create-berna-stencil 1.0.45 → 1.0.46

package/.eleventy.js

@@ -4,7 +4,7 @@ const Image = require("@11ty/eleventy-img");
 const fs = require("fs");
 const path = require("path");
 
-const OUTPUT_DIR = "c:/laragon/www/Berna-Stencil-out";
+const OUTPUT_DIR = "out";
 
 module.exports = function (eleventyConfig) {
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-berna-stencil",
-  "version": "1.0.45",
+  "version": "1.0.46",
   "description": "Eleventy boilerplate with per-page SCSS/JS pipeline, esbuild bundling, multi-framework CSS support and a built-in page management CLI",
   "keywords": [
     "eleventy",
@@ -60,12 +60,12 @@
     "sass": "^1.77.0"
   },
   "scripts": {
-    "build:css": "sass src/frontend/scss:c:/laragon/www/Berna-Stencil-out/css --no-source-map --style=compressed --quiet",
-    "build:js": "esbuild \"src/frontend/js/pages/*.js\" --bundle --outdir=c:/laragon/www/Berna-Stencil-out/js/pages --minify",
+    "build:css": "sass src/frontend/scss:out/css --no-source-map --style=compressed --quiet",
+    "build:js": "esbuild \"src/frontend/js/pages/*.js\" --bundle --outdir=out/js/pages --minify",
     "build:11ty": "eleventy",
     "build": "npm run build:css && npm run build:js && npm run build:11ty",
-    "serve:css": "sass --watch src/frontend/scss:c:/laragon/www/Berna-Stencil-out/css --no-source-map --quiet",
-    "serve:js": "esbuild \"src/frontend/js/pages/*.js\" --bundle --outdir=c:/laragon/www/Berna-Stencil-out/js/pages --watch",
+    "serve:css": "sass --watch src/frontend/scss:out/css --no-source-map --quiet",
+    "serve:js": "esbuild \"src/frontend/js/pages/*.js\" --bundle --outdir=out/js/pages --watch",
     "serve:11ty": "eleventy --serve --quiet",
     "clean": "node _tools/cleanOutput.js",
     "serve": "npm run clean && concurrently \"npm run serve:11ty\" \"npm run serve:css\" \"npm run serve:js\"",

package/src/backend/_core/index.php

@@ -3,6 +3,7 @@
 declare(strict_types=1);
 
 define('CORE_ACCESS', true);
+define('CORE_PATH', __DIR__);
 
 /**
  * Load dependencies and initial configuration.
@@ -87,15 +88,7 @@ if (!$endpointFile) {
 header('Content-Type: application/json; charset=UTF-8');
 header('Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS');
 header('Access-Control-Allow-Headers: Content-Type, X-Api-Key');
-
-$allowedOrigins = array_filter(array_map('trim', explode(',', $config['CORS_ALLOWED_ORIGINS'] ?? '')));
-$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
-
-if (in_array($origin, $allowedOrigins, true) || in_array('*', $allowedOrigins, true)) {
-    header("Access-Control-Allow-Origin: $origin");
-} else {
-    header("Access-Control-Allow-Origin: " . ($allowedOrigins[0] ?? ''));
-}
+header('Access-Control-Allow-Origin: *');
 
 if ($method === 'OPTIONS') {
     http_response_code(204);
@@ -107,8 +100,11 @@ if ($method === 'OPTIONS') {
 // =====================================================
 
 if ($isProtected) {
-    $apiKey   = $_SERVER['HTTP_X_API_KEY'] ?? '';
-    $validKey = $config['API_KEY'] ?? '';
+    $relPath   = str_replace($baseProtected, '', $endpointFile);
+    $relPath   = str_replace('.php', '', str_replace('\\', '/', $relPath));
+
+    $validKey  = $config['ENDPOINT_KEYS'][$relPath] ?? $config['API_KEY'] ?? '';
+    $apiKey    = $_SERVER['HTTP_X_API_KEY'] ?? '';
 
     if ($validKey === '' || $apiKey !== $validKey) {
         Response::error('Unauthorized. X_API_KEY is incorrect or missing', 401);

package/src/backend/api/protected/auth-system.php

@@ -3,9 +3,13 @@ declare(strict_types=1);
 
 
 // 2. Richiamo il tuo modulo Response e il Modello
-require_once __DIR__ . '/../../_core/modules/Response.php';
+require_once CORE_PATH . '/modules/Response.php';
 require_once __DIR__ . '/../../database/models/User.php';
 
+//
+// Your protected endpoint logic here. You can access route parameters in $requestParams array
+//
+
 $user = new User();
 $id = isset($requestParams[0]) ? (int)$requestParams[0] : null;
 $input = json_decode(file_get_contents('php://input'), true) ?? [];

package/src/backend/api/protected/{example-protected.php → subfolder/example-protected.php}

@@ -1,12 +1,16 @@
 <?php
 declare(strict_types=1);
 
-require_once __DIR__ . '/../../_core/modules/Response.php';
+require_once CORE_PATH . '/modules/Response.php';
 
 if ($method !== 'GET') {
     Response::error('Method not allowed', 405);
 }
 
+//
+// Your protected endpoint logic here. You can access route parameters in $requestParams array
+//
+
 Response::success([
     'message'    => 'Protected endpoint is working',
     'params'     => $requestParams,

package/src/backend/api/public/auth/login.php

@@ -1,13 +1,17 @@
 <?php
 declare(strict_types=1);
 
-require_once __DIR__ . '/../../../_core/modules/Response.php';
+require_once CORE_PATH . '/modules/Response.php';
 require_once __DIR__ . '/../../../database/models/User.php';
 
 if ($method !== 'POST') {
     Response::error('Method not allowed', 405);
 }
 
+//
+// Your protected endpoint logic here. You can access route parameters in $requestParams array
+//
+
 $input = json_decode(file_get_contents('php://input'), true) ?? [];
 
 $email    = trim(filter_var($input['email'] ?? '', FILTER_SANITIZE_EMAIL));

package/src/backend/api/public/auth/register.php

@@ -1,13 +1,18 @@
 <?php
 declare(strict_types=1);
 
-require_once __DIR__ . '/../../../_core/modules/Response.php';
+require_once CORE_PATH . '/modules/Response.php';
 require_once __DIR__ . '/../../../database/models/User.php';
 
 if ($method !== 'POST') {
     Response::error('Method not allowed', 405);
 }
 
+//
+// Your protected endpoint logic here. You can access route parameters in $requestParams array
+//
+
+
 $input = json_decode(file_get_contents('php://input'), true) ?? [];
 
 $nickname = htmlspecialchars(strip_tags(trim($input['nickname'] ?? '')));

package/src/backend/api/public/example-public.php

@@ -1,12 +1,16 @@
 <?php
 declare(strict_types=1);
 
-require_once __DIR__ . '/../../_core/modules/Response.php';
+require_once CORE_PATH . '/modules/Response.php';
 
 if ($method !== 'GET') {
     Response::error('Method not allowed', 405);
 }
 
+//
+// Your protected endpoint logic here. You can access route parameters in $requestParams array
+//
+
 Response::success([
     'message'    => 'Public endpoint is working',
     'params'     => $requestParams,

package/src/backend/config.example.php

@@ -2,9 +2,15 @@
 declare(strict_types=1);
 
 return [
-    'API_KEY' => 'YOUR_TOKEN', // This must be give only to trusted clients to access protected endpoints directly
-    'CORS_ALLOWED_ORIGINS' => '*',
+    'API_KEY' => 'DEFAULT_KEY', // Default key for protected endpoints that don't have a specific key in ENDPOINT_KEYS
 
+    // If you want restrict access to protected endpoints to specific clients, you can define custom keys for each endpoint
+    // For subfolder endpoints, use the relative path ('subfolder/endpoint')
+    'ENDPOINT_KEYS' => [
+    'subfolder/example-protected'    => 'example-key',
+    ],
+
+    // Database configuration
     'DB_HOST' => '127.0.0.1',
     'DB_NAME' => 'example_db',
     'DB_USER' => 'root',

package/src/backend/config.php

@@ -2,9 +2,15 @@
 declare(strict_types=1);
 
 return [
-    'API_KEY' => 'YOUR_TOKEN', // This must be give only to trusted clients to access protected endpoints directly
-    'CORS_ALLOWED_ORIGINS' => '*',
+    'API_KEY' => 'DEFAULT_KEY', // Default key for protected endpoints that don't have a specific key in ENDPOINT_KEYS
 
+    // If you want restrict access to protected endpoints to specific clients, you can define custom keys for each endpoint
+    // For subfolder endpoints, use the relative path ('subfolder/endpoint')
+    'ENDPOINT_KEYS' => [
+    'subfolder/example-protected'    => 'example-key',
+    ],
+
+    // Database configuration
     'DB_HOST' => '127.0.0.1',
     'DB_NAME' => 'example_db',
     'DB_USER' => 'root',