gina 0.4.5 → 0.4.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +36 -0
- package/CONTRIBUTING.md +2 -2
- package/README.md +10 -8
- package/ROADMAP.md +2 -2
- package/framework/v0.4.6/VERSION +1 -0
- package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/css/gina.min.css +1 -0
- package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/css/gina.min.css.br +0 -0
- package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/css/gina.min.css.gz +0 -0
- package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/inspector.js +62 -0
- package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.js +934 -42
- package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/js/gina.min.js +571 -0
- package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/js/gina.min.js.br +0 -0
- package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/js/gina.min.js.gz +0 -0
- package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.js +62 -6
- package/framework/v0.4.6/core/controller/controller.render-nunjucks-async.js +788 -0
- package/framework/v0.4.6/core/controller/controller.render-swig-async.js +664 -0
- package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-swig.js +52 -5
- package/framework/{v0.4.5 → v0.4.6}/core/gna.js +24 -0
- package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/csp/README.md +35 -0
- package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/csp/src/main.js +136 -2
- package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/src/main.js +17 -4
- package/framework/{v0.4.5 → v0.4.6}/core/server.isaac.js +2 -2
- package/framework/{v0.4.5 → v0.4.6}/core/server.js +273 -97
- package/framework/{v0.4.5 → v0.4.6}/helpers/data/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/helpers/data/src/main.js +58 -3
- package/framework/{v0.4.5 → v0.4.6}/helpers/json/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/archiver/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/cache/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/link.js +16 -5
- package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/msg.json +1 -1
- package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/restart.js +11 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/start.js +5 -1
- package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/version.js +24 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/cmd/helper.js +28 -9
- package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/add.js +29 -13
- package/framework/{v0.4.5 → v0.4.6}/lib/collection/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/cron/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/domain/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/index.js +7 -0
- package/framework/{v0.4.5 → v0.4.6}/lib/inherits/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/logger/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/merge/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/model.js +17 -0
- package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-filters/src/main.js +37 -11
- package/framework/{v0.4.5 → v0.4.6}/lib/routing/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/routing/src/main.js +4 -4
- package/framework/{v0.4.5 → v0.4.6}/lib/swig-filters/package.json +0 -3
- package/framework/{v0.4.5 → v0.4.6}/lib/swig-filters/src/main.js +45 -6
- package/framework/v0.4.6/lib/template-loaders/package.json +17 -0
- package/framework/v0.4.6/lib/template-loaders/src/loaders/http.js +272 -0
- package/framework/v0.4.6/lib/template-loaders/src/loaders/memory.js +75 -0
- package/framework/v0.4.6/lib/template-loaders/src/main.js +134 -0
- package/framework/{v0.4.5 → v0.4.6}/package.json +2 -2
- package/gna.js +4 -4
- package/llms.txt +32 -44
- package/package.json +6 -3
- package/playwright.config.js +35 -0
- package/schema/settings.json +105 -0
- package/types/gna.d.ts +1 -1
- package/framework/v0.4.5/VERSION +0 -1
- package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/css/gina.min.css +0 -1
- package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/css/gina.min.css.br +0 -0
- package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/css/gina.min.css.gz +0 -0
- package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/js/gina.min.js +0 -555
- package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/js/gina.min.js.br +0 -0
- package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/js/gina.min.js.gz +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/AUTHORS +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/LICENSE +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/html/nolayout.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/html/static.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/android-chrome-192x192.png +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/android-chrome-512x512.png +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/apple-touch-icon.png +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/favicon-16x16.png +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/favicon-32x32.png +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/favicon.ico +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/beemaster/beemaster.css +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/beemaster/beemaster.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/beemaster/index.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/html/statusbar.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/html/statusbar.html.br +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/html/statusbar.html.gz +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/have_heart_one-webfont.woff2 +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/index.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/inspector.css +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/logo.svg +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js.br +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js.gz +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/config.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/ai/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/ai/lib/connector.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/connector.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/connector.v3.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/connector.v4.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/n1ql.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/session-store.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/session-store.v3.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/session-store.v4.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/lib/connector.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/lib/pipeline-loader.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/lib/session-store.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mysql/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mysql/lib/connector.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/postgresql/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/postgresql/lib/connector.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/redis/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/redis/lib/session-store.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/scylladb/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/scylladb/lib/connector.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/scylladb/lib/session-store.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sql-parser.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sqlite/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sqlite/lib/connector.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sqlite/lib/session-store.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/content.encoding +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.framework.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-json.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-nunjucks.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-stream.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-v1.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/controller/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/controller/inspector-window-emit.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/LICENSE +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/types/multipart.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/types/urlencoded.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/utils.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/streamsearch-1.1.0/LICENSE +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/streamsearch-1.1.0/lib/sbmh.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/deps/streamsearch-1.1.0/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/dev/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/dev/lib/class.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/dev/lib/factory.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/dev/lib/tools.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/locales/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/locales/currency.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/language/en.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/language/fr.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/region/en.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/region/fr.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/locales/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/mime.types +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/model/entity.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/model/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/model/template/entityFactory.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/model/template/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/csrf/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/csrf/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/csrf/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coep/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coep/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coep/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coop/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coop/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coop/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/corp/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/corp/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/corp/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/csp/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hide-powered-by/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hide-powered-by/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hide-powered-by/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hsts/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hsts/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hsts/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/origin-agent-cluster/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/origin-agent-cluster/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/origin-agent-cluster/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/referrer-policy/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/referrer-policy/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/referrer-policy/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-content-type-options/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-content-type-options/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-content-type-options/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-dns-prefetch-control/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-dns-prefetch-control/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-dns-prefetch-control/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-download-options/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-download-options/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-download-options/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-frame-options/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-frame-options/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-frame-options/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-xss-protection/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-xss-protection/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-xss-protection/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/session/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/session/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/session/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/build.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/build.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/src/form-validator.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/router.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/server.express.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/status.codes +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/_gitignore +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/app.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/connectors.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/routing.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/settings.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/settings.server.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/templates.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/watchers.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/controllers/controller.content.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/controllers/controller.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/controllers/setup.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/locales/en.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_namespace/controllers/controller.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/css/default.css +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/css/home.css +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/css/vendor/readme.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/favicon.ico +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/js/vendor/readme.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/manifest.webmanifest +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/readme.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/sw.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/handlers/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/content/homepage.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/includes/error-msg-noscript.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/includes/error-msg-outdated-browser.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/layouts/main.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/command/gina.bat.tpl +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/command/gina.tpl +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/env.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/manifest.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/settings.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/statics.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/templates.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/error/client/json/401.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/error/client/json/403.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/error/client/json/404.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/error/server/html/50x.html +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/error/server/json/500.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/error/server/json/503.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/core/template/extensions/logger/config.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/console.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/context.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/data/LICENSE +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/data/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/dateFormat.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/json/LICENSE +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/json/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/json/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/path.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/src/api-error.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/prototypes.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/task.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/helpers/text.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/build.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/src/dep/jszip.min.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/async/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/async/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cache/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cache/build.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cache/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/aliases.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/add.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/arguments.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/build.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/copy.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/cp.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/inc/name-rewrite.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/mcp-start.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/mcp.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/oas.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/openapi.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/remove.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/rename.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/restart.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/rm.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/start.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/status.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/stop.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/cache/stats.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/add.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/arguments.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/migrate.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/remove.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/rm.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/add.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/get.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/link-dev.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/remove.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/rm.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/set.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/unset.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/use.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/arguments.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/build.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/dot.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/get.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/init.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/link-node-modules.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/open.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/set.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/status.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/stop.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/tail.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/update.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/gina-dev.1.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/gina-framework.1.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/gina.1.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/add.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/arguments.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/export.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/import.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/scan.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/inspector/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/inspector/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/inspector/open.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/arguments.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/kill.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/msg.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/inc/scan.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/reset.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/set.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/arguments.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/build.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/import.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/move.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/remove.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/rename.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/restart.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/rm.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/start.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/status.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/stop.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/arguments.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/remove.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/set.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/add.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/link-local.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/link-production.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/remove.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/rm.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/use.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/arguments.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/check.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/scan.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/help.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/help.txt +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/list.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/start.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/view/add.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd-status-format/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cmd-status-format/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/collection/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/collection/build.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/collection/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/config.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/connector-registry/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/connector-registry/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cron/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/cron/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/domain/LICENSE +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/domain/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/domain/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/generator/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/i18n/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/i18n/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/inherits/LICENSE +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/inherits/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/inherits/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/inspector-redact/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/inspector-redact/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/instrument/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/instrument/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/job/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/job/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/default/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/file/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/file/lib/logrotator/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/file/lib/logrotator/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/mq/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/mq/listener.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/mq/speaker.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/helper.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/math/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-dispatch/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-dispatch/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-http/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-http/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-server/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-server/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/merge/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/merge/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/metrics/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/metrics/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-filters/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-filters/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-resolver/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-resolver/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/proc.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/routing/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/routing/build.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/routing/src/radix.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/routing-introspect/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/routing-introspect/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/secrets/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/secrets/src/backends/env.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/secrets/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/session-store.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/shell.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/state.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/swig-filters/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/swig-resolver/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/swig-resolver/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/url/README.md +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/url/index.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/url/routing.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/uuid/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/uuid/src/main.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/validator.js +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/watcher/package.json +0 -0
- /package/framework/{v0.4.5 → v0.4.6}/lib/watcher/src/main.js +0 -0
|
@@ -417,6 +417,33 @@ function Server(options) {
|
|
|
417
417
|
// so bundle startup fails with a clear message rather than
|
|
418
418
|
// deferring the failure to the first render attempt.
|
|
419
419
|
nunjucksResolver.load(self.executionPath, _nunjucksSettings);
|
|
420
|
+
|
|
421
|
+
// #TPL1 — async template-loader extension point. When the bundle
|
|
422
|
+
// configures settings.template.nunjucks.loader, build + validate the
|
|
423
|
+
// loader at startup (fail-fast on bad config, same as the nunjucks
|
|
424
|
+
// load above) and stash it per-bundle keyed by the template root.
|
|
425
|
+
// controller.js routes such bundles to the async delegate
|
|
426
|
+
// (controller.render-nunjucks-async.js), which builds a PER-REQUEST
|
|
427
|
+
// nunjucks Environment over this loader. The default (no-loader) path
|
|
428
|
+
// is untouched — render-nunjucks.js's cached-Environment filesystem path.
|
|
429
|
+
var _loaderCfg = (
|
|
430
|
+
conf.content && conf.content.settings && conf.content.settings.template
|
|
431
|
+
&& conf.content.settings.template.nunjucks && conf.content.settings.template.nunjucks.loader
|
|
432
|
+
) || null;
|
|
433
|
+
if (_loaderCfg) {
|
|
434
|
+
// build() throws on a bad config; let it propagate so bundle startup
|
|
435
|
+
// fails with a clear message rather than 500-ing the first render.
|
|
436
|
+
// It does NOT reach the backend (no network probe at boot).
|
|
437
|
+
var _builtLoader = lib.templateLoaders.build(_loaderCfg, { bundle: self.appName });
|
|
438
|
+
if (_builtLoader && _builtLoader.async === true) {
|
|
439
|
+
if (!process.gina._nunjucksLoaders) { process.gina._nunjucksLoaders = Object.create(null); }
|
|
440
|
+
process.gina._nunjucksLoaders[conf.content.templates._common.html] = {
|
|
441
|
+
loader: _builtLoader,
|
|
442
|
+
autoescape: (_nunjucksSettings.autoescape !== false),
|
|
443
|
+
cache: (_loaderCfg.cache === true) // #TPL1 Tier-2 opt-in compiled-template cache
|
|
444
|
+
};
|
|
445
|
+
}
|
|
446
|
+
}
|
|
420
447
|
};
|
|
421
448
|
|
|
422
449
|
var initSwigEngine = function(conf) {
|
|
@@ -434,6 +461,13 @@ function Server(options) {
|
|
|
434
461
|
var dir = conf.content.templates._common.html;
|
|
435
462
|
var swigOptions = {
|
|
436
463
|
autoescape: ( typeof(conf.autoescape) != 'undefined') ? conf.autoescape: false,
|
|
464
|
+
// #TPL2 — confined loader (swig-core basepath confinement, CVE-2023-25345).
|
|
465
|
+
// gina no longer resolves any template OUTSIDE the bundle templates root:
|
|
466
|
+
// the processed layout cache lives in-root (controller.render-swig.js
|
|
467
|
+
// .gina-layout-cache) and the dev inspector statusbar is inlined rather
|
|
468
|
+
// than {% include %}-d from the framework core dir. So the loader keeps
|
|
469
|
+
// swig-core's confinement (allowOutsideRoot defaults false) for every
|
|
470
|
+
// resolution, including untrusted nested {% include %} / {% import %}.
|
|
437
471
|
loader: swig.loaders.fs(dir),
|
|
438
472
|
cache: (conf.isCacheless) ? false : 'memory'
|
|
439
473
|
};
|
|
@@ -458,6 +492,33 @@ function Server(options) {
|
|
|
458
492
|
} catch (err) {
|
|
459
493
|
throw err;
|
|
460
494
|
}
|
|
495
|
+
|
|
496
|
+
// #TPL1 — async template-loader extension point. When the bundle
|
|
497
|
+
// configures settings.template.swig.loader, build + validate the loader
|
|
498
|
+
// at startup (fail-fast on bad config, mirroring initNunjucksEngine) and
|
|
499
|
+
// stash it per-bundle keyed by the template root. controller.js routes
|
|
500
|
+
// such bundles to the async delegate (controller.render-swig-async.js),
|
|
501
|
+
// which builds an ISOLATED per-bundle swig engine from this loader — the
|
|
502
|
+
// shared singleton's setDefaults loader above is unused for them. The
|
|
503
|
+
// default (no-loader) path is untouched: byte-identical to pre-#TPL1.
|
|
504
|
+
var _loaderCfg = (
|
|
505
|
+
conf.content && conf.content.settings && conf.content.settings.template
|
|
506
|
+
&& conf.content.settings.template.swig && conf.content.settings.template.swig.loader
|
|
507
|
+
) || null;
|
|
508
|
+
if (_loaderCfg) {
|
|
509
|
+
// build() throws on a bad config; we let it propagate so bundle
|
|
510
|
+
// startup fails with a clear message rather than 500-ing the first
|
|
511
|
+
// render. It does NOT reach the backend (no network probe at boot).
|
|
512
|
+
var _builtLoader = lib.templateLoaders.build(_loaderCfg, { bundle: self.appName });
|
|
513
|
+
if (_builtLoader && _builtLoader.async === true) {
|
|
514
|
+
if (!process.gina._swigLoaders) { process.gina._swigLoaders = Object.create(null); }
|
|
515
|
+
process.gina._swigLoaders[dir] = {
|
|
516
|
+
loader: _builtLoader,
|
|
517
|
+
autoescape: swigOptions.autoescape,
|
|
518
|
+
cache: (_loaderCfg.cache === true) // #TPL1 Tier-2 opt-in compiled-fn cache
|
|
519
|
+
};
|
|
520
|
+
}
|
|
521
|
+
}
|
|
461
522
|
}
|
|
462
523
|
|
|
463
524
|
/**
|
|
@@ -1110,7 +1171,11 @@ function Server(options) {
|
|
|
1110
1171
|
var getAssetFilenameFromUrl = function(bundleConf, url) {
|
|
1111
1172
|
|
|
1112
1173
|
var staticsArr = bundleConf.publicResources;
|
|
1113
|
-
|
|
1174
|
+
// #B30: reachable with an attacker-controlled URL (the HTTP/2 static path
|
|
1175
|
+
// passes request-derived `pathname` here — server.js ~2500), so a malformed
|
|
1176
|
+
// % escape would otherwise throw URIError, uncaught, and crash the bundle.
|
|
1177
|
+
// was: url = decodeURIComponent( url );
|
|
1178
|
+
url = safeDecodeURIComponent( url );
|
|
1114
1179
|
var staticProps = {
|
|
1115
1180
|
firstLevel : '/'+ url.split(/\//g)[1] + '/',
|
|
1116
1181
|
isFile : /^\/[A-Za-z0-9_-]+\.(.*)$/.test(url)
|
|
@@ -2215,7 +2280,11 @@ function Server(options) {
|
|
|
2215
2280
|
}
|
|
2216
2281
|
|
|
2217
2282
|
|
|
2218
|
-
|
|
2283
|
+
// #B30: a static-asset request URL with a malformed % escape (e.g.
|
|
2284
|
+
// GET /assets/%E0%.css) would otherwise throw URIError here, uncaught,
|
|
2285
|
+
// and crash the bundle. Fall back to the raw filename on a bad escape.
|
|
2286
|
+
// was: filename = decodeURIComponent(filename);
|
|
2287
|
+
filename = safeDecodeURIComponent(filename);
|
|
2219
2288
|
let filenameObj = new _(filename, true);
|
|
2220
2289
|
filenameObj.exists(function onStaticExists(exists) {
|
|
2221
2290
|
// fs.exists(filename, function onStaticExists(exists) {
|
|
@@ -3530,6 +3599,15 @@ function Server(options) {
|
|
|
3530
3599
|
});
|
|
3531
3600
|
|
|
3532
3601
|
request.on('end', function onEnd() {
|
|
3602
|
+
// Preserve the exact unparsed body BEFORE processRequestData mutates
|
|
3603
|
+
// request.body into the parsed object. Inbound webhooks that
|
|
3604
|
+
// authenticate via an HMAC computed over the raw request bytes need
|
|
3605
|
+
// the untouched body; by the time middlewares run, the stream is
|
|
3606
|
+
// drained and request.body is the parsed object. request.body is the
|
|
3607
|
+
// fully-accumulated string here ('' when the body was empty). This
|
|
3608
|
+
// is a reference assignment, not a copy. The multipart branch above
|
|
3609
|
+
// uses Busboy and never reaches here, so uploads are unaffected.
|
|
3610
|
+
request.rawBody = (typeof request.body === 'string') ? request.body : '';
|
|
3533
3611
|
processRequestData(request, response, next);
|
|
3534
3612
|
});
|
|
3535
3613
|
|
|
@@ -3591,52 +3669,80 @@ function Server(options) {
|
|
|
3591
3669
|
// get rid of encoding issues
|
|
3592
3670
|
try {
|
|
3593
3671
|
if ( !/multipart\/form-data;/.test(request.headers['content-type']) ) {
|
|
3594
|
-
if ( /application\/
|
|
3595
|
-
|
|
3596
|
-
|
|
3672
|
+
if ( /application\/json/i.test(request.headers['content-type']) ) {
|
|
3673
|
+
// #B28 — application/json: parse the body verbatim. JSON already
|
|
3674
|
+
// carries real types, so do NOT url-decode (a %XX inside a string
|
|
3675
|
+
// value would be corrupted) and do NOT apply form-style
|
|
3676
|
+
// "true"/"false"/"on"/"null" coercion or bracket-key expansion —
|
|
3677
|
+
// those are urlencoded-form conventions, not JSON.
|
|
3678
|
+
try {
|
|
3679
|
+
obj = JSON.parse(request.body);
|
|
3680
|
+
request.post = obj;
|
|
3681
|
+
isPostSet = true;
|
|
3682
|
+
} catch (err) {
|
|
3683
|
+
// Tolerate a percent-encoded JSON body (e.g. an
|
|
3684
|
+
// encodeURIComponent / RFC5987-encoded payload). A genuine
|
|
3685
|
+
// raw-JSON body parses on the verbatim attempt above, so a
|
|
3686
|
+
// legitimate %XX inside a string value is never double-decoded
|
|
3687
|
+
// (preserves #B28 intent) — only a non-raw-JSON body reaches here.
|
|
3688
|
+
try {
|
|
3689
|
+
obj = JSON.parse(decodeURIComponent(request.body));
|
|
3690
|
+
request.post = obj;
|
|
3691
|
+
isPostSet = true;
|
|
3692
|
+
} catch (err2) {
|
|
3693
|
+
exception = new Error('Could not parse application/json POST body. '+ err.message);
|
|
3694
|
+
throwError(response, 500, exception, next);
|
|
3695
|
+
return;
|
|
3696
|
+
}
|
|
3697
|
+
}
|
|
3698
|
+
} else {
|
|
3699
|
+
if ( /application\/x\-www\-form\-urlencoded/.test(request.headers['content-type']) && /\+/.test(request.body) ) {
|
|
3700
|
+
request.body = request.body.replace(/\+/g, ' ');
|
|
3701
|
+
}
|
|
3597
3702
|
|
|
3598
|
-
|
|
3599
|
-
|
|
3703
|
+
if ( request.body.substring(0,1) == '?')
|
|
3704
|
+
request.body = request.body.substring(1);
|
|
3600
3705
|
|
|
3601
|
-
|
|
3602
|
-
|
|
3603
|
-
|
|
3604
|
-
|
|
3605
|
-
|
|
3706
|
+
try {
|
|
3707
|
+
bodyStr = decodeURIComponent(request.body); // it is already a string for sure
|
|
3708
|
+
} catch (err) {
|
|
3709
|
+
bodyStr = request.body;
|
|
3710
|
+
}
|
|
3606
3711
|
|
|
3607
|
-
|
|
3608
|
-
|
|
3609
|
-
|
|
3610
|
-
|
|
3611
|
-
|
|
3712
|
+
// false & true case
|
|
3713
|
+
if ( /(\"false\"|\"true\"|\"on\")/.test(bodyStr) )
|
|
3714
|
+
bodyStr = bodyStr.replace(/\"false\"/g, false).replace(/\"true\"/g, true).replace(/\"on\"/g, true);
|
|
3715
|
+
if ( /(\"null\")/i.test(bodyStr) )
|
|
3716
|
+
bodyStr = bodyStr.replace(/\"null\"/ig, null);
|
|
3612
3717
|
|
|
3613
|
-
try {
|
|
3614
|
-
// obj = parseBody(bodyStr);
|
|
3615
|
-
obj = formatDataFromString(bodyStr);
|
|
3616
|
-
if ( !obj) {
|
|
3617
|
-
exception = new Error('Could not convert POST::BODY_STRING to POST::OBJECT. Possible JSON error in `bodyStr`');
|
|
3618
|
-
throwError(response, 500, exception, next);
|
|
3619
|
-
return;
|
|
3620
|
-
}
|
|
3621
|
-
request.post = obj;
|
|
3622
|
-
isPostSet = true;
|
|
3623
|
-
} catch (err) {
|
|
3624
|
-
// ignore this one
|
|
3625
|
-
msg = '[ Could properly evaluate POST ] '+ request.url +'\n'+ err.stack;
|
|
3626
|
-
console.warn(msg);
|
|
3627
|
-
}
|
|
3628
|
-
if (!isPostSet) {
|
|
3629
3718
|
try {
|
|
3630
|
-
|
|
3631
|
-
|
|
3632
|
-
|
|
3633
|
-
|
|
3719
|
+
// obj = parseBody(bodyStr);
|
|
3720
|
+
obj = formatDataFromString(bodyStr);
|
|
3721
|
+
if ( !obj) {
|
|
3722
|
+
exception = new Error('Could not convert POST::BODY_STRING to POST::OBJECT. Possible JSON error in `bodyStr`');
|
|
3723
|
+
throwError(response, 500, exception, next);
|
|
3724
|
+
return;
|
|
3634
3725
|
}
|
|
3635
|
-
|
|
3726
|
+
request.post = obj;
|
|
3727
|
+
isPostSet = true;
|
|
3636
3728
|
} catch (err) {
|
|
3637
|
-
|
|
3729
|
+
// ignore this one
|
|
3730
|
+
msg = '[ Could properly evaluate POST ] '+ request.url +'\n'+ err.stack;
|
|
3638
3731
|
console.warn(msg);
|
|
3639
3732
|
}
|
|
3733
|
+
if (!isPostSet) {
|
|
3734
|
+
try {
|
|
3735
|
+
if (obj.count() == 0 && bodyStr.length > 1) {
|
|
3736
|
+
request.post = obj;
|
|
3737
|
+
} else {
|
|
3738
|
+
request.post = JSON.parse(bodyStr)
|
|
3739
|
+
}
|
|
3740
|
+
|
|
3741
|
+
} catch (err) {
|
|
3742
|
+
msg = '[ Exception found for POST ] '+ request.url +'\n'+ err.stack;
|
|
3743
|
+
console.warn(msg);
|
|
3744
|
+
}
|
|
3745
|
+
}
|
|
3640
3746
|
}
|
|
3641
3747
|
}
|
|
3642
3748
|
|
|
@@ -3701,7 +3807,17 @@ function Server(options) {
|
|
|
3701
3807
|
|
|
3702
3808
|
|
|
3703
3809
|
if ( typeof(request.query.inheritedData) == 'string' ) {
|
|
3704
|
-
|
|
3810
|
+
// #B30: request.query.inheritedData is ALREADY percent-decoded once by
|
|
3811
|
+
// the engine query parser (server.isaac.js / express qs), and
|
|
3812
|
+
// formatDataFromString performs its OWN guarded internal decode. The
|
|
3813
|
+
// explicit decodeURIComponent here was a redundant SECOND decode whose
|
|
3814
|
+
// only effects were (a) a URIError crash on a literal '%' surviving the
|
|
3815
|
+
// first decode — e.g. inheritedData carrying {"x":"50%off"} → "%of" is a
|
|
3816
|
+
// malformed escape → the bundle dies (URIError → proc.js uncaughtException → SIGTERM) — and
|
|
3817
|
+
// (b) extra silent double-decode corruption. Dropped: formatDataFromString
|
|
3818
|
+
// supplies the single guarded decode.
|
|
3819
|
+
// was: inheritedDataObj = formatDataFromString(decodeURIComponent(request.query.inheritedData));
|
|
3820
|
+
inheritedDataObj = formatDataFromString(request.query.inheritedData);
|
|
3705
3821
|
} else {
|
|
3706
3822
|
inheritedDataObj = JSON.clone(request.query.inheritedData);
|
|
3707
3823
|
}
|
|
@@ -3718,7 +3834,11 @@ function Server(options) {
|
|
|
3718
3834
|
bodyStr = bodyStr.replace(/\"null\"/ig, null);
|
|
3719
3835
|
|
|
3720
3836
|
|
|
3721
|
-
|
|
3837
|
+
// #B30: redundant second decode dropped (see the GET inheritedData note
|
|
3838
|
+
// above) — request.query values are already engine-decoded and
|
|
3839
|
+
// formatDataFromString self-guards its own decode.
|
|
3840
|
+
// was: obj = formatDataFromString(decodeURIComponent(bodyStr));
|
|
3841
|
+
obj = formatDataFromString(bodyStr);
|
|
3722
3842
|
|
|
3723
3843
|
request.query = merge(obj, inheritedDataObj);
|
|
3724
3844
|
// delete obj;
|
|
@@ -3743,34 +3863,54 @@ function Server(options) {
|
|
|
3743
3863
|
// get rid of encoding issues
|
|
3744
3864
|
try {
|
|
3745
3865
|
if ( !/multipart\/form-data;/.test(request.headers['content-type']) ) {
|
|
3746
|
-
if ( /application\/
|
|
3747
|
-
|
|
3748
|
-
|
|
3866
|
+
if ( /application\/json/i.test(request.headers['content-type']) ) {
|
|
3867
|
+
// #B28 — application/json: parse the body verbatim. JSON already
|
|
3868
|
+
// carries real types, so do NOT url-decode (a %XX inside a string
|
|
3869
|
+
// value would be corrupted) and do NOT apply form-style
|
|
3870
|
+
// "true"/"false"/"on"/"null" coercion or bracket-key expansion —
|
|
3871
|
+
// those are urlencoded-form conventions, not JSON.
|
|
3872
|
+
try {
|
|
3873
|
+
obj = JSON.parse(request.body);
|
|
3874
|
+
} catch (err) {
|
|
3875
|
+
// Tolerate a percent-encoded JSON body (see the POST branch).
|
|
3876
|
+
// The verbatim attempt above wins for genuine raw JSON, so
|
|
3877
|
+
// #B28 intent holds and only an encoded body reaches here.
|
|
3878
|
+
try {
|
|
3879
|
+
obj = JSON.parse(decodeURIComponent(request.body));
|
|
3880
|
+
} catch (err2) {
|
|
3881
|
+
console.warn('[ Could not parse application/json PUT body ] '+ request.url +'\n'+ err.stack);
|
|
3882
|
+
}
|
|
3883
|
+
}
|
|
3884
|
+
} else {
|
|
3885
|
+
if ( /application\/x\-www\-form\-urlencoded/.test(request.headers['content-type']) ) {
|
|
3886
|
+
request.body = request.body.replace(/\+/g, ' ');
|
|
3887
|
+
}
|
|
3749
3888
|
|
|
3750
|
-
|
|
3751
|
-
|
|
3889
|
+
if ( request.body.substring(0,1) == '?')
|
|
3890
|
+
request.body = request.body.substring(1);
|
|
3752
3891
|
|
|
3753
|
-
|
|
3754
|
-
|
|
3755
|
-
|
|
3756
|
-
|
|
3757
|
-
|
|
3758
|
-
|
|
3892
|
+
// false & true case
|
|
3893
|
+
try {
|
|
3894
|
+
bodyStr = decodeURIComponent(request.body); // it is already a string for sure
|
|
3895
|
+
} catch (err) {
|
|
3896
|
+
bodyStr = request.body;
|
|
3897
|
+
}
|
|
3759
3898
|
|
|
3760
|
-
|
|
3761
|
-
|
|
3762
|
-
|
|
3763
|
-
|
|
3764
|
-
|
|
3899
|
+
// false & true case
|
|
3900
|
+
if ( /(\"false\"|\"true\"|\"on\")/.test(bodyStr) )
|
|
3901
|
+
bodyStr = bodyStr.replace(/\"false\"/g, false).replace(/\"true\"/g, true).replace(/\"on\"/g, true);
|
|
3902
|
+
if ( /(\"null\")/i.test(bodyStr) )
|
|
3903
|
+
bodyStr = bodyStr.replace(/\"null\"/ig, null);
|
|
3765
3904
|
|
|
3766
|
-
|
|
3905
|
+
obj = formatDataFromString(bodyStr);
|
|
3767
3906
|
|
|
3768
3907
|
|
|
3769
|
-
|
|
3770
|
-
|
|
3771
|
-
|
|
3772
|
-
|
|
3773
|
-
|
|
3908
|
+
if ( typeof(obj) != 'undefined' && obj.count() == 0 && bodyStr.length > 1 ) {
|
|
3909
|
+
try {
|
|
3910
|
+
request.put = merge(request.put, obj);
|
|
3911
|
+
} catch (err) {
|
|
3912
|
+
console.log('Case `put` #0 [ merge error ]: ' + (err.stack||err.message))
|
|
3913
|
+
}
|
|
3774
3914
|
}
|
|
3775
3915
|
}
|
|
3776
3916
|
}
|
|
@@ -3833,40 +3973,66 @@ function Server(options) {
|
|
|
3833
3973
|
if ( typeof(request.body) == 'string' ) {
|
|
3834
3974
|
try {
|
|
3835
3975
|
if ( !/multipart\/form-data;/.test(request.headers['content-type']) ) {
|
|
3836
|
-
if ( /application\/
|
|
3837
|
-
|
|
3838
|
-
|
|
3839
|
-
|
|
3840
|
-
|
|
3841
|
-
|
|
3842
|
-
|
|
3843
|
-
|
|
3844
|
-
|
|
3845
|
-
|
|
3846
|
-
|
|
3847
|
-
|
|
3848
|
-
|
|
3849
|
-
|
|
3850
|
-
|
|
3851
|
-
|
|
3852
|
-
|
|
3853
|
-
|
|
3854
|
-
|
|
3855
|
-
|
|
3976
|
+
if ( /application\/json/i.test(request.headers['content-type']) ) {
|
|
3977
|
+
// #B28 — application/json: parse the body verbatim. JSON already
|
|
3978
|
+
// carries real types, so do NOT url-decode (a %XX inside a string
|
|
3979
|
+
// value would be corrupted) and do NOT apply form-style
|
|
3980
|
+
// "true"/"false"/"on"/"null" coercion or bracket-key expansion —
|
|
3981
|
+
// those are urlencoded-form conventions, not JSON.
|
|
3982
|
+
try {
|
|
3983
|
+
obj = JSON.parse(request.body);
|
|
3984
|
+
request.patch = obj;
|
|
3985
|
+
isPatchSet = true;
|
|
3986
|
+
} catch (err) {
|
|
3987
|
+
// Tolerate a percent-encoded JSON body (see the POST branch).
|
|
3988
|
+
// The verbatim attempt above wins for genuine raw JSON, so
|
|
3989
|
+
// #B28 intent holds and only an encoded body reaches here.
|
|
3990
|
+
try {
|
|
3991
|
+
obj = JSON.parse(decodeURIComponent(request.body));
|
|
3992
|
+
request.patch = obj;
|
|
3993
|
+
isPatchSet = true;
|
|
3994
|
+
} catch (err2) {
|
|
3995
|
+
exception = new Error('Could not parse application/json PATCH body. '+ err.message);
|
|
3996
|
+
throwError(response, 500, exception, next);
|
|
3997
|
+
return;
|
|
3998
|
+
}
|
|
3856
3999
|
}
|
|
3857
|
-
|
|
3858
|
-
|
|
3859
|
-
|
|
3860
|
-
|
|
3861
|
-
|
|
3862
|
-
|
|
3863
|
-
|
|
4000
|
+
} else {
|
|
4001
|
+
if ( /application\/x\-www\-form\-urlencoded/.test(request.headers['content-type']) && /\+/.test(request.body) ) {
|
|
4002
|
+
request.body = request.body.replace(/\+/g, ' ');
|
|
4003
|
+
}
|
|
4004
|
+
if ( request.body.substring(0,1) == '?' )
|
|
4005
|
+
request.body = request.body.substring(1);
|
|
4006
|
+
try {
|
|
4007
|
+
bodyStr = decodeURIComponent(request.body);
|
|
4008
|
+
} catch (err) {
|
|
4009
|
+
bodyStr = request.body;
|
|
4010
|
+
}
|
|
4011
|
+
if ( /(\"false\"|\"true\"|\"on\")/.test(bodyStr) )
|
|
4012
|
+
bodyStr = bodyStr.replace(/\"false\"/g, false).replace(/\"true\"/g, true).replace(/\"on\"/g, true);
|
|
4013
|
+
if ( /(\"null\")/i.test(bodyStr) )
|
|
4014
|
+
bodyStr = bodyStr.replace(/\"null\"/ig, null);
|
|
3864
4015
|
try {
|
|
3865
|
-
|
|
4016
|
+
obj = formatDataFromString(bodyStr);
|
|
4017
|
+
if ( !obj ) {
|
|
4018
|
+
exception = new Error('Could not convert PATCH::BODY_STRING to PATCH::OBJECT. Possible JSON error in `bodyStr`');
|
|
4019
|
+
throwError(response, 500, exception, next);
|
|
4020
|
+
return;
|
|
4021
|
+
}
|
|
4022
|
+
request.patch = obj;
|
|
4023
|
+
isPatchSet = true;
|
|
3866
4024
|
} catch (err) {
|
|
3867
|
-
msg = '[
|
|
4025
|
+
msg = '[ Could not properly evaluate PATCH ] '+ request.url +'\n'+ err.stack;
|
|
3868
4026
|
console.warn(msg);
|
|
3869
4027
|
}
|
|
4028
|
+
if (!isPatchSet) {
|
|
4029
|
+
try {
|
|
4030
|
+
request.patch = ( obj.count() == 0 && bodyStr.length > 1 ) ? obj : JSON.parse(bodyStr);
|
|
4031
|
+
} catch (err) {
|
|
4032
|
+
msg = '[ Exception found for PATCH ] '+ request.url +'\n'+ err.stack;
|
|
4033
|
+
console.warn(msg);
|
|
4034
|
+
}
|
|
4035
|
+
}
|
|
3870
4036
|
}
|
|
3871
4037
|
}
|
|
3872
4038
|
} catch (err) {
|
|
@@ -3916,7 +4082,9 @@ function Server(options) {
|
|
|
3916
4082
|
var headInheritedDataObj = {};
|
|
3917
4083
|
if ( typeof(request.query.inheritedData) != 'undefined' ) {
|
|
3918
4084
|
if ( typeof(request.query.inheritedData) == 'string' ) {
|
|
3919
|
-
|
|
4085
|
+
// #B30: redundant second decode dropped (see the GET inheritedData note).
|
|
4086
|
+
// was: headInheritedDataObj = formatDataFromString(decodeURIComponent(request.query.inheritedData));
|
|
4087
|
+
headInheritedDataObj = formatDataFromString(request.query.inheritedData);
|
|
3920
4088
|
} else {
|
|
3921
4089
|
headInheritedDataObj = JSON.clone(request.query.inheritedData);
|
|
3922
4090
|
}
|
|
@@ -3927,7 +4095,9 @@ function Server(options) {
|
|
|
3927
4095
|
bodyStr = bodyStr.replace(/\"false\"/ig, false).replace(/\"true\"/ig, true).replace(/\"on\"/ig, true);
|
|
3928
4096
|
if ( /(\"null\")/i.test(bodyStr) )
|
|
3929
4097
|
bodyStr = bodyStr.replace(/\"null\"/ig, null);
|
|
3930
|
-
|
|
4098
|
+
// #B30: redundant second decode dropped (see the GET inheritedData note).
|
|
4099
|
+
// was: obj = formatDataFromString(decodeURIComponent(bodyStr));
|
|
4100
|
+
obj = formatDataFromString(bodyStr);
|
|
3931
4101
|
request.query = merge(obj, headInheritedDataObj);
|
|
3932
4102
|
obj = null;
|
|
3933
4103
|
headInheritedDataObj = null;
|
|
@@ -4373,7 +4543,7 @@ function Server(options) {
|
|
|
4373
4543
|
// lookupTrie returns null when no trie is available → linear scan runs normally.
|
|
4374
4544
|
var _trieCandidateSet = null;
|
|
4375
4545
|
if (!hasCachedRoute) {
|
|
4376
|
-
var _trieHits = routingLib.lookupTrie(
|
|
4546
|
+
var _trieHits = routingLib.lookupTrie(safeDecodeURI(pathname), bundle); // #B30: malformed-%-safe — a bad escape here would otherwise reject the async dispatch promise → hung request
|
|
4377
4547
|
if (_trieHits !== null && _trieHits.length > 0) {
|
|
4378
4548
|
_trieCandidateSet = new Set(_trieHits);
|
|
4379
4549
|
}
|
|
@@ -4463,7 +4633,7 @@ function Server(options) {
|
|
|
4463
4633
|
control : routing[name].param.control,
|
|
4464
4634
|
requirements : routing[name].requirements,
|
|
4465
4635
|
namespace : routing[name].namespace || undefined,
|
|
4466
|
-
url :
|
|
4636
|
+
url : safeDecodeURI(pathname), /// avoid %20 — #B30 malformed-%-safe
|
|
4467
4637
|
rule : routing[name].originalRule || name,
|
|
4468
4638
|
cache : routing[name].cache || null,
|
|
4469
4639
|
queryTimeout : parseTimeout(routing[name].queryTimeout) || null,
|
|
@@ -4763,7 +4933,13 @@ function Server(options) {
|
|
|
4763
4933
|
// console.error(local.request.method +' [ '+code+' ] '+ local.request.url);
|
|
4764
4934
|
console.error('[ BUNDLE ][ '+self.appName+' ] '+ local.request.method +' [ '+code+' ] \n'+ msg);
|
|
4765
4935
|
// intercept none HTML mime types
|
|
4766
|
-
|
|
4936
|
+
// #B30: throwError is the central error responder, reached synchronously from many
|
|
4937
|
+
// request callbacks; an unguarded decodeURI of a malformed-% URL here throws URIError →
|
|
4938
|
+
// proc.js uncaughtException handler (proc.js:319) → emerg + SIGTERM → the bundle dies
|
|
4939
|
+
// (it even turns a would-be graceful 404 on a malformed-% URL into a crash).
|
|
4940
|
+
// safeDecodeURI falls back to the raw URL.
|
|
4941
|
+
// was: var url = decodeURI(local.request.url) /// avoid %20
|
|
4942
|
+
var url = safeDecodeURI(local.request.url) /// avoid %20
|
|
4767
4943
|
, ext = null
|
|
4768
4944
|
, isHtmlContent = false
|
|
4769
4945
|
, hasCustomErrorFile = false
|
|
@@ -49,6 +49,56 @@ function DataHelper(){
|
|
|
49
49
|
replace(/%(?:7C|60|5E)/g, unescape);
|
|
50
50
|
};
|
|
51
51
|
|
|
52
|
+
/**
|
|
53
|
+
* Percent-decodes a string, returning the input UNCHANGED when it is not a
|
|
54
|
+
* valid URI component. `decodeURIComponent` throws `URIError` on a malformed
|
|
55
|
+
* escape (a bare `%`, `%zz`, or a truncated `%E0%A`). On the server request
|
|
56
|
+
* path an attacker-controlled malformed `%` in a URL / query string would
|
|
57
|
+
* otherwise reach an unguarded `decodeURIComponent`, throw, and — since the
|
|
58
|
+
* framework runs no `uncaughtException` handler — take the whole bundle down
|
|
59
|
+
* (#B30). Use this at every server-side decode of attacker-controllable
|
|
60
|
+
* input where the decode is the genuine (first) decode and cannot simply be
|
|
61
|
+
* dropped; it mirrors the try/decode/fallback-to-raw idiom already used in
|
|
62
|
+
* the POST/PUT/PATCH body branches of `processRequestData`.
|
|
63
|
+
*
|
|
64
|
+
* @param {string} str - the value to decode
|
|
65
|
+
* @returns {string} the decoded value, or the original string on URIError
|
|
66
|
+
* @example
|
|
67
|
+
* safeDecodeURIComponent('a%20b'); // 'a b'
|
|
68
|
+
* safeDecodeURIComponent('100%'); // '100%' (decodeURIComponent would throw URIError)
|
|
69
|
+
*/
|
|
70
|
+
safeDecodeURIComponent = function(str) {
|
|
71
|
+
try {
|
|
72
|
+
return decodeURIComponent(str);
|
|
73
|
+
} catch (err) {
|
|
74
|
+
return str;
|
|
75
|
+
}
|
|
76
|
+
};
|
|
77
|
+
|
|
78
|
+
/**
|
|
79
|
+
* Like {@link safeDecodeURIComponent} but for whole-URI decoding: wraps
|
|
80
|
+
* `decodeURI` (which leaves URI-reserved characters such as `/ ? #` intact —
|
|
81
|
+
* used across the routing and error-handler paths to turn `%20` back into a
|
|
82
|
+
* space without touching path separators). `decodeURI` throws the SAME
|
|
83
|
+
* `URIError` as `decodeURIComponent` on a malformed escape, so an unguarded
|
|
84
|
+
* call on the request URL / pathname crashes the bundle the same way (#B30) —
|
|
85
|
+
* including from inside `throwError`, which would turn a graceful error into a
|
|
86
|
+
* crash. Returns the input unchanged on a malformed escape.
|
|
87
|
+
*
|
|
88
|
+
* @param {string} str - the value to decode
|
|
89
|
+
* @returns {string} the decoded value, or the original string on URIError
|
|
90
|
+
* @example
|
|
91
|
+
* safeDecodeURI('/a%20b'); // '/a b'
|
|
92
|
+
* safeDecodeURI('/a%E0%A'); // '/a%E0%A' (decodeURI would throw URIError)
|
|
93
|
+
*/
|
|
94
|
+
safeDecodeURI = function(str) {
|
|
95
|
+
try {
|
|
96
|
+
return decodeURI(str);
|
|
97
|
+
} catch (err) {
|
|
98
|
+
return str;
|
|
99
|
+
}
|
|
100
|
+
};
|
|
101
|
+
|
|
52
102
|
/**
|
|
53
103
|
* Convert JSON string with structured keys to object
|
|
54
104
|
*
|
|
@@ -153,7 +203,11 @@ function DataHelper(){
|
|
|
153
203
|
for (var i = 0, len = arr.length; i < len; ++i) {
|
|
154
204
|
if (!arr[i]) continue;
|
|
155
205
|
|
|
156
|
-
|
|
206
|
+
// #B30: tolerate a malformed `%` escape (fall back to the raw
|
|
207
|
+
// segment) instead of letting decodeURIComponent throw URIError —
|
|
208
|
+
// an unguarded throw here propagates to processRequestData with no
|
|
209
|
+
// uncaughtException handler and crashes the bundle.
|
|
210
|
+
arr[i] = safeDecodeURIComponent(arr[i]);
|
|
157
211
|
|
|
158
212
|
if ( /^\{/.test(arr[i]) || /\=\{/.test(arr[i]) || /\=\[/.test(arr[i]) ) {
|
|
159
213
|
try {
|
|
@@ -182,8 +236,9 @@ function DataHelper(){
|
|
|
182
236
|
|
|
183
237
|
if ( typeof(el[1]) == 'string' && !/\[object /.test(el[1])) {
|
|
184
238
|
key = null;
|
|
185
|
-
|
|
186
|
-
el[
|
|
239
|
+
// #B30: malformed-%-safe decode (see the arr[] loop above).
|
|
240
|
+
el[0] = safeDecodeURIComponent(el[0]);
|
|
241
|
+
el[1] = safeDecodeURIComponent(el[1]);
|
|
187
242
|
|
|
188
243
|
if ( /^(.*)\[(.*)\]/.test(el[0]) ) { // some[field] ?
|
|
189
244
|
key = el[0].replace(/\]/g, '').split(/\[/g);
|