tezx 1.0.13 → 1.0.15

package/dist/middleware/secureHeaders.d.ts

@@ -1,78 +0,0 @@
-import { Context } from "../context";
-import { Middleware } from "../router";
-export type DynamicHeaderValue = string | ((ctx: Context) => string | undefined);
-export type SecurityHeaderOptions = {
-    /**
-     * 🔵 Content Security Policy header value
-     * @default "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';"
-     * @example
-     * contentSecurityPolicy: "default-src 'none'; script-src 'self' https://trusted.cdn.com"
-     * contentSecurityPolicy: (ctx) => ctx.isAdmin ? "default-src 'self'" : "default-src 'none'"
-     */
-    contentSecurityPolicy?: DynamicHeaderValue;
-    /**
-     * 🟢 Whether to set X-Frame-Options header (clickjacking protection)
-     * @default true
-     * @example
-     * frameGuard: true // Always enable
-     * frameGuard: (ctx) => !ctx.path.startsWith('/embed/') // Disable for embed routes
-     */
-    frameGuard?: boolean | ((ctx: Context) => boolean);
-    /**
-     * 🟣 HTTP Strict Transport Security (HSTS) header
-     * @default true
-     * @example
-     * hsts: true // Enable with 2 year duration
-     * hsts: (ctx) => ctx.secure // Enable only for HTTPS
-     */
-    hsts?: boolean | ((ctx: Context) => boolean);
-    /**
-     * 🟠 XSS Protection header
-     * @default true
-     * @example
-     * xssProtection: false // Disable legacy XSS filter
-     */
-    xssProtection?: boolean | ((ctx: Context) => boolean);
-    /**
-     * 🟡 X-Content-Type-Options header (MIME sniffing prevention)
-     * @default true
-     * @example
-     * noSniff: false // Only disable if you have specific needs
-     */
-    noSniff?: boolean | ((ctx: Context) => boolean);
-    /**
-     * 🔴 Referrer Policy header
-     * @default "no-referrer"
-     * @example
-     * referrerPolicy: "strict-origin-when-cross-origin"
-     */
-    referrerPolicy?: DynamicHeaderValue;
-    /**
-     * 🟤 Permissions Policy header (formerly Feature Policy)
-     * @default "geolocation=(), microphone=(), camera=()"
-     * @example
-     * permissionsPolicy: "geolocation=(self 'https://example.com')"
-     */
-    permissionsPolicy?: DynamicHeaderValue;
-};
-/**
- * 🛡️ Comprehensive security headers middleware
- *
- * Sets multiple security-related HTTP headers with dynamic configuration.
- * All headers can be configured per-request using functions.
- *
- * @param {SecurityHeaderOptions} [options={}] - Configuration options
- * @returns {Middleware} Middleware function
- *
- * @example
- * // Basic usage with defaults
- * app.use(secureHeaders());
- *
- * // Custom configuration
- * app.use(secureHeaders({
- *   contentSecurityPolicy: "default-src 'self'",
- *   frameGuard: (ctx) => !ctx.isEmbedded,
- *   referrerPolicy: "strict-origin-when-cross-origin"
- * }));
- */
-export declare const secureHeaders: (options?: SecurityHeaderOptions) => Middleware;

package/dist/middleware/secureHeaders.js

@@ -1,38 +0,0 @@
-export const secureHeaders = (options = {}) => {
-    return async (ctx, next) => {
-        const resolveValue = (value) => {
-            return typeof value === "function" ? value(ctx) : value;
-        };
-        const contentSecurityPolicy = resolveValue(options.contentSecurityPolicy) ||
-            "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';";
-        const frameGuard = resolveValue(options.frameGuard) ?? true;
-        const hsts = resolveValue(options.hsts) ?? true;
-        const xssProtection = resolveValue(options.xssProtection) ?? true;
-        const noSniff = resolveValue(options.noSniff) ?? true;
-        const referrerPolicy = resolveValue(options.referrerPolicy) || "no-referrer";
-        const permissionsPolicy = resolveValue(options.permissionsPolicy) ||
-            "geolocation=(), microphone=(), camera=()";
-        if (contentSecurityPolicy) {
-            ctx.headers.set("Content-Security-Policy", contentSecurityPolicy);
-        }
-        if (frameGuard) {
-            ctx.headers.set("X-Frame-Options", "DENY");
-        }
-        if (hsts) {
-            ctx.headers.set("Strict-Transport-Security", "max-age=63072000; includeSubDomains");
-        }
-        if (xssProtection) {
-            ctx.headers.set("X-XSS-Protection", "1; mode=block");
-        }
-        if (noSniff) {
-            ctx.headers.set("X-Content-Type-Options", "nosniff");
-        }
-        if (referrerPolicy) {
-            ctx.headers.set("Referrer-Policy", referrerPolicy);
-        }
-        if (permissionsPolicy) {
-            ctx.headers.set("Permissions-Policy", permissionsPolicy);
-        }
-        return await next();
-    };
-};

package/dist/middleware/xssProtection.d.ts

@@ -1,43 +0,0 @@
-import { Context } from "../context";
-import { NextCallback } from "../router";
-export type XSSProtectionOptions = {
-    /**
-     * 🟢 Whether to enable XSS protection
-     * @default true
-     * @example
-     * enabled: true // Always enable
-     * enabled: (ctx) => !ctx.isAdmin // Disable for admin routes
-     */
-    enabled?: boolean | ((ctx: Context) => boolean);
-    /**
-     * 🔵 Protection mode to use
-     * @default "block"
-     * @example
-     * mode: "block" // Block the page if XSS detected
-     * mode: "filter" // Sanitize the page if XSS detected
-     */
-    mode?: "block" | "filter";
-    /**
-     * 🟣 Fallback CSP for browsers without XSS protection
-     * @default "default-src 'self'; script-src 'self';"
-     * @example
-     * fallbackCSP: "default-src 'none'; script-src 'self' https://trusted.cdn.com"
-     */
-    fallbackCSP?: string;
-};
-/**
- * 🛡️ Middleware to set the X-XSS-Protection header and provide enhanced XSS mitigation
- * @param options - Configuration options for XSS protection
- * @returns Middleware function
- *
- * @example
- * // Basic usage
- * app.use(xssProtection());
- *
- * // Custom configuration
- * app.use(xssProtection({
- *   mode: "filter",
- *   fallbackCSP: "default-src 'self'"
- * }));
- */
-export declare const xssProtection: (options?: XSSProtectionOptions) => (ctx: Context, next: NextCallback) => Promise<any>;

package/dist/middleware/xssProtection.js

@@ -1,22 +0,0 @@
-import { GlobalConfig } from "../config/config";
-export const xssProtection = (options = {}) => {
-    const { enabled = true, mode = "block", fallbackCSP = "default-src 'self'; script-src 'self';", } = options;
-    return async (ctx, next) => {
-        const isEnabled = typeof enabled === "function" ? enabled(ctx) : enabled;
-        if (!isEnabled) {
-            GlobalConfig.debugging.warn("🟠 XSS protection is disabled.");
-            return await next();
-        }
-        const xssHeaderValue = mode === "block" ? "1; mode=block" : "1";
-        ctx.headers.set("X-XSS-Protection", xssHeaderValue);
-        GlobalConfig.debugging.warn(`🟢 X-XSS-Protection set to: ${xssHeaderValue}`);
-        if (fallbackCSP) {
-            const existingCSP = ctx.headers.get("Content-Security-Policy");
-            if (!existingCSP) {
-                ctx.headers.set("Content-Security-Policy", fallbackCSP);
-                GlobalConfig.debugging.warn(`🟣 Fallback CSP set to: ${fallbackCSP}`);
-            }
-        }
-        return await next();
-    };
-};

package/dist/request.d.ts

@@ -1,82 +0,0 @@
-import { HeadersParser } from "./header";
-import { UrlRef } from "./utils/url";
-export type FormDataOptions = {
-    maxSize?: number;
-    allowedTypes?: string[];
-    sanitized?: boolean;
-    maxFiles?: number;
-};
-type TransportType = "tcp" | "udp" | "unix" | "pipe";
-export type AddressType = {
-    transport?: TransportType;
-    family?: "IPv4" | "IPv6" | "Unix";
-    address?: string;
-    port?: number;
-};
-export type ConnAddress = {
-    remoteAddr: AddressType;
-    localAddr: AddressType;
-};
-export type HTTPMethod = "GET" | "POST" | "PUT" | "DELETE" | "OPTIONS" | "PATCH" | "HEAD" | "ALL" | "TRACE" | "CONNECT" | string;
-export declare class Request {
-    headers: HeadersParser;
-    /**
-     * Full request URL including protocol and query string
-     * @type {string}
-     */
-    readonly url: string;
-    /**
-     * HTTP request method (GET, POST, PUT, DELETE, etc.)
-     * @type {HTTPMethod}
-     */
-    readonly method: HTTPMethod;
-    /** Parsed URL reference containing components like query parameters, pathname, etc. */
-    readonly urlRef: UrlRef;
-    /** Query parameters extracted from the URL */
-    readonly query: Record<string, any>;
-    protected rawRequest: any;
-    /**
-     * Retrieve a parameter by name.
-     * @param name - The parameter name.
-     * @returns The parameter value if found, or undefined.
-     */
-    readonly params: Record<string, any>;
-    /**
-     * Represents the remote address details of a connected client.
-     *
-     * @property {TransportType} [transport] - The transport protocol used (e.g., `"tcp"`, `"udp"`).
-     * @property {"IPv4" | "IPv6" | "Unix"} [family] - The address family, indicating whether the connection is over IPv4, IPv6, or a Unix socket.
-     * @property {string} [hostname] - The hostname or IP address of the remote client.
-     * @property {number} [port] - The remote client's port number.
-     * @default {{}}
-     *
-     * @example
-     * ```typescript
-     * ctx.req.remoteAddress
-     * ```
-     */
-    remoteAddress: AddressType;
-    constructor(req: any, params: Record<string, any>, remoteAddress: AddressType);
-    /**
-     * Parses the request body as plain text.
-     * @returns {Promise<string>} The text content of the request body.
-     */
-    text(): Promise<string>;
-    /**
-     * Parses the request body as JSON.
-     * @returns {Promise<Record<string, any>>} The parsed JSON object.
-     * If the Content-Type is not 'application/json', it returns an empty object.
-     */
-    json(): Promise<Record<string, any>>;
-    /**
-     * Parses the request body based on Content-Type.
-     * Supports:
-     * - application/json → JSON parsing
-     * - application/x-www-form-urlencoded → URL-encoded form parsing
-     * - multipart/form-data → Multipart form-data parsing (for file uploads)
-     * @returns {Promise<Record<string, any>>} The parsed form data as an object.
-     * @throws {Error} If the Content-Type is missing or invalid.
-     */
-    formData(options?: FormDataOptions): Promise<Record<string, any>>;
-}
-export {};

package/dist/request.js

@@ -1,76 +0,0 @@
-import { EnvironmentDetector } from "./environment";
-import { HeadersParser } from "./header";
-import { parseJsonBody, parseMultipartBody, parseTextBody, parseUrlEncodedBody, } from "./utils/formData";
-import { urlParse } from "./utils/url";
-export class Request {
-    headers = new HeadersParser();
-    url;
-    method;
-    urlRef = {
-        hash: undefined,
-        protocol: undefined,
-        origin: undefined,
-        username: undefined,
-        password: undefined,
-        hostname: undefined,
-        port: undefined,
-        href: undefined,
-        query: {},
-        pathname: "/",
-    };
-    query;
-    rawRequest;
-    params = {};
-    remoteAddress = {};
-    constructor(req, params, remoteAddress) {
-        this.remoteAddress = remoteAddress;
-        this.headers = new HeadersParser(req?.headers);
-        this.method = req?.method?.toUpperCase();
-        this.params = params;
-        this.rawRequest = req;
-        if (EnvironmentDetector.getEnvironment == "node") {
-            const protocol = EnvironmentDetector.detectProtocol(req);
-            const host = EnvironmentDetector.getHost(this.headers);
-            this.url = `${protocol}://${host}${req.url}`;
-        }
-        else {
-            this.url = req.url;
-        }
-        this.urlRef = urlParse(this.url);
-        this.query = this.urlRef.query;
-    }
-    async text() {
-        return await parseTextBody(this.rawRequest);
-    }
-    async json() {
-        const contentType = this.headers.get("content-type") || "";
-        if (contentType.includes("application/json")) {
-            return await parseJsonBody(this.rawRequest);
-        }
-        else {
-            return {};
-        }
-    }
-    async formData(options) {
-        const contentType = this.headers.get("content-type") || "";
-        if (!contentType) {
-            throw Error("Invalid Content-Type");
-        }
-        if (contentType.includes("application/json")) {
-            return await parseJsonBody(this.rawRequest);
-        }
-        else if (contentType.includes("application/x-www-form-urlencoded")) {
-            return parseUrlEncodedBody(this.rawRequest);
-        }
-        else if (contentType.includes("multipart/form-data")) {
-            const boundary = contentType?.split("; ")?.[1]?.split("=")?.[1];
-            if (!boundary) {
-                throw Error("Boundary not found");
-            }
-            return await parseMultipartBody(this.rawRequest, boundary, options);
-        }
-        else {
-            return {};
-        }
-    }
-}

package/dist/router.d.ts

@@ -1,191 +0,0 @@
-import { Context, ResponseHeaders } from "./context";
-import MiddlewareConfigure, { DuplicateMiddlewares, UniqueMiddlewares } from "./MiddlewareConfigure";
-import { HTTPMethod } from "./request";
-export type NextCallback = () => Promise<any>;
-export type ctx<T extends Record<string, any> = {}> = Context<T> & T;
-export type Callback<T extends Record<string, any> = {}> = (ctx: ctx<T>) => Promise<Response> | Response;
-export type Middleware<T extends Record<string, any> = {}> = (ctx: ctx<T>, next: NextCallback) => NextCallback | Promise<NextCallback | Response> | Response;
-export type RouterConfig = {
-    /**
-     * `env` allows you to define environment variables for the router.
-     * It is a record of key-value pairs where the key is the variable name
-     * and the value can be either a string or a number.
-     */
-    env?: Record<string, string | number>;
-    /**
-     * `basePath` sets the base path for the router. This is useful for grouping
-     * routes under a specific path prefix.
-     */
-    basePath?: string;
-};
-declare class TrieRouter {
-    children: Map<string, TrieRouter>;
-    handlers: Map<HTTPMethod, {
-        callback: Callback<any>;
-        middlewares: UniqueMiddlewares | DuplicateMiddlewares;
-    }>;
-    pathname: string;
-    paramName: any;
-    isParam: boolean;
-    constructor(pathname?: string);
-}
-export type StaticServeOption = {
-    cacheControl?: string;
-    headers?: ResponseHeaders;
-};
-export declare class Router<T extends Record<string, any> = {}> extends MiddlewareConfigure<T> {
-    #private;
-    protected routers: Map<string, Map<HTTPMethod, {
-        callback: Callback<T>;
-        middlewares: UniqueMiddlewares | DuplicateMiddlewares;
-    }>>;
-    protected env: Record<string, string | number>;
-    protected triRouter: TrieRouter;
-    constructor({ basePath, env }?: RouterConfig);
-    /**
-     * Serves static files from a specified directory.
-     *
-     * This method provides two overloads:
-     * 1. `static(route: string, folder: string, option?: StaticServeOption): this;`
-     *    - Serves static files from `folder` at the specified `route`.
-     * 2. `static(folder: string, option?: StaticServeOption): this;`
-     *    - Serves static files from `folder` at the root (`/`).
-     *
-     * @param {string} route - The base route to serve static files from (optional in overload).
-     * @param {string} folder - The folder containing the static files.
-     * @param {StaticServeOption} [option] - Optional settings for static file serving.
-     * @returns {this} Returns the current instance to allow method chaining.
-     */
-    static(route: string, folder: string, option?: StaticServeOption): this;
-    static(folder: string, Option?: StaticServeOption): this;
-    /**
-     * Registers a GET route with optional middleware(s)
-     * @param path - URL path pattern (supports route parameters)
-     * @param args - Handler callback or middleware(s) + handler
-     * @returns Current instance for chaining
-     *
-     * @example
-     * // Simple GET route
-     * app.get('/users', (ctx) => { ... });
-     *
-     * // With middleware
-     * app.get('/secure', authMiddleware, (ctx) => { ... });
-     *
-     * // With multiple middlewares
-     * app.get('/admin', [authMiddleware, adminMiddleware], (ctx) => { ... });
-     */
-    get(path: string, callback: Callback<T>): this;
-    get(path: string, middlewares: Middleware<T>[], callback: Callback<T>): this;
-    get(path: string, middlewares: Middleware<T>, callback: Callback<T>): this;
-    /**
-     * Registers a POST route with optional middleware(s)
-     * @param path - URL path pattern
-     * @param args - Handler callback or middleware(s) + handler
-     */
-    post(path: string, callback: Callback<T>): this;
-    post(path: string, middlewares: Middleware<T>[], callback: Callback<T>): this;
-    post(path: string, middlewares: Middleware<T>, callback: Callback<T>): this;
-    /**
-     * Registers a PUT route with optional middleware(s)
-     * @param path - URL path pattern
-     * @param args - Handler callback or middleware(s) + handler
-     */
-    put(path: string, callback: Callback<T>): this;
-    put(path: string, middlewares: Middleware<T>[], callback: Callback<T>): this;
-    put(path: string, middlewares: Middleware<T>, callback: Callback<T>): this;
-    /**
-     * Registers a PATCH route with optional middleware(s)
-     * @param path - URL path pattern
-     * @param args - Handler callback or middleware(s) + handler
-     */
-    patch(path: string, callback: Callback<T>): this;
-    patch(path: string, middlewares: Middleware<T>[], callback: Callback<T>): this;
-    patch(path: string, middlewares: Middleware<T>, callback: Callback<T>): this;
-    /**
-     * Registers a DELETE route with optional middleware(s)
-     * @param path - URL path pattern
-     * @param args - Handler callback or middleware(s) + handler
-     */
-    delete(path: string, callback: Callback<T>): this;
-    delete(path: string, middlewares: Middleware<T>[], callback: Callback<T>): this;
-    delete(path: string, middlewares: Middleware<T>, callback: Callback<T>): this;
-    /**
-     * Registers an OPTIONS route (primarily for CORS preflight requests)
-     * @param path - URL path pattern
-     * @param args - Handler callback or middleware(s) + handler
-     */
-    options(path: string, callback: Callback<T>): this;
-    options(path: string, middlewares: Middleware<T>[], callback: Callback<T>): this;
-    options(path: string, middlewares: Middleware<T>, callback: Callback<T>): this;
-    /**
-     * Registers a HEAD route (returns headers only)
-     * @param path - URL path pattern
-     * @param args - Handler callback or middleware(s) + handler
-     */
-    head(path: string, callback: Callback<T>): this;
-    head(path: string, middlewares: Middleware<T>[], callback: Callback<T>): this;
-    head(path: string, middlewares: Middleware<T>, callback: Callback<T>): this;
-    /**
-     * Registers a route that responds to all HTTP methods
-     * @param path - URL path pattern
-     * @param args - Handler callback or middleware(s) + handler
-     */
-    all(path: string, callback: Callback<T>): this;
-    all(path: string, middlewares: Middleware<T>[], callback: Callback<T>): this;
-    all(path: string, middlewares: Middleware<T>, callback: Callback<T>): this;
-    /**
-     * Generic method registration for custom HTTP methods
-     * @param method - HTTP method name (e.g., 'PURGE')
-     * @param path - URL path pattern
-     * @param args - Handler callback or middleware(s) + handler
-     *
-     * @example
-     * // Register custom method
-     * server.addRoute('PURGE', '/cache', purgeHandler);
-     */
-    addRoute(method: HTTPMethod, path: string, callback: Callback<T>): this;
-    addRoute(method: HTTPMethod, path: string, middlewares: Middleware<T>[], callback: Callback<T>): this;
-    addRoute(method: HTTPMethod, path: string, middlewares: Middleware<T>, callback: Callback<T>): this;
-    /**
-     * Mount a sub-router at specific path prefix
-     * @param path - Base path for the sub-router
-     * @param router - Router instance to mount
-     * @returns Current instance for chaining
-     *
-     * @example
-     * const apiRouter = new Router();
-     * apiRouter.get('/users', () => { ... });
-     * server.addRouter('/api', apiRouter);
-     */
-    addRouter(path: string, router: Router<T | any>): void;
-    /**
-     * Create route group with shared path prefix
-     * @param prefix - Path prefix for the group
-     * @param callback - Function that receives group-specific router
-     * @returns Current router instance for chaining
-     *
-     * @example
-     * app.group('/v1', (group) => {
-     *   group.get('/users', v1UserHandler);
-     * });
-     */
-    group(prefix: string, callback: (group: Router<T>) => void): this;
-    /**
-     * Register middleware with flexible signature
-     * @overload
-     * @param path - Optional path to scope middleware
-     * @param middlewares - Middleware(s) to register
-     * @param [callback] - Optional sub-router or handler
-     */
-    use(path: string, middlewares: Middleware<T>[], callback: Callback<T> | Router<T | any>): this;
-    use(path: string, middleware: Middleware<T>, callback: Callback<T> | Router<T | any>): this;
-    use(path: string, middlewares: Middleware<T>[]): this;
-    use(path: string, middleware: Middleware<T>): this;
-    use(path: string, callback: Callback<T> | Router<T | any>): this;
-    use(middlewares: Middleware<T>[], callback: Callback<T> | Router<T | any>): this;
-    use(middleware: Middleware<T>, callback: Callback<T> | Router<T | any>): this;
-    use(middlewares: Middleware<T>[]): this;
-    use(middleware: Middleware<T>): this;
-    use(callback: Callback<T> | Router<T | any>): this;
-}
-export {};