npm - mastercontroller - Versions diffs - 1.3.8 → 1.3.10 - Mend

mastercontroller 1.3.8 → 1.3.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/.claude/settings.local.json +4 -1
package/FIXES_APPLIED.md +378 -0
package/MasterAction.js +10 -263
package/MasterControl.js +128 -27
package/MasterRequest.js +6 -0
package/MasterRouter.js +27 -32
package/PERFORMANCE_SECURITY_AUDIT.md +677 -0
package/README.md +117 -43
package/monitoring/README.md +3112 -0
package/package.json +1 -1
package/security/README.md +1805 -0
package/test-raw-body-preservation.js +128 -0
package/MasterCors.js.tmp +0 -0
package/MasterHtml.js +0 -649
package/MasterPipeline.js.tmp +0 -0
package/MasterRequest.js.tmp +0 -0
package/MasterRouter.js.tmp +0 -0
package/MasterSocket.js.tmp +0 -0
package/MasterTemp.js.tmp +0 -0
package/MasterTemplate.js +0 -230
package/MasterTimeout.js.tmp +0 -0
package/TemplateOverwrite.js +0 -41
package/TemplateOverwrite.js.tmp +0 -0
package/ssr/hydration-client.js +0 -93
package/ssr/runtime-ssr.cjs +0 -553
package/ssr/ssr-shims.js +0 -73

package/MasterTemplate.js DELETED Viewed

@@ -1,230 +0,0 @@
-// version 0.0.5
-// https://github.com/WebReflection/backtick-template
-// https://stackoverflow.com/questions/29182244/convert-a-string-to-a-template-string
-// Security - Template injection prevention
-const { escapeHTML } = require('./security/MasterSanitizer');
-const { logger } = require('./error/MasterErrorLogger');
-var replace = ''.replace;
-var ca = /[&<>'"]/g;
-var es = /&(?:amp|#38|lt|#60|gt|#62|apos|#39|quot|#34);/g;
-var esca = {
-  '&': '&amp;',
-  '<': '&lt;',
-  '>': '&gt;',
-  "'": '&#39;',
-  '"': '&quot;'
-};
-var unes = {
-  '&amp;': '&',
-  '&#38;': '&',
-  '&lt;': '<',
-  '&#60;': '<',
-  '&gt;': '>',
-  '&#62;': '>',
-  '&apos;': "'",
-  '&#39;': "'",
-  '&quot;': '"',
-  '&#34;': '"'
-};
-class MasterTemplate{
-  _ = {};
-  $ = 0;
-  /*! (C) 2017-2018 Andrea Giammarchi - MIT Style License */
-  htmlBuilder( fn, $str, $object) {
-    'use strict';
-    try{
-        // reset cache every 32M
-        if (33554432 < this.$) {
-          this._ = {};
-          this.$ = 0;
-        }
-        var
-          hasTransformer = typeof fn === 'function',
-          str = hasTransformer ? $str : fn,
-          object = hasTransformer ? $object : $str,
-          _ = this._,
-          known = _.hasOwnProperty(str);
-        // Security: Validate template for dangerous patterns
-        if (!known) {
-          this.validateTemplate(str);
-        }
-        var parsed = known ? _[str] : (_[str] = this.parse(str)),
-          chunks = parsed.chunks,
-          values = parsed.values,
-          strings
-        ;
-        // add str length only if not known
-        if (!known)
-          this.$ += str.length;
-        if (hasTransformer) {
-          str = 'function' + (Math.random() * 1e5 | 0);
-          strings = [
-            str,
-            'with(this)return ' + str + '([' + chunks + ']' + (
-              values.length ? (',' + values.join(',')) : ''
-            ) + ')'
-          ];
-        } else {
-          strings = chunks.slice(0, 1);
-          for (var i = 1, length = chunks.length; i < length; i++)
-            strings.push(values[i - 1], chunks[i]);
-          strings = ['with(this)return ' + strings.join('+')];
-        }
-        return Function.apply(null, strings).apply(
-          object,
-          hasTransformer ? [fn] : []
-        );
-    }
-    catch(err){
-      console.log("error", err);
-    }
-}
-parse(str) {
-var
-  stringify = JSON.stringify,
-  open = 0, close = 0, counter = 0,
-  i = 0, length = str.length,
-  chunks = i < length ? [] : ['""'],
-  values = []
-;
-while (i < length) {
-  open = str.indexOf('${', i);
-  if (-1 < open) {
-    chunks.push(stringify(str.slice(i, open)));
-    open += 2;
-    close = open;
-    counter = 1;
-    while (close < length) {
-      switch (str.charAt(close++)) {
-        case '}': --counter; break;
-        case '{': ++counter; break;
-      }
-      if (counter < 1) {
-        values.push('(' + str.slice(open, close - 1) + ')');
-        break;
-      }
-    }
-    i = close;
-  } else {
-    chunks.push(stringify(str.slice(i)));
-    i = length;
-  }
-}
-if (chunks.length === values.length)
-  chunks.push('""');
-return {chunks: chunks, values: values};
-};
-    escape(es) {
-        return replace.call(es, ca, this.pe);
-    }
-    unescape(un) {
-    return replace.call(un, es, this.cape);
-    }
-    pe(m) {
-    return esca[m];
-    }
-    cape(m) {
-    return unes[m];
-    }
-    // ==================== Security Methods ====================
-    /**
-     * Validate template for dangerous patterns
-     * Prevents template injection attacks
-     */
-    validateTemplate(template) {
-        if (!template || typeof template !== 'string') {
-            return;
-        }
-        const isDevelopment = process.env.NODE_ENV !== 'production' && process.env.master === 'development';
-        // Dangerous patterns in templates
-        const dangerousPatterns = [
-            { pattern: /\$\{.*__proto__/gi, name: 'Prototype pollution' },
-            { pattern: /\$\{.*constructor.*\(/gi, name: 'Constructor access' },
-            { pattern: /\$\{.*\beval\s*\(/gi, name: 'eval() usage' },
-            { pattern: /\$\{.*Function\s*\(/gi, name: 'Function constructor' },
-            { pattern: /\$\{.*require\s*\(/gi, name: 'require() usage' },
-            { pattern: /\$\{.*import\s*\(/gi, name: 'import() usage' },
-            { pattern: /\$\{.*process\./gi, name: 'Process access' },
-            { pattern: /\$\{.*global\./gi, name: 'Global object access' },
-            { pattern: /\$\{.*\bfs\./gi, name: 'File system access' },
-            { pattern: /\$\{.*child_process/gi, name: 'Child process access' }
-        ];
-        for (const { pattern, name } of dangerousPatterns) {
-            if (pattern.test(template)) {
-                logger.error({
-                    code: 'MC_SECURITY_TEMPLATE_INJECTION',
-                    message: `Dangerous template pattern detected: ${name}`,
-                    pattern: pattern.toString(),
-                    template: template.substring(0, 200) // Log first 200 chars only
-                });
-                if (isDevelopment) {
-                    throw new Error(`[MasterController Security] Template injection attempt detected: ${name}\nPattern: ${pattern}`);
-                }
-                // In production, sanitize by removing the dangerous expression
-                template = template.replace(pattern, '${/* REMOVED: Security risk */}');
-            }
-        }
-        return template;
-    }
-    /**
-     * Sanitize template variables before rendering
-     * Call this on user-provided data
-     */
-    sanitizeVariable(value) {
-        if (value === null || value === undefined) {
-            return '';
-        }
-        if (typeof value === 'string') {
-            return escapeHTML(value);
-        }
-        if (typeof value === 'object') {
-            // Prevent prototype pollution
-            if (value.__proto__ || value.constructor) {
-                logger.warn({
-                    code: 'MC_SECURITY_OBJECT_POLLUTION',
-                    message: 'Attempted to pass object with prototype/constructor to template'
-                });
-                return '[Object]';
-            }
-            // Safely stringify
-            try {
-                return JSON.stringify(value);
-            } catch (e) {
-                return '[Object]';
-            }
-        }
-        return String(value);
-    }
-}
-module.exports = MasterTemplate;

package/MasterTimeout.js.tmp DELETED Viewed

File without changes

package/TemplateOverwrite.js DELETED Viewed

@@ -1,41 +0,0 @@
-// version 0.0.1
-var master = require('mastercontroller');
-class TemplateOverwrite{
-	#templateFunc;
-	#isTemplate = false;
-	// Lazy-load master to avoid circular dependency (Google-style lazy initialization)
-	get _master() {
-		if (!this.__masterCache) {
-			this.__masterCache = require('./MasterControl');
-		}
-		return this.__masterCache;
-	}
-	get isTemplate(){
-		return this.#isTemplate;
-	}
-    template(func){
-		this.#isTemplate = true;
-		this.#templateFunc = func === undefined ? null : func;
-	}
-	templateRender(data, type){
-		if(this.#templateFunc){
-			return this.#templateFunc(data, type);
-		}
-		else{
-			console.log("cannot call template render when no function has been declared. ")
-		}
-	}
-    close(response, code, content, end){
-		response.writeHead(code, content.type);
-		response.end(end);
-	}
-}
-module.exports = { TemplateOverwrite };

package/TemplateOverwrite.js.tmp DELETED Viewed

File without changes

package/ssr/hydration-client.js DELETED Viewed

@@ -1,93 +0,0 @@
-/**
- * MasterController Client-Side Hydration Runtime
- * Handles error boundaries and hydration mismatch detection
- * Version: 2.0.1
- */
-// Import error boundary
-import { ErrorBoundary } from '../error/ErrorBoundary.js';
-// Import hydration mismatch detection
-const isDevelopment = window.location.hostname === 'localhost' ||
-                     window.location.hostname === '127.0.0.1';
-if (isDevelopment && typeof require !== 'undefined') {
-  try {
-    const { enableHydrationMismatchDetection } = require('../error/HydrationMismatch.js');
-    enableHydrationMismatchDetection({
-      verbose: localStorage.getItem('mc-hydration-debug') === 'true',
-      delay: 1000
-    });
-  } catch (e) {
-    console.warn('[MasterController] Could not load hydration mismatch detection:', e.message);
-  }
-}
-// Auto-wrap app root with error boundary if not already wrapped
-document.addEventListener('DOMContentLoaded', () => {
-  const appRoot = document.querySelector('root-layout') || document.body;
-  // Check if already wrapped
-  if (!appRoot.closest('error-boundary')) {
-    // Create error boundary wrapper
-    const boundary = document.createElement('error-boundary');
-    // Set development mode
-    if (isDevelopment) {
-      boundary.setAttribute('dev-mode', '');
-    }
-    // Configure custom error handler
-    boundary.onError = (errorInfo) => {
-      console.error('[App Error]', errorInfo);
-      // Send to monitoring service if configured
-      if (window.masterControllerErrorReporter) {
-        window.masterControllerErrorReporter(errorInfo);
-      }
-    };
-    // Wrap content
-    const parent = appRoot.parentNode;
-    parent.insertBefore(boundary, appRoot);
-    boundary.appendChild(appRoot);
-  }
-});
-// Global error reporter hook
-window.masterControllerErrorReporter = window.masterControllerErrorReporter || function(errorData) {
-  console.log('[MasterController] Error reported:', errorData);
-  // Example: Send to your monitoring service
-  // fetch('/api/errors', {
-  //   method: 'POST',
-  //   headers: { 'Content-Type': 'application/json' },
-  //   body: JSON.stringify(errorData)
-  // });
-  // Example: Send to Sentry
-  // if (window.Sentry) {
-  //   Sentry.captureException(new Error(errorData.message), {
-  //     extra: errorData
-  //   });
-  // }
-};
-// Log successful hydration
-if (isDevelopment) {
-  window.addEventListener('load', () => {
-    const ssrElements = document.querySelectorAll('[data-ssr]');
-    if (ssrElements.length > 0) {
-      console.log(
-        `%c✓ MasterController Hydration Complete`,
-        'color: #10b981; font-weight: bold; font-size: 14px;'
-      );
-      console.log(`  ${ssrElements.length} server-rendered components hydrated`);
-    }
-  });
-}
-// Export for manual use
-export {
-  ErrorBoundary
-};