create-berna-stencil 1.0.24 → 1.0.26

package/src/api/{index.php → core/index.php}

@@ -5,43 +5,71 @@ declare(strict_types=1);
 define('CORE_ACCESS', true);
 
 /**
- * Caricamento delle dipendenze e configurazione iniziale.
+ * Load dependencies and initial configuration.
  */
-require_once __DIR__ . '/core/init.php';
-require_once __DIR__ . '/core/modules/Response.php';
+require_once __DIR__ . '/init.php';
+require_once __DIR__ . '/modules/Response.php';
 
 // =====================================================
-// 1. ANALISI DELLA RICHIESTA (REQUEST PARSING)
+// 1. REQUEST PARSING
 // =====================================================
 
 $method = $_SERVER['REQUEST_METHOD'];
 $uri    = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
 
-// Pulizia URI: rimuoviamo /api e eventuali slash finali
 $uri    = rtrim(preg_replace('#^/api#', '', $uri), '/') ?: '/';
 $parts  = array_values(array_filter(explode('/', $uri)));
 
-$resource = $parts[0] ?? null;
-
 // =====================================================
-// 2. RISOLUZIONE ENDPOINT (ROUTING)
+// 2. ENDPOINT RESOLUTION (ROUTING WITH SUBDIRECTORIES)
 // =====================================================
 
-$publicPath    = __DIR__ . '/endpoints/public/'    . $resource . '.php';
-$protectedPath = __DIR__ . '/endpoints/protected/' . $resource . '.php';
+$basePublic    = __DIR__ . '/../endpoints/public/';
+$baseProtected = __DIR__ . '/../endpoints/protected/';
+
+$endpointFile  = null;
+$isProtected   = false;
+$requestParams = [];
+
+// Temporary variables for the lookup loop
+$checkParts = $parts;
+$params     = [];
+
+/**
+ * Dynamic routing logic: find the deepest matching endpoint file.
+ * At each iteration, the last URL segment is peeled off and stored
+ * as a route parameter until a matching file is found.
+ */
+while (count($checkParts) > 0) {
+    $relativePath = implode('/', $checkParts) . '.php';
+
+    // Check first whether this is a public route
+    if (file_exists($basePublic . $relativePath)) {
+        $endpointFile = $basePublic . $relativePath;
+        $isProtected  = false;
+        break;
+    }
+
+    // Then check whether this is a protected route
+    if (file_exists($baseProtected . $relativePath)) {
+        $endpointFile = $baseProtected . $relativePath;
+        $isProtected  = true;
+        break;
+    }
 
-$isPublic    = $resource !== null && file_exists($publicPath);
-$isProtected = $resource !== null && file_exists($protectedPath);
+    // No file matched: treat the last segment as a route parameter and try again
+    array_unshift($params, array_pop($checkParts));
+}
 
 /**
- * SE L'ENDPOINT NON ESISTE (RITORNO HTML 404)
+ * IF THE ENDPOINT DOES NOT EXIST, RETURN AN HTML 404 PAGE.
  */
-if (!$isPublic && !$isProtected) {
+if (!$endpointFile) {
     http_response_code(404);
-    
-    // Cerchiamo il file 404.html generato da Eleventy nella root di Laragon
+
+    // Look for the 404.html file generated by Eleventy in the server document root
     $errorPage = $_SERVER['DOCUMENT_ROOT'] . '/404.html';
-    
+
     if (file_exists($errorPage)) {
         header('Content-Type: text/html; charset=UTF-8');
         echo file_get_contents($errorPage);
@@ -53,7 +81,7 @@ if (!$isPublic && !$isProtected) {
 }
 
 // =====================================================
-// 3. HEADERS E CORS (Solo se l'endpoint esiste)
+// 3. HEADERS AND CORS (Only if the endpoint exists)
 // =====================================================
 
 header('Content-Type: application/json; charset=UTF-8');
@@ -75,7 +103,7 @@ if ($method === 'OPTIONS') {
 }
 
 // =====================================================
-// 4. GUARDIA DI AUTENTICAZIONE
+// 4. AUTHENTICATION GUARD
 // =====================================================
 
 if ($isProtected) {
@@ -83,15 +111,16 @@ if ($isProtected) {
     $validKey = $config['API_KEY'] ?? '';
 
     if ($validKey === '' || $apiKey !== $validKey) {
-        Response::error('Unauthorized', 401);
+        Response::error('Unauthorized. X_API_KEY is incorrect or missing', 401);
     }
 }
 
 // =====================================================
-// 5. ESECUZIONE (DISPATCH)
+// 5. DISPATCH
 // =====================================================
 
-$requestParams = array_slice($parts, 1);
+// Parameters are the remaining URL segments not consumed during endpoint resolution
+$requestParams = $params;
 
-// Carica il file dell'endpoint richiesto
-require $isProtected ? $protectedPath : $publicPath;
+// Load and execute the matched endpoint file
+require $endpointFile;

package/src/api/core/init.php

@@ -2,19 +2,6 @@
 
 declare(strict_types=1);
 
-// Impedisce l'accesso diretto a questo file
-if (!defined('CORE_ACCESS')) {
-    $errorPage = $_SERVER['DOCUMENT_ROOT'] . '/404.html';
-    http_response_code(404);
-    if (file_exists($errorPage)) {
-        header('Content-Type: text/html; charset=UTF-8');
-        echo file_get_contents($errorPage);
-    } else {
-        echo "404 Not Found";
-    }
-    exit;
-}
-
 require_once __DIR__ . '/vendor/autoload.php';
 require_once __DIR__ . '/modules/Response.php';
 

package/src/api/core/vendor/composer/installed.php

@@ -3,7 +3,7 @@
         'name' => '__root__',
         'pretty_version' => 'dev-main',
         'version' => 'dev-main',
-        'reference' => '7a680244883ce58f9dc698ec645fb54b20742eaf',
+        'reference' => 'a6cf6a6a677f9f341c6206144990bb04047857bf',
         'type' => 'library',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -13,7 +13,7 @@
         '__root__' => array(
             'pretty_version' => 'dev-main',
             'version' => 'dev-main',
-            'reference' => '7a680244883ce58f9dc698ec645fb54b20742eaf',
+            'reference' => 'a6cf6a6a677f9f341c6206144990bb04047857bf',
             'type' => 'library',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),

package/src/api/database/Database.php

@@ -0,0 +1,24 @@
+<?php
+declare(strict_types=1);
+
+class Database {
+    private static ?PDO $instance = null;
+
+    private function __construct() {}
+
+    public static function getInstance(): PDO {
+        if (self::$instance === null) {
+            $config = require __DIR__ . '/../config.php';
+            
+            $dsn = "mysql:host={$config['DB_HOST']};dbname={$config['DB_NAME']};charset=utf8mb4";
+            $options = [
+                PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+                PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+                PDO::ATTR_EMULATE_PREPARES   => false,
+            ];
+
+            self::$instance = new PDO($dsn, $config['DB_USER'], $config['DB_PASS'], $options);
+        }
+        return self::$instance;
+    }
+}

package/src/api/database/migrations/create_example_db.sql

@@ -0,0 +1 @@
+CREATE DATABASE example_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

package/src/api/database/migrations/create_users_table.sql

@@ -0,0 +1,9 @@
+USE example_db;
+
+CREATE TABLE IF NOT EXISTS users (
+    id INT AUTO_INCREMENT PRIMARY KEY,
+    nickname VARCHAR(50) NOT NULL UNIQUE,
+    email VARCHAR(255) NOT NULL UNIQUE,
+    password VARCHAR(255) NOT NULL,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

package/src/api/database/models/User.php

@@ -0,0 +1,61 @@
+<?php
+declare(strict_types=1);
+
+require_once __DIR__ . '/../Database.php';
+
+class User {
+    private PDO $db;
+
+    public function __construct() {
+        $this->db = Database::getInstance();
+    }
+
+    public function getAll(): array {
+        return $this->db->query("SELECT id, nickname, email, created_at FROM users")->fetchAll();
+    }
+
+    public function getById(int $id): ?array {
+        $stmt = $this->db->prepare("SELECT id, nickname, email, created_at FROM users WHERE id = :id");
+        $stmt->execute(['id' => $id]);
+        return $stmt->fetch() ?: null;
+    }
+
+    public function findByEmail(string $email): ?array {
+        $stmt = $this->db->prepare("SELECT id, nickname, email, password, created_at FROM users WHERE email = :email");
+        $stmt->execute(['email' => filter_var(trim($email), FILTER_SANITIZE_EMAIL)]);
+        return $stmt->fetch() ?: null;
+    }
+
+    public function create(string $nickname, string $email, string $password = ''): int {
+        $stmt = $this->db->prepare("INSERT INTO users (nickname, email, password) VALUES (:nickname, :email, :password)");
+        $stmt->execute([
+            'nickname' => htmlspecialchars(strip_tags(trim($nickname))),
+            'email'    => filter_var(trim($email), FILTER_SANITIZE_EMAIL),
+            'password' => $password !== '' ? password_hash($password, PASSWORD_BCRYPT) : '',
+        ]);
+        return (int)$this->db->lastInsertId();
+    }
+
+    public function update(int $id, array $data): bool {
+        $fields = [];
+        $params = ['id' => $id];
+
+        if (isset($data['nickname'])) {
+            $fields[] = 'nickname = :nickname';
+            $params['nickname'] = htmlspecialchars(strip_tags($data['nickname']));
+        }
+        if (isset($data['email'])) {
+            $fields[] = 'email = :email';
+            $params['email'] = filter_var($data['email'], FILTER_SANITIZE_EMAIL);
+        }
+
+        if (empty($fields)) return false;
+
+        $sql = "UPDATE users SET " . implode(', ', $fields) . " WHERE id = :id";
+        return $this->db->prepare($sql)->execute($params);
+    }
+
+    public function delete(int $id): bool {
+        return $this->db->prepare("DELETE FROM users WHERE id = :id")->execute(['id' => $id]);
+    }
+}

package/src/api/endpoints/protected/auth-system.php

@@ -0,0 +1,63 @@
+<?php
+declare(strict_types=1);
+
+
+// 2. Richiamo il tuo modulo Response e il Modello
+require_once __DIR__ . '/../../core/modules/Response.php';
+require_once __DIR__ . '/../../database/models/User.php';
+
+$user = new User();
+$id = isset($requestParams[0]) ? (int)$requestParams[0] : null;
+$input = json_decode(file_get_contents('php://input'), true) ?? [];
+
+try {
+    switch ($method) {
+        case 'GET':
+            $data = $id ? $user->getById($id) : $user->getAll();
+            if ($id && !$data) {
+                Response::error('User not found', 404);
+            }
+            // Sostituito con Response::success()
+            Response::success($data);
+            break;
+
+        case 'POST':
+            if (empty($input['nickname']) || empty($input['email'])) {
+                Response::error('Missing fields', 400);
+            }
+            if (!filter_var($input['email'], FILTER_VALIDATE_EMAIL)) {
+                Response::error('Invalid email', 400);
+            }
+            
+            $newId = $user->create($input['nickname'], $input['email']);
+            http_response_code(201);
+            Response::success(['message' => 'Created', 'id' => $newId]);
+            break;
+
+        case 'PUT':
+        case 'PATCH':
+            if (!$id) Response::error('ID required', 400);
+            if (!$user->update($id, $input)) {
+                Response::error('Not found or no changes', 404);
+            }
+            Response::success(['message' => 'Updated']);
+            break;
+
+        case 'DELETE':
+            if (!$id) Response::error('ID required', 400);
+            if (!$user->delete($id)) {
+                Response::error('Not found', 404);
+            }
+            Response::success(['message' => 'Deleted']);
+            break;
+
+        default:
+            Response::error('Method not allowed', 405);
+            break;
+    }
+} catch (PDOException $e) {
+    if ($e->getCode() === '23000') {
+        Response::error('Nickname or email already exists', 409);
+    }
+    Response::error('Database error', 500);
+}

package/src/api/endpoints/protected/example-protected.php

@@ -0,0 +1,17 @@
+<?php
+declare(strict_types=1);
+
+require_once __DIR__ . '/../../core/modules/Response.php';
+
+if ($method !== 'GET') {
+    Response::error('Method not allowed', 405);
+}
+
+Response::success([
+    'message'    => 'Protected endpoint is working',
+    'params'     => $requestParams,
+]);
+
+Response::error([
+    'message'    => 'Error text',
+]);

package/src/api/endpoints/public/auth/login.php

@@ -0,0 +1,34 @@
+<?php
+declare(strict_types=1);
+
+require_once __DIR__ . '/../../../core/modules/Response.php';
+require_once __DIR__ . '/../../../database/models/User.php';
+
+if ($method !== 'POST') {
+    Response::error('Method not allowed', 405);
+}
+
+$input = json_decode(file_get_contents('php://input'), true) ?? [];
+
+$email    = trim(filter_var($input['email'] ?? '', FILTER_SANITIZE_EMAIL));
+$password = trim($input['password'] ?? '');
+
+if (empty($email) || empty($password)) {
+    Response::error('Missing fields', 400);
+}
+
+if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+    Response::error('Invalid email', 400);
+}
+
+$user  = new User();
+$found = $user->findByEmail($email);
+
+if (!$found || !password_verify($password, $found['password'])) {
+    Response::error('Invalid credentials', 401);
+}
+
+unset($found['password']);
+Response::success([
+    'user'    => $found,
+]);

package/src/api/endpoints/public/auth/register.php

@@ -0,0 +1,39 @@
+<?php
+declare(strict_types=1);
+
+require_once __DIR__ . '/../../../core/modules/Response.php';
+require_once __DIR__ . '/../../../database/models/User.php';
+
+if ($method !== 'POST') {
+    Response::error('Method not allowed', 405);
+}
+
+$input = json_decode(file_get_contents('php://input'), true) ?? [];
+
+$nickname = htmlspecialchars(strip_tags(trim($input['nickname'] ?? '')));
+$email    = trim(filter_var($input['email'] ?? '', FILTER_SANITIZE_EMAIL));
+$password = trim($input['password'] ?? '');
+
+if (empty($nickname) || empty($email) || empty($password)) {
+    Response::error('Missing fields', 400);
+}
+
+if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+    Response::error('Invalid email', 400);
+}
+
+if (strlen($password) < 8) {
+    Response::error('Password must be at least 8 characters', 400);
+}
+
+try {
+    $user  = new User();
+    $newId = $user->create($nickname, $email, $password);
+    http_response_code(201);
+    Response::success(['id' => $newId]);
+} catch (PDOException $e) {
+    if ($e->getCode() === '23000') {
+        Response::error('Nickname or email already exists', 409);
+    }
+    Response::error('Database error', 500);
+}

package/src/api/endpoints/public/example-public.php

@@ -0,0 +1,17 @@
+<?php
+declare(strict_types=1);
+
+require_once __DIR__ . '/../../core/modules/Response.php';
+
+if ($method !== 'GET') {
+    Response::error('Method not allowed', 405);
+}
+
+Response::success([
+    'message'    => 'Public endpoint is working',
+    'params'     => $requestParams,
+]);
+
+Response::error([
+    'message'    => 'Error text',
+]);

package/src/api/web.config

@@ -4,35 +4,17 @@
         <rewrite>
             <rules>
                 
-                <!-- 1. Permetti index.php (- [L]) -->
+                <!-- 1. Permetti l'esecuzione diretta solo a index.php -->
                 <rule name="Allow API index.php" stopProcessing="true">
-                    <match url="^index\.php$" ignoreCase="true" />
+                    <match url="^core/index\.php$" ignoreCase="true" />
                     <action type="None" />
                 </rule>
 
-                <!-- 2a. Manda tutti gli altri file .php a index.php -->
-                <rule name="Route other PHP to index" stopProcessing="true">
-                    <match url="\.php$" ignoreCase="true" />
-                    <action type="Rewrite" url="index.php" />
-                </rule>
-
-                <!-- 2b. Manda le richieste per le sottocartelle protette a index.php -->
-                <rule name="Protect Core API Directories" stopProcessing="true">
-                    <match url="^(core|endpoints|modules|vendor)($|/)" ignoreCase="true" />
-                    <action type="Rewrite" url="index.php" />
-                </rule>
-
-                <!-- 3. Regola per gli endpoint (se non è un file o una cartella, vai a index.php) -->
-                <rule name="API Endpoints Front Controller" stopProcessing="true">
+                <!-- 2. Front Controller: Invia TUTTO il resto a index.php -->
+                <!-- Nessun controllo sull'esistenza di file o directory. -->
+                <rule name="API Endpoints Front Controller Catch-All" stopProcessing="true">
                     <match url="^(.*)$" ignoreCase="true" />
-                    <conditions logicalGrouping="MatchAll">
-                        <!-- !-f -->
-                        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
-                        <!-- !-d -->
-                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
-                    </conditions>
-                    <!-- appendQueryString="true" equivale al flag [QSA] di Apache -->
-                    <action type="Rewrite" url="index.php" appendQueryString="true" />
+                    <action type="Rewrite" url="core/index.php" appendQueryString="true" />
                 </rule>
 
             </rules>

package/src/components/exampleComponent.njk

@@ -3,10 +3,13 @@
   <h2 data-lang-key="test"></h2>
 
   <div class="btn-group" role="group">
-    <input type="radio" class="btn-check" name="lang-switcher" id="lang-en" value="en"/>
+
+    {# enLangName is the key that contains the language name accordint to the current language #}
+    <input type="radio" class="btn-check" name="lang-button" id="lang-en" value="en"/>
     <label class="btn btn-outline-primary" for="lang-en" data-lang-key="enLangName"></label>
 
-    <input type="radio" class="btn-check" name="lang-switcher" id="lang-it" value="it"/>
+    {# itLangName is the key that contains the language name accordint to the current language #}
+    <input type="radio" class="btn-check" name="lang-button" id="lang-it" value="it"/>
     <label class="btn btn-outline-primary" for="lang-it" data-lang-key="itLangName"></label>
   </div>
 </div>

package/src/components/layouts/base.njk

@@ -25,7 +25,7 @@
         <meta property="og:type" content="website">
         <meta property="og:url" content="{{ site.url }}{{ page.url }}">
         <meta property="og:image" content="{{ site.url }}{{ site.logo }}">
-        <meta property="og:site_name" content="{{ site.site_name }}">
+        <meta property="og:site-name" content="{{ site.site-name }}">
 
         <!-- Twitter Card -->
         <meta name="twitter:card" content="summary_large_image">
@@ -33,6 +33,31 @@
         <meta name="twitter:description" content="{{ pageData.seo.description }}">
         <meta name="twitter:image" content="{{ site.url }}{{ site.logo }}">
 
+        <!-- ========================================== -->
+        <!-- JSON-LD / Structured data for SEO and AI   -->
+        <!-- ========================================== -->
+        <script type="application/ld+json">
+        {
+            "@context": "https://schema.org",
+            "@type": "WebPage",
+            "name": "{{ pageData.seo.title or title or site.title }}",
+            "description": "{{ pageData.seo.description or site.description }}",
+            "url": "{{ site.url }}{{ page.url }}",
+            "author": {
+                "@type": "Person",
+                "name": "{{ site.author }}"
+            },
+            "publisher": {
+                "@type": "Organization",
+                "name": "{{ site.site_name }}",
+                "logo": {
+                    "@type": "ImageObject",
+                    "url": "{{ site.url }}{{ site.logo }}"
+                }
+            }
+        }
+        </script>
+
         <!-- Favicon -->
         <link rel="icon" type="image/svg+xml" href="{{ site.favicon }}">
         <!-- (If you want to use a PNG favicon) -->

package/src/data/site.json

@@ -1,54 +1,54 @@
-{
-  "site_name": "Site name",
-  "title": "Site title",
-  "description": "Site description",
-  "keywords": "keyword1, keyword2, keyword3",
-  "domain": "yoursite.com",
-  "url": "https://yoursite.com",
-  "lang": "en",
-  "author": "Name and surname",
-  "data_bs_theme": "dark",
-  "favicon": "/assets/brand/favicon.svg",
-  "logo": "/assets/brand/logo.svg",
-  "copyright": {
-    "year": "2026",
-    "text": "Copyright text"
-  },
-  "legal": {
-    "privacy": "",
-    "cookie": "",
-    "cookieControls": "",
-    "terms": ""
-  },
-  "pages": {
-    "404": {
-      "seo": {
-        "title": "404 - Not found"
-      },
-      "cdn": {
-        "css": [],
-        "js": []
-      }
-    },
-    "homepage": {
-      "seo": {
-        "title": "Homepage",
-        "description": "Description"
-      },
-      "cdn": {
-        "css": [],
-        "js": []
-      }
-    },
-    "anotherPage": {
-      "seo": {
-        "title": "Another Page",
-        "description": "description"
-      },
-      "cdn": {
-        "css": [],
-        "js": []
-      }
-    }
-  }
+{
+  "site_name": "Site name",
+  "title": "Site title",
+  "description": "Site description",
+  "keywords": "keyword1, keyword2, keyword3",
+  "domain": "yoursite.com",
+  "url": "https://yoursite.com",
+  "lang": "en",
+  "author": "Name and surname",
+  "data_bs_theme": "dark",
+  "favicon": "/assets/brand/favicon.svg",
+  "logo": "/assets/brand/logo.svg",
+  "copyright": {
+    "year": "2026",
+    "text": "Copyright text"
+  },
+  "legal": {
+    "privacy": "",
+    "cookie": "",
+    "cookieControls": "",
+    "terms": ""
+  },
+  "pages": {
+    "404": {
+      "seo": {
+        "title": "404 - Not found"
+      },
+      "cdn": {
+        "css": [],
+        "js": []
+      }
+    },
+    "homepage": {
+      "seo": {
+        "title": "Homepage",
+        "description": "Description"
+      },
+      "cdn": {
+        "css": [],
+        "js": []
+      }
+    },
+    "anotherPage": {
+      "seo": {
+        "title": "Another Page",
+        "description": "description"
+      },
+      "cdn": {
+        "css": [],
+        "js": []
+      }
+    }
+  }
 }