wu-framework 1.0.4 → 1.0.6

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wu-framework",
-  "version": "1.0.4",
+  "version": "1.0.6",
   "description": "🚀 Universal Microfrontends Framework - Framework agnostic, zero config, Shadow DOM isolation",
   "main": "src/index.js",
   "type": "module",

package/src/core/wu-cache.js

@@ -1,16 +1,10 @@
 /**
- * 💾 WU-CACHE: INTERNAL FRAMEWORK CACHING
+ * 💾 WU-CACHE: SECURE INTERNAL CACHING
  *
- * Sistema de caché INTERNO para recursos del framework:
- * - Manifests de microfrontends
- * - Módulos cargados
- * - Configuraciones de apps
- *
- * Features:
- * - Cache persistente (localStorage/sessionStorage)
- * - Cache en memoria (Map)
- * - TTL (Time To Live) configurable
- * - LRU (Least Recently Used) eviction
+ * Sistema de caché INTERNO con rate limiting
+ * - Rate limiting para prevenir abuso
+ * - Cache persistente y en memoria
+ * - TTL y LRU eviction
  *
  * ⚠️ USO INTERNO: No exponer en API pública
  */
@@ -22,15 +16,26 @@ export class WuCache {
       maxItems: options.maxItems || 100,
       defaultTTL: options.defaultTTL || 3600000, // 1 hour
       persistent: options.persistent !== false,
-      storage: options.storage || 'memory', // 'memory' | 'localStorage' | 'sessionStorage'
+      storage: options.storage || 'memory',
       compression: options.compression || false
     };
 
+    // 🔐 Rate limiting configuration
+    this.rateLimiting = {
+      enabled: options.rateLimiting !== false,
+      maxOpsPerSecond: options.maxOpsPerSecond || 100,
+      windowMs: 1000, // 1 second window
+      cooldownMs: options.cooldownMs || 5000, // 5 second cooldown after limit
+      operations: [],
+      inCooldown: false,
+      cooldownUntil: 0
+    };
+
     // Memory cache
     this.memoryCache = new Map();
 
     // LRU tracking
-    this.accessOrder = new Map(); // key -> timestamp
+    this.accessOrder = new Map();
 
     // Statistics
     this.stats = {
@@ -38,10 +43,67 @@ export class WuCache {
       misses: 0,
       sets: 0,
       evictions: 0,
-      size: 0
+      size: 0,
+      rateLimited: 0 // 🔐 Contador de operaciones rechazadas
     };
+  }
+
+  /**
+   * 🔐 CHECK RATE LIMIT: Verificar si la operación está permitida
+   * @returns {boolean} true si la operación está permitida
+   */
+  _checkRateLimit() {
+    if (!this.rateLimiting.enabled) return true;
+
+    const now = Date.now();
+
+    // Verificar si estamos en cooldown
+    if (this.rateLimiting.inCooldown) {
+      if (now < this.rateLimiting.cooldownUntil) {
+        this.stats.rateLimited++;
+        return false;
+      }
+      // Cooldown terminado
+      this.rateLimiting.inCooldown = false;
+      this.rateLimiting.operations = [];
+    }
+
+    // Limpiar operaciones antiguas (fuera de la ventana)
+    const windowStart = now - this.rateLimiting.windowMs;
+    this.rateLimiting.operations = this.rateLimiting.operations.filter(
+      ts => ts > windowStart
+    );
+
+    // Verificar límite
+    if (this.rateLimiting.operations.length >= this.rateLimiting.maxOpsPerSecond) {
+      // Activar cooldown
+      this.rateLimiting.inCooldown = true;
+      this.rateLimiting.cooldownUntil = now + this.rateLimiting.cooldownMs;
+      this.stats.rateLimited++;
+      console.warn(`[WuCache] 🚫 Rate limit exceeded. Cooldown for ${this.rateLimiting.cooldownMs}ms`);
+      return false;
+    }
 
-    console.log('[WuCache] 💾 Advanced cache system initialized');
+    // Registrar operación
+    this.rateLimiting.operations.push(now);
+    return true;
+  }
+
+  /**
+   * 🔐 GET RATE LIMIT STATUS
+   */
+  getRateLimitStatus() {
+    const now = Date.now();
+    return {
+      enabled: this.rateLimiting.enabled,
+      inCooldown: this.rateLimiting.inCooldown,
+      cooldownRemaining: this.rateLimiting.inCooldown
+        ? Math.max(0, this.rateLimiting.cooldownUntil - now)
+        : 0,
+      currentOps: this.rateLimiting.operations.length,
+      maxOps: this.rateLimiting.maxOpsPerSecond,
+      rateLimited: this.stats.rateLimited
+    };
   }
 
   /**
@@ -50,6 +112,11 @@ export class WuCache {
    * @returns {*} Valor cacheado o null
    */
   get(key) {
+    // 🔐 Check rate limit
+    if (!this._checkRateLimit()) {
+      return null; // Silently fail on rate limit
+    }
+
     // 1. Buscar en memoria
     if (this.memoryCache.has(key)) {
       const entry = this.memoryCache.get(key);
@@ -92,6 +159,11 @@ export class WuCache {
    * @returns {boolean}
    */
   set(key, value, ttl) {
+    // 🔐 Check rate limit
+    if (!this._checkRateLimit()) {
+      return false; // Reject on rate limit
+    }
+
     try {
       const entry = {
         key,

package/src/core/wu-event-bus.js

@@ -1,46 +1,156 @@
 /**
- * 📡 WU-EVENT-BUS: ADVANCED PUB/SUB SYSTEM
+ * 📡 WU-EVENT-BUS: SECURE PUB/SUB SYSTEM
  *
  * Sistema de eventos para comunicación entre microfrontends
- * - Pub/Sub pattern
+ * - Pub/Sub pattern con validación de origen
  * - Event namespaces
  * - Wildcards
  * - Event replay
- * - Performance optimizado
+ * - Verificación de apps autorizadas
  */
 
 export class WuEventBus {
   constructor() {
-    this.listeners = new Map(); // eventName -> Set<callback>
-    this.history = []; // Event history para replay
+    this.listeners = new Map();
+    this.history = [];
+
+    // 🔐 SEGURIDAD: Registro de apps autorizadas con tokens
+    this.authorizedApps = new Map(); // appName -> { token, permissions }
+    this.trustedEvents = new Set(['wu:*', 'system:*']); // Eventos del sistema
+
     this.config = {
       maxHistory: 100,
       enableReplay: true,
       enableWildcards: true,
-      logEvents: false
+      logEvents: false,
+      // 🔐 Opciones de seguridad
+      strictMode: false, // Si true, rechaza eventos de apps no autorizadas
+      validateOrigin: true // Valida que appName sea una app registrada
     };
 
     this.stats = {
       emitted: 0,
-      subscriptions: 0
+      subscriptions: 0,
+      rejected: 0 // Eventos rechazados por seguridad
     };
+  }
 
-    console.log('[WuEventBus] 📡 Advanced event bus initialized');
+  /**
+   * 🔐 REGISTER APP: Registrar app autorizada para emitir eventos
+   * @param {string} appName - Nombre de la app
+   * @param {Object} options - { permissions: ['event:*'], token }
+   * @returns {string} Token de autorización
+   */
+  registerApp(appName, options = {}) {
+    const token = options.token || this._generateToken();
+
+    this.authorizedApps.set(appName, {
+      token,
+      permissions: options.permissions || ['*'], // Por defecto puede emitir todo
+      registeredAt: Date.now()
+    });
+
+    return token;
   }
 
   /**
-   * 📢 EMIT: Emitir evento
+   * 🔓 UNREGISTER APP: Desregistrar app
+   * @param {string} appName
+   */
+  unregisterApp(appName) {
+    this.authorizedApps.delete(appName);
+  }
+
+  /**
+   * 🔐 VALIDATE ORIGIN: Verificar que el emisor está autorizado
+   * @param {string} eventName
+   * @param {string} appName
+   * @param {string} token
+   * @returns {boolean}
+   */
+  _validateOrigin(eventName, appName, token) {
+    // Eventos del sistema siempre permitidos
+    if (this._isSystemEvent(eventName)) {
+      return true;
+    }
+
+    // Si no está en modo estricto, permitir todo
+    if (!this.config.strictMode) {
+      return true;
+    }
+
+    // Verificar que la app esté registrada
+    const appInfo = this.authorizedApps.get(appName);
+    if (!appInfo) {
+      return false;
+    }
+
+    // Verificar token si se proporciona
+    if (token && appInfo.token !== token) {
+      return false;
+    }
+
+    // Verificar permisos
+    return this._hasPermission(appInfo.permissions, eventName);
+  }
+
+  /**
+   * 🔐 HAS PERMISSION: Verificar si la app tiene permiso para el evento
+   */
+  _hasPermission(permissions, eventName) {
+    if (permissions.includes('*')) return true;
+
+    return permissions.some(pattern => {
+      if (pattern === eventName) return true;
+      if (pattern.includes('*')) {
+        return this.matchesWildcard(eventName, pattern);
+      }
+      return false;
+    });
+  }
+
+  /**
+   * 🔐 IS SYSTEM EVENT: Verificar si es un evento del sistema
+   */
+  _isSystemEvent(eventName) {
+    return eventName.startsWith('wu:') ||
+           eventName.startsWith('system:') ||
+           eventName.startsWith('app:');
+  }
+
+  /**
+   * 🔐 GENERATE TOKEN: Generar token único
+   */
+  _generateToken() {
+    return `wu_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
+  }
+
+  /**
+   * 📢 EMIT: Emitir evento con validación de origen
    * @param {string} eventName - Nombre del evento
    * @param {*} data - Datos del evento
-   * @param {Object} options - Opciones { appName, timestamp, meta }
+   * @param {Object} options - { appName, timestamp, meta, token }
    */
   emit(eventName, data, options = {}) {
+    const appName = options.appName || 'unknown';
+
+    // 🔐 Validar origen si está habilitado
+    if (this.config.validateOrigin && this.config.strictMode) {
+      if (!this._validateOrigin(eventName, appName, options.token)) {
+        this.stats.rejected++;
+        console.warn(`[WuEventBus] 🚫 Event rejected: ${eventName} from ${appName} (unauthorized)`);
+        return false;
+      }
+    }
+
     const event = {
       name: eventName,
       data,
       timestamp: options.timestamp || Date.now(),
-      appName: options.appName || 'unknown',
-      meta: options.meta || {}
+      appName,
+      meta: options.meta || {},
+      // 🔐 Marcar si el origen fue verificado
+      verified: this.authorizedApps.has(appName)
     };
 
     // Agregar a historial
@@ -71,13 +181,11 @@ export class WuEventBus {
     }
 
     this.stats.emitted++;
+    return true;
   }
 
   /**
    * 👂 ON: Suscribirse a evento
-   * @param {string} eventName - Nombre del evento (puede usar wildcards: 'app.*', '*.update')
-   * @param {Function} callback - Callback a ejecutar
-   * @returns {Function} Función para desuscribirse
    */
   on(eventName, callback) {
     if (!this.listeners.has(eventName)) {
@@ -87,48 +195,36 @@ export class WuEventBus {
     this.listeners.get(eventName).add(callback);
     this.stats.subscriptions++;
 
-    // Retornar función de desuscripción
     return () => this.off(eventName, callback);
   }
 
   /**
    * 🔇 OFF: Desuscribirse de evento
-   * @param {string} eventName - Nombre del evento
-   * @param {Function} callback - Callback a remover
    */
   off(eventName, callback) {
     const listeners = this.listeners.get(eventName);
     if (listeners) {
       listeners.delete(callback);
-
-      // Limpiar si no quedan listeners
       if (listeners.size === 0) {
         this.listeners.delete(eventName);
       }
-
       this.stats.subscriptions--;
     }
   }
 
   /**
    * 🎯 ONCE: Suscribirse una sola vez
-   * @param {string} eventName - Nombre del evento
-   * @param {Function} callback - Callback a ejecutar
-   * @returns {Function} Función para desuscribirse
    */
   once(eventName, callback) {
     const wrappedCallback = (event) => {
       callback(event);
       this.off(eventName, wrappedCallback);
     };
-
     return this.on(eventName, wrappedCallback);
   }
 
   /**
-   * 🌟 WILDCARD LISTENERS: Notificar listeners con wildcards
-   * @param {string} eventName - Nombre del evento emitido
-   * @param {Object} event - Objeto del evento
+   * 🌟 WILDCARD LISTENERS
    */
   notifyWildcardListeners(eventName, event) {
     for (const [pattern, listeners] of this.listeners) {
@@ -145,41 +241,29 @@ export class WuEventBus {
   }
 
   /**
-   * 🎯 MATCHES WILDCARD: Verificar si evento coincide con patrón wildcard
-   * @param {string} eventName - Nombre del evento
-   * @param {string} pattern - Patrón con wildcards
-   * @returns {boolean}
+   * 🎯 MATCHES WILDCARD
    */
   matchesWildcard(eventName, pattern) {
-    // Si no hay wildcard, ya se procesó en listeners exactos
     if (!pattern.includes('*')) return false;
-
-    // Convertir pattern a regex
     const regexPattern = pattern
       .replace(/\./g, '\\.')
       .replace(/\*/g, '.*');
-
     const regex = new RegExp(`^${regexPattern}$`);
     return regex.test(eventName);
   }
 
   /**
-   * 📝 ADD TO HISTORY: Agregar evento al historial
-   * @param {Object} event - Evento
+   * 📝 ADD TO HISTORY
    */
   addToHistory(event) {
     this.history.push(event);
-
-    // Mantener tamaño máximo
     if (this.history.length > this.config.maxHistory) {
       this.history.shift();
     }
   }
 
   /**
-   * 🔄 REPLAY: Reproducir eventos del historial
-   * @param {string} eventNameOrPattern - Nombre o patrón de eventos a reproducir
-   * @param {Function} callback - Callback para cada evento
+   * 🔄 REPLAY
    */
   replay(eventNameOrPattern, callback) {
     const events = this.history.filter(event => {
@@ -189,8 +273,6 @@ export class WuEventBus {
       return event.name === eventNameOrPattern;
     });
 
-    console.log(`[WuEventBus] 🔄 Replaying ${events.length} events for ${eventNameOrPattern}`);
-
     events.forEach(event => {
       try {
         callback(event);
@@ -201,13 +283,11 @@ export class WuEventBus {
   }
 
   /**
-   * 🧹 CLEAR HISTORY: Limpiar historial de eventos
-   * @param {string} eventNameOrPattern - Patrón de eventos a limpiar (opcional)
+   * 🧹 CLEAR HISTORY
    */
   clearHistory(eventNameOrPattern) {
     if (!eventNameOrPattern) {
       this.history = [];
-      console.log('[WuEventBus] 🧹 Event history cleared');
       return;
     }
 
@@ -220,14 +300,14 @@ export class WuEventBus {
   }
 
   /**
-   * 📊 GET STATS: Obtener estadísticas
-   * @returns {Object}
+   * 📊 GET STATS
    */
   getStats() {
     return {
       ...this.stats,
       activeListeners: this.listeners.size,
       historySize: this.history.length,
+      authorizedApps: this.authorizedApps.size,
       listenersByEvent: Array.from(this.listeners.entries()).map(([event, listeners]) => ({
         event,
         listeners: listeners.size
@@ -236,22 +316,31 @@ export class WuEventBus {
   }
 
   /**
-   * ⚙️ CONFIGURE: Configurar event bus
-   * @param {Object} config - Nueva configuración
+   * ⚙️ CONFIGURE
    */
   configure(config) {
-    this.config = {
-      ...this.config,
-      ...config
-    };
+    this.config = { ...this.config, ...config };
+  }
+
+  /**
+   * 🔐 ENABLE STRICT MODE: Activar modo estricto de seguridad
+   */
+  enableStrictMode() {
+    this.config.strictMode = true;
+  }
+
+  /**
+   * 🔓 DISABLE STRICT MODE
+   */
+  disableStrictMode() {
+    this.config.strictMode = false;
   }
 
   /**
-   * 🗑️ REMOVE ALL: Remover todos los listeners
+   * 🗑️ REMOVE ALL
    */
   removeAll() {
     this.listeners.clear();
     this.stats.subscriptions = 0;
-    console.log('[WuEventBus] 🗑️ All listeners removed');
   }
 }

package/src/core/wu-logger.js

@@ -7,7 +7,8 @@ export class WuLogger {
   constructor() {
     // Detectar entorno automáticamente
     this.isDevelopment = this.detectEnvironment();
-    this.logLevel = this.isDevelopment ? 'debug' : 'error';
+    // En desarrollo: warn (menos ruido), en producción: error
+    this.logLevel = this.isDevelopment ? 'warn' : 'error';
 
     this.levels = {
       debug: 0,
@@ -116,4 +117,19 @@ export const wuLog = {
   info: (...args) => logger.wuInfo(...args),
   warn: (...args) => logger.wuWarn(...args),
   error: (...args) => logger.wuError(...args)
-};
+};
+
+/**
+ * 🔇 Silenciar todos los logs de Wu Framework
+ * Útil en producción para eliminar todo el ruido
+ */
+export function silenceAllLogs() {
+  logger.setLevel('silent');
+}
+
+/**
+ * 🔊 Restaurar logs (nivel debug)
+ */
+export function enableAllLogs() {
+  logger.setLevel('debug');
+}