hightjs 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client/entry.client.js +1 -0
- package/dist/helpers.js +16 -3
- package/dist/types.d.ts +26 -0
- package/package.json +2 -2
- package/src/client/entry.client.tsx +2 -0
- package/src/helpers.ts +19 -3
- package/src/types.ts +30 -0
|
@@ -160,6 +160,7 @@ function App({ componentMap, routes, initialComponentPath, initialParams, layout
|
|
|
160
160
|
if (match) {
|
|
161
161
|
setCurrentPageComponent(() => componentMap[match.componentPath]);
|
|
162
162
|
setParams(match.params);
|
|
163
|
+
// setar o titulo da página se necessário
|
|
163
164
|
}
|
|
164
165
|
else {
|
|
165
166
|
// Se não encontrou rota, define como null para mostrar 404
|
package/dist/helpers.js
CHANGED
|
@@ -337,10 +337,23 @@ async function initNativeServer(hwebApp, options, port, hostname) {
|
|
|
337
337
|
res.setHeader('X-Frame-Options', 'DENY');
|
|
338
338
|
res.setHeader('X-XSS-Protection', '1; mode=block');
|
|
339
339
|
res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
|
|
340
|
-
//
|
|
341
|
-
|
|
340
|
+
// Aplica headers de segurança configurados
|
|
341
|
+
if (hightConfig.security?.contentSecurityPolicy) {
|
|
342
|
+
res.setHeader('Content-Security-Policy', hightConfig.security.contentSecurityPolicy);
|
|
343
|
+
}
|
|
344
|
+
if (hightConfig.security?.permissionsPolicy) {
|
|
345
|
+
res.setHeader('Permissions-Policy', hightConfig.security.permissionsPolicy);
|
|
346
|
+
}
|
|
347
|
+
// HSTS (Strict-Transport-Security) - usa configuração customizada ou padrão se estiver em SSL
|
|
342
348
|
if (options.ssl) {
|
|
343
|
-
|
|
349
|
+
const hstsValue = hightConfig.security?.strictTransportSecurity || 'max-age=31536000; includeSubDomains';
|
|
350
|
+
res.setHeader('Strict-Transport-Security', hstsValue);
|
|
351
|
+
}
|
|
352
|
+
// Aplica headers personalizados
|
|
353
|
+
if (hightConfig.customHeaders) {
|
|
354
|
+
for (const [headerName, headerValue] of Object.entries(hightConfig.customHeaders)) {
|
|
355
|
+
res.setHeader(headerName, headerValue);
|
|
356
|
+
}
|
|
344
357
|
}
|
|
345
358
|
// Timeout por requisição (usa configuração personalizada)
|
|
346
359
|
req.setTimeout(hightConfig.individualRequestTimeout || 30000, () => {
|
package/dist/types.d.ts
CHANGED
|
@@ -111,6 +111,32 @@ export interface HightConfig {
|
|
|
111
111
|
*/
|
|
112
112
|
enabled?: boolean;
|
|
113
113
|
};
|
|
114
|
+
/**
|
|
115
|
+
* Configurações de segurança de headers HTTP.
|
|
116
|
+
*/
|
|
117
|
+
security?: {
|
|
118
|
+
/**
|
|
119
|
+
* Content-Security-Policy: Define de onde o navegador pode carregar recursos.
|
|
120
|
+
* Exemplo: "default-src 'self'; script-src 'self' 'unsafe-inline'"
|
|
121
|
+
*/
|
|
122
|
+
contentSecurityPolicy?: string;
|
|
123
|
+
/**
|
|
124
|
+
* Permissions-Policy: Controla quais recursos e APIs o navegador pode usar.
|
|
125
|
+
* Exemplo: "geolocation=(), microphone=()"
|
|
126
|
+
*/
|
|
127
|
+
permissionsPolicy?: string;
|
|
128
|
+
/**
|
|
129
|
+
* Strict-Transport-Security: Força o uso de HTTPS.
|
|
130
|
+
* Padrão (quando SSL ativo): "max-age=31536000; includeSubDomains"
|
|
131
|
+
* Exemplo: "max-age=63072000; includeSubDomains; preload"
|
|
132
|
+
*/
|
|
133
|
+
strictTransportSecurity?: string;
|
|
134
|
+
};
|
|
135
|
+
/**
|
|
136
|
+
* Headers HTTP personalizados que serão adicionados a todas as respostas.
|
|
137
|
+
* Exemplo: { 'X-Custom-Header': 'value', 'X-Powered-By': 'HightJS' }
|
|
138
|
+
*/
|
|
139
|
+
customHeaders?: Record<string, string>;
|
|
114
140
|
}
|
|
115
141
|
/**
|
|
116
142
|
* Tipo da função de configuração que pode ser exportada no hightjs.config.js
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "hightjs",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.1",
|
|
4
4
|
"description": "HightJS is a high-level framework for building web applications with ease and speed. It provides a robust set of tools and features to streamline development and enhance productivity.",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -68,7 +68,7 @@
|
|
|
68
68
|
"devDependencies": {
|
|
69
69
|
"@types/express": "^4.17.21",
|
|
70
70
|
"@types/fs-extra": "^11.0.4",
|
|
71
|
-
"@types/node": "^20.
|
|
71
|
+
"@types/node": "^20.19.27",
|
|
72
72
|
"@types/react": "^19.2.0",
|
|
73
73
|
"@types/react-dom": "^19.2.0",
|
|
74
74
|
"@types/ws": "^8.18.1",
|
|
@@ -152,6 +152,8 @@ function App({ componentMap, routes, initialComponentPath, initialParams, layout
|
|
|
152
152
|
if (match) {
|
|
153
153
|
setCurrentPageComponent(() => componentMap[match.componentPath]);
|
|
154
154
|
setParams(match.params);
|
|
155
|
+
// setar o titulo da página se necessário
|
|
156
|
+
|
|
155
157
|
} else {
|
|
156
158
|
// Se não encontrou rota, define como null para mostrar 404
|
|
157
159
|
setCurrentPageComponent(null);
|
package/src/helpers.ts
CHANGED
|
@@ -365,10 +365,26 @@ async function initNativeServer(hwebApp: HWebApp, options: HightJSOptions, port:
|
|
|
365
365
|
res.setHeader('X-XSS-Protection', '1; mode=block');
|
|
366
366
|
res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
|
|
367
367
|
|
|
368
|
-
//
|
|
369
|
-
|
|
368
|
+
// Aplica headers de segurança configurados
|
|
369
|
+
if (hightConfig.security?.contentSecurityPolicy) {
|
|
370
|
+
res.setHeader('Content-Security-Policy', hightConfig.security.contentSecurityPolicy);
|
|
371
|
+
}
|
|
372
|
+
|
|
373
|
+
if (hightConfig.security?.permissionsPolicy) {
|
|
374
|
+
res.setHeader('Permissions-Policy', hightConfig.security.permissionsPolicy);
|
|
375
|
+
}
|
|
376
|
+
|
|
377
|
+
// HSTS (Strict-Transport-Security) - usa configuração customizada ou padrão se estiver em SSL
|
|
370
378
|
if (options.ssl) {
|
|
371
|
-
|
|
379
|
+
const hstsValue = hightConfig.security?.strictTransportSecurity || 'max-age=31536000; includeSubDomains';
|
|
380
|
+
res.setHeader('Strict-Transport-Security', hstsValue);
|
|
381
|
+
}
|
|
382
|
+
|
|
383
|
+
// Aplica headers personalizados
|
|
384
|
+
if (hightConfig.customHeaders) {
|
|
385
|
+
for (const [headerName, headerValue] of Object.entries(hightConfig.customHeaders)) {
|
|
386
|
+
res.setHeader(headerName, headerValue);
|
|
387
|
+
}
|
|
372
388
|
}
|
|
373
389
|
|
|
374
390
|
// Timeout por requisição (usa configuração personalizada)
|
package/src/types.ts
CHANGED
|
@@ -147,6 +147,36 @@ export interface HightConfig {
|
|
|
147
147
|
*/
|
|
148
148
|
enabled?: boolean;
|
|
149
149
|
};
|
|
150
|
+
|
|
151
|
+
/**
|
|
152
|
+
* Configurações de segurança de headers HTTP.
|
|
153
|
+
*/
|
|
154
|
+
security?: {
|
|
155
|
+
/**
|
|
156
|
+
* Content-Security-Policy: Define de onde o navegador pode carregar recursos.
|
|
157
|
+
* Exemplo: "default-src 'self'; script-src 'self' 'unsafe-inline'"
|
|
158
|
+
*/
|
|
159
|
+
contentSecurityPolicy?: string;
|
|
160
|
+
|
|
161
|
+
/**
|
|
162
|
+
* Permissions-Policy: Controla quais recursos e APIs o navegador pode usar.
|
|
163
|
+
* Exemplo: "geolocation=(), microphone=()"
|
|
164
|
+
*/
|
|
165
|
+
permissionsPolicy?: string;
|
|
166
|
+
|
|
167
|
+
/**
|
|
168
|
+
* Strict-Transport-Security: Força o uso de HTTPS.
|
|
169
|
+
* Padrão (quando SSL ativo): "max-age=31536000; includeSubDomains"
|
|
170
|
+
* Exemplo: "max-age=63072000; includeSubDomains; preload"
|
|
171
|
+
*/
|
|
172
|
+
strictTransportSecurity?: string;
|
|
173
|
+
};
|
|
174
|
+
|
|
175
|
+
/**
|
|
176
|
+
* Headers HTTP personalizados que serão adicionados a todas as respostas.
|
|
177
|
+
* Exemplo: { 'X-Custom-Header': 'value', 'X-Powered-By': 'HightJS' }
|
|
178
|
+
*/
|
|
179
|
+
customHeaders?: Record<string, string>;
|
|
150
180
|
}
|
|
151
181
|
|
|
152
182
|
/**
|