Skip to content

feat: add CORS, pipeline, cache, tests and docs#2

Merged
pessoa736 merged 11 commits into
mainfrom
dev
Feb 14, 2026
Merged

feat: add CORS, pipeline, cache, tests and docs#2
pessoa736 merged 11 commits into
mainfrom
dev

Conversation

@pessoa736

Copy link
Copy Markdown
Owner

Summary

This PR adds several new features, bug fixes, tests and documentation to PudimServer.

Bug Fixes

  • Fix JSON auto-encoding: table body was never JSON-encoded due to impossible condition in http.lua
  • Remove hardcoded SSL: SSL middleware was auto-registered in Run() with hardcoded cert paths, causing crashes

New Features

  • CORS helpers (PudimServer.cors): EnableCors() with configurable origins, methods, headers, credentials and preflight handling
  • Request/response pipeline (PudimServer.pipeline): middleware chain at HTTP level with UseHandler()/RemoveHandler(), supports short-circuit
  • In-memory cache (PudimServer.cache): TTL-based response cache with eviction, integrates with pipeline via Cache.createPipelineHandler()

Tests

  • 77 unit tests with busted covering all modules (utils, http, cors, pipeline, cache, ServerChecks)

Documentation

  • Rewritten README.md and README_PT-BR.MD with all new features
  • 5 functional examples in examples/
  • Added .github/copilot-instructions.md
  • Updated rockspec with new modules
  • Updated roadmap

pessoa736 and others added 11 commits January 4, 2026 21:43
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Fix table body never being JSON-encoded (impossible condition on http.lua:125)
- Fix variable shadowing that overwrote encoded body (http.lua:130)
- Remove hardcoded SSL middleware auto-registration from Run()
- Remove unused ssl require from init.lua

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add PudimServer.cors with createConfig, buildHeaders, preflightResponse
- Support AllowOrigins, AllowMethods, AllowHeaders, ExposeHeaders,
  AllowCredentials and MaxAge options
- Automatic preflight (OPTIONS) handling

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add PudimServer.pipeline with use, remove and execute methods
- Handlers receive (req, res, next) and support short-circuit
- Handlers run in registration order before the route handler

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add PudimServer.cache with get, set, invalidate, clear methods
- Automatic eviction when MaxSize is reached
- TTL-based expiration on get
- createPipelineHandler for pipeline integration (caches GET only)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add tests for utils (createInterface, verifyTypes, loadMessageOnChange, file I/O)
- Add tests for http (ParseRequest, response, JSON encoding)
- Add tests for ServerChecks (is_Port_Open)
- Add tests for cors (createConfig, buildHeaders, preflightResponse)
- Add tests for pipeline (use, remove, execute, short-circuit)
- Add tests for cache (get/set, TTL, eviction, pipeline handler)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- json_response_example: auto JSON encoding
- cors_example: CORS with defaults
- cors_restricted_example: CORS with restricted origins
- pipeline_example: logger, auth and custom header handlers
- cache_example: pipeline cache and manual cache usage

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Rewrite README.md and README_PT-BR.MD with CORS, pipeline and cache docs
- Update roadmap with implemented features
- Add examples section
- Add .github/copilot-instructions.md for Copilot context

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings February 14, 2026 22:36

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds comprehensive new features to PudimServer including CORS support, a request/response pipeline system, and in-memory caching, along with critical bug fixes for JSON encoding and SSL middleware removal. The changes include 77 unit tests, updated documentation in English and Portuguese, and 5 functional examples.

Changes:

  • Bug fixes: Fixed JSON auto-encoding condition that prevented table bodies from being encoded, removed hardcoded SSL middleware that caused crashes
  • CORS support: New PudimServer.cors module with configurable origins, methods, headers, credentials, and automatic preflight handling via EnableCors()
  • Pipeline system: New PudimServer.pipeline module enabling middleware chains at HTTP level with UseHandler()/RemoveHandler() supporting short-circuit
  • Cache system: New PudimServer.cache module providing TTL-based in-memory response caching with eviction and pipeline integration
  • Comprehensive tests: 77 unit tests with busted covering all modules
  • Documentation: Rewritten READMEs, 5 functional examples, developer instructions, updated rockspecs

Reviewed changes

Copilot reviewed 28 out of 29 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
spec/utils_spec.lua 152-line test suite for utils module covering interfaces, type verification, and file I/O
spec/pipeline_spec.lua 175-line test suite for pipeline covering handler execution, ordering, and short-circuit behavior
spec/http_spec.lua 105-line test suite for HTTP parsing and response building, including JSON encoding tests
spec/cors_spec.lua 115-line test suite for CORS config creation, header building, and preflight responses
spec/cache_spec.lua 166-line test suite for cache get/set, TTL expiration, eviction, and pipeline integration
spec/ServerChecks_spec.lua 37-line test suite for port availability checking
rockspecs/pudimserver-0.1.0-1.rockspec New versioned rockspec including all modules (utils, http, cors, pipeline, cache, ServerChecks)
pudimserverapis-dev-1.rockspec Dev rockspec (missing new modules and has invalid dependencies)
examples/pipeline_example.lua 82-line example demonstrating logger, auth, and custom header pipeline handlers
examples/json_response_example.lua 55-line example of automatic table-to-JSON encoding
examples/cors_restricted_example.lua 39-line example of CORS with restricted origins and credentials
examples/cors_example.lua 30-line example of CORS with default open settings
examples/cache_example.lua 101-line example of pipeline cache and manual cache usage
README_PT-BR.MD Complete rewrite with CORS, pipeline, and cache documentation in Portuguese
README.md Complete rewrite with CORS, pipeline, and cache documentation in English
PudimServer/utils.lua Added diagnostic disable annotations
PudimServer/pipeline.lua New 83-line module implementing middleware chain with use/remove/execute methods
PudimServer/mysandbox/test.lua Updated test server to use new API (Middlewares instead of wrapClientFunc)
PudimServer/mysandbox/otherPage.html New 17-line HTML test page
PudimServer/mysandbox/main.css New 80-line CSS for test pages
PudimServer/mysandbox/index.html New 26-line HTML index page
PudimServer/init.lua Major refactor: added pipeline integration, CORS support, fixed interface definitions, replaced wrapClientFunc with Middlewares
PudimServer/http.lua Fixed JSON encoding bug by correcting condition from type(body)=="table" and not headers to proper check
PudimServer/cors.lua New 102-line module for CORS config, header building, and preflight responses
PudimServer/cache.lua New 154-line module for TTL-based caching with eviction and pipeline integration
PudimServer/ServerChecks.lua Added diagnostic disable annotation, fixed utils import path
.luarc.json New Lua language server config (specifies non-existent Lua 5.5)
.gitignore Added luarocks and lua_modules directories
.github/copilot-instructions.md New 91-line developer guide covering architecture, runtime, testing, and conventions
Comments suppressed due to low confidence (4)

PudimServer/init.lua:284

  • The CORS header injection uses gsub to find the first occurrence of "\r\n\r\n" (the HTTP header/body separator) and inject headers before it. However, this is done in a loop for each CORS header, and each call has ", 1" to replace only the first occurrence. After the first header is injected, subsequent gsub calls will fail to match the original pattern because it has already been modified. This means only the first CORS header will be injected. Instead, build all CORS headers into a single string and inject them all at once with a single gsub call.
    PudimServer/init.lua:70
  • The ConfigServerInter interface defines a field named "clientMiddlewares" but the actual ConfigServer class and Create function use "Middlewares". This mismatch means the type validation will reject valid config objects that use "Middlewares". Change "clientMiddlewares" to "Middlewares" to match the actual API.
    PudimServer/init.lua:82
  • The ServerInter interface used for type validation of Server instances has lowercase method names "create" and "run", but the actual Server class defines "Create" and "Run" with uppercase. This mismatch will cause type validation to fail. Change to "Create" and "Run" to match the actual implementation.
    PudimServer/init.lua:184
  • The Server class created in PudimServer:Create() is missing the _pipeline and _corsConfig fields that are used later in handlerRequest(). While _pipeline is initialized in line 182, _corsConfig is only set when EnableCors() is called. The handlerRequest function is called with self._pipeline which will exist, but the Server should be created with these fields initialized to nil or default values for clarity and to avoid potential issues.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

["PudimServer.http"] = "PudimServer/http.lua",
["PudimServer.init"] = "PudimServer/init.lua",
["PudimServer.mysandbox.test"] = "PudimServer/mysandbox/test.lua",
["PudimServer.utils"] = "PudimServer/utils.lua"

Copilot AI Feb 14, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dev rockspec is missing the new modules (cors, pipeline, cache) that were added in this PR. While rockspecs/pudimserver-0.1.0-1.rockspec includes all modules, this file only lists the old modules. This will cause the new features to be unavailable when installed via this rockspec. Add the following to the modules table:

  • ["PudimServer.cors"] = "PudimServer/cors.lua"
  • ["PudimServer.pipeline"] = "PudimServer/pipeline.lua"
  • ["PudimServer.cache"] = "PudimServer/cache.lua"
Suggested change
["PudimServer.utils"] = "PudimServer/utils.lua"
["PudimServer.utils"] = "PudimServer/utils.lua",
["PudimServer.cors"] = "PudimServer/cors.lua",
["PudimServer.pipeline"] = "PudimServer/pipeline.lua",
["PudimServer.cache"] = "PudimServer/cache.lua"

Copilot uses AI. Check for mistakes.
Comment thread PudimServer/cache.lua
---@class Cache
---@field _entries table<string, CacheEntry>
---@field _maxSize number
---@field _defaultTTL number

Copilot AI Feb 14, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Cache class documentation (line 28-31) lists _entries, _maxSize, and _defaultTTL fields but is missing the _size field that is actually used throughout the implementation (lines 48, 61, 78, 82, 92, 99, 116). Add _size to the class documentation: ---@field _size number Current number of entries in cache

Suggested change
---@field _defaultTTL number
---@field _defaultTTL number
---@field _size number Current number of entries in cache

Copilot uses AI. Check for mistakes.
Comment thread PudimServer/cors.lua
Comment on lines +71 to +89
function cors.buildHeaders(config, requestOrigin)
local headers = {}

headers["Access-Control-Allow-Origin"] = config.AllowOrigins
headers["Access-Control-Allow-Methods"] = config.AllowMethods
headers["Access-Control-Allow-Headers"] = config.AllowHeaders

if config.ExposeHeaders ~= "" then
headers["Access-Control-Expose-Headers"] = config.ExposeHeaders
end

if config.AllowCredentials then
headers["Access-Control-Allow-Credentials"] = "true"
end

headers["Access-Control-Max-Age"] = tostring(config.MaxAge)

return headers
end

Copilot AI Feb 14, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The cors.buildHeaders function accepts a requestOrigin parameter but never uses it. According to CORS specifications, when AllowCredentials is true, Access-Control-Allow-Origin should not be "*" but should reflect the specific requesting origin. Consider using the requestOrigin parameter to set a specific origin when credentials are enabled, or remove the unused parameter.

Copilot uses AI. Check for mistakes.

### Middleware Pipeline

Middlewares are registered via `Server:SetMiddlewares{name = "...", Handler = function(client) ... end}` and run sequentially in `GetClient()` on each accepted connection. The `Run()` method currently auto-registers an SSL middleware.

Copilot AI Feb 14, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The documentation states "The Run() method currently auto-registers an SSL middleware" but this is outdated. The PR description mentions removing hardcoded SSL middleware, and indeed there is no SSL middleware auto-registration in the current Run() implementation. This statement should be removed from the documentation.

Suggested change
Middlewares are registered via `Server:SetMiddlewares{name = "...", Handler = function(client) ... end}` and run sequentially in `GetClient()` on each accepted connection. The `Run()` method currently auto-registers an SSL middleware.
Middlewares are registered via `Server:SetMiddlewares{name = "...", Handler = function(client) ... end}` and run sequentially in `GetClient()` on each accepted connection.

Copilot uses AI. Check for mistakes.
Comment on lines +12 to +30
dependencies = {
queries = {}
}
build_dependencies = {
queries = {}
}
build = {
type = "builtin",
modules = {
["PudimServer.ServerChecks"] = "PudimServer/ServerChecks.lua",
["PudimServer.http"] = "PudimServer/http.lua",
["PudimServer.init"] = "PudimServer/init.lua",
["PudimServer.mysandbox.test"] = "PudimServer/mysandbox/test.lua",
["PudimServer.utils"] = "PudimServer/utils.lua"
}
}
test_dependencies = {
queries = {}
}

Copilot AI Feb 14, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dev rockspec has placeholder empty tables for dependencies, build_dependencies, and test_dependencies with "queries = {}" which is not valid. These should either list actual dependencies or be removed. Based on rockspecs/pudimserver-0.1.0-1.rockspec, the dependencies should include: "lua >= 5.4", "luasocket", "lua-cjson", and "loglua". The build_dependencies and test_dependencies sections should either list appropriate dependencies or be removed entirely.

Copilot uses AI. Check for mistakes.
@pessoa736 pessoa736 merged commit 83d8964 into main Feb 14, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants