free-framework 4.6.0 → 4.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -3,13 +3,13 @@
|
|
|
3
3
|
* Enterprise Maintenance Mode Guard.
|
|
4
4
|
*/
|
|
5
5
|
|
|
6
|
-
module.exports = function maintenanceMiddleware(req, res) {
|
|
6
|
+
module.exports = function maintenanceMiddleware(req, res, next) {
|
|
7
7
|
const isMaintenance = process.env.MAINTENANCE_MODE === 'true';
|
|
8
8
|
const bypassToken = process.env.MAINTENANCE_BYPASS;
|
|
9
9
|
|
|
10
10
|
// Allow bypassing with a specific query token or if disabled
|
|
11
11
|
if (!isMaintenance || (bypassToken && req.query.bypass === bypassToken)) {
|
|
12
|
-
return;
|
|
12
|
+
return next();
|
|
13
13
|
}
|
|
14
14
|
|
|
15
15
|
// Identify if it's an API request or HTML
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
* Enterprise-grade Security Headers Middleware.
|
|
4
4
|
*/
|
|
5
5
|
|
|
6
|
-
module.exports = function securityMiddleware(req, res) {
|
|
6
|
+
module.exports = function securityMiddleware(req, res, next) {
|
|
7
7
|
// 1. Core Security Headers
|
|
8
8
|
res.setHeader('X-Powered-By', 'Free-Ultra/Enterprise');
|
|
9
9
|
res.setHeader('X-Content-Type-Options', 'nosniff');
|
|
@@ -25,4 +25,6 @@ module.exports = function securityMiddleware(req, res) {
|
|
|
25
25
|
|
|
26
26
|
// 4. Permissions Policy (Hardware restrictions)
|
|
27
27
|
res.setHeader('Permissions-Policy', 'camera=(), microphone=(), geolocation=(), interest-cohort=()');
|
|
28
|
+
|
|
29
|
+
next();
|
|
28
30
|
};
|
package/runtime/server.js
CHANGED
|
@@ -23,9 +23,9 @@ class FreeServer {
|
|
|
23
23
|
|
|
24
24
|
// Static Asset Serving Middleware
|
|
25
25
|
const publicPath = nodePath.join(process.cwd(), 'public');
|
|
26
|
-
this.app.use((req, res) => {
|
|
26
|
+
this.app.use((req, res, next) => {
|
|
27
27
|
const lookupPath = req.path.startsWith('/') ? req.path.substring(1) : req.path;
|
|
28
|
-
if (!lookupPath) return;
|
|
28
|
+
if (!lookupPath) return next();
|
|
29
29
|
|
|
30
30
|
const fullPath = nodePath.join(publicPath, lookupPath);
|
|
31
31
|
if (fs.existsSync(fullPath) && fs.statSync(fullPath).isFile()) {
|
|
@@ -34,6 +34,7 @@ class FreeServer {
|
|
|
34
34
|
const mimes = { '.js': 'application/javascript', '.css': 'text/css', '.png': 'image/png' };
|
|
35
35
|
return res.type(mimes[ext] || 'application/javascript').send(content);
|
|
36
36
|
}
|
|
37
|
+
next();
|
|
37
38
|
});
|
|
38
39
|
|
|
39
40
|
this.app.get('/test-static', (req, res) => res.send('Static serving test'));
|
|
@@ -54,7 +55,7 @@ class FreeServer {
|
|
|
54
55
|
this.app.use(maintenanceMiddleware);
|
|
55
56
|
this.app.use(securityMiddleware);
|
|
56
57
|
|
|
57
|
-
this.app.use((req, res) => {
|
|
58
|
+
this.app.use((req, res, next) => {
|
|
58
59
|
const ip = req.ip || req.headers['x-forwarded-for'] || 'unknown';
|
|
59
60
|
const reqCount = this.rateLimits.get(ip) || 0;
|
|
60
61
|
|
|
@@ -65,6 +66,7 @@ class FreeServer {
|
|
|
65
66
|
}
|
|
66
67
|
|
|
67
68
|
this.rateLimits.set(ip, reqCount + 1);
|
|
69
|
+
next();
|
|
68
70
|
});
|
|
69
71
|
}
|
|
70
72
|
|