@bractjs/bractjs 0.1.10 → 0.1.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/cli.ts +3 -0
- package/package.json +1 -1
- package/src/dev/hmr-client.ts +2 -2
- package/src/server/serve.ts +19 -0
package/bin/cli.ts
CHANGED
|
@@ -64,6 +64,9 @@ switch (command) {
|
|
|
64
64
|
break;
|
|
65
65
|
|
|
66
66
|
case "dev":
|
|
67
|
+
// Ensure dev-only handlers gated by isExplicitDev() (e.g. /_hmr/module,
|
|
68
|
+
// /_bractjs/devtools.js) are reachable when the user hasn't set NODE_ENV.
|
|
69
|
+
if (!process.env.NODE_ENV) process.env.NODE_ENV = "development";
|
|
67
70
|
await import("../src/dev/server.ts");
|
|
68
71
|
break;
|
|
69
72
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@bractjs/bractjs",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.12",
|
|
4
4
|
"description": "Production-grade SSR framework for Bun + React 19. File-based routing, streaming SSR, server actions, typed routes.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"homepage": "https://github.com/bractjs/bractjs#readme",
|
package/src/dev/hmr-client.ts
CHANGED
|
@@ -18,7 +18,7 @@ export const hmrClientScript: string = `
|
|
|
18
18
|
import('/_bractjs/devtools.js').then(function(m) {
|
|
19
19
|
if (typeof m.injectDevtools === 'function') m.injectDevtools();
|
|
20
20
|
}).catch(function() {
|
|
21
|
-
// DevTools module not available
|
|
21
|
+
// DevTools module not available - skip silently.
|
|
22
22
|
});
|
|
23
23
|
}
|
|
24
24
|
|
|
@@ -32,7 +32,7 @@ export const hmrClientScript: string = `
|
|
|
32
32
|
} else if (msg.type === "hmr:route" && msg.pattern != null && msg.chunkUrl) {
|
|
33
33
|
// Validate chunk URL is a same-origin relative path before importing.
|
|
34
34
|
// Prevents a compromised/MITM'd dev WS from executing arbitrary URLs.
|
|
35
|
-
if (typeof msg.chunkUrl !== 'string' ||
|
|
35
|
+
if (typeof msg.chunkUrl !== 'string' || !/^\\/build\\//.test(msg.chunkUrl)) {
|
|
36
36
|
return;
|
|
37
37
|
}
|
|
38
38
|
// Cache-bust so the browser re-fetches the rebuilt chunk.
|
package/src/server/serve.ts
CHANGED
|
@@ -95,6 +95,25 @@ export function buildFetchHandler(config: Partial<BractJSConfig>) {
|
|
|
95
95
|
return handleHmrModuleRequest(url, appDir);
|
|
96
96
|
}
|
|
97
97
|
|
|
98
|
+
// Dev-only: serve the DevTools panel module imported by hmr-client.
|
|
99
|
+
// SECURITY(high): gated by isExplicitDev() so production never compiles
|
|
100
|
+
// and ships package internals as JS.
|
|
101
|
+
if (isExplicitDev() && pathname === "/_bractjs/devtools.js") {
|
|
102
|
+
const devtoolsEntry = resolve(import.meta.dir, "../dev/devtools.ts");
|
|
103
|
+
const built = await Bun.build({
|
|
104
|
+
entrypoints: [devtoolsEntry],
|
|
105
|
+
target: "browser",
|
|
106
|
+
minify: false,
|
|
107
|
+
sourcemap: "inline",
|
|
108
|
+
});
|
|
109
|
+
if (!built.success || built.outputs.length === 0) {
|
|
110
|
+
return new Response("DevTools build failed", { status: 500 });
|
|
111
|
+
}
|
|
112
|
+
return new Response(await built.outputs[0].text(), {
|
|
113
|
+
headers: { "Content-Type": "text/javascript", "Cache-Control": "no-store" },
|
|
114
|
+
});
|
|
115
|
+
}
|
|
116
|
+
|
|
98
117
|
// Typed API routes (registered via bract.route())
|
|
99
118
|
if (pathname.startsWith("/api")) {
|
|
100
119
|
const { handleApiRequest } = await import("./api-route.ts");
|