@nitronjs/framework 0.1.24 → 0.2.0

package/lib/Session/File.js

@@ -1,6 +1,7 @@
 import fs from "fs/promises";
 import path from "path";
 import Paths from "../Core/Paths.js";
+import Environment from "../Core/Environment.js";
 
 /**
  * File Session Store
@@ -83,6 +84,16 @@ class File {
         }
     }
 
+    /**
+     * Validate session ID format (hex only, max 128 chars)
+     * Prevents path traversal attacks
+     */
+    #isValidSessionId(sessionId) {
+        if (!sessionId || typeof sessionId !== 'string') return false;
+        if (sessionId.length > 128) return false;
+        return /^[a-f0-9]+$/i.test(sessionId);
+    }
+
     /**
      * Get session file path
      */
@@ -105,8 +116,8 @@ class File {
     async get (sessionId) {
         await this.ready;
         
-        // Guard: Validate session ID length
-        if (!sessionId || sessionId.length > 128) {
+        // Guard: Validate session ID format (hex only)
+        if (!this.#isValidSessionId(sessionId)) {
             return null;
         }
         
@@ -153,14 +164,14 @@ class File {
     async set (sessionId, sessionData) {
         await this.ready;
         
-        // Guard: Validate session ID length
-        if (!sessionId || sessionId.length > 128) {
+        // Guard: Validate session ID format (hex only)
+        if (!this.#isValidSessionId(sessionId)) {
             return;
         }
         
         const filePath = this.#getFilePath(sessionId);
         const tempPath = this.#getTempFilePath(sessionId);
-        const jsonContent = process.env.APP_DEV === "true"
+        const jsonContent = Environment.isDev
             ? JSON.stringify(sessionData, null, 2)
             : JSON.stringify(sessionData);
         
@@ -229,8 +240,8 @@ class File {
     async delete(sessionId) {
         await this.ready;
         
-        // Guard: Validate session ID length
-        if (!sessionId || sessionId.length > 128) {
+        // Guard: Validate session ID format (hex only)
+        if (!this.#isValidSessionId(sessionId)) {
             return;
         }
         

package/lib/View/Client/hmr-client.js

@@ -0,0 +1,166 @@
+(function() {
+    "use strict";
+
+    var socket = null;
+    var overlay = null;
+
+    function connect() {
+        if (socket) return;
+        if (typeof io === "undefined") {
+            setTimeout(connect, 100);
+            return;
+        }
+
+        try {
+            socket = io({ path: "/__nitron_hmr", transports: ["websocket", "polling"], reconnection: true });
+        }
+        catch (e) {
+            return;
+        }
+
+        socket.on("connect", function() {
+            window.__nitron_hmr_connected__ = true;
+            hideOverlay();
+        });
+
+        socket.on("disconnect", function() {
+            window.__nitron_hmr_connected__ = false;
+        });
+
+        socket.on("hmr:update", function(data) {
+            refetchPage();
+        });
+
+        socket.on("hmr:reload", function(data) {
+            location.reload();
+        });
+
+        socket.on("hmr:css", function(data) {
+            updateCss(data.file);
+        });
+
+        socket.on("hmr:error", function(data) {
+            showOverlay(data.message || "Unknown error", data.file);
+        });
+    }
+
+    function refetchPage() {
+        var url = location.pathname + location.search;
+        
+        fetch("/__nitron/navigate?url=" + encodeURIComponent(url), {
+            headers: { "X-Nitron-SPA": "1" },
+            credentials: "same-origin"
+        })
+        .then(function(r) {
+            if (!r.ok) throw new Error("HTTP " + r.status);
+            return r.json();
+        })
+        .then(function(d) {
+            if (d.error || d.redirect) {
+                location.reload();
+                return;
+            }
+
+            // Find current slot
+            var slot = document.querySelector("[data-nitron-slot='page']");
+            if (!slot || !d.html) {
+                location.reload();
+                return;
+            }
+
+            // Parse response HTML and extract slot content
+            var tmp = document.createElement("div");
+            tmp.innerHTML = d.html;
+            var newSlot = tmp.querySelector("[data-nitron-slot='page']");
+            var newContent = newSlot ? newSlot.innerHTML : d.html;
+
+            // Update slot content
+            slot.innerHTML = newContent;
+
+            // Update hydration
+            if (d.hydrationScript) {
+                if (d.runtime && window.__NITRON_RUNTIME__) {
+                    Object.assign(window.__NITRON_RUNTIME__, d.runtime);
+                }
+                if (d.props) {
+                    window.__NITRON_PROPS__ = d.props;
+                }
+                loadHydration(d.hydrationScript);
+            }
+        })
+        .catch(function(e) {
+            location.reload();
+        });
+    }
+
+    function loadHydration(scriptPath) {
+        var script = document.createElement("script");
+        script.type = "module";
+        script.src = "/storage" + scriptPath + "?t=" + Date.now();
+        script.onload = function() {
+            if (window.__NITRON_REFRESH__) {
+                try {
+                    window.__NITRON_REFRESH__.performReactRefresh();
+                } catch(e) {}
+            }
+            script.remove();
+        };
+        document.head.appendChild(script);
+    }
+
+    function updateCss(file) {
+        var links = document.querySelectorAll('link[rel="stylesheet"]');
+        var timestamp = Date.now();
+
+        if (!file) {
+            for (var i = 0; i < links.length; i++) {
+                var href = (links[i].href || "").split("?")[0];
+                links[i].href = href + "?t=" + timestamp;
+            }
+            return;
+        }
+
+        var found = false;
+        var target = file.split(/[\\/]/).pop();
+
+        for (var i = 0; i < links.length; i++) {
+            var href = (links[i].href || "").split("?")[0];
+            if (href.endsWith("/" + target)) {
+                links[i].href = href + "?t=" + timestamp;
+                found = true;
+            }
+        }
+
+        if (!found) location.reload();
+    }
+
+    function showOverlay(msg, file) {
+        hideOverlay();
+        overlay = document.createElement("div");
+        overlay.id = "__nitron_error__";
+        overlay.innerHTML =
+            '<div style="position:fixed;inset:0;background:rgba(0,0,0,.95);color:#ff4444;padding:32px;font-family:monospace;z-index:999999;overflow:auto">' +
+            '<div style="font-size:24px;font-weight:bold;margin-bottom:16px">Build Error</div>' +
+            '<div style="color:#888;margin-bottom:16px">' + escapeHtml(file || "") + '</div>' +
+            '<pre style="white-space:pre-wrap;background:#1a1a2e;padding:16px;border-radius:8px">' + escapeHtml(msg) + '</pre>' +
+            '<button onclick="this.parentNode.parentNode.remove()" style="position:absolute;top:16px;right:16px;background:#333;color:#fff;border:none;padding:8px 16px;cursor:pointer;border-radius:4px">Close</button>' +
+            '</div>';
+        document.body.appendChild(overlay);
+    }
+
+    function hideOverlay() {
+        var el = document.getElementById("__nitron_error__");
+        if (el) el.remove();
+        overlay = null;
+    }
+
+    function escapeHtml(str) {
+        return String(str || "").replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+    }
+
+    if (document.readyState === "loading") {
+        document.addEventListener("DOMContentLoaded", connect);
+    } else {
+        connect();
+    }
+})();

package/lib/View/Client/spa.js

@@ -0,0 +1,142 @@
+(function() {
+    "use strict";
+
+    var ENDPOINT = "/__nitron/navigate";
+    var SKIP = /^(\/storage|\/api|\/__|#|javascript:|mailto:|tel:)/;
+    var layouts = [];
+    var navigating = false;
+
+    function init() {
+        var rt = window.__NITRON_RUNTIME__;
+        if (rt && rt.layouts) layouts = rt.layouts;
+        document.addEventListener("click", onClick, true);
+        window.addEventListener("popstate", onPopState);
+    }
+
+    function onClick(e) {
+        if (navigating) return;
+        var link = e.target.closest("a");
+        if (!link) return;
+        var href = link.getAttribute("href");
+        if (!href || link.target === "_blank" || link.download) return;
+        if (e.ctrlKey || e.metaKey || e.shiftKey || e.altKey) return;
+        if (!isLocal(href)) return;
+        e.preventDefault();
+        navigate(href, true);
+    }
+
+    function onPopState() {
+        navigate(location.pathname + location.search, false);
+    }
+
+    function isLocal(href) {
+        if (!href || SKIP.test(href)) return false;
+        if (/^https?:\/\/|^\/\//.test(href)) {
+            try { return new URL(href, location.origin).origin === location.origin; }
+            catch (e) { return false; }
+        }
+        return true;
+    }
+
+    function navigate(url, push) {
+        if (navigating) return;
+        navigating = true;
+
+        var ctrl = typeof AbortController !== "undefined" ? new AbortController() : null;
+        var timer = setTimeout(function() { if (ctrl) ctrl.abort(); fallback(); }, 10000);
+
+        fetch(ENDPOINT + "?url=" + encodeURIComponent(url), {
+            headers: { "X-Nitron-SPA": "1" },
+            credentials: "same-origin",
+            signal: ctrl ? ctrl.signal : undefined
+        })
+        .then(function(r) {
+            clearTimeout(timer);
+            if (!r.ok) throw new Error("HTTP " + r.status);
+            return r.json();
+        })
+        .then(function(d) {
+            if (d.error) { fallback(); return; }
+            if (d.redirect) {
+                navigating = false;
+                isLocal(d.redirect) ? navigate(d.redirect, push) : (location.href = d.redirect);
+                return;
+            }
+
+            if (!layouts.length || !arrEq(layouts, d.layouts || [])) {
+                fallback();
+                return;
+            }
+
+            updateSlot(d.html);
+            layouts = d.layouts || [];
+            if (window.__NITRON_RUNTIME__) window.__NITRON_RUNTIME__.layouts = layouts;
+
+            if (d.hydrationScript) {
+                if (d.runtime) Object.assign(window.__NITRON_RUNTIME__ || {}, d.runtime);
+                if (d.props) window.__NITRON_PROPS__ = d.props;
+                loadScript("/storage" + d.hydrationScript + "?t=" + Date.now(), true);
+            }
+
+            if (push) history.pushState({ nitron: 1 }, "", url);
+            if (d.meta) {
+                if (d.meta.title) document.title = d.meta.title;
+                setMeta("description", d.meta.description);
+            }
+
+            scrollTo(0, 0);
+            dispatchEvent(new CustomEvent("nitron:navigate", { detail: { url: url } }));
+            navigating = false;
+        })
+        .catch(function() {
+            clearTimeout(timer);
+            fallback();
+        });
+
+        function fallback() {
+            navigating = false;
+            location.href = url;
+        }
+    }
+
+    function arrEq(a, b) {
+        if (!a || !b || a.length !== b.length) return false;
+        for (var i = 0; i < a.length; i++) if (a[i] !== b[i]) return false;
+        return true;
+    }
+
+    function updateSlot(html) {
+        var slot = document.querySelector("[data-nitron-slot='page']");
+        if (!slot) {
+            location.reload();
+            return;
+        }
+        var tmp = document.createElement("div");
+        tmp.innerHTML = html;
+        var inner = tmp.querySelector("[data-nitron-slot='page']");
+        slot.innerHTML = inner ? inner.innerHTML : html;
+    }
+
+    function loadScript(src, isModule) {
+        var s = document.createElement("script");
+        if (isModule) s.type = "module";
+        s.src = src;
+        document.body.appendChild(s);
+    }
+
+    function setMeta(name, val) {
+        if (!val) return;
+        var m = document.querySelector('meta[name="' + name + '"]');
+        if (m) m.content = val;
+        else {
+            m = document.createElement("meta");
+            m.name = name;
+            m.content = val;
+            document.head.appendChild(m);
+        }
+    }
+
+    document.readyState === "loading"
+        ? document.addEventListener("DOMContentLoaded", init)
+        : init();
+})();

package/lib/View/Layout.js

@@ -0,0 +1,94 @@
+import fs from "fs";
+import path from "path";
+import Environment from "../Core/Environment.js";
+
+const LAYOUT_NAMES = new Set([
+    "layout.tsx",
+    "theme.tsx",
+    "shell.tsx",
+    "Layout.tsx",
+    "Theme.tsx",
+    "Shell.tsx"
+]);
+
+class Layout {
+    static #cache = new Map();
+
+    static get #isDev() {
+        return Environment.isDev;
+    }
+
+    static resolve(viewPath, viewsRoot) {
+        const cacheKey = `${viewsRoot}:${viewPath}`;
+
+        if (!this.#isDev && this.#cache.has(cacheKey)) {
+            return this.#cache.get(cacheKey);
+        }
+
+        const layouts = [];
+        let currentDir = path.dirname(path.join(viewsRoot, viewPath));
+        const normalizedRoot = path.normalize(viewsRoot) + path.sep;
+
+        while (currentDir.startsWith(normalizedRoot) || currentDir === path.normalize(viewsRoot)) {
+            const layout = this.#findLayoutInDir(currentDir);
+
+            if (layout) {
+                layouts.push(layout);
+            }
+
+            if (currentDir === path.normalize(viewsRoot)) {
+                break;
+            }
+
+            currentDir = path.dirname(currentDir);
+        }
+
+        layouts.reverse();
+
+        const result = layouts.map(layoutPath => {
+            const relative = path.relative(viewsRoot, layoutPath)
+                .replace(/\.tsx$/, "")
+                .replace(/\\/g, "/");
+            return {
+                path: layoutPath,
+                name: relative
+            };
+        });
+
+        this.#cache.set(cacheKey, result);
+        return result;
+    }
+
+    static #findLayoutInDir(dir) {
+        if (!fs.existsSync(dir)) {
+            return null;
+        }
+
+        let found = null;
+        const entries = fs.readdirSync(dir);
+
+        for (const entry of entries) {
+            if (LAYOUT_NAMES.has(entry)) {
+                if (found) {
+                    throw new Error(
+                        `Multiple layouts in ${dir}: ${path.basename(found)} and ${entry}`
+                    );
+                }
+                found = path.join(dir, entry);
+            }
+        }
+
+        return found;
+    }
+
+    static isLayout(filePath) {
+        const basename = path.basename(filePath);
+        return LAYOUT_NAMES.has(basename);
+    }
+
+    static clearCache() {
+        this.#cache.clear();
+    }
+}
+
+export default Layout;