nyte 1.0.0

package/src/rpc/server.ts

@@ -0,0 +1,190 @@
+/*
+ * This file is part of the Nyte.js Project.
+ * Copyright (c) 2026 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import fs from 'fs';
+import path from 'path';
+import { RpcRequestPayload, RpcResponsePayload } from './types';
+import { NyteRequest } from '../api/http';
+import type { GenericRequest } from '../types/framework';
+
+const DEFAULT_ALLOWED_SERVER_DIRS = ['src/backend'] as const;
+
+function normalizeToPosix(p: string): string {
+    return p.replace(/\\/g, '/');
+}
+
+function isDisallowedPathInput(file: string): boolean {
+    if (!file) return true;
+    if (file.includes('\u0000')) return true;
+    // disallow protocol-like or absolute paths (Windows drive letters included)
+    if (/^[a-zA-Z]+:/.test(file)) return true;
+    if (file.startsWith('/') || file.startsWith('\\')) return true;
+    return false;
+}
+
+function validatePayload(payload: any): payload is RpcRequestPayload {
+    return (
+        payload &&
+        typeof payload === 'object' &&
+        typeof payload.file === 'string' &&
+        typeof payload.fn === 'string' &&
+        Array.isArray(payload.args)
+    );
+}
+
+export interface RpcExecutionContext {
+    /** absolute project root (same as options.dir in start()) */
+    projectDir: string;
+    /** allow override for tests */
+    allowedServerDirs?: string[];
+    /** real incoming request (so cookies/headers/session work) */
+    request?: GenericRequest;
+}
+
+function tryResolveWithinAllowedDirs(projectDir: string, allowedDirs: string[], requestedFile: string): string | null {
+    const req = requestedFile.replace(/\\/g, '/').replace(/^\.(?:\/|\\)/, '');
+
+    for (const d of allowedDirs) {
+        const baseAbs = path.resolve(projectDir, d);
+
+        // Interpret client path as relative to src/web (where it's typically authored)
+        const fromWebAbs = path.resolve(projectDir, 'src/web', req);
+
+        // Map: <project>/src/backend/*  (coming from ../../backend/* from web code)
+        const mappedFromWebAbs = fromWebAbs.replace(
+            path.resolve(projectDir, 'backend') + path.sep,
+            path.resolve(projectDir, 'src', 'backend') + path.sep
+        );
+
+        // Also accept callers passing a backend-relative path like "./auth" or "auth"
+        const fromBackendAbs = path.resolve(baseAbs, req);
+
+        const candidateAbsList = [mappedFromWebAbs, fromBackendAbs];
+
+        for (const candidateAbs of candidateAbsList) {
+            const baseWithSep = baseAbs.endsWith(path.sep) ? baseAbs : baseAbs + path.sep;
+            if (!candidateAbs.startsWith(baseWithSep) && candidateAbs !== baseAbs) continue;
+            if (!fs.existsSync(baseAbs)) continue;
+            return candidateAbs;
+        }
+    }
+
+    return null;
+}
+
+function toCookies(cookieHeader: string | undefined): Record<string, string> {
+    if (!cookieHeader) return {};
+    const out: Record<string, string> = {};
+    for (const part of cookieHeader.split(';')) {
+        const idx = part.indexOf('=');
+        if (idx === -1) continue;
+        const k = part.slice(0, idx).trim();
+        const v = part.slice(idx + 1).trim();
+        if (k) out[k] = v;
+    }
+    return out;
+}
+
+// Keep this for fallback when ctx.request isn't provided
+function buildRpcRequestFromPayload(payload: RpcRequestPayload): NyteRequest {
+    const headers: Record<string, string | string[]> = {};
+    const rawHeaders = payload.request?.headers || {};
+    for (const [k, v] of Object.entries(rawHeaders)) {
+        headers[k.toLowerCase()] = v;
+    }
+
+    const cookieHeader = (headers['cookie'] as string | undefined) ?? undefined;
+
+    const req: GenericRequest = {
+        method: payload.request?.method || 'RPC',
+        url: payload.request?.url || 'http://localhost/_rpc',
+        headers,
+        body: null,
+        query: {},
+        params: {},
+        cookies: payload.request?.cookies || toCookies(cookieHeader),
+        raw: null
+    };
+
+    return new NyteRequest(req);
+}
+
+export async function executeRpc(ctx: RpcExecutionContext, payload: any): Promise<RpcResponsePayload> {
+    try {
+        if (!validatePayload(payload)) {
+            return { success: false, error: 'Invalid RPC payload' };
+        }
+
+        const fileInput = payload.file;
+        if (isDisallowedPathInput(fileInput)) {
+            return { success: false, error: 'Invalid file path' };
+        }
+
+        const allowedDirs = (ctx.allowedServerDirs || [...DEFAULT_ALLOWED_SERVER_DIRS]).map(normalizeToPosix);
+        const absFile = tryResolveWithinAllowedDirs(ctx.projectDir, allowedDirs, fileInput);
+        if (!absFile) {
+            return { success: false, error: 'File not allowed for RPC' };
+        }
+
+        if (!absFile.startsWith(path.resolve(ctx.projectDir) + path.sep)) {
+            return { success: false, error: 'Invalid file path' };
+        }
+
+        // Ensure fresh code in dev
+        try {
+            const resolved = require.resolve(absFile);
+            if (require.cache[resolved]) delete require.cache[resolved];
+        } catch {
+            // ignore
+        }
+
+        let mod: any;
+        try {
+            mod = require(absFile);
+        } catch {
+            // try again letting require do extension resolution from absFile without explicit extension
+            try {
+                mod = require(absFile);
+            } catch {
+                return { success: false, error: 'RPC file not found' };
+            }
+        }
+
+        // Support multiple TS/CJS interop shapes:
+        // - module.exports.fn
+        // - exports.fn
+        // - module.exports.default (function)
+        // - module.exports.default.fn
+        const fnName = payload.fn;
+        const fnValue =
+            (mod && typeof mod[fnName] === 'function' && mod[fnName]) ||
+            (mod?.default && typeof mod.default === 'function' && fnName === 'default' && mod.default) ||
+            (mod?.default && typeof mod.default[fnName] === 'function' && mod.default[fnName]) ||
+            undefined;
+
+        if (typeof fnValue !== 'function') {
+            return { success: false, error: `RPC function not found: ${fnName}` };
+        }
+
+        const rpcRequest = ctx.request ? new NyteRequest(ctx.request) : buildRpcRequestFromPayload(payload);
+        const result = await fnValue(rpcRequest, ...payload.args);
+        return { success: true, return: result };
+    } catch (err: any) {
+        const message = typeof err?.message === 'string' ? err.message : 'Unknown RPC error';
+        return { success: false, error: message };
+    }
+}

package/src/rpc/types.ts

@@ -0,0 +1,45 @@
+/*
+ * This file is part of the Nyte.js Project.
+ * Copyright (c) 2026 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export const RPC_ENDPOINT = '/api/rpc' as const;
+
+export type RpcArgs = unknown[];
+
+export interface RpcRequestPayload {
+    file: string;
+    fn: string;
+    args: RpcArgs;
+
+    request?: {
+        url?: string;
+        method?: string;
+        headers?: Record<string, string>;
+        cookies?: Record<string, string>;
+    };
+}
+
+export type RpcSuccessResponse = {
+    success: true;
+    return: unknown;
+};
+
+export type RpcErrorResponse = {
+    success: false;
+    error: string;
+};
+
+export type RpcResponsePayload = RpcSuccessResponse | RpcErrorResponse;

package/src/types/framework.ts

@@ -0,0 +1,58 @@
+/*
+ * This file is part of the Nyte.js Project.
+ * Copyright (c) 2026 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Tipos genéricos para abstrair diferentes frameworks web
+export interface GenericRequest {
+    method: string;
+    url: string;
+    headers: Record<string, string | string[]>;
+    body?: any;
+    query?: Record<string, any>;
+    params?: Record<string, string>;
+    cookies?: Record<string, string>;
+    raw?: any; // Requisição original do framework
+}
+
+export interface GenericResponse {
+    status(code: number): GenericResponse;
+    header(name: string, value: string): GenericResponse;
+    cookie(name: string, value: string, options?: CookieOptions): GenericResponse;
+    clearCookie(name: string, options?: CookieOptions): GenericResponse;
+    json(data: any): void;
+    text(data: string): void;
+    send(data: any): void;
+    redirect(url: string): void;
+    raw?: any; // Resposta original do framework
+}
+
+export interface CookieOptions {
+    domain?: string;
+    expires?: Date;
+    httpOnly?: boolean;
+    maxAge?: number;
+    path?: string;
+    secure?: boolean;
+    signed?: boolean;
+    sameSite?: boolean | 'lax' | 'strict' | 'none';
+}
+
+export type FrameworkType = 'express' | 'fastify' | 'native';
+
+export interface FrameworkAdapter {
+    type: FrameworkType;
+    parseRequest(req: any): GenericRequest;
+    createResponse(res: any): GenericResponse;
+}

package/src/types.ts

@@ -0,0 +1,288 @@
+/*
+ * This file is part of the Nyte.js Project.
+ * Copyright (c) 2026 itsmuzin
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import type { ComponentType } from 'react';
+import type { GenericRequest } from './types/framework';
+import {NyteRequest, NyteResponse} from "./api/http";
+import { WebSocket } from 'ws';
+import { IncomingMessage } from 'http';
+
+// Interface do contexto WebSocket simplificada
+export interface WebSocketContext {
+    ws: WebSocket;
+    req: IncomingMessage;
+    nyteReq: NyteRequest;
+    url: URL;
+    params: Record<string, string>;
+    query: Record<string, string>;
+    send: (data: any) => void;
+    close: (code?: number, reason?: string) => void;
+    broadcast: (data: any, exclude?: WebSocket[]) => void;
+}
+
+// --- Tipos do Frontend (sem alteração) ---
+export interface NyteOptions {
+    dev?: boolean;
+    hostname?: string;
+    port?: number;
+    dir?: string;
+    framework?: 'express' | 'fastify' | 'native';
+    ssl?: {
+        redirectPort: number;
+        key: string;
+        cert: string;
+        ca?: string;
+    };
+}
+
+// --- Tipos de Configuração ---
+
+/**
+ * Interface para as configurações avançadas do servidor NyteJS.
+ * Essas configurações podem ser definidas no arquivo nytejs.config.js
+ */
+export interface NyteConfig {
+    /**
+     * Limita o número máximo de headers HTTP permitidos por requisição.
+     * Padrão: 100
+     */
+    maxHeadersCount?: number;
+
+    /**
+     * Timeout em milissegundos para receber os headers HTTP.
+     * Padrão: 60000 (60 segundos)
+     */
+    headersTimeout?: number;
+
+    /**
+     * Timeout em milissegundos para uma requisição completa.
+     * Padrão: 30000 (30 segundos)
+     */
+    requestTimeout?: number;
+
+    /**
+     * Timeout geral do servidor em milissegundos.
+     * Padrão: 35000 (35 segundos)
+     */
+    serverTimeout?: number;
+
+    /**
+     * Timeout por requisição individual em milissegundos.
+     * Padrão: 30000 (30 segundos)
+     */
+    individualRequestTimeout?: number;
+
+    /**
+     * Tamanho máximo permitido para a URL em caracteres.
+     * Padrão: 2048
+     */
+    maxUrlLength?: number;
+
+    /**
+     * Habilita o log de acesso HTTP (ex: GET /api/users 200 15ms).
+     * Padrão: false
+     */
+    accessLogging?: boolean;
+
+    /**
+     * Configurações de CORS (Cross-Origin Resource Sharing).
+     * Define quais origens podem acessar seus recursos.
+     */
+    cors?: {
+        /**
+         * Origens permitidas. Pode ser:
+         * - Uma string específica: 'https://exemplo.com'
+         * - Um array de strings: ['https://exemplo.com', 'https://outro.com']
+         * - Um wildcard: '*' (permite todas as origens - não recomendado em produção)
+         * - Uma função que retorna boolean: (origin) => origin.endsWith('.exemplo.com')
+         */
+        origin?: string | string[] | ((origin: string) => boolean);
+
+        /**
+         * Métodos HTTP permitidos.
+         * Padrão: ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS']
+         */
+        methods?: string[];
+
+        /**
+         * Headers permitidos nas requisições.
+         * Padrão: ['Content-Type', 'Authorization']
+         */
+        allowedHeaders?: string[];
+
+        /**
+         * Headers que serão expostos ao cliente.
+         * Padrão: []
+         */
+        exposedHeaders?: string[];
+
+        /**
+         * Permite o envio de credenciais (cookies, headers de autenticação).
+         * Padrão: false
+         */
+        credentials?: boolean;
+
+        /**
+         * Tempo em segundos que o navegador deve cachear a resposta preflight.
+         * Padrão: 86400 (24 horas)
+         */
+        maxAge?: number;
+
+        /**
+         * Habilita ou desabilita completamente o CORS.
+         * Padrão: false
+         */
+        enabled?: boolean;
+    };
+
+    /**
+     * Configurações de segurança de headers HTTP.
+     */
+    security?: {
+        /**
+         * Content-Security-Policy: Define de onde o navegador pode carregar recursos.
+         * Exemplo: "default-src 'self'; script-src 'self' 'unsafe-inline'"
+         */
+        contentSecurityPolicy?: string;
+
+        /**
+         * Permissions-Policy: Controla quais recursos e APIs o navegador pode usar.
+         * Exemplo: "geolocation=(), microphone=()"
+         */
+        permissionsPolicy?: string;
+
+        /**
+         * Strict-Transport-Security: Força o uso de HTTPS.
+         * Padrão (quando SSL ativo): "max-age=31536000; includeSubDomains"
+         * Exemplo: "max-age=63072000; includeSubDomains; preload"
+         */
+        strictTransportSecurity?: string;
+    };
+
+    /**
+     * Headers HTTP personalizados que serão adicionados a todas as respostas.
+     * Exemplo: { 'X-Custom-Header': 'value', 'X-Powered-By': 'Nyte.js' }
+     */
+    customHeaders?: Record<string, string>;
+}
+
+/**
+ * Tipo da função de configuração que pode ser exportada no nytejs.config.js
+ */
+export type NyteConfigFunction = (
+    phase: string,
+    context: { defaultConfig: NyteConfig }
+) => NyteConfig | Promise<NyteConfig>;
+
+export interface Metadata {
+    // Basic metadata
+    title?: string;
+    description?: string;
+    keywords?: string | string[];
+    author?: string;
+    favicon?: string;
+
+    // Viewport and mobile
+    viewport?: string;
+    themeColor?: string;
+
+    // SEO
+    canonical?: string;
+    robots?: string;
+
+    // Open Graph (Facebook, LinkedIn, etc.)
+    openGraph?: {
+        title?: string;
+        description?: string;
+        type?: string;
+        url?: string;
+        image?: string | {
+            url: string;
+            width?: number;
+            height?: number;
+            alt?: string;
+        };
+        siteName?: string;
+        locale?: string;
+    };
+
+    // Twitter Card
+    twitter?: {
+        card?: 'summary' | 'summary_large_image' | 'app' | 'player';
+        site?: string;
+        creator?: string;
+        title?: string;
+        description?: string;
+        image?: string;
+        imageAlt?: string;
+    };
+
+    // Additional metadata
+    language?: string;
+    charset?: string;
+    appleTouchIcon?: string;
+    manifest?: string;
+
+    // Custom meta tags
+    other?: Record<string, string>;
+}
+
+
+export interface RouteConfig {
+    pattern: string;
+    component: ComponentType<any>;
+    generateMetadata?: (params: any, req: GenericRequest) => Promise<Metadata> | Metadata;
+}
+export type RequestHandler = (req: any, res: any) => Promise<void>;
+
+// --- NOVO: Tipos do Backend ---
+
+/**
+ * Define o formato de uma função que manipula uma rota da API.
+ */
+export type BackendHandler = (
+    request: NyteRequest, // HWebRequest será importado onde necessário
+    params: { [key: string]: string }
+) => Promise<NyteResponse> | NyteResponse; // HWebResponse será importado onde necessário
+
+
+
+export type NyteMiddleware = (
+    request: NyteRequest, // HWebRequest será importado onde necessário
+    params: { [key: string]: string },
+    next: () => Promise<NyteResponse>
+) => Promise<NyteResponse> | NyteResponse; // HWebResponse será importado onde necessário
+
+
+/**
+ * Define o formato de uma função que manipula uma rota WebSocket.
+ */
+export type WebSocketHandler = (
+    context: WebSocketContext
+) => Promise<void> | void;
+
+/**
+ * Define a estrutura de cada rota da API, com suporte para métodos HTTP e WebSocket.
+ */
+export interface BackendRouteConfig {
+    pattern: string;
+    GET?: BackendHandler;
+    POST?: BackendHandler;
+    PUT?: BackendHandler;
+    DELETE?: BackendHandler;
+    WS?: WebSocketHandler; // Suporte para WebSocket
+    middleware?: NyteMiddleware[]; // Permite adicionar middlewares específicos à rota
+}