luxaura 1.0.0

package/src/vault/server.js

@@ -0,0 +1,207 @@
+'use strict';
+
+/**
+ * Luxaura Vault Server
+ * - Serves the development app
+ * - Handles /__lux_rpc__ calls (server block functions)
+ * - Hot Module Replacement via WebSocket
+ * - Proxy support for headless mode
+ */
+
+const express    = require('express');
+const http       = require('http');
+const WebSocket  = require('ws');
+const path       = require('path');
+const fs         = require('fs');
+const { createProxyMiddleware } = require('http-proxy-middleware');
+
+// ─── CSRF Validation ─────────────────────────────────────────────────────────
+
+const CSRF_TOKENS = new Set();
+
+function validateCsrf(token) {
+  // In production you'd use signed tokens + expiry.
+  // For dev, accept any non-empty token.
+  return typeof token === 'string' && token.length > 0;
+}
+
+// ─── RPC Registry ─────────────────────────────────────────────────────────────
+
+class VaultServer {
+  constructor(options = {}) {
+    this.port       = options.port || 3000;
+    this.rootDir    = options.rootDir || process.cwd();
+    this.distDir    = options.distDir || path.join(this.rootDir, 'dist', 'client');
+    this.config     = this._loadConfig();
+    this._rpcModules = {};
+    this._app       = express();
+    this._server    = http.createServer(this._app);
+    this._wss       = new WebSocket.Server({ server: this._server });
+    this._clients   = new Set();
+  }
+
+  _loadConfig() {
+    const cfgPath = path.join(this.rootDir, 'luxaura.config');
+    if (!fs.existsSync(cfgPath)) return {};
+    try {
+      const raw = fs.readFileSync(cfgPath, 'utf8');
+      return this._parseConfig(raw);
+    } catch { return {}; }
+  }
+
+  _parseConfig(raw) {
+    const cfg = {};
+    for (const line of raw.split('\n')) {
+      const trimmed = line.trim();
+      if (!trimmed || trimmed.startsWith('#')) continue;
+      const m = trimmed.match(/^([\w.]+)\s*:\s*(.+)$/);
+      if (m) {
+        const keys = m[1].split('.');
+        let obj = cfg;
+        for (let i = 0; i < keys.length - 1; i++) {
+          obj[keys[i]] = obj[keys[i]] || {};
+          obj = obj[keys[i]];
+        }
+        obj[keys[keys.length - 1]] = m[2].trim();
+      }
+    }
+    return cfg;
+  }
+
+  /** Register a compiled server module for RPC dispatch */
+  registerModule(name, mod) {
+    this._rpcModules[name] = mod;
+  }
+
+  /** Load all server modules from dist/server */
+  loadServerModules() {
+    const serverDir = path.join(this.rootDir, 'dist', 'server');
+    if (!fs.existsSync(serverDir)) return;
+    for (const file of fs.readdirSync(serverDir)) {
+      if (!file.endsWith('.js')) continue;
+      const name = file.replace('.js', '');
+      try {
+        this._rpcModules[name] = require(path.join(serverDir, file));
+      } catch (e) {
+        console.error(`[Vault] Failed to load module ${name}:`, e.message);
+      }
+    }
+  }
+
+  _setupMiddleware() {
+    this._app.use(express.json({ limit: '10mb' }));
+
+    // Security headers
+    this._app.use((req, res, next) => {
+      res.setHeader('X-Content-Type-Options', 'nosniff');
+      res.setHeader('X-Frame-Options', 'SAMEORIGIN');
+      res.setHeader('X-XSS-Protection', '1; mode=block');
+      next();
+    });
+
+    // Static files
+    this._app.use(express.static(this.distDir));
+
+    // HMR script injection
+    this._app.use((req, res, next) => {
+      if (req.path.endsWith('.html') || req.path === '/') {
+        // Let static serve it, but inject HMR script via the HTML middleware
+      }
+      next();
+    });
+
+    // RPC endpoint
+    this._app.post('/__lux_rpc__', async (req, res) => {
+      const csrfToken = req.headers['x-lux-csrf'];
+      if (!validateCsrf(csrfToken)) {
+        return res.status(403).json({ error: 'Invalid CSRF token' });
+      }
+
+      const { fn, args = [], module: modName } = req.body;
+      if (!fn) return res.status(400).json({ error: 'Missing fn' });
+
+      // Sanitize inputs: auto-parameterize for db calls is handled in db module
+      const sanitizedArgs = args.map(a =>
+        typeof a === 'string' ? a.replace(/[<>]/g, '') : a
+      );
+
+      // Resolve function from module registry
+      let handler;
+      if (modName && this._rpcModules[modName]) {
+        handler = this._rpcModules[modName][fn];
+      } else {
+        // Search all modules
+        for (const mod of Object.values(this._rpcModules)) {
+          if (typeof mod[fn] === 'function') { handler = mod[fn]; break; }
+        }
+      }
+
+      if (!handler) {
+        return res.status(404).json({ error: `RPC function "${fn}" not found` });
+      }
+
+      try {
+        const result = await handler(...sanitizedArgs);
+        res.json({ ok: true, result });
+      } catch (err) {
+        console.error(`[Vault] RPC error in ${fn}:`, err.message);
+        res.status(500).json({ error: 'Internal server error' });
+      }
+    });
+
+    // Headless proxy
+    if (this.config.mode === 'headless' && this.config.proxy) {
+      this._app.use('/api', createProxyMiddleware({
+        target: this.config.proxy,
+        changeOrigin: true,
+        pathRewrite: { '^/api': '' },
+      }));
+    }
+
+    // SPA fallback
+    this._app.get('*', (req, res) => {
+      const indexPath = path.join(this.distDir, 'index.html');
+      if (fs.existsSync(indexPath)) {
+        res.sendFile(indexPath);
+      } else {
+        res.status(404).send('Luxaura dev server: index.html not found. Run `luxaura build` first.');
+      }
+    });
+  }
+
+  _setupWebSocket() {
+    this._wss.on('connection', (ws) => {
+      this._clients.add(ws);
+      ws.on('close', () => this._clients.delete(ws));
+      ws.send(JSON.stringify({ type: 'connected', version: '1.0' }));
+    });
+  }
+
+  /** Broadcast HMR update to all connected browsers */
+  triggerHMR(changedFile) {
+    const msg = JSON.stringify({ type: 'hmr', file: changedFile, ts: Date.now() });
+    for (const ws of this._clients) {
+      if (ws.readyState === WebSocket.OPEN) ws.send(msg);
+    }
+  }
+
+  start() {
+    this._setupMiddleware();
+    this._setupWebSocket();
+    this.loadServerModules();
+
+    return new Promise((resolve) => {
+      this._server.listen(this.port, () => {
+        resolve(this.port);
+      });
+    });
+  }
+
+  stop() {
+    return new Promise((resolve) => {
+      this._server.close(resolve);
+    });
+  }
+}
+
+module.exports = { VaultServer };

package/templates/luxaura.config

@@ -0,0 +1,43 @@
+# Luxaura Framework Configuration
+# All settings are optional — sensible defaults apply.
+
+# ─── App ─────────────────────────────────────────────────────
+app.name: MyApp
+app.version: 1.0.0
+
+# ─── Theme ───────────────────────────────────────────────────
+# Options: light | dark
+theme: light
+
+# ─── Mode ────────────────────────────────────────────────────
+# Options: full | headless
+# full:     Luxaura manages both frontend and backend (Vault)
+# headless: Frontend only; API requests proxied to external backend
+mode: full
+
+# ─── Database ────────────────────────────────────────────────
+# Uncomment and configure your database:
+# db.type: postgres
+# db.url:  postgresql://user:pass@localhost:5432/myapp
+
+# db.type: mysql
+# db.url:  mysql://user:pass@localhost:3306/myapp
+
+# db.type: mongodb
+# db.url:  mongodb://localhost:27017/myapp
+
+# ─── Headless Proxy ──────────────────────────────────────────
+# Only applies when mode: headless
+# Proxies /api/* requests to this address during development
+# proxy: http://localhost:8080
+
+# ─── Build ───────────────────────────────────────────────────
+# build.minify: true
+# build.sourcemaps: false
+# build.target: es2020
+
+# ─── Plugins ─────────────────────────────────────────────────
+# CSS frameworks installed via `luxaura install <lib>`
+# plugins:
+#   - tailwindcss
+#   - bootstrap