create-berna-stencil 2.0.14 → 2.1.0

package/README.md

@@ -12,7 +12,7 @@ Building a website from scratch involves a lot of moving parts: templating engin
 - 📁 **Scalable structure** — a clean, opinionated project layout that grows with your needs
 - 🌍 **Open source** — free to use, free to modify, free to share
 
-![Version](https://img.shields.io/badge/version-2.0.14-blue)
+![Version](https://img.shields.io/badge/version-2.1.0-blue)
 ![License](https://img.shields.io/badge/license-Apache--2.0-blue)
 ![Eleventy](https://img.shields.io/badge/11ty-v3.1.2-black)
 

package/bin/create.js

@@ -75,7 +75,7 @@ const FRAMEWORKS = {
 
 const PROJECT_PACKAGE = {
     name: path.basename(targetDir),
-    version: '2.0.14',
+    version: '2.1.0',
     private: true,
     scripts: {
         "build:css": "sass src/frontend/scss:out/css --no-source-map --style=compressed --quiet --load-path=node_modules",

package/docs/Creating pages.md

@@ -27,6 +27,26 @@ See **Components** DOC file for more info
 
 The URL is the kebab-case name (`/my-page/`). The `title` in the front matter is camelCase (`myPage`) and is used internally to load the correct CSS and JS files — do not change it.
 
+## Subpages (nested URLs)
+
+To create a URL like `domain.it/about/team`, edit the `permalink` in `src/frontend/_routes/team.njk` and add the parent segment before the final slash:
+
+```njk
+---
+title: "team"
+permalink: "about/team/"
+layout: includes.njk
+---
+```
+
+The parent path (`about`) does **not** need to exist as a real page — it's just a URL prefix. Only the last segment (`team`) must match the filename and the `title` in the front matter.
+
+| Goal URL | permalink value | File |
+|---|---|---|
+| `/team/` | `/team/` | `_routes/team.njk` |
+| `/about/team/` | `/about/team/` | `_routes/team.njk` |
+| `/company/about/team/` | `/company/about/team/` | `_routes/team.njk` |
+
 ## SEO
 
 The CLI creates a stub entry in `src/frontend/data/site.json`. Fill it in:

package/package.json

@@ -1,63 +1,63 @@
-{
-  "name": "create-berna-stencil",
-  "version": "2.0.14",
-  "description": "Eleventy boilerplate with per-page SCSS/JS pipeline, esbuild bundling, multi-framework CSS support and a built-in page management CLI",
-  "keywords": [],
-  "author": "Michele Garofalo",
-  "license": "Apache-2.0",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/rhaastrake/berna-stencil"
-  },
-  "homepage": "https://github.com/rhaastrake/berna-stencil#readme",
-  "bugs": {
-    "url": "https://github.com/rhaastrake/berna-stencil/issues"
-  },
-  "bin": {
-    "create-berna-stencil": "bin/create.js"
-  },
-  "files": [
-    "bin/",
-    "docs/",
-    "src/",
-    "_tools/",
-    ".eleventy.js",
-    ".eleventyignore",
-    ".gitignore",
-    "LICENSE",
-    "NOTICE"
-  ],
-  "engines": {
-    "node": ">=18.0.0"
-  },
-  "dependencies": {
-    "@11ty/eleventy": "^3.1.2",
-    "@11ty/eleventy-img": "^6.0.4",
-    "bootstrap": "^5.3.8",
-    "bootstrap-icons": "^1.13.1",
-    "bulma": "^1.0.4",
-    "foundation-sites": "^6.9.0",
-    "github-markdown-css": "^5.9.0",
-    "glob": "^13.0.6",
-    "markdown-it": "^14.2.0",
-    "uikit": "^3.25.13"
-  },
-  "devDependencies": {
-    "concurrently": "^9.2.1",
-    "esbuild": "^0.27.3",
-    "sass": "^1.77.0"
-  },
-  "scripts": {
-    "build:css": "sass src/frontend/scss:out/css --no-source-map --style=compressed --quiet",
-    "build:js": "esbuild \"src/frontend/js/pages/*.js\" --bundle --outdir=out/js/pages --minify",
-    "build:11ty": "eleventy",
-    "build": "npm run clean && npm run build:css && npm run build:js && npm run build:11ty",
-    "serve:css": "sass --watch src/frontend/scss:out/css --no-source-map --quiet",
-    "serve:js": "esbuild \"src/frontend/js/pages/*.js\" --bundle --outdir=out/js/pages --watch",
-    "serve:11ty": "eleventy --serve --quiet",
-    "clean": "node _tools/cleanOutput.js",
-    "serve": "npm run clean && concurrently \"npm run serve:11ty\" \"npm run serve:css\" \"npm run serve:js\"",
-    "assistant": "node _tools/assistant.js",
-    "postinstall": "cd src/backend/_core && composer install --quiet"
-  }
-}
+{
+  "name": "create-berna-stencil",
+  "version": "2.1.0",
+  "description": "Eleventy boilerplate with per-page SCSS/JS pipeline, esbuild bundling, multi-framework CSS support and a built-in page management CLI",
+  "keywords": [],
+  "author": "Michele Garofalo",
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/rhaastrake/berna-stencil"
+  },
+  "homepage": "https://github.com/rhaastrake/berna-stencil#readme",
+  "bugs": {
+    "url": "https://github.com/rhaastrake/berna-stencil/issues"
+  },
+  "bin": {
+    "create-berna-stencil": "bin/create.js"
+  },
+  "files": [
+    "bin/",
+    "docs/",
+    "src/",
+    "_tools/",
+    ".eleventy.js",
+    ".eleventyignore",
+    ".gitignore",
+    "LICENSE",
+    "NOTICE"
+  ],
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "@11ty/eleventy": "^3.1.2",
+    "@11ty/eleventy-img": "^6.0.4",
+    "bootstrap": "^5.3.8",
+    "bootstrap-icons": "^1.13.1",
+    "bulma": "^1.0.4",
+    "foundation-sites": "^6.9.0",
+    "github-markdown-css": "^5.9.0",
+    "glob": "^13.0.6",
+    "markdown-it": "^14.2.0",
+    "uikit": "^3.25.13"
+  },
+  "devDependencies": {
+    "concurrently": "^9.2.1",
+    "esbuild": "^0.27.3",
+    "sass": "^1.77.0"
+  },
+  "scripts": {
+    "build:css": "sass src/frontend/scss:out/css --no-source-map --style=compressed --quiet",
+    "build:js": "esbuild \"src/frontend/js/pages/*.js\" --bundle --outdir=out/js/pages --minify",
+    "build:11ty": "eleventy",
+    "build": "npm run clean && npm run build:css && npm run build:js && npm run build:11ty",
+    "serve:css": "sass --watch src/frontend/scss:out/css --no-source-map --quiet",
+    "serve:js": "esbuild \"src/frontend/js/pages/*.js\" --bundle --outdir=out/js/pages --watch",
+    "serve:11ty": "eleventy --serve --quiet",
+    "clean": "node _tools/cleanOutput.js",
+    "serve": "npm run clean && concurrently \"npm run serve:11ty\" \"npm run serve:css\" \"npm run serve:js\"",
+    "assistant": "node _tools/assistant.js",
+    "postinstall": "cd src/backend/_core && composer install --quiet"
+  }
+}

package/src/backend/_core/index.php

@@ -21,6 +21,12 @@ $uri    = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
 $uri    = rtrim(preg_replace('#^/api#', '', $uri), '/') ?: '/';
 $parts  = array_values(array_filter(explode('/', $uri)));
 
+foreach ($parts as $part) {
+    if ($part === '..' || $part === '.') {
+        Response::error('Bad Request', 400);
+    }
+}
+
 // =====================================================
 // 2. ENDPOINT RESOLUTION (ROUTING WITH SUBDIRECTORIES)
 // =====================================================
@@ -95,6 +101,9 @@ if ($method === 'OPTIONS') {
     exit;
 }
 
+require_once __DIR__ . '/modules/RateLimiter.php';
+RateLimiter::check($_SERVER['REMOTE_ADDR'] ?? '', 60, 60);
+
 // =====================================================
 // 4. AUTHENTICATION GUARD
 // =====================================================
@@ -106,7 +115,7 @@ if ($isProtected) {
     $validKey  = $config['ENDPOINT_KEYS'][$relPath] ?? $config['API_KEY'] ?? '';
     $apiKey    = $_SERVER['HTTP_X_API_KEY'] ?? '';
 
-    if ($validKey === '' || $apiKey !== $validKey) {
+    if ($validKey === '' || !hash_equals($validKey, $apiKey)) {
         Response::error('Unauthorized. X_API_KEY is incorrect or missing', 401);
     }
 }

package/src/backend/_core/init.php

@@ -6,11 +6,12 @@ require_once __DIR__ . '/vendor/autoload.php';
 require_once __DIR__ . '/modules/Response.php';
 
 // --- GESTORE GLOBALE ERRORI E ECCEZIONI ---
-set_exception_handler(function ($exception) {
+set_exception_handler(function ($exception) use (&$config) {
+    $isDebug = ($config['APP_ENV'] ?? 'production') !== 'production';
     Response::error(
-        $exception->getMessage(),
+        $isDebug ? $exception->getMessage() : 'Internal server error',
         500,
-        ['file' => $exception->getFile(), 'line' => $exception->getLine()]
+        $isDebug ? ['file' => $exception->getFile(), 'line' => $exception->getLine()] : null
     );
 });
 

package/src/backend/_core/modules/RateLimiter.php

@@ -0,0 +1,31 @@
+<?php
+
+declare(strict_types=1);
+
+class RateLimiter {
+    public static function check(string $ip, int $maxRequests = 60, int $windowSeconds = 60): void {
+        $cacheDir = __DIR__ . '/../../cache';
+        
+        if (!is_dir($cacheDir)) {
+            mkdir($cacheDir, 0755, true);
+        }
+
+        $cacheFile = $cacheDir . '/rl_' . md5($ip) . '.json';
+        $now = time();
+        $data = [];
+
+        if (file_exists($cacheFile)) {
+            $data = json_decode(file_get_contents($cacheFile), true) ?: [];
+        }
+
+        $data = array_filter($data, fn($ts) => $ts > ($now - $windowSeconds));
+        $data[] = $now;
+
+        file_put_contents($cacheFile, json_encode(array_values($data)), LOCK_EX);
+
+        if (count($data) > $maxRequests) {
+            header('Retry-After: ' . $windowSeconds);
+            Response::error('Too Many Requests', 429);
+        }
+    }
+}

package/src/backend/_core/vendor/composer/autoload_static.php

@@ -13,48 +13,48 @@ class ComposerStaticInit108be68e4e2b97fed51d36a10eed0849
     );
 
     public static $prefixLengthsPsr4 = array (
-        'S' =>
+        'S' => 
         array (
             'Symfony\\Polyfill\\Php80\\' => 23,
             'Symfony\\Polyfill\\Mbstring\\' => 26,
             'Symfony\\Polyfill\\Ctype\\' => 23,
         ),
-        'P' =>
+        'P' => 
         array (
             'PhpOption\\' => 10,
         ),
-        'G' =>
+        'G' => 
         array (
             'GrahamCampbell\\ResultType\\' => 26,
         ),
-        'D' =>
+        'D' => 
         array (
             'Dotenv\\' => 7,
         ),
     );
 
     public static $prefixDirsPsr4 = array (
-        'Symfony\\Polyfill\\Php80\\' =>
+        'Symfony\\Polyfill\\Php80\\' => 
         array (
             0 => __DIR__ . '/..' . '/symfony/polyfill-php80',
         ),
-        'Symfony\\Polyfill\\Mbstring\\' =>
+        'Symfony\\Polyfill\\Mbstring\\' => 
         array (
             0 => __DIR__ . '/..' . '/symfony/polyfill-mbstring',
         ),
-        'Symfony\\Polyfill\\Ctype\\' =>
+        'Symfony\\Polyfill\\Ctype\\' => 
         array (
             0 => __DIR__ . '/..' . '/symfony/polyfill-ctype',
         ),
-        'PhpOption\\' =>
+        'PhpOption\\' => 
         array (
             0 => __DIR__ . '/..' . '/phpoption/phpoption/src/PhpOption',
         ),
-        'GrahamCampbell\\ResultType\\' =>
+        'GrahamCampbell\\ResultType\\' => 
         array (
             0 => __DIR__ . '/..' . '/graham-campbell/result-type/src',
         ),
-        'Dotenv\\' =>
+        'Dotenv\\' => 
         array (
             0 => __DIR__ . '/..' . '/vlucas/phpdotenv/src',
         ),

package/src/backend/_core/vendor/composer/installed.json

@@ -24,7 +24,7 @@
             },
             "time": "2025-12-27T19:43:20+00:00",
             "type": "library",
-            "installation-source": "dist",
+            "installation-source": "source",
             "autoload": {
                 "psr-4": {
                     "GrahamCampbell\\ResultType\\": "src/"
@@ -98,7 +98,7 @@
                     "dev-master": "1.9-dev"
                 }
             },
-            "installation-source": "dist",
+            "installation-source": "source",
             "autoload": {
                 "psr-4": {
                     "PhpOption\\": "src/PhpOption/"
@@ -175,7 +175,7 @@
                     "name": "symfony/polyfill"
                 }
             },
-            "installation-source": "dist",
+            "installation-source": "source",
             "autoload": {
                 "files": [
                     "bootstrap.php"
@@ -262,7 +262,7 @@
                     "name": "symfony/polyfill"
                 }
             },
-            "installation-source": "dist",
+            "installation-source": "source",
             "autoload": {
                 "files": [
                     "bootstrap.php"
@@ -343,7 +343,7 @@
                     "name": "symfony/polyfill"
                 }
             },
-            "installation-source": "dist",
+            "installation-source": "source",
             "autoload": {
                 "files": [
                     "bootstrap.php"
@@ -447,7 +447,7 @@
                     "dev-master": "5.6-dev"
                 }
             },
-            "installation-source": "dist",
+            "installation-source": "source",
             "autoload": {
                 "psr-4": {
                     "Dotenv\\": "src/"

package/src/backend/_core/vendor/composer/installed.php

@@ -3,7 +3,7 @@
         'name' => '__root__',
         'pretty_version' => 'dev-main',
         'version' => 'dev-main',
-        'reference' => '1914258c0d42371ce0d441bf14d8d5c68fbb542f',
+        'reference' => '4da27b8f50bb1a801f88ad46a9e9eafa51c1bb34',
         'type' => 'library',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -13,7 +13,7 @@
         '__root__' => array(
             'pretty_version' => 'dev-main',
             'version' => 'dev-main',
-            'reference' => '1914258c0d42371ce0d441bf14d8d5c68fbb542f',
+            'reference' => '4da27b8f50bb1a801f88ad46a9e9eafa51c1bb34',
             'type' => 'library',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),

package/src/backend/_core/vendor/graham-campbell/result-type/.gitattributes

@@ -0,0 +1,9 @@
+* text=auto
+
+/tests export-ignore
+/.gitattributes export-ignore
+/.github export-ignore
+/.gitignore export-ignore
+/phpunit.xml.dist export-ignore
+/CHANGELOG.md export-ignore
+/README.md export-ignore

package/src/backend/_core/vendor/graham-campbell/result-type/.github/CODE_OF_CONDUCT.md

@@ -0,0 +1,132 @@
+# CONTRIBUTOR COVENANT CODE OF CONDUCT
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+hello@gjcampbell.co.uk.
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available
+at [https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

package/src/backend/_core/vendor/graham-campbell/result-type/.github/CONTRIBUTING.md

@@ -0,0 +1,31 @@
+# CONTRIBUTION GUIDELINES
+
+Contributions are **welcome** and will be fully **credited**.
+
+We accept contributions via pull requests on GitHub. Please review these guidelines before continuing.
+
+## Guidelines
+
+* Please follow the [PSR-12 Coding Style Guide](https://www.php-fig.org/psr/psr-12/), enforced by [StyleCI](https://styleci.io/).
+* Ensure that the current tests pass, and if you've added something new, add the tests where relevant.
+* Send a coherent commit history, making sure each commit in your pull request is meaningful.
+* You may need to [rebase](https://git-scm.com/book/en/v2/Git-Branching-Rebasing) to avoid merge conflicts.
+* If you are changing or adding to the behaviour or public API, you may need to update the docs.
+* Please remember that we follow [Semantic Versioning](https://semver.org/).
+
+## Running Tests
+
+First, install the dependencies using [Composer](https://getcomposer.org/):
+
+```bash
+$ composer install
+```
+
+Then run [PHPUnit](https://phpunit.de/):
+
+```bash
+$ vendor/bin/phpunit
+```
+
+* The tests will be automatically run by [GitHub Actions](https://github.com/features/actions) against pull requests.
+* We also have [StyleCI](https://styleci.io/) set up to automatically fix any code style issues.

package/src/backend/_core/vendor/graham-campbell/result-type/.github/FUNDING.yml

@@ -0,0 +1,2 @@
+github: GrahamCampbell
+tidelift: "packagist/graham-campbell/result-type"

package/src/backend/_core/vendor/graham-campbell/result-type/.github/SECURITY.md

@@ -0,0 +1,14 @@
+# SECURITY POLICY
+
+## Supported Versions
+
+After each new major release, the previous release will be supported for no
+less than 2 years, unless explicitly stated otherwise. This may mean that there
+are multiple supported versions at any given time.
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability within this package, please send an
+email to security@tidelift.com. All security vulnerabilities will be promptly
+addressed. Please do not disclose security-related issues publicly until a fix
+has been announced.

package/src/backend/_core/vendor/graham-campbell/result-type/.github/workflows/stale.yml

@@ -0,0 +1,11 @@
+name: Stale
+
+on:
+  schedule:
+    - cron: '08 1 2-30/2 * *' # every even day at 01:08
+
+jobs:
+  stale:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/stale@v10

package/src/backend/_core/vendor/graham-campbell/result-type/.github/workflows/tests.yml

@@ -0,0 +1,40 @@
+name: Tests
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  tests:
+    name: PHP ${{ matrix.php }}
+    runs-on: ubuntu-24.04
+
+    strategy:
+      matrix:
+        php: ['7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3', '8.4', '8.5']
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v6
+
+      - name: Setup PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          tools: composer:v2
+          coverage: none
+        env:
+          update: true
+
+      - name: Setup Problem Matchers
+        run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
+
+      - name: Install PHP Dependencies
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 5
+          max_attempts: 5
+          command: composer update --no-interaction --no-progress
+
+      - name: Execute PHPUnit
+        run: vendor/bin/phpunit