gina 0.1.6 → 0.1.7

package/CHANGELOG.md

@@ -6,6 +6,30 @@ adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html),
 and is generated by [Changie](https://github.com/miniscruff/changie).
 
 
+## 0.1.7 - 2026-03-20
+### Added
+* Cache: sliding-window expiration and absolute ceiling (maxAge) for HTML and JSON response caches
+* Added gina cache:stats <bundle> @<project> CLI command. Fetches and prints a grouped table of in-memory cache entries from a running bundle. Requires the bundle to be running.
+* Cached routes now emit `Cache-Control` headers synchronised with the server-side TTL. A new optional `visibility` field (`"public" | "private"`, default `"private"`) in the per-route cache config controls the directive sent to browsers and CDNs. The hit path uses the remaining TTL so downstream caches do not over-serve stale content.
+* Per-route outgoing query timeout: add "queryTimeout": <ms> to any routing.json rule and self.query() will use it as the request timeout budget when options.requestTimeout is not explicitly set. The hardcoded 10 s default still applies when neither is set.
+### Changed
+* Cache FS writes in the JSON renderer are now asynchronous (fs.promises.writeFile), avoiding event-loop blocking on cache misses.
+* routing.json queryTimeout field now accepts human-readable strings ("30s", "500ms", "2m", "1h") in addition to integer milliseconds (30000). The value is normalised to ms at parse time so req.routing.queryTimeout is always a number.
+* app.json proxy target field "timeout" renamed to "requestTimeout" — unambiguous name for the per-request outgoing timeout. Update any app.json proxy target that declares a "timeout" to use "requestTimeout" instead. self.query() call sites that passed options.timeout must also be updated to options.requestTimeout.
+* self.query() options field "timeout" renamed to "requestTimeout" — consistent with app.json::proxy.<service>.requestTimeout. The internal pipeline (both HTTP/1 and HTTP/2 handlers) and the defaultOptions fallback now use requestTimeout throughout
+* Entity methods and Couchbase N1QL methods now return a native Promise (Option B). await entity.method(args) works directly without util.promisify. .onComplete(cb) remains fully backward-compatible. Removes the _isRegisteredFromProto guard that was silently dropping queries when a callback-path call preceded a Promise-path call on the same entity.
+### Fixed
+* Sub-second TTL and maxAge values (e.g. ttl: 0.5) now work correctly in the cache. Previously, fractional seconds were truncated to zero, causing immediate eviction.
+* Completed sub-second maxAge fix (#C1): both renderers were pre-truncating maxAge with ~~ before passing it to lib/cache, bypassing the Math.round fix. Removed ~~ from render-swig.js and render-json.js. Also fixed Cache-Status header calculation in server.isaac.js.
+* Cache keys now include the bundle name ("static:{bundle}:{url}" and "data:{bundle}:{url}") to prevent silent cache collisions when two bundles serve the same URL path on the same server instance.
+* Cache entries are now capped via LRU eviction. Cache(options) accepts a `maxEntries` option (default 0 = unlimited); when reached, the least-recently-accessed entry is evicted before each insert. The shared server cache defaults to 1000 entries, configurable via `server.cache.maxEntries` in env.json. The routing cache is capped at 5000 entries (FIFO).
+* Fixed handler files returning 404 when a catch-all root statics mapping (empty key) was defined: staticResources is now sorted by descending path length so specific prefixes like /handlers/ are matched before / in the prefix-regex loop
+* CORS preflight (OPTIONS) requests are now handled before routing: the server responds with HTTP 204 and the correct Access-Control-Allow-Origin header immediately, instead of forwarding to the controller action which returned an error without CORS headers. CORS response headers are now also included on all HTTP/2 JSON responses.
+* self.query() queryTimeout fallback now fires correctly: moved the req.routing.queryTimeout check to before the merge with defaultOptions, which was silently overwriting timeout with the "10s" framework default before the check could run
+* controller.render-swig.js: isRenderingCustomError now detected from both userData and localOptions (set by renderCustomError() in controller.js). Adds null-guard on userData. localOptions is now resolved before the flag check.
+### Security
+* Removed dead framework version v0.1.1-alpha.1 from the repository. Its package.json declared sanitize-html ^2.5.0 (CVE-2021-26539, CVE-2021-26540 — XSS, high severity) and busboy ^0.2.14 (dicer ReDoS). Neither version nor its dependencies were in use.
+
 ## 0.1.6 - 2026-03-08
 ### Added
 * Added JSDoc across core/controller/, core/model/, and helpers/: constructor @class/@constructor/@extends, @inner on private helpers, complete @param/@returns on all public methods, @global on the _ path helper, @module on controller/index.js

package/README.md

@@ -2,6 +2,8 @@
 
 [![GitHub version](https://badge.fury.io/gh/Rhinostone%2Fgina.svg)](https://badge.fury.io/gh/Rhinostone%2Fgina) [![npm version](https://badge.fury.io/js/gina.svg)](https://badge.fury.io/js/gina)
 
+> **Documentation:** [https://gina.io/docs/](https://gina.io/docs/)
+
 <strong>Gina I/O</strong> - Node.js MVC and Event Driven framework
 
 > We are looking for people to help us test and improve `Windows` support.
@@ -613,6 +615,10 @@ After this, try again to start, it should run better.
 
 More documentation and tutorials are coming soon !
 
+---
+
+For the full documentation, visit [https://gina.io/docs/](https://gina.io/docs/)
+
 ## License (MIT)
 
 Copyright © 2009-2026 [Rhinostone](http://www.rhinostone.com/)

package/framework/v0.1.7/VERSION

@@ -0,0 +1 @@
+0.1.7

package/framework/{v0.1.6 → v0.1.7}/core/asset/plugin/dist/vendor/gina/js/gina.js

@@ -4670,6 +4670,10 @@ function Routing() {
         return self;
     }
 
+    // Maximum number of distinct route IDs kept in the route cache.
+    // When exceeded, the oldest entry (insertion order) is evicted first.
+    var MAX_CACHED_ROUTES = 5000;
+
 
     self.allowedMethodsString   = self.allowedMethods.join(',');
 
@@ -4793,6 +4797,10 @@ function Routing() {
      */
     self.cache = function(routeId, name, routeObject, params, methodParams) {
         if ( Routing._cached.indexOf(routeId) == -1 ) {
+            // FIFO eviction: when at capacity, drop the oldest entry before inserting
+            if ( Routing._cached.length >= MAX_CACHED_ROUTES ) {
+                self.invalidateCached(Routing._cached[0]);
+            }
             Routing._cached.push(routeId);
             Routing._cachedRoutes[routeId] = {
                 name            : name,
@@ -4840,6 +4848,9 @@ function Routing() {
             if ( typeof(routeObject.cache) != 'undefined' ) {
                 params.cache = routeObject.cache;
             }
+            if ( typeof(routeObject.queryTimeout) != 'undefined' ) {
+                params.queryTimeout = parseTimeout(routeObject.queryTimeout);
+            }
 
             // isRoute
             return self.compareUrls(params, routeObject.url, req);

package/framework/{v0.1.6 → v0.1.7}/core/asset/plugin/dist/vendor/gina/js/gina.min.js

@@ -113,37 +113,37 @@ delete n[y][z]:('undefined'==typeof r[y].errors&&(r[y].errors={}),r[y].errors[z]
 function Routing(){var A='undefined'!==typeof module&&module.exports?!1:!0,P={allowedMethods:['get','post','put','delete'],reservedParams:['controle','file','title','namespace','path'],notFound:{},getInstance:function(r){return Routing.instance}};if('undefined'==typeof Routing.initialized)Routing.initialized=!0,Routing.instance=P,Routing._cached=[],Routing._cachedRoutes={};else return P=P.getInstance();P.allowedMethodsString=P.allowedMethods.join(',');var V=null,ja=null,R=null;A?(ja&&'function'==
 typeof ja||(ja=require('lib/merge')),R&&'function'==typeof R||(R=require('lib/form-validator'))):(require('fs'),require('util'),require('../../inherits'),ja=require('../../merge'),V=require(__dirname+'/../../../core/plugins')||getContext('gina').plugins,R=V.Validator);P.getUrlProps=function(r,H){var v={};if(A){var wa=window.gina.config;v.hostname=wa.hostname;'undefined'!=typeof r&&(r=this.getRoute('webroot@'+r),v.hostname=r.hostname,v.host=r.host,v.webroot=r.webroot)}else wa=getContext('gina').config,
 'undefined'!=typeof getContext('argvFilename')&&(wa.getRouting=getContext('gina').Config.instance.getRouting),'undefined'==typeof r&&(r=wa.bundle),'undefined'==typeof H&&(H=wa.env),v.hostname=wa.envConf[r][H].hostname,v.host=wa.envConf[r][H].host,v.webroot=wa.envConf[r][H].server.webroot,console.debug('[self.getUrlProps][isProxyHost = '+getContext('isProxyHost')+'] hostname ',wa.envConf[r][H].hostname,vs,process.gina.PROXY_HOSTNAME);return v};P.cache=function(r,H,v,wa,Fa){-1==Routing._cached.indexOf(r)&&
-(Routing._cached.push(r),Routing._cachedRoutes[r]={name:H,routing:v,params:wa,methodParams:Fa})};P.getCached=function(r,H){if(-1<Routing._cached.indexOf(r)){var v=Routing._cachedRoutes[r],wa=H.method.toLowerCase();r=JSON.clone(v.routing);v={method:wa,requirements:r.requirements,namespace:r.namespace||void 0,url:decodeURI(H.url),rule:r.originalRule||v.name,param:r.param,middleware:r.middleware,bundle:r.bundle,isXMLRequest:H.isXMLRequest,isWithCredentials:H.isWithCredentials};'undefined'==typeof r.rule&&
-'undefined'!=typeof v.rule&&(r.rule=v.rule);'undefined'!=typeof r.cache&&(v.cache=r.cache);return P.compareUrls(v,r.url,H)}return null};P.invalidateCached=function(r){-1<Routing._cached.indexOf(r)&&(Routing._cached.splice(Routing._cached.indexOf(r),1),delete Routing._cachedRoutes[r])};P.compareUrls=async function(r,H,v,wa,Fa){'undefined'==typeof v&&(v={routing:{}});if(/,/.test(H)){var T=0;H=H.split(/,/g);for(var J=H.length,G={past:!1,request:v};T<J&&!G.past;)G=await N(r,H[T],v,wa,Fa),++T;return G}return await N(r,
-H,v,wa,Fa)};var N=async function(r,H,v,wa,Fa){var T=null;try{T=r.url.split(/\//)}catch(U){console.warn(U),T=['']}H=H.split(/\//);var J=0,G=0,B=H.length,n=0,y={},z=0,D=v.method.toLowerCase(),w='get';try{w=r.method.toLowerCase()}catch(U){}var x=!1;if('undefined'!=typeof r.requirements&&/get|delete/i.test(D)&&'undefined'!=typeof v[D]||'undefined'!=typeof r.requirements&&/get/i.test(D)&&/delete/i.test(w)){/get/i.test(D)&&/delete/i.test(w)&&(D=w);if(/^(delete)$/i.test(D)&&T.length===H.length){'undefined'==
-typeof v[D]&&(v[D]={});for(let U=0,pa=H.length;U<pa;U++)if(T[U]===H[U])++n;else if(w=H[U].substring(1),'undefined'!=typeof r.requirements[w]){w=r.requirements[w];if(/^\//.test(w))w=w.substring(1,w.lastIndexOf('/')-1);else if(/^validator::/.test(w)&&await ha(H[U],T[U],r,v,wa,Fa)){++n;continue}/^:/.test(H[U])&&'undefined'!=typeof w&&(new RegExp(w)).test(T[U])&&(++n,v[D][H[U].substring(1)]=T[U])}x=!0}for(var E in v[D])'undefined'!=typeof r.requirements[E]&&0>H.indexOf(':'+E)&&(H[G]=':'+E,++G,T[J]=v[D][E],
-++J,x||T.length!==H.length||++B)}if(!x&&T.length===H.length)for(;z<B;++z)T[z]===H[z]?++n:n==z&&/:/.test(H[z])&&await ha(H[z],T[z],r,v,wa,Fa)&&++n;if('undefined'!=typeof r.requirements&&D==r.method.toLowerCase()&&!x&&n>=B)for(E=Object.getOwnPropertyNames(r.requirements),J=0,H.join(',').match(/:[-_a-z0-9]+/g);J<E.length;){G=E[J];if('undefined'==typeof r.param[G]&&/^validator::/i.test(r.requirements[G])){if(H.length!=T.length)break;var O=H.join(',').match(/:[-_a-z0-9]+/g);let U=r.requirements[G];z={};
-w={};x={};try{w=JSON.parse(U.split(/::/).splice(1)[0].replace(/([^:"\s+](\w+)):/g,'"$1":').replace(/([^:"\s+](\w+))\s+:/g,'"$1":'))}catch(pa){throw pa;}if('undefined'!=typeof w.query&&'undefined'!=typeof w.query.data){z=w.query.data;for(let pa in z)0>O.indexOf(z[pa])&&delete z[pa];for(let pa=0,Ea=H.length;pa<Ea;pa++)/^:/.test(H[pa])&&(O=H[pa].replace(/^:/,''),''!=O&&'undefined'!=typeof T[pa]&&(z[O]=T[pa],'undefined'==typeof v.params[O]&&(v.params[O]=T[pa])))}z=ja(z,JSON.clone(v[D])||{});'undefined'==
-typeof z[G]&&(z[G]=null);x[G]=w;_validator=A?new R(z):new R('routing',z,null,x);if(0==w.count()){console.error('Route validation failed '+r.rule);--n;J++;continue}for(let pa in w)if('undefined'!=typeof w[pa].data&&(w[pa].data=z),x=Array.isArray(w[pa])?await _validator[G][pa].apply(_validator[G],w[pa]):await _validator[G][pa](w[pa],v,wa,Fa),!x.isValid&&(--n,'undefined'!=typeof x.error))throw x.error;}J++}y.past=n===B?!0:!1;y.past&&(v.routing=S(r,v[D]),y.request=v);return y},ha=async function(r,H,v,
-wa,Fa,T){var J=-1,G=r.match(/:\w+/g);J=new RegExp(r,'g');var B=null,n=null,y=null;B=!1;var z=B=n=n=null,D=null,w=wa.method.toLowerCase();if(!G.length)return!1;v.param.path&&J.test(v.param.path)&&(v.param.path=v.param.path.replace(J,H));v.param.namespace&&J.test(v.param.namespace)&&(v.param.namespace=v.param.namespace.replace(J,H));'undefined'!=typeof v.param.file&&/:/.test(v.param.file)&&(B=new RegExp('(:'+r+'/|:'+r+'$)','g'),Q.variable=H,v.param.file=v.param.file.replace(B,Q),B=null);v.param.title&&
-J.test(v.param.title)&&(v.param.title=v.param.title.replace(J,H));if(1==G.length){B=new RegExp(G[0]);J=-1<G.indexOf(r)?G.indexOf(r):!1;!1===J&&r.match(B)&&(J=0);if(!1===J)return J;if(v.method.toLowerCase()!==w)return!1;'undefined'==typeof wa[w]&&(wa[w]={});y=G[J].substring(1);J=v.requirements[y];if(/^\//.test(J))B=J.match(/\/(.*)\//).pop(),n=J.replace('/'+B+'/',''),B=(new RegExp(B,n)).test(H);else if(/^validator::/.test(J)&&H){n={};B={};z={};D='';r.replace(new RegExp('[^'+y+']','g'),function(pa){D+=
-pa});n[y]=H.replace(new RegExp(D,'g'),'');try{B=JSON.parse(J.split(/::/).splice(1)[0].replace(/([^:"\s+](\w+)):/g,'"$1":').replace(/([^:"\s+](\w+))\s+:/g,'"$1":'))}catch(pa){throw pa;}'undefined'!=typeof B.query&&'undefined'!=typeof B.query.data&&r==B.query.data[Object.keys(B.query.data)[0]]&&(B.query.data[Object.keys(B.query.data)[0]]=n[y],wa.params[y]=n[y]);z[y]=B;n=new R('routing',n,null,z);if(0==B.count())return console.error('Route validation failed '+v.rule),!1;for(var x in B)Array.isArray(B[x])?
-await n[y][x].apply(n[y],B[x]):await n[y][x](B[x],wa,Fa,T);B=n.isValid()}else B=(new RegExp(v.requirements[y])).test(H);if('undefined'!=typeof v.param[y]&&'undefined'!=typeof v.requirements&&'undefined'!=typeof v.requirements[y]&&'undefined'!=typeof wa.params&&B){wa.params[y]=H;if('undefined'==typeof wa[w][y]){switch(H){case 'null':H=null;break;case 'false':H=!1;break;case 'true':H=!0}wa[w][y]=H}return!0}}else{Fa=v.url;T=wa.url;w={};z='';var E=!1,O=0;x=0;for(var U=T.length;x<U;++x)if(T.charAt(x)!=
-Fa.charAt(O)||E){if(''==z)E=!0,z+=T.charAt(x);else if(x>Fa.indexOf(G[0])+G[0].length){J=v.requirements[G[0]];H=z.substring(0,z.length);if(/^\//.test(J))B=J.match(/\/(.*)\//).pop(),n=J.replace('/'+B+'/',''),B=(new RegExp(B,n)).test(H);else if(/^validator::/.test(J)){n={};B={};z={};D='';r.replace(new RegExp('[^'+y[0]+']','g'),function(pa){D+=pa});n[y[0]]=H.replace(new RegExp(D,'g'),'');B=JSON.parse(J.split(/::/).splice(1)[0].replace(/([^\W+ true false])+(\w+)/g,'"$&"'));z[y[0]]=B;n=new R('routing',
-n,null,z);for(let pa in B)if(Array.isArray(B[pa]))n[y[0]][pa].apply(n[y[0]],B[pa]);else n[y[0]][pa](B[pa]);B=n.isValid()}else B=(new RegExp(v.requirements[y[0]])).test(H);if(B)w[G[0].substring(1)]=H;else return!1;z='';E=!1;O=Fa.indexOf(G[0])+G[0].length;--x;G.splice(0,1)}else z+=T.charAt(x),++O;if(x==U-1)if(J=v.requirements[G[0]],H=z.substring(0,z.length),/^\//.test(J)?(B=J.match(/\/(.*)\//).pop(),n=J.replace('/'+B+'/',''),B=(new RegExp(B,n)).test(H)):B=(new RegExp(v.requirements[y])).test(H),B)w[G[0].substring(1)]=
-H;else return!1}else++O;if(w.count()==G.length){y=null;for(y in w){switch(w[y]){case 'null':w[y]=null;break;case 'false':w[y]=!1;break;case 'true':w[y]=!0}wa.params[y]=w[y]}return!0}}return!1},Q=function(r){return/\/$/.test(r)?Q.variable+'/':Q.variable},S=function(r,H){var v=null,wa,Fa=r.url,T=null;for(T in r.param)if(('undefined'==typeof H||'undefined'!=typeof H[T])&&/^:/.test(r.param[T])){var J=r.param[T].substring(1);if('undefined'!=typeof H&&'undefined'!=typeof H[J]){var G=new RegExp('(:'+J+'/|:'+
-J+'$)','g');'undefined'!=typeof r.param.path&&/:/.test(r.param.path)&&(r.param.path=r.param.path.replace(G,H[J]));'undefined'!=typeof r.param.title&&/:/.test(r.param.title)&&(r.param.title=r.param.title.replace(G,H[J]));'undefined'!=typeof r.param.namespace&&/:/.test(r.param.namespace)&&(r.param.namespace=r.param.namespace.replace(G,H[J]));'undefined'!=typeof r.param.file&&/:/.test(r.param.file)&&(Q.variable=H[J],r.param.file=r.param.file.replace(G,Q));if(/,/.test(r.url)){v=r.url.split(/,/g);var B=
-0;for(wa=v.length;B<wa;++B)Q.variable=H[J],v[B]=v[B].replace(G,Q);r.url=v.join(',')}else Q.variable=H[J],r.url=r.url.replace(G,Q)}}if(v){B=0;wa=v.length;Fa=Fa.split(/,/g);var n=0;for(r.urlIndex=0;B<wa;++B)if(v=0,G=Fa[0].match(/:[-_a-z0-9]+/ig)){T=0;for(J=G.length;T<J;T++){var y=G[T].substring(1);'undefined'!=typeof H[y]&&H[y]&&v++}v>n&&(n=v,r.urlIndex=B)}}return r};P.getRoute=function(r,H,v){var wa=null,Fa=!1;A?(window.location.port||window.location.hostname!=window.gina.config.hostname.replace(/^(https|http|wss|ws):\/\//,
-'').replace(/:\d+$/,'')||(Fa=!0,window.gina.config.hostname=window.gina.config.hostname.replace(/^(https|http|wss|ws):\/\//,'').replace(/:\d+$/,'')),wa=window.gina.config):(wa=getContext('gina').config,'undefined'!=typeof getContext('argvFilename')&&(wa.getRouting=getContext('gina').Config.instance.getRouting),Fa=getContext('isProxyHost'));var T=wa.env||GINA_ENV,J=null,G=wa.bundle;/@/.test(r)||'undefined'==typeof G||null==G||(r=r.toLowerCase(),r+='@'+G);if(/@/.test(r)){var B=r.replace(/(.*):\/\//,
-'').split(/@/);G=B[1];/\/(.*)$/.test(r)&&(J=r.replace(/(.*):\/\//,'').split(/\/(.*)$/)[1],G=G.replace(/\/(.*)$/,''),T=J||T);r=B[0].toLowerCase()+'@'+G}G=wa.getRouting(G,T);if('undefined'==typeof G[r])throw Error('[ RoutingHelper::getRouting(rule, params) ] : `'+r+'` not found !');J=JSON.clone(G[r]);B=null;J=S(J,H);(J.isProxyHost=Fa)?(J.proxy_hostname=A?window.location.protocol+'//'+document.location.hostname:process.gina.PROXY_HOSTNAME||wa.envConf._proxyHostname,J.proxy_host=J.proxy_hostname.replace(/^(https|http):\/\//,
-'')):A||'undefined'==typeof process.gina.PROXY_HOSTNAME||(J.proxy_hostname=process.gina.PROXY_HOSTNAME,J.proxy_host=J.proxy_hostname.replace(/^(https|http):\/\//,''),console.debug('[getRoute#2]['+Fa+'] process.gina.PROXY_HOSTNAME ('+process.gina.PROXY_HOSTNAME+') VS config.envConf._proxyHostname ('+wa.envConf._proxyHostname+')'));/,/.test(J.url)&&('undefined'!=typeof J.urlIndex&&(v=J.urlIndex,delete J.urlIndex),v='undefined'!=typeof v?v:0,J.url=J.url.split(/,/g)[v]);/\/$/.test(J.url)&&'/'!=J.url&&
-(J.url=J.url.substring(0,J.url.length-1));if(/GET/i.test(J.method)&&'undefined'!=typeof H){v='?';wa=G[r].url;Fa=[];G=0;for(let n in J.param)-1<P.reservedParams.indexOf(n)||(new RegExp(J.param[n])).test(wa)||'undefined'==typeof H[n]||(v+=n+'='+encodeRFC5987ValueChars(H[n])+'&',Fa[G]=H[n],++G);for(let n in H)-1<P.reservedParams.indexOf(n)||'undefined'!=typeof J.requirements[n]||-1<Fa.indexOf(n)||(v='object'==typeof H[n]?v+(n+'='+encodeRFC5987ValueChars(JSON.stringify(H[n]))+'&'):v+(n+'='+H[n]+'&'));
-G=Fa=wa=null;1<v.length&&(v=v.substring(0,v.length-1),J.url+=v);v=null}J.toUrl=function(n){var y=null;/^redirect$/i.test(this.param.control)&&(y=P.getUrlProps(this.bundle,T||GINA_ENV));var z=this.webroot||y.webroot;y=''+this.hostname||''+y.hostname;var D=''+this.url;this.isProxyHost&&(y=''+this.proxy_hostname);this.url='undefined'!=typeof n&&/^true$/i.test(n)?D.replace(new RegExp('^'+z),'/'):D.replace(new RegExp('^('+z+'|/$)'),z);return y+this.url};J.request=function(n,y){var z=null,D=null;'function'==
-typeof arguments[arguments.length-1]&&(z=arguments[arguments.length-1]);'object'==typeof arguments[2]&&(D=arguments[2]);var w=this.webroot||D.webroot,x=this.hostname||D.hostname;D='undefined'!=typeof n&&1==n?path.replace(w,'/'):this.url||D.url;/^\//.test(D)&&(D=x+D);x=/^https/.test(x)?'https':'http';A?window.open(D,'undefined'!=typeof y&&'undefined'!=typeof y.target?y.target:'_self'):('undefined'==typeof y.agent&&(y.agent=!1),x=require(''+x),w=function(E){var O='',U=!1;E.on('data',function(pa){O+=
-pa});E.on('error',function(pa){U='Failed to get mail content';pa&&'undefined'!=typeof pa.stack?U+=pa.stack:'string'==typeof pa&&(U+='\n'+pa)});E.on('end',function(){if(/^\{/.test(O))try{O=JSON.parse(O),'undefined'!=typeof O.error&&(U=JSON.clone(O),O=null)}catch(pa){U=pa}U?z(U):z(!1,O)})},z?x.get(D,y,w):x.get(D,y))};!/:/.test(J.url)||/:d+\//.test(J.url)||/:\/\//.test(J.url)||(H=J.url.match(/(:(.*)\/|:(.*)$)/g).map(function(n){return n.replace(/\//g,'')}).join(', '),B='[ RoutingHelper::getRoute(rule[, bundle, method]) ] : route [ %r ] param placeholder not defined: `'+
-J.url+'` !\n Check your route description to compare requirements against param variables [ '+H+']',B=B.replace(/%r/,r),r=Error(B),console.warn(r),B=r=H=null);return J};P.getRouteByUrl=function(r,H,v,wa,Fa){2==arguments.length&&'undefined'!=typeof arguments[1]&&arguments[1]&&-1<P.allowedMethods.indexOf(arguments[1].toLowerCase())&&(v=arguments[1],H=void 0);var T=null,J=null,G=null,B=null,n=null,y=null;if(/#/.test(r)&&1<r.length){var z=r.split(/#/);r=z[0];n='#'+z[1];z=null}1==arguments.length&&'undefined'!=
-typeof arguments[0]&&(/^(https|http)/i.test(r)||/^\//.test(r)||(r='/'+r),T='/'+r.split(/\//g)[1],A&&(B=gina.config.reverseRouting,G=gina.config.routing),'undefined'!=typeof B[T]&&(z=G[B[T]],H=z.bundle,T=z.webroot,y=z.hostname,z=null));Fa='boolean'!=typeof arguments[arguments.length-1]?!1:arguments[arguments.length-1];var D=!1,w=null,x=B=w=B=null;z='undefined'!=typeof v?!0:!1;A?(w=window.gina.config,H='undefined'!=typeof H?H:w.bundle,B=w.env,G=w.routing||w.getRouting(H),B=w.reverseRouting,isXMLRequest=
-'undefined'!=typeof isXMLRequest?isXMLRequest:!1,y=y||w.hostname,T=T||w.webroot,wa={routing:{},method:v,params:{},url:r},H&&(wa.bundle=H)):(w=getContext('gina').config,H='undefined'!=typeof H?H:w.bundle,B=w.env,G=w.getRouting(H),y=w.envConf[H][B].hostname,T=w.envConf[H][B].server.webroot,wa||={routing:{},isXMLRequest:!1,method:'undefined'!=typeof v?v.toLowerCase():'get',params:{},url:r},Fa&&(wa.method=v),isXMLRequest=wa.isXMLRequest||!1);w=r.replace(new RegExp('^('+y+'|'+y.replace(/:\d+/,'')+')'),
-'');'undefined'==typeof wa.routing.path&&(wa.routing.path=decodeURI(w));v='undefined'!=typeof v?v.toLowerCase():'get';z&&(wa.originalMethod=wa.method,wa.method=v,wa.routing.path=decodeURI(w));wa.method||(wa.method=v);B={};T=new RegExp(v,'i');y=null;for(E in G){if('undefined'==typeof G[E].param)break;if(G[E].bundle==H&&(y=G[E].method,/,/.test(y)&&T.test(y)&&(y=wa.method),'undefined'==typeof G[E].method||T.test(y))){B={method:y,requirements:G[E].requirements,namespace:G[E].namespace||void 0,url:decodeURI(w),
-rule:G[E].originalRule||E,param:G[E].param,middleware:JSON.clone(G[E].middleware),bundle:G[E].bundle,isXMLRequest};try{if(x=P.compareUrls(B,G[E].url,wa),x.past){J=JSON.clone(G[E]);J.name=E;D=!0;x={};break}}catch(O){throw Error('Route [ '+E+' ] needs your attention.\n'+O.stack);}}}if(D)return/\/$/.test(r)&&'/'!=r&&(r=r.substring(0,r.length-1)),n&&(r+=n),J.url=r,J.toUrl=function(O){var U=this.webroot,pa=this.hostname,Ea=this.url;this.url='undefined'!=typeof O&&1==O?Ea.replace(U,'/'):Ea;return pa+this.url},
-J;if(A){var E=!1;if('#'==r&&/GET/i.test(v)&&z||/^404:/.test(r))r=location.pathname,E=!0;'undefined'==typeof P.notFound&&(P.notFound={});n=null;J='[ RoutingHelper::getRouteByUrl(rule[, bundle, method]) ] : route [ %r ] is called but not found inside your view: `'+r+'` !';if((n=(n=gina.hasPopinHandler&&gina.popinIsBinded?gina.popin.getActivePopin().target.innerHTML.match(/404:\[\w+\][a-z 0-9-_@]+/):document.body.innerHTML.match(/404:\[\w+\][a-z 0-9-_@]+/))&&0<n.length?n[0]:null)&&z&&E)return E=n.match(/\[\w+\]/)[0],
-n=n.replace('404:'+E,E.replace(/\[|\]/g,'')+'::'),J=J.replace(/%r/,n.replace(/404:\s+/,'')),'undefined'==typeof P.notFound[n]?P.notFound[n]={count:1,message:J}:z&&'undefined'!=typeof P.notFound[n]&&++P.notFound[n].count,!1;if((E=gina.config.reverseRouting[r]||null)&&'undefined'!=typeof E&&E.split(/@(.+)$/)[1]==H)return n=E,'undefined'==typeof P.notFound[n]?(J=J.replace(/%r/,v.toUpperCase()+'::'+E),P.notFound[n]={count:1,message:J}):z&&'undefined'!=typeof P.notFound[n]&&++P.notFound[n].count,!1;n=
-P.compareUrls(B,r,wa)||null;n.past&&z&&(n=v.toUpperCase()+'::'+n.request.routing.rule,'undefined'==typeof P.notFound[n]?J=J.replace(/%r/,n):++P.notFound[n].count);return!1}console.warn(Error('[ RoutingHelper::getRouteByUrl(rule[, bundle, method, request]) ] : route not found for url: `'+r+'` !').stack);return!1};return P}
+(5E3<=Routing._cached.length&&P.invalidateCached(Routing._cached[0]),Routing._cached.push(r),Routing._cachedRoutes[r]={name:H,routing:v,params:wa,methodParams:Fa})};P.getCached=function(r,H){if(-1<Routing._cached.indexOf(r)){var v=Routing._cachedRoutes[r],wa=H.method.toLowerCase();r=JSON.clone(v.routing);v={method:wa,requirements:r.requirements,namespace:r.namespace||void 0,url:decodeURI(H.url),rule:r.originalRule||v.name,param:r.param,middleware:r.middleware,bundle:r.bundle,isXMLRequest:H.isXMLRequest,
+isWithCredentials:H.isWithCredentials};'undefined'==typeof r.rule&&'undefined'!=typeof v.rule&&(r.rule=v.rule);'undefined'!=typeof r.cache&&(v.cache=r.cache);'undefined'!=typeof r.queryTimeout&&(v.queryTimeout=parseTimeout(r.queryTimeout));return P.compareUrls(v,r.url,H)}return null};P.invalidateCached=function(r){-1<Routing._cached.indexOf(r)&&(Routing._cached.splice(Routing._cached.indexOf(r),1),delete Routing._cachedRoutes[r])};P.compareUrls=async function(r,H,v,wa,Fa){'undefined'==typeof v&&(v=
+{routing:{}});if(/,/.test(H)){var T=0;H=H.split(/,/g);for(var J=H.length,G={past:!1,request:v};T<J&&!G.past;)G=await N(r,H[T],v,wa,Fa),++T;return G}return await N(r,H,v,wa,Fa)};var N=async function(r,H,v,wa,Fa){var T=null;try{T=r.url.split(/\//)}catch(U){console.warn(U),T=['']}H=H.split(/\//);var J=0,G=0,B=H.length,n=0,y={},z=0,D=v.method.toLowerCase(),w='get';try{w=r.method.toLowerCase()}catch(U){}var x=!1;if('undefined'!=typeof r.requirements&&/get|delete/i.test(D)&&'undefined'!=typeof v[D]||'undefined'!=
+typeof r.requirements&&/get/i.test(D)&&/delete/i.test(w)){/get/i.test(D)&&/delete/i.test(w)&&(D=w);if(/^(delete)$/i.test(D)&&T.length===H.length){'undefined'==typeof v[D]&&(v[D]={});for(let U=0,pa=H.length;U<pa;U++)if(T[U]===H[U])++n;else if(w=H[U].substring(1),'undefined'!=typeof r.requirements[w]){w=r.requirements[w];if(/^\//.test(w))w=w.substring(1,w.lastIndexOf('/')-1);else if(/^validator::/.test(w)&&await ha(H[U],T[U],r,v,wa,Fa)){++n;continue}/^:/.test(H[U])&&'undefined'!=typeof w&&(new RegExp(w)).test(T[U])&&
+(++n,v[D][H[U].substring(1)]=T[U])}x=!0}for(var E in v[D])'undefined'!=typeof r.requirements[E]&&0>H.indexOf(':'+E)&&(H[G]=':'+E,++G,T[J]=v[D][E],++J,x||T.length!==H.length||++B)}if(!x&&T.length===H.length)for(;z<B;++z)T[z]===H[z]?++n:n==z&&/:/.test(H[z])&&await ha(H[z],T[z],r,v,wa,Fa)&&++n;if('undefined'!=typeof r.requirements&&D==r.method.toLowerCase()&&!x&&n>=B)for(E=Object.getOwnPropertyNames(r.requirements),J=0,H.join(',').match(/:[-_a-z0-9]+/g);J<E.length;){G=E[J];if('undefined'==typeof r.param[G]&&
+/^validator::/i.test(r.requirements[G])){if(H.length!=T.length)break;var O=H.join(',').match(/:[-_a-z0-9]+/g);let U=r.requirements[G];z={};w={};x={};try{w=JSON.parse(U.split(/::/).splice(1)[0].replace(/([^:"\s+](\w+)):/g,'"$1":').replace(/([^:"\s+](\w+))\s+:/g,'"$1":'))}catch(pa){throw pa;}if('undefined'!=typeof w.query&&'undefined'!=typeof w.query.data){z=w.query.data;for(let pa in z)0>O.indexOf(z[pa])&&delete z[pa];for(let pa=0,Ea=H.length;pa<Ea;pa++)/^:/.test(H[pa])&&(O=H[pa].replace(/^:/,''),
+''!=O&&'undefined'!=typeof T[pa]&&(z[O]=T[pa],'undefined'==typeof v.params[O]&&(v.params[O]=T[pa])))}z=ja(z,JSON.clone(v[D])||{});'undefined'==typeof z[G]&&(z[G]=null);x[G]=w;_validator=A?new R(z):new R('routing',z,null,x);if(0==w.count()){console.error('Route validation failed '+r.rule);--n;J++;continue}for(let pa in w)if('undefined'!=typeof w[pa].data&&(w[pa].data=z),x=Array.isArray(w[pa])?await _validator[G][pa].apply(_validator[G],w[pa]):await _validator[G][pa](w[pa],v,wa,Fa),!x.isValid&&(--n,
+'undefined'!=typeof x.error))throw x.error;}J++}y.past=n===B?!0:!1;y.past&&(v.routing=S(r,v[D]),y.request=v);return y},ha=async function(r,H,v,wa,Fa,T){var J=-1,G=r.match(/:\w+/g);J=new RegExp(r,'g');var B=null,n=null,y=null;B=!1;var z=B=n=n=null,D=null,w=wa.method.toLowerCase();if(!G.length)return!1;v.param.path&&J.test(v.param.path)&&(v.param.path=v.param.path.replace(J,H));v.param.namespace&&J.test(v.param.namespace)&&(v.param.namespace=v.param.namespace.replace(J,H));'undefined'!=typeof v.param.file&&
+/:/.test(v.param.file)&&(B=new RegExp('(:'+r+'/|:'+r+'$)','g'),Q.variable=H,v.param.file=v.param.file.replace(B,Q),B=null);v.param.title&&J.test(v.param.title)&&(v.param.title=v.param.title.replace(J,H));if(1==G.length){B=new RegExp(G[0]);J=-1<G.indexOf(r)?G.indexOf(r):!1;!1===J&&r.match(B)&&(J=0);if(!1===J)return J;if(v.method.toLowerCase()!==w)return!1;'undefined'==typeof wa[w]&&(wa[w]={});y=G[J].substring(1);J=v.requirements[y];if(/^\//.test(J))B=J.match(/\/(.*)\//).pop(),n=J.replace('/'+B+'/',
+''),B=(new RegExp(B,n)).test(H);else if(/^validator::/.test(J)&&H){n={};B={};z={};D='';r.replace(new RegExp('[^'+y+']','g'),function(pa){D+=pa});n[y]=H.replace(new RegExp(D,'g'),'');try{B=JSON.parse(J.split(/::/).splice(1)[0].replace(/([^:"\s+](\w+)):/g,'"$1":').replace(/([^:"\s+](\w+))\s+:/g,'"$1":'))}catch(pa){throw pa;}'undefined'!=typeof B.query&&'undefined'!=typeof B.query.data&&r==B.query.data[Object.keys(B.query.data)[0]]&&(B.query.data[Object.keys(B.query.data)[0]]=n[y],wa.params[y]=n[y]);
+z[y]=B;n=new R('routing',n,null,z);if(0==B.count())return console.error('Route validation failed '+v.rule),!1;for(var x in B)Array.isArray(B[x])?await n[y][x].apply(n[y],B[x]):await n[y][x](B[x],wa,Fa,T);B=n.isValid()}else B=(new RegExp(v.requirements[y])).test(H);if('undefined'!=typeof v.param[y]&&'undefined'!=typeof v.requirements&&'undefined'!=typeof v.requirements[y]&&'undefined'!=typeof wa.params&&B){wa.params[y]=H;if('undefined'==typeof wa[w][y]){switch(H){case 'null':H=null;break;case 'false':H=
+!1;break;case 'true':H=!0}wa[w][y]=H}return!0}}else{Fa=v.url;T=wa.url;w={};z='';var E=!1,O=0;x=0;for(var U=T.length;x<U;++x)if(T.charAt(x)!=Fa.charAt(O)||E){if(''==z)E=!0,z+=T.charAt(x);else if(x>Fa.indexOf(G[0])+G[0].length){J=v.requirements[G[0]];H=z.substring(0,z.length);if(/^\//.test(J))B=J.match(/\/(.*)\//).pop(),n=J.replace('/'+B+'/',''),B=(new RegExp(B,n)).test(H);else if(/^validator::/.test(J)){n={};B={};z={};D='';r.replace(new RegExp('[^'+y[0]+']','g'),function(pa){D+=pa});n[y[0]]=H.replace(new RegExp(D,
+'g'),'');B=JSON.parse(J.split(/::/).splice(1)[0].replace(/([^\W+ true false])+(\w+)/g,'"$&"'));z[y[0]]=B;n=new R('routing',n,null,z);for(let pa in B)if(Array.isArray(B[pa]))n[y[0]][pa].apply(n[y[0]],B[pa]);else n[y[0]][pa](B[pa]);B=n.isValid()}else B=(new RegExp(v.requirements[y[0]])).test(H);if(B)w[G[0].substring(1)]=H;else return!1;z='';E=!1;O=Fa.indexOf(G[0])+G[0].length;--x;G.splice(0,1)}else z+=T.charAt(x),++O;if(x==U-1)if(J=v.requirements[G[0]],H=z.substring(0,z.length),/^\//.test(J)?(B=J.match(/\/(.*)\//).pop(),
+n=J.replace('/'+B+'/',''),B=(new RegExp(B,n)).test(H)):B=(new RegExp(v.requirements[y])).test(H),B)w[G[0].substring(1)]=H;else return!1}else++O;if(w.count()==G.length){y=null;for(y in w){switch(w[y]){case 'null':w[y]=null;break;case 'false':w[y]=!1;break;case 'true':w[y]=!0}wa.params[y]=w[y]}return!0}}return!1},Q=function(r){return/\/$/.test(r)?Q.variable+'/':Q.variable},S=function(r,H){var v=null,wa,Fa=r.url,T=null;for(T in r.param)if(('undefined'==typeof H||'undefined'!=typeof H[T])&&/^:/.test(r.param[T])){var J=
+r.param[T].substring(1);if('undefined'!=typeof H&&'undefined'!=typeof H[J]){var G=new RegExp('(:'+J+'/|:'+J+'$)','g');'undefined'!=typeof r.param.path&&/:/.test(r.param.path)&&(r.param.path=r.param.path.replace(G,H[J]));'undefined'!=typeof r.param.title&&/:/.test(r.param.title)&&(r.param.title=r.param.title.replace(G,H[J]));'undefined'!=typeof r.param.namespace&&/:/.test(r.param.namespace)&&(r.param.namespace=r.param.namespace.replace(G,H[J]));'undefined'!=typeof r.param.file&&/:/.test(r.param.file)&&
+(Q.variable=H[J],r.param.file=r.param.file.replace(G,Q));if(/,/.test(r.url)){v=r.url.split(/,/g);var B=0;for(wa=v.length;B<wa;++B)Q.variable=H[J],v[B]=v[B].replace(G,Q);r.url=v.join(',')}else Q.variable=H[J],r.url=r.url.replace(G,Q)}}if(v){B=0;wa=v.length;Fa=Fa.split(/,/g);var n=0;for(r.urlIndex=0;B<wa;++B)if(v=0,G=Fa[0].match(/:[-_a-z0-9]+/ig)){T=0;for(J=G.length;T<J;T++){var y=G[T].substring(1);'undefined'!=typeof H[y]&&H[y]&&v++}v>n&&(n=v,r.urlIndex=B)}}return r};P.getRoute=function(r,H,v){var wa=
+null,Fa=!1;A?(window.location.port||window.location.hostname!=window.gina.config.hostname.replace(/^(https|http|wss|ws):\/\//,'').replace(/:\d+$/,'')||(Fa=!0,window.gina.config.hostname=window.gina.config.hostname.replace(/^(https|http|wss|ws):\/\//,'').replace(/:\d+$/,'')),wa=window.gina.config):(wa=getContext('gina').config,'undefined'!=typeof getContext('argvFilename')&&(wa.getRouting=getContext('gina').Config.instance.getRouting),Fa=getContext('isProxyHost'));var T=wa.env||GINA_ENV,J=null,G=wa.bundle;
+/@/.test(r)||'undefined'==typeof G||null==G||(r=r.toLowerCase(),r+='@'+G);if(/@/.test(r)){var B=r.replace(/(.*):\/\//,'').split(/@/);G=B[1];/\/(.*)$/.test(r)&&(J=r.replace(/(.*):\/\//,'').split(/\/(.*)$/)[1],G=G.replace(/\/(.*)$/,''),T=J||T);r=B[0].toLowerCase()+'@'+G}G=wa.getRouting(G,T);if('undefined'==typeof G[r])throw Error('[ RoutingHelper::getRouting(rule, params) ] : `'+r+'` not found !');J=JSON.clone(G[r]);B=null;J=S(J,H);(J.isProxyHost=Fa)?(J.proxy_hostname=A?window.location.protocol+'//'+
+document.location.hostname:process.gina.PROXY_HOSTNAME||wa.envConf._proxyHostname,J.proxy_host=J.proxy_hostname.replace(/^(https|http):\/\//,'')):A||'undefined'==typeof process.gina.PROXY_HOSTNAME||(J.proxy_hostname=process.gina.PROXY_HOSTNAME,J.proxy_host=J.proxy_hostname.replace(/^(https|http):\/\//,''),console.debug('[getRoute#2]['+Fa+'] process.gina.PROXY_HOSTNAME ('+process.gina.PROXY_HOSTNAME+') VS config.envConf._proxyHostname ('+wa.envConf._proxyHostname+')'));/,/.test(J.url)&&('undefined'!=
+typeof J.urlIndex&&(v=J.urlIndex,delete J.urlIndex),v='undefined'!=typeof v?v:0,J.url=J.url.split(/,/g)[v]);/\/$/.test(J.url)&&'/'!=J.url&&(J.url=J.url.substring(0,J.url.length-1));if(/GET/i.test(J.method)&&'undefined'!=typeof H){v='?';wa=G[r].url;Fa=[];G=0;for(let n in J.param)-1<P.reservedParams.indexOf(n)||(new RegExp(J.param[n])).test(wa)||'undefined'==typeof H[n]||(v+=n+'='+encodeRFC5987ValueChars(H[n])+'&',Fa[G]=H[n],++G);for(let n in H)-1<P.reservedParams.indexOf(n)||'undefined'!=typeof J.requirements[n]||
+-1<Fa.indexOf(n)||(v='object'==typeof H[n]?v+(n+'='+encodeRFC5987ValueChars(JSON.stringify(H[n]))+'&'):v+(n+'='+H[n]+'&'));G=Fa=wa=null;1<v.length&&(v=v.substring(0,v.length-1),J.url+=v);v=null}J.toUrl=function(n){var y=null;/^redirect$/i.test(this.param.control)&&(y=P.getUrlProps(this.bundle,T||GINA_ENV));var z=this.webroot||y.webroot;y=''+this.hostname||''+y.hostname;var D=''+this.url;this.isProxyHost&&(y=''+this.proxy_hostname);this.url='undefined'!=typeof n&&/^true$/i.test(n)?D.replace(new RegExp('^'+
+z),'/'):D.replace(new RegExp('^('+z+'|/$)'),z);return y+this.url};J.request=function(n,y){var z=null,D=null;'function'==typeof arguments[arguments.length-1]&&(z=arguments[arguments.length-1]);'object'==typeof arguments[2]&&(D=arguments[2]);var w=this.webroot||D.webroot,x=this.hostname||D.hostname;D='undefined'!=typeof n&&1==n?path.replace(w,'/'):this.url||D.url;/^\//.test(D)&&(D=x+D);x=/^https/.test(x)?'https':'http';A?window.open(D,'undefined'!=typeof y&&'undefined'!=typeof y.target?y.target:'_self'):
+('undefined'==typeof y.agent&&(y.agent=!1),x=require(''+x),w=function(E){var O='',U=!1;E.on('data',function(pa){O+=pa});E.on('error',function(pa){U='Failed to get mail content';pa&&'undefined'!=typeof pa.stack?U+=pa.stack:'string'==typeof pa&&(U+='\n'+pa)});E.on('end',function(){if(/^\{/.test(O))try{O=JSON.parse(O),'undefined'!=typeof O.error&&(U=JSON.clone(O),O=null)}catch(pa){U=pa}U?z(U):z(!1,O)})},z?x.get(D,y,w):x.get(D,y))};!/:/.test(J.url)||/:d+\//.test(J.url)||/:\/\//.test(J.url)||(H=J.url.match(/(:(.*)\/|:(.*)$)/g).map(function(n){return n.replace(/\//g,
+'')}).join(', '),B='[ RoutingHelper::getRoute(rule[, bundle, method]) ] : route [ %r ] param placeholder not defined: `'+J.url+'` !\n Check your route description to compare requirements against param variables [ '+H+']',B=B.replace(/%r/,r),r=Error(B),console.warn(r),B=r=H=null);return J};P.getRouteByUrl=function(r,H,v,wa,Fa){2==arguments.length&&'undefined'!=typeof arguments[1]&&arguments[1]&&-1<P.allowedMethods.indexOf(arguments[1].toLowerCase())&&(v=arguments[1],H=void 0);var T=null,J=null,G=null,
+B=null,n=null,y=null;if(/#/.test(r)&&1<r.length){var z=r.split(/#/);r=z[0];n='#'+z[1];z=null}1==arguments.length&&'undefined'!=typeof arguments[0]&&(/^(https|http)/i.test(r)||/^\//.test(r)||(r='/'+r),T='/'+r.split(/\//g)[1],A&&(B=gina.config.reverseRouting,G=gina.config.routing),'undefined'!=typeof B[T]&&(z=G[B[T]],H=z.bundle,T=z.webroot,y=z.hostname,z=null));Fa='boolean'!=typeof arguments[arguments.length-1]?!1:arguments[arguments.length-1];var D=!1,w=null,x=B=w=B=null;z='undefined'!=typeof v?!0:
+!1;A?(w=window.gina.config,H='undefined'!=typeof H?H:w.bundle,B=w.env,G=w.routing||w.getRouting(H),B=w.reverseRouting,isXMLRequest='undefined'!=typeof isXMLRequest?isXMLRequest:!1,y=y||w.hostname,T=T||w.webroot,wa={routing:{},method:v,params:{},url:r},H&&(wa.bundle=H)):(w=getContext('gina').config,H='undefined'!=typeof H?H:w.bundle,B=w.env,G=w.getRouting(H),y=w.envConf[H][B].hostname,T=w.envConf[H][B].server.webroot,wa||={routing:{},isXMLRequest:!1,method:'undefined'!=typeof v?v.toLowerCase():'get',
+params:{},url:r},Fa&&(wa.method=v),isXMLRequest=wa.isXMLRequest||!1);w=r.replace(new RegExp('^('+y+'|'+y.replace(/:\d+/,'')+')'),'');'undefined'==typeof wa.routing.path&&(wa.routing.path=decodeURI(w));v='undefined'!=typeof v?v.toLowerCase():'get';z&&(wa.originalMethod=wa.method,wa.method=v,wa.routing.path=decodeURI(w));wa.method||(wa.method=v);B={};T=new RegExp(v,'i');y=null;for(E in G){if('undefined'==typeof G[E].param)break;if(G[E].bundle==H&&(y=G[E].method,/,/.test(y)&&T.test(y)&&(y=wa.method),
+'undefined'==typeof G[E].method||T.test(y))){B={method:y,requirements:G[E].requirements,namespace:G[E].namespace||void 0,url:decodeURI(w),rule:G[E].originalRule||E,param:G[E].param,middleware:JSON.clone(G[E].middleware),bundle:G[E].bundle,isXMLRequest};try{if(x=P.compareUrls(B,G[E].url,wa),x.past){J=JSON.clone(G[E]);J.name=E;D=!0;x={};break}}catch(O){throw Error('Route [ '+E+' ] needs your attention.\n'+O.stack);}}}if(D)return/\/$/.test(r)&&'/'!=r&&(r=r.substring(0,r.length-1)),n&&(r+=n),J.url=r,
+J.toUrl=function(O){var U=this.webroot,pa=this.hostname,Ea=this.url;this.url='undefined'!=typeof O&&1==O?Ea.replace(U,'/'):Ea;return pa+this.url},J;if(A){var E=!1;if('#'==r&&/GET/i.test(v)&&z||/^404:/.test(r))r=location.pathname,E=!0;'undefined'==typeof P.notFound&&(P.notFound={});n=null;J='[ RoutingHelper::getRouteByUrl(rule[, bundle, method]) ] : route [ %r ] is called but not found inside your view: `'+r+'` !';if((n=(n=gina.hasPopinHandler&&gina.popinIsBinded?gina.popin.getActivePopin().target.innerHTML.match(/404:\[\w+\][a-z 0-9-_@]+/):
+document.body.innerHTML.match(/404:\[\w+\][a-z 0-9-_@]+/))&&0<n.length?n[0]:null)&&z&&E)return E=n.match(/\[\w+\]/)[0],n=n.replace('404:'+E,E.replace(/\[|\]/g,'')+'::'),J=J.replace(/%r/,n.replace(/404:\s+/,'')),'undefined'==typeof P.notFound[n]?P.notFound[n]={count:1,message:J}:z&&'undefined'!=typeof P.notFound[n]&&++P.notFound[n].count,!1;if((E=gina.config.reverseRouting[r]||null)&&'undefined'!=typeof E&&E.split(/@(.+)$/)[1]==H)return n=E,'undefined'==typeof P.notFound[n]?(J=J.replace(/%r/,v.toUpperCase()+
+'::'+E),P.notFound[n]={count:1,message:J}):z&&'undefined'!=typeof P.notFound[n]&&++P.notFound[n].count,!1;n=P.compareUrls(B,r,wa)||null;n.past&&z&&(n=v.toUpperCase()+'::'+n.request.routing.rule,'undefined'==typeof P.notFound[n]?J=J.replace(/%r/,n):++P.notFound[n].count);return!1}console.warn(Error('[ RoutingHelper::getRouteByUrl(rule[, bundle, method, request]) ] : route not found for url: `'+r+'` !').stack);return!1};return P}
 'undefined'!==typeof module&&module.exports?('undefined'==typeof console.err&&(console=require('../../logger')),module.exports=Routing()):'function'===typeof define&&define.amd&&define('lib/routing',['require','lib/form-validator','lib/merge'],function(){return Routing()});function registerEvents(A,P){'undefined'==typeof gina&&'undefined'!=typeof window.gina&&(gina=window.gina);gina.registeredEvents[A]=P}function mergeEventProps(A,P){for(let V in P)'undefined'==typeof A[V]&&(A[V]=P[V]);return A}
 function addListener(A,P,V,ja){var R=function(Q,S,r,H){'undefined'!=typeof Q.event&&Q.event.isTouchSupported&&/^(click|mouseout|mouseover)/.test(r)&&-1==Q.event[r].indexOf(S)&&(Q.event[r][Q.event[r].length]=S);'undefined'!=typeof S&&null!=S?S.addEventListener?S.addEventListener(r,H,!1):S.attachEvent&&S.attachEvent('on'+r,H):Q.customEvent.addListener(r,H);gina.events[r]='undefined'!=typeof S.id&&'object'!=typeof S.id?S.id:S.getAttribute('id')},N=0,ha=null;if(Array.isArray(V))for(ha=V.length;N<ha;N++)R(A,
 P,V[N],ja);else if(Array.isArray(P))for(N=0,ha=P.length;N<ha;N++){let Q=/\.$/.test(V)?V+P[N].id:V;R(A,P[N],Q,ja)}else V=/\.$/.test(V)?V+P.id:V,R(A,P,V,ja)}

package/framework/{v0.1.6 → v0.1.7}/core/config.js

@@ -2547,10 +2547,12 @@ function Config(opt, contextResetNeeded) {
                 }
 
             }
+
+            // Sort by descending length so more-specific paths are matched before the
+            // catch-all root `/` entry in server.js handleStatics prefix-regex loop.
+            conf[bundle][env].staticResources.sort(function(a, b) { return b.length - a.length; });
         }
 
-        console.warn('['+bundle+'/'+env+']files:', files);
-        console.warn('['+bundle+'/'+env+']reps:', JSON.stringify(reps, null, 2));
         files = whisper(reps, files);
 
         if (hasViews) {

package/framework/{v0.1.6 → v0.1.7}/core/connectors/couchbase/index.js

@@ -795,42 +795,109 @@ function Couchbase(conn, infos) {
                         }
                     } //EO register
 
-                    var _proto = {
-                        onComplete : function(cb) {
-                            // console.warn('onComplete trigger: ', trigger, self._isRegisteredFromProto);
+                    // ─────────────────────────────────────────────────────────────
+                    // Option B — native Promise return (2026-03-20)
+                    //
+                    // Why: N1QL methods previously returned a plain _proto object
+                    //   { onComplete: fn }. This made them:
+                    //   • not directly awaitable — `await entity.method()` resolved
+                    //     to the _proto object, not the query result
+                    //   • fragile with util.promisify — promisify injects a trailing
+                    //     callback, caught here via the _mainCallback detection, but
+                    //     losing `this` context made certain methods hang silently
+                    //
+                    // What changed: when no _mainCallback is present we now return
+                    //   a native Promise instead of _proto. The Promise resolves
+                    //   with `data` (rows) so `await entity.method(args)` works
+                    //   directly — V8 native fast path, zero extra microtask hops.
+                    //
+                    //   `.onComplete(cb)` is attached to the Promise so ALL
+                    //   existing callers keep working unchanged:
+                    //     entity.method(args).onComplete(function(err, data, meta) {...})
+                    //
+                    //   meta is captured alongside data so .onComplete() callbacks
+                    //   receive the original (err, data, meta) signature unchanged.
+                    //
+                    //   The query executes exactly once — register() is called with
+                    //   _internalCb in the setTimeout(0), same deferred-execution
+                    //   timing as before. .onComplete() chains on the resolved
+                    //   Promise instead of calling register() again.
+                    //
+                    // The _mainCallback path (util.promisify / explicit callback) is
+                    //   unchanged — register() is still called synchronously.
+                    // ─────────────────────────────────────────────────────────────
+
+                    if ( _mainCallback == null ) {
+
+                        var _resolve, _reject, _internalData, _internalMeta;
+
+                        var _promise = new Promise(function(resolve, reject) {
+                            _resolve = resolve;
+                            _reject  = reject;
+                        });
+
+                        // Internal callback fed to register() — resolves/rejects
+                        // the Promise and captures meta for .onComplete() callers.
+                        var _internalCb = function(err, data, meta) {
+                            if (err) {
+                                _reject(err);
+                            } else {
+                                _internalData = data;
+                                _internalMeta = meta;
+                                _resolve(data);
+                            }
+                        };
+
+                        // Backward-compatible .onComplete(cb):
+                        //   chains on the Promise resolution so the callback
+                        //   receives (err, data, meta) exactly as before.
+                        _promise.onComplete = function(cb) {
+                            _promise.then(
+                                function()    { cb(null, _internalData, _internalMeta); },
+                                function(err) { cb(err); }
+                            );
+                            return _promise; // preserve chaining
+                        };
+
+                        // Trigger the query via the existing setTimeout(0) mechanism.
+                        // Preserves original timing: .onComplete() and await both
+                        // have time to set up before the query fires.
+                        //
+                        // _isRegisteredFromProto guard is intentionally REMOVED here.
+                        //
+                        // Background: the old _proto.onComplete() called register()
+                        // synchronously, so the guard prevented accidental double-
+                        // registration if .onComplete() was called more than once.
+                        //
+                        // With Option B, .onComplete() only chains on the Promise — it
+                        // never calls register(). So there is no double-registration
+                        // risk. More importantly, _isRegisteredFromProto is a shared
+                        // flag on `self` (the connector entity). When a _mainCallback-
+                        // path call (e.g. util.promisify) sets the flag to true, any
+                        // *subsequent* Promise-path call on the SAME entity would see
+                        // the flag set and skip register() — silently dropping the N1QL
+                        // query and hanging the await forever.
+                        //
+                        // Example that broke: inside account.entity.delete, the call
+                        // promisify(db.accountEntity.getOneByIdAndJwtLogin)() runs first
+                        // (sets _isRegisteredFromProto=true via register()), then
+                        // await db.accountEntity.getAllOwnedCompaniesIds() (Promise path)
+                        // hit the guard and skipped register() — query never fired.
+                        setTimeout(function() {
                             if ( sdkVersion > 2 ) {
-                                register(trigger, queryOptions, onQueryCallback, cb)
+                                register(trigger, queryOptions, onQueryCallback, _internalCb);
                             } else {
-                                register(trigger, queryParams, onQueryCallback, cb)
+                                register(trigger, queryParams,  onQueryCallback, _internalCb);
                             }
-                        }
-                    };
-
+                        }, 0);
 
-                    if ( sdkVersion > 2 ) {
-                        if ( _mainCallback == null ) {
-                            setTimeout((trigger, queryOptions, onQueryCallback) => {
-                                if (!self._isRegisteredFromProto) {
-                                    // needed when used as a synchrone method
-                                    register(trigger, queryOptions, onQueryCallback);
-                                }
-                            }, 0, trigger, queryOptions, onQueryCallback);
-                            return _proto
+                        return _promise;
 
-                        } else {
-                            register(trigger, queryOptions, onQueryCallback, _mainCallback)
-                        }
                     } else {
-
-                        if ( _mainCallback == null ) {
-                            setTimeout((trigger, queryParams, onQueryCallback) => {
-                                if (!self._isRegisteredFromProto) {
-                                    // needed when used as a synchrone method
-                                    register(trigger, queryParams, onQueryCallback);
-                                }
-                            }, 0, trigger, queryParams, onQueryCallback);
-                            return _proto
-
+                        // Direct callback path (util.promisify or explicit _mainCallback)
+                        // — unchanged, register() called synchronously.
+                        if ( sdkVersion > 2 ) {
+                            register(trigger, queryOptions, onQueryCallback, _mainCallback)
                         } else {
                             register(trigger, queryParams, onQueryCallback, _mainCallback)
                         }

package/framework/{v0.1.6 → v0.1.7}/core/controller/controller.js

@@ -2169,8 +2169,8 @@ if ( /^local$/i.test(process.env.NODE_SCOPE) ) {
         },
         // Will try x3 (0, 1, 2). Hard ceiling is 10 (see retry handler) to bound timer accumulation under sustained failure.
         maxRetry            : 2,
-        // Socket inactivity timeout in milliseconds
-        timeout             : 10000,
+        // Socket inactivity timeout — accepts "30s", "500ms", "1m" or a number (ms)
+        requestTimeout      : "10s",
         agent               : false/**,
         checkServerIdentity: function(host, cert) {
             // Make sure the certificate is issued to the host we are connected to
@@ -2256,6 +2256,21 @@ if ( /^local$/i.test(process.env.NODE_SCOPE) ) {
             , browser           = null
         ;
 
+        // Priority chain — all checks must run BEFORE merge(defaultOptions), which fills in "10s":
+        //   1. options.requestTimeout  — explicit call-site override (highest priority)
+        //   2. req.routing.queryTimeout — per-route default from routing.json
+        //   3. "10s" from defaultOptions (lowest, filled by merge below)
+
+        // Fall back to the calling route's queryTimeout if still not set.
+        if (
+            typeof options.requestTimeout === 'undefined'
+            && typeof local.req !== 'undefined' && local.req
+            && local.req.routing
+            && local.req.routing.queryTimeout
+        ) {
+            options.requestTimeout = local.req.routing.queryTimeout;
+        }
+
         // options must be used as a copy in case of multiple calls of self.query(options, ...)
         options = merge(JSON.clone(options), defaultOptions);
         // replaced: for...in + delete — build filtered copy (#P22, #P20)
@@ -2268,6 +2283,10 @@ if ( /^local$/i.test(process.env.NODE_SCOPE) ) {
         }
         options = cleanedOptions;
 
+        // Normalize requestTimeout to ms once — covers both HTTP/1 and HTTP/2 paths.
+        if (typeof options.requestTimeout !== 'undefined') {
+            options.requestTimeout = parseTimeout(options.requestTimeout);
+        }
 
         if (self.isCacheless() || self.isLocalScope() ) {
             options.rejectUnauthorized = false;
@@ -2778,7 +2797,7 @@ if ( /^local$/i.test(process.env.NODE_SCOPE) ) {
             })
         });
 
-        req.setTimeout(options.timeout, () => {
+        req.setTimeout(parseTimeout(options.requestTimeout), () => {
             req.destroy(); // Will trigger 'error' event
         });
 
@@ -2905,7 +2924,9 @@ if ( /^local$/i.test(process.env.NODE_SCOPE) ) {
 
         let client = cache.get(sessKey);
         // Checking client status: is closed or being closed
-        if (client && (client.closed || client.destroyed || client.connecting === false)) {
+        // Note: client.connecting === false means the session is ESTABLISHED (connected), not stale.
+        // Only evict sessions that are actually closed or destroyed.
+        if (client && (client.closed || client.destroyed)) {
             client = null;
             cache.delete(sessKey);
             var _staleIdx = self.serverInstance._http2Sessions.indexOf(sessKey);
@@ -2970,9 +2991,8 @@ if ( /^local$/i.test(process.env.NODE_SCOPE) ) {
                 _closeIdx = null;
             });
 
-            client.on('goaway', () => {
+            client.on('goaway', (errorCode, lastStreamID) => {
                 if (_pingInterval) { clearInterval(_pingInterval); _pingInterval = null; }
-                console.warn('[CLIENT] Server is going away. Draining session.');
                 cache.delete(sessKey);
                 var _goawayIdx = self.serverInstance._http2Sessions.indexOf(sessKey);
                 if (_goawayIdx !== -1) self.serverInstance._http2Sessions.splice(_goawayIdx, 1);
@@ -3083,7 +3103,20 @@ if ( /^local$/i.test(process.env.NODE_SCOPE) ) {
         }
         // 2. CRUCIAL SECURITY: Remove manual content-length for HTTP/2
         // Node.js will calculate it automatically and correctly with req.end(body)
-        // Strict sanitization for HTTP/2 (no undefined/null values)
+        // Strict sanitization for HTTP/2:
+        //   - Remove content-length (auto-computed by Node.js)
+        //   - Remove Buffer-valued entries (e.g. _body — the request body stash): sending a
+        //     166KB Buffer as a header value exceeds maxHeaderListSize (64KB) and causes
+        //     nghttp2 to refuse the stream client-side with NGHTTP2_REFUSED_STREAM
+        //   - Remove known TLS/connection config keys that leaked in from the options object
+        //     and are not valid HTTP headers
+        //   - Remove undefined/null values
+        var _NON_HTTP_OPTS = new Set([
+            '_body', '_comment', 'ca', 'hostname', 'host', 'port',
+            'requestTimeout', 'keepAlive', 'maxSockets', 'keepAliveMsecs', 'maxFreeSockets',
+            'rejectUnauthorized', 'maxRetry', 'agent', 'protocol', 'scheme',
+            'nameservers', 'settings', 'webroot', 'queryData', 'method', 'path'
+        ]);
         var headerKeys = Object.keys(headers);
         var cleanHeaders = {};
         for (var hi = 0; hi < headerKeys.length; ++hi) {
@@ -3091,6 +3124,8 @@ if ( /^local$/i.test(process.env.NODE_SCOPE) ) {
             if (
                 hk !== 'content-length' && hk !== 'Content-Length'
                 && headers[hk] !== undefined && headers[hk] !== null
+                && !Buffer.isBuffer(headers[hk])
+                && !_NON_HTTP_OPTS.has(hk)
             ) {
                 cleanHeaders[hk] = headers[hk];
             }
@@ -3109,7 +3144,7 @@ if ( /^local$/i.test(process.env.NODE_SCOPE) ) {
         // silently drops idle inter-container TCP connections without RST or FIN).
         // On timeout: evict the dead session and retry once with a fresh connection.
         // If the retry also times out, surface the error to the caller.
-        var _streamTimeout = options.timeout || 10000;
+        var _streamTimeout = parseTimeout(options.requestTimeout) || 10000;
         req.setTimeout(_streamTimeout, function onStreamTimeout() {
             if (isFinished) return;
             isFinished = true;
@@ -4294,7 +4329,17 @@ if ( /^local$/i.test(process.env.NODE_SCOPE) ) {
                 arguments[arguments.length-1] instanceof Error
                 || typeof(res) == 'object' && typeof(res.stack) != 'undefined'
             ) {
-                errorObject = merge(arguments[arguments.length-1], errorObject)
+                var _lastArg = arguments[arguments.length-1];
+                if (_lastArg instanceof Error) {
+                    // Error properties (message, stack) are non-enumerable —
+                    // merge() silently drops them. Extract explicitly so they
+                    // survive JSON.stringify and reach the client error dialog.
+                    if (_lastArg.message) errorObject.message = _lastArg.message;
+                    if (_lastArg.stack)   errorObject.stack   = _lastArg.stack;
+                    if (!errorObject.error) errorObject.error  = _lastArg.message || standardErrorMessage;
+                } else {
+                    errorObject = merge(_lastArg, errorObject);
+                }
             } else if (
                 !(arguments[arguments.length-1] instanceof Error)
                 && typeof(res) == 'object'