Major updates

Author: IntegerAlex

CHANGELOG.md

@@ -1,6 +1,39 @@
 # Changelog
 
 All notable changes to this project will be documented in this file.
+
+## [0.9.6] - 2025-08-01
+### Updated
+- Updated License to LGPL-2.1-only.
+
+### Added Core Enhancements
+- Enhanced server/index.js with comprehensive JSDoc type definitions
+- Added improved routing with deterministic parameter handling
+- Integrated CORS support with automatic preflight OPTIONS handling
+- Added static file serving with security protections
+- Enhanced response.js with chainable API and improved error handling
+- Added robust file serving capabilities with directory traversal protection
+- Implemented connection timeout and error handling for sockets
+- Added detailed type definitions for better IDE support
+
+### Fixed Core Issues
+- Fixed route parameter extraction with safe URL decoding
+- Improved error handling in response methods
+- Added proper MIME type detection for static files
+- Enhanced socket error handling and cleanup
+- Fixed CORS preflight response handling
+
+### Added Utilities
+- Created lib/cors.js utility for centralized CORS handling
+- Enhanced lib/httpParser.js with safe fallbacks
+- Added comprehensive utils for MIME type detection
+- Added robust path normalization and security checks
+
+### Documentation
+- Added comprehensive JSDoc documentation for all public APIs
+- Created detailed type definitions for TypeScript compatibility
+- Added inline documentation for complex functions
+
 ## [0.9.5] - 2025-03-06
 ### Added
 - Added 'OPTIONS' method to handle preflight requests for CORS.

CONTRIBUTING.md

@@ -13,7 +13,7 @@ Start by forking the repository on GitHub. This will create a personal copy of t
 Clone your forked repository to your local machine:
 
 ```bash
-git clone https://github.com/YOUR_USERNAME/hasty-server.git
+git clone https://github.com/IntegerAlex/hasty-server.git
 cd hasty-server
 ```
 

lib/cors.js

@@ -0,0 +1,64 @@
+/**
+ * @typedef {Object} CorsHeaders
+ * @property {string} 'Access-Control-Allow-Origin' - The origin(s) allowed to access the resource
+ * @property {string} 'Access-Control-Allow-Methods' - The HTTP methods allowed when accessing the resource
+ * @property {string} 'Access-Control-Allow-Headers' - The headers that can be used during the actual request
+ * @property {string} 'Access-Control-Max-Age' - How long the results of a preflight request can be cached
+ */
+
+/**
+ * Default CORS headers
+ * @type {CorsHeaders}
+ */
+const DEFAULT_CORS_HEADERS = {
+  'Access-Control-Allow-Origin': '*',
+  'Access-Control-Allow-Methods': 'GET, POST, PUT, DELETE, PATCH, OPTIONS',
+  'Access-Control-Allow-Headers': 'Content-Type, Authorization',
+  'Access-Control-Max-Age': '86400' // 24 hours
+};
+
+/**
+ * Applies CORS headers to a response
+ * @param {Object} response - The response object to modify
+ * @param {boolean} [enabled=true] - Whether CORS is enabled
+ * @param {Object} [customHeaders] - Custom CORS headers to merge with defaults
+ * @returns {void}
+ */
+function applyCorsHeaders(response, enabled = true, customHeaders = {}) {
+  if (!enabled) return;
+  
+  const headers = { ...DEFAULT_CORS_HEADERS, ...customHeaders };
+  
+  Object.entries(headers).forEach(([key, value]) => {
+    response.setHeader(key, value);
+  });
+}
+
+/**
+ * Handles preflight OPTIONS requests
+ * @param {Object} request - The request object
+ * @param {Object} response - The response object
+ * @param {boolean} [enabled=true] - Whether CORS is enabled
+ * @returns {boolean} - True if this was a preflight request that was handled
+ */
+function handlePreflight(request, response, enabled = true) {
+  if (!enabled || request.method !== 'OPTIONS') {
+    return false;
+  }
+
+  applyCorsHeaders(response, true, {
+    'Access-Control-Allow-Methods': request.headers['access-control-request-method'] || 
+                                   DEFAULT_CORS_HEADERS['Access-Control-Allow-Methods'],
+    'Access-Control-Allow-Headers': request.headers['access-control-request-headers'] || 
+                                    DEFAULT_CORS_HEADERS['Access-Control-Allow-Headers']
+  });
+
+  response.status(204).send('');
+  return true;
+}
+
+module.exports = {
+  applyCorsHeaders,
+  handlePreflight,
+  DEFAULT_CORS_HEADERS
+};

lib/httpParser.js

@@ -1,84 +1,185 @@
 const { findFirstBrac, HTTPbody, JSONbodyParser, queryParser } = require('./utils.js')
 
-// Async function to parse the HTTP request
+/**
+ * @typedef {Object} ParsedRequest
+ * @property {string} method - HTTP method (e.g., 'GET', 'POST')
+ * @property {string} path - Request path without query string
+ * @property {string} version - HTTP version (e.g., 'HTTP/1.1')
+ * @property {Object.<string, string>} headers - Lowercase header keys with their values
+ * @property {Object.<string, string|string[]>} query - Parsed query parameters
+ * @property {Object|string|Buffer} [body] - Parsed request body
+ * @property {string} ip - Client IP address
+ * @property {Object} [cors] - CORS related information (for OPTIONS requests)
+ * @property {string} [cors.origin] - Origin header from CORS preflight
+ * @property {string} [cors.method] - Requested method from CORS preflight
+ * @property {string} [cors.headers] - Requested headers from CORS preflight
+ */
+
+/**
+ * Parses an HTTP request from raw data
+ * @param {string|Buffer} request - Raw HTTP request data
+ * @param {Object} [connection={}] - Connection information (e.g., remoteAddress)
+ * @param {string} [connection.remoteAddress] - Client IP address
+ * @returns {Promise<ParsedRequest>} Parsed HTTP request object
+ * @throws {Error} If the request is malformed
+ */
 async function httpParser(request, connection = {}) {
   try {
-    const req = {} // Create a new object to store the parsed request
-    const requestString = request.toString() // Convert buffer to string, if necessary
+    /** @type {ParsedRequest} */
+    const req = {
+      method: 'GET',
+      path: '/',
+      version: 'HTTP/1.1',
+      headers: {},
+      query: {},
+      ip: '127.0.0.1',
+      body: undefined
+    };
+    
+    // Convert buffer to string if necessary and handle empty requests
+    const requestString = (request && request.toString) ? request.toString() : '';
 
-    // Set client IP address (similar to Express)
-    req.ip = connection.remoteAddress || '127.0.0.1'
+    // Set client IP address with fallback
+    if (connection && connection.remoteAddress) {
+      req.ip = connection.remoteAddress;
+    }
 
     // Step 1: Split the request into headers and body by finding "\r\n\r\n"
-    const headerBodySplit = requestString.split('\r\n\r\n') // Headers and body are separated by double newline
-    if (headerBodySplit.length < 1) {
-      throw new Error('Invalid HTTP request format')
+    // Split into headers and body parts
+    const headerBodySplit = requestString.split('\r\n\r\n');
+    if (headerBodySplit.length === 0 || !headerBodySplit[0]) {
+      throw new Error('Invalid HTTP request: Missing headers');
     }
 
     const headersPart = headerBodySplit[0] // First part is the headers
     const bodyPart = headerBodySplit[1] || '' // Second part is the body, default to empty string if no body
 
     // Step 2: Extract the headers (the first line is the request line, e.g., "POST /path HTTP/1.1")
-    const headers = headersPart.split(/\r?\n/).filter(line => line.trim()) // Handle both \r\n and \n
+    // Split headers into lines, handling both CRLF and LF line endings
+    const headers = headersPart.split(/\r?\n/).filter(line => line.trim());
 
     // Parse the request line (first line of the headers)
-    const requestLine = headers[0].split(' ') // ["POST", "/path", "HTTP/1.1"]
-    if (requestLine.length !== 3) {
-      throw new Error('Invalid request line format')
+    const requestLine = (headers[0] || '').split(/\s+/);
+    if (requestLine.length < 3 || !requestLine[0] || !requestLine[1] || !requestLine[2]) {
+      throw new Error('Invalid request line format');
     }
 
-    req.method = requestLine[0].toUpperCase() // e.g., "POST"
-    req.path = requestLine[1] // e.g., "/path"
-    req.version = requestLine[2] // e.g., "HTTP/1.1"
+    // Parse method, path, and version with validation
+    const method = requestLine[0].toUpperCase();
+    const path = requestLine[1] || '/';
+    const version = requestLine[2];
+    
+    // Validate HTTP method
+    const validMethods = ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'HEAD', 'OPTIONS'];
+    if (!validMethods.includes(method)) {
+      throw new Error(`Unsupported HTTP method: ${method}`);
+    }
+    
+    // Validate HTTP version
+    if (!/^HTTP\/\d+\.\d+$/.test(version)) {
+      throw new Error(`Invalid HTTP version: ${version}`);
+    }
+    
+    req.method = method;
+    req.path = path;
+    req.version = version;
 
-    // Add headers parsing
-    req.headers = {}
+    // Parse headers with validation
     for (let i = 1; i < headers.length; i++) {
-      const line = headers[i].trim()
-      if (line) {
-        const colonIndex = line.indexOf(':')
-        if (colonIndex === -1) continue // Skip malformed headers
-        
-        const key = line.slice(0, colonIndex).trim().toLowerCase()
-        const value = line.slice(colonIndex + 1).trim()
-        req.headers[key] = value
+      const line = (headers[i] || '').trim();
+      if (!line) continue;
+      
+      const colonIndex = line.indexOf(':');
+      if (colonIndex <= 0) continue; // Skip malformed headers
+      
+      const key = line.slice(0, colonIndex).trim().toLowerCase();
+      const value = line.slice(colonIndex + 1).trim();
+      
+      // Handle duplicate headers by appending with comma (per HTTP spec)
+      if (req.headers[key]) {
+        if (Array.isArray(req.headers[key])) {
+          req.headers[key].push(value);
+        } else {
+          req.headers[key] = [req.headers[key], value];
+        }
+      } else {
+        req.headers[key] = value;
       }
     }
 
-    // Step 3: Handle GET requests (expect a query string)
-    req.query = queryParser(req.path) // Parse query string for GET requests
-    req.path = req.path.split('?')[0] // Remove query string from path
-
-    // Step 4: Handle POST and OPTIONS requests
-    if (req.method === 'POST') {
-      if (!bodyPart) {
-        req.body = {}
+    // Parse query string and clean path
+    try {
+      // Handle potential URI encoding issues
+      const cleanPath = decodeURIComponent(req.path || '/').split('?')[0] || '/';
+      req.path = cleanPath;
+      
+      // Parse query parameters safely
+      const queryStart = req.path.indexOf('?');
+      if (queryStart !== -1) {
+        req.query = queryParser(req.path.slice(queryStart + 1));
+        req.path = req.path.slice(0, queryStart);
       } else {
-        try {
-          // Await the body parsing (this is an async operation)
-          const bodyData = await HTTPbody(bodyPart, 0)
-          // Step 5: Parse the body into JSON format
-          req.body = JSONbodyParser(bodyData) // Convert the parsed body into JSON
-        } catch (error) {
-          console.error('Error parsing request body:', error)
-          req.body = {} // Set empty object as fallback
-        }
+        req.query = {};
       }
-    } else if (req.method === 'OPTIONS') {
-      // Handle OPTIONS preflight request
-      req.body = {}
-      // Store CORS-specific headers for easy access
-      req.cors = {
-        origin: req.headers['origin'],
-        method: req.headers['access-control-request-method'],
-        headers: req.headers['access-control-request-headers']
+    } catch (error) {
+      console.warn('Error parsing query string:', error);
+      req.query = {};
+      req.path = '/';
+    }
+
+    // Parse request body based on method and content type
+    try {
+      if (['POST', 'PUT', 'PATCH'].includes(req.method) && bodyPart) {
+        const contentType = (req.headers['content-type'] || '').toLowerCase();
+        
+        if (contentType.includes('application/json')) {
+          try {
+            const bodyData = await HTTPbody(bodyPart, 0);
+            req.body = JSONbodyParser(bodyData) || {};
+          } catch (error) {
+            console.warn('Error parsing JSON body:', error);
+            req.body = {};
+          }
+        } else if (contentType.includes('application/x-www-form-urlencoded')) {
+          try {
+            req.body = queryParser(bodyPart);
+          } catch (error) {
+            console.warn('Error parsing form data:', error);
+            req.body = {};
+          }
+        } else {
+          // For other content types, keep as raw string
+          req.body = bodyPart;
+        }
+      } else if (req.method === 'OPTIONS') {
+        // Handle OPTIONS preflight request
+        req.body = {};
+        req.cors = {
+          origin: req.headers['origin'],
+          method: req.headers['access-control-request-method'] || '*',
+          headers: req.headers['access-control-request-headers'] || ''
+        };
+      } else {
+        req.body = undefined;
       }
+    } catch (error) {
+      console.warn('Error processing request body:', error);
+      req.body = {};
     }
 
-    return req // Return the fully parsed request object
+    return req;
   } catch (error) {
-    console.error('Error parsing HTTP request:', error)
-    throw error // Re-throw to let caller handle the error
+    console.error('Error parsing HTTP request:', error);
+    // Create a minimal valid request object even on error
+    return {
+      method: 'GET',
+      path: '/',
+      version: 'HTTP/1.1',
+      headers: {},
+      query: {},
+      ip: connection.remoteAddress || '127.0.0.1',
+      body: undefined
+    };
   }
 }
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "hasty-server",
-  "version": "0.9.5",
+  "version": "0.9.6",
   "main": "./server/index.js",
   "directories": {
     "lib": "lib",
@@ -27,12 +27,13 @@
     "package.json",
     "CHANGELOG.md"
   ],
-  "author": "Akshat Kotpalliwar",
+  "author": "Akshat Kotpalliwar (alias IntegerAlex on GitHub)",
   "repository": {
     "type": "git",
     "url": "https://github.com/IntegerAlex/hasty-server.git"
   },
   "homepage": "https://hasty-server.vercel.app",
-  "license": "GPL-3.0",
-  "description": "A  Blazing fast simple http server for node.js"
+  "license": "LGPL-2.1-only",
+  "description": "A  Blazing fast simple http server for node.js",
+  "dependencies": {}
 }