@nitronjs/framework 0.1.22 → 0.1.23

package/lib/View/Manager.js

@@ -9,6 +9,7 @@ import { renderToPipeableStream } from "react-dom/server";
 import Log from "../Logging/Manager.js";
 import Route from "../Route/Manager.js";
 import Paths from "../Core/Paths.js";
+import Config from "../Core/Config.js";
 
 const CTX = Symbol.for("__nitron_view_context__");
 const MARK = Symbol.for("__nitron_client_component__");
@@ -520,13 +521,33 @@ ${runtimeScript}${vendorScript}${hydrateScript}
     static #setSecurityHeaders(res, nonce) {
         const connectSrc = this.#isDev ? "'self' ws: wss:" : "'self'";
 
+        // Get CSP whitelist from config
+        const cspConfig = Config.get("app.csp", {});
+        const whitelist = {
+            styles: cspConfig.styles || [],
+            fonts: cspConfig.fonts || [],
+            images: cspConfig.images || [],
+            scripts: cspConfig.scripts || [],
+            connect: cspConfig.connect || [],
+            frames: cspConfig.frames || [],
+        };
+
+        // Build CSP directives with whitelist
+        const styleSrc = ["'self'", "'unsafe-inline'", ...whitelist.styles].join(" ");
+        const fontSrc = ["'self'", ...whitelist.fonts].join(" ");
+        const imgSrc = ["'self'", "data:", "blob:", ...whitelist.images].join(" ");
+        const scriptSrc = ["'self'", `'nonce-${nonce}'`, ...whitelist.scripts].join(" ");
+        const connectSrcFinal = [connectSrc, ...whitelist.connect].join(" ");
+        const frameSrc = whitelist.frames.length ? whitelist.frames.join(" ") : "'none'";
+
         const csp = [
             "default-src 'self'",
-            `script-src 'self' 'nonce-${nonce}'`,
-            "style-src 'self' 'unsafe-inline'",
-            "img-src 'self' data: blob:",
-            "font-src 'self'",
-            `connect-src ${connectSrc}`,
+            `script-src ${scriptSrc}`,
+            `style-src ${styleSrc}`,
+            `img-src ${imgSrc}`,
+            `font-src ${fontSrc}`,
+            `connect-src ${connectSrcFinal}`,
+            `frame-src ${frameSrc}`,
             "frame-ancestors 'self'",
             "base-uri 'self'",
             "form-action 'self'"

package/lib/index.d.ts

@@ -0,0 +1,407 @@
+export class Storage {
+    static url(path: string): string;
+    static path(path: string): string;
+    static disk(name: string): Storage;
+    static get(path: string): Promise<Buffer>;
+    static put(path: string, contents: string | Buffer): Promise<void>;
+    static delete(path: string): Promise<boolean>;
+    static exists(path: string): Promise<boolean>;
+    static copy(from: string, to: string): Promise<void>;
+    static move(from: string, to: string): Promise<void>;
+    static files(directory: string): Promise<string[]>;
+    static directories(directory: string): Promise<string[]>;
+}
+
+export class Model {
+    static table: string;
+    static primaryKey: string;
+    static timestamps: boolean;
+    static fillable: string[];
+    static hidden: string[];
+    static casts: Record<string, string>;
+
+    static all<T extends Model>(this: new () => T): Promise<T[]>;
+    static find<T extends Model>(this: new () => T, id: number | string): Promise<T | null>;
+    static findOrFail<T extends Model>(this: new () => T, id: number | string): Promise<T>;
+    static first<T extends Model>(this: new () => T): Promise<T | null>;
+    static where<T extends Model>(this: new () => T, column: string, operator?: any, value?: any): QueryBuilder<T>;
+    static select<T extends Model>(this: new () => T, ...columns: string[]): QueryBuilder<T>;
+    static orderBy<T extends Model>(this: new () => T, column: string, direction?: 'asc' | 'desc'): QueryBuilder<T>;
+    static limit<T extends Model>(this: new () => T, count: number): QueryBuilder<T>;
+    static create<T extends Model>(this: new () => T, data: Record<string, any>): Promise<T>;
+
+    save(): Promise<this>;
+    delete(): Promise<boolean>;
+    update(data: Record<string, any>): Promise<this>;
+    refresh(): Promise<this>;
+    toJSON(): Record<string, any>;
+
+    [key: string]: any;
+}
+
+export interface QueryBuilder<T> {
+    where(column: string, operator?: any, value?: any): QueryBuilder<T>;
+    orWhere(column: string, operator?: any, value?: any): QueryBuilder<T>;
+    whereIn(column: string, values: any[]): QueryBuilder<T>;
+    whereNotIn(column: string, values: any[]): QueryBuilder<T>;
+    whereNull(column: string): QueryBuilder<T>;
+    whereNotNull(column: string): QueryBuilder<T>;
+    whereBetween(column: string, range: [any, any]): QueryBuilder<T>;
+    select(...columns: string[]): QueryBuilder<T>;
+    orderBy(column: string, direction?: 'asc' | 'desc'): QueryBuilder<T>;
+    limit(count: number): QueryBuilder<T>;
+    offset(count: number): QueryBuilder<T>;
+    get(): Promise<T[]>;
+    first(): Promise<T | null>;
+    count(): Promise<number>;
+    exists(): Promise<boolean>;
+    update(data: Record<string, any>): Promise<number>;
+    delete(): Promise<number>;
+}
+
+export class DB {
+    static table(name: string): QueryBuilder<any>;
+    static raw(sql: string, bindings?: any[]): Promise<any>;
+    static rawExpr(expression: string): any;
+    static select(sql: string, bindings?: any[]): Promise<any[]>;
+    static insert(sql: string, bindings?: any[]): Promise<any>;
+    static update(sql: string, bindings?: any[]): Promise<number>;
+    static delete(sql: string, bindings?: any[]): Promise<number>;
+    static transaction<T>(callback: () => Promise<T>): Promise<T>;
+}
+
+export class Schema {
+    static create(table: string, callback: (table: Blueprint) => void): Promise<void>;
+    static table(table: string, callback: (table: Blueprint) => void): Promise<void>;
+    static drop(table: string): Promise<void>;
+    static dropIfExists(table: string): Promise<void>;
+    static rename(from: string, to: string): Promise<void>;
+    static hasTable(table: string): Promise<boolean>;
+    static hasColumn(table: string, column: string): Promise<boolean>;
+}
+
+export interface Blueprint {
+    id(column?: string): ColumnDefinition;
+    bigIncrements(column: string): ColumnDefinition;
+    increments(column: string): ColumnDefinition;
+    integer(column: string): ColumnDefinition;
+    bigInteger(column: string): ColumnDefinition;
+    tinyInteger(column: string): ColumnDefinition;
+    smallInteger(column: string): ColumnDefinition;
+    mediumInteger(column: string): ColumnDefinition;
+    float(column: string, precision?: number, scale?: number): ColumnDefinition;
+    double(column: string, precision?: number, scale?: number): ColumnDefinition;
+    decimal(column: string, precision?: number, scale?: number): ColumnDefinition;
+    boolean(column: string): ColumnDefinition;
+    string(column: string, length?: number): ColumnDefinition;
+    text(column: string): ColumnDefinition;
+    mediumText(column: string): ColumnDefinition;
+    longText(column: string): ColumnDefinition;
+    json(column: string): ColumnDefinition;
+    jsonb(column: string): ColumnDefinition;
+    date(column: string): ColumnDefinition;
+    dateTime(column: string): ColumnDefinition;
+    timestamp(column: string): ColumnDefinition;
+    timestamps(): void;
+    softDeletes(): void;
+    binary(column: string): ColumnDefinition;
+    uuid(column: string): ColumnDefinition;
+    enum(column: string, values: string[]): ColumnDefinition;
+    foreign(column: string): ForeignKeyDefinition;
+    index(columns: string | string[]): void;
+    unique(columns: string | string[]): void;
+    primary(columns: string | string[]): void;
+    dropColumn(column: string): void;
+    dropColumns(...columns: string[]): void;
+    renameColumn(from: string, to: string): void;
+}
+
+export interface ColumnDefinition {
+    nullable(): ColumnDefinition;
+    default(value: any): ColumnDefinition;
+    unique(): ColumnDefinition;
+    primary(): ColumnDefinition;
+    index(): ColumnDefinition;
+    unsigned(): ColumnDefinition;
+    autoIncrement(): ColumnDefinition;
+    comment(text: string): ColumnDefinition;
+    after(column: string): ColumnDefinition;
+    first(): ColumnDefinition;
+    change(): ColumnDefinition;
+}
+
+export interface ForeignKeyDefinition {
+    references(column: string): ForeignKeyDefinition;
+    on(table: string): ForeignKeyDefinition;
+    onDelete(action: string): ForeignKeyDefinition;
+    onUpdate(action: string): ForeignKeyDefinition;
+}
+
+export class Hash {
+    static make(value: string): Promise<string>;
+    static check(value: string, hash: string): Promise<boolean>;
+}
+
+export class Auth {
+    static attempt(credentials: Record<string, any>): Promise<boolean>;
+    static login(user: any): Promise<void>;
+    static logout(): Promise<void>;
+    static check(): boolean;
+    static guest(): boolean;
+    static user<T = any>(): T | null;
+    static id(): number | string | null;
+}
+
+export class Session {
+    static get<T = any>(key: string, defaultValue?: T): T;
+    static set(key: string, value: any): void;
+    static has(key: string): boolean;
+    static forget(key: string): void;
+    static flush(): void;
+    static flash(key: string, value: any): void;
+    static reflash(): void;
+    static keep(...keys: string[]): void;
+}
+
+export class Log {
+    static info(message: string, context?: Record<string, any>): void;
+    static error(message: string, context?: Record<string, any>): void;
+    static warning(message: string, context?: Record<string, any>): void;
+    static debug(message: string, context?: Record<string, any>): void;
+}
+
+export class Validator {
+    static make(data: Record<string, any>, rules: Record<string, string>): Validator;
+    validate(): Promise<void>;
+    fails(): boolean;
+    passes(): boolean;
+    errors(): Record<string, string[]>;
+    validated(): Record<string, any>;
+}
+
+export class Lang {
+    static get(key: string, replacements?: Record<string, any>): string;
+    static has(key: string): boolean;
+    static locale(): string;
+    static setLocale(locale: string): void;
+}
+
+export class DateTime {
+    static now(): DateTime;
+    static parse(date: string | Date): DateTime;
+    static create(year: number, month: number, day: number, hour?: number, minute?: number, second?: number): DateTime;
+    format(format: string): string;
+    toDate(): Date;
+    toISO(): string;
+    addDays(days: number): DateTime;
+    addMonths(months: number): DateTime;
+    addYears(years: number): DateTime;
+    subDays(days: number): DateTime;
+    subMonths(months: number): DateTime;
+    subYears(years: number): DateTime;
+    diffInDays(other: DateTime): number;
+    diffInMonths(other: DateTime): number;
+    diffInYears(other: DateTime): number;
+    isBefore(other: DateTime): boolean;
+    isAfter(other: DateTime): boolean;
+    isSame(other: DateTime): boolean;
+}
+
+export class Str {
+    static slug(value: string, separator?: string): string;
+    static camel(value: string): string;
+    static pascal(value: string): string;
+    static snake(value: string): string;
+    static kebab(value: string): string;
+    static title(value: string): string;
+    static upper(value: string): string;
+    static lower(value: string): string;
+    static ucfirst(value: string): string;
+    static lcfirst(value: string): string;
+    static random(length?: number): string;
+    static uuid(): string;
+    static limit(value: string, limit?: number, end?: string): string;
+    static plural(value: string): string;
+    static singular(value: string): string;
+    static contains(haystack: string, needles: string | string[]): boolean;
+    static startsWith(haystack: string, needles: string | string[]): boolean;
+    static endsWith(haystack: string, needles: string | string[]): boolean;
+}
+
+export interface PasswordOptions {
+    uppercase?: boolean;
+    numbers?: boolean;
+    symbols?: boolean;
+}
+
+export interface WeightedItem<T> {
+    value: T;
+    weight?: number;
+}
+
+export class FakerClass {
+    allowDuplicates(): FakerClass;
+    reset(): FakerClass;
+    firstName(gender?: 'male' | 'female'): string;
+    lastName(): string;
+    fullName(gender?: 'male' | 'female'): string;
+    gender(): string;
+    prefix(gender?: 'male' | 'female'): string;
+    suffix(): string;
+    age(min?: number, max?: number): number;
+    birthDate(minAge?: number, maxAge?: number): Date;
+    jobTitle(): string;
+    jobArea(): string;
+    jobType(): string;
+    email(firstName?: string, lastName?: string): string;
+    username(firstName?: string, lastName?: string): string;
+    password(length?: number, options?: PasswordOptions): string;
+    url(protocol?: string): string;
+    domainName(): string;
+    domainWord(): string;
+    domainSuffix(): string;
+    ip(): string;
+    ipv6(): string;
+    mac(separator?: string): string;
+    port(): number;
+    userAgent(): string;
+    browser(): { name: string; version: string };
+    httpMethod(): string;
+    httpStatusCode(): { code: number; message: string };
+    mimeType(): string;
+    fileExtension(type?: 'image' | 'document' | 'video' | 'audio' | 'archive' | 'code'): string;
+    fileName(extension?: string): string;
+    slug(wordCount?: number): string;
+    streetAddress(): string;
+    streetName(): string;
+    city(): string;
+    state(abbreviated?: boolean): string;
+    stateAbbr(): string;
+    country(abbreviated?: boolean): string;
+    countryCode(): string;
+    zipCode(): string;
+    latitude(min?: number, max?: number): number;
+    longitude(min?: number, max?: number): number;
+    coordinates(): { latitude: number; longitude: number };
+    direction(): string;
+    secondaryAddress(): string;
+    fullAddress(): string;
+    timeZone(): string;
+    phoneNumber(format?: string): string;
+    phoneCountryCode(): { country: string; code: string };
+    companyName(): string;
+    companySuffix(): string;
+    industry(): string;
+    catchPhrase(): string;
+    buzzword(): string;
+    department(): string;
+    word(): string;
+    words(count?: number): string;
+    sentence(wordCount?: number): string;
+    sentences(count?: number): string;
+    paragraph(sentenceCount?: number): string;
+    paragraphs(count?: number, separator?: string): string;
+    text(length?: number): string;
+    past(years?: number, refDate?: Date | string): Date;
+    future(years?: number, refDate?: Date | string): Date;
+    recent(days?: number): Date;
+    soon(days?: number): Date;
+    between(from: Date | string, to: Date | string): Date;
+    month(abbreviated?: boolean): string;
+    weekday(abbreviated?: boolean): string;
+    year(min?: number, max?: number): number;
+    amount(min?: number, max?: number, decimals?: number, symbol?: string): string;
+    currency(): { code: string; name: string; symbol: string };
+    currencyCode(): string;
+    currencySymbol(): string;
+    creditCard(type?: string): string;
+    creditCardFormatted(type?: string): string;
+    creditCardCVV(): string;
+    creditCardExpiry(): string;
+    iban(countryCode?: string): string;
+    bic(): string;
+    transactionType(): string;
+    accountType(): string;
+    accountNumber(length?: number): string;
+    routingNumber(): string;
+    bitcoinAddress(): string;
+    ethereumAddress(): string;
+    cryptoCurrency(): { name: string; symbol: string };
+    colorName(): string;
+    hexColor(): string;
+    rgbColor(): { r: number; g: number; b: number };
+    rgbString(): string;
+    rgbaString(alpha?: number): string;
+    hslColor(): { h: number; s: number; l: number };
+    hslString(): string;
+    cssColor(): { name: string; hex: string };
+    tailwindColor(color?: string, shade?: number): string;
+    imageUrl(width?: number, height?: number, category?: string): string;
+    avatarUrl(size?: number): string;
+    placeholderUrl(width?: number, height?: number, text?: string, bgColor?: string, textColor?: string): string;
+    uuid(): string;
+    int(min?: number, max?: number): number;
+    float(min?: number, max?: number, decimals?: number): number;
+    boolean(probability?: number): boolean;
+    arrayElement<T>(array: T[]): T;
+    arrayElements<T>(array: T[], count?: number): T[];
+    objectElement<T>(obj: Record<string, T>): { key: string; value: T };
+    shuffle<T>(array: T[]): T[];
+    maybe<T>(callback: () => T, probability?: number): T | null;
+    times<T>(count: number, callback: (index: number) => T): T[];
+    oneOf<T>(...values: T[]): T;
+    weightedPick<T>(items: WeightedItem<T>[]): T;
+    template(str: string, data?: Record<string, any>): string;
+}
+
+export const Faker: FakerClass;
+
+export class Config {
+    static get<T = any>(key: string, defaultValue?: T): T;
+    static set(key: string, value: any): void;
+    static has(key: string): boolean;
+}
+
+export class Route {
+    static get(path: string, handler: any): Route;
+    static post(path: string, handler: any): Route;
+    static put(path: string, handler: any): Route;
+    static patch(path: string, handler: any): Route;
+    static delete(path: string, handler: any): Route;
+    static group(options: Record<string, any>, callback: () => void): void;
+    static resource(name: string, controller: any): void;
+    name(name: string): Route;
+    middleware(...middleware: any[]): Route;
+}
+
+export class Mail {
+    static to(address: string): Mail;
+    static from(address: string): Mail;
+    static subject(subject: string): Mail;
+    static html(content: string): Mail;
+    static text(content: string): Mail;
+    static send(): Promise<void>;
+}
+
+export class AES {
+    static encrypt(data: string, key?: string): string;
+    static decrypt(encrypted: string, key?: string): string;
+}
+
+export class View {
+    static render(template: string, data?: Record<string, any>): Promise<string>;
+    static exists(template: string): boolean;
+}
+
+export const MigrationRunner: any;
+export const MigrationRepository: any;
+export const SeederRunner: any;
+export const SeederRepository: any;
+export const Checksum: any;
+export const DatabaseManager: any;
+export const SessionManager: any;
+export const Server: any;
+export const Paths: any;
+export const Environment: any;
+
+export function start(): Promise<void>;

package/lib/index.js

@@ -16,6 +16,15 @@ export { default as Model } from "./Database/Model.js";
 export { default as Schema } from "./Database/Schema/Manager.js";
 export { default as DatabaseManager } from "./Database/Manager.js";
 
+// Migration
+export { default as MigrationRunner } from "./Database/Migration/MigrationRunner.js";
+export { default as MigrationRepository } from "./Database/Migration/MigrationRepository.js";
+export { default as Checksum } from "./Database/Migration/Checksum.js";
+
+// Seeder
+export { default as SeederRunner } from "./Database/Seeder/SeederRunner.js";
+export { default as SeederRepository } from "./Database/Seeder/SeederRepository.js";
+
 // Authentication
 export { default as Auth } from "./Auth/Manager.js";
 
@@ -53,5 +62,8 @@ export { default as DateTime } from "./Date/DateTime.js";
 // Support
 export { default as Str } from "./Support/Str.js";
 
+// Faker
+export { default as Faker } from "./Faker/Faker.js";
+
 // Backward Compatibility Aliases
 export { default as Enviroment } from "./Core/Environment.js";

package/package.json

@@ -1,12 +1,16 @@
 {
 	"name": "@nitronjs/framework",
-	"version": "0.1.22",
+	"version": "0.1.23",
 	"description": "NitronJS is a modern and extensible Node.js MVC framework built on Fastify. It focuses on clean architecture, modular structure, and developer productivity, offering built-in routing, middleware, configuration management, CLI tooling, and native React integration for scalable full-stack applications.",
 	"bin": {
 		"njs": "./cli/njs.js"
 	},
+	"types": "./lib/index.d.ts",
 	"exports": {
-		".": "./lib/index.js"
+		".": {
+			"types": "./lib/index.d.ts",
+			"import": "./lib/index.js"
+		}
 	},
 	"dependencies": {
 		"@babel/parser": "^7.28.5",

package/skeleton/config/app.js

@@ -1,4 +1,24 @@
 export default {
     locale: 'en',
     timezone: 'UTC',
+
+    /**
+     * Content Security Policy (CSP) Whitelist
+     * 
+     * Add trusted external domains for each resource type.
+     * These will be appended to the default secure CSP policy.
+     * 
+     * Examples:
+     * - Google Fonts: styles: ["https://fonts.googleapis.com"], fonts: ["https://fonts.gstatic.com"]
+     * - Cloudflare CDN: scripts: ["https://cdnjs.cloudflare.com"]
+     * - Google Analytics: scripts: ["https://www.googletagmanager.com"], connect: ["https://www.google-analytics.com"]
+     */
+    csp: {
+        styles: [],
+        fonts: [],
+        images: [],
+        scripts: [],
+        connect: [],
+        frames: [],
+    },
 }

package/skeleton/globals.d.ts

@@ -1 +1,68 @@
-import {} from 'nitronjs';
+/**
+ * NitronJS Global Types
+ * 
+ * Framework types are provided by @nitronjs/framework package.
+ * This file only contains global function declarations.
+ */
+
+/**
+ * Returns the CSRF token for the current request.
+ * Works on both SSR and client-side.
+ * 
+ * @example
+ * // In a form
+ * <input type="hidden" name="_csrf" value={csrf()} />
+ * 
+ * // In a fetch request
+ * fetch('/api/action', {
+ *   method: 'POST',
+ *   headers: { 'X-CSRF-Token': csrf() }
+ * })
+ */
+declare function csrf(): string;
+
+/**
+ * Returns the URL for a named route.
+ * Works on both SSR and client-side.
+ * 
+ * @param name - The route name as defined in routes/web.js
+ * @param params - Optional route parameters
+ * @example
+ * <a href={route('home')}>Home</a>
+ * <a href={route('admin.dashboard')}>Dashboard</a>
+ * <a href={route('admin.users.edit', { id: 1 })}>Edit User</a>
+ */
+declare function route(name: string, params?: Record<string, any>): string;
+
+/**
+ * Returns the current request object.
+ * Only works in Server Components during SSR.
+ * 
+ * @example
+ * // Get query parameters
+ * const tab = request().query.tab || 'general';
+ * 
+ * // Get URL parameters
+ * const id = request().params.id;
+ * 
+ * // Get request method
+ * const method = request().method;
+ */
+declare function request(): {
+    path: string;
+    method: string;
+    query: Record<string, any>;
+    params: Record<string, any>;
+    body: Record<string, any>;
+    headers: Record<string, string>;
+    cookies: Record<string, string>;
+    ip: string;
+    isAjax: boolean;
+    session: {
+        get<T = any>(key: string, defaultValue?: T): T;
+        set(key: string, value: any): void;
+        has(key: string): boolean;
+        forget(key: string): void;
+        flash(key: string, value: any): void;
+    };
+};

package/skeleton/tsconfig.json

@@ -2,7 +2,7 @@
     "compilerOptions": {
         "target": "ES2022",
         "module": "ESNext",
-        "moduleResolution": "Node",
+        "moduleResolution": "bundler",
         "jsx": "react-jsx",
         "jsxImportSource": "react",
         "lib": ["ES2022", "DOM"],
@@ -10,24 +10,14 @@
         "esModuleInterop": true,
         "skipLibCheck": true,
         "forceConsistentCasingInFileNames": true,
-        "resolveJsonModule": true,
-        "declaration": true,
-        "declarationMap": true,
-        "outDir": "./dist",
-        "rootDir": "."
+        "noEmit": true
     },
     "include": [
-        "app/**/*",
-        "config/**/*",
-        "database/**/*",
-        "routes/**/*",
-        "resources/**/*",
-        "globals.d.ts"
+        "./globals.d.ts",
+        "./resources/views/**/*.ts",
+        "./resources/views/**/*.tsx"
     ],
     "exclude": [
-        "node_modules",
-        "dist",
-        "build",
-        "storage"
+        "node_modules"
     ]
 }