create-prisma-php-app 4.3.9 → 4.4.0

package/dist/bootstrap.php

@@ -8,7 +8,10 @@ require_once __DIR__ . '/settings/paths.php';
 use Dotenv\Dotenv;
 use Lib\Middleware\CorsMiddleware;
 
-Dotenv::createImmutable(DOCUMENT_PATH)->load();
+if (file_exists(DOCUMENT_PATH . '/.env')) {
+    Dotenv::createImmutable(DOCUMENT_PATH)->safeLoad();
+}
+
 CorsMiddleware::handle();
 
 if (session_status() === PHP_SESSION_NONE) {
@@ -27,6 +30,7 @@ use PP\ErrorHandler;
 use PP\Attributes\Exposed;
 use PP\Streaming\SSE;
 use PP\Security\RateLimiter;
+use PP\Env;
 
 final class Bootstrap extends RuntimeException
 {
@@ -59,7 +63,7 @@ final class Bootstrap extends RuntimeException
 
     public static function run(): void
     {
-        date_default_timezone_set($_ENV['APP_TIMEZONE'] ?? 'UTC');
+        date_default_timezone_set(Env::string('APP_TIMEZONE', 'UTC'));
 
         PrismaPHPSettings::init();
         Request::init();
@@ -139,7 +143,7 @@ final class Bootstrap extends RuntimeException
 
     private static function setCsrfCookie(): void
     {
-        $secret = $_ENV['FUNCTION_CALL_SECRET'] ?? 'pp_default_insecure_secret';
+        $secret = Env::string('FUNCTION_CALL_SECRET', 'pp_default_insecure_secret');
         $shouldRegenerate = true;
 
         if (isset($_COOKIE['prisma_php_csrf'])) {
@@ -175,7 +179,7 @@ final class Bootstrap extends RuntimeException
     {
         $headerToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
         $cookieToken = $_COOKIE['prisma_php_csrf'] ?? '';
-        $secret = $_ENV['FUNCTION_CALL_SECRET'] ?? '';
+        $secret = Env::string('FUNCTION_CALL_SECRET', '');
 
         if (empty($headerToken) || empty($cookieToken)) {
             self::jsonExit(['success' => false, 'error' => 'CSRF token missing']);
@@ -217,12 +221,11 @@ final class Bootstrap extends RuntimeException
 
     private static function determineContentToInclude(): array
     {
-        $requestUri = $_SERVER['REQUEST_URI'];
-        $requestUri = empty($_SERVER['SCRIPT_URL']) ? trim(self::uriExtractor($requestUri)) : trim($requestUri);
+        $requestUri = $_SERVER['REQUEST_URI'] ?? '/';
+        $requestUri = trim(self::uriExtractor($requestUri));
 
         $scriptUrl = explode('?', $requestUri, 2)[0];
-        $pathname = $_SERVER['SCRIPT_URL'] ?? $scriptUrl;
-        $pathname = trim($pathname, '/');
+        $pathname = trim($scriptUrl, '/');
         $baseDir = APP_PATH;
         $includePath = '';
         $layoutsToInclude = [];
@@ -520,7 +523,7 @@ final class Bootstrap extends RuntimeException
     {
         $projectName = PrismaPHPSettings::$option->projectName ?? '';
         if (empty($projectName)) {
-            return "/";
+            return $scriptUrl;
         }
 
         $escapedIdentifier = preg_quote($projectName, '/');
@@ -528,7 +531,7 @@ final class Bootstrap extends RuntimeException
             return rtrim(ltrim($matches[1], '/'), '/');
         }
 
-        return "/";
+        return $scriptUrl;
     }
 
     private static function findGroupFolder(string $pathname): string
@@ -713,7 +716,7 @@ final class Bootstrap extends RuntimeException
 
     private static function checkForDuplicateRoutes(): void
     {
-        if (isset($_ENV['APP_ENV']) && $_ENV['APP_ENV'] === 'production') {
+        if (Env::string('APP_ENV', 'production') === 'production') {
             return;
         }
 
@@ -958,9 +961,9 @@ final class Bootstrap extends RuntimeException
 
         if (empty($limits)) {
             if ($attribute->requiresAuth) {
-                $limits = $_ENV['RATE_LIMIT_AUTH'] ?? '60/minute';
+                $limits = Env::string('RATE_LIMIT_AUTH', '60/minute');
             } else {
-                $limits = $_ENV['RATE_LIMIT_RPC'] ?? '60/minute';
+                $limits = Env::string('RATE_LIMIT_RPC', '60/minute');
             }
         }
 
@@ -976,6 +979,7 @@ final class Bootstrap extends RuntimeException
             return ['success' => false, 'error' => 'Function not callable from client'];
         }
 
+        $attribute = self::getExposedAttribute($fn);
         if (!self::validateAccess($attribute)) {
             return ['success' => false, 'error' => 'Permission denied'];
         }
@@ -996,7 +1000,7 @@ final class Bootstrap extends RuntimeException
                     return ['success' => false, 'error' => $e->getMessage()];
                 }
 
-                if (isset($_ENV['SHOW_ERRORS']) && $_ENV['SHOW_ERRORS'] === 'false') {
+                if (Env::string('SHOW_ERRORS', 'false') === 'false') {
                     return ['success' => false, 'error' => 'An error occurred. Please try again later.'];
                 } else {
                     return ['success' => false, 'error' => "Function error: {$e->getMessage()}"];
@@ -1071,7 +1075,7 @@ final class Bootstrap extends RuntimeException
                 return ['success' => false, 'error' => $e->getMessage()];
             }
 
-            if (isset($_ENV['SHOW_ERRORS']) && $_ENV['SHOW_ERRORS'] === 'false') {
+            if (Env::string('SHOW_ERRORS', 'false') === 'false') {
                 return ['success' => false, 'error' => 'An error occurred. Please try again later.'];
             } else {
                 return ['success' => false, 'error' => "Call error: {$e->getMessage()}"];
@@ -1319,16 +1323,20 @@ try {
         }
 
         if (Request::$isWire && !Bootstrap::$secondRequestC69CD) {
-            ob_end_clean();
+            while (ob_get_level() > 0) {
+                ob_end_clean();
+            }
             Bootstrap::wireCallback();
         }
 
         if ((!Request::$isWire && !Bootstrap::$secondRequestC69CD) && isset(Bootstrap::$requestFilesData[Request::$decodedUri])) {
+            $cacheEnabled = (Env::string('CACHE_ENABLED', 'false') === 'true');
+
             $shouldCache = CacheHandler::$isCacheable === true
-                || (CacheHandler::$isCacheable === null && $_ENV['CACHE_ENABLED'] === 'true');
+                || (CacheHandler::$isCacheable === null && $cacheEnabled);
 
             if ($shouldCache) {
-                CacheHandler::serveCache(Request::$decodedUri, intval($_ENV['CACHE_TTL'] ?? 600));
+                CacheHandler::serveCache(Request::$decodedUri, intval(Env::string('CACHE_TTL', '600')));
             }
         }
 

package/dist/src/Lib/Auth/Auth.php

@@ -15,11 +15,12 @@ use PP\Request;
 use Exception;
 use InvalidArgumentException;
 use ArrayObject;
+use PP\Env;
 
 class Auth
 {
     public const PAYLOAD_NAME = 'payload_name_8639D';
-    public const ROLE_NAME = '';
+    public const ROLE_NAME = 'role';
     public const PAYLOAD_SESSION_KEY = 'payload_session_key_2183A';
 
     public static string $cookieName = '';
@@ -27,11 +28,11 @@ class Auth
     private static ?Auth $instance = null;
     private const PPAUTH = 'ppauth';
     private string $secretKey;
-    private string $defaultTokenValidity = '1h'; // Default to 1 hour
+    private string $defaultTokenValidity = AuthConfig::DEFAULT_TOKEN_VALIDITY;
 
     private function __construct()
     {
-        $this->secretKey = $_ENV['AUTH_SECRET'] ?? 'CD24eEv4qbsC5LOzqeaWbcr58mBMSvA4Mkii8GjRiHkt';
+        $this->secretKey = Env::string('AUTH_SECRET', 'CD24eEv4qbsC5LOzqeaWbcr58mBMSvA4Mkii8GjRiHkt');
         self::$cookieName = self::getCookieName();
     }
 
@@ -255,7 +256,7 @@ class Auth
 
     public function rotateCsrfToken(): void
     {
-        $secret = $_ENV['FUNCTION_CALL_SECRET'] ?? '';
+        $secret = Env::string('FUNCTION_CALL_SECRET', '');
 
         if (empty($secret)) {
             return;
@@ -546,7 +547,7 @@ class Auth
 
     private static function getCookieName(): string
     {
-        $authCookieName = $_ENV['AUTH_COOKIE_NAME'] ?? 'auth_cookie_name_d36e5';
+        $authCookieName = Env::string('AUTH_COOKIE_NAME', 'auth_cookie_name_d36e5');
         return strtolower(preg_replace('/\s+/', '_', trim($authCookieName)));
     }
 }

package/dist/src/Lib/Auth/AuthConfig.php

@@ -23,6 +23,7 @@ final class AuthConfig
     public const IS_ROLE_BASE = false;
     public const IS_TOKEN_AUTO_REFRESH = false;
     public const IS_ALL_ROUTES_PRIVATE = false;
+    public const DEFAULT_TOKEN_VALIDITY = "1h"; // Default to 1 hour
 
     /**
      * This is the (default) option for authentication. If IS_ALL_ROUTES_PRIVATE is set to false, 

package/dist/src/Lib/MCP/mcp-server.php

@@ -12,20 +12,21 @@ use Dotenv\Dotenv;
 use PhpMcp\Server\Server;
 use PhpMcp\Server\Transports\StreamableHttpServerTransport;
 use Throwable;
+use PP\Env;
 
 // ── Load .env (optional) and timezone ──────────────────────────────────────────
 if (file_exists(DOCUMENT_PATH . '/.env')) {
     Dotenv::createImmutable(DOCUMENT_PATH)->safeLoad();
 }
-date_default_timezone_set($_ENV['APP_TIMEZONE'] ?? 'UTC');
+date_default_timezone_set(Env::string('APP_TIMEZONE', 'UTC'));
 
 // ── Resolve settings (with sane defaults) ─────────────────────────────────────
-$appName    = $_ENV['MCP_NAME']         ?? 'prisma-php-mcp';
-$appVersion = $_ENV['MCP_VERSION']      ?? '0.0.1';
-$host       = $_ENV['MCP_HOST']         ?? '127.0.0.1';
-$port       = (int)($_ENV['MCP_PORT']   ?? 4000);
-$prefix     = trim($_ENV['MCP_PATH_PREFIX'] ?? 'mcp', '/');
-$enableJson = filter_var($_ENV['MCP_JSON_RESPONSE'] ?? 'false', FILTER_VALIDATE_BOOLEAN);
+$appName    = Env::string('MCP_NAME', 'prisma-php-mcp');
+$appVersion = Env::string('MCP_VERSION', '0.0.1');
+$host       = Env::string('MCP_HOST', '127.0.0.1');
+$port       = Env::int('MCP_PORT', 4000);
+$prefix     = trim(Env::string('MCP_PATH_PREFIX', 'mcp'), '/');
+$enableJson = Env::bool('MCP_JSON_RESPONSE', false);
 
 // ── Build server and discover tools ───────────────────────────────────────────
 $server = Server::make()

package/dist/src/Lib/Middleware/CorsMiddleware.php

@@ -4,6 +4,8 @@ declare(strict_types=1);
 
 namespace Lib\Middleware;
 
+use PP\Env;
+
 final class CorsMiddleware
 {
     public static function handle(?array $overrides = null): void
@@ -58,14 +60,14 @@ final class CorsMiddleware
 
     private static function buildConfig(?array $overrides): array
     {
-        $allowed = self::parseList($_ENV['CORS_ALLOWED_ORIGINS'] ?? '');
+        $allowed = self::parseList(Env::string('CORS_ALLOWED_ORIGINS', ''));
         $cfg = [
             'allowedOrigins'   => $allowed,
-            'allowCredentials' => filter_var($_ENV['CORS_ALLOW_CREDENTIALS'] ?? 'false', FILTER_VALIDATE_BOOLEAN),
-            'allowedMethods'   => $_ENV['CORS_ALLOWED_METHODS'] ?? 'GET, POST, PUT, PATCH, DELETE, OPTIONS',
-            'allowedHeaders'   => trim($_ENV['CORS_ALLOWED_HEADERS'] ?? ''),
-            'exposeHeaders'    => trim($_ENV['CORS_EXPOSE_HEADERS'] ?? ''),
-            'maxAge'           => (int)($_ENV['CORS_MAX_AGE'] ?? 86400),
+            'allowCredentials' => Env::bool('CORS_ALLOW_CREDENTIALS', false),
+            'allowedMethods'   => Env::string('CORS_ALLOWED_METHODS', 'GET, POST, PUT, PATCH, DELETE, OPTIONS'),
+            'allowedHeaders'   => trim(Env::string('CORS_ALLOWED_HEADERS', '')),
+            'exposeHeaders'    => trim(Env::string('CORS_EXPOSE_HEADERS', '')),
+            'maxAge'           => Env::int('CORS_MAX_AGE', 86400),
         ];
 
         if (is_array($overrides)) {

package/dist/src/Lib/Websocket/ConnectionManager.php

@@ -15,12 +15,12 @@ class ConnectionManager implements MessageComponentInterface
 
     public function __construct()
     {
-        $this->clients = new SplObjectStorage;
+        $this->clients = new SplObjectStorage();
     }
 
     public function onOpen(ConnectionInterface $conn): void
     {
-        $this->clients->attach($conn);
+        $this->clients->offsetSet($conn, true);
         echo "New connection! ({$conn->resourceId})";
     }
 
@@ -35,7 +35,7 @@ class ConnectionManager implements MessageComponentInterface
 
     public function onClose(ConnectionInterface $conn): void
     {
-        $this->clients->detach($conn);
+        $this->clients->offsetUnset($conn);
         echo "Connection {$conn->resourceId} has disconnected";
     }
 

package/dist/src/Lib/Websocket/websocket-server.php

@@ -15,14 +15,15 @@ use Ratchet\WebSocket\WsServer;
 use Lib\Websocket\ConnectionManager;
 use React\EventLoop\LoopInterface;
 use Throwable;
+use PP\Env;
 
 // ── Load .env (optional) and timezone ─────────────────────────────────────────
 if (file_exists(DOCUMENT_PATH . '/.env')) {
     Dotenv::createImmutable(DOCUMENT_PATH)->safeLoad();
 }
-date_default_timezone_set($_ENV['APP_TIMEZONE'] ?? 'UTC');
+date_default_timezone_set(Env::string('APP_TIMEZONE', 'UTC'));
 
-// ── Tiny argv parser: allows --host=0.0.0.0 --port=8080 ──────────────────────
+// ── Tiny argv parser: allows --host=0.0.0.0 --port=9001 ──────────────────────
 $cli = [];
 foreach ($argv ?? [] as $arg) {
     if (preg_match('/^--([^=]+)=(.*)$/', $arg, $m)) {
@@ -31,11 +32,11 @@ foreach ($argv ?? [] as $arg) {
 }
 
 // ── Resolve settings (env → cli defaults) ────────────────────────────────────
-$appName = $_ENV['WS_NAME']       ?? 'prisma-php-ws';
-$appVer  = $_ENV['WS_VERSION']    ?? '0.0.1';
-$host    = $cli['host']           ?? ($_ENV['WS_HOST'] ?? '127.0.0.1');
-$port    = (int)($cli['port']     ?? ($_ENV['WS_PORT'] ?? 8080));
-$verbose = filter_var($cli['verbose'] ?? ($_ENV['WS_VERBOSE'] ?? 'true'), FILTER_VALIDATE_BOOLEAN);
+$appName = Env::string('WS_NAME', 'prisma-php-ws');
+$appVer  = Env::string('WS_VERSION', '0.0.1');
+$host    = $cli['host']           ?? Env::string('WS_HOST', '127.0.0.1');
+$port    = (int)($cli['port']     ?? Env::int('WS_PORT', 9001));
+$verbose = filter_var($cli['verbose'] ?? Env::bool('WS_VERBOSE', true), FILTER_VALIDATE_BOOLEAN);
 
 // ── Console helpers ──────────────────────────────────────────────────────────
 $color = static fn(string $t, string $c) => "\033[{$c}m{$t}\033[0m";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-prisma-php-app",
-  "version": "4.3.9",
+  "version": "4.4.0",
   "description": "Prisma-PHP: A Revolutionary Library Bridging PHP with Prisma ORM",
   "main": "dist/index.js",
   "type": "module",