npm - odac - Versions diffs - 0.9.0 → 1.0.0 - Mend

odac 0.9.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (208) hide show

package/.github/workflows/auto-pr-description.yml +0 -2
package/.github/workflows/codeql.yml +46 -0
package/.github/workflows/release.yml +13 -6
package/.github/workflows/test-coverage.yml +10 -9
package/.releaserc.js +9 -6
package/CHANGELOG.md +62 -150
package/CODE_OF_CONDUCT.md +1 -1
package/CONTRIBUTING.md +8 -8
package/LICENSE +21 -661
package/README.md +12 -12
package/SECURITY.md +4 -4
package/bin/odac.js +101 -0
package/{framework/web/candy.js → client/odac.js} +310 -44
package/docs/backend/01-overview/{01-whats-in-the-candy-box.md → 01-whats-in-the-odac-box.md} +4 -2
package/docs/backend/01-overview/02-super-handy-helper-functions.md +29 -1
package/docs/backend/01-overview/03-development-server.md +11 -11
package/docs/backend/02-structure/01-typical-project-layout.md +4 -4
package/docs/backend/03-config/00-configuration-overview.md +6 -6
package/docs/backend/03-config/01-database-connection.md +1 -1
package/docs/backend/03-config/02-static-route-mapping-optional.md +4 -4
package/docs/backend/03-config/04-environment-variables.md +20 -20
package/docs/backend/03-config/05-early-hints.md +4 -4
package/docs/backend/04-routing/01-basic-page-routes.md +4 -4
package/docs/backend/04-routing/02-controller-less-view-routes.md +5 -5
package/docs/backend/04-routing/03-api-and-data-routes.md +3 -3
package/docs/backend/04-routing/04-authentication-aware-routes.md +5 -5
package/docs/backend/04-routing/05-advanced-routing.md +3 -3
package/docs/backend/04-routing/06-error-pages.md +17 -17
package/docs/backend/04-routing/07-cron-jobs.md +13 -13
package/docs/backend/04-routing/08-middleware.md +214 -0
package/docs/backend/04-routing/09-websocket-auth-middleware.md +292 -0
package/docs/backend/04-routing/09-websocket-examples.md +381 -0
package/docs/backend/04-routing/09-websocket-quick-reference.md +211 -0
package/docs/backend/04-routing/09-websocket.md +298 -0
package/docs/backend/05-controllers/01-how-to-build-a-controller.md +3 -3
package/docs/backend/05-controllers/02-your-trusty-odac-assistant.md +41 -0
package/docs/backend/05-controllers/03-controller-classes.md +19 -19
package/docs/backend/05-forms/01-custom-forms.md +114 -114
package/docs/backend/05-forms/02-automatic-database-insert.md +82 -82
package/docs/backend/06-request-and-response/01-the-request-object-what-is-the-user-asking-for.md +26 -26
package/docs/backend/06-request-and-response/02-sending-a-response-replying-to-the-user.md +10 -10
package/docs/backend/07-views/01-the-view-directory.md +1 -1
package/docs/backend/07-views/02-rendering-a-view.md +22 -22
package/docs/backend/07-views/03-template-syntax.md +52 -52
package/docs/backend/07-views/03-variables.md +84 -84
package/docs/backend/07-views/04-request-data.md +57 -57
package/docs/backend/07-views/05-conditionals.md +78 -78
package/docs/backend/07-views/06-loops.md +114 -114
package/docs/backend/07-views/07-translations.md +66 -66
package/docs/backend/07-views/08-backend-javascript.md +103 -103
package/docs/backend/07-views/09-comments.md +71 -71
package/docs/backend/08-database/01-database-connection.md +8 -8
package/docs/backend/08-database/02-using-mysql.md +49 -49
package/docs/backend/09-validation/01-the-validator-service.md +38 -38
package/docs/backend/10-authentication/01-user-logins-with-authjs.md +15 -15
package/docs/backend/10-authentication/02-foiling-villains-with-csrf-protection.md +10 -10
package/docs/backend/10-authentication/03-register.md +12 -12
package/docs/backend/10-authentication/{04-candy-register-forms.md → 04-odac-register-forms.md} +141 -141
package/docs/backend/10-authentication/05-session-management.md +10 -10
package/docs/backend/10-authentication/{06-candy-login-forms.md → 06-odac-login-forms.md} +125 -125
package/docs/backend/11-mail/01-the-mail-service.md +5 -5
package/docs/backend/12-streaming/01-streaming-overview.md +96 -54
package/docs/backend/13-utilities/{01-candy-var.md → 01-odac-var.md} +109 -109
package/docs/frontend/01-overview/01-introduction.md +30 -30
package/docs/frontend/02-ajax-navigation/01-quick-start.md +45 -45
package/docs/frontend/02-ajax-navigation/02-configuration.md +14 -14
package/docs/frontend/02-ajax-navigation/03-advanced-usage.md +36 -36
package/docs/frontend/03-forms/01-form-handling.md +32 -32
package/docs/frontend/04-api-requests/01-get-post.md +33 -33
package/docs/frontend/05-streaming/01-client-streaming.md +15 -15
package/docs/frontend/06-websocket/00-overview.md +76 -0
package/docs/frontend/06-websocket/01-websocket-client.md +139 -0
package/docs/frontend/06-websocket/02-shared-websocket.md +149 -0
package/docs/index.json +49 -11
package/eslint.config.mjs +6 -6
package/{framework/index.js → index.js} +1 -1
package/package.json +14 -39
package/{framework/src → src}/Auth.js +59 -59
package/{framework/src → src}/Config.js +3 -3
package/{framework/src → src}/Lang.js +7 -7
package/{framework/src → src}/Mail.js +5 -5
package/{framework/src → src}/Mysql.js +42 -42
package/src/Odac.js +112 -0
package/{framework/src → src}/Request.js +38 -36
package/{framework/src → src}/Route/Internal.js +116 -116
package/src/Route/Middleware.js +75 -0
package/src/Route.js +621 -0
package/src/Server.js +22 -0
package/{framework/src → src}/Stream.js +11 -3
package/{framework/src → src}/Validator.js +21 -21
package/{framework/src → src}/Var.js +5 -5
package/{framework/src → src}/View/EarlyHints.js +1 -1
package/{framework/src → src}/View/Form.js +69 -69
package/{framework/src → src}/View.js +78 -81
package/src/WebSocket.js +403 -0
package/template/config.json +5 -0
package/{web → template}/controller/page/about.js +6 -6
package/{web → template}/controller/page/index.js +9 -9
package/{web → template}/package.json +4 -5
package/{web → template}/public/assets/css/style.css +4 -4
package/{web → template}/public/assets/js/app.js +6 -6
package/{web → template}/route/www.js +6 -6
package/{web → template}/skeleton/main.html +1 -1
package/{web → template}/view/content/about.html +5 -5
package/{web → template}/view/content/home.html +12 -12
package/template/view/footer/main.html +11 -0
package/{web → template}/view/head/main.html +1 -1
package/{web → template}/view/header/main.html +2 -2
package/test/core/Candy.test.js +58 -58
package/test/core/Commands.test.js +7 -7
package/test/core/Config.test.js +82 -85
package/test/core/Lang.test.js +2 -2
package/test/core/Process.test.js +6 -6
package/test/framework/Route.test.js +56 -37
package/test/framework/View/EarlyHints.test.js +2 -2
package/test/framework/WebSocket.test.js +100 -0
package/test/framework/middleware.test.js +85 -0
package/test/server/Api.test.js +31 -31
package/test/server/DNS.test.js +11 -11
package/test/server/Hub.test.js +497 -0
package/test/server/Mail.account.test_.js +3 -3
package/test/server/Mail.init.test_.js +10 -10
package/test/server/Mail.test_.js +20 -20
package/test/server/SSL.test_.js +54 -54
package/test/server/Server.test.js +39 -39
package/test/server/Service.test_.js +7 -7
package/test/server/Subdomain.test.js +7 -7
package/test/server/Web/Firewall.test.js +87 -87
package/test/server/Web/Proxy.test.js +397 -0
package/test/server/{Web.test_.js → Web.test.js} +137 -205
package/test/server/__mocks__/fs.js +2 -2
package/test/server/__mocks__/{globalCandy.js → globalOdac.js} +5 -5
package/test/server/__mocks__/index.js +6 -6
package/test/server/__mocks__/testFactories.js +1 -1
package/test/server/__mocks__/testHelpers.js +7 -7
package/.husky/pre-commit +0 -2
package/.kiro/steering/code-style.md +0 -56
package/.kiro/steering/product.md +0 -20
package/.kiro/steering/structure.md +0 -77
package/.kiro/steering/tech.md +0 -87
package/AGENTS.md +0 -84
package/bin/candy +0 -10
package/bin/candypack +0 -10
package/cli/index.js +0 -3
package/cli/src/Cli.js +0 -348
package/cli/src/Connector.js +0 -93
package/cli/src/Monitor.js +0 -416
package/core/Candy.js +0 -87
package/core/Commands.js +0 -239
package/core/Config.js +0 -1094
package/core/Lang.js +0 -52
package/core/Log.js +0 -43
package/core/Process.js +0 -26
package/docs/backend/05-controllers/02-your-trusty-candy-assistant.md +0 -20
package/docs/server/01-installation/01-quick-install.md +0 -19
package/docs/server/01-installation/02-manual-installation-via-npm.md +0 -9
package/docs/server/02-get-started/01-core-concepts.md +0 -7
package/docs/server/02-get-started/02-basic-commands.md +0 -57
package/docs/server/02-get-started/03-cli-reference.md +0 -276
package/docs/server/02-get-started/04-cli-quick-reference.md +0 -102
package/docs/server/03-service/01-start-a-new-service.md +0 -57
package/docs/server/03-service/02-delete-a-service.md +0 -48
package/docs/server/04-web/01-create-a-website.md +0 -36
package/docs/server/04-web/02-list-websites.md +0 -9
package/docs/server/04-web/03-delete-a-website.md +0 -29
package/docs/server/05-subdomain/01-create-a-subdomain.md +0 -32
package/docs/server/05-subdomain/02-list-subdomains.md +0 -33
package/docs/server/05-subdomain/03-delete-a-subdomain.md +0 -41
package/docs/server/06-ssl/01-renew-an-ssl-certificate.md +0 -34
package/docs/server/07-mail/01-create-a-mail-account.md +0 -23
package/docs/server/07-mail/02-delete-a-mail-account.md +0 -20
package/docs/server/07-mail/03-list-mail-accounts.md +0 -20
package/docs/server/07-mail/04-change-account-password.md +0 -23
package/framework/src/Candy.js +0 -81
package/framework/src/Route.js +0 -455
package/framework/src/Server.js +0 -15
package/locale/de-DE.json +0 -80
package/locale/en-US.json +0 -79
package/locale/es-ES.json +0 -80
package/locale/fr-FR.json +0 -80
package/locale/pt-BR.json +0 -80
package/locale/ru-RU.json +0 -80
package/locale/tr-TR.json +0 -85
package/locale/zh-CN.json +0 -80
package/server/index.js +0 -5
package/server/src/Api.js +0 -88
package/server/src/DNS.js +0 -940
package/server/src/Hub.js +0 -535
package/server/src/Mail.js +0 -571
package/server/src/SSL.js +0 -180
package/server/src/Server.js +0 -27
package/server/src/Service.js +0 -248
package/server/src/Subdomain.js +0 -64
package/server/src/Web/Firewall.js +0 -170
package/server/src/Web/Proxy.js +0 -134
package/server/src/Web.js +0 -451
package/server/src/mail/imap.js +0 -1091
package/server/src/mail/server.js +0 -32
package/server/src/mail/smtp.js +0 -786
package/test/server/Client.test.js +0 -338
package/test/server/__mocks__/http-proxy.js +0 -105
package/watchdog/index.js +0 -3
package/watchdog/src/Watchdog.js +0 -156
package/web/config.json +0 -5
package/web/view/footer/main.html +0 -11
/package/{framework/src → src}/Env.js +0 -0
/package/{framework/src → src}/Route/Cron.js +0 -0
/package/{framework/src → src}/Token.js +0 -0

package/docs/backend/04-routing/08-middleware.md ADDED Viewed

@@ -0,0 +1,214 @@
+## 🔗 Middleware
+Middleware allows you to run code before your controllers execute. Perfect for authentication, logging, rate limiting, and more.
+### Creating Middleware
+Create middleware files in the `middleware/` directory:
+```javascript
+// middleware/auth.js
+module.exports = async (Odac) => {
+  if (!await Odac.Auth.check()) {
+    return Odac.direct('/login')  // Redirect to login
+  }
+  // No return = continue to next middleware or controller
+}
+```
+**Middleware Rules:**
+- Return `false` → Stop execution (403 Forbidden)
+- Return `Odac.abort(code)` → Stop with custom error code
+- Return `Odac.direct(url)` → Stop and redirect
+- Return nothing or `true` → Continue to next middleware/controller
+### Using Middleware
+#### Single Route
+```javascript
+Odac.Route
+  .use('logger')
+  .page('/contact', 'contact')
+```
+#### Multiple Routes
+```javascript
+Odac.Route
+  .use('cors')
+  .page('/api/users', 'api.users')
+  .page('/api/posts', 'api.posts')
+  .get('/api/stats', 'api.stats')
+```
+#### Multiple Middlewares
+```javascript
+Odac.Route
+  .use('cors', 'rateLimit')
+  .post('/api/upload', 'api.upload')
+```
+#### With Auth Routes
+`Odac.Route.auth` already requires authentication. You can add additional middleware on top:
+```javascript
+// Admin-only routes (requires login + admin role)
+Odac.Route.auth
+  .use('admin')
+  .page('/admin/dashboard', 'admin.dashboard')
+  .page('/admin/users', 'admin.users')
+  .post('/admin/settings', 'admin.settings')
+```
+```javascript
+// Premium user routes (requires login + premium subscription)
+Odac.Route.auth
+  .use('premium')
+  .page('/premium/content', 'premium.content')
+  .page('/premium/downloads', 'premium.downloads')
+```
+```javascript
+// Multiple middlewares with auth
+Odac.Route.auth
+  .use('verified', 'rateLimit')
+  .post('/api/sensitive', 'api.sensitive')
+```
+### Middleware Examples
+#### Authentication
+```javascript
+// middleware/auth.js
+module.exports = async (Odac) => {
+  if (!await Odac.Auth.check()) {
+    return Odac.direct('/login')
+  }
+}
+```
+#### Admin Check
+```javascript
+// middleware/admin.js
+module.exports = async (Odac) => {
+  const user = await Odac.Auth.user()
+  if (!user || user.role !== 'admin') {
+    return false  // 403 Forbidden
+  }
+}
+```
+#### CORS Headers
+```javascript
+// middleware/cors.js
+module.exports = async (Odac) => {
+  Odac.Request.header('Access-Control-Allow-Origin', '*')
+  Odac.Request.header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE')
+}
+```
+#### Rate Limiting
+```javascript
+// middleware/rateLimit.js
+const requests = new Map()
+let lastCleanup = Date.now()
+module.exports = async (Odac) => {
+  const ip = Odac.Request.ip
+  const now = Date.now()
+  const limit = 100
+  const window = 60000
+  if (now - lastCleanup > window) {
+    for (const [key, times] of requests.entries()) {
+      const recent = times.filter(time => now - time < window)
+      if (recent.length === 0) {
+        requests.delete(key)
+      } else {
+        requests.set(key, recent)
+      }
+    }
+    lastCleanup = now
+  }
+  if (!requests.has(ip)) {
+    requests.set(ip, [])
+  }
+  const userRequests = requests.get(ip).filter(time => now - time < window)
+  if (userRequests.length >= limit) {
+    return Odac.abort(429, 'Too many requests')
+  }
+  userRequests.push(now)
+  requests.set(ip, userRequests)
+}
+```
+> **Note:** This example uses in-memory storage for simplicity. For production environments with multiple server instances, consider using Redis or Memcached for distributed rate limiting.
+#### Premium Check with View
+```javascript
+// middleware/premium.js
+module.exports = async (Odac) => {
+  const user = await Odac.Auth.user()
+  if (!user.isPremium) {
+    return Odac.View.render('premium/upgrade', {
+      user: user,
+      currentPage: Odac.Request.url
+    })
+  }
+}
+```
+#### Logging
+```javascript
+// middleware/logger.js
+module.exports = async (Odac) => {
+  console.log(`${Odac.Request.method} ${Odac.Request.url}`)
+}
+```
+#### Inline Middleware
+```javascript
+Odac.Route
+  .use(async (Odac) => {
+    console.log('Custom middleware')
+  })
+  .page('/special', 'special')
+```
+### Complete Example
+```javascript
+// route/www.js
+// Public routes
+Odac.Route.page('/', 'index')
+Odac.Route.page('/about', 'about')
+// API routes with CORS
+Odac.Route
+  .use('cors', 'rateLimit')
+  .get('/api/public', 'api.public')
+  .post('/api/contact', 'api.contact')
+// User routes (requires login)
+Odac.Route.auth
+  .page('/profile', 'profile')
+  .page('/settings', 'settings')
+  .post('/api/update', 'update')
+// Admin routes (requires login + admin role)
+Odac.Route.auth
+  .use('admin')
+  .page('/admin', 'admin.index')
+  .page('/admin/users', 'admin.users')
+  .post('/admin/delete', 'admin.delete')
+```
+### Hot Reloading
+Middleware files are automatically reloaded when changed (every 5 seconds), just like controllers and routes. No server restart needed during development.

package/docs/backend/04-routing/09-websocket-auth-middleware.md ADDED Viewed

@@ -0,0 +1,292 @@
+# WebSocket Authentication & Middleware
+Advanced authentication and middleware patterns for WebSocket routes.
+## Authentication Methods
+### 1. Using auth.ws() (Recommended)
+The simplest way to require authentication:
+```javascript
+Odac.Route.auth.ws('/secure', async Odac => {
+  const user = await Odac.Auth.user()
+  Odac.ws.send({
+    type: 'authenticated',
+    user: user.name
+  })
+})
+```
+**Behavior:**
+- Automatically checks authentication before handler runs
+- Closes connection with code `4001` if not authenticated
+- No need for manual auth checks
+### 2. Manual Authentication Check
+For custom authentication logic:
+```javascript
+Odac.Route.ws('/custom-auth', async Odac => {
+  const token = Odac.Request.header('Authorization')
+  if (!token) {
+    Odac.ws.close(4001, 'Missing token')
+    return
+  }
+  const user = await validateCustomToken(token)
+  if (!user) {
+    Odac.ws.close(4001, 'Invalid token')
+    return
+  }
+  Odac.ws.data.user = user
+  Odac.ws.send({type: 'authenticated'})
+})
+```
+## Middleware Support
+### Basic Middleware
+```javascript
+Odac.Route.use('rate-limit').ws('/chat', Odac => {
+  Odac.ws.send({type: 'connected'})
+})
+```
+### Multiple Middleware
+Middleware runs in order:
+```javascript
+Odac.Route.use('auth', 'rate-limit', 'log').ws('/chat', Odac => {
+  Odac.ws.send({type: 'ready'})
+})
+```
+### Creating WebSocket Middleware
+**middleware/websocket-rate-limit.js:**
+```javascript
+const connections = new Map()
+const RATE_LIMIT = 5
+const WINDOW = 60000
+module.exports = async Odac => {
+  const ip = Odac.Request.ip
+  const now = Date.now()
+  if (!connections.has(ip)) {
+    connections.set(ip, [])
+  }
+  const userConnections = connections.get(ip)
+  const recentConnections = userConnections.filter(time => now - time < WINDOW)
+  if (recentConnections.length >= RATE_LIMIT) {
+    return false
+  }
+  recentConnections.push(now)
+  connections.set(ip, recentConnections)
+  return true
+}
+```
+**Usage:**
+```javascript
+Odac.Route.use('websocket-rate-limit').ws('/chat', Odac => {
+  Odac.ws.send({type: 'connected'})
+})
+```
+### Middleware Return Values
+| Return Value | Behavior |
+|--------------|----------|
+| `true` or `undefined` | Continue to next middleware/handler |
+| `false` | Close connection with code `4003` (Forbidden) |
+| Any other value | Close connection with code `4000` |
+### Advanced Middleware Example
+**middleware/websocket-auth.js:**
+```javascript
+module.exports = async Odac => {
+  const token = Odac.Request.header('X-WS-Token')
+  if (!token) {
+    console.log('WebSocket connection rejected: No token')
+    return false
+  }
+  try {
+    const user = await verifyToken(token)
+    if (!user) {
+      console.log('WebSocket connection rejected: Invalid token')
+      return false
+    }
+    Odac.Auth.setUser(user)
+    return true
+  } catch (error) {
+    console.error('WebSocket auth error:', error)
+    return false
+  }
+}
+```
+## Combining Auth and Middleware
+You can combine `auth.ws()` with middleware:
+```javascript
+// This won't work - auth.ws() doesn't support chaining
+// Odac.Route.use('rate-limit').auth.ws('/chat', handler)
+// Instead, use middleware that includes auth check
+Odac.Route.use('websocket-auth', 'rate-limit').ws('/chat', Odac => {
+  const user = Odac.Auth.user()
+  Odac.ws.send({user: user.name})
+})
+// Or use auth.ws() without middleware
+Odac.Route.auth.ws('/chat', Odac => {
+  const user = Odac.Auth.user()
+  Odac.ws.send({user: user.name})
+})
+```
+## Real-World Examples
+### Rate-Limited Chat
+```javascript
+// middleware/chat-rate-limit.js
+const userMessages = new Map()
+module.exports = async Odac => {
+  const user = await Odac.Auth.user()
+  if (!user) return false
+  const userId = user.id
+  const now = Date.now()
+  if (!userMessages.has(userId)) {
+    userMessages.set(userId, [])
+  }
+  const messages = userMessages.get(userId)
+  const recentMessages = messages.filter(time => now - time < 10000)
+  if (recentMessages.length >= 10) {
+    return false
+  }
+  recentMessages.push(now)
+  userMessages.set(userId, recentMessages)
+  return true
+}
+// route/websocket.js
+Odac.Route.use('chat-rate-limit').auth.ws('/chat', async Odac => {
+  const user = await Odac.Auth.user()
+  Odac.ws.join('general')
+  Odac.ws.on('message', data => {
+    Odac.ws.to('general').send({
+      user: user.name,
+      text: data.text
+    })
+  })
+})
+```
+### Admin-Only WebSocket
+```javascript
+// middleware/admin-only.js
+module.exports = async Odac => {
+  const user = await Odac.Auth.user()
+  if (!user || !user.isAdmin) {
+    return false
+  }
+  return true
+}
+// route/websocket.js
+Odac.Route.use('admin-only').ws('/admin-dashboard', Odac => {
+  const sendStats = async () => {
+    const stats = await getSystemStats()
+    Odac.ws.send({type: 'stats', data: stats})
+  }
+  sendStats()
+  const interval = setInterval(sendStats, 5000)
+  Odac.ws.on('close', () => clearInterval(interval))
+})
+```
+### IP Whitelist
+```javascript
+// middleware/ip-whitelist.js
+const ALLOWED_IPS = ['127.0.0.1', '192.168.1.100']
+module.exports = async Odac => {
+  const ip = Odac.Request.ip
+  if (!ALLOWED_IPS.includes(ip)) {
+    console.log(`WebSocket connection rejected from ${ip}`)
+    return false
+  }
+  return true
+}
+// route/websocket.js
+Odac.Route.use('ip-whitelist').ws('/internal', Odac => {
+  Odac.ws.send({type: 'internal-access-granted'})
+})
+```
+## Error Handling
+Middleware errors should be handled gracefully:
+```javascript
+module.exports = async Odac => {
+  try {
+    const result = await someAsyncOperation()
+    return result.isValid
+  } catch (error) {
+    console.error('Middleware error:', error)
+    return false
+  }
+}
+```
+## Best Practices
+1. **Always return a value** from middleware (true/false/undefined)
+2. **Log rejections** for debugging
+3. **Clean up resources** in middleware if needed
+4. **Use auth.ws()** for simple authentication
+5. **Use middleware** for complex logic (rate limiting, logging, etc.)
+6. **Combine middleware** for layered security
+7. **Test middleware** independently before using in routes