mastercontroller 1.2.12 → 1.2.14

package/.claude/settings.local.json

@@ -0,0 +1,12 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(rm:*)",
+      "Bash(mv:*)",
+      "Bash(node -e:*)",
+      "Bash(find:*)"
+    ],
+    "deny": [],
+    "ask": []
+  }
+}

package/MasterAction.js

@@ -1,19 +1,47 @@
 
-// version 0.0.22
+// version 0.0.23
 
 var master = require('./MasterControl');
 var fileserver = require('fs');
 var toolClass =  require('./MasterTools');
 var tempClass =  require('./MasterTemplate');
+// Templating helpers
 var temp = new tempClass();
 var tools = new toolClass();
 
+// Node utils
+var path = require('path');
+
+// Vanilla Web Components SSR runtime (LinkeDOM) - executes connectedCallback() and upgrades
+const compileWebComponentsHTML = require('./ssr/runtime-ssr.cjs');
+
+// Enhanced error handling
+const { handleTemplateError, sendErrorResponse } = require('./error/MasterBackendErrorHandler');
+const { safeReadFile } = require('./error/MasterErrorMiddleware');
+const { logger } = require('./error/MasterErrorLogger');
+
+// Security - CSRF, validation, sanitization
+const { generateCSRFToken, validateCSRFToken } = require('./security/SecurityMiddleware');
+const { validator, validateRequestBody, sanitizeObject } = require('./security/MasterValidator');
+const { sanitizeUserHTML, escapeHTML } = require('./security/MasterSanitizer');
+
 class MasterAction{
 	
 	getView(location, data){
 		var actionUrl =  master.root + location;
-		var actionView = fileserver.readFileSync(actionUrl, 'utf8');
-		return temp.htmlBuilder(actionView, data);
+		const fileResult = safeReadFile(fileserver, actionUrl);
+
+		if (!fileResult.success) {
+			const error = handleTemplateError(fileResult.error.originalError, actionUrl, data);
+			throw error;
+		}
+
+		try {
+			return temp.htmlBuilder(fileResult.content, data);
+		} catch (error) {
+			const mcError = handleTemplateError(error, actionUrl, data);
+			throw mcError;
+		}
 	}
 
 
@@ -110,6 +138,16 @@ class MasterAction{
 		this.params = tools.combineObjects(data, this.params);
 		var func = master.viewList;
         this.params = tools.combineObjects(this.params, func);
+    // Prefer page.js module if present (no legacy .html file)
+    try {
+      const controller = this.__currentRoute.toController;
+      const action = this.__currentRoute.toAction;
+      const pageModuleAbs = path.join(master.root, 'app/views', controller, action, 'page.js');
+      if (fileserver.existsSync(pageModuleAbs)) {
+        if (this._renderPageModule(controller, action, data)) { return; }
+      }
+    } catch (_) {}
+
 		var actionUrl = (location === undefined) ? this.__currentRoute.root + "/app/views/" +  this.__currentRoute.toController + "/" +  this.__currentRoute.toAction + ".html" : master.root + location;
 		var actionView = fileserver.readFileSync(actionUrl, 'utf8');
 		if(master.overwrite.isTemplate){
@@ -119,8 +157,21 @@ class MasterAction{
 			masterView = temp.htmlBuilder(actionView, data);	
 		}
 		if (!this.__requestObject.response._headerSent) {
-			this.__requestObject.response.writeHead(200, {'Content-Type': 'text/html'});
-			this.__requestObject.response.end(masterView);
+			const send = (htmlOut) => {
+				try {
+					this.__requestObject.response.writeHead(200, {'Content-Type': 'text/html'});
+					this.__requestObject.response.end(htmlOut);
+				} catch (e) {
+					// Fallback in case of double send
+				}
+			};
+			try {
+				Promise.resolve(compileWebComponentsHTML(masterView))
+					.then(send)
+					.catch(() => send(masterView));
+			} catch (_) {
+				send(masterView);
+			}
 		}
 	}
 
@@ -133,6 +184,18 @@ class MasterAction{
 		}
 	}
 
+	returnReact(data, location){
+		
+			var masterView = null;
+			data = data === undefined ? {} : data;
+			this.params = this.params === undefined ? {} : this.params;
+			this.params = tools.combineObjects(data, this.params);
+			var func = master.viewList;
+			this.params = tools.combineObjects(this.params, func);
+			var html = master.reactView.compile(this.__currentRoute.toController, this.__currentRoute.toAction, this.__currentRoute.root);
+		
+	}
+
 	returnView(data, location){
 		
 		var masterView = null;
@@ -141,6 +204,16 @@ class MasterAction{
         this.params = tools.combineObjects(data, this.params);
         var func = master.viewList;
         this.params = tools.combineObjects(this.params, func);
+    // Prefer page.js module if present (no legacy .html file)
+    try {
+      const controller = this.__currentRoute.toController;
+      const action = this.__currentRoute.toAction;
+      const pageModuleAbs = path.join(master.root, 'app/views', controller, action, 'page.js');
+      if (fileserver.existsSync(pageModuleAbs)) {
+        if (this._renderPageModule(controller, action, data)) { return; }
+      }
+    } catch (_) {}
+
 		var viewUrl = (location === undefined || location === "" || location === null) ? this.__currentRoute.root + "/app/views/" + this.__currentRoute.toController + "/" +  this.__currentRoute.toAction + ".html" : master.root + location;
 		var viewFile = fileserver.readFileSync(viewUrl,'utf8');
 		var masterFile = fileserver.readFileSync(this.__currentRoute.root + "/app/views/layouts/master.html", 'utf8');
@@ -154,8 +227,21 @@ class MasterAction{
 		}
 		
 		if (!this.__response._headerSent) {
-			this.__response.writeHead(200, {'Content-Type': 'text/html'});
-			this.__response.end(masterView);
+			const send = (htmlOut) => {
+				try {
+					this.__response.writeHead(200, {'Content-Type': 'text/html'});
+					this.__response.end(htmlOut);
+				} catch (e) {
+					// Fallback in case of double send
+				}
+			};
+			try {
+				Promise.resolve(compileWebComponentsHTML(masterView))
+					.then(send)
+					.catch(() => send(masterView));
+			} catch (_) {
+				send(masterView);
+			}
 		}
 		
 	}
@@ -180,7 +266,7 @@ class MasterAction{
 		return true;
 	}
 
-	// Enhanced returnJson that checks readiness first
+  // Enhanced returnJson that checks readiness first
 	safeReturnJson(data){
 		if (this.waitUntilReady()) {
 			this.returnJson(data);
@@ -190,75 +276,213 @@ class MasterAction{
 		return false;
 	}
 
-	// Serves binary files with proper headers and MIME types
-	// options: {
-	//   contentType: string (auto-detected if not provided),
-	//   disposition: 'inline' | 'attachment' (default: 'attachment'),
-	//   filename: string (defaults to original filename)
-	// }
-	returnFile(filePath, options){
-		options = options || {};
-
-		// Default options
-		var disposition = options.disposition || 'attachment';
-		var filename = options.filename || filePath.split('/').pop();
-		var contentType = options.contentType;
-
-		// Auto-detect content type if not provided
-		if (!contentType) {
-			var ext = filePath.split('.').pop().toLowerCase();
-			var mimeTypes = {
-				'pdf': 'application/pdf',
-				'jpg': 'image/jpeg',
-				'jpeg': 'image/jpeg',
-				'png': 'image/png',
-				'gif': 'image/gif',
-				'svg': 'image/svg+xml',
-				'zip': 'application/zip',
-				'csv': 'text/csv',
-				'txt': 'text/plain',
-				'xml': 'application/xml',
-				'json': 'application/json',
-				'mp4': 'video/mp4',
-				'mp3': 'audio/mpeg',
-				'wav': 'audio/wav',
-				'doc': 'application/msword',
-				'docx': 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
-				'xls': 'application/vnd.ms-excel',
-				'xlsx': 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
-				'ppt': 'application/vnd.ms-powerpoint',
-				'pptx': 'application/vnd.openxmlformats-officedocument.presentationml.presentation'
-			};
-			contentType = mimeTypes[ext] || 'application/octet-stream';
-		}
+  // Render using a page.js Web Component module when present
+  _renderPageModule(controller, action, data) {
+    try {
+      const pageModuleAbs = path.join(master.root, 'app/views', controller, action, 'page.js');
+      const layoutModuleAbs = path.join(master.root, 'app/views', 'layouts', 'master.js');
+      const stylesPath = '/app/assets/stylesheets/output.css';
+      const pageTag = `home-${action}-page`;
 
-		try {
-			// Read file as binary
-			var fileBuffer = fileserver.readFileSync(filePath);
-
-			// Build headers
-			var headers = {
-				'Content-Type': contentType,
-				'Content-Length': fileBuffer.length,
-				'Content-Disposition': disposition + '; filename="' + filename + '"'
-			};
+      const htmlDoc =
+`<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8"/>
+    <meta name="viewport" content="width=device-width, initial-scale=1"/>
+    <title>${controller}/${action}</title>
+    <link rel="stylesheet" href="${stylesPath}"/>
+  </head>
+  <body class="geist-variable antialiased">
+    <root-layout>
+      <${pageTag}></${pageTag}>
+    </root-layout>
+    <script type="module" src="/app/views/layouts/master.js"></script>
+    <script type="module" src="/app/views/${controller}/${action}/page.js"></script>
+  </body>
+</html>`;
 
-			// Send response
-			if (!this.__response._headerSent) {
-				this.__response.writeHead(200, headers);
-				this.__response.end(fileBuffer);
-			}
-		} catch(error) {
-			// Handle file not found or read errors
-			if (!this.__response._headerSent) {
-				this.__response.writeHead(404, {'Content-Type': 'text/plain'});
-				this.__response.end('File not found: ' + filePath);
-			}
-			console.error('Error serving file:', error);
-		}
-	}
+      const send = (htmlOut) => {
+        try {
+          const res = this.__response || (this.__requestObject && this.__requestObject.response);
+          if (res && !res._headerSent) {
+            res.writeHead(200, { 'Content-Type': 'text/html' });
+            res.end(htmlOut);
+          }
+        } catch (_) {}
+      };
+
+      Promise
+        .resolve(require('./ssr/runtime-ssr.cjs')(htmlDoc, [layoutModuleAbs, pageModuleAbs]))
+        .then(send)
+        .catch(() => send(htmlDoc));
+    } catch (e) {
+      // Fallback to legacy view if something goes wrong
+      console.warn('[SSR] _renderPageModule failed:', e && e.message);
+      return false;
+    }
+    return true;
+  }
+
+  // Delegate to standard Enhance-based SSR only
+  returnWebComponent(data) {
+    this.returnView(data);
+  }
+
+  // ==================== Security Methods ====================
+
+  /**
+   * Generate CSRF token for forms
+   * Usage: const token = this.generateCSRFToken();
+   */
+  generateCSRFToken() {
+    const sessionId = this.__requestObject && this.__requestObject.session ? this.__requestObject.session.id : null;
+    return generateCSRFToken(sessionId);
+  }
+
+  /**
+   * Validate CSRF token from request
+   * Usage: if (!this.validateCSRF()) { return this.returnError(403, 'Invalid CSRF token'); }
+   */
+  validateCSRF(token = null) {
+    // Get token from parameter, header, or body
+    const csrfToken = token ||
+                      this.__requestObject.headers['x-csrf-token'] ||
+                      (this.__requestObject.body && this.__requestObject.body._csrf) ||
+                      this.params._csrf;
+
+    if (!csrfToken) {
+      logger.warn({
+        code: 'MC_SECURITY_CSRF_MISSING',
+        message: 'CSRF token missing in request',
+        path: this.__requestObject.pathName
+      });
+      return false;
+    }
+
+    const validation = validateCSRFToken(csrfToken);
 
+    if (!validation.valid) {
+      logger.warn({
+        code: 'MC_SECURITY_CSRF_INVALID',
+        message: 'CSRF token validation failed',
+        path: this.__requestObject.pathName,
+        reason: validation.reason
+      });
+      return false;
+    }
+
+    return true;
+  }
+
+  /**
+   * Validate request body against schema
+   * Usage: const result = this.validateRequest({ email: { type: 'email' }, age: { type: 'integer', min: 18 } });
+   */
+  validateRequest(schema = {}) {
+    const body = this.__requestObject.body || this.params || {};
+    const result = validateRequestBody(body, schema);
+
+    if (!result.valid) {
+      logger.warn({
+        code: 'MC_VALIDATION_REQUEST_FAILED',
+        message: 'Request validation failed',
+        path: this.__requestObject.pathName,
+        errors: result.errors
+      });
+    }
+
+    return result;
+  }
+
+  /**
+   * Sanitize user input (HTML)
+   * Usage: const clean = this.sanitizeInput(userInput);
+   */
+  sanitizeInput(input) {
+    if (typeof input === 'string') {
+      return sanitizeUserHTML(input);
+    } else if (typeof input === 'object' && input !== null) {
+      return sanitizeObject(input);
+    }
+    return input;
+  }
+
+  /**
+   * Escape HTML for display
+   * Usage: const safe = this.escapeHTML(userContent);
+   */
+  escapeHTML(text) {
+    return escapeHTML(text);
+  }
+
+  /**
+   * Validate single field
+   * Usage: const result = this.validate(email, { type: 'email' });
+   */
+  validate(value, rules = {}) {
+    switch (rules.type) {
+      case 'string':
+        return validator.validateString(value, rules);
+      case 'integer':
+        return validator.validateInteger(value, rules);
+      case 'email':
+        return validator.validateEmail(value, rules);
+      case 'url':
+        return validator.validateURL(value, rules);
+      case 'uuid':
+        return validator.validateUUID(value, rules);
+      default:
+        return { valid: true, value };
+    }
+  }
+
+  /**
+   * Check if request is secure (HTTPS)
+   */
+  isSecure() {
+    const req = this.__requestObject.request || this.__requestObject;
+    return req.connection.encrypted || req.headers['x-forwarded-proto'] === 'https';
+  }
+
+  /**
+   * Require HTTPS for this action
+   * Usage: if (!this.requireHTTPS()) return;
+   */
+  requireHTTPS() {
+    if (!this.isSecure()) {
+      logger.warn({
+        code: 'MC_SECURITY_HTTPS_REQUIRED',
+        message: 'HTTPS required but request is HTTP',
+        path: this.__requestObject.pathName
+      });
+
+      const httpsUrl = `https://${this.__requestObject.request.headers.host}${this.__requestObject.pathName}`;
+      this.redirectTo(httpsUrl);
+      return false;
+    }
+    return true;
+  }
+
+  /**
+   * Return error response with proper status
+   * Usage: this.returnError(400, 'Invalid input');
+   */
+  returnError(statusCode, message, details = {}) {
+    const res = this.__response || (this.__requestObject && this.__requestObject.response);
+
+    if (res && !res._headerSent) {
+      res.writeHead(statusCode, { 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({
+        error: true,
+        statusCode,
+        message,
+        ...details
+      }));
+    }
+  }
 
 }
 
+
 master.extendController(MasterAction);

package/MasterControl.js

@@ -1,5 +1,5 @@
 // MasterControl - by Alexander rich
-// version 1.0.247
+// version 1.0.251
 
 var url = require('url');
 var fileserver = require('fs');
@@ -11,6 +11,47 @@ var url = require('url');
 var path = require('path');
 var globSearch = require("glob");
 
+// Enhanced error handling - setup global handlers
+const { setupGlobalErrorHandlers } = require('./error/MasterErrorMiddleware');
+const { logger } = require('./error/MasterErrorLogger');
+
+// Security - Initialize security features
+const { security, securityHeaders } = require('./security/SecurityMiddleware');
+const { csp } = require('./security/CSPConfig');
+const { session } = require('./security/SessionSecurity');
+
+// Initialize global error handling
+setupGlobalErrorHandlers();
+
+// Log framework start
+logger.info({
+    code: 'MC_INFO_FRAMEWORK_START',
+    message: 'MasterController framework initializing',
+    context: {
+        version: '1.0.247',
+        nodeVersion: process.version,
+        platform: process.platform,
+        env: process.env.NODE_ENV || 'development'
+    }
+});
+
+// Log security status
+const isProduction = process.env.NODE_ENV === 'production';
+logger.info({
+    code: 'MC_INFO_SECURITY_INITIALIZED',
+    message: 'Security features initialized',
+    context: {
+        environment: isProduction ? 'production' : 'development',
+        features: {
+            securityHeaders: true,
+            csp: csp.enabled,
+            csrf: security.csrfEnabled,
+            rateLimit: security.rateLimitEnabled,
+            sessionSecurity: true
+        }
+    }
+});
+
 
 class MasterControl {
     controllerList = {}
@@ -152,23 +193,26 @@ class MasterControl {
     component(folderLocation, innerFolder){
 
         var rootFolderLocation = path.join(this.root, folderLocation, innerFolder);
-        var files = globSearch.sync("**/*config.js", { cwd: rootFolderLocation, absolute: true });
-        if(files && files.length > 0){
-            require(files[0]);
+
+        // Structure is always: {rootFolderLocation}/config/initializers/config.js
+        var configPath = path.join(rootFolderLocation, 'config', 'initializers', 'config.js');
+        if(fs.existsSync(configPath)){
+            require(configPath);
         }else{
-            this.error.log(`Cannot find config file under ${rootFolderLocation}`, "error");
+            this.error.log(`Cannot find config file at ${configPath}`, "error");
         }
-        var routeFiles = globSearch.sync("**/*routes.js", { cwd: rootFolderLocation, absolute: true });
-        var route = routeFiles && routeFiles.length > 0 ? routeFiles[0] : null;
+
+        // Structure is always: {rootFolderLocation}/config/routes.js
+        var routePath = path.join(rootFolderLocation, 'config', 'routes.js');
         var routeObject = {
             isComponent : true,
             root : rootFolderLocation
         }
         this.router.setup(routeObject);
-        if(route){
-            require(route);
+        if(fs.existsSync(routePath)){
+            require(routePath);
         }else{
-            this.error.log(`Cannot find routes file under ${rootFolderLocation}`, "error");
+            this.error.log(`Cannot find routes file at ${routePath}`, "error");
         }
     }
 
@@ -203,6 +247,26 @@ class MasterControl {
     setupServer(type, credentials ){
         try {
             var $that = this;
+            // Auto-load internal master tools so services (request, error, router, etc.) are available
+            // before user config initializes them.
+            try {
+                $that.addInternalTools([
+                    'MasterAction',
+                    'MasterActionFilters',
+                    'MasterRouter',
+                    'MasterRequest',
+                    'MasterError',
+                    'MasterCors',
+                    'MasterSession',
+                    'MasterSocket',
+                    'MasterHtml',
+                    'MasterTemplate',
+                    'MasterTools',
+                    'TemplateOverwrite'
+                ]);
+            } catch (e) {
+                console.error('[MasterControl] Failed to load internal tools:', e && e.message);
+            }
             if(type === "http"){
                 $that.serverProtocol = "http";
                 return http.createServer(async function(req, res) {
@@ -399,16 +463,25 @@ class MasterControl {
             return;
         }
 
+        // Apply CORS headers to ALL non-OPTIONS requests
+        try {
+            if (this.cors && typeof this.cors.load === 'function') {
+                this.cors.load({ request: req, response: res });
+            }
+        } catch (e) {
+            console.warn('CORS load failed for non-OPTIONS request:', e.message);
+        }
+
         // parse URL
         const parsedUrl = url.parse(req.url);
         // extract URL path
         let pathname = `.${parsedUrl.pathname}`;
-      
+
         // based on the URL path, extract the file extension. e.g. .js, .doc, ...
         const ext = path.parse(pathname).ext;
-      
+
         // handle simple preflight configuration - might need a complex approch for all scenarios
-    
+
 
         // if extension exist then its a file.
         if(ext === ""){
@@ -471,16 +544,18 @@ class MasterControl {
 
     startMVC(foldername){
         var rootFolderLocation = path.join(this.root, foldername);
-        var files = globSearch.sync("**/*routes.js", { cwd: rootFolderLocation, absolute: true });
+
+        // Structure is always: {rootFolderLocation}/routes.js
+        var routePath = path.join(rootFolderLocation, 'routes.js');
         var route = {
-            isComponent : false, 
+            isComponent : false,
             root : `${this.root}`
         }
         this.router.setup(route);
-        if(files && files.length > 0){
-            require(files[0]);
+        if(fs.existsSync(routePath)){
+            require(routePath);
         }else{
-            master.error.log(`Cannot find routes file under ${rootFolderLocation}`, "error");
+            this.error.log(`Cannot find routes file at ${routePath}`, "error");
         }
     }
     
@@ -488,8 +563,26 @@ class MasterControl {
     // builds and calls all the required tools to have master running completely
     addInternalTools(requiredList){
         if(requiredList.constructor === Array){
+            // Map module names to their new organized paths
+            const modulePathMap = {
+                'MasterError': './error/MasterError',
+                'MasterAction': './MasterAction',
+                'MasterActionFilters': './MasterActionFilters',
+                'MasterRouter': './MasterRouter',
+                'MasterRequest': './MasterRequest',
+                'MasterCors': './MasterCors',
+                'MasterSession': './MasterSession',
+                'MasterSocket': './MasterSocket',
+                'MasterHtml': './MasterHtml',
+                'MasterTemplate': './MasterTemplate',
+                'MasterTools': './MasterTools',
+                'TemplateOverwrite': './TemplateOverwrite'
+            };
+
             for(var i = 0; i < requiredList.length; i++){
-                require('./' + requiredList[i]);
+                const moduleName = requiredList[i];
+                const modulePath = modulePathMap[moduleName] || './' + moduleName;
+                require(modulePath);
             }
         }
     }