create-berna-stencil 1.0.45 → 1.0.47

package/.eleventy.js

@@ -4,7 +4,7 @@ const Image = require("@11ty/eleventy-img");
 const fs = require("fs");
 const path = require("path");
 
-const OUTPUT_DIR = "c:/laragon/www/Berna-Stencil-out";
+const OUTPUT_DIR = "out";
 
 module.exports = function (eleventyConfig) {
 

package/_tools/res/templates/template.scss

@@ -2,9 +2,13 @@
 // CSS MODULES IMPORTS
 //==========================
 
+// Use @use with a namespace to avoid framework variable conflicts:
+// Example: root.$primary
 @use "../modules/root" as root;
 
+// This global module contains the import framework, necessary modules for each page and any other common styles
 @import "../modules/global";
+
 // Import any other module you need by import down here
 @import "../modules/notification";
 
@@ -12,6 +16,8 @@
 // PAGE CUSTOM CSS RULES
 //==========================
 
+// Add any custom rule specific to this page below
+// These rules override the framework and module styles
 // body {
 //     background-color: root.$primary;
 // }

package/bin/create.js

@@ -15,7 +15,7 @@ const COPY_TARGETS = [
 
 const PROJECT_PACKAGE = {
     name: path.basename(targetDir),
-    version: '1.0.37',
+    version: '1.0.47',
     private: true,
     scripts: {
         "build:css": "sass src/frontend/scss:out/css --no-source-map --style=compressed --quiet",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-berna-stencil",
-  "version": "1.0.45",
+  "version": "1.0.47",
   "description": "Eleventy boilerplate with per-page SCSS/JS pipeline, esbuild bundling, multi-framework CSS support and a built-in page management CLI",
   "keywords": [
     "eleventy",
@@ -60,12 +60,12 @@
     "sass": "^1.77.0"
   },
   "scripts": {
-    "build:css": "sass src/frontend/scss:c:/laragon/www/Berna-Stencil-out/css --no-source-map --style=compressed --quiet",
-    "build:js": "esbuild \"src/frontend/js/pages/*.js\" --bundle --outdir=c:/laragon/www/Berna-Stencil-out/js/pages --minify",
+    "build:css": "sass src/frontend/scss:out/css --no-source-map --style=compressed --quiet",
+    "build:js": "esbuild \"src/frontend/js/pages/*.js\" --bundle --outdir=out/js/pages --minify",
     "build:11ty": "eleventy",
     "build": "npm run build:css && npm run build:js && npm run build:11ty",
-    "serve:css": "sass --watch src/frontend/scss:c:/laragon/www/Berna-Stencil-out/css --no-source-map --quiet",
-    "serve:js": "esbuild \"src/frontend/js/pages/*.js\" --bundle --outdir=c:/laragon/www/Berna-Stencil-out/js/pages --watch",
+    "serve:css": "sass --watch src/frontend/scss:out/css --no-source-map --quiet",
+    "serve:js": "esbuild \"src/frontend/js/pages/*.js\" --bundle --outdir=out/js/pages --watch",
     "serve:11ty": "eleventy --serve --quiet",
     "clean": "node _tools/cleanOutput.js",
     "serve": "npm run clean && concurrently \"npm run serve:11ty\" \"npm run serve:css\" \"npm run serve:js\"",

package/src/backend/_core/index.php

@@ -3,6 +3,7 @@
 declare(strict_types=1);
 
 define('CORE_ACCESS', true);
+define('CORE_PATH', __DIR__);
 
 /**
  * Load dependencies and initial configuration.
@@ -87,15 +88,7 @@ if (!$endpointFile) {
 header('Content-Type: application/json; charset=UTF-8');
 header('Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS');
 header('Access-Control-Allow-Headers: Content-Type, X-Api-Key');
-
-$allowedOrigins = array_filter(array_map('trim', explode(',', $config['CORS_ALLOWED_ORIGINS'] ?? '')));
-$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
-
-if (in_array($origin, $allowedOrigins, true) || in_array('*', $allowedOrigins, true)) {
-    header("Access-Control-Allow-Origin: $origin");
-} else {
-    header("Access-Control-Allow-Origin: " . ($allowedOrigins[0] ?? ''));
-}
+header('Access-Control-Allow-Origin: *');
 
 if ($method === 'OPTIONS') {
     http_response_code(204);
@@ -107,8 +100,11 @@ if ($method === 'OPTIONS') {
 // =====================================================
 
 if ($isProtected) {
-    $apiKey   = $_SERVER['HTTP_X_API_KEY'] ?? '';
-    $validKey = $config['API_KEY'] ?? '';
+    $relPath   = str_replace($baseProtected, '', $endpointFile);
+    $relPath   = str_replace('.php', '', str_replace('\\', '/', $relPath));
+
+    $validKey  = $config['ENDPOINT_KEYS'][$relPath] ?? $config['API_KEY'] ?? '';
+    $apiKey    = $_SERVER['HTTP_X_API_KEY'] ?? '';
 
     if ($validKey === '' || $apiKey !== $validKey) {
         Response::error('Unauthorized. X_API_KEY is incorrect or missing', 401);

package/src/backend/api/protected/auth-system.php

@@ -3,9 +3,13 @@ declare(strict_types=1);
 
 
 // 2. Richiamo il tuo modulo Response e il Modello
-require_once __DIR__ . '/../../_core/modules/Response.php';
+require_once CORE_PATH . '/modules/Response.php';
 require_once __DIR__ . '/../../database/models/User.php';
 
+//
+// Your protected endpoint logic here. You can access route parameters in $requestParams array
+//
+
 $user = new User();
 $id = isset($requestParams[0]) ? (int)$requestParams[0] : null;
 $input = json_decode(file_get_contents('php://input'), true) ?? [];

package/src/backend/api/protected/{example-protected.php → subfolder/example-protected.php}

@@ -1,17 +1,17 @@
 <?php
 declare(strict_types=1);
 
-require_once __DIR__ . '/../../_core/modules/Response.php';
+require_once CORE_PATH . '/modules/Response.php';
 
 if ($method !== 'GET') {
     Response::error('Method not allowed', 405);
 }
 
+//
+// Your protected endpoint logic here. You can access route parameters in $requestParams array
+//
+
 Response::success([
     'message'    => 'Protected endpoint is working',
     'params'     => $requestParams,
-]);
-
-Response::error([
-    'message'    => 'Error text',
 ]);

package/src/backend/api/public/auth/login.php

@@ -1,13 +1,17 @@
 <?php
 declare(strict_types=1);
 
-require_once __DIR__ . '/../../../_core/modules/Response.php';
+require_once CORE_PATH . '/modules/Response.php';
 require_once __DIR__ . '/../../../database/models/User.php';
 
 if ($method !== 'POST') {
     Response::error('Method not allowed', 405);
 }
 
+//
+// Your protected endpoint logic here. You can access route parameters in $requestParams array
+//
+
 $input = json_decode(file_get_contents('php://input'), true) ?? [];
 
 $email    = trim(filter_var($input['email'] ?? '', FILTER_SANITIZE_EMAIL));

package/src/backend/api/public/auth/register.php

@@ -1,13 +1,18 @@
 <?php
 declare(strict_types=1);
 
-require_once __DIR__ . '/../../../_core/modules/Response.php';
+require_once CORE_PATH . '/modules/Response.php';
 require_once __DIR__ . '/../../../database/models/User.php';
 
 if ($method !== 'POST') {
     Response::error('Method not allowed', 405);
 }
 
+//
+// Your protected endpoint logic here. You can access route parameters in $requestParams array
+//
+
+
 $input = json_decode(file_get_contents('php://input'), true) ?? [];
 
 $nickname = htmlspecialchars(strip_tags(trim($input['nickname'] ?? '')));

package/src/backend/api/public/example-public.php

@@ -1,17 +1,17 @@
 <?php
 declare(strict_types=1);
 
-require_once __DIR__ . '/../../_core/modules/Response.php';
+require_once CORE_PATH . '/modules/Response.php';
 
 if ($method !== 'GET') {
     Response::error('Method not allowed', 405);
 }
 
+//
+// Your protected endpoint logic here. You can access route parameters in $requestParams array
+//
+
 Response::success([
     'message'    => 'Public endpoint is working',
     'params'     => $requestParams,
-]);
-
-Response::error([
-    'message'    => 'Error text',
 ]);

package/src/backend/config.example.php

@@ -2,9 +2,15 @@
 declare(strict_types=1);
 
 return [
-    'API_KEY' => 'YOUR_TOKEN', // This must be give only to trusted clients to access protected endpoints directly
-    'CORS_ALLOWED_ORIGINS' => '*',
+    'API_KEY' => 'DEFAULT_KEY', // Default key for protected endpoints that don't have a specific key in ENDPOINT_KEYS
 
+    // If you want restrict access to protected endpoints to specific clients, you can define custom keys for each endpoint
+    // For subfolder endpoints, use the relative path ('subfolder/endpoint')
+    'ENDPOINT_KEYS' => [
+    'subfolder/example-protected'    => 'example-key',
+    ],
+
+    // Database configuration
     'DB_HOST' => '127.0.0.1',
     'DB_NAME' => 'example_db',
     'DB_USER' => 'root',

package/src/backend/config.php

@@ -2,9 +2,15 @@
 declare(strict_types=1);
 
 return [
-    'API_KEY' => 'YOUR_TOKEN', // This must be give only to trusted clients to access protected endpoints directly
-    'CORS_ALLOWED_ORIGINS' => '*',
+    'API_KEY' => 'DEFAULT_KEY', // Default key for protected endpoints that don't have a specific key in ENDPOINT_KEYS
 
+    // If you want restrict access to protected endpoints to specific clients, you can define custom keys for each endpoint
+    // For subfolder endpoints, use the relative path ('subfolder/endpoint')
+    'ENDPOINT_KEYS' => [
+    'subfolder/example-protected'    => 'example-key',
+    ],
+
+    // Database configuration
     'DB_HOST' => '127.0.0.1',
     'DB_NAME' => 'example_db',
     'DB_USER' => 'root',

package/src/frontend/components/layouts/includes.njk

@@ -7,9 +7,6 @@ layout: base.njk
 {% if title == "homepage" %}
   {% include "welcome.njk" %}
 
-{% elif title == "examplePage" %}
-  {#{% include "component.njk" %}#}
-
 {% else %}
   {% include "404/_404.njk" %}
   {{ content | safe }}

package/src/frontend/data/site.json

@@ -1,54 +1,44 @@
-{
-  "site_name": "Site name",
-  "title": "Site title",
-  "description": "Site description",
-  "keywords": "keyword1, keyword2, keyword3",
-  "domain": "yoursite.com",
-  "url": "https://yoursite.com",
-  "lang": "en",
-  "author": "Name and surname",
-  "data_bs_theme": "dark",
-  "favicon": "/assets/brand/favicon.svg",
-  "logo": "/assets/brand/logo.svg",
-  "copyright": {
-    "year": "2026",
-    "text": "Copyright text"
-  },
-  "legal": {
-    "privacy": "",
-    "cookie": "",
-    "cookieControls": "",
-    "terms": ""
-  },
-  "pages": {
-    "404": {
-      "seo": {
-        "title": "404 - Not found"
-      },
-      "cdn": {
-        "css": [],
-        "js": []
-      }
-    },
-    "homepage": {
-      "seo": {
-        "title": "Homepage",
-        "description": "Description"
-      },
-      "cdn": {
-        "css": [],
-        "js": []
-      }
-    },
-    "examplePage": {
-      "seo": {
-        "title": "Example Page",
-        "description": "description"
-      },
-      "cdn": {
-        "css": [],
-        "js": []
-      }
-    }
-  }
+{
+  "site_name": "Site name",
+  "title": "Site title",
+  "description": "Site description",
+  "keywords": "keyword1, keyword2, keyword3",
+  "domain": "yoursite.com",
+  "url": "https://yoursite.com",
+  "lang": "en",
+  "author": "Name and surname",
+  "data_bs_theme": "dark",
+  "favicon": "/assets/brand/favicon.svg",
+  "logo": "/assets/brand/logo.svg",
+  "copyright": {
+    "year": "2026",
+    "text": "Copyright text"
+  },
+  "legal": {
+    "privacy": "",
+    "cookie": "",
+    "cookieControls": "",
+    "terms": ""
+  },
+  "pages": {
+    "404": {
+      "seo": {
+        "title": "404 - Not found"
+      },
+      "cdn": {
+        "css": [],
+        "js": []
+      }
+    },
+    "homepage": {
+      "seo": {
+        "title": "Homepage",
+        "description": "Description"
+      },
+      "cdn": {
+        "css": [],
+        "js": []
+      }
+    }
+  }
 }

package/src/frontend/scss/pages/404.scss

@@ -3,10 +3,12 @@
 //==========================
 
 // Use @use with a namespace to avoid framework variable conflicts:
+// Example: root.$primary
 @use "../modules/root" as root;
 
-// Page layout modules — comment out any section you don't need
+// This global module contains the import framework, necessary modules for each page and any other common styles
 @import "../modules/global";
+
 // Import any other module you need by import down here
 @import "../modules/notification";
 

package/src/frontend/scss/pages/homepage.scss

@@ -3,10 +3,12 @@
 //==========================
 
 // Use @use with a namespace to avoid framework variable conflicts:
+// Example: root.$primary
 @use "../modules/root" as root;
 
-// Page layout modules — comment out any section you don't need
+// This global module contains the import framework, necessary modules for each page and any other common styles
 @import "../modules/global";
+
 // Import any other module you need by import down here
 @import "../modules/notification";
 

package/src/frontend/_routes/example-page.njk

@@ -1,9 +0,0 @@
----
-title: "examplePage"
-permalink: "/example-page/"
-layout: includes.njk
----
-
-<!-- !IMPORTANT -->
-<!-- DO NOT ADD ANYTHING HERE -->
-<!-- You should create a new component.njk into src/components and include that in components/layouts/includes.njk -->

package/src/frontend/js/pages/examplePage.js

@@ -1,19 +0,0 @@
-//==========================
-// JAVASCRIPT MODULES IMPORTS
-//==========================
-
-// Call anywhere
-import { showNotification } from '../modules/notification.js';
-
-// Uncomment to enable optional modules (call inside DOMContentLoaded)
-// import { initTextAreaAutoExpand } from '../modules/forms/textAreaAutoExpand.js';
-// import { initNormalizePhoneNumber } from '../modules/forms/normalizePhoneNumber.js';
-
-//==========================
-// PAGE CUSTOM JAVASCRIPT
-//==========================
-
-document.addEventListener("DOMContentLoaded", () => {
-});
-
-showNotification("Example notification", "success", 3000);

package/src/frontend/scss/pages/examplePage.scss

@@ -1,17 +0,0 @@
-//==========================
-// CSS MODULES IMPORTS
-//==========================
-
-@use "../modules/root" as root;
-
-@import "../modules/global";
-// Import any other module you need by import down here
-@import "../modules/notification";
-
-//==========================
-// PAGE CUSTOM CSS RULES
-//==========================
-
-// body {
-//     background-color: root.$primary;
-// }