create-berna-stencil 1.0.19 → 1.0.20

package/.eleventy.js

@@ -4,7 +4,7 @@ const Image = require("@11ty/eleventy-img");
 const fs = require("fs");
 const path = require("path");
 
-const OUTPUT_DIR = "out";
+const OUTPUT_DIR = "c:/laragon/www/Berna-Stencil-out";
 
 module.exports = function (eleventyConfig) {
 
@@ -24,7 +24,6 @@ module.exports = function (eleventyConfig) {
   // =====================================================
   // PASSTHROUGH — Static files
   // =====================================================
-  eleventyConfig.addPassthroughCopy(".env");
   eleventyConfig.addPassthroughCopy("src/.htaccess");
   eleventyConfig.addPassthroughCopy("src/api");
   eleventyConfig.addPassthroughCopy("src/assets");

package/.gitignore

@@ -1,4 +1,3 @@
 node_modules/
 out/
-.env
 src/api/core/vendor/

package/bin/create.js

@@ -12,13 +12,12 @@ const COPY_TARGETS = [
     '.eleventy.js',
     '.eleventyignore',
     '.gitignore',
-    ".env.example",
     'README.md',
 ];
 
 const PROJECT_PACKAGE = {
     name: path.basename(targetDir),
-    version: '1.0.19',
+    version: '1.0.20',
     private: true,
     scripts: {
         'build:css': 'sass src/scss:out/css --no-source-map --style=compressed --quiet',

package/package.json

@@ -1,73 +1,72 @@
-{
-  "name": "create-berna-stencil",
-  "version": "1.0.19",
-  "description": "Eleventy boilerplate with per-page SCSS/JS pipeline, esbuild bundling, multi-framework CSS support and a built-in page management CLI",
-  "keywords": [
-    "eleventy",
-    "11ty",
-    "boilerplate",
-    "starter",
-    "scss",
-    "esbuild",
-    "bootstrap",
-    "bulma",
-    "foundation",
-    "uikit",
-    "static-site",
-    "nunjucks"
-  ],
-  "author": "Michele Garofalo",
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/rhaastrake/berna-stencil"
-  },
-  "homepage": "https://github.com/rhaastrake/berna-stencil#readme",
-  "bugs": {
-    "url": "https://github.com/rhaastrake/berna-stencil/issues"
-  },
-  "bin": {
-    "create-berna-stencil": "bin/create.js"
-  },
-  "files": [
-    "bin/",
-    "src/",
-    "_tools/",
-    ".eleventy.js",
-    ".eleventyignore",
-    ".gitignore",
-    ".env.example",
-    "README.md"
-  ],
-  "engines": {
-    "node": ">=18.0.0"
-  },
-  "dependencies": {
-    "@11ty/eleventy": "^3.1.2",
-    "@11ty/eleventy-img": "^6.0.4",
-    "bootstrap": "^5.3.8",
-    "bootstrap-icons": "^1.13.1",
-    "bulma": "^1.0.4",
-    "foundation-sites": "^6.9.0",
-    "glob": "^13.0.6",
-    "uikit": "^3.25.13"
-  },
-  "devDependencies": {
-    "concurrently": "^9.2.1",
-    "esbuild": "^0.27.3",
-    "sass": "^1.77.0"
-  },
-  "scripts": {
-    "build:css": "sass src/scss:out/css --no-source-map --style=compressed --quiet",
-    "build:js": "esbuild \"src/js/pages/*.js\" --bundle --outdir=out/js/pages --minify",
-    "build:11ty": "eleventy",
-    "build": "npm run build:css && npm run build:js && npm run build:11ty",
-    "serve:css": "sass --watch src/scss:out/css --no-source-map --quiet",
-    "serve:js": "esbuild \"src/js/pages/*.js\" --bundle --outdir=out/js/pages --watch",
-    "serve:11ty": "eleventy --serve --quiet",
-    "clean": "node _tools/cleanOutput.js",
-    "serve": "npm run clean && concurrently \"npm run serve:11ty\" \"npm run serve:css\" \"npm run serve:js\"",
-    "assistant": "node _tools/assistant.js",
-    "postinstall": "cd src/api/core && composer install --quiet"
-  }
+{
+  "name": "create-berna-stencil",
+  "version": "1.0.20",
+  "description": "Eleventy boilerplate with per-page SCSS/JS pipeline, esbuild bundling, multi-framework CSS support and a built-in page management CLI",
+  "keywords": [
+    "eleventy",
+    "11ty",
+    "boilerplate",
+    "starter",
+    "scss",
+    "esbuild",
+    "bootstrap",
+    "bulma",
+    "foundation",
+    "uikit",
+    "static-site",
+    "nunjucks"
+  ],
+  "author": "Michele Garofalo",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/rhaastrake/berna-stencil"
+  },
+  "homepage": "https://github.com/rhaastrake/berna-stencil#readme",
+  "bugs": {
+    "url": "https://github.com/rhaastrake/berna-stencil/issues"
+  },
+  "bin": {
+    "create-berna-stencil": "bin/create.js"
+  },
+  "files": [
+    "bin/",
+    "src/",
+    "_tools/",
+    ".eleventy.js",
+    ".eleventyignore",
+    ".gitignore",
+    "README.md"
+  ],
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "@11ty/eleventy": "^3.1.2",
+    "@11ty/eleventy-img": "^6.0.4",
+    "bootstrap": "^5.3.8",
+    "bootstrap-icons": "^1.13.1",
+    "bulma": "^1.0.4",
+    "foundation-sites": "^6.9.0",
+    "glob": "^13.0.6",
+    "uikit": "^3.25.13"
+  },
+  "devDependencies": {
+    "concurrently": "^9.2.1",
+    "esbuild": "^0.27.3",
+    "sass": "^1.77.0"
+  },
+  "scripts": {
+    "build:css": "sass src/scss:c:/laragon/www/Berna-Stencil-out/css --no-source-map --style=compressed --quiet",
+    "build:js": "esbuild \"src/js/pages/*.js\" --bundle --outdir=c:/laragon/www/Berna-Stencil-out/js/pages --minify",
+    "build:11ty": "eleventy",
+    "build": "npm run build:css && npm run build:js && npm run build:11ty",
+    "serve:css": "sass --watch src/scss:c:/laragon/www/Berna-Stencil-out/css --no-source-map --quiet",
+    "serve:js": "esbuild \"src/js/pages/*.js\" --bundle --outdir=c:/laragon/www/Berna-Stencil-out/js/pages --watch",
+    "serve:11ty": "eleventy --serve --quiet",
+    "clean": "node _tools/cleanOutput.js",
+    "serve": "npm run clean && concurrently \"npm run serve:11ty\" \"npm run serve:css\" \"npm run serve:js\"",
+    "assistant": "node _tools/assistant.js",
+    "postinstall": "cd src/api/core && composer install"
+  }
 }

package/src/api/.htaccess

@@ -2,16 +2,15 @@
     RewriteEngine On
     RewriteBase /api/
 
-    # 1. Proteggi i file sensibili (come .env o file di log)
-    <FilesMatch "^\.env|composer\.(json|lock)$">
-        Require all denied
-    </FilesMatch>
+    # 1. Permetti index.php
+    RewriteRule ^index\.php$ - [L]
 
-    # 2. Impedisce l'accesso diretto alla cartella core e endpoints
-    # Se qualcuno cerca di navigare in queste cartelle, becca un 403
-    RewriteRule ^(core|endpoints|modules)($|/) - [F,L]
+    # 2. Invece di dare Forbidden [F], manda tutto a index.php
+    # Questo copre config.php e tutte le sottocartelle
+    RewriteRule \.php$ index.php [L]
+    RewriteRule ^(core|endpoints|modules|vendor)($|/) index.php [L]
 
-    # 3. Regola standard per il routing verso il motore
+    # 3. Regola per gli endpoint
     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteCond %{REQUEST_FILENAME} !-d
     RewriteRule ^(.*)$ index.php [QSA,L]

package/src/api/config.php

@@ -0,0 +1,21 @@
+<?php
+declare(strict_types=1);
+
+// Impedisce l'accesso diretto via URL
+if (!defined('CORE_ACCESS')) {
+    http_response_code(403);
+    die('Accesso diretto non consentito.');
+}
+
+return [
+    // Configurazioni di base
+    'API_KEY'              => 'TOKEN',
+    'CORS_ALLOWED_ORIGINS' => '*',
+
+    // Configurazioni per l'invio delle Email
+    'MAIL_HOST'            => 'smtp.gmail.com',
+    'MAIL_PORT'            => 587, // Per i numeri puoi omettere gli apici
+    'MAIL_USERNAME'        => 'YOUR_EMAIL',
+    'MAIL_PASSWORD'        => 'APP_PASSWORD',
+    'MAIL_TO_ADDRESS'      => 'EMAIL_TO_ADDRESS',
+];

package/src/api/core/init.php

@@ -2,16 +2,23 @@
 
 declare(strict_types=1);
 
+// Impedisce l'accesso diretto a questo file
 if (!defined('CORE_ACCESS')) {
-    http_response_code(403);
-    die('Accesso diretto non consentito.');
+    $errorPage = $_SERVER['DOCUMENT_ROOT'] . '/404.html';
+    http_response_code(404);
+    if (file_exists($errorPage)) {
+        header('Content-Type: text/html; charset=UTF-8');
+        echo file_get_contents($errorPage);
+    } else {
+        echo "404 Not Found";
+    }
+    exit;
 }
 
 require_once __DIR__ . '/vendor/autoload.php';
 require_once __DIR__ . '/modules/Response.php';
 
 // --- GESTORE GLOBALE ERRORI E ECCEZIONI ---
-// Trasforma ogni errore PHP in una risposta JSON pulita
 set_exception_handler(function ($exception) {
     Response::error(
         $exception->getMessage(),
@@ -25,21 +32,12 @@ set_error_handler(function ($severity, $message, $file, $line) {
     throw new ErrorException($message, 0, $severity, $file, $line);
 });
 
-// --- CARICAMENTO DOTENV ---
-// dirname(__DIR__, 2) sale di un livello (da api/ a Berna-Stencil-out/)
-try {
-    $dotenv = Dotenv\Dotenv::createImmutable(dirname(__DIR__, 2));
-    $dotenv->load();
-} catch (Exception $e) {
-    Response::error("Impossibile caricare il file .env. Assicurati che esista nella root e si chiami esattamente .env", 500);
-}
-
-$dotenv->required([
-    'API_KEY',
-    'CORS_ALLOWED_ORIGINS',
-]);
+// --- CARICAMENTO CONFIGURAZIONE ---
+// dirname(__DIR__) punta alla cartella /api/ dove ora si trova config.php
+$config = require dirname(__DIR__) . '/config.php';
 
-if (($_ENV['APP_ENV'] ?? 'production') === 'production') {
+// --- CONFIGURAZIONE AMBIENTE ---
+if (($config['APP_ENV'] ?? 'production') === 'production') {
     ini_set('display_errors', '0');
     error_reporting(0);
 } else {

package/src/api/core/modules/Response.php

@@ -2,6 +2,18 @@
 
 declare(strict_types=1);
 
+if (!defined('CORE_ACCESS')) {
+    $errorPage = $_SERVER['DOCUMENT_ROOT'] . '/404.html';
+    http_response_code(404);
+    if (file_exists($errorPage)) {
+        header('Content-Type: text/html; charset=UTF-8');
+        echo file_get_contents($errorPage);
+    } else {
+        echo "404 Not Found";
+    }
+    exit;
+}
+
 class Response
 {
     public static function success(mixed $data = null, int $code = 200): never

package/src/api/index.php

@@ -60,7 +60,7 @@ header('Content-Type: application/json; charset=UTF-8');
 header('Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS');
 header('Access-Control-Allow-Headers: Content-Type, X-Api-Key');
 
-$allowedOrigins = array_filter(array_map('trim', explode(',', $_ENV['CORS_ALLOWED_ORIGINS'] ?? '')));
+$allowedOrigins = array_filter(array_map('trim', explode(',', $config['CORS_ALLOWED_ORIGINS'] ?? '')));
 $origin = $_SERVER['HTTP_ORIGIN'] ?? '';
 
 if (in_array($origin, $allowedOrigins, true) || in_array('*', $allowedOrigins, true)) {
@@ -80,7 +80,7 @@ if ($method === 'OPTIONS') {
 
 if ($isProtected) {
     $apiKey   = $_SERVER['HTTP_X_API_KEY'] ?? '';
-    $validKey = $_ENV['API_KEY'] ?? '';
+    $validKey = $config['API_KEY'] ?? '';
 
     if ($validKey === '' || $apiKey !== $validKey) {
         Response::error('Unauthorized', 401);

package/.env.example

@@ -1,8 +0,0 @@
-API_KEY=TOKEN
-CORS_ALLOWED_ORIGINS=*
-
-MAIL_HOST=smtp.gmail.com
-MAIL_PORT=587
-MAIL_USERNAME=YOUR_EMAIL
-MAIL_PASSWORD=APP_PASSWORD
-MAIL_TO_ADDRESS=EMAIL_TO_ADDRESS

package/src/api/core/.htaccess

@@ -1,2 +0,0 @@
-# Impedisce a chiunque di accedere a questa cartella tramite URL
-Require all denied