Skip to content

Merge to Main#3

Merged
Nadhila-dot merged 7 commits intomainfrom
dev/uno
Mar 27, 2026
Merged

Merge to Main#3
Nadhila-dot merged 7 commits intomainfrom
dev/uno

Conversation

@Nadhila-dot
Copy link
Copy Markdown
Collaborator

@Nadhila-dot Nadhila-dot commented Mar 27, 2026
edited by coderabbitai Bot
Loading

BenchMarks show that our current implementation in uno is faster and more efficient than main so merging..

Summary by CodeRabbit

Release Notes

  • New Features

    • Added CORS middleware for configurable cross-origin request handling.
    • Added request validation middleware supporting multiple schema formats.
    • Added TypeScript type definitions for improved IDE support and type safety.
    • Added comprehensive example applications demonstrating routing, CORS, error handling, middleware, REST APIs, and validation.

  • Security Improvements

    • Hardened against prototype pollution attacks.
    • Mitigated CRLF injection vulnerabilities in response headers.

  • Performance

    • Optimized request parsing and middleware execution.

  • Chores

    • Updated workflow triggers to run on all branches.

Rishi Yadav and others added 7 commits March 27, 2026 20:19
feat: enterprise hardening - request bodies, radix router, and error …
9bbc978 
…middleware
@Nadhila-dot
Merge pull request #1 from r5shi/feature/enterprise-hardening
a4c4391 
feat: enterprise hardening - request bodies, radix router, and error …
@Nadhila-dot
chore: the workflow is being picky
8c735ef
@Nadhila-dot
Merge branch 'dev/uno' of https://github.com/Nadhila-dot/http-native
77598af 
…into dev/uno
feat!: architecture hardening and enterprise feature suite
d6c5240 
CORE & PERFORMANCE:
- Implement zero-allocation request body parsing in Rust core
- Upgrade router from O(N) linear scan to O(M) Radix Tree
- Optimize binary bridge to support high-throughput body transfers
- Implement buffer pooling for body reads to minimize GC pressure
FEATURES & MIDDLEWARE:
- Add centralized error handling middleware support (app.onError)
- Implement built-in CORS middleware with preflight handling
- Add schema-agnostic validation middleware (Zod/TypeBox compatible)
- Add native support for req.json(), req.text(), and req.body
DEVELOPER EXPERIENCE:
- Provide full TypeScript definitions (index.d.ts)
- Implement self-referencing package exports in package.json
- Add comprehensive examples (REST API, CORS, Validation, Middleware)
SECURITY:
- Add CRLF injection prevention in static response headers
- Implement strict max body size limits (1MB) to prevent DoS
- Fix Rust borrow checker conflicts for safe concurrent body handling
fix
00dafe1
@Nadhila-dot
Merge pull request #2 from r5shi/feature/enterprise-hardening
b8786aa 
Feature/enterprise hardening
@Nadhila-dot Nadhila-dot merged commit c7cc6df into main Mar 27, 2026
2 of 3 checks passed
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Mar 27, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 53ae92b5-9a93-4733-99bb-e7e79ade737f

📥 Commits

Reviewing files that changed from the base of the PR and between 02bdb73 and b8786aa.

⛔ Files ignored due to path filters (1)
  • rust-native/Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (20)
  • .github/workflows/main.yml
  • bench/run.js
  • examples/README.md
  • examples/basic/server.js
  • examples/cors/server.js
  • examples/error-handling/server.js
  • examples/middleware/server.js
  • examples/rest-api/server.js
  • examples/validation/server.js
  • package.json
  • rust-native/Cargo.toml
  • rust-native/src/lib.rs
  • rust-native/src/manifest.rs
  • rust-native/src/router.rs
  • src/bridge.js
  • src/cors.js
  • src/index.d.ts
  • src/index.js
  • src/validate.js
  • testing/better-express
📝 Walkthrough

Walkthrough

This PR substantially refactors the HTTP server framework, introducing HTTP request parsing via httparse, converting parameter routing from linear to radix-tree matching, hardening against prototype pollution and CRLF injection, adding CORS and validation middleware modules, implementing request/response object pooling, and supplementing with comprehensive examples and TypeScript type definitions.

Changes

Cohort / File(s) Summary
Workflow & Tooling
.github/workflows/main.yml, bench/run.js		 Updated workflow triggers to run on all branches; simplified benchmark script by removing "old" engine option and restructuring ternary logic for process spawning.
Package Configuration
package.json, rust-native/Cargo.toml		 Added TypeScript type mappings to exports and new subpath exports for cors and validate modules; removed old-variant benchmark scripts. Added httparse and itoa Rust dependencies with explicit optimization settings.
Rust HTTP Parsing & Routing
rust-native/src/lib.rs, rust-native/src/router.rs		 Replaced manual header parsing with httparse-based ParsedRequest struct; introduced thread-local buffer pooling and two-phase parsing; added explicit security limits. Converted parameter route matching from linear HashMap scanning to O(1) radix-tree traversal; added CRLF-injection header sanitization.
Rust Annotations
rust-native/src/manifest.rs		 Added #[allow(dead_code)] attribute to segment_count field in RouteInput struct.
JavaScript Request Bridge
src/bridge.js		 Hardened against prototype pollution by using Object.create(null), filtering dangerous keys (__proto__, constructor, etc.), and implementing pooled request objects. Refactored to skip CRLF characters in header names/values; simplified JSON serialization by removing custom fast-path serializer.
JavaScript Server Core
src/index.js		 Added response state pooling with acquireResponseState() / releaseResponseState(); hardened headers and locals via Object.create(null). Optimized middleware runner with fast paths for zero/one middleware; added registered onError handler support with environment-aware error serialization.
New Middleware Modules
src/cors.js, src/validate.js		 Added cors() middleware supporting configurable origin matching, credentials, preflight handling, and header exposure. Added validate() middleware with pluggable schema support (Zod-like safeParse(), parse(), or Joi-style validate()); responds with field-level error details on validation failure.
Type Definitions
src/index.d.ts		 Introduced comprehensive TypeScript declarations for Request, Response, middleware/handler types, server configuration, optimization introspection, and application API; typed exports for createApp(), cors(), and validate().
Example Servers
examples/README.md, examples/basic/server.js, examples/cors/server.js, examples/error-handling/server.js, examples/middleware/server.js, examples/rest-api/server.js, examples/validation/server.js		 Added documentation and seven runnable server examples demonstrating basic routing with params/query, CORS middleware configuration, custom error class hierarchy with global error handling, middleware composition (auth, logging, request ID), CRUD todo REST API with in-memory store, and request validation with custom schemas.
Repository Housekeeping
testing/better-express		 Removed submodule reference.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~70 minutes

Poem

🐰 Hopping through the code so keen,
New routes parsed, the fastest seen,
CORS and validation standing tall,
Request pools and radix trees enthrall!
Security hardened, examples bright,
This framework bounces to new heights! 🌟

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dev/uno

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

This was referenced Mar 28, 2026
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Nadhila-dot