Conversation
…utes to serve static content
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Fix table body never being JSON-encoded (impossible condition on http.lua:125) - Fix variable shadowing that overwrote encoded body (http.lua:130) - Remove hardcoded SSL middleware auto-registration from Run() - Remove unused ssl require from init.lua Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add PudimServer.cors with createConfig, buildHeaders, preflightResponse - Support AllowOrigins, AllowMethods, AllowHeaders, ExposeHeaders, AllowCredentials and MaxAge options - Automatic preflight (OPTIONS) handling Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add PudimServer.pipeline with use, remove and execute methods - Handlers receive (req, res, next) and support short-circuit - Handlers run in registration order before the route handler Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add PudimServer.cache with get, set, invalidate, clear methods - Automatic eviction when MaxSize is reached - TTL-based expiration on get - createPipelineHandler for pipeline integration (caches GET only) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add tests for utils (createInterface, verifyTypes, loadMessageOnChange, file I/O) - Add tests for http (ParseRequest, response, JSON encoding) - Add tests for ServerChecks (is_Port_Open) - Add tests for cors (createConfig, buildHeaders, preflightResponse) - Add tests for pipeline (use, remove, execute, short-circuit) - Add tests for cache (get/set, TTL, eviction, pipeline handler) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- json_response_example: auto JSON encoding - cors_example: CORS with defaults - cors_restricted_example: CORS with restricted origins - pipeline_example: logger, auth and custom header handlers - cache_example: pipeline cache and manual cache usage Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Rewrite README.md and README_PT-BR.MD with CORS, pipeline and cache docs - Update roadmap with implemented features - Add examples section - Add .github/copilot-instructions.md for Copilot context Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR adds comprehensive new features to PudimServer including CORS support, a request/response pipeline system, and in-memory caching, along with critical bug fixes for JSON encoding and SSL middleware removal. The changes include 77 unit tests, updated documentation in English and Portuguese, and 5 functional examples.
Changes:
- Bug fixes: Fixed JSON auto-encoding condition that prevented table bodies from being encoded, removed hardcoded SSL middleware that caused crashes
- CORS support: New
PudimServer.corsmodule with configurable origins, methods, headers, credentials, and automatic preflight handling viaEnableCors() - Pipeline system: New
PudimServer.pipelinemodule enabling middleware chains at HTTP level withUseHandler()/RemoveHandler()supporting short-circuit - Cache system: New
PudimServer.cachemodule providing TTL-based in-memory response caching with eviction and pipeline integration - Comprehensive tests: 77 unit tests with busted covering all modules
- Documentation: Rewritten READMEs, 5 functional examples, developer instructions, updated rockspecs
Reviewed changes
Copilot reviewed 28 out of 29 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| spec/utils_spec.lua | 152-line test suite for utils module covering interfaces, type verification, and file I/O |
| spec/pipeline_spec.lua | 175-line test suite for pipeline covering handler execution, ordering, and short-circuit behavior |
| spec/http_spec.lua | 105-line test suite for HTTP parsing and response building, including JSON encoding tests |
| spec/cors_spec.lua | 115-line test suite for CORS config creation, header building, and preflight responses |
| spec/cache_spec.lua | 166-line test suite for cache get/set, TTL expiration, eviction, and pipeline integration |
| spec/ServerChecks_spec.lua | 37-line test suite for port availability checking |
| rockspecs/pudimserver-0.1.0-1.rockspec | New versioned rockspec including all modules (utils, http, cors, pipeline, cache, ServerChecks) |
| pudimserverapis-dev-1.rockspec | Dev rockspec (missing new modules and has invalid dependencies) |
| examples/pipeline_example.lua | 82-line example demonstrating logger, auth, and custom header pipeline handlers |
| examples/json_response_example.lua | 55-line example of automatic table-to-JSON encoding |
| examples/cors_restricted_example.lua | 39-line example of CORS with restricted origins and credentials |
| examples/cors_example.lua | 30-line example of CORS with default open settings |
| examples/cache_example.lua | 101-line example of pipeline cache and manual cache usage |
| README_PT-BR.MD | Complete rewrite with CORS, pipeline, and cache documentation in Portuguese |
| README.md | Complete rewrite with CORS, pipeline, and cache documentation in English |
| PudimServer/utils.lua | Added diagnostic disable annotations |
| PudimServer/pipeline.lua | New 83-line module implementing middleware chain with use/remove/execute methods |
| PudimServer/mysandbox/test.lua | Updated test server to use new API (Middlewares instead of wrapClientFunc) |
| PudimServer/mysandbox/otherPage.html | New 17-line HTML test page |
| PudimServer/mysandbox/main.css | New 80-line CSS for test pages |
| PudimServer/mysandbox/index.html | New 26-line HTML index page |
| PudimServer/init.lua | Major refactor: added pipeline integration, CORS support, fixed interface definitions, replaced wrapClientFunc with Middlewares |
| PudimServer/http.lua | Fixed JSON encoding bug by correcting condition from type(body)=="table" and not headers to proper check |
| PudimServer/cors.lua | New 102-line module for CORS config, header building, and preflight responses |
| PudimServer/cache.lua | New 154-line module for TTL-based caching with eviction and pipeline integration |
| PudimServer/ServerChecks.lua | Added diagnostic disable annotation, fixed utils import path |
| .luarc.json | New Lua language server config (specifies non-existent Lua 5.5) |
| .gitignore | Added luarocks and lua_modules directories |
| .github/copilot-instructions.md | New 91-line developer guide covering architecture, runtime, testing, and conventions |
Comments suppressed due to low confidence (4)
PudimServer/init.lua:284
- The CORS header injection uses gsub to find the first occurrence of "\r\n\r\n" (the HTTP header/body separator) and inject headers before it. However, this is done in a loop for each CORS header, and each call has ", 1" to replace only the first occurrence. After the first header is injected, subsequent gsub calls will fail to match the original pattern because it has already been modified. This means only the first CORS header will be injected. Instead, build all CORS headers into a single string and inject them all at once with a single gsub call.
PudimServer/init.lua:70 - The ConfigServerInter interface defines a field named "clientMiddlewares" but the actual ConfigServer class and Create function use "Middlewares". This mismatch means the type validation will reject valid config objects that use "Middlewares". Change "clientMiddlewares" to "Middlewares" to match the actual API.
PudimServer/init.lua:82 - The ServerInter interface used for type validation of Server instances has lowercase method names "create" and "run", but the actual Server class defines "Create" and "Run" with uppercase. This mismatch will cause type validation to fail. Change to "Create" and "Run" to match the actual implementation.
PudimServer/init.lua:184 - The Server class created in PudimServer:Create() is missing the _pipeline and _corsConfig fields that are used later in handlerRequest(). While _pipeline is initialized in line 182, _corsConfig is only set when EnableCors() is called. The handlerRequest function is called with self._pipeline which will exist, but the Server should be created with these fields initialized to nil or default values for clarity and to avoid potential issues.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ["PudimServer.http"] = "PudimServer/http.lua", | ||
| ["PudimServer.init"] = "PudimServer/init.lua", | ||
| ["PudimServer.mysandbox.test"] = "PudimServer/mysandbox/test.lua", | ||
| ["PudimServer.utils"] = "PudimServer/utils.lua" |
There was a problem hiding this comment.
The dev rockspec is missing the new modules (cors, pipeline, cache) that were added in this PR. While rockspecs/pudimserver-0.1.0-1.rockspec includes all modules, this file only lists the old modules. This will cause the new features to be unavailable when installed via this rockspec. Add the following to the modules table:
- ["PudimServer.cors"] = "PudimServer/cors.lua"
- ["PudimServer.pipeline"] = "PudimServer/pipeline.lua"
- ["PudimServer.cache"] = "PudimServer/cache.lua"
| ["PudimServer.utils"] = "PudimServer/utils.lua" | |
| ["PudimServer.utils"] = "PudimServer/utils.lua", | |
| ["PudimServer.cors"] = "PudimServer/cors.lua", | |
| ["PudimServer.pipeline"] = "PudimServer/pipeline.lua", | |
| ["PudimServer.cache"] = "PudimServer/cache.lua" |
| ---@class Cache | ||
| ---@field _entries table<string, CacheEntry> | ||
| ---@field _maxSize number | ||
| ---@field _defaultTTL number |
There was a problem hiding this comment.
The Cache class documentation (line 28-31) lists _entries, _maxSize, and _defaultTTL fields but is missing the _size field that is actually used throughout the implementation (lines 48, 61, 78, 82, 92, 99, 116). Add _size to the class documentation: ---@field _size number Current number of entries in cache
| ---@field _defaultTTL number | |
| ---@field _defaultTTL number | |
| ---@field _size number Current number of entries in cache |
| function cors.buildHeaders(config, requestOrigin) | ||
| local headers = {} | ||
|
|
||
| headers["Access-Control-Allow-Origin"] = config.AllowOrigins | ||
| headers["Access-Control-Allow-Methods"] = config.AllowMethods | ||
| headers["Access-Control-Allow-Headers"] = config.AllowHeaders | ||
|
|
||
| if config.ExposeHeaders ~= "" then | ||
| headers["Access-Control-Expose-Headers"] = config.ExposeHeaders | ||
| end | ||
|
|
||
| if config.AllowCredentials then | ||
| headers["Access-Control-Allow-Credentials"] = "true" | ||
| end | ||
|
|
||
| headers["Access-Control-Max-Age"] = tostring(config.MaxAge) | ||
|
|
||
| return headers | ||
| end |
There was a problem hiding this comment.
The cors.buildHeaders function accepts a requestOrigin parameter but never uses it. According to CORS specifications, when AllowCredentials is true, Access-Control-Allow-Origin should not be "*" but should reflect the specific requesting origin. Consider using the requestOrigin parameter to set a specific origin when credentials are enabled, or remove the unused parameter.
|
|
||
| ### Middleware Pipeline | ||
|
|
||
| Middlewares are registered via `Server:SetMiddlewares{name = "...", Handler = function(client) ... end}` and run sequentially in `GetClient()` on each accepted connection. The `Run()` method currently auto-registers an SSL middleware. |
There was a problem hiding this comment.
The documentation states "The Run() method currently auto-registers an SSL middleware" but this is outdated. The PR description mentions removing hardcoded SSL middleware, and indeed there is no SSL middleware auto-registration in the current Run() implementation. This statement should be removed from the documentation.
| Middlewares are registered via `Server:SetMiddlewares{name = "...", Handler = function(client) ... end}` and run sequentially in `GetClient()` on each accepted connection. The `Run()` method currently auto-registers an SSL middleware. | |
| Middlewares are registered via `Server:SetMiddlewares{name = "...", Handler = function(client) ... end}` and run sequentially in `GetClient()` on each accepted connection. |
| dependencies = { | ||
| queries = {} | ||
| } | ||
| build_dependencies = { | ||
| queries = {} | ||
| } | ||
| build = { | ||
| type = "builtin", | ||
| modules = { | ||
| ["PudimServer.ServerChecks"] = "PudimServer/ServerChecks.lua", | ||
| ["PudimServer.http"] = "PudimServer/http.lua", | ||
| ["PudimServer.init"] = "PudimServer/init.lua", | ||
| ["PudimServer.mysandbox.test"] = "PudimServer/mysandbox/test.lua", | ||
| ["PudimServer.utils"] = "PudimServer/utils.lua" | ||
| } | ||
| } | ||
| test_dependencies = { | ||
| queries = {} | ||
| } |
There was a problem hiding this comment.
The dev rockspec has placeholder empty tables for dependencies, build_dependencies, and test_dependencies with "queries = {}" which is not valid. These should either list actual dependencies or be removed. Based on rockspecs/pudimserver-0.1.0-1.rockspec, the dependencies should include: "lua >= 5.4", "luasocket", "lua-cjson", and "loglua". The build_dependencies and test_dependencies sections should either list appropriate dependencies or be removed entirely.
Summary
This PR adds several new features, bug fixes, tests and documentation to PudimServer.
Bug Fixes
http.luaRun()with hardcoded cert paths, causing crashesNew Features
PudimServer.cors):EnableCors()with configurable origins, methods, headers, credentials and preflight handlingPudimServer.pipeline): middleware chain at HTTP level withUseHandler()/RemoveHandler(), supports short-circuitPudimServer.cache): TTL-based response cache with eviction, integrates with pipeline viaCache.createPipelineHandler()Tests
Documentation
examples/.github/copilot-instructions.md