create-berna-stencil 1.0.13 → 1.0.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/.eleventy.js +1 -1
  2. package/bin/create.js +1 -1
  3. package/package.json +5 -5
  4. package/src/api/.htaccess +11 -5
  5. package/src/api/core/.htaccess +2 -0
  6. package/src/api/core/init.php +5 -0
  7. package/src/api/endpoints/protected/secret.php +1 -1
  8. package/src/api/endpoints/public/ping.php +1 -1
  9. package/src/api/index.php +2 -0
  10. package/src/api/endpoints/protected/send-mail.php +0 -75
package/.eleventy.js CHANGED
@@ -4,7 +4,7 @@ const Image = require("@11ty/eleventy-img");
4
4
  const fs = require("fs");
5
5
  const path = require("path");
6
6
 
7
- const OUTPUT_DIR = "out";
7
+ const OUTPUT_DIR = "c:/laragon/www/Berna-Stencil-out";
8
8
 
9
9
  module.exports = function (eleventyConfig) {
10
10
 
package/bin/create.js CHANGED
@@ -18,7 +18,7 @@ const COPY_TARGETS = [
18
18
 
19
19
  const PROJECT_PACKAGE = {
20
20
  name: path.basename(targetDir),
21
- version: '1.0.13',
21
+ version: '1.0.14',
22
22
  private: true,
23
23
  scripts: {
24
24
  'build:css': 'sass src/scss:out/css --no-source-map --style=compressed --quiet',
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "create-berna-stencil",
3
- "version": "1.0.13",
3
+ "version": "1.0.14",
4
4
  "description": "Eleventy boilerplate with per-page SCSS/JS pipeline, esbuild bundling, multi-framework CSS support and a built-in page management CLI",
5
5
  "keywords": [
6
6
  "eleventy",
@@ -58,12 +58,12 @@
58
58
  "sass": "^1.77.0"
59
59
  },
60
60
  "scripts": {
61
- "build:css": "sass src/scss:out/css --no-source-map --style=compressed --quiet",
62
- "build:js": "esbuild \"src/js/pages/*.js\" --bundle --outdir=out/js/pages --minify",
61
+ "build:css": "sass src/scss:c:/laragon/www/Berna-Stencil-out/css --no-source-map --style=compressed --quiet",
62
+ "build:js": "esbuild \"src/js/pages/*.js\" --bundle --outdir=c:/laragon/www/Berna-Stencil-out/js/pages --minify",
63
63
  "build:11ty": "eleventy",
64
64
  "build": "npm run build:css && npm run build:js && npm run build:11ty",
65
- "serve:css": "sass --watch src/scss:out/css --no-source-map --quiet",
66
- "serve:js": "esbuild \"src/js/pages/*.js\" --bundle --outdir=out/js/pages --watch",
65
+ "serve:css": "sass --watch src/scss:c:/laragon/www/Berna-Stencil-out/css --no-source-map --quiet",
66
+ "serve:js": "esbuild \"src/js/pages/*.js\" --bundle --outdir=c:/laragon/www/Berna-Stencil-out/js/pages --watch",
67
67
  "serve:11ty": "eleventy --serve --quiet",
68
68
  "clean": "node _tools/cleanOutput.js",
69
69
  "serve": "npm run clean && concurrently \"npm run serve:11ty\" \"npm run serve:css\" \"npm run serve:js\"",
package/src/api/.htaccess CHANGED
@@ -2,11 +2,17 @@
2
2
  RewriteEngine On
3
3
  RewriteBase /api/
4
4
 
5
- # Non processare file reali (immagini, vendor, ecc.)
6
- RewriteCond %{REQUEST_FILENAME} -f [OR]
7
- RewriteCond %{REQUEST_FILENAME} -d
8
- RewriteRule ^ - [L]
5
+ # 1. Proteggi i file sensibili (come .env o file di log)
6
+ <FilesMatch "^\.env|composer\.(json|lock)$">
7
+ Require all denied
8
+ </FilesMatch>
9
9
 
10
- # Tutto il resto va a index.php
10
+ # 2. Impedisce l'accesso diretto alla cartella core e endpoints
11
+ # Se qualcuno cerca di navigare in queste cartelle, becca un 403
12
+ RewriteRule ^(core|endpoints|modules)($|/) - [F,L]
13
+
14
+ # 3. Regola standard per il routing verso il motore
15
+ RewriteCond %{REQUEST_FILENAME} !-f
16
+ RewriteCond %{REQUEST_FILENAME} !-d
11
17
  RewriteRule ^(.*)$ index.php [QSA,L]
12
18
  </IfModule>
package/src/api/core/.htaccess ADDED
@@ -0,0 +1,2 @@
1
+ # Impedisce a chiunque di accedere a questa cartella tramite URL
2
+ Require all denied
package/src/api/core/init.php CHANGED
@@ -2,6 +2,11 @@
2
2
 
3
3
  declare(strict_types=1);
4
4
 
5
+ if (!defined('CORE_ACCESS')) {
6
+ http_response_code(403);
7
+ die('Accesso diretto non consentito.');
8
+ }
9
+
5
10
  require_once __DIR__ . '/vendor/autoload.php';
6
11
  require_once __DIR__ . '/modules/Response.php';
7
12
 
package/src/api/endpoints/protected/secret.php CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  declare(strict_types=1);
4
4
 
5
- require_once __DIR__ . '/../../modules/Response.php';
5
+ require_once __DIR__ . '/../../core/modules/Response.php';
6
6
 
7
7
  if ($method !== 'GET') {
8
8
  Response::error('Method not allowed', 405);
package/src/api/endpoints/public/ping.php CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  declare(strict_types=1);
4
4
 
5
- require_once __DIR__ . '/../../modules/Response.php';
5
+ require_once __DIR__ . '/../../core/modules/Response.php';
6
6
 
7
7
  if ($method !== 'GET') {
8
8
  Response::error('Method not allowed', 405);
package/src/api/index.php CHANGED
@@ -2,6 +2,8 @@
2
2
 
3
3
  declare(strict_types=1);
4
4
 
5
+ define('CORE_ACCESS', true);
6
+
5
7
  /**
6
8
  * Caricamento delle dipendenze e configurazione iniziale.
7
9
  */
package/src/api/endpoints/protected/send-mail.php DELETED
@@ -1,75 +0,0 @@
1
- <?php
2
-
3
- declare(strict_types=1);
4
-
5
- use PHPMailer\PHPMailer\PHPMailer;
6
- use PHPMailer\PHPMailer\Exception;
7
-
8
- /**
9
- * NOTA: Non serve require 'vendor/autoload.php' o 'init.php'
10
- * perché questo file viene incluso da index.php che ha già caricato tutto.
11
- */
12
-
13
- // 1. Controllo Metodo (Vogliamo solo POST)
14
- if ($method !== 'POST') {
15
- Response::error('Method not allowed', 405);
16
- }
17
-
18
- // 2. Funzioni di Sanitizzazione (Locali o spostabili in un helper)
19
- $clean = fn($v) => htmlspecialchars(trim((string)($v ?? '')), ENT_QUOTES, 'UTF-8');
20
- $safeNum = fn($v) => filter_var($v ?? '', FILTER_SANITIZE_NUMBER_INT);
21
-
22
- // 3. Recupero Dati (supporta sia $_POST standard che JSON)
23
- $input = $_POST;
24
- if (empty($input)) {
25
- $input = json_decode(file_get_contents('php://input'), true) ?? [];
26
- }
27
-
28
- $formType = $clean($input['formType'] ?? 'Contatto Generico');
29
- $name = $clean($input['name'] ?? '');
30
- $phoneNumber = $safeNum($input['phoneNumber'] ?? '');
31
-
32
- // Validazione minima
33
- if (empty($name)) {
34
- Response::error('Il campo nome è obbligatorio');
35
- }
36
-
37
- // 4. Configurazione PHPMailer
38
- $mail = new PHPMailer(true);
39
-
40
- try {
41
- // Usiamo le variabili d'ambiente caricate da init.php
42
- $mail->isSMTP();
43
- $mail->Host = $_ENV['MAIL_HOST'];
44
- $mail->SMTPAuth = true;
45
- $mail->Username = $_ENV['MAIL_USERNAME'];
46
- $mail->Password = $_ENV['MAIL_PASSWORD'];
47
- $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
48
- $mail->Port = (int)$_ENV['MAIL_PORT'];
49
- $mail->CharSet = 'UTF-8';
50
-
51
- $mail->setFrom($_ENV['MAIL_USERNAME'], $_ENV['MAIL_FROM_NAME'] ?? 'API Robot');
52
- $mail->addAddress($_ENV['MAIL_TO_ADDRESS'], $_ENV['MAIL_TO_NAME'] ?? 'Admin');
53
-
54
- $mail->isHTML(true);
55
- $mail->Subject = "Nuovo invio modulo: {$formType}";
56
-
57
- // Costruzione Body
58
- $htmlBody = "<h2>Dettagli Richiesta</h2>";
59
- $htmlBody .= "<p><strong>Nome:</strong> {$name}</p>";
60
- if (!empty($phoneNumber)) {
61
- $htmlBody .= "<p><strong>Telefono:</strong> {$phoneNumber}</p>";
62
- }
63
-
64
- $mail->Body = $htmlBody;
65
- $mail->AltBody = strip_tags(str_replace(['<br>', '</p>'], ["\n", "\n\n"], $htmlBody));
66
-
67
- $mail->send();
68
-
69
- // Risposta JSON di successo
70
- Response::success(['message' => 'Email inviata con successo']);
71
-
72
- } catch (Exception $e) {
73
- // Risposta JSON di errore
74
- Response::error("Errore nell'invio della mail: {$mail->ErrorInfo}", 500);
75
- }