refactor(documentation): update

Author: stratdev3

documentation/simplew/docs/.vitepress/config.mjs

@@ -72,9 +72,10 @@ export default defineConfig({
                     ]
                 },
                 {
-                    text: 'Extend',
+                    text: 'Extensibility',
                     items: [
                         { text: 'Middleware', link: '/guide/middleware' },
+                        { text: 'Attribute', link: '/guide/handler-attribute' },
                         { text: 'Module', link: '/guide/module' },
                         { text: 'Callback', link: '/guide/callback' },
                         { text: 'Result Handler', link: '/guide/resulthandler' },
@@ -87,7 +88,6 @@ export default defineConfig({
                         { text: 'Principal', link: '/guide/principal' },
                         { text: 'Cross-Origin Resource Sharing', link: '/guide/cors' },
                         { text: 'SSL Certificate', link: '/guide/ssl-certificate' },
-                        { text: 'Basic Auth', link: '/guide/basicauth' },
                     ]
                 },
                 {
@@ -112,6 +112,7 @@ export default defineConfig({
                 {
                     text: 'Services',
                     items: [
+                        { text: 'BasicAuth', link: '/addons/service-basicauth' },
                         { text: 'Chaos', link: '/addons/service-chaos' },
                         { text: 'Firewall', link: '/addons/service-firewall' },
                         { text: 'Latency', link: '/addons/service-latency' },
@@ -122,6 +123,7 @@ export default defineConfig({
                 {
                     text: 'Helpers',
                     items: [
+                        { text: 'BasicAuth', link: '/addons/helper-basicauth' },
                         { text: 'Hosting', link: '/addons/helper-hosting' },
                         { text: 'Jwt', link: '/addons/helper-jwt' },
                         { text: 'Log4net', link: '/addons/helper-log4net' },
@@ -159,6 +161,7 @@ export default defineConfig({
                         { text: 'HttpBag', link: '/reference/httpbag' },
                         { text: 'HttpMiddleware', link: '/reference/httpmiddleware' },
                         { text: 'IHttpModule', link: '/reference/ihttpmodule' },
+                        { text: 'ISimpleWEngine', link: '/reference/isimplewengine' },
                         { text: 'IJsonEngine', link: '/reference/ijsonengine' },
                         { text: 'IdentityProperty', link: '/reference/identityproperty' },
                     ]

documentation/simplew/docs/.vitepress/theme/components/AnimatedLogo.vue

@@ -156,6 +156,9 @@
   --out-y-7: 55%;
   --out-y-8: 58%;
 
+  --label-x-factor: 0.35;
+  --label-y-factor: 0.39;
+
   width: min(100%, var(--scene-w));
   height: var(--scene-h);
   margin: 0 auto;
@@ -350,7 +353,10 @@
    Persistent orbit labels
    ========================================================= */
 .belt-label {
+  --label-ring-size: 0px;
   position: absolute;
+  left: calc(50% + var(--label-ring-size) * var(--label-x-factor));
+  top: calc(50% - var(--label-ring-size) * var(--label-y-factor));
   font-size: 10px;
   font-family: ui-monospace, monospace;
   letter-spacing: 0.07em;
@@ -362,20 +368,17 @@
 }
 
 .label-firewall {
-  left: calc(40% + var(--belt-fw) / 2 + 10px);
-  top: calc(20% - 20px);
+  --label-ring-size: var(--belt-fw);
   color: var(--fw-main);
 }
 
 .label-auth {
-  left: calc(40% + var(--belt-auth) / 2 + 10px);
-  top: 20%;
+  --label-ring-size: var(--belt-auth);
   color: var(--auth-main);
 }
 
 .label-routing {
-  right: calc(8% + var(--belt-routing) / 2 + 10px);
-  top: calc(20% + 20px);
+  --label-ring-size: var(--belt-routing);
   color: var(--routing-main);
 }
 
@@ -941,9 +944,9 @@
   .server-core {
     --scene-h: 320px;
     --logo-size: 150px;
-    --belt-routing: 136px;
-    --belt-auth: 180px;
-    --belt-fw: 230px;
+    --belt-routing: 180px;
+    --belt-auth: 230px;
+    --belt-fw: 280px;
     --dot: 6px;
   }
 
@@ -962,15 +965,16 @@
     width: 15px;
     height: 15px;
   }
+
 }
 
 @media (max-width: 640px) {
   .server-core {
     --scene-h: 236px;
     --logo-size: 110px;
-    --belt-routing: 96px;
-    --belt-auth: 126px;
-    --belt-fw: 162px;
+    --belt-routing: 126px;
+    --belt-auth: 162px;
+    --belt-fw: 198px;
     --dot: 5px;
     margin-bottom: -65px;
   }
@@ -994,6 +998,7 @@
     width: 13px;
     height: 13px;
   }
+
 }
 
 /* =========================================================

documentation/simplew/docs/addons/addons.md

@@ -48,7 +48,7 @@ Templates allow developers to:
 They allow SimpleW to support different JSON serializers/deserializers, depending on performance needs, features, or external dependencies.
 
 Each JsonEngine addon provides :
-- A concrete implementation of a JSON engine
+- A concrete implementation of a `IJsonEngine`
 - A consistent API that integrates with SimpleW’s configuration
 
 This makes it easy to switch or extend JSON handling without impacting the rest of the system.

documentation/simplew/docs/addons/helper-basicauth.md

@@ -0,0 +1,232 @@
+# BasicAuth
+
+The [`SimpleW.Helper.BasicAuth`](https://www.nuget.org/packages/SimpleW.Helper.BasicAuth) package provides a lightweight HTTP Basic authentication helper for SimpleW.
+
+
+## Features
+
+This package is intentionally focused on the authentication engine only:
+- parse the `Authorization` header
+- validate a username/password pair
+- create a `HttpPrincipal`
+- send a `401` Basic challenge
+
+It does **not** decide which routes must be protected.
+That policy stays in your own custom middleware, which makes this package a good fit for:
+- custom auth attributes based on `IHandlerMetadata`
+- controller-specific authorization rules
+- mixed authentication strategies chosen by the application
+
+
+## Requirements
+
+- .NET 8.0
+- SimpleW (core server)
+
+
+## Installation
+
+Install the package from NuGet:
+
+```sh
+$ dotnet add package SimpleW.Helper.BasicAuth --version 26.0.0-rc.20260415-1732
+```
+
+
+## Configuration options
+
+### BasicAuthHelper
+
+| Method | Description |
+| ------ | ----------- |
+| `TryAuthenticate(session, out principal)` | Parses the `Authorization` header, validates credentials, and returns a `HttpPrincipal` when authentication succeeds. |
+| `SendChallengeAsync(session, realm)` | Sends a `401 Unauthorized` response with the `WWW-Authenticate` header for Basic auth. |
+
+### BasicAuthOptions
+
+| Option | Default | Description |
+| ------ | ------- | ----------- |
+| `Users` | empty | Static username/password list used when no custom validator is provided. |
+| `CredentialValidator` | `null` | Optional callback used to validate username/password pairs yourself. |
+| `PrincipalFactory` | built-in | Maps a successful authentication to a `HttpPrincipal`. |
+
+### BasicAuthContext
+
+| Property | Description |
+| -------- | ----------- |
+| `Session` | Current `HttpSession`. |
+| `Username` | Username extracted from the `Authorization` header. |
+| `Password` | Password extracted from the `Authorization` header. |
+
+
+## Minimal Example
+
+This example shows the intended architecture:
+- a `BasicAuthHelper` handles the Basic auth protocol
+- a custom middleware reads handler metadata from `session.Metadata`
+- controllers decide which endpoints require authentication
+
+```csharp
+using System.Net;
+using SimpleW;
+using SimpleW.Helper.BasicAuth;
+
+var server = new SimpleWServer(IPAddress.Any, 2015);
+
+// configure basic helper
+BasicAuthHelper basic = new(options => {
+    options.Users = [
+        new BasicUser("admin", "secret")
+    ];
+});
+
+// use the basic helper in a custom auth middleware
+server.UseMiddleware(async (session, next) => {
+
+    // fast path for anonymous
+    if (session.Metadata.Has<AllowAnonymousAttribute>()) {
+        await next().ConfigureAwait(false);
+        return;
+    }
+
+    // fast path if not basic attribute
+    BasicAuthAttribute? auth = session.Metadata.Get<BasicAuthAttribute>();
+    if (auth == null) {
+        await next().ConfigureAwait(false);
+        return;
+    }
+
+    // send challenge is not authenticate
+    if (!basic.TryAuthenticate(session, out HttpPrincipal principal)) {
+        await basic.SendChallengeAsync(session, auth.Realm).ConfigureAwait(false);
+        return;
+    }
+
+    // set the Session Principal with the principal found by basic helper
+    session.Principal = principal;
+
+    await next().ConfigureAwait(false);
+});
+
+server.MapController<AdminController>("/api");
+
+await server.RunAsync();
+
+[Route("/admin")]
+[BasicAuth("Admin Area")]
+public sealed class AdminController : Controller {
+
+    [Route("GET", "/me")]
+    public object Me() {
+        return new {
+            user = Principal.Name
+        };
+    }
+
+    [AllowAnonymous]
+    [Route("GET", "/health")]
+    public object Health() {
+        return new { ok = true };
+    }
+
+}
+
+// definie a basic attribute
+[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
+public sealed class BasicAuthAttribute : Attribute, IHandlerMetadata {
+
+    public BasicAuthAttribute(string realm = "Restricted") {
+        Realm = realm;
+    }
+
+    public string Realm { get; }
+
+}
+
+// define a Anonymous attribute
+[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
+public sealed class AllowAnonymousAttribute : Attribute, IHandlerMetadata {
+}
+```
+
+In this model:
+- the helper performs authentication
+- the middleware decides whether the current handler requires authentication thanks to custom attribute
+- the controller stays clean and only declares intent through metadata
+
+
+## Custom credential validation
+
+Instead of a static users list, you can validate credentials yourself:
+
+```csharp
+BasicAuthHelper basic = new(options => {
+    options.CredentialValidator = (username, password) => {
+        return username == "admin" && password == "secret";
+    };
+});
+```
+
+This is useful when credentials come from:
+- a database
+- a configuration provider
+- an external service
+
+
+## Custom principal mapping
+
+You can fully control how an authenticated user becomes a `HttpPrincipal`:
+
+```csharp
+BasicAuthHelper basic = new(options => {
+    options.Users = [
+        new BasicUser("admin", "secret")
+    ];
+
+    options.PrincipalFactory = context => {
+        return new HttpPrincipal(new HttpIdentity(
+            isAuthenticated: true,
+            authenticationType: "Basic",
+            identifier: context.Username,
+            name: context.Username,
+            email: null,
+            roles: [ "admin" ],
+            properties: [
+                new IdentityProperty("login", context.Username),
+                new IdentityProperty("source", "basic-auth")
+            ]
+        ));
+    };
+});
+```
+
+
+## Integration Summary
+
+| Step | Responsibility |
+| ---- | -------------- |
+| Parse Basic auth header | `BasicAuthHelper` |
+| Validate credentials | `BasicAuthHelper` |
+| Build `HttpPrincipal` | `BasicAuthHelper` |
+| Decide whether auth is required | your middleware |
+| Declare route intent | your `IHandlerMetadata` attributes |
+
+
+## Security Notes
+
+- HTTP Basic credentials are only base64-encoded, not encrypted
+- Always use HTTPS in production
+- Keep realms explicit so browser prompts stay understandable
+- Treat `CredentialValidator` and `PrincipalFactory` as trusted application code
+
+
+## When to use the service package instead
+
+If you only need simple prefix-based protection such as:
+- `/admin`
+- `/metrics`
+- `/internal`
+
+and you do not need custom handler metadata, use [`SimpleW.Service.BasicAuth`](./service-basicauth.md) instead.
+
+That package is a thin module built on top of this helper.

documentation/simplew/docs/addons/helper-hosting.md

@@ -35,7 +35,7 @@ It allows you to :
 Install the package from NuGet:
 
 ```sh
-$ dotnet add package SimpleW.Helper.Hosting --version 26.0.0-rc.20260405-1683
+$ dotnet add package SimpleW.Helper.Hosting --version 26.0.0-rc.20260415-1732
 ```