methods can be chained.
-```
-```
-app.setDynamic(string: path, string: file = '', string: mime = '', object: replacementData = null): this
-> Creates a new GET route for path defined in 'path'. 
-> This is a custom file-response route, configured for template rendering just before response.
-> Providing an object as 'replacementData' in this format { valueToBeReplaced: valueToReplace },
-  allows for template rendering. The value to replace in the file, uses this notation: '<{content}>'.
-> URL reference in filename:
-    > For direct references, it is possible to use the token '{%}' to replace the filename for the URL.
-    > Ex:
-        app.setStatic('/login', './templates/{%}.html', 'text/html');
-        This will access the 'login.html' file when the route '/login' is accessed.
-> Example:
-  Responding a route for '/custom' with file 'custom.html':
-    app.setDynamic('/custom', './templates/custom.html', 'text/html', { smile: ':)' })
-  In file './templates/custom.html':
-    "<h2> This is a custom thing:        <{smile}>      </h2>"
-  Rendered in browser:
-    <h2> This is a custom thing:        :)      </h2>
-> Returns the own object instance, so that methods can be chained.
-```
-```
-app.setStatic(string: path, string: file = '', string: mime = ''): this
-> Creates a new GET route for path defined in 'path', responding with the specified file and MIME type.
-> URL reference in filename:
-    > For direct references, it is possible to use the token '{%}' to replace the filename for the URL.
-    > Ex:
-        app.setStatic('/login', './templates/{%}.html', 'text/html');
-        This will access the 'login.html' file when the route '/login' is accessed.
-> Example: A route for '/login' page, responding with 'login.html' file
-    setStatic('/login', __dirname+'/public/static/views/login.html', 'text/html');
-> Returns the own object instance, so that methods can be chained.
-```
-```
-app.setFallback(function: callback): this
-> Creates a function for fallback state. When no other routes intercept the route, this will be used.
-> Special use for 'page not found' fallback pages or highly customized routes and situations.
-> Returns the own object instance, so that methods can be chained.
-```
-```
-app.setFallbackFile (string: file = '', string: mime = '', object: replacementData = null): this
-> Creates a function for fallback state. When no other routes intercept the route, this will be used.
-> Equivalent to setFallback, but responds with a file. Allows for template rendering.
-> See 'setDynamic' for more information about template rendering.
-> Special use for 'page not found' fallback pages, ex: './e404.html'.
-> Returns the own object instance, so that methods can be chained.
-```
-```
-app.setAllowedMethods(array: methods = []): this
-> Sets a list of methods to respond to.
-> By using this, it is possible to restrict the application to avoid
-  responding to dangerous HTTP verbs, such as 'DELETE'.
-> By default, all methods are allowed (see Slower.constructor.http_methods)
-> Calling this function without parameters is an easy way to block responses to all requests (lock server). 
-> Returns the own object instance, so that methods can be chained.
-```
-```
-app.start(number|string: port = 8080, string: host = undefined, function: callback = ()=>{}): this
-> Starts the server, at a specific host and port, then calling the callback function.
-> Not defining a specific port or host will start the server at '0.0.0.0:8080'.
-> Returns the own object instance, so that methods can be chained.
-```
-
-Example usage:
-```
-const Slower = require('slower');
-const port = 8080;
-let app = Slower();
-app.setMiddleware((req, res) => {
-    req.time = Date.now();
-    console.log(`${req.time} - ${req.method} : ${req.url}`);
-});
-app.setStatic('/favicon.ico', __dirname+'/public/{%}');
-app.setRoute('/', 'GET', (req, res) => {
-    res.writeHead(200, { 'Content-Type': 'text/html' }); 
-    res.write('<html><body><p>This is the / page.</p></body></html>');
-    res.end();
-});
-app.setRoute('/{*}.css', 'GET', (req, res) => {
-    let data = fs.readFileSync(...some.css.file...)
-    res.writeHead(200, { 'Content-Type': 'text/css' }); 
-    res.write(data);
-    res.end();
-});
-const generateDownloadNumber = () => { Math.round(Math.random() * 10) }
-app.setDynamic('/download/{?}/', './main-download.txt', { DowloadName: generateDownloadNumber });
-// Responds to download routes such as '/download/2/'
-app.setFallback((req, res) => {
-    res.writeHead(200, { 'Content-Type': 'text/html' }); 
-    res.write('<html><body><p>This is the fallback page.</p></body></html>');
-    res.end();
-});
-// Start app listening on all interfaces (0.0.0.0)
-app.start(port, null, () => {
-    console.log(`Running on localhost:${port}`);
-    console.log(app);
-});
-```
-### API modifications on 'net.Socket' instances:
- - The API modifies every ```net.Socket``` instance BEFORE it is passed 
-to ```app.connectionListener```. This means that all events receiving 
-a socket will receive the modified socket instead.
- - The modifications adds the following properties to the socket instance:
-```
- <socket>.session: Object           => A container for persistent data appended to sockets
- <socket>.session.port: Number      => The local port number
- <socket>.session.rport: Number     => The remote port number
- <socket>.session.host: String      => The local host interface address
- <socket>.session.rhost: String     => The remote host interface address
-```
-- It is possible to use the ```socket.session``` object to append data that will persist 
-during the lifetime of a single connection. Useful for keeping short-life local variables.
-
-- In HTTP ```http.IncomingMessage``` instances, the 'socket' instance is found over 'request'.
-So, considering the common callback of ```(req, res)```, the session container will be ```req.session```
-
-### API security headers implementation:
- - It is possible to enforce a higher set of security headers on responses 
-   without having to set them manually. The API 'enableStrictHeaders' and 'disableStrictHeaders' 
-   methods do exacly that. The strict headers are disabled by default, as some resources are too strict, 
-   but it is also possible to enable them all, and then set a middleware to override any header.
- - Headers set by 'enableStrictHeaders':
-```
-    Content-Security-Policy: default-src=none; script-src=self; connect-src=self; img-src=self;
-        style-src=self; frame-ancestors=none; form-action=self;
-    Cross-Origin-Opener-Policy:  same-origin
-    Cross-Origin-Resource-Policy: same-site
-    Origin-Agent-Cluster: ?1
-    Referrer-Policy: no-referrer
-    Strict-Transport-Security: max-age=31536000; includeSubDomains // temporarily disabled for maintenance
-    X-Content-Type-Options: nosniff // temporarily disabled for maintenance
-    X-DNS-Prefetch-Control: off
-    X-Download-Options: noopen
-    X-Frame-Options: DENY
-    X-Powered-By: (This header is removed if a response includes it)
-    X-XSS-Protection: 0 
-```