@joystick.js/node-canary 0.0.0-canary.28 → 0.0.0-canary.29

package/dist/app/middleware/sanitizeRequestParameters.js

@@ -1,25 +1,18 @@
-var sanitizeRequestParameters_default = (req, res, next) => {
-  console.log(req);
-  const parameters = Object.entries(req?.params);
-  const queryParameters = Object.entries(req?.query);
-  const htmlRegex = new RegExp(/<(?:"[^"]*"['"]*|'[^']*'['"]*|[^'">])+>/g);
-  const encodedOpenScriptTagRegex = new RegExp(/%3Cscript%3E/g);
-  const encodedCloseScriptTagRegex = new RegExp(/%3C\/script%3E/g);
+import escapeHTML from "../../lib/escapeHTML.js";
+const sanitizeParameterSet = (parameters = [], target = {}) => {
   for (let i = 0; i < parameters?.length; i += 1) {
     const [key, value] = parameters[i];
-    const keyHTMLMatches = key?.match(htmlRegex) || key?.match(encodedOpenScriptTagRegex);
-    const valueHTMLMatches = value?.match(htmlRegex) || key?.match(encodedCloseScriptTagRegex);
-    if (keyHTMLMatches?.length > 0 || valueHTMLMatches?.length > 0) {
-      delete req.params[key];
-    }
+    delete target[key];
+    target[escapeHTML(key)] = escapeHTML(value);
   }
-  for (let i = 0; i < queryParameters?.length; i += 1) {
-    const [key, value] = queryParameters[i];
-    const keyHTMLMatches = key?.match(htmlRegex) || key?.match(encodedOpenScriptTagRegex);
-    const valueHTMLMatches = value?.match(htmlRegex) || key?.match(encodedCloseScriptTagRegex);
-    if (keyHTMLMatches?.length > 0 || valueHTMLMatches?.length > 0) {
-      delete req.query[key];
-    }
+};
+var sanitizeRequestParameters_default = (req, res, next) => {
+  const parameters = Object.entries(req?.params);
+  const queryParameters = Object.entries(req?.query);
+  sanitizeParameterSet(parameters, req?.params);
+  sanitizeParameterSet(queryParameters, req?.query);
+  if (req?.route?.path) {
+    req.route.path = escapeHTML(req?.route?.path);
   }
   next();
 };

package/dist/app/sanitizeAPIResponse.js

@@ -1,10 +1,5 @@
 import util from "util";
-import { HTML_ENTITY_MAP } from "../lib/constants.js";
-const escapeHTML = (string = "") => {
-  return String(string).replace(/[&<>"'`=\/]/g, function(match) {
-    return HTML_ENTITY_MAP[match];
-  });
-};
+import escapeHTML from "../lib/escapeHTML.js";
 const sanitizeAPIResponse = (data = null) => {
   let sanitizedData = data;
   if (!util.isString(sanitizedData) && !util.isObject(sanitizedData) && !Array.isArray(sanitizedData)) {

package/dist/lib/escapeHTML.js

@@ -0,0 +1,9 @@
+import { HTML_ENTITY_MAP } from "./constants.js";
+var escapeHTML_default = (string = "") => {
+  return String(string).replace(/[&<>"'`=]/g, function(match) {
+    return HTML_ENTITY_MAP[match];
+  });
+};
+export {
+  escapeHTML_default as default
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@joystick.js/node-canary",
-  "version": "0.0.0-canary.28",
+  "version": "0.0.0-canary.29",
   "type": "module",
   "description": "A Node.js framework for building web apps.",
   "main": "./dist/index.js",

package/dist/app/middleware/render.js

@@ -1,211 +0,0 @@
-import fs from "fs";
-import dayjs from "dayjs";
-import crypto from "crypto";
-import ssr from "../../ssr/index.js";
-import { isObject } from "../../validation/lib/typeValidators";
-import settings from "../../settings";
-import generateErrorPage from "../../lib/generateErrorPage.js";
-import replaceFileProtocol from "../../lib/replaceFileProtocol.js";
-import replaceBackslashesWithForwardSlashes from "../../lib/replaceBackslashesWithForwardSlashes.js";
-import getBuildPath from "../../lib/getBuildPath.js";
-const generateHash = (input = "") => {
-  return crypto.createHash("sha256").update(input).digest("hex");
-};
-const getCacheDiff = async (diffFunction = null) => {
-  if (diffFunction) {
-    const diff = await diffFunction();
-    const diffHash = typeof diff === "string" ? generateHash(diff) : null;
-    return diffHash;
-  }
-  return null;
-};
-const writeCacheFileToDisk = ({
-  expiresAfterMinutes = "",
-  cachePath = "",
-  cacheFileName = "index",
-  currentDiff = null,
-  html = ""
-}) => {
-  const expiresAt = dayjs().add(expiresAfterMinutes, "minutes").unix();
-  fs.mkdir(`${cachePath}/_cache`, { recursive: true }, () => {
-    fs.writeFile(`${cachePath}/_cache/${cacheFileName}_${expiresAt}.html`, html, (error) => {
-      if (error) {
-        console.warn(error);
-      }
-    });
-    if (currentDiff) {
-      fs.writeFile(`${cachePath}/_cache/diff_${expiresAt}`, currentDiff, (error) => {
-        if (error) {
-          console.warn(error);
-        }
-      });
-    }
-  });
-};
-const getCachedHTML = ({ cachePath, cacheFileName, currentDiff }) => {
-  const files = fs.existsSync(`${cachePath}/_cache`) ? fs.readdirSync(`${cachePath}/_cache`) : [];
-  const cacheFile = files?.find((file) => file?.includes(cacheFileName));
-  const cacheFileExpiresAtUnix = cacheFile?.replace(`${cacheFileName}_`, "").replace(".html", "");
-  const existingDiff = fs.existsSync(`${cachePath}/_cache/diff_${cacheFileExpiresAtUnix}`) ? fs.readFileSync(`${cachePath}/_cache/diff_${cacheFileExpiresAtUnix}`, "utf-8") : null;
-  const cacheFileDiffHasChanged = existingDiff !== currentDiff;
-  const cacheFileExpiresAtHasPassed = dayjs().isAfter(dayjs.unix(parseInt(cacheFileExpiresAtUnix)));
-  const cacheFileHasExpired = cacheFileDiffHasChanged || cacheFileExpiresAtHasPassed;
-  if (cacheFileDiffHasChanged || cacheFileExpiresAtHasPassed) {
-    fs.unlink(`${cachePath}/_cache/${cacheFile}`, (error) => {
-      if (error)
-        return;
-    });
-    fs.unlink(`${cachePath}/_cache/diff_${cacheFileExpiresAtUnix}`, (error) => {
-      if (error)
-        return;
-    });
-  }
-  return cacheFile && !cacheFileHasExpired ? fs.readFileSync(`${cachePath}/_cache/${cacheFile}`, "utf-8") : null;
-};
-const getUrl = (request = {}) => {
-  const [path = null] = request.url?.split("?");
-  return {
-    params: request.params,
-    query: request.query,
-    route: request.route.path,
-    path
-  };
-};
-const getFile = async (buildPath = "") => {
-  const file = await import(buildPath);
-  return file.default;
-};
-const getTranslationsFile = async (languageFilePath = "", paths = "") => {
-  const languageFile = await getFile(`${paths.build}/i18n/${languageFilePath}`);
-  const isValidLanguageFile = languageFile && isObject(languageFile);
-  if (isValidLanguageFile) {
-    const translationsForPage = languageFile[paths.page];
-    return translationsForPage ? translationsForPage : languageFile;
-  }
-  return {};
-};
-const getTranslations = async (paths = {}, languagePreferences = []) => {
-  const languageFiles = fs.readdirSync(`${paths.build}/i18n`);
-  let matchingFile = null;
-  for (let i = 0; i < languagePreferences.length; i += 1) {
-    const languageRegex = languagePreferences[i];
-    const match = languageFiles.find((languageFile) => !!languageFile.match(languageRegex));
-    if (match) {
-      matchingFile = match;
-      break;
-    }
-  }
-  const translationsFile = await getTranslationsFile(matchingFile, paths);
-  return translationsFile;
-};
-const getLanguagePreferenceRegexes = (userLanguage = "", browserLanguages = []) => {
-  let languagePreferences = [];
-  if (userLanguage) {
-    languagePreferences.push(userLanguage);
-  }
-  const filteredBrowserLanguages = browserLanguages?.filter((language) => {
-    return !language?.includes("*");
-  });
-  languagePreferences.push(...filteredBrowserLanguages);
-  languagePreferences.push(settings?.config?.i18n?.defaultLanguage);
-  return languagePreferences?.flatMap((language) => {
-    const variants = [language];
-    if (language?.length === 2) {
-      variants.push(`${language.substring(0, 2)}-`);
-    }
-    if (language?.length > 2) {
-      variants.push(`${language?.split("-")[0]}`);
-      variants.push(`${language?.split("-")[0]}-`);
-    }
-    return variants;
-  })?.map((languageString) => {
-    const lastCharacter = languageString[languageString.length - 1];
-    if (lastCharacter === "-") {
-      return new RegExp(`^${languageString}[A-Z]+.js`, "g");
-    }
-    return new RegExp(`^${languageString}.js`, "g");
-  });
-};
-const parseBrowserLanguages = (languages = "") => {
-  const rawLanguages = languages.split(",");
-  return rawLanguages?.map((rawLanguage) => rawLanguage.split(";")[0]);
-};
-var render_default = (req, res, next, appInstance = {}) => {
-  res.render = async function(path = "", options = {}) {
-    const urlFormattedForCache = req?.url?.split("/")?.filter((part) => !!part)?.join("_");
-    const buildPathForEnvironment = getBuildPath();
-    const buildPath = replaceFileProtocol(replaceBackslashesWithForwardSlashes(`${process.cwd().replace(buildPathForEnvironment, "")}/${buildPathForEnvironment}`));
-    const pagePath = `${buildPath}${path}`;
-    const layoutPath = options.layout ? `${buildPath}${options.layout}` : null;
-    const pagePathParts = `${buildPathForEnvironment}${path}`?.split("/")?.filter((part) => !!part);
-    const cachePath = pagePathParts?.slice(0, pagePathParts.length - 1)?.join("/");
-    let currentDiff;
-    if (!fs.existsSync(pagePath)) {
-      return res.status(404).send(generateErrorPage({
-        type: "pageNotFound",
-        path: `res.render('${path}')`,
-        frame: null,
-        stack: `A page component at the path ${path} could not be found.`
-      }));
-    }
-    if (layoutPath && !fs.existsSync(layoutPath)) {
-      return res.status(404).send(generateErrorPage({
-        type: "layoutNotFound",
-        path: `res.render('${path}', { layout: '${options.layout}' })`,
-        frame: null,
-        stack: `A layout component at the path ${options.layout} could not be found.`
-      }));
-    }
-    if (options?.cache?.expiresAfterMinutes) {
-      currentDiff = typeof options?.cache?.diff === "function" ? await getCacheDiff(options?.cache?.diff) : null;
-      const cachedHTML = await getCachedHTML({
-        cachePath,
-        cacheFileName: urlFormattedForCache?.trim() === "" ? "index" : urlFormattedForCache,
-        currentDiff
-      });
-      if (cachedHTML) {
-        return res.send(cachedHTML);
-      }
-    }
-    const pageFile = await getFile(pagePath);
-    const Page = pageFile;
-    const layoutFile = layoutPath ? await getFile(layoutPath) : null;
-    const Layout = layoutFile;
-    const browserLanguages = parseBrowserLanguages(req?.headers["accept-language"]);
-    const languagePreferenceRegexes = getLanguagePreferenceRegexes(req?.context?.user?.language, browserLanguages);
-    const translations = await getTranslations({ build: buildPath, page: path }, languagePreferenceRegexes);
-    const url = getUrl(req);
-    const props = { ...options?.props || {} };
-    if (layoutPath && fs.existsSync(layoutPath)) {
-      props.page = Page;
-    }
-    const html = await ssr({
-      componentFunction: Layout || Page,
-      req,
-      props,
-      url,
-      translations,
-      attributes: options?.attributes,
-      email: false,
-      baseHTMLPath: null,
-      layoutComponentPath: options?.layout,
-      pageComponentPath: path?.substring(0, 1) === "/" ? path?.replace("/", "") : path,
-      head: options?.head,
-      api: appInstance?.options?.api
-    });
-    if (options?.cache?.expiresAfterMinutes) {
-      writeCacheFileToDisk({
-        expiresAfterMinutes: parseInt(options?.cache?.expiresAfterMinutes),
-        cachePath,
-        cacheFileName: urlFormattedForCache?.trim() === "" ? "index" : urlFormattedForCache,
-        currentDiff,
-        html
-      });
-    }
-    return res.status(200).send(html);
-  };
-  next();
-};
-export {
-  render_default as default
-};