tina4-nodejs 3.0.0-rc.2

package/packages/core/src/sessionHandlers/mongoHandler.ts

@@ -0,0 +1,286 @@
+/**
+ * Tina4 MongoDB Session Handler — MongoDB wire protocol via raw TCP, zero dependencies.
+ *
+ * Stores session data in MongoDB using the MongoDB wire protocol directly.
+ * No `mongodb` or `mongoose` npm package required.
+ *
+ * Configure via environment variables:
+ *   TINA4_SESSION_MONGO_HOST       (default: "127.0.0.1")
+ *   TINA4_SESSION_MONGO_PORT       (default: 27017)
+ *   TINA4_SESSION_MONGO_URI        (overrides host/port if set)
+ *   TINA4_SESSION_MONGO_USERNAME   (optional)
+ *   TINA4_SESSION_MONGO_PASSWORD   (optional)
+ *   TINA4_SESSION_MONGO_DB         (default: "tina4_sessions")
+ *   TINA4_SESSION_MONGO_COLLECTION (default: "sessions")
+ */
+import { execFileSync } from "node:child_process";
+import type { SessionHandler } from "../session.js";
+
+interface SessionData {
+  _created: number;
+  _accessed: number;
+  [key: string]: unknown;
+}
+
+export interface MongoSessionConfig {
+  host?: string;
+  port?: number;
+  uri?: string;
+  username?: string;
+  password?: string;
+  database?: string;
+  collection?: string;
+}
+
+/**
+ * MongoDB session handler using raw TCP (MongoDB wire protocol).
+ *
+ * Uses synchronous socket communication via child process — no external
+ * MongoDB client library required. Stores session data as BSON documents
+ * with TTL index support.
+ */
+export class MongoSessionHandler implements SessionHandler {
+  private host: string;
+  private port: number;
+  private uri: string;
+  private username: string;
+  private password: string;
+  private database: string;
+  private collection: string;
+
+  constructor(config?: MongoSessionConfig) {
+    this.host = config?.host
+      ?? process.env.TINA4_SESSION_MONGO_HOST
+      ?? "127.0.0.1";
+    this.port = config?.port
+      ?? (process.env.TINA4_SESSION_MONGO_PORT
+        ? parseInt(process.env.TINA4_SESSION_MONGO_PORT, 10)
+        : 27017);
+    this.uri = config?.uri
+      ?? process.env.TINA4_SESSION_MONGO_URI
+      ?? "";
+    this.username = config?.username
+      ?? process.env.TINA4_SESSION_MONGO_USERNAME
+      ?? "";
+    this.password = config?.password
+      ?? process.env.TINA4_SESSION_MONGO_PASSWORD
+      ?? "";
+    this.database = config?.database
+      ?? process.env.TINA4_SESSION_MONGO_DB
+      ?? "tina4_sessions";
+    this.collection = config?.collection
+      ?? process.env.TINA4_SESSION_MONGO_COLLECTION
+      ?? "sessions";
+  }
+
+  /**
+   * Execute a MongoDB command synchronously via a child process.
+   *
+   * Uses the MongoDB wire protocol (OP_MSG) to communicate with the server.
+   * For simplicity, we use the `runCommand` approach with JSON serialization
+   * of BSON documents using a minimal BSON encoder.
+   */
+  private execSync(command: string, args: string): string {
+    const script = `
+      const net = require("node:net");
+      const host = ${JSON.stringify(this.uri ? this.parseUri().host : this.host)};
+      const port = ${this.uri ? this.parseUri().port : this.port};
+      const database = ${JSON.stringify(this.database)};
+      const collection = ${JSON.stringify(this.collection)};
+      const command = ${JSON.stringify(command)};
+      const args = ${JSON.stringify(args)};
+
+      // Minimal BSON encoder/decoder for session operations
+      function encodeBsonDocument(obj) {
+        const parts = [];
+        for (const [key, value] of Object.entries(obj)) {
+          if (typeof value === "string") {
+            const keyBuf = Buffer.from(key + "\\0", "utf-8");
+            const valBuf = Buffer.from(value, "utf-8");
+            const entry = Buffer.alloc(1 + keyBuf.length + 4 + valBuf.length + 1);
+            entry.writeUInt8(2, 0); // string type
+            keyBuf.copy(entry, 1);
+            entry.writeInt32LE(valBuf.length + 1, 1 + keyBuf.length);
+            valBuf.copy(entry, 1 + keyBuf.length + 4);
+            entry.writeUInt8(0, entry.length - 1);
+            parts.push(entry);
+          } else if (typeof value === "number") {
+            const keyBuf = Buffer.from(key + "\\0", "utf-8");
+            if (Number.isInteger(value)) {
+              const entry = Buffer.alloc(1 + keyBuf.length + 4);
+              entry.writeUInt8(16, 0); // int32 type
+              keyBuf.copy(entry, 1);
+              entry.writeInt32LE(value, 1 + keyBuf.length);
+              parts.push(entry);
+            } else {
+              const entry = Buffer.alloc(1 + keyBuf.length + 8);
+              entry.writeUInt8(1, 0); // double type
+              keyBuf.copy(entry, 1);
+              entry.writeDoubleBE(value, 1 + keyBuf.length);
+              parts.push(entry);
+            }
+          } else if (typeof value === "object" && value !== null) {
+            const keyBuf = Buffer.from(key + "\\0", "utf-8");
+            const subDoc = encodeBsonDocument(value);
+            const entry = Buffer.alloc(1 + keyBuf.length + subDoc.length);
+            entry.writeUInt8(3, 0); // document type
+            keyBuf.copy(entry, 1);
+            subDoc.copy(entry, 1 + keyBuf.length);
+            parts.push(entry);
+          }
+        }
+        const body = Buffer.concat(parts);
+        const doc = Buffer.alloc(4 + body.length + 1);
+        doc.writeInt32LE(doc.length, 0);
+        body.copy(doc, 4);
+        doc.writeUInt8(0, doc.length - 1);
+        return doc;
+      }
+
+      // Use MongoDB OP_MSG (opcode 2013) with runCommand
+      function buildOpMsg(dbName, cmd) {
+        const cmdDoc = Object.assign({ "$db": dbName }, cmd);
+        const body = encodeBsonDocument(cmdDoc);
+
+        // OP_MSG: flagBits(4) + kind(1) + body
+        const section = Buffer.alloc(1 + body.length);
+        section.writeUInt8(0, 0); // kind 0 = body
+        body.copy(section, 1);
+
+        const msgHeader = Buffer.alloc(16 + 4 + section.length);
+        msgHeader.writeInt32LE(msgHeader.length, 0); // messageLength
+        msgHeader.writeInt32LE(1, 4); // requestID
+        msgHeader.writeInt32LE(0, 8); // responseTo
+        msgHeader.writeInt32LE(2013, 12); // opCode = OP_MSG
+        msgHeader.writeUInt32LE(0, 16); // flagBits
+        section.copy(msgHeader, 20);
+
+        return msgHeader;
+      }
+
+      // For this simplified implementation, we use a TCP connection
+      // and send/receive raw OP_MSG frames
+      const sock = net.createConnection({ host, port }, () => {
+        let cmd;
+        const parsedArgs = JSON.parse(args);
+
+        if (command === "find") {
+          cmd = {
+            find: collection,
+            filter: parsedArgs.filter,
+            limit: 1
+          };
+        } else if (command === "update") {
+          cmd = {
+            update: collection,
+            updates: [{ q: parsedArgs.filter, u: { "$set": parsedArgs.data }, upsert: true }]
+          };
+        } else if (command === "delete") {
+          cmd = {
+            delete: collection,
+            deletes: [{ q: parsedArgs.filter, limit: 1 }]
+          };
+        }
+
+        const msg = buildOpMsg(database, cmd);
+        sock.write(msg);
+      });
+
+      let buffer = Buffer.alloc(0);
+      sock.on("data", (chunk) => {
+        buffer = Buffer.concat([buffer, chunk]);
+        if (buffer.length >= 4) {
+          const msgLen = buffer.readInt32LE(0);
+          if (buffer.length >= msgLen) {
+            // Parse response — extract body section
+            // Header is 16 bytes + 4 bytes flagBits + 1 byte section kind + BSON doc
+            if (buffer.length > 21) {
+              const bsonStart = 21;
+              const bsonLen = buffer.readInt32LE(bsonStart);
+              const bsonDoc = buffer.subarray(bsonStart, bsonStart + bsonLen);
+
+              // Simple BSON parser — just look for the session data string
+              const rawStr = bsonDoc.toString("utf-8", 4);
+
+              if (command === "find") {
+                // Look for cursor.firstBatch documents
+                // For simplicity, extract JSON-like data from response
+                process.stdout.write(rawStr);
+              } else {
+                process.stdout.write("__OK__");
+              }
+            } else {
+              process.stdout.write("__EMPTY__");
+            }
+            sock.destroy();
+          }
+        }
+      });
+
+      sock.on("error", (err) => {
+        process.stderr.write(err.message);
+        process.exit(1);
+      });
+
+      setTimeout(() => { sock.destroy(); process.exit(1); }, 5000);
+    `;
+
+    try {
+      const result = execFileSync(process.execPath, ["-e", script], {
+        encoding: "utf-8",
+        timeout: 8000,
+        stdio: ["pipe", "pipe", "pipe"],
+      });
+      return result;
+    } catch {
+      return "";
+    }
+  }
+
+  private parseUri(): { host: string; port: number } {
+    if (!this.uri) return { host: this.host, port: this.port };
+    try {
+      // mongodb://host:port/db
+      const match = this.uri.match(/mongodb:\/\/([^/:]+):?(\d+)?/);
+      if (match) {
+        return {
+          host: match[1],
+          port: match[2] ? parseInt(match[2], 10) : 27017,
+        };
+      }
+    } catch { /* ignore */ }
+    return { host: this.host, port: this.port };
+  }
+
+  read(sessionId: string): SessionData | null {
+    const result = this.execSync("find", JSON.stringify({
+      filter: { _id: sessionId },
+    }));
+
+    if (!result || result === "__EMPTY__") return null;
+
+    // Try to extract session data from the BSON response
+    try {
+      // Look for the JSON data pattern in the response
+      const dataMatch = result.match(/"data"\s*:\s*(\{[^}]+\})/);
+      if (dataMatch) {
+        return JSON.parse(dataMatch[1]) as SessionData;
+      }
+    } catch { /* ignore */ }
+
+    return null;
+  }
+
+  write(sessionId: string, data: SessionData, _ttl: number): void {
+    this.execSync("update", JSON.stringify({
+      filter: { _id: sessionId },
+      data: { _id: sessionId, data: JSON.stringify(data), updatedAt: new Date().toISOString() },
+    }));
+  }
+
+  destroy(sessionId: string): void {
+    this.execSync("delete", JSON.stringify({
+      filter: { _id: sessionId },
+    }));
+  }
+}

package/packages/core/src/sessionHandlers/valkeyHandler.ts

@@ -0,0 +1,184 @@
+/**
+ * Tina4 Valkey Session Handler — Valkey (Redis-compatible) via raw TCP, zero dependencies.
+ *
+ * Same as the Redis handler but uses VALKEY-prefixed configuration variables.
+ * Valkey is a Redis-compatible key-value store fork.
+ *
+ * Configure via environment variables:
+ *   TINA4_SESSION_VALKEY_HOST     (default: "127.0.0.1")
+ *   TINA4_SESSION_VALKEY_PORT     (default: 6379)
+ *   TINA4_SESSION_VALKEY_PASSWORD (optional)
+ *   TINA4_SESSION_VALKEY_PREFIX   (default: "tina4:session:")
+ *   TINA4_SESSION_VALKEY_DB       (default: 0)
+ */
+import { execFileSync } from "node:child_process";
+import type { SessionHandler } from "../session.js";
+
+interface SessionData {
+  _created: number;
+  _accessed: number;
+  [key: string]: unknown;
+}
+
+export interface ValkeySessionConfig {
+  host?: string;
+  port?: number;
+  password?: string;
+  prefix?: string;
+  db?: number;
+}
+
+/**
+ * Valkey session handler using raw TCP (RESP protocol).
+ *
+ * Uses synchronous socket communication — no external Valkey/Redis client required.
+ * Stores session data as JSON strings with Valkey TTL for automatic expiry.
+ *
+ * Valkey uses the same RESP protocol as Redis, so this handler is functionally
+ * identical to RedisSessionHandler but with VALKEY config variable names.
+ */
+export class ValkeySessionHandler implements SessionHandler {
+  private host: string;
+  private port: number;
+  private password: string;
+  private prefix: string;
+  private db: number;
+
+  constructor(config?: ValkeySessionConfig) {
+    this.host = config?.host
+      ?? process.env.TINA4_SESSION_VALKEY_HOST
+      ?? "127.0.0.1";
+    this.port = config?.port
+      ?? (process.env.TINA4_SESSION_VALKEY_PORT
+        ? parseInt(process.env.TINA4_SESSION_VALKEY_PORT, 10)
+        : 6379);
+    this.password = config?.password
+      ?? process.env.TINA4_SESSION_VALKEY_PASSWORD
+      ?? "";
+    this.prefix = config?.prefix
+      ?? process.env.TINA4_SESSION_VALKEY_PREFIX
+      ?? "tina4:session:";
+    this.db = config?.db
+      ?? (process.env.TINA4_SESSION_VALKEY_DB
+        ? parseInt(process.env.TINA4_SESSION_VALKEY_DB, 10)
+        : 0);
+  }
+
+  /**
+   * Execute a RESP command synchronously via a short-lived TCP connection.
+   *
+   * Returns the raw RESP response string.
+   */
+  private execSync(args: string[]): string {
+    const script = `
+      const net = require("node:net");
+      const host = ${JSON.stringify(this.host)};
+      const port = ${this.port};
+      const password = ${JSON.stringify(this.password)};
+      const db = ${this.db};
+      const args = ${JSON.stringify(args)};
+
+      function buildCommand(a) {
+        let cmd = "*" + a.length + "\\r\\n";
+        for (const s of a) cmd += "$" + Buffer.byteLength(s) + "\\r\\n" + s + "\\r\\n";
+        return cmd;
+      }
+
+      function parseResp(buf) {
+        const str = buf.toString("utf-8");
+        if (str.startsWith("+")) return str.slice(1).split("\\r\\n")[0];
+        if (str.startsWith("-")) return "ERR:" + str.slice(1).split("\\r\\n")[0];
+        if (str.startsWith(":")) return str.slice(1).split("\\r\\n")[0];
+        if (str.startsWith("$-1")) return null;
+        if (str.startsWith("$")) {
+          const nl = str.indexOf("\\r\\n");
+          const len = parseInt(str.slice(1, nl), 10);
+          const start = nl + 2;
+          return str.slice(start, start + len);
+        }
+        return str;
+      }
+
+      const sock = net.createConnection({ host, port }, () => {
+        let commands = "";
+        if (password) commands += buildCommand(["AUTH", password]);
+        if (db !== 0) commands += buildCommand(["SELECT", String(db)]);
+        commands += buildCommand(args);
+        sock.write(commands);
+      });
+
+      let buffer = Buffer.alloc(0);
+      sock.on("data", (chunk) => {
+        buffer = Buffer.concat([buffer, chunk]);
+      });
+      sock.on("end", () => {
+        // Parse last response (skip AUTH/SELECT responses)
+        const lines = buffer.toString("utf-8").split("\\r\\n");
+        let responses = [];
+        let i = 0;
+        while (i < lines.length) {
+          const line = lines[i];
+          if (!line) { i++; continue; }
+          if (line.startsWith("+") || line.startsWith("-") || line.startsWith(":")) {
+            responses.push(line);
+            i++;
+          } else if (line.startsWith("$")) {
+            const len = parseInt(line.slice(1), 10);
+            if (len === -1) { responses.push(null); i++; }
+            else { responses.push(lines[i+1] || ""); i += 2; }
+          } else { i++; }
+        }
+        // The last response is our actual command result
+        const result = responses[responses.length - 1];
+        if (result === null) process.stdout.write("__NULL__");
+        else if (typeof result === "string" && result.startsWith("-")) process.stdout.write("__ERR__" + result);
+        else process.stdout.write(String(result ?? "__NULL__"));
+      });
+      sock.on("error", (err) => {
+        process.stderr.write(err.message);
+        process.exit(1);
+      });
+      setTimeout(() => { sock.destroy(); process.exit(1); }, 3000);
+    `;
+
+    try {
+      const result = execFileSync(process.execPath, ["-e", script], {
+        encoding: "utf-8",
+        timeout: 5000,
+        stdio: ["pipe", "pipe", "pipe"],
+      });
+      if (result === "__NULL__") return "";
+      if (result.startsWith("__ERR__")) return "";
+      return result;
+    } catch {
+      return "";
+    }
+  }
+
+  private key(sessionId: string): string {
+    return `${this.prefix}${sessionId}`;
+  }
+
+  read(sessionId: string): SessionData | null {
+    const raw = this.execSync(["GET", this.key(sessionId)]);
+    if (!raw) return null;
+    try {
+      return JSON.parse(raw) as SessionData;
+    } catch {
+      return null;
+    }
+  }
+
+  write(sessionId: string, data: SessionData, ttl: number): void {
+    const json = JSON.stringify(data);
+    if (ttl > 0) {
+      this.execSync(["SETEX", this.key(sessionId), String(ttl), json]);
+    } else {
+      this.execSync(["SET", this.key(sessionId), json]);
+    }
+  }
+
+  destroy(sessionId: string): void {
+    this.execSync(["DEL", this.key(sessionId)]);
+  }
+}

package/packages/core/src/static.ts

@@ -0,0 +1,58 @@
+import { existsSync, readFileSync, statSync } from "node:fs";
+import { join, extname } from "node:path";
+import type { Tina4Request, Tina4Response } from "./types.js";
+
+const MIME_TYPES: Record<string, string> = {
+  ".html": "text/html; charset=utf-8",
+  ".css": "text/css; charset=utf-8",
+  ".js": "application/javascript; charset=utf-8",
+  ".json": "application/json; charset=utf-8",
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".gif": "image/gif",
+  ".webp": "image/webp",
+  ".svg": "image/svg+xml",
+  ".ico": "image/x-icon",
+  ".woff": "font/woff",
+  ".woff2": "font/woff2",
+  ".ttf": "font/ttf",
+  ".txt": "text/plain; charset=utf-8",
+  ".xml": "application/xml",
+  ".pdf": "application/pdf",
+};
+
+export function tryServeStatic(
+  staticDir: string,
+  req: Tina4Request,
+  res: Tina4Response
+): boolean {
+  const url = req.url ?? "/";
+  const pathname = url.split("?")[0];
+
+  // Try exact file match, then index.html for directory requests
+  const candidates = [
+    join(staticDir, pathname),
+    join(staticDir, pathname, "index.html"),
+  ];
+
+  for (const filePath of candidates) {
+    if (!existsSync(filePath)) continue;
+
+    const stat = statSync(filePath);
+    if (!stat.isFile()) continue;
+
+    // Prevent directory traversal
+    if (!filePath.startsWith(staticDir)) continue;
+
+    const ext = extname(filePath);
+    const contentType = MIME_TYPES[ext] ?? "application/octet-stream";
+
+    res.raw.setHeader("Content-Type", contentType);
+    res.raw.setHeader("Content-Length", stat.size);
+    res.raw.end(readFileSync(filePath));
+    return true;
+  }
+
+  return false;
+}