hightjs 0.5.5 → 1.0.1

package/dist/client/entry.client.js

@@ -84,7 +84,7 @@ function App({ componentMap, routes, initialComponentPath, initialParams, layout
     // Inicializa o componente e params baseado na URL ATUAL (não no initialComponentPath)
     const [CurrentPageComponent, setCurrentPageComponent] = (0, react_1.useState)(() => {
         // Pega a rota atual da URL
-        const currentPath = window.location.pathname;
+        const currentPath = window.location.pathname.replace("index.html", '');
         const match = findRouteForPath(currentPath);
         if (match) {
             return componentMap[match.componentPath];
@@ -94,7 +94,7 @@ function App({ componentMap, routes, initialComponentPath, initialParams, layout
     });
     const [params, setParams] = (0, react_1.useState)(() => {
         // Pega os params da URL atual
-        const currentPath = window.location.pathname;
+        const currentPath = window.location.pathname.replace("index.html", '');
         const match = findRouteForPath(currentPath);
         return match ? match.params : {};
     });
@@ -155,11 +155,12 @@ function App({ componentMap, routes, initialComponentPath, initialParams, layout
         };
     }, []);
     const updateRoute = (0, react_1.useCallback)(() => {
-        const currentPath = clientRouter_1.router.pathname;
+        const currentPath = clientRouter_1.router.pathname.replace("index.html", '');
         const match = findRouteForPath(currentPath);
         if (match) {
             setCurrentPageComponent(() => componentMap[match.componentPath]);
             setParams(match.params);
+            // setar o titulo da página se necessário
         }
         else {
             // Se não encontrou rota, define como null para mostrar 404

package/dist/helpers.js

@@ -337,10 +337,23 @@ async function initNativeServer(hwebApp, options, port, hostname) {
         res.setHeader('X-Frame-Options', 'DENY');
         res.setHeader('X-XSS-Protection', '1; mode=block');
         res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
-        // IMPORTANTE: Adiciona HSTS (Strict-Transport-Security) se estiver em modo SSL
-        // Isso força o navegador a usar HTTPS no futuro.
+        // Aplica headers de segurança configurados
+        if (hightConfig.security?.contentSecurityPolicy) {
+            res.setHeader('Content-Security-Policy', hightConfig.security.contentSecurityPolicy);
+        }
+        if (hightConfig.security?.permissionsPolicy) {
+            res.setHeader('Permissions-Policy', hightConfig.security.permissionsPolicy);
+        }
+        // HSTS (Strict-Transport-Security) - usa configuração customizada ou padrão se estiver em SSL
         if (options.ssl) {
-            res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
+            const hstsValue = hightConfig.security?.strictTransportSecurity || 'max-age=31536000; includeSubDomains';
+            res.setHeader('Strict-Transport-Security', hstsValue);
+        }
+        // Aplica headers personalizados
+        if (hightConfig.customHeaders) {
+            for (const [headerName, headerValue] of Object.entries(hightConfig.customHeaders)) {
+                res.setHeader(headerName, headerValue);
+            }
         }
         // Timeout por requisição (usa configuração personalizada)
         req.setTimeout(hightConfig.individualRequestTimeout || 30000, () => {

package/dist/types.d.ts

@@ -111,6 +111,32 @@ export interface HightConfig {
          */
         enabled?: boolean;
     };
+    /**
+     * Configurações de segurança de headers HTTP.
+     */
+    security?: {
+        /**
+         * Content-Security-Policy: Define de onde o navegador pode carregar recursos.
+         * Exemplo: "default-src 'self'; script-src 'self' 'unsafe-inline'"
+         */
+        contentSecurityPolicy?: string;
+        /**
+         * Permissions-Policy: Controla quais recursos e APIs o navegador pode usar.
+         * Exemplo: "geolocation=(), microphone=()"
+         */
+        permissionsPolicy?: string;
+        /**
+         * Strict-Transport-Security: Força o uso de HTTPS.
+         * Padrão (quando SSL ativo): "max-age=31536000; includeSubDomains"
+         * Exemplo: "max-age=63072000; includeSubDomains; preload"
+         */
+        strictTransportSecurity?: string;
+    };
+    /**
+     * Headers HTTP personalizados que serão adicionados a todas as respostas.
+     * Exemplo: { 'X-Custom-Header': 'value', 'X-Powered-By': 'HightJS' }
+     */
+    customHeaders?: Record<string, string>;
 }
 /**
  * Tipo da função de configuração que pode ser exportada no hightjs.config.js

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hightjs",
-  "version": "0.5.5",
+  "version": "1.0.1",
   "description": "HightJS is a high-level framework for building web applications with ease and speed. It provides a robust set of tools and features to streamline development and enhance productivity.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -68,7 +68,7 @@
   "devDependencies": {
     "@types/express": "^4.17.21",
     "@types/fs-extra": "^11.0.4",
-    "@types/node": "^20.11.24",
+    "@types/node": "^20.19.27",
     "@types/react": "^19.2.0",
     "@types/react-dom": "^19.2.0",
     "@types/ws": "^8.18.1",

package/src/client/entry.client.tsx

@@ -61,7 +61,7 @@ function App({ componentMap, routes, initialComponentPath, initialParams, layout
     // Inicializa o componente e params baseado na URL ATUAL (não no initialComponentPath)
     const [CurrentPageComponent, setCurrentPageComponent] = useState(() => {
         // Pega a rota atual da URL
-        const currentPath = window.location.pathname;
+        const currentPath = window.location.pathname.replace("index.html", '');
         const match = findRouteForPath(currentPath);
 
         if (match) {
@@ -74,7 +74,7 @@ function App({ componentMap, routes, initialComponentPath, initialParams, layout
 
     const [params, setParams] = useState(() => {
         // Pega os params da URL atual
-        const currentPath = window.location.pathname;
+        const currentPath = window.location.pathname.replace("index.html", '');
         const match = findRouteForPath(currentPath);
         return match ? match.params : {};
     });
@@ -147,11 +147,13 @@ function App({ componentMap, routes, initialComponentPath, initialParams, layout
 
 
     const updateRoute = useCallback(() => {
-        const currentPath = router.pathname;
+        const currentPath = router.pathname.replace("index.html", '');
         const match = findRouteForPath(currentPath);
         if (match) {
             setCurrentPageComponent(() => componentMap[match.componentPath]);
             setParams(match.params);
+            // setar o titulo da página se necessário
+
         } else {
             // Se não encontrou rota, define como null para mostrar 404
             setCurrentPageComponent(null);

package/src/helpers.ts

@@ -365,10 +365,26 @@ async function initNativeServer(hwebApp: HWebApp, options: HightJSOptions, port:
         res.setHeader('X-XSS-Protection', '1; mode=block');
         res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
 
-        // IMPORTANTE: Adiciona HSTS (Strict-Transport-Security) se estiver em modo SSL
-        // Isso força o navegador a usar HTTPS no futuro.
+        // Aplica headers de segurança configurados
+        if (hightConfig.security?.contentSecurityPolicy) {
+            res.setHeader('Content-Security-Policy', hightConfig.security.contentSecurityPolicy);
+        }
+
+        if (hightConfig.security?.permissionsPolicy) {
+            res.setHeader('Permissions-Policy', hightConfig.security.permissionsPolicy);
+        }
+
+        // HSTS (Strict-Transport-Security) - usa configuração customizada ou padrão se estiver em SSL
         if (options.ssl) {
-            res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
+            const hstsValue = hightConfig.security?.strictTransportSecurity || 'max-age=31536000; includeSubDomains';
+            res.setHeader('Strict-Transport-Security', hstsValue);
+        }
+
+        // Aplica headers personalizados
+        if (hightConfig.customHeaders) {
+            for (const [headerName, headerValue] of Object.entries(hightConfig.customHeaders)) {
+                res.setHeader(headerName, headerValue);
+            }
         }
 
         // Timeout por requisição (usa configuração personalizada)

package/src/types.ts

@@ -147,6 +147,36 @@ export interface HightConfig {
          */
         enabled?: boolean;
     };
+
+    /**
+     * Configurações de segurança de headers HTTP.
+     */
+    security?: {
+        /**
+         * Content-Security-Policy: Define de onde o navegador pode carregar recursos.
+         * Exemplo: "default-src 'self'; script-src 'self' 'unsafe-inline'"
+         */
+        contentSecurityPolicy?: string;
+
+        /**
+         * Permissions-Policy: Controla quais recursos e APIs o navegador pode usar.
+         * Exemplo: "geolocation=(), microphone=()"
+         */
+        permissionsPolicy?: string;
+
+        /**
+         * Strict-Transport-Security: Força o uso de HTTPS.
+         * Padrão (quando SSL ativo): "max-age=31536000; includeSubDomains"
+         * Exemplo: "max-age=63072000; includeSubDomains; preload"
+         */
+        strictTransportSecurity?: string;
+    };
+
+    /**
+     * Headers HTTP personalizados que serão adicionados a todas as respostas.
+     * Exemplo: { 'X-Custom-Header': 'value', 'X-Powered-By': 'HightJS' }
+     */
+    customHeaders?: Record<string, string>;
 }
 
 /**