free-framework 4.8.11 ā†’ 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/README.md +20 -9
  2. package/cli/commands/make.js +21 -12
  3. package/compiler/generator.js +11 -3
  4. package/package.json +1 -1
  5. package/runtime/cluster.js +5 -5
  6. package/runtime/middleware/firewall.js +38 -0
  7. package/runtime/server.js +6 -2
  8. package/templates/app-template/.free/app.js +1555 -0
  9. package/templates/app-template/app/controllers/ProductController.free +31 -0
  10. package/templates/app-template/app/models/Product.free +12 -0
  11. package/templates/app-template/public/free-runtime.js +1 -0
  12. package/templates/app-template/resources/components/ProductCard.free +16 -0
  13. package/templates/app-template/resources/views/docs.free +13 -13
  14. package/templates/app-template/resources/views/home.free +80 -55
package/README.md CHANGED
@@ -1,7 +1,7 @@
1
- # Free Framework
1
+ # Free Ultra Framework v5.0.0 [Convergence Royale]
2
2
 
3
- > The blazing-fast, full-stack web framework with its own `.free` language syntax.
4
- > Build modern production apps in a fraction of the time ā€” with **zero boilerplate**.
3
+ > **The High-Octane Engineering Ecosystem.**
4
+ > Bridging the gap between Laravel's elegance, React's reactivity, and Node.js's raw performance. šŸ›”ļø Blazing-fast, Secure, and Scalable by default.
5
5
 
6
6
  [![NPM Version](https://img.shields.io/npm/v/free-framework.svg)](https://www.npmjs.com/package/free-framework)
7
7
  [![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
@@ -165,13 +165,24 @@ server.use(ChatPlugin());
165
165
 
166
166
  ---
167
167
 
168
- ## šŸ”’ Security Built-in
168
+ ## šŸ”’ Security: Aura Shield (v5.0.0)
169
169
 
170
- - Zero-config **security headers** (CSP, X-Frame-Options, HSTS)
171
- - **DDoS & Rate limiting** (1000 req/min per IP by default)
172
- - **CSRF token injection** on every page
173
- - **bcrypt** password hashing in `AuthPlugin`
174
- - **XSS-safe** template interpolation (auto-escaped)
170
+ Free Ultra v5.0.0 introduces the **Active Security Engine**, a proactive layer that protects your app from day one.
171
+
172
+ - **Aura Firewall**: Real-time pattern matching against SQL Injection, Directory Traversal, and malicious User-Agents.
173
+ - **Strict Headers**: CSP, HSTS, and Permissions-Policy enforced by default.
174
+ - **Strict-Typed Validation**: High-performance payload verification via `runtime/validator.js`.
175
+
176
+ ---
177
+
178
+ ## šŸ“– The Gigantic Encyclopedia
179
+
180
+ Access the comprehensive, 7-chapter masterclass on building industrial-grade web applications.
181
+ - [Aura Architecture & AST Compilation]
182
+ - [Security Protocols & Firewall Deep-Dives]
183
+ - [.free Language Specs & Reactive State]
184
+ - [ORM 2.0 & CLI Scaffolding]
185
+ - [SPA Transitions & Partial SSR]
175
186
 
176
187
  ---
177
188
 
package/cli/commands/make.js CHANGED
@@ -20,8 +20,8 @@ const make = {
20
20
  fs.ensureDirSync(dir);
21
21
  const filePath = path.join(dir, `${name}.free`);
22
22
  guard(filePath, `Model ${name}`);
23
- fs.writeFileSync(filePath, `model ${name} {\n name string\n created_at string\n}\n`);
24
- console.log(`āœ… Created model: app/models/${name}.free`);
23
+ fs.writeFileSync(filePath, `// Free Ultra Enterprise Model: ${name}\n// Optimized for SQLite / ORM v5.0.0\n\nmodel ${name} {\n id integer primary_key autoincrement\n uuid string unique\n name string index\n email string unique\n status string default('active')\n created_at timestamp default(now)\n updated_at timestamp default(now)\n}\n`);
24
+ console.log(`āœ… [Laravel-scaffold] Created model: app/models/${name}.free`);
25
25
  },
26
26
 
27
27
  controller: (name) => {
@@ -29,8 +29,8 @@ const make = {
29
29
  fs.ensureDirSync(dir);
30
30
  const filePath = path.join(dir, `${name}Controller.free`);
31
31
  guard(filePath, `Controller ${name}`);
32
- fs.writeFileSync(filePath, `/**\n * ${name} Controller\n */\n\naction get${name} {\n return { success: true };\n}\n`);
33
- console.log(`āœ… Created controller: app/controllers/${name}Controller.free`);
32
+ fs.writeFileSync(filePath, `/**\n * ${name} Controller (v5.0.0 [Convergence])\n * Unified Logic for API and Web\n */\n\naction index {\n // Laravel-style Collection logic\n const data = await ORM.all('${name}');\n return { success: true, data };\n}\n\naction show {\n const item = await ORM.find('${name}', { id: params.id });\n return { success: !!item, data: item };\n}\n\naction store {\n // Validation logic here\n const newItem = await ORM.create('${name}', body);\n return { success: true, id: newItem.id };\n}\n\naction update {\n await ORM.update('${name}', { id: params.id }, body);\n return { success: true };\n}\n\naction delete {\n await ORM.delete('${name}', { id: params.id });\n return { success: true };\n}\n`);
33
+ console.log(`āœ… [Laravel-scaffold] Created controller: app/controllers/${name}Controller.free`);
34
34
  },
35
35
 
36
36
  middleware: (name) => {
@@ -38,8 +38,8 @@ const make = {
38
38
  fs.ensureDirSync(dir);
39
39
  const filePath = path.join(dir, `${name}.js`);
40
40
  guard(filePath, `Middleware ${name}`);
41
- fs.writeFileSync(filePath, `/**\n * app/middleware/${name}.js\n */\nmodule.exports = async function ${name}Middleware(req, res, next) {\n // Security/Auth logic here\n next();\n};\n`);
42
- console.log(`āœ… Created middleware: app/middleware/${name}.js`);
41
+ fs.writeFileSync(filePath, `/**\n * app/middleware/${name}.js\n * Professional Request Filter (Node.js style)\n */\n\nmodule.exports = async function ${name}Middleware(req, res, next) {\n try {\n // Enter your security/auth logic here\n // Example: if (!req.headers.authorization) throw new Error("Unauthorized");\n \n next();\n } catch (err) {\n res.status(401).json({ success: false, message: err.message });\n }\n};\n`);
42
+ console.log(`āœ… [NodeJS-style] Created middleware: app/middleware/${name}.js`);
43
43
  },
44
44
 
45
45
  migration: (name) => {
@@ -48,8 +48,8 @@ const make = {
48
48
  const timestamp = Date.now();
49
49
  const filePath = path.join(dir, `${timestamp}_${name}.js`);
50
50
  guard(filePath, `Migration ${name}`);
51
- fs.writeFileSync(filePath, `exports.up = function(knex) {\n return knex.schema.createTable('${name}', table => {\n table.increments('id');\n table.timestamps(true, true);\n });\n};\n\nexports.down = function(knex) {\n return knex.schema.dropTable('${name}');\n};\n`);
52
- console.log(`āœ… Created migration: database/migrations/${timestamp}_${name}.js`);
51
+ fs.writeFileSync(filePath, `/**\n * Migration: ${name}\n * Knex.js Query Builder compatible\n */\n\nexports.up = function(knex) {\n return knex.schema.createTable('${name}', table => {\n table.increments('id');\n table.uuid('uuid').defaultTo(knex.fn.uuid());\n table.timestamps(true, true);\n });\n};\n\nexports.down = function(knex) {\n return knex.schema.dropTable('${name}');\n};\n`);
52
+ console.log(`āœ… [Laravel-style] Created migration: database/migrations/${timestamp}_${name}.js`);
53
53
  },
54
54
 
55
55
  page: (name) => {
@@ -57,8 +57,17 @@ const make = {
57
57
  fs.ensureDirSync(dir);
58
58
  const filePath = path.join(dir, `${name}.free`);
59
59
  guard(filePath, `Page ${name}`);
60
- fs.writeFileSync(filePath, `component ${name} {\n div class="container mx-auto p-4" {\n h1 class="text-2xl font-bold" { text "${name} View" }\n }\n}\n`);
61
- console.log(`āœ… Created view: app/views/${name}.free`);
60
+ fs.writeFileSync(filePath, `// Free Ultra Page: ${name} (React-inspired)\n\ncomponent ${name} {\n let title = "${name} Hub";\n\n div class="min-h-screen bg-zinc-950 text-white p-20" {\n h1 class="text-6xl font-black tracking-tighter" { text title }\n p class="text-zinc-500 mt-4" { text "Welcome to your high-performance island." }\n }\n\n style {\n h1 { background: linear-gradient(to right, #fff, #444); -webkit-background-clip: text; -webkit-text-fill-color: transparent; }\n }\n}\n`);
61
+ console.log(`āœ… [React-inspired] Created view: app/views/${name}.free`);
62
+ },
63
+
64
+ component: (name) => {
65
+ const dir = path.join(process.cwd(), "resources/components");
66
+ fs.ensureDirSync(dir);
67
+ const filePath = path.join(dir, `${name}.free`);
68
+ guard(filePath, `Component ${name}`);
69
+ fs.writeFileSync(filePath, `/**\n * Component: ${name}\n * High-performance Interactive Island\n */\n\ncomponent ${name} {\n let status = state("idle");\n\n div class="p-4 border border-zinc-800 rounded-xl" {\n span { text "Status: " + status }\n button class="ml-4 px-3 py-1 bg-white text-black text-xs font-bold" \n onClick={() => status = "active"} {\n text "Activate"\n }\n }\n}\n`);
70
+ console.log(`āœ… [Island-scaffold] Created component: resources/components/${name}.free`);
62
71
  },
63
72
 
64
73
  service: (name) => {
@@ -66,8 +75,8 @@ const make = {
66
75
  fs.ensureDirSync(dir);
67
76
  const filePath = path.join(dir, `${name}.js`);
68
77
  guard(filePath, `Service ${name}`);
69
- fs.writeFileSync(filePath, `/**\n * app/services/${name}.js\n * Enterprise service layer logic.\n */\nclass ${name} {\n static async perform() {\n // Your complex logic here\n }\n}\n\nmodule.exports = ${name};\n`);
70
- console.log(`āœ… Created service: app/services/${name}.js`);
78
+ fs.writeFileSync(filePath, `/**\n * app/services/${name}.js\n * Enterprise Service Layer (Laravel-inspired)\n */\n\nclass ${name} {\n /**\n * Executes the primary business logic for this service.\n */\n static async handle(payload) {\n console.log("[Service] Processing ${name} with payload:", payload);\n // Complex business logic goes here\n return { success: true };\n }\n}\n\nmodule.exports = ${name};\n`);
79
+ console.log(`āœ… [Laravel-inspired] Created service: app/services/${name}.js`);
71
80
  },
72
81
  };
73
82
 
package/compiler/generator.js CHANGED
@@ -398,11 +398,19 @@ function generateTagCode(tag, stateNames) {
398
398
  code += ` html += ">";\n`;
399
399
 
400
400
  if (tag.content) {
401
- let cont = tag.content.replace(/`/g, '\\`').replace(/\$/g, '\\$').replace(/\{([^}]+)\}/g, (_, p) => {
402
- const parts = p.split('.');
403
- if (stateNames.includes(parts[0])) return `\${e(state["${parts[0]}"]${parts.slice(1).map(part => `?.["${part}"]`).join('')})}`;
401
+ let cont = tag.content.replace(/`/g, '\\`').replace(/\$/g, '\\$');
402
+ // Robust interpolation: only match expressions that don't contain nested braces or backslashes
403
+ cont = cont.replace(/(?<!\\)\{([^\\{}]+)\}/g, (_, p) => {
404
+ const trimmed = p.trim();
405
+ const parts = trimmed.split('.');
406
+ if (stateNames.includes(parts[0])) {
407
+ return `\${e(state["${parts[0]}"]${parts.slice(1).map(part => `?.["${part}"]`).join('')})}`;
408
+ }
409
+ // If it's not a state variable, just treat it as a JS expression
404
410
  return `\${e(${p})}`;
405
411
  });
412
+ // Remove escape characters from \{ and \}
413
+ cont = cont.replace(/\\\{/g, '{').replace(/\\\}/g, '}');
406
414
  code += ` html += \`${cont}\`;\n`;
407
415
  }
408
416
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "free-framework",
3
- "version": "4.8.11",
3
+ "version": "5.0.0",
4
4
  "description": "Professional Node.js engine for the .free language. Blazing-fast SSR, Islands Architecture, and built-in ORM.",
5
5
  "main": "index.js",
6
6
  "bin": {
package/runtime/cluster.js CHANGED
@@ -11,7 +11,7 @@ class ClusterManager {
11
11
  static ignite(startServerCallback) {
12
12
  if (cluster.isMaster || cluster.isPrimary) {
13
13
  const numCPUs = os.cpus().length;
14
- console.log(`\nšŸ›”ļø Free Engine Cluster Manager Intercepting...`);
14
+ console.log(`\nšŸ›”ļø [High-Octane] Free Engine Cluster Manager Intercepting...`);
15
15
  console.log(`šŸ”„ Igniting ${numCPUs} Worker Processes natively...\n`);
16
16
 
17
17
  for (let i = 0; i < numCPUs; i++) {
@@ -19,15 +19,15 @@ class ClusterManager {
19
19
  }
20
20
 
21
21
  cluster.on('exit', (worker, code, signal) => {
22
- console.error(`āŒ Worker ${worker.process.pid} died (Code: ${code}). Resurrecting...`);
23
- cluster.fork(); // Auto-healing
22
+ console.error(`āš ļø [Resilience] Worker ${worker.process.pid} died (Code: ${code}). Resurrecting immediately...`);
23
+ cluster.fork(); // Auto-healing for 99.9% uptime
24
24
  });
25
25
 
26
- console.log(`āœ… Master Process PID: ${process.pid} is routing traffic.`);
26
+ console.log(`āœ… [Convergence] Master Process PID: ${process.pid} is routing traffic.`);
27
27
  } else {
28
28
  // Workers share the TCP connection in Node.js Cluster mode
29
29
  startServerCallback();
30
- console.log(` ā””ā”€ Worker PID: ${process.pid} ready for combat.`);
30
+ console.log(` ā””ā”€ [Active] Worker PID: ${process.pid} ready for combat.`);
31
31
  }
32
32
  }
33
33
  }
package/runtime/middleware/firewall.js ADDED
@@ -0,0 +1,38 @@
1
+ /**
2
+ * runtime/middleware/firewall.js
3
+ * High-Performance Framework Firewall for Free Ultra v5.0.0.
4
+ * Protects against malicious bots, scrapers, and rapid-fire signatures.
5
+ */
6
+
7
+ const BLOCKED_AGENTS = [
8
+ 'sqlmap', 'nikto', 'dirbuster', 'gobuster', 'nmap', 'masscan',
9
+ 'dotbot', 'rogerbot', 'baiduspider', 'ahrefsbot'
10
+ ];
11
+
12
+ const MALICIOUS_PATTERNS = [
13
+ /\.\.\//, // Directory traversal
14
+ /<script/i, // XSS attempt
15
+ /union\s+select/i, // SQL Injection
16
+ /OR\s+1=1/i, // SQL Injection
17
+ /etc\/passwd/i, // Linux system file access
18
+ /cmd\.exe/i // Windows command execution
19
+ ];
20
+
21
+ module.exports = function firewallMiddleware(req, res, next) {
22
+ const userAgent = (req.headers['user-agent'] || '').toLowerCase();
23
+
24
+ // 1. Check User-Agent Blacklist
25
+ if (BLOCKED_AGENTS.some(agent => userAgent.includes(agent))) {
26
+ console.warn(`[Firewall] šŸ›”ļø Blocked Malicious Agent: ${userAgent}`);
27
+ return res.status(403).json({ success: false, error: 'Firewall Breach: Access Denied' });
28
+ }
29
+
30
+ // 2. Scan URL and Query for Malicious Patterns
31
+ const fullUrl = req.url + (req.query_string || '');
32
+ if (MALICIOUS_PATTERNS.some(regex => regex.test(fullUrl))) {
33
+ console.warn(`[Firewall] šŸ›”ļø Blocked Malicious Request Pattern: ${req.url}`);
34
+ return res.status(403).json({ success: false, error: 'Firewall Breach: Invalid Signature detected' });
35
+ }
36
+
37
+ next();
38
+ };
package/runtime/server.js CHANGED
@@ -10,13 +10,16 @@ const fs = require('fs');
10
10
  const crypto = require('crypto');
11
11
  const securityMiddleware = require('./middleware/security');
12
12
  const maintenanceMiddleware = require('./middleware/maintenance');
13
+ const firewallMiddleware = require('./middleware/firewall');
13
14
 
14
15
  const { LRUCache } = require('lru-cache');
15
16
 
16
17
  class FreeServer {
17
18
  constructor() {
18
- console.log(`[Free Engine] āš™ļø Runtime Core v4.8.11 initializing...`);
19
- this.app = new HyperExpress.Server();
19
+ console.log(`[Free Engine] āš™ļø Runtime Core v5.0.0 [Convergence] initializing...`);
20
+ this.app = new HyperExpress.Server({
21
+ compression: true
22
+ });
20
23
  this.viewsPath = process.env.VIEWS_PATH || nodePath.join(process.cwd(), 'views');
21
24
  this.namedMiddlewares = {};
22
25
  this.errorViews = {};
@@ -109,6 +112,7 @@ class FreeServer {
109
112
  });
110
113
 
111
114
  // Apply Global Middleware
115
+ this.app.use(firewallMiddleware); // Firewall First
112
116
  this.app.use(maintenanceMiddleware);
113
117
  this.app.use(securityMiddleware);
114
118