create-mantiq 0.5.10 → 0.5.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/package.json +1 -1
  2. package/stubs/react/src/lib/api.ts.stub +1 -12
  3. package/stubs/react/vite.config.ts.stub +12 -37
  4. package/stubs/shared/routes/web.ts.stub +0 -7
  5. package/stubs/svelte/src/lib/api.ts.stub +1 -12
  6. package/stubs/svelte/vite.config.ts.stub +11 -29
  7. package/stubs/vue/src/lib/api.ts.stub +1 -12
  8. package/stubs/vue/vite.config.ts.stub +11 -29
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "create-mantiq",
3
- "version": "0.5.10",
3
+ "version": "0.5.11",
4
4
  "description": "Scaffold a new MantiqJS application",
5
5
  "type": "module",
6
6
  "license": "MIT",
package/stubs/react/src/lib/api.ts.stub CHANGED
@@ -3,22 +3,11 @@ function getCookie(name: string): string | null {
3
3
  return match ? decodeURIComponent(match[1]!) : null
4
4
  }
5
5
 
6
- /** Ensure a session + XSRF-TOKEN cookie exists before mutating requests. */
7
- let csrfReady: Promise<void> | null = null
8
- async function ensureCsrf(): Promise<void> {
9
- if (getCookie('XSRF-TOKEN')) return
10
- if (!csrfReady) {
11
- csrfReady = fetch('/csrf-cookie', { credentials: 'same-origin' }).then(() => { csrfReady = null })
12
- }
13
- await csrfReady
14
- }
15
-
16
6
  export async function api<T = any>(url: string, opts: RequestInit = {}): Promise<{ ok: boolean; status: number; data: T }> {
17
7
  const headers: Record<string, string> = { Accept: 'application/json', ...(opts.headers as Record<string, string>) }
18
8
 
19
- // For mutating requests, ensure CSRF cookie exists then attach it
9
+ // Attach XSRF token for CSRF protection on mutating requests
20
10
  if (opts.method && !['GET', 'HEAD', 'OPTIONS'].includes(opts.method)) {
21
- await ensureCsrf()
22
11
  const xsrf = getCookie('XSRF-TOKEN')
23
12
  if (xsrf) headers['X-XSRF-TOKEN'] = xsrf
24
13
  }
package/stubs/react/vite.config.ts.stub CHANGED
@@ -2,51 +2,26 @@ import { defineConfig } from 'vite'
2
2
  import react from '@vitejs/plugin-react'
3
3
  import tailwindcss from '@tailwindcss/vite'
4
4
  import path from 'path'
5
+ import { writeFileSync, unlinkSync } from 'node:fs'
5
6
 
6
7
  export default defineConfig({
7
8
  plugins: [
8
9
  react(),
9
10
  tailwindcss(),
10
- // Proxy non-asset requests to the Mantiq backend in dev mode
11
- // so session cookies and CSRF tokens work on the same origin
11
+ // Write public/hot so the backend knows the dev server is running
12
12
  {
13
- name: 'mantiq-proxy',
13
+ name: 'mantiq-hot',
14
14
  configureServer(server) {
15
- server.middlewares.use((req, res, next) => {
16
- // Let Vite handle its own files: HMR, source files, node_modules
17
- const viteOwned = req.url?.startsWith('/@') ||
18
- req.url?.startsWith('/src/') ||
19
- req.url?.startsWith('/node_modules/') ||
20
- req.url?.includes('?import') ||
21
- req.url?.includes('?t=')
22
-
23
- if (viteOwned) return next()
24
-
25
- // For HTML page navigations (SPA), let Vite serve index.html
26
- const accept = req.headers.accept ?? ''
27
- if (req.method === 'GET' && accept.includes('text/html')) return next()
28
-
29
- // Everything else (POST, API calls, etc.) → proxy to backend
30
- const backend = `http://localhost:${process.env.APP_PORT ?? 3000}`
31
- import('node:http').then(({ request }) => {
32
- const proxyReq = request(
33
- `${backend}${req.url}`,
34
- {
35
- method: req.method,
36
- headers: req.headers,
37
- },
38
- (proxyRes) => {
39
- res.writeHead(proxyRes.statusCode ?? 500, proxyRes.headers)
40
- proxyRes.pipe(res)
41
- },
42
- )
43
- proxyReq.on('error', () => {
44
- res.writeHead(502)
45
- res.end('Backend not running. Start with: bun run index.ts')
46
- })
47
- req.pipe(proxyReq)
48
- })
15
+ const hotPath = path.resolve(__dirname, 'public/hot')
16
+ server.httpServer?.once('listening', () => {
17
+ const addr = server.httpServer!.address()
18
+ const url = typeof addr === 'string' ? addr : `http://localhost:${addr?.port}`
19
+ writeFileSync(hotPath, url)
49
20
  })
21
+ const cleanup = () => { try { unlinkSync(hotPath) } catch {} }
22
+ process.on('exit', cleanup)
23
+ process.on('SIGINT', () => { cleanup(); process.exit() })
24
+ process.on('SIGTERM', () => { cleanup(); process.exit() })
50
25
  },
51
26
  },
52
27
  ],
package/stubs/shared/routes/web.ts.stub CHANGED
@@ -18,13 +18,6 @@ export default function (router: Router) {
18
18
  router.get('/account/security', [PageController, 'security']).middleware('auth')
19
19
  router.get('/account/preferences', [PageController, 'preferences']).middleware('auth')
20
20
 
21
- // CSRF cookie — SPA calls this on mount to establish session + XSRF token
22
- router.get('/csrf-cookie', (request: any) => {
23
- // Session middleware already started the session and CSRF middleware
24
- // will attach the XSRF-TOKEN cookie on the response. Just return 204.
25
- return new Response(null, { status: 204 })
26
- })
27
-
28
21
  // Auth actions
29
22
  router.post('/login', [AuthController, 'login'])
30
23
  router.post('/register', [AuthController, 'register'])
package/stubs/svelte/src/lib/api.ts.stub CHANGED
@@ -3,22 +3,11 @@ function getCookie(name: string): string | null {
3
3
  return match ? decodeURIComponent(match[1]!) : null
4
4
  }
5
5
 
6
- /** Ensure a session + XSRF-TOKEN cookie exists before mutating requests. */
7
- let csrfReady: Promise<void> | null = null
8
- async function ensureCsrf(): Promise<void> {
9
- if (getCookie('XSRF-TOKEN')) return
10
- if (!csrfReady) {
11
- csrfReady = fetch('/csrf-cookie', { credentials: 'same-origin' }).then(() => { csrfReady = null })
12
- }
13
- await csrfReady
14
- }
15
-
16
6
  export async function api<T = any>(url: string, opts: RequestInit = {}): Promise<{ ok: boolean; status: number; data: T }> {
17
7
  const headers: Record<string, string> = { Accept: 'application/json', ...(opts.headers as Record<string, string>) }
18
8
 
19
- // For mutating requests, ensure CSRF cookie exists then attach it
9
+ // Attach XSRF token for CSRF protection on mutating requests
20
10
  if (opts.method && !['GET', 'HEAD', 'OPTIONS'].includes(opts.method)) {
21
- await ensureCsrf()
22
11
  const xsrf = getCookie('XSRF-TOKEN')
23
12
  if (xsrf) headers['X-XSRF-TOKEN'] = xsrf
24
13
  }
package/stubs/svelte/vite.config.ts.stub CHANGED
@@ -2,43 +2,25 @@ import { defineConfig } from 'vite'
2
2
  import { svelte } from '@sveltejs/vite-plugin-svelte'
3
3
  import tailwindcss from '@tailwindcss/vite'
4
4
  import path from 'path'
5
+ import { writeFileSync, unlinkSync } from 'node:fs'
5
6
 
6
7
  export default defineConfig({
7
8
  plugins: [
8
9
  svelte(),
9
10
  tailwindcss(),
10
11
  {
11
- name: 'mantiq-proxy',
12
+ name: 'mantiq-hot',
12
13
  configureServer(server) {
13
- server.middlewares.use((req, res, next) => {
14
- const viteOwned = req.url?.startsWith('/@') ||
15
- req.url?.startsWith('/src/') ||
16
- req.url?.startsWith('/node_modules/') ||
17
- req.url?.includes('?import') ||
18
- req.url?.includes('?t=')
19
-
20
- if (viteOwned) return next()
21
-
22
- const accept = req.headers.accept ?? ''
23
- if (req.method === 'GET' && accept.includes('text/html')) return next()
24
-
25
- const backend = `http://localhost:${process.env.APP_PORT ?? 3000}`
26
- import('node:http').then(({ request }) => {
27
- const proxyReq = request(
28
- `${backend}${req.url}`,
29
- { method: req.method, headers: req.headers },
30
- (proxyRes) => {
31
- res.writeHead(proxyRes.statusCode ?? 500, proxyRes.headers)
32
- proxyRes.pipe(res)
33
- },
34
- )
35
- proxyReq.on('error', () => {
36
- res.writeHead(502)
37
- res.end('Backend not running. Start with: bun run index.ts')
38
- })
39
- req.pipe(proxyReq)
40
- })
14
+ const hotPath = path.resolve(__dirname, 'public/hot')
15
+ server.httpServer?.once('listening', () => {
16
+ const addr = server.httpServer!.address()
17
+ const url = typeof addr === 'string' ? addr : `http://localhost:${addr?.port}`
18
+ writeFileSync(hotPath, url)
41
19
  })
20
+ const cleanup = () => { try { unlinkSync(hotPath) } catch {} }
21
+ process.on('exit', cleanup)
22
+ process.on('SIGINT', () => { cleanup(); process.exit() })
23
+ process.on('SIGTERM', () => { cleanup(); process.exit() })
42
24
  },
43
25
  },
44
26
  ],
package/stubs/vue/src/lib/api.ts.stub CHANGED
@@ -3,22 +3,11 @@ function getCookie(name: string): string | null {
3
3
  return match ? decodeURIComponent(match[1]!) : null
4
4
  }
5
5
 
6
- /** Ensure a session + XSRF-TOKEN cookie exists before mutating requests. */
7
- let csrfReady: Promise<void> | null = null
8
- async function ensureCsrf(): Promise<void> {
9
- if (getCookie('XSRF-TOKEN')) return
10
- if (!csrfReady) {
11
- csrfReady = fetch('/csrf-cookie', { credentials: 'same-origin' }).then(() => { csrfReady = null })
12
- }
13
- await csrfReady
14
- }
15
-
16
6
  export async function api<T = any>(url: string, opts: RequestInit = {}): Promise<{ ok: boolean; status: number; data: T }> {
17
7
  const headers: Record<string, string> = { Accept: 'application/json', ...(opts.headers as Record<string, string>) }
18
8
 
19
- // For mutating requests, ensure CSRF cookie exists then attach it
9
+ // Attach XSRF token for CSRF protection on mutating requests
20
10
  if (opts.method && !['GET', 'HEAD', 'OPTIONS'].includes(opts.method)) {
21
- await ensureCsrf()
22
11
  const xsrf = getCookie('XSRF-TOKEN')
23
12
  if (xsrf) headers['X-XSRF-TOKEN'] = xsrf
24
13
  }
package/stubs/vue/vite.config.ts.stub CHANGED
@@ -2,43 +2,25 @@ import { defineConfig } from 'vite'
2
2
  import vue from '@vitejs/plugin-vue'
3
3
  import tailwindcss from '@tailwindcss/vite'
4
4
  import path from 'path'
5
+ import { writeFileSync, unlinkSync } from 'node:fs'
5
6
 
6
7
  export default defineConfig({
7
8
  plugins: [
8
9
  vue(),
9
10
  tailwindcss(),
10
11
  {
11
- name: 'mantiq-proxy',
12
+ name: 'mantiq-hot',
12
13
  configureServer(server) {
13
- server.middlewares.use((req, res, next) => {
14
- const viteOwned = req.url?.startsWith('/@') ||
15
- req.url?.startsWith('/src/') ||
16
- req.url?.startsWith('/node_modules/') ||
17
- req.url?.includes('?import') ||
18
- req.url?.includes('?t=')
19
-
20
- if (viteOwned) return next()
21
-
22
- const accept = req.headers.accept ?? ''
23
- if (req.method === 'GET' && accept.includes('text/html')) return next()
24
-
25
- const backend = `http://localhost:${process.env.APP_PORT ?? 3000}`
26
- import('node:http').then(({ request }) => {
27
- const proxyReq = request(
28
- `${backend}${req.url}`,
29
- { method: req.method, headers: req.headers },
30
- (proxyRes) => {
31
- res.writeHead(proxyRes.statusCode ?? 500, proxyRes.headers)
32
- proxyRes.pipe(res)
33
- },
34
- )
35
- proxyReq.on('error', () => {
36
- res.writeHead(502)
37
- res.end('Backend not running. Start with: bun run index.ts')
38
- })
39
- req.pipe(proxyReq)
40
- })
14
+ const hotPath = path.resolve(__dirname, 'public/hot')
15
+ server.httpServer?.once('listening', () => {
16
+ const addr = server.httpServer!.address()
17
+ const url = typeof addr === 'string' ? addr : `http://localhost:${addr?.port}`
18
+ writeFileSync(hotPath, url)
41
19
  })
20
+ const cleanup = () => { try { unlinkSync(hotPath) } catch {} }
21
+ process.on('exit', cleanup)
22
+ process.on('SIGINT', () => { cleanup(); process.exit() })
23
+ process.on('SIGTERM', () => { cleanup(); process.exit() })
42
24
  },
43
25
  },
44
26
  ],