zero-http 0.2.4 → 0.3.1

package/documentation/config/db.js

@@ -0,0 +1,25 @@
+const path = require('path');
+const { Database } = require('../..');
+const Task = require('../models/Task');
+
+/**
+ * Connect to the database, register all models, and sync tables.
+ * Uses SQLite with a Database/ folder for file‑based persistence.
+ * Returns the Database instance for reuse.
+ */
+function initDatabase()
+{
+    const db = Database.connect('sqlite', {
+        filename: path.join(__dirname, '..', 'Database', 'tasks.db'),
+    });
+
+    // Register models
+    db.register(Task);
+
+    // Sync tables (non-blocking)
+    db.sync().then(() => console.log('ORM: SQLite tasks.db ready'));
+
+    return db;
+}
+
+module.exports = { initDatabase };

package/documentation/config/middleware.js

@@ -0,0 +1,44 @@
+const path = require('path');
+const {
+    cors, json, urlencoded, text,
+    static: serveStatic, logger, compress,
+    helmet, timeout, requestId, cookieParser
+} = require('../..');
+
+/**
+ * Register the standard middleware stack on the app.
+ * Order matters — security & utility first, then parsers, then static.
+ */
+function applyMiddleware(app)
+{
+    app.use(logger({ format: 'dev' }));
+    app.use(requestId());
+    app.use(helmet({
+        contentSecurityPolicy: {
+            directives: {
+                defaultSrc: ["'self'"],
+                baseUri: ["'self'"],
+                scriptSrc: ["'self'", "'unsafe-inline'"],
+                scriptSrcAttr: ["'none'"],
+                styleSrc: ["'self'", "'unsafe-inline'"],
+                connectSrc: ["'self'", 'wss:', 'ws:'],
+                imgSrc: ["'self'", 'data:'],
+                fontSrc: ["'self'", 'https:', 'data:'],
+                formAction: ["'self'"],
+                frameAncestors: ["'self'"],
+                objectSrc: ["'none'"],
+                upgradeInsecureRequests: []
+            }
+        }
+    }));
+    app.use(cors());
+    app.use(compress());
+    app.use(timeout(30000));
+    app.use(cookieParser());
+    app.use(json());
+    app.use(urlencoded());
+    app.use(text());
+    app.use(serveStatic(path.join(__dirname, '..', 'public')));
+}
+
+module.exports = { applyMiddleware };

package/documentation/config/tls.js

@@ -0,0 +1,12 @@
+const fs = require('fs');
+
+const CERT_PATH = '/www/server/panel/vhost/cert/z-http.com/fullchain.pem';
+const KEY_PATH  = '/www/server/panel/vhost/cert/z-http.com/privkey.pem';
+
+const hasCerts = fs.existsSync(CERT_PATH) && fs.existsSync(KEY_PATH);
+
+const tlsOpts = hasCerts
+    ? { cert: fs.readFileSync(CERT_PATH), key: fs.readFileSync(KEY_PATH) }
+    : undefined;
+
+module.exports = { hasCerts, tlsOpts };

package/documentation/controllers/cookies.js

@@ -0,0 +1,34 @@
+exports.list = (req, res) =>
+{
+    res.json({
+        cookies: req.cookies || {},
+        signedCookies: req.signedCookies || {},
+    });
+};
+
+exports.set = (req, res) =>
+{
+    const { name, value, options } = req.body || {};
+    if (!name || typeof name !== 'string')
+        return res.status(400).json({ error: 'name is required' });
+
+    const val = value != null ? value : '';
+    const opts = {};
+    if (options)
+    {
+        if (options.maxAge != null) opts.maxAge = Number(options.maxAge);
+        if (options.httpOnly != null) opts.httpOnly = Boolean(options.httpOnly);
+        if (options.secure != null) opts.secure = Boolean(options.secure);
+        if (options.sameSite) opts.sameSite = String(options.sameSite);
+        if (options.path) opts.path = String(options.path);
+        if (options.signed) opts.signed = true;
+    }
+    res.cookie(name, typeof val === 'object' ? val : String(val), opts);
+    res.json({ set: name, value: val, options: opts });
+};
+
+exports.clear = (req, res) =>
+{
+    res.clearCookie(req.params.name);
+    res.json({ cleared: req.params.name });
+};

package/documentation/controllers/tasks.js

@@ -0,0 +1,108 @@
+const Task = require('../models/Task');
+
+const VALID_STATUSES = ['pending', 'in-progress', 'done'];
+
+function clampPriority(v) { return Math.max(0, Math.min(5, Number(v) || 0)); }
+
+exports.list = async (req, res) =>
+{
+    try
+    {
+        let q = Task.query();
+        if (req.query.status) q = q.where('status', '=', req.query.status);
+        if (req.query.priority) q = q.where('priority', '>=', Number(req.query.priority));
+        if (req.query.scope) q = q.scope(req.query.scope);
+        if (req.query.search) q = q.whereLike('title', `%${req.query.search}%`);
+        q = q.orderBy(req.query.sort || 'createdAt', req.query.order || 'desc');
+        const tasks = await q.exec();
+        const count = await Task.count();
+        res.json({ tasks, total: count });
+    }
+    catch (e) { res.status(500).json({ error: e.message }); }
+};
+
+exports.create = async (req, res) =>
+{
+    try
+    {
+        const { title, status, priority } = req.body || {};
+        if (!title || typeof title !== 'string' || !title.trim())
+            return res.status(400).json({ error: 'title is required' });
+
+        const task = await Task.create({
+            title: title.trim().slice(0, 200),
+            status: VALID_STATUSES.includes(status) ? status : 'pending',
+            priority: clampPriority(priority),
+        });
+        res.status(201).json({ task });
+    }
+    catch (e) { res.status(500).json({ error: e.message }); }
+};
+
+exports.update = async (req, res) =>
+{
+    try
+    {
+        const task = await Task.findById(Number(req.params.id));
+        if (!task) return res.status(404).json({ error: 'not found' });
+
+        const updates = {};
+        if (req.body.title != null) updates.title = String(req.body.title).trim().slice(0, 200);
+        if (req.body.status != null && VALID_STATUSES.includes(req.body.status)) updates.status = req.body.status;
+        if (req.body.priority != null) updates.priority = clampPriority(req.body.priority);
+        await task.update(updates);
+        res.json({ task });
+    }
+    catch (e) { res.status(500).json({ error: e.message }); }
+};
+
+exports.remove = async (req, res) =>
+{
+    try
+    {
+        const task = await Task.findById(Number(req.params.id));
+        if (!task) return res.status(404).json({ error: 'not found' });
+        await task.delete();
+        res.json({ deleted: true, id: Number(req.params.id) });
+    }
+    catch (e) { res.status(500).json({ error: e.message }); }
+};
+
+exports.restore = async (req, res) =>
+{
+    try
+    {
+        const rows = await Task.query().withDeleted().where('id', '=', Number(req.params.id)).exec();
+        const task = rows[0];
+        if (!task) return res.status(404).json({ error: 'not found' });
+        if (task.restore) await task.restore();
+        res.json({ task });
+    }
+    catch (e) { res.status(500).json({ error: e.message }); }
+};
+
+exports.removeAll = async (req, res) =>
+{
+    try
+    {
+        const all = await Task.find();
+        for (const t of all) await t.delete();
+        res.json({ deleted: all.length });
+    }
+    catch (e) { res.status(500).json({ error: e.message }); }
+};
+
+exports.stats = async (req, res) =>
+{
+    try
+    {
+        const total = await Task.count();
+        const pending = await Task.count({ status: 'pending' });
+        const inProgress = await Task.count({ status: 'in-progress' });
+        const done = await Task.count({ status: 'done' });
+        const avgPriority = await Task.query().avg('priority');
+        const maxPriority = await Task.query().max('priority');
+        res.json({ total, pending, inProgress, done, avgPriority: avgPriority || 0, maxPriority: maxPriority || 0 });
+    }
+    catch (e) { res.status(500).json({ error: e.message }); }
+};

package/documentation/full-server.js

@@ -1,6 +1,6 @@
 /**
  * zero-http full-server example
- * Organized with controllers and JSDoc comments for clarity and maintainability.
+ * Clean entry point — config, middleware, and routes are in separate modules.
  */
 
 // --- Crash protection ---
@@ -8,183 +8,34 @@ process.on('uncaughtException', (err) => { console.error('[UNCAUGHT]', err); });
 process.on('unhandledRejection', (err) => { console.error('[UNHANDLED]', err); });
 
 const path = require('path');
-const fs = require('fs');
-const os = require('os');
-const { createApp, cors, json, urlencoded, text, raw, multipart, static: serveStatic, fetch, logger, compress, Router } = require('..');
+const { createApp, env, fetch } = require('..');
 
-// --- App Initialization ---
-const app = createApp();
-app.use(logger({ format: 'dev' }));
-app.use(cors());
-app.use(compress());
-app.use(json());
-app.use(urlencoded());
-app.use(text());
-app.use(serveStatic(path.join(__dirname, 'public')));
-
-// --- Controllers ---
-const rootController = require('./controllers/root');
-const headersController = require('./controllers/headers');
-const echoController = require('./controllers/echo');
-const uploadsController = require('./controllers/uploads');
-
-// --- Core Routes ---
-app.get('/', rootController.getRoot);
-app.get('/headers', headersController.getHeaders);
-app.post('/echo-json', echoController.echoJson);
-app.post('/echo', echoController.echo);
-app.post('/echo-urlencoded', echoController.echoUrlencoded);
-app.post('/echo-text', echoController.echoText);
-app.post('/echo-raw', raw(), echoController.echoRaw);
-
-// --- Uploads and Trash ---
-const uploadsDir = path.join(__dirname, 'uploads');
-uploadsController.ensureUploadsDir(uploadsDir);
-
-// Serve uploaded files from /uploads path using built-in path-prefix middleware
-app.use('/uploads', serveStatic(uploadsDir));
-
-// Upload, delete, restore, and trash routes
-app.post('/upload', multipart({ maxFileSize: 5 * 1024 * 1024, dir: uploadsDir }), uploadsController.upload(uploadsDir));
-app.delete('/uploads/:name', uploadsController.deleteUpload(uploadsDir));
-app.delete('/uploads', uploadsController.deleteAllUploads(uploadsDir));
-app.post('/uploads/:name/restore', uploadsController.restoreUpload(uploadsDir));
-app.get('/uploads-trash-list', uploadsController.listTrash(uploadsDir));
-app.delete('/uploads-trash/:name', uploadsController.deleteTrashItem(uploadsDir));
-app.delete('/uploads-trash', uploadsController.emptyTrash(uploadsDir));
-
-// --- Trash Retention ---
-const TRASH_RETENTION_DAYS = Number(process.env.TRASH_RETENTION_DAYS || 7);
-const TRASH_RETENTION_MS = TRASH_RETENTION_DAYS * 24 * 60 * 60 * 1000;
-
-function autoEmptyTrash()
-{
-    try
-    {
-        const trash = path.join(uploadsDir, '.trash');
-        if (!fs.existsSync(trash)) return;
-        const now = Date.now();
-        const removed = [];
-        for (const f of fs.readdirSync(trash))
-        {
-            try
-            {
-                const p = path.join(trash, f);
-                const st = fs.statSync(p);
-                if (now - st.mtimeMs > TRASH_RETENTION_MS)
-                {
-                    fs.unlinkSync(p);
-                    removed.push(f);
-                    try { fs.unlinkSync(path.join(trash, '.thumbs', f + '-thumb.svg')); } catch (e) { }
-                }
-            } catch (e) { }
-        }
-        if (removed.length) console.log(`autoEmptyTrash: removed ${removed.length} file(s)`);
-    } catch (e) { console.error('autoEmptyTrash error:', e); }
-}
-
-autoEmptyTrash();
-setInterval(autoEmptyTrash, 24 * 60 * 60 * 1000).unref();
-
-// --- Uploads Listings ---
-app.get('/uploads-list', uploadsController.listUploads(uploadsDir));
-app.get('/uploads-all', uploadsController.listAll(uploadsDir));
-
-// --- Temp Cleanup ---
-const cleanupController = require('./controllers/cleanup');
-app.post('/cleanup', cleanupController.cleanup(path.join(os.tmpdir(), 'zero-http-uploads')));
-
-// --- Proxy ---
-const proxyController = require('./controllers/proxy');
-const proxyFetch = (typeof globalThis !== 'undefined' && globalThis.fetch) || fetch;
-app.get('/proxy', proxyController.proxy(proxyFetch));
-
-// --- WebSocket Chat ---
-const wsClients = new Set();
-
-app.ws('/ws/chat', { maxPayload: 64 * 1024, pingInterval: 25000 }, (ws, req) =>
-{
-    ws.data.name = ws.query.name || 'anon';
-    wsClients.add(ws);
-    ws.send(JSON.stringify({ type: 'system', text: 'Welcome, ' + ws.data.name + '!' }));
-
-    // Broadcast join
-    for (const c of wsClients)
-    {
-        if (c !== ws && c.readyState === 1)
-            c.send(JSON.stringify({ type: 'system', text: ws.data.name + ' joined' }));
-    }
-
-    ws.on('message', (msg) =>
-    {
-        // Broadcast to all clients including sender
-        const payload = JSON.stringify({ type: 'message', name: ws.data.name, text: String(msg) });
-        for (const c of wsClients)
-        {
-            if (c.readyState === 1) c.send(payload);
-        }
-    });
-
-    ws.on('close', () =>
-    {
-        wsClients.delete(ws);
-        for (const c of wsClients)
-        {
-            if (c.readyState === 1)
-                c.send(JSON.stringify({ type: 'system', text: ws.data.name + ' left' }));
-        }
-    });
-});
-
-// --- Server-Sent Events ---
-const sseClients = new Set();
-
-app.get('/sse/events', (req, res) =>
-{
-    const sse = res.sse({ retry: 5000, autoId: true, keepAlive: 30000 });
-    sseClients.add(sse);
-    sse.send({ type: 'connected', clients: sseClients.size });
+// --- Environment ---
+env.load(path.join(__dirname, '..', '.env'));
 
-    sse.on('close', () => sseClients.delete(sse));
-});
-
-app.post('/sse/broadcast', (req, res) =>
-{
-    const data = req.body || {};
-    for (const sse of sseClients)
-    {
-        sse.event('broadcast', data);
-    }
-    res.json({ sent: sseClients.size });
-});
-
-// --- Router Demo (API sub-app) ---
-const apiRouter = Router();
+// --- App ---
+const app = createApp();
 
-apiRouter.get('/health', (req, res) => res.json({ status: 'ok', uptime: process.uptime() }));
-apiRouter.get('/info', (req, res) => res.json({
-    secure: req.secure,
-    protocol: req.protocol,
-    ip: req.ip,
-    method: req.method,
-    url: req.url
-}));
+// --- Middleware ---
+const { applyMiddleware } = require('./config/middleware');
+applyMiddleware(app);
 
-app.use('/api', apiRouter);
+// --- Routes ---
+require('./routes/core')(app);
+require('./routes/uploads')(app);
+require('./routes/realtime')(app);
+require('./routes/playground')(app);
+require('./routes/api')(app);
 
-// --- Route introspection ---
-app.get('/debug/routes', (req, res) =>
-{
-    res.set('Content-Type', 'application/json');
-    res.send(JSON.stringify(app.routes(), null, 2));
-});
+// --- TLS ---
+const { hasCerts, tlsOpts } = require('./config/tls');
 
-
-// --- Server Startup ---
-const port = process.env.PORT || 3000;
-const server = app.listen(port, () =>
+// --- Start ---
+const port = process.env.PORT || 7273;
+app.listen(port, tlsOpts, () =>
 {
-    console.log(`zero-http full-server listening on http://localhost:${port}`);
+    const proto = hasCerts ? 'https' : 'http';
+    console.log(`zero-http full-server listening on ${proto}://localhost:${port}`);
     if (process.argv.includes('--test')) runTests(port).catch(console.error);
 });
 
@@ -192,14 +43,14 @@ const server = app.listen(port, () =>
 async function runTests(port)
 {
     const proto = hasCerts ? 'https' : 'http';
-    const base = `${proto}://localhost:${port}`;
+    const base  = `${proto}://localhost:${port}`;
     console.log('running smoke tests against', base);
 
     const doReq = async (label, promise) =>
     {
         try
         {
-            const r = await promise;
+            const r  = await promise;
             const ct = r.headers.get('content-type') || '';
             const body = ct.includes('json') ? await r.json() : await r.text();
             console.log(` ${label}`, r.status, JSON.stringify(body));
@@ -207,10 +58,10 @@ async function runTests(port)
         catch (e) { console.error(` ${label} error:`, e.message); }
     };
 
-    await doReq('GET /', fetch(base + '/'));
-    await doReq('POST /echo-json', fetch(base + '/echo-json', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ a: 1 }) }));
+    await doReq('GET /',               fetch(base + '/'));
+    await doReq('POST /echo-json',     fetch(base + '/echo-json',     { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ a: 1 }) }));
     await doReq('POST /echo-urlencoded', fetch(base + '/echo-urlencoded', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: 'foo=bar' }));
-    await doReq('POST /echo-text', fetch(base + '/echo-text', { method: 'POST', headers: { 'Content-Type': 'text/plain' }, body: 'hello' }));
-    await doReq('GET /headers', fetch(base + '/headers'));
+    await doReq('POST /echo-text',     fetch(base + '/echo-text',     { method: 'POST', headers: { 'Content-Type': 'text/plain' }, body: 'hello' }));
+    await doReq('GET /headers',        fetch(base + '/headers'));
     console.log('smoke tests complete');
 }

package/documentation/models/Task.js

@@ -0,0 +1,21 @@
+const { Model, TYPES } = require('../..');
+
+class Task extends Model
+{
+    static table = 'tasks';
+    static timestamps = true;
+    static softDelete = true;
+    static schema = {
+        id:       { type: TYPES.INTEGER, primaryKey: true, autoIncrement: true },
+        title:    { type: TYPES.STRING, required: true, maxLength: 200 },
+        status:   { type: TYPES.STRING, default: 'pending', enum: ['pending', 'in-progress', 'done'] },
+        priority: { type: TYPES.INTEGER, default: 0, min: 0, max: 5 },
+    };
+    static scopes = {
+        active: (q) => q.where('status', '!=', 'done'),
+        done:   (q) => q.where('status', '=', 'done'),
+        highPriority: (q) => q.where('priority', '>=', 3),
+    };
+}
+
+module.exports = Task;