gina 0.4.5 → 0.4.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (475) hide show
  1. package/CHANGELOG.md +36 -0
  2. package/CONTRIBUTING.md +2 -2
  3. package/README.md +10 -8
  4. package/ROADMAP.md +2 -2
  5. package/framework/v0.4.6/VERSION +1 -0
  6. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/css/gina.min.css +1 -0
  7. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/css/gina.min.css.br +0 -0
  8. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/css/gina.min.css.gz +0 -0
  9. package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/inspector.js +62 -0
  10. package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.js +934 -42
  11. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/js/gina.min.js +571 -0
  12. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/js/gina.min.js.br +0 -0
  13. package/framework/v0.4.6/core/asset/plugin/dist/vendor/gina/js/gina.min.js.gz +0 -0
  14. package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.js +62 -6
  15. package/framework/v0.4.6/core/controller/controller.render-nunjucks-async.js +788 -0
  16. package/framework/v0.4.6/core/controller/controller.render-swig-async.js +664 -0
  17. package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-swig.js +52 -5
  18. package/framework/{v0.4.5 → v0.4.6}/core/gna.js +24 -0
  19. package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/csp/README.md +35 -0
  20. package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/csp/src/main.js +136 -2
  21. package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/package.json +0 -3
  22. package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/package.json +0 -3
  23. package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/src/main.js +17 -4
  24. package/framework/{v0.4.5 → v0.4.6}/core/server.isaac.js +2 -2
  25. package/framework/{v0.4.5 → v0.4.6}/core/server.js +273 -97
  26. package/framework/{v0.4.5 → v0.4.6}/helpers/data/package.json +0 -3
  27. package/framework/{v0.4.5 → v0.4.6}/helpers/data/src/main.js +58 -3
  28. package/framework/{v0.4.5 → v0.4.6}/helpers/json/package.json +0 -3
  29. package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/package.json +0 -3
  30. package/framework/{v0.4.5 → v0.4.6}/lib/archiver/package.json +0 -3
  31. package/framework/{v0.4.5 → v0.4.6}/lib/cache/package.json +0 -3
  32. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/link.js +16 -5
  33. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/msg.json +1 -1
  34. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/restart.js +11 -3
  35. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/start.js +5 -1
  36. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/version.js +24 -3
  37. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/helper.js +28 -9
  38. package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/add.js +29 -13
  39. package/framework/{v0.4.5 → v0.4.6}/lib/collection/package.json +0 -3
  40. package/framework/{v0.4.5 → v0.4.6}/lib/cron/package.json +0 -3
  41. package/framework/{v0.4.5 → v0.4.6}/lib/domain/package.json +0 -3
  42. package/framework/{v0.4.5 → v0.4.6}/lib/index.js +7 -0
  43. package/framework/{v0.4.5 → v0.4.6}/lib/inherits/package.json +0 -3
  44. package/framework/{v0.4.5 → v0.4.6}/lib/logger/package.json +0 -3
  45. package/framework/{v0.4.5 → v0.4.6}/lib/merge/package.json +0 -3
  46. package/framework/{v0.4.5 → v0.4.6}/lib/model.js +17 -0
  47. package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-filters/src/main.js +37 -11
  48. package/framework/{v0.4.5 → v0.4.6}/lib/routing/package.json +0 -3
  49. package/framework/{v0.4.5 → v0.4.6}/lib/routing/src/main.js +4 -4
  50. package/framework/{v0.4.5 → v0.4.6}/lib/swig-filters/package.json +0 -3
  51. package/framework/{v0.4.5 → v0.4.6}/lib/swig-filters/src/main.js +45 -6
  52. package/framework/v0.4.6/lib/template-loaders/package.json +17 -0
  53. package/framework/v0.4.6/lib/template-loaders/src/loaders/http.js +272 -0
  54. package/framework/v0.4.6/lib/template-loaders/src/loaders/memory.js +75 -0
  55. package/framework/v0.4.6/lib/template-loaders/src/main.js +134 -0
  56. package/framework/{v0.4.5 → v0.4.6}/package.json +2 -2
  57. package/gna.js +4 -4
  58. package/llms.txt +32 -44
  59. package/package.json +6 -3
  60. package/playwright.config.js +35 -0
  61. package/schema/settings.json +105 -0
  62. package/types/gna.d.ts +1 -1
  63. package/framework/v0.4.5/VERSION +0 -1
  64. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/css/gina.min.css +0 -1
  65. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/css/gina.min.css.br +0 -0
  66. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/css/gina.min.css.gz +0 -0
  67. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/js/gina.min.js +0 -555
  68. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/js/gina.min.js.br +0 -0
  69. package/framework/v0.4.5/core/asset/plugin/dist/vendor/gina/js/gina.min.js.gz +0 -0
  70. /package/framework/{v0.4.5 → v0.4.6}/AUTHORS +0 -0
  71. /package/framework/{v0.4.5 → v0.4.6}/LICENSE +0 -0
  72. /package/framework/{v0.4.5 → v0.4.6}/core/asset/html/nolayout.html +0 -0
  73. /package/framework/{v0.4.5 → v0.4.6}/core/asset/html/static.html +0 -0
  74. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/android-chrome-192x192.png +0 -0
  75. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/android-chrome-512x512.png +0 -0
  76. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/apple-touch-icon.png +0 -0
  77. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/favicon-16x16.png +0 -0
  78. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/favicon-32x32.png +0 -0
  79. /package/framework/{v0.4.5 → v0.4.6}/core/asset/img/favicon.ico +0 -0
  80. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/README.md +0 -0
  81. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/beemaster/beemaster.css +0 -0
  82. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/beemaster/beemaster.js +0 -0
  83. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/beemaster/index.html +0 -0
  84. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/html/statusbar.html +0 -0
  85. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/html/statusbar.html.br +0 -0
  86. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/html/statusbar.html.gz +0 -0
  87. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/have_heart_one-webfont.woff2 +0 -0
  88. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/index.html +0 -0
  89. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/inspector.css +0 -0
  90. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/inspector/logo.svg +0 -0
  91. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js +0 -0
  92. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js.br +0 -0
  93. /package/framework/{v0.4.5 → v0.4.6}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js.gz +0 -0
  94. /package/framework/{v0.4.5 → v0.4.6}/core/config.js +0 -0
  95. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/ai/index.js +0 -0
  96. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/ai/lib/connector.js +0 -0
  97. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/index.js +0 -0
  98. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/connector.js +0 -0
  99. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/connector.v3.js +0 -0
  100. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/connector.v4.js +0 -0
  101. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/n1ql.js +0 -0
  102. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/session-store.js +0 -0
  103. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/session-store.v3.js +0 -0
  104. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/couchbase/lib/session-store.v4.js +0 -0
  105. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/index.js +0 -0
  106. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/lib/connector.js +0 -0
  107. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/lib/pipeline-loader.js +0 -0
  108. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mongodb/lib/session-store.js +0 -0
  109. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mysql/index.js +0 -0
  110. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/mysql/lib/connector.js +0 -0
  111. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/postgresql/index.js +0 -0
  112. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/postgresql/lib/connector.js +0 -0
  113. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/redis/index.js +0 -0
  114. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/redis/lib/session-store.js +0 -0
  115. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/scylladb/index.js +0 -0
  116. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/scylladb/lib/connector.js +0 -0
  117. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/scylladb/lib/session-store.js +0 -0
  118. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sql-parser.js +0 -0
  119. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sqlite/index.js +0 -0
  120. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sqlite/lib/connector.js +0 -0
  121. /package/framework/{v0.4.5 → v0.4.6}/core/connectors/sqlite/lib/session-store.js +0 -0
  122. /package/framework/{v0.4.5 → v0.4.6}/core/content.encoding +0 -0
  123. /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.framework.js +0 -0
  124. /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-json.js +0 -0
  125. /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-nunjucks.js +0 -0
  126. /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-stream.js +0 -0
  127. /package/framework/{v0.4.5 → v0.4.6}/core/controller/controller.render-v1.js +0 -0
  128. /package/framework/{v0.4.5 → v0.4.6}/core/controller/index.js +0 -0
  129. /package/framework/{v0.4.5 → v0.4.6}/core/controller/inspector-window-emit.js +0 -0
  130. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/LICENSE +0 -0
  131. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/README.md +0 -0
  132. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/index.js +0 -0
  133. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/types/multipart.js +0 -0
  134. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/types/urlencoded.js +0 -0
  135. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/lib/utils.js +0 -0
  136. /package/framework/{v0.4.5 → v0.4.6}/core/deps/busboy-1.6.0/package.json +0 -0
  137. /package/framework/{v0.4.5 → v0.4.6}/core/deps/streamsearch-1.1.0/LICENSE +0 -0
  138. /package/framework/{v0.4.5 → v0.4.6}/core/deps/streamsearch-1.1.0/lib/sbmh.js +0 -0
  139. /package/framework/{v0.4.5 → v0.4.6}/core/deps/streamsearch-1.1.0/package.json +0 -0
  140. /package/framework/{v0.4.5 → v0.4.6}/core/dev/index.js +0 -0
  141. /package/framework/{v0.4.5 → v0.4.6}/core/dev/lib/class.js +0 -0
  142. /package/framework/{v0.4.5 → v0.4.6}/core/dev/lib/factory.js +0 -0
  143. /package/framework/{v0.4.5 → v0.4.6}/core/dev/lib/tools.js +0 -0
  144. /package/framework/{v0.4.5 → v0.4.6}/core/locales/README.md +0 -0
  145. /package/framework/{v0.4.5 → v0.4.6}/core/locales/currency.json +0 -0
  146. /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/language/en.json +0 -0
  147. /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/language/fr.json +0 -0
  148. /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/region/en.json +0 -0
  149. /package/framework/{v0.4.5 → v0.4.6}/core/locales/dist/region/fr.json +0 -0
  150. /package/framework/{v0.4.5 → v0.4.6}/core/locales/index.js +0 -0
  151. /package/framework/{v0.4.5 → v0.4.6}/core/mime.types +0 -0
  152. /package/framework/{v0.4.5 → v0.4.6}/core/model/entity.js +0 -0
  153. /package/framework/{v0.4.5 → v0.4.6}/core/model/index.js +0 -0
  154. /package/framework/{v0.4.5 → v0.4.6}/core/model/template/entityFactory.js +0 -0
  155. /package/framework/{v0.4.5 → v0.4.6}/core/model/template/index.js +0 -0
  156. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/README.md +0 -0
  157. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/index.js +0 -0
  158. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/csrf/README.md +0 -0
  159. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/csrf/package.json +0 -0
  160. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/csrf/src/main.js +0 -0
  161. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/README.md +0 -0
  162. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coep/README.md +0 -0
  163. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coep/package.json +0 -0
  164. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coep/src/main.js +0 -0
  165. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coop/README.md +0 -0
  166. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coop/package.json +0 -0
  167. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/coop/src/main.js +0 -0
  168. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/corp/README.md +0 -0
  169. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/corp/package.json +0 -0
  170. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/corp/src/main.js +0 -0
  171. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/csp/package.json +0 -0
  172. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hide-powered-by/README.md +0 -0
  173. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hide-powered-by/package.json +0 -0
  174. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hide-powered-by/src/main.js +0 -0
  175. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hsts/README.md +0 -0
  176. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hsts/package.json +0 -0
  177. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/hsts/src/main.js +0 -0
  178. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/origin-agent-cluster/README.md +0 -0
  179. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/origin-agent-cluster/package.json +0 -0
  180. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/origin-agent-cluster/src/main.js +0 -0
  181. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/package.json +0 -0
  182. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/referrer-policy/README.md +0 -0
  183. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/referrer-policy/package.json +0 -0
  184. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/referrer-policy/src/main.js +0 -0
  185. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/src/main.js +0 -0
  186. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-content-type-options/README.md +0 -0
  187. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-content-type-options/package.json +0 -0
  188. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-content-type-options/src/main.js +0 -0
  189. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-dns-prefetch-control/README.md +0 -0
  190. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-dns-prefetch-control/package.json +0 -0
  191. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-dns-prefetch-control/src/main.js +0 -0
  192. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-download-options/README.md +0 -0
  193. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-download-options/package.json +0 -0
  194. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-download-options/src/main.js +0 -0
  195. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-frame-options/README.md +0 -0
  196. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-frame-options/package.json +0 -0
  197. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-frame-options/src/main.js +0 -0
  198. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/README.md +0 -0
  199. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/package.json +0 -0
  200. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/src/main.js +0 -0
  201. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-xss-protection/README.md +0 -0
  202. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-xss-protection/package.json +0 -0
  203. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/security-headers/x-xss-protection/src/main.js +0 -0
  204. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/session/README.md +0 -0
  205. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/session/package.json +0 -0
  206. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/session/src/main.js +0 -0
  207. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/README.md +0 -0
  208. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/build.json +0 -0
  209. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/storage/src/main.js +0 -0
  210. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/README.md +0 -0
  211. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/build.json +0 -0
  212. /package/framework/{v0.4.5 → v0.4.6}/core/plugins/lib/validator/src/form-validator.js +0 -0
  213. /package/framework/{v0.4.5 → v0.4.6}/core/router.js +0 -0
  214. /package/framework/{v0.4.5 → v0.4.6}/core/server.express.js +0 -0
  215. /package/framework/{v0.4.5 → v0.4.6}/core/status.codes +0 -0
  216. /package/framework/{v0.4.5 → v0.4.6}/core/template/_gitignore +0 -0
  217. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/app.json +0 -0
  218. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/connectors.json +0 -0
  219. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/routing.json +0 -0
  220. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/settings.json +0 -0
  221. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/settings.server.json +0 -0
  222. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/templates.json +0 -0
  223. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/config/watchers.json +0 -0
  224. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/controllers/controller.content.js +0 -0
  225. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/controllers/controller.js +0 -0
  226. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/controllers/setup.js +0 -0
  227. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/index.js +0 -0
  228. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle/locales/en.json +0 -0
  229. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_namespace/controllers/controller.js +0 -0
  230. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/css/default.css +0 -0
  231. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/css/home.css +0 -0
  232. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/css/vendor/readme.md +0 -0
  233. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/favicon.ico +0 -0
  234. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/js/vendor/readme.md +0 -0
  235. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/manifest.webmanifest +0 -0
  236. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/readme.md +0 -0
  237. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_public/sw.js +0 -0
  238. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/handlers/main.js +0 -0
  239. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/content/homepage.html +0 -0
  240. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/includes/error-msg-noscript.html +0 -0
  241. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/includes/error-msg-outdated-browser.html +0 -0
  242. /package/framework/{v0.4.5 → v0.4.6}/core/template/boilerplate/bundle_templates/html/layouts/main.html +0 -0
  243. /package/framework/{v0.4.5 → v0.4.6}/core/template/command/gina.bat.tpl +0 -0
  244. /package/framework/{v0.4.5 → v0.4.6}/core/template/command/gina.tpl +0 -0
  245. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/env.json +0 -0
  246. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/manifest.json +0 -0
  247. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/package.json +0 -0
  248. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/settings.json +0 -0
  249. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/statics.json +0 -0
  250. /package/framework/{v0.4.5 → v0.4.6}/core/template/conf/templates.json +0 -0
  251. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/client/json/401.json +0 -0
  252. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/client/json/403.json +0 -0
  253. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/client/json/404.json +0 -0
  254. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/server/html/50x.html +0 -0
  255. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/server/json/500.json +0 -0
  256. /package/framework/{v0.4.5 → v0.4.6}/core/template/error/server/json/503.json +0 -0
  257. /package/framework/{v0.4.5 → v0.4.6}/core/template/extensions/logger/config.json +0 -0
  258. /package/framework/{v0.4.5 → v0.4.6}/helpers/console.js +0 -0
  259. /package/framework/{v0.4.5 → v0.4.6}/helpers/context.js +0 -0
  260. /package/framework/{v0.4.5 → v0.4.6}/helpers/data/LICENSE +0 -0
  261. /package/framework/{v0.4.5 → v0.4.6}/helpers/data/README.md +0 -0
  262. /package/framework/{v0.4.5 → v0.4.6}/helpers/dateFormat.js +0 -0
  263. /package/framework/{v0.4.5 → v0.4.6}/helpers/index.js +0 -0
  264. /package/framework/{v0.4.5 → v0.4.6}/helpers/json/LICENSE +0 -0
  265. /package/framework/{v0.4.5 → v0.4.6}/helpers/json/README.md +0 -0
  266. /package/framework/{v0.4.5 → v0.4.6}/helpers/json/src/main.js +0 -0
  267. /package/framework/{v0.4.5 → v0.4.6}/helpers/path.js +0 -0
  268. /package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/README.md +0 -0
  269. /package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/src/api-error.js +0 -0
  270. /package/framework/{v0.4.5 → v0.4.6}/helpers/plugins/src/main.js +0 -0
  271. /package/framework/{v0.4.5 → v0.4.6}/helpers/prototypes.js +0 -0
  272. /package/framework/{v0.4.5 → v0.4.6}/helpers/task.js +0 -0
  273. /package/framework/{v0.4.5 → v0.4.6}/helpers/text.js +0 -0
  274. /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/README.md +0 -0
  275. /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/build.json +0 -0
  276. /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/src/dep/jszip.min.js +0 -0
  277. /package/framework/{v0.4.5 → v0.4.6}/lib/archiver/src/main.js +0 -0
  278. /package/framework/{v0.4.5 → v0.4.6}/lib/async/package.json +0 -0
  279. /package/framework/{v0.4.5 → v0.4.6}/lib/async/src/main.js +0 -0
  280. /package/framework/{v0.4.5 → v0.4.6}/lib/cache/README.md +0 -0
  281. /package/framework/{v0.4.5 → v0.4.6}/lib/cache/build.json +0 -0
  282. /package/framework/{v0.4.5 → v0.4.6}/lib/cache/src/main.js +0 -0
  283. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/aliases.json +0 -0
  284. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/add.js +0 -0
  285. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/arguments.json +0 -0
  286. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/build.js +0 -0
  287. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/copy.js +0 -0
  288. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/cp.js +0 -0
  289. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/help.js +0 -0
  290. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/help.txt +0 -0
  291. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/inc/name-rewrite.js +0 -0
  292. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/list.js +0 -0
  293. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/mcp-start.js +0 -0
  294. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/mcp.js +0 -0
  295. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/oas.js +0 -0
  296. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/openapi.js +0 -0
  297. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/remove.js +0 -0
  298. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/rename.js +0 -0
  299. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/restart.js +0 -0
  300. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/rm.js +0 -0
  301. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/start.js +0 -0
  302. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/status.js +0 -0
  303. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/bundle/stop.js +0 -0
  304. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/cache/stats.js +0 -0
  305. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/add.js +0 -0
  306. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/arguments.json +0 -0
  307. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/help.js +0 -0
  308. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/help.txt +0 -0
  309. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/list.js +0 -0
  310. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/migrate.js +0 -0
  311. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/remove.js +0 -0
  312. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/connector/rm.js +0 -0
  313. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/add.js +0 -0
  314. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/get.js +0 -0
  315. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/help.js +0 -0
  316. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/help.txt +0 -0
  317. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/link-dev.js +0 -0
  318. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/list.js +0 -0
  319. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/remove.js +0 -0
  320. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/rm.js +0 -0
  321. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/set.js +0 -0
  322. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/unset.js +0 -0
  323. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/env/use.js +0 -0
  324. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/arguments.json +0 -0
  325. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/build.js +0 -0
  326. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/dot.js +0 -0
  327. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/get.js +0 -0
  328. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/help.js +0 -0
  329. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/help.txt +0 -0
  330. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/init.js +0 -0
  331. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/link-node-modules.js +0 -0
  332. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/open.js +0 -0
  333. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/set.js +0 -0
  334. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/status.js +0 -0
  335. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/stop.js +0 -0
  336. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/tail.js +0 -0
  337. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/framework/update.js +0 -0
  338. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/gina-dev.1.md +0 -0
  339. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/gina-framework.1.md +0 -0
  340. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/gina.1.md +0 -0
  341. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/add.js +0 -0
  342. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/arguments.json +0 -0
  343. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/export.js +0 -0
  344. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/help.js +0 -0
  345. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/help.txt +0 -0
  346. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/import.js +0 -0
  347. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/i18n/scan.js +0 -0
  348. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/index.js +0 -0
  349. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/inspector/help.js +0 -0
  350. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/inspector/help.txt +0 -0
  351. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/inspector/open.js +0 -0
  352. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/arguments.json +0 -0
  353. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/help.js +0 -0
  354. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/help.txt +0 -0
  355. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/kill.js +0 -0
  356. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/minion/list.js +0 -0
  357. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/msg.json +0 -0
  358. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/help.js +0 -0
  359. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/help.txt +0 -0
  360. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/inc/scan.js +0 -0
  361. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/list.js +0 -0
  362. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/reset.js +0 -0
  363. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/port/set.js +0 -0
  364. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/arguments.json +0 -0
  365. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/build.js +0 -0
  366. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/help.js +0 -0
  367. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/help.txt +0 -0
  368. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/import.js +0 -0
  369. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/list.js +0 -0
  370. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/move.js +0 -0
  371. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/remove.js +0 -0
  372. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/rename.js +0 -0
  373. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/restart.js +0 -0
  374. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/rm.js +0 -0
  375. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/start.js +0 -0
  376. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/status.js +0 -0
  377. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/project/stop.js +0 -0
  378. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/arguments.json +0 -0
  379. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/help.js +0 -0
  380. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/help.txt +0 -0
  381. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/list.js +0 -0
  382. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/remove.js +0 -0
  383. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/protocol/set.js +0 -0
  384. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/add.js +0 -0
  385. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/help.js +0 -0
  386. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/help.txt +0 -0
  387. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/link-local.js +0 -0
  388. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/link-production.js +0 -0
  389. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/list.js +0 -0
  390. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/remove.js +0 -0
  391. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/rm.js +0 -0
  392. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/scope/use.js +0 -0
  393. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/arguments.json +0 -0
  394. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/check.js +0 -0
  395. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/help.js +0 -0
  396. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/help.txt +0 -0
  397. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/secrets/scan.js +0 -0
  398. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/help.js +0 -0
  399. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/help.txt +0 -0
  400. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/list.js +0 -0
  401. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/service/start.js +0 -0
  402. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd/view/add.js +0 -0
  403. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd-status-format/package.json +0 -0
  404. /package/framework/{v0.4.5 → v0.4.6}/lib/cmd-status-format/src/main.js +0 -0
  405. /package/framework/{v0.4.5 → v0.4.6}/lib/collection/README.md +0 -0
  406. /package/framework/{v0.4.5 → v0.4.6}/lib/collection/build.json +0 -0
  407. /package/framework/{v0.4.5 → v0.4.6}/lib/collection/src/main.js +0 -0
  408. /package/framework/{v0.4.5 → v0.4.6}/lib/config.js +0 -0
  409. /package/framework/{v0.4.5 → v0.4.6}/lib/connector-registry/package.json +0 -0
  410. /package/framework/{v0.4.5 → v0.4.6}/lib/connector-registry/src/main.js +0 -0
  411. /package/framework/{v0.4.5 → v0.4.6}/lib/cron/README.md +0 -0
  412. /package/framework/{v0.4.5 → v0.4.6}/lib/cron/src/main.js +0 -0
  413. /package/framework/{v0.4.5 → v0.4.6}/lib/domain/LICENSE +0 -0
  414. /package/framework/{v0.4.5 → v0.4.6}/lib/domain/README.md +0 -0
  415. /package/framework/{v0.4.5 → v0.4.6}/lib/domain/src/main.js +0 -0
  416. /package/framework/{v0.4.5 → v0.4.6}/lib/generator/index.js +0 -0
  417. /package/framework/{v0.4.5 → v0.4.6}/lib/i18n/package.json +0 -0
  418. /package/framework/{v0.4.5 → v0.4.6}/lib/i18n/src/main.js +0 -0
  419. /package/framework/{v0.4.5 → v0.4.6}/lib/inherits/LICENSE +0 -0
  420. /package/framework/{v0.4.5 → v0.4.6}/lib/inherits/README.md +0 -0
  421. /package/framework/{v0.4.5 → v0.4.6}/lib/inherits/src/main.js +0 -0
  422. /package/framework/{v0.4.5 → v0.4.6}/lib/inspector-redact/package.json +0 -0
  423. /package/framework/{v0.4.5 → v0.4.6}/lib/inspector-redact/src/main.js +0 -0
  424. /package/framework/{v0.4.5 → v0.4.6}/lib/instrument/package.json +0 -0
  425. /package/framework/{v0.4.5 → v0.4.6}/lib/instrument/src/main.js +0 -0
  426. /package/framework/{v0.4.5 → v0.4.6}/lib/job/package.json +0 -0
  427. /package/framework/{v0.4.5 → v0.4.6}/lib/job/src/main.js +0 -0
  428. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/README.md +0 -0
  429. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/default/index.js +0 -0
  430. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/file/index.js +0 -0
  431. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/file/lib/logrotator/README.md +0 -0
  432. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/file/lib/logrotator/index.js +0 -0
  433. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/mq/index.js +0 -0
  434. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/mq/listener.js +0 -0
  435. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/containers/mq/speaker.js +0 -0
  436. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/helper.js +0 -0
  437. /package/framework/{v0.4.5 → v0.4.6}/lib/logger/src/main.js +0 -0
  438. /package/framework/{v0.4.5 → v0.4.6}/lib/math/index.js +0 -0
  439. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-dispatch/package.json +0 -0
  440. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-dispatch/src/main.js +0 -0
  441. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-http/package.json +0 -0
  442. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-http/src/main.js +0 -0
  443. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-server/package.json +0 -0
  444. /package/framework/{v0.4.5 → v0.4.6}/lib/mcp-server/src/main.js +0 -0
  445. /package/framework/{v0.4.5 → v0.4.6}/lib/merge/README.md +0 -0
  446. /package/framework/{v0.4.5 → v0.4.6}/lib/merge/src/main.js +0 -0
  447. /package/framework/{v0.4.5 → v0.4.6}/lib/metrics/package.json +0 -0
  448. /package/framework/{v0.4.5 → v0.4.6}/lib/metrics/src/main.js +0 -0
  449. /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-filters/README.md +0 -0
  450. /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-filters/package.json +0 -0
  451. /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-resolver/package.json +0 -0
  452. /package/framework/{v0.4.5 → v0.4.6}/lib/nunjucks-resolver/src/main.js +0 -0
  453. /package/framework/{v0.4.5 → v0.4.6}/lib/proc.js +0 -0
  454. /package/framework/{v0.4.5 → v0.4.6}/lib/routing/README.md +0 -0
  455. /package/framework/{v0.4.5 → v0.4.6}/lib/routing/build.json +0 -0
  456. /package/framework/{v0.4.5 → v0.4.6}/lib/routing/src/radix.js +0 -0
  457. /package/framework/{v0.4.5 → v0.4.6}/lib/routing-introspect/package.json +0 -0
  458. /package/framework/{v0.4.5 → v0.4.6}/lib/routing-introspect/src/main.js +0 -0
  459. /package/framework/{v0.4.5 → v0.4.6}/lib/secrets/package.json +0 -0
  460. /package/framework/{v0.4.5 → v0.4.6}/lib/secrets/src/backends/env.js +0 -0
  461. /package/framework/{v0.4.5 → v0.4.6}/lib/secrets/src/main.js +0 -0
  462. /package/framework/{v0.4.5 → v0.4.6}/lib/session-store.js +0 -0
  463. /package/framework/{v0.4.5 → v0.4.6}/lib/shell.js +0 -0
  464. /package/framework/{v0.4.5 → v0.4.6}/lib/state.js +0 -0
  465. /package/framework/{v0.4.5 → v0.4.6}/lib/swig-filters/README.md +0 -0
  466. /package/framework/{v0.4.5 → v0.4.6}/lib/swig-resolver/package.json +0 -0
  467. /package/framework/{v0.4.5 → v0.4.6}/lib/swig-resolver/src/main.js +0 -0
  468. /package/framework/{v0.4.5 → v0.4.6}/lib/url/README.md +0 -0
  469. /package/framework/{v0.4.5 → v0.4.6}/lib/url/index.js +0 -0
  470. /package/framework/{v0.4.5 → v0.4.6}/lib/url/routing.json +0 -0
  471. /package/framework/{v0.4.5 → v0.4.6}/lib/uuid/package.json +0 -0
  472. /package/framework/{v0.4.5 → v0.4.6}/lib/uuid/src/main.js +0 -0
  473. /package/framework/{v0.4.5 → v0.4.6}/lib/validator.js +0 -0
  474. /package/framework/{v0.4.5 → v0.4.6}/lib/watcher/package.json +0 -0
  475. /package/framework/{v0.4.5 → v0.4.6}/lib/watcher/src/main.js +0 -0
@@ -417,6 +417,33 @@ function Server(options) {
417
417
  // so bundle startup fails with a clear message rather than
418
418
  // deferring the failure to the first render attempt.
419
419
  nunjucksResolver.load(self.executionPath, _nunjucksSettings);
420
+
421
+ // #TPL1 — async template-loader extension point. When the bundle
422
+ // configures settings.template.nunjucks.loader, build + validate the
423
+ // loader at startup (fail-fast on bad config, same as the nunjucks
424
+ // load above) and stash it per-bundle keyed by the template root.
425
+ // controller.js routes such bundles to the async delegate
426
+ // (controller.render-nunjucks-async.js), which builds a PER-REQUEST
427
+ // nunjucks Environment over this loader. The default (no-loader) path
428
+ // is untouched — render-nunjucks.js's cached-Environment filesystem path.
429
+ var _loaderCfg = (
430
+ conf.content && conf.content.settings && conf.content.settings.template
431
+ && conf.content.settings.template.nunjucks && conf.content.settings.template.nunjucks.loader
432
+ ) || null;
433
+ if (_loaderCfg) {
434
+ // build() throws on a bad config; let it propagate so bundle startup
435
+ // fails with a clear message rather than 500-ing the first render.
436
+ // It does NOT reach the backend (no network probe at boot).
437
+ var _builtLoader = lib.templateLoaders.build(_loaderCfg, { bundle: self.appName });
438
+ if (_builtLoader && _builtLoader.async === true) {
439
+ if (!process.gina._nunjucksLoaders) { process.gina._nunjucksLoaders = Object.create(null); }
440
+ process.gina._nunjucksLoaders[conf.content.templates._common.html] = {
441
+ loader: _builtLoader,
442
+ autoescape: (_nunjucksSettings.autoescape !== false),
443
+ cache: (_loaderCfg.cache === true) // #TPL1 Tier-2 opt-in compiled-template cache
444
+ };
445
+ }
446
+ }
420
447
  };
421
448
 
422
449
  var initSwigEngine = function(conf) {
@@ -434,6 +461,13 @@ function Server(options) {
434
461
  var dir = conf.content.templates._common.html;
435
462
  var swigOptions = {
436
463
  autoescape: ( typeof(conf.autoescape) != 'undefined') ? conf.autoescape: false,
464
+ // #TPL2 — confined loader (swig-core basepath confinement, CVE-2023-25345).
465
+ // gina no longer resolves any template OUTSIDE the bundle templates root:
466
+ // the processed layout cache lives in-root (controller.render-swig.js
467
+ // .gina-layout-cache) and the dev inspector statusbar is inlined rather
468
+ // than {% include %}-d from the framework core dir. So the loader keeps
469
+ // swig-core's confinement (allowOutsideRoot defaults false) for every
470
+ // resolution, including untrusted nested {% include %} / {% import %}.
437
471
  loader: swig.loaders.fs(dir),
438
472
  cache: (conf.isCacheless) ? false : 'memory'
439
473
  };
@@ -458,6 +492,33 @@ function Server(options) {
458
492
  } catch (err) {
459
493
  throw err;
460
494
  }
495
+
496
+ // #TPL1 — async template-loader extension point. When the bundle
497
+ // configures settings.template.swig.loader, build + validate the loader
498
+ // at startup (fail-fast on bad config, mirroring initNunjucksEngine) and
499
+ // stash it per-bundle keyed by the template root. controller.js routes
500
+ // such bundles to the async delegate (controller.render-swig-async.js),
501
+ // which builds an ISOLATED per-bundle swig engine from this loader — the
502
+ // shared singleton's setDefaults loader above is unused for them. The
503
+ // default (no-loader) path is untouched: byte-identical to pre-#TPL1.
504
+ var _loaderCfg = (
505
+ conf.content && conf.content.settings && conf.content.settings.template
506
+ && conf.content.settings.template.swig && conf.content.settings.template.swig.loader
507
+ ) || null;
508
+ if (_loaderCfg) {
509
+ // build() throws on a bad config; we let it propagate so bundle
510
+ // startup fails with a clear message rather than 500-ing the first
511
+ // render. It does NOT reach the backend (no network probe at boot).
512
+ var _builtLoader = lib.templateLoaders.build(_loaderCfg, { bundle: self.appName });
513
+ if (_builtLoader && _builtLoader.async === true) {
514
+ if (!process.gina._swigLoaders) { process.gina._swigLoaders = Object.create(null); }
515
+ process.gina._swigLoaders[dir] = {
516
+ loader: _builtLoader,
517
+ autoescape: swigOptions.autoescape,
518
+ cache: (_loaderCfg.cache === true) // #TPL1 Tier-2 opt-in compiled-fn cache
519
+ };
520
+ }
521
+ }
461
522
  }
462
523
 
463
524
  /**
@@ -1110,7 +1171,11 @@ function Server(options) {
1110
1171
  var getAssetFilenameFromUrl = function(bundleConf, url) {
1111
1172
 
1112
1173
  var staticsArr = bundleConf.publicResources;
1113
- url = decodeURIComponent( url );
1174
+ // #B30: reachable with an attacker-controlled URL (the HTTP/2 static path
1175
+ // passes request-derived `pathname` here — server.js ~2500), so a malformed
1176
+ // % escape would otherwise throw URIError, uncaught, and crash the bundle.
1177
+ // was: url = decodeURIComponent( url );
1178
+ url = safeDecodeURIComponent( url );
1114
1179
  var staticProps = {
1115
1180
  firstLevel : '/'+ url.split(/\//g)[1] + '/',
1116
1181
  isFile : /^\/[A-Za-z0-9_-]+\.(.*)$/.test(url)
@@ -2215,7 +2280,11 @@ function Server(options) {
2215
2280
  }
2216
2281
 
2217
2282
 
2218
- filename = decodeURIComponent(filename);
2283
+ // #B30: a static-asset request URL with a malformed % escape (e.g.
2284
+ // GET /assets/%E0%.css) would otherwise throw URIError here, uncaught,
2285
+ // and crash the bundle. Fall back to the raw filename on a bad escape.
2286
+ // was: filename = decodeURIComponent(filename);
2287
+ filename = safeDecodeURIComponent(filename);
2219
2288
  let filenameObj = new _(filename, true);
2220
2289
  filenameObj.exists(function onStaticExists(exists) {
2221
2290
  // fs.exists(filename, function onStaticExists(exists) {
@@ -3530,6 +3599,15 @@ function Server(options) {
3530
3599
  });
3531
3600
 
3532
3601
  request.on('end', function onEnd() {
3602
+ // Preserve the exact unparsed body BEFORE processRequestData mutates
3603
+ // request.body into the parsed object. Inbound webhooks that
3604
+ // authenticate via an HMAC computed over the raw request bytes need
3605
+ // the untouched body; by the time middlewares run, the stream is
3606
+ // drained and request.body is the parsed object. request.body is the
3607
+ // fully-accumulated string here ('' when the body was empty). This
3608
+ // is a reference assignment, not a copy. The multipart branch above
3609
+ // uses Busboy and never reaches here, so uploads are unaffected.
3610
+ request.rawBody = (typeof request.body === 'string') ? request.body : '';
3533
3611
  processRequestData(request, response, next);
3534
3612
  });
3535
3613
 
@@ -3591,52 +3669,80 @@ function Server(options) {
3591
3669
  // get rid of encoding issues
3592
3670
  try {
3593
3671
  if ( !/multipart\/form-data;/.test(request.headers['content-type']) ) {
3594
- if ( /application\/x\-www\-form\-urlencoded/.test(request.headers['content-type']) && /\+/.test(request.body) ) {
3595
- request.body = request.body.replace(/\+/g, ' ');
3596
- }
3672
+ if ( /application\/json/i.test(request.headers['content-type']) ) {
3673
+ // #B28 — application/json: parse the body verbatim. JSON already
3674
+ // carries real types, so do NOT url-decode (a %XX inside a string
3675
+ // value would be corrupted) and do NOT apply form-style
3676
+ // "true"/"false"/"on"/"null" coercion or bracket-key expansion —
3677
+ // those are urlencoded-form conventions, not JSON.
3678
+ try {
3679
+ obj = JSON.parse(request.body);
3680
+ request.post = obj;
3681
+ isPostSet = true;
3682
+ } catch (err) {
3683
+ // Tolerate a percent-encoded JSON body (e.g. an
3684
+ // encodeURIComponent / RFC5987-encoded payload). A genuine
3685
+ // raw-JSON body parses on the verbatim attempt above, so a
3686
+ // legitimate %XX inside a string value is never double-decoded
3687
+ // (preserves #B28 intent) — only a non-raw-JSON body reaches here.
3688
+ try {
3689
+ obj = JSON.parse(decodeURIComponent(request.body));
3690
+ request.post = obj;
3691
+ isPostSet = true;
3692
+ } catch (err2) {
3693
+ exception = new Error('Could not parse application/json POST body. '+ err.message);
3694
+ throwError(response, 500, exception, next);
3695
+ return;
3696
+ }
3697
+ }
3698
+ } else {
3699
+ if ( /application\/x\-www\-form\-urlencoded/.test(request.headers['content-type']) && /\+/.test(request.body) ) {
3700
+ request.body = request.body.replace(/\+/g, ' ');
3701
+ }
3597
3702
 
3598
- if ( request.body.substring(0,1) == '?')
3599
- request.body = request.body.substring(1);
3703
+ if ( request.body.substring(0,1) == '?')
3704
+ request.body = request.body.substring(1);
3600
3705
 
3601
- try {
3602
- bodyStr = decodeURIComponent(request.body); // it is already a string for sure
3603
- } catch (err) {
3604
- bodyStr = request.body;
3605
- }
3706
+ try {
3707
+ bodyStr = decodeURIComponent(request.body); // it is already a string for sure
3708
+ } catch (err) {
3709
+ bodyStr = request.body;
3710
+ }
3606
3711
 
3607
- // false & true case
3608
- if ( /(\"false\"|\"true\"|\"on\")/.test(bodyStr) )
3609
- bodyStr = bodyStr.replace(/\"false\"/g, false).replace(/\"true\"/g, true).replace(/\"on\"/g, true);
3610
- if ( /(\"null\")/i.test(bodyStr) )
3611
- bodyStr = bodyStr.replace(/\"null\"/ig, null);
3712
+ // false & true case
3713
+ if ( /(\"false\"|\"true\"|\"on\")/.test(bodyStr) )
3714
+ bodyStr = bodyStr.replace(/\"false\"/g, false).replace(/\"true\"/g, true).replace(/\"on\"/g, true);
3715
+ if ( /(\"null\")/i.test(bodyStr) )
3716
+ bodyStr = bodyStr.replace(/\"null\"/ig, null);
3612
3717
 
3613
- try {
3614
- // obj = parseBody(bodyStr);
3615
- obj = formatDataFromString(bodyStr);
3616
- if ( !obj) {
3617
- exception = new Error('Could not convert POST::BODY_STRING to POST::OBJECT. Possible JSON error in `bodyStr`');
3618
- throwError(response, 500, exception, next);
3619
- return;
3620
- }
3621
- request.post = obj;
3622
- isPostSet = true;
3623
- } catch (err) {
3624
- // ignore this one
3625
- msg = '[ Could properly evaluate POST ] '+ request.url +'\n'+ err.stack;
3626
- console.warn(msg);
3627
- }
3628
- if (!isPostSet) {
3629
3718
  try {
3630
- if (obj.count() == 0 && bodyStr.length > 1) {
3631
- request.post = obj;
3632
- } else {
3633
- request.post = JSON.parse(bodyStr)
3719
+ // obj = parseBody(bodyStr);
3720
+ obj = formatDataFromString(bodyStr);
3721
+ if ( !obj) {
3722
+ exception = new Error('Could not convert POST::BODY_STRING to POST::OBJECT. Possible JSON error in `bodyStr`');
3723
+ throwError(response, 500, exception, next);
3724
+ return;
3634
3725
  }
3635
-
3726
+ request.post = obj;
3727
+ isPostSet = true;
3636
3728
  } catch (err) {
3637
- msg = '[ Exception found for POST ] '+ request.url +'\n'+ err.stack;
3729
+ // ignore this one
3730
+ msg = '[ Could properly evaluate POST ] '+ request.url +'\n'+ err.stack;
3638
3731
  console.warn(msg);
3639
3732
  }
3733
+ if (!isPostSet) {
3734
+ try {
3735
+ if (obj.count() == 0 && bodyStr.length > 1) {
3736
+ request.post = obj;
3737
+ } else {
3738
+ request.post = JSON.parse(bodyStr)
3739
+ }
3740
+
3741
+ } catch (err) {
3742
+ msg = '[ Exception found for POST ] '+ request.url +'\n'+ err.stack;
3743
+ console.warn(msg);
3744
+ }
3745
+ }
3640
3746
  }
3641
3747
  }
3642
3748
 
@@ -3701,7 +3807,17 @@ function Server(options) {
3701
3807
 
3702
3808
 
3703
3809
  if ( typeof(request.query.inheritedData) == 'string' ) {
3704
- inheritedDataObj = formatDataFromString(decodeURIComponent(request.query.inheritedData));
3810
+ // #B30: request.query.inheritedData is ALREADY percent-decoded once by
3811
+ // the engine query parser (server.isaac.js / express qs), and
3812
+ // formatDataFromString performs its OWN guarded internal decode. The
3813
+ // explicit decodeURIComponent here was a redundant SECOND decode whose
3814
+ // only effects were (a) a URIError crash on a literal '%' surviving the
3815
+ // first decode — e.g. inheritedData carrying {"x":"50%off"} → "%of" is a
3816
+ // malformed escape → the bundle dies (URIError → proc.js uncaughtException → SIGTERM) — and
3817
+ // (b) extra silent double-decode corruption. Dropped: formatDataFromString
3818
+ // supplies the single guarded decode.
3819
+ // was: inheritedDataObj = formatDataFromString(decodeURIComponent(request.query.inheritedData));
3820
+ inheritedDataObj = formatDataFromString(request.query.inheritedData);
3705
3821
  } else {
3706
3822
  inheritedDataObj = JSON.clone(request.query.inheritedData);
3707
3823
  }
@@ -3718,7 +3834,11 @@ function Server(options) {
3718
3834
  bodyStr = bodyStr.replace(/\"null\"/ig, null);
3719
3835
 
3720
3836
 
3721
- obj = formatDataFromString(decodeURIComponent(bodyStr));
3837
+ // #B30: redundant second decode dropped (see the GET inheritedData note
3838
+ // above) — request.query values are already engine-decoded and
3839
+ // formatDataFromString self-guards its own decode.
3840
+ // was: obj = formatDataFromString(decodeURIComponent(bodyStr));
3841
+ obj = formatDataFromString(bodyStr);
3722
3842
 
3723
3843
  request.query = merge(obj, inheritedDataObj);
3724
3844
  // delete obj;
@@ -3743,34 +3863,54 @@ function Server(options) {
3743
3863
  // get rid of encoding issues
3744
3864
  try {
3745
3865
  if ( !/multipart\/form-data;/.test(request.headers['content-type']) ) {
3746
- if ( /application\/x\-www\-form\-urlencoded/.test(request.headers['content-type']) ) {
3747
- request.body = request.body.replace(/\+/g, ' ');
3748
- }
3866
+ if ( /application\/json/i.test(request.headers['content-type']) ) {
3867
+ // #B28 — application/json: parse the body verbatim. JSON already
3868
+ // carries real types, so do NOT url-decode (a %XX inside a string
3869
+ // value would be corrupted) and do NOT apply form-style
3870
+ // "true"/"false"/"on"/"null" coercion or bracket-key expansion —
3871
+ // those are urlencoded-form conventions, not JSON.
3872
+ try {
3873
+ obj = JSON.parse(request.body);
3874
+ } catch (err) {
3875
+ // Tolerate a percent-encoded JSON body (see the POST branch).
3876
+ // The verbatim attempt above wins for genuine raw JSON, so
3877
+ // #B28 intent holds and only an encoded body reaches here.
3878
+ try {
3879
+ obj = JSON.parse(decodeURIComponent(request.body));
3880
+ } catch (err2) {
3881
+ console.warn('[ Could not parse application/json PUT body ] '+ request.url +'\n'+ err.stack);
3882
+ }
3883
+ }
3884
+ } else {
3885
+ if ( /application\/x\-www\-form\-urlencoded/.test(request.headers['content-type']) ) {
3886
+ request.body = request.body.replace(/\+/g, ' ');
3887
+ }
3749
3888
 
3750
- if ( request.body.substring(0,1) == '?')
3751
- request.body = request.body.substring(1);
3889
+ if ( request.body.substring(0,1) == '?')
3890
+ request.body = request.body.substring(1);
3752
3891
 
3753
- // false & true case
3754
- try {
3755
- bodyStr = decodeURIComponent(request.body); // it is already a string for sure
3756
- } catch (err) {
3757
- bodyStr = request.body;
3758
- }
3892
+ // false & true case
3893
+ try {
3894
+ bodyStr = decodeURIComponent(request.body); // it is already a string for sure
3895
+ } catch (err) {
3896
+ bodyStr = request.body;
3897
+ }
3759
3898
 
3760
- // false & true case
3761
- if ( /(\"false\"|\"true\"|\"on\")/.test(bodyStr) )
3762
- bodyStr = bodyStr.replace(/\"false\"/g, false).replace(/\"true\"/g, true).replace(/\"on\"/g, true);
3763
- if ( /(\"null\")/i.test(bodyStr) )
3764
- bodyStr = bodyStr.replace(/\"null\"/ig, null);
3899
+ // false & true case
3900
+ if ( /(\"false\"|\"true\"|\"on\")/.test(bodyStr) )
3901
+ bodyStr = bodyStr.replace(/\"false\"/g, false).replace(/\"true\"/g, true).replace(/\"on\"/g, true);
3902
+ if ( /(\"null\")/i.test(bodyStr) )
3903
+ bodyStr = bodyStr.replace(/\"null\"/ig, null);
3765
3904
 
3766
- obj = formatDataFromString(bodyStr);
3905
+ obj = formatDataFromString(bodyStr);
3767
3906
 
3768
3907
 
3769
- if ( typeof(obj) != 'undefined' && obj.count() == 0 && bodyStr.length > 1 ) {
3770
- try {
3771
- request.put = merge(request.put, obj);
3772
- } catch (err) {
3773
- console.log('Case `put` #0 [ merge error ]: ' + (err.stack||err.message))
3908
+ if ( typeof(obj) != 'undefined' && obj.count() == 0 && bodyStr.length > 1 ) {
3909
+ try {
3910
+ request.put = merge(request.put, obj);
3911
+ } catch (err) {
3912
+ console.log('Case `put` #0 [ merge error ]: ' + (err.stack||err.message))
3913
+ }
3774
3914
  }
3775
3915
  }
3776
3916
  }
@@ -3833,40 +3973,66 @@ function Server(options) {
3833
3973
  if ( typeof(request.body) == 'string' ) {
3834
3974
  try {
3835
3975
  if ( !/multipart\/form-data;/.test(request.headers['content-type']) ) {
3836
- if ( /application\/x\-www\-form\-urlencoded/.test(request.headers['content-type']) && /\+/.test(request.body) ) {
3837
- request.body = request.body.replace(/\+/g, ' ');
3838
- }
3839
- if ( request.body.substring(0,1) == '?' )
3840
- request.body = request.body.substring(1);
3841
- try {
3842
- bodyStr = decodeURIComponent(request.body);
3843
- } catch (err) {
3844
- bodyStr = request.body;
3845
- }
3846
- if ( /(\"false\"|\"true\"|\"on\")/.test(bodyStr) )
3847
- bodyStr = bodyStr.replace(/\"false\"/g, false).replace(/\"true\"/g, true).replace(/\"on\"/g, true);
3848
- if ( /(\"null\")/i.test(bodyStr) )
3849
- bodyStr = bodyStr.replace(/\"null\"/ig, null);
3850
- try {
3851
- obj = formatDataFromString(bodyStr);
3852
- if ( !obj ) {
3853
- exception = new Error('Could not convert PATCH::BODY_STRING to PATCH::OBJECT. Possible JSON error in `bodyStr`');
3854
- throwError(response, 500, exception, next);
3855
- return;
3976
+ if ( /application\/json/i.test(request.headers['content-type']) ) {
3977
+ // #B28 — application/json: parse the body verbatim. JSON already
3978
+ // carries real types, so do NOT url-decode (a %XX inside a string
3979
+ // value would be corrupted) and do NOT apply form-style
3980
+ // "true"/"false"/"on"/"null" coercion or bracket-key expansion —
3981
+ // those are urlencoded-form conventions, not JSON.
3982
+ try {
3983
+ obj = JSON.parse(request.body);
3984
+ request.patch = obj;
3985
+ isPatchSet = true;
3986
+ } catch (err) {
3987
+ // Tolerate a percent-encoded JSON body (see the POST branch).
3988
+ // The verbatim attempt above wins for genuine raw JSON, so
3989
+ // #B28 intent holds and only an encoded body reaches here.
3990
+ try {
3991
+ obj = JSON.parse(decodeURIComponent(request.body));
3992
+ request.patch = obj;
3993
+ isPatchSet = true;
3994
+ } catch (err2) {
3995
+ exception = new Error('Could not parse application/json PATCH body. '+ err.message);
3996
+ throwError(response, 500, exception, next);
3997
+ return;
3998
+ }
3856
3999
  }
3857
- request.patch = obj;
3858
- isPatchSet = true;
3859
- } catch (err) {
3860
- msg = '[ Could not properly evaluate PATCH ] '+ request.url +'\n'+ err.stack;
3861
- console.warn(msg);
3862
- }
3863
- if (!isPatchSet) {
4000
+ } else {
4001
+ if ( /application\/x\-www\-form\-urlencoded/.test(request.headers['content-type']) && /\+/.test(request.body) ) {
4002
+ request.body = request.body.replace(/\+/g, ' ');
4003
+ }
4004
+ if ( request.body.substring(0,1) == '?' )
4005
+ request.body = request.body.substring(1);
4006
+ try {
4007
+ bodyStr = decodeURIComponent(request.body);
4008
+ } catch (err) {
4009
+ bodyStr = request.body;
4010
+ }
4011
+ if ( /(\"false\"|\"true\"|\"on\")/.test(bodyStr) )
4012
+ bodyStr = bodyStr.replace(/\"false\"/g, false).replace(/\"true\"/g, true).replace(/\"on\"/g, true);
4013
+ if ( /(\"null\")/i.test(bodyStr) )
4014
+ bodyStr = bodyStr.replace(/\"null\"/ig, null);
3864
4015
  try {
3865
- request.patch = ( obj.count() == 0 && bodyStr.length > 1 ) ? obj : JSON.parse(bodyStr);
4016
+ obj = formatDataFromString(bodyStr);
4017
+ if ( !obj ) {
4018
+ exception = new Error('Could not convert PATCH::BODY_STRING to PATCH::OBJECT. Possible JSON error in `bodyStr`');
4019
+ throwError(response, 500, exception, next);
4020
+ return;
4021
+ }
4022
+ request.patch = obj;
4023
+ isPatchSet = true;
3866
4024
  } catch (err) {
3867
- msg = '[ Exception found for PATCH ] '+ request.url +'\n'+ err.stack;
4025
+ msg = '[ Could not properly evaluate PATCH ] '+ request.url +'\n'+ err.stack;
3868
4026
  console.warn(msg);
3869
4027
  }
4028
+ if (!isPatchSet) {
4029
+ try {
4030
+ request.patch = ( obj.count() == 0 && bodyStr.length > 1 ) ? obj : JSON.parse(bodyStr);
4031
+ } catch (err) {
4032
+ msg = '[ Exception found for PATCH ] '+ request.url +'\n'+ err.stack;
4033
+ console.warn(msg);
4034
+ }
4035
+ }
3870
4036
  }
3871
4037
  }
3872
4038
  } catch (err) {
@@ -3916,7 +4082,9 @@ function Server(options) {
3916
4082
  var headInheritedDataObj = {};
3917
4083
  if ( typeof(request.query.inheritedData) != 'undefined' ) {
3918
4084
  if ( typeof(request.query.inheritedData) == 'string' ) {
3919
- headInheritedDataObj = formatDataFromString(decodeURIComponent(request.query.inheritedData));
4085
+ // #B30: redundant second decode dropped (see the GET inheritedData note).
4086
+ // was: headInheritedDataObj = formatDataFromString(decodeURIComponent(request.query.inheritedData));
4087
+ headInheritedDataObj = formatDataFromString(request.query.inheritedData);
3920
4088
  } else {
3921
4089
  headInheritedDataObj = JSON.clone(request.query.inheritedData);
3922
4090
  }
@@ -3927,7 +4095,9 @@ function Server(options) {
3927
4095
  bodyStr = bodyStr.replace(/\"false\"/ig, false).replace(/\"true\"/ig, true).replace(/\"on\"/ig, true);
3928
4096
  if ( /(\"null\")/i.test(bodyStr) )
3929
4097
  bodyStr = bodyStr.replace(/\"null\"/ig, null);
3930
- obj = formatDataFromString(decodeURIComponent(bodyStr));
4098
+ // #B30: redundant second decode dropped (see the GET inheritedData note).
4099
+ // was: obj = formatDataFromString(decodeURIComponent(bodyStr));
4100
+ obj = formatDataFromString(bodyStr);
3931
4101
  request.query = merge(obj, headInheritedDataObj);
3932
4102
  obj = null;
3933
4103
  headInheritedDataObj = null;
@@ -4373,7 +4543,7 @@ function Server(options) {
4373
4543
  // lookupTrie returns null when no trie is available → linear scan runs normally.
4374
4544
  var _trieCandidateSet = null;
4375
4545
  if (!hasCachedRoute) {
4376
- var _trieHits = routingLib.lookupTrie(decodeURI(pathname), bundle);
4546
+ var _trieHits = routingLib.lookupTrie(safeDecodeURI(pathname), bundle); // #B30: malformed-%-safe — a bad escape here would otherwise reject the async dispatch promise → hung request
4377
4547
  if (_trieHits !== null && _trieHits.length > 0) {
4378
4548
  _trieCandidateSet = new Set(_trieHits);
4379
4549
  }
@@ -4463,7 +4633,7 @@ function Server(options) {
4463
4633
  control : routing[name].param.control,
4464
4634
  requirements : routing[name].requirements,
4465
4635
  namespace : routing[name].namespace || undefined,
4466
- url : decodeURI(pathname), /// avoid %20
4636
+ url : safeDecodeURI(pathname), /// avoid %20 — #B30 malformed-%-safe
4467
4637
  rule : routing[name].originalRule || name,
4468
4638
  cache : routing[name].cache || null,
4469
4639
  queryTimeout : parseTimeout(routing[name].queryTimeout) || null,
@@ -4763,7 +4933,13 @@ function Server(options) {
4763
4933
  // console.error(local.request.method +' [ '+code+' ] '+ local.request.url);
4764
4934
  console.error('[ BUNDLE ][ '+self.appName+' ] '+ local.request.method +' [ '+code+' ] \n'+ msg);
4765
4935
  // intercept none HTML mime types
4766
- var url = decodeURI(local.request.url) /// avoid %20
4936
+ // #B30: throwError is the central error responder, reached synchronously from many
4937
+ // request callbacks; an unguarded decodeURI of a malformed-% URL here throws URIError →
4938
+ // proc.js uncaughtException handler (proc.js:319) → emerg + SIGTERM → the bundle dies
4939
+ // (it even turns a would-be graceful 404 on a malformed-% URL into a crash).
4940
+ // safeDecodeURI falls back to the raw URL.
4941
+ // was: var url = decodeURI(local.request.url) /// avoid %20
4942
+ var url = safeDecodeURI(local.request.url) /// avoid %20
4767
4943
  , ext = null
4768
4944
  , isHtmlContent = false
4769
4945
  , hasCustomErrorFile = false
@@ -12,9 +12,6 @@
12
12
  "node": ">=0.10.22"
13
13
  },
14
14
  "main": "src/main",
15
- "scripts": {
16
- "test": "nodeunit test"
17
- },
18
15
  "license": "MIT",
19
16
  "readmeFilename": "README.md"
20
17
  }
@@ -49,6 +49,56 @@ function DataHelper(){
49
49
  replace(/%(?:7C|60|5E)/g, unescape);
50
50
  };
51
51
 
52
+ /**
53
+ * Percent-decodes a string, returning the input UNCHANGED when it is not a
54
+ * valid URI component. `decodeURIComponent` throws `URIError` on a malformed
55
+ * escape (a bare `%`, `%zz`, or a truncated `%E0%A`). On the server request
56
+ * path an attacker-controlled malformed `%` in a URL / query string would
57
+ * otherwise reach an unguarded `decodeURIComponent`, throw, and — since the
58
+ * framework runs no `uncaughtException` handler — take the whole bundle down
59
+ * (#B30). Use this at every server-side decode of attacker-controllable
60
+ * input where the decode is the genuine (first) decode and cannot simply be
61
+ * dropped; it mirrors the try/decode/fallback-to-raw idiom already used in
62
+ * the POST/PUT/PATCH body branches of `processRequestData`.
63
+ *
64
+ * @param {string} str - the value to decode
65
+ * @returns {string} the decoded value, or the original string on URIError
66
+ * @example
67
+ * safeDecodeURIComponent('a%20b'); // 'a b'
68
+ * safeDecodeURIComponent('100%'); // '100%' (decodeURIComponent would throw URIError)
69
+ */
70
+ safeDecodeURIComponent = function(str) {
71
+ try {
72
+ return decodeURIComponent(str);
73
+ } catch (err) {
74
+ return str;
75
+ }
76
+ };
77
+
78
+ /**
79
+ * Like {@link safeDecodeURIComponent} but for whole-URI decoding: wraps
80
+ * `decodeURI` (which leaves URI-reserved characters such as `/ ? #` intact —
81
+ * used across the routing and error-handler paths to turn `%20` back into a
82
+ * space without touching path separators). `decodeURI` throws the SAME
83
+ * `URIError` as `decodeURIComponent` on a malformed escape, so an unguarded
84
+ * call on the request URL / pathname crashes the bundle the same way (#B30) —
85
+ * including from inside `throwError`, which would turn a graceful error into a
86
+ * crash. Returns the input unchanged on a malformed escape.
87
+ *
88
+ * @param {string} str - the value to decode
89
+ * @returns {string} the decoded value, or the original string on URIError
90
+ * @example
91
+ * safeDecodeURI('/a%20b'); // '/a b'
92
+ * safeDecodeURI('/a%E0%A'); // '/a%E0%A' (decodeURI would throw URIError)
93
+ */
94
+ safeDecodeURI = function(str) {
95
+ try {
96
+ return decodeURI(str);
97
+ } catch (err) {
98
+ return str;
99
+ }
100
+ };
101
+
52
102
  /**
53
103
  * Convert JSON string with structured keys to object
54
104
  *
@@ -153,7 +203,11 @@ function DataHelper(){
153
203
  for (var i = 0, len = arr.length; i < len; ++i) {
154
204
  if (!arr[i]) continue;
155
205
 
156
- arr[i] = decodeURIComponent(arr[i]);
206
+ // #B30: tolerate a malformed `%` escape (fall back to the raw
207
+ // segment) instead of letting decodeURIComponent throw URIError —
208
+ // an unguarded throw here propagates to processRequestData with no
209
+ // uncaughtException handler and crashes the bundle.
210
+ arr[i] = safeDecodeURIComponent(arr[i]);
157
211
 
158
212
  if ( /^\{/.test(arr[i]) || /\=\{/.test(arr[i]) || /\=\[/.test(arr[i]) ) {
159
213
  try {
@@ -182,8 +236,9 @@ function DataHelper(){
182
236
 
183
237
  if ( typeof(el[1]) == 'string' && !/\[object /.test(el[1])) {
184
238
  key = null;
185
- el[0] = decodeURIComponent(el[0]);
186
- el[1] = decodeURIComponent(el[1]);
239
+ // #B30: malformed-%-safe decode (see the arr[] loop above).
240
+ el[0] = safeDecodeURIComponent(el[0]);
241
+ el[1] = safeDecodeURIComponent(el[1]);
187
242
 
188
243
  if ( /^(.*)\[(.*)\]/.test(el[0]) ) { // some[field] ?
189
244
  key = el[0].replace(/\]/g, '').split(/\[/g);
@@ -12,9 +12,6 @@
12
12
  "node": ">=0.10.22"
13
13
  },
14
14
  "main": "src/main",
15
- "scripts": {
16
- "test": "nodeunit test"
17
- },
18
15
  "license": "MIT",
19
16
  "readmeFilename": "README.md"
20
17
  }
@@ -12,9 +12,6 @@
12
12
  "node": ">=0.10.22"
13
13
  },
14
14
  "main": "src/main",
15
- "scripts": {
16
- "test": "nodeunit test"
17
- },
18
15
  "license": "MIT",
19
16
  "readmeFilename": "README.md"
20
17
  }
@@ -12,9 +12,6 @@
12
12
  "node": ">=0.10.22"
13
13
  },
14
14
  "main": "src/main",
15
- "scripts": {
16
- "test": "nodeunit test"
17
- },
18
15
  "license": "MIT",
19
16
  "readmeFilename": "README.md"
20
17
  }