nyte 1.0.0

package/dist/rpc/server.js

@@ -0,0 +1,166 @@
+"use strict";
+/*
+ * This file is part of the Nyte.js Project.
+ * Copyright (c) 2026 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.executeRpc = executeRpc;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const http_1 = require("../api/http");
+const DEFAULT_ALLOWED_SERVER_DIRS = ['src/backend'];
+function normalizeToPosix(p) {
+    return p.replace(/\\/g, '/');
+}
+function isDisallowedPathInput(file) {
+    if (!file)
+        return true;
+    if (file.includes('\u0000'))
+        return true;
+    // disallow protocol-like or absolute paths (Windows drive letters included)
+    if (/^[a-zA-Z]+:/.test(file))
+        return true;
+    if (file.startsWith('/') || file.startsWith('\\'))
+        return true;
+    return false;
+}
+function validatePayload(payload) {
+    return (payload &&
+        typeof payload === 'object' &&
+        typeof payload.file === 'string' &&
+        typeof payload.fn === 'string' &&
+        Array.isArray(payload.args));
+}
+function tryResolveWithinAllowedDirs(projectDir, allowedDirs, requestedFile) {
+    const req = requestedFile.replace(/\\/g, '/').replace(/^\.(?:\/|\\)/, '');
+    for (const d of allowedDirs) {
+        const baseAbs = path_1.default.resolve(projectDir, d);
+        // Interpret client path as relative to src/web (where it's typically authored)
+        const fromWebAbs = path_1.default.resolve(projectDir, 'src/web', req);
+        // Map: <project>/src/backend/*  (coming from ../../backend/* from web code)
+        const mappedFromWebAbs = fromWebAbs.replace(path_1.default.resolve(projectDir, 'backend') + path_1.default.sep, path_1.default.resolve(projectDir, 'src', 'backend') + path_1.default.sep);
+        // Also accept callers passing a backend-relative path like "./auth" or "auth"
+        const fromBackendAbs = path_1.default.resolve(baseAbs, req);
+        const candidateAbsList = [mappedFromWebAbs, fromBackendAbs];
+        for (const candidateAbs of candidateAbsList) {
+            const baseWithSep = baseAbs.endsWith(path_1.default.sep) ? baseAbs : baseAbs + path_1.default.sep;
+            if (!candidateAbs.startsWith(baseWithSep) && candidateAbs !== baseAbs)
+                continue;
+            if (!fs_1.default.existsSync(baseAbs))
+                continue;
+            return candidateAbs;
+        }
+    }
+    return null;
+}
+function toCookies(cookieHeader) {
+    if (!cookieHeader)
+        return {};
+    const out = {};
+    for (const part of cookieHeader.split(';')) {
+        const idx = part.indexOf('=');
+        if (idx === -1)
+            continue;
+        const k = part.slice(0, idx).trim();
+        const v = part.slice(idx + 1).trim();
+        if (k)
+            out[k] = v;
+    }
+    return out;
+}
+// Keep this for fallback when ctx.request isn't provided
+function buildRpcRequestFromPayload(payload) {
+    const headers = {};
+    const rawHeaders = payload.request?.headers || {};
+    for (const [k, v] of Object.entries(rawHeaders)) {
+        headers[k.toLowerCase()] = v;
+    }
+    const cookieHeader = headers['cookie'] ?? undefined;
+    const req = {
+        method: payload.request?.method || 'RPC',
+        url: payload.request?.url || 'http://localhost/_rpc',
+        headers,
+        body: null,
+        query: {},
+        params: {},
+        cookies: payload.request?.cookies || toCookies(cookieHeader),
+        raw: null
+    };
+    return new http_1.NyteRequest(req);
+}
+async function executeRpc(ctx, payload) {
+    try {
+        if (!validatePayload(payload)) {
+            return { success: false, error: 'Invalid RPC payload' };
+        }
+        const fileInput = payload.file;
+        if (isDisallowedPathInput(fileInput)) {
+            return { success: false, error: 'Invalid file path' };
+        }
+        const allowedDirs = (ctx.allowedServerDirs || [...DEFAULT_ALLOWED_SERVER_DIRS]).map(normalizeToPosix);
+        const absFile = tryResolveWithinAllowedDirs(ctx.projectDir, allowedDirs, fileInput);
+        if (!absFile) {
+            return { success: false, error: 'File not allowed for RPC' };
+        }
+        if (!absFile.startsWith(path_1.default.resolve(ctx.projectDir) + path_1.default.sep)) {
+            return { success: false, error: 'Invalid file path' };
+        }
+        // Ensure fresh code in dev
+        try {
+            const resolved = require.resolve(absFile);
+            if (require.cache[resolved])
+                delete require.cache[resolved];
+        }
+        catch {
+            // ignore
+        }
+        let mod;
+        try {
+            mod = require(absFile);
+        }
+        catch {
+            // try again letting require do extension resolution from absFile without explicit extension
+            try {
+                mod = require(absFile);
+            }
+            catch {
+                return { success: false, error: 'RPC file not found' };
+            }
+        }
+        // Support multiple TS/CJS interop shapes:
+        // - module.exports.fn
+        // - exports.fn
+        // - module.exports.default (function)
+        // - module.exports.default.fn
+        const fnName = payload.fn;
+        const fnValue = (mod && typeof mod[fnName] === 'function' && mod[fnName]) ||
+            (mod?.default && typeof mod.default === 'function' && fnName === 'default' && mod.default) ||
+            (mod?.default && typeof mod.default[fnName] === 'function' && mod.default[fnName]) ||
+            undefined;
+        if (typeof fnValue !== 'function') {
+            return { success: false, error: `RPC function not found: ${fnName}` };
+        }
+        const rpcRequest = ctx.request ? new http_1.NyteRequest(ctx.request) : buildRpcRequestFromPayload(payload);
+        const result = await fnValue(rpcRequest, ...payload.args);
+        return { success: true, return: result };
+    }
+    catch (err) {
+        const message = typeof err?.message === 'string' ? err.message : 'Unknown RPC error';
+        return { success: false, error: message };
+    }
+}

package/dist/rpc/types.d.ts

@@ -0,0 +1,22 @@
+export declare const RPC_ENDPOINT: "/api/rpc";
+export type RpcArgs = unknown[];
+export interface RpcRequestPayload {
+    file: string;
+    fn: string;
+    args: RpcArgs;
+    request?: {
+        url?: string;
+        method?: string;
+        headers?: Record<string, string>;
+        cookies?: Record<string, string>;
+    };
+}
+export type RpcSuccessResponse = {
+    success: true;
+    return: unknown;
+};
+export type RpcErrorResponse = {
+    success: false;
+    error: string;
+};
+export type RpcResponsePayload = RpcSuccessResponse | RpcErrorResponse;

package/dist/rpc/types.js

@@ -0,0 +1,20 @@
+"use strict";
+/*
+ * This file is part of the Nyte.js Project.
+ * Copyright (c) 2026 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RPC_ENDPOINT = void 0;
+exports.RPC_ENDPOINT = '/api/rpc';

package/dist/types/framework.d.ts

@@ -0,0 +1,37 @@
+export interface GenericRequest {
+    method: string;
+    url: string;
+    headers: Record<string, string | string[]>;
+    body?: any;
+    query?: Record<string, any>;
+    params?: Record<string, string>;
+    cookies?: Record<string, string>;
+    raw?: any;
+}
+export interface GenericResponse {
+    status(code: number): GenericResponse;
+    header(name: string, value: string): GenericResponse;
+    cookie(name: string, value: string, options?: CookieOptions): GenericResponse;
+    clearCookie(name: string, options?: CookieOptions): GenericResponse;
+    json(data: any): void;
+    text(data: string): void;
+    send(data: any): void;
+    redirect(url: string): void;
+    raw?: any;
+}
+export interface CookieOptions {
+    domain?: string;
+    expires?: Date;
+    httpOnly?: boolean;
+    maxAge?: number;
+    path?: string;
+    secure?: boolean;
+    signed?: boolean;
+    sameSite?: boolean | 'lax' | 'strict' | 'none';
+}
+export type FrameworkType = 'express' | 'fastify' | 'native';
+export interface FrameworkAdapter {
+    type: FrameworkType;
+    parseRequest(req: any): GenericRequest;
+    createResponse(res: any): GenericResponse;
+}

package/dist/types/framework.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/types.d.ts

@@ -0,0 +1,218 @@
+import type { ComponentType } from 'react';
+import type { GenericRequest } from './types/framework';
+import { NyteRequest, NyteResponse } from "./api/http";
+import { WebSocket } from 'ws';
+import { IncomingMessage } from 'http';
+export interface WebSocketContext {
+    ws: WebSocket;
+    req: IncomingMessage;
+    nyteReq: NyteRequest;
+    url: URL;
+    params: Record<string, string>;
+    query: Record<string, string>;
+    send: (data: any) => void;
+    close: (code?: number, reason?: string) => void;
+    broadcast: (data: any, exclude?: WebSocket[]) => void;
+}
+export interface NyteOptions {
+    dev?: boolean;
+    hostname?: string;
+    port?: number;
+    dir?: string;
+    framework?: 'express' | 'fastify' | 'native';
+    ssl?: {
+        redirectPort: number;
+        key: string;
+        cert: string;
+        ca?: string;
+    };
+}
+/**
+ * Interface para as configurações avançadas do servidor NyteJS.
+ * Essas configurações podem ser definidas no arquivo nytejs.config.js
+ */
+export interface NyteConfig {
+    /**
+     * Limita o número máximo de headers HTTP permitidos por requisição.
+     * Padrão: 100
+     */
+    maxHeadersCount?: number;
+    /**
+     * Timeout em milissegundos para receber os headers HTTP.
+     * Padrão: 60000 (60 segundos)
+     */
+    headersTimeout?: number;
+    /**
+     * Timeout em milissegundos para uma requisição completa.
+     * Padrão: 30000 (30 segundos)
+     */
+    requestTimeout?: number;
+    /**
+     * Timeout geral do servidor em milissegundos.
+     * Padrão: 35000 (35 segundos)
+     */
+    serverTimeout?: number;
+    /**
+     * Timeout por requisição individual em milissegundos.
+     * Padrão: 30000 (30 segundos)
+     */
+    individualRequestTimeout?: number;
+    /**
+     * Tamanho máximo permitido para a URL em caracteres.
+     * Padrão: 2048
+     */
+    maxUrlLength?: number;
+    /**
+     * Habilita o log de acesso HTTP (ex: GET /api/users 200 15ms).
+     * Padrão: false
+     */
+    accessLogging?: boolean;
+    /**
+     * Configurações de CORS (Cross-Origin Resource Sharing).
+     * Define quais origens podem acessar seus recursos.
+     */
+    cors?: {
+        /**
+         * Origens permitidas. Pode ser:
+         * - Uma string específica: 'https://exemplo.com'
+         * - Um array de strings: ['https://exemplo.com', 'https://outro.com']
+         * - Um wildcard: '*' (permite todas as origens - não recomendado em produção)
+         * - Uma função que retorna boolean: (origin) => origin.endsWith('.exemplo.com')
+         */
+        origin?: string | string[] | ((origin: string) => boolean);
+        /**
+         * Métodos HTTP permitidos.
+         * Padrão: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS']
+         */
+        methods?: string[];
+        /**
+         * Headers permitidos nas requisições.
+         * Padrão: ['Content-Type', 'Authorization']
+         */
+        allowedHeaders?: string[];
+        /**
+         * Headers que serão expostos ao cliente.
+         * Padrão: []
+         */
+        exposedHeaders?: string[];
+        /**
+         * Permite o envio de credenciais (cookies, headers de autenticação).
+         * Padrão: false
+         */
+        credentials?: boolean;
+        /**
+         * Tempo em segundos que o navegador deve cachear a resposta preflight.
+         * Padrão: 86400 (24 horas)
+         */
+        maxAge?: number;
+        /**
+         * Habilita ou desabilita completamente o CORS.
+         * Padrão: false
+         */
+        enabled?: boolean;
+    };
+    /**
+     * Configurações de segurança de headers HTTP.
+     */
+    security?: {
+        /**
+         * Content-Security-Policy: Define de onde o navegador pode carregar recursos.
+         * Exemplo: "default-src 'self'; script-src 'self' 'unsafe-inline'"
+         */
+        contentSecurityPolicy?: string;
+        /**
+         * Permissions-Policy: Controla quais recursos e APIs o navegador pode usar.
+         * Exemplo: "geolocation=(), microphone=()"
+         */
+        permissionsPolicy?: string;
+        /**
+         * Strict-Transport-Security: Força o uso de HTTPS.
+         * Padrão (quando SSL ativo): "max-age=31536000; includeSubDomains"
+         * Exemplo: "max-age=63072000; includeSubDomains; preload"
+         */
+        strictTransportSecurity?: string;
+    };
+    /**
+     * Headers HTTP personalizados que serão adicionados a todas as respostas.
+     * Exemplo: { 'X-Custom-Header': 'value', 'X-Powered-By': 'Nyte.js' }
+     */
+    customHeaders?: Record<string, string>;
+}
+/**
+ * Tipo da função de configuração que pode ser exportada no nytejs.config.js
+ */
+export type NyteConfigFunction = (phase: string, context: {
+    defaultConfig: NyteConfig;
+}) => NyteConfig | Promise<NyteConfig>;
+export interface Metadata {
+    title?: string;
+    description?: string;
+    keywords?: string | string[];
+    author?: string;
+    favicon?: string;
+    viewport?: string;
+    themeColor?: string;
+    canonical?: string;
+    robots?: string;
+    openGraph?: {
+        title?: string;
+        description?: string;
+        type?: string;
+        url?: string;
+        image?: string | {
+            url: string;
+            width?: number;
+            height?: number;
+            alt?: string;
+        };
+        siteName?: string;
+        locale?: string;
+    };
+    twitter?: {
+        card?: 'summary' | 'summary_large_image' | 'app' | 'player';
+        site?: string;
+        creator?: string;
+        title?: string;
+        description?: string;
+        image?: string;
+        imageAlt?: string;
+    };
+    language?: string;
+    charset?: string;
+    appleTouchIcon?: string;
+    manifest?: string;
+    other?: Record<string, string>;
+}
+export interface RouteConfig {
+    pattern: string;
+    component: ComponentType<any>;
+    generateMetadata?: (params: any, req: GenericRequest) => Promise<Metadata> | Metadata;
+}
+export type RequestHandler = (req: any, res: any) => Promise<void>;
+/**
+ * Define o formato de uma função que manipula uma rota da API.
+ */
+export type BackendHandler = (request: NyteRequest, // HWebRequest será importado onde necessário
+params: {
+    [key: string]: string;
+}) => Promise<NyteResponse> | NyteResponse;
+export type NyteMiddleware = (request: NyteRequest, // HWebRequest será importado onde necessário
+params: {
+    [key: string]: string;
+}, next: () => Promise<NyteResponse>) => Promise<NyteResponse> | NyteResponse;
+/**
+ * Define o formato de uma função que manipula uma rota WebSocket.
+ */
+export type WebSocketHandler = (context: WebSocketContext) => Promise<void> | void;
+/**
+ * Define a estrutura de cada rota da API, com suporte para métodos HTTP e WebSocket.
+ */
+export interface BackendRouteConfig {
+    pattern: string;
+    GET?: BackendHandler;
+    POST?: BackendHandler;
+    PUT?: BackendHandler;
+    DELETE?: BackendHandler;
+    WS?: WebSocketHandler;
+    middleware?: NyteMiddleware[];
+}

package/dist/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/package.json

@@ -0,0 +1,87 @@
+{
+  "name": "nyte",
+  "version": "1.0.0",
+  "description": "Nyte.js is a high-level framework for building web applications with ease and speed. It provides a robust set of tools and features to streamline development and enhance productivity.",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "author": "itsmuzin",
+  "license": "Apache-2.0",
+  "keywords": [
+    "nightjs",
+    "nytejs",
+    "nyte",
+    "framework",
+    "web",
+    "typescript",
+    "react"
+  ],
+  "files": [
+    "dist",
+    "README.md",
+    "dist/global/global.d.ts",
+    "src"
+  ],
+  "bin": {
+    "nyte": "./dist/bin/nytejs.js"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.js"
+    },
+    "./react": {
+      "types": "./dist/client/client.d.ts",
+      "import": "./dist/client/client.js",
+      "require": "./dist/client/client.js"
+    },
+    "./helpers": {
+      "types": "./dist/helpers.d.ts",
+      "import": "./dist/helpers.js",
+      "require": "./dist/helpers.js"
+    },
+    "./global": {
+      "types": "./dist/global/global.d.ts"
+    },
+    "./eslint": {
+      "types": "./dist/eslint/index.d.ts",
+      "import": "./dist/eslint/index.js",
+      "require": "./dist/eslint/index.js"
+    }
+  },
+  "peerDependencies": {
+    "react": "^19.2.0",
+    "react-dom": "^19.2.0"
+  },
+  "dependencies": {
+    "@fastify/cookie": "^11.0.2",
+    "@fastify/formbody": "^8.0.2",
+    "boxen": "^8.0.1",
+    "chokidar": "^3.5.3",
+    "commander": "^14.0.1",
+    "cookie-parser": "^1.4.7",
+    "esbuild": "^0.25.10",
+    "express": "^4.0.0",
+    "fastify": "^5.6.1",
+    "framer-motion": "^12.23.22",
+    "fs-extra": "^11.3.2",
+    "ws": "^8.18.1"
+  },
+  "devDependencies": {
+    "@types/express": "^4.17.21",
+    "@types/fs-extra": "^11.0.4",
+    "@types/node": "^20.19.27",
+    "@types/react": "^19.2.0",
+    "@types/react-dom": "^19.2.0",
+    "@types/ws": "^8.18.1",
+    "jest": "^30.1.3",
+    "ts-jest": "^29.4.4",
+    "@types/jest": "^30.0.0",
+    "ts-loader": "^9.5.4",
+    "ts-node": "^10.9.2",
+    "typescript": "^5.9.3"
+  },
+  "scripts": {
+    "build": "tsc"
+  }
+}

package/src/adapters/express.ts

@@ -0,0 +1,87 @@
+/*
+ * This file is part of the Nyte.js Project.
+ * Copyright (c) 2026 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import type { Request as ExpressRequest, Response as ExpressResponse } from 'express';
+import { GenericRequest, GenericResponse, FrameworkAdapter, CookieOptions } from '../types/framework';
+
+export class ExpressAdapter implements FrameworkAdapter {
+    type = 'express' as const;
+
+    parseRequest(req: ExpressRequest): GenericRequest {
+
+        return {
+            method: req.method,
+            url: req.url,
+            headers: req.headers as Record<string, string | string[]>,
+            body: req.body,
+            query: req.query as Record<string, any>,
+            params: req.params,
+            cookies: req.cookies || {},
+            raw: req,
+        };
+    }
+
+    createResponse(res: ExpressResponse): GenericResponse {
+        return new ExpressResponseWrapper(res);
+    }
+}
+
+class ExpressResponseWrapper implements GenericResponse {
+    constructor(private res: ExpressResponse) {}
+
+    get raw() {
+        return this.res;
+    }
+
+    status(code: number): GenericResponse {
+        this.res.status(code);
+        return this;
+    }
+
+    header(name: string, value: string): GenericResponse {
+        this.res.setHeader(name, value);
+        return this;
+    }
+
+    cookie(name: string, value: string, options?: CookieOptions): GenericResponse {
+        this.res.cookie(name, value, options || {});
+        return this;
+    }
+
+    clearCookie(name: string, options?: CookieOptions): GenericResponse {
+        // Filter out the deprecated 'expires' option to avoid Express deprecation warning
+        const { expires, ...filteredOptions } = options || {};
+        this.res.clearCookie(name, filteredOptions);
+        return this;
+    }
+
+    json(data: any): void {
+        this.res.json(data);
+    }
+
+    text(data: string): void {
+        this.res.setHeader('Content-Type', 'text/plain; charset=utf-8');
+        this.res.send(data);
+    }
+
+    send(data: any): void {
+        this.res.send(data);
+    }
+
+    redirect(url: string): void {
+        this.res.redirect(url);
+    }
+}