npm - odac - Versions diffs - 0.9.0 - Mend

odac 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (213) hide show

package/.editorconfig +21 -0
package/.github/workflows/auto-pr-description.yml +49 -0
package/.github/workflows/release.yml +32 -0
package/.github/workflows/test-coverage.yml +58 -0
package/.husky/pre-commit +2 -0
package/.kiro/steering/code-style.md +56 -0
package/.kiro/steering/product.md +20 -0
package/.kiro/steering/structure.md +77 -0
package/.kiro/steering/tech.md +87 -0
package/.prettierrc +10 -0
package/.releaserc.js +134 -0
package/AGENTS.md +84 -0
package/CHANGELOG.md +181 -0
package/CODE_OF_CONDUCT.md +83 -0
package/CONTRIBUTING.md +63 -0
package/LICENSE +661 -0
package/README.md +57 -0
package/SECURITY.md +26 -0
package/bin/candy +10 -0
package/bin/candypack +10 -0
package/cli/index.js +3 -0
package/cli/src/Cli.js +348 -0
package/cli/src/Connector.js +93 -0
package/cli/src/Monitor.js +416 -0
package/core/Candy.js +87 -0
package/core/Commands.js +239 -0
package/core/Config.js +1094 -0
package/core/Lang.js +52 -0
package/core/Log.js +43 -0
package/core/Process.js +26 -0
package/docs/backend/01-overview/01-whats-in-the-candy-box.md +9 -0
package/docs/backend/01-overview/02-super-handy-helper-functions.md +9 -0
package/docs/backend/01-overview/03-development-server.md +79 -0
package/docs/backend/02-structure/01-typical-project-layout.md +39 -0
package/docs/backend/03-config/00-configuration-overview.md +214 -0
package/docs/backend/03-config/01-database-connection.md +60 -0
package/docs/backend/03-config/02-static-route-mapping-optional.md +20 -0
package/docs/backend/03-config/03-request-timeout.md +11 -0
package/docs/backend/03-config/04-environment-variables.md +227 -0
package/docs/backend/03-config/05-early-hints.md +352 -0
package/docs/backend/04-routing/01-basic-page-routes.md +28 -0
package/docs/backend/04-routing/02-controller-less-view-routes.md +43 -0
package/docs/backend/04-routing/03-api-and-data-routes.md +20 -0
package/docs/backend/04-routing/04-authentication-aware-routes.md +48 -0
package/docs/backend/04-routing/05-advanced-routing.md +14 -0
package/docs/backend/04-routing/06-error-pages.md +101 -0
package/docs/backend/04-routing/07-cron-jobs.md +149 -0
package/docs/backend/05-controllers/01-how-to-build-a-controller.md +17 -0
package/docs/backend/05-controllers/02-your-trusty-candy-assistant.md +20 -0
package/docs/backend/05-controllers/03-controller-classes.md +93 -0
package/docs/backend/05-forms/01-custom-forms.md +395 -0
package/docs/backend/05-forms/02-automatic-database-insert.md +297 -0
package/docs/backend/06-request-and-response/01-the-request-object-what-is-the-user-asking-for.md +96 -0
package/docs/backend/06-request-and-response/02-sending-a-response-replying-to-the-user.md +40 -0
package/docs/backend/07-views/01-the-view-directory.md +73 -0
package/docs/backend/07-views/02-rendering-a-view.md +179 -0
package/docs/backend/07-views/03-template-syntax.md +181 -0
package/docs/backend/07-views/03-variables.md +328 -0
package/docs/backend/07-views/04-request-data.md +231 -0
package/docs/backend/07-views/05-conditionals.md +290 -0
package/docs/backend/07-views/06-loops.md +353 -0
package/docs/backend/07-views/07-translations.md +358 -0
package/docs/backend/07-views/08-backend-javascript.md +398 -0
package/docs/backend/07-views/09-comments.md +297 -0
package/docs/backend/08-database/01-database-connection.md +99 -0
package/docs/backend/08-database/02-using-mysql.md +322 -0
package/docs/backend/09-validation/01-the-validator-service.md +424 -0
package/docs/backend/10-authentication/01-user-logins-with-authjs.md +53 -0
package/docs/backend/10-authentication/02-foiling-villains-with-csrf-protection.md +55 -0
package/docs/backend/10-authentication/03-register.md +134 -0
package/docs/backend/10-authentication/04-candy-register-forms.md +676 -0
package/docs/backend/10-authentication/05-session-management.md +159 -0
package/docs/backend/10-authentication/06-candy-login-forms.md +596 -0
package/docs/backend/11-mail/01-the-mail-service.md +42 -0
package/docs/backend/12-streaming/01-streaming-overview.md +300 -0
package/docs/backend/13-utilities/01-candy-var.md +504 -0
package/docs/frontend/01-overview/01-introduction.md +146 -0
package/docs/frontend/02-ajax-navigation/01-quick-start.md +608 -0
package/docs/frontend/02-ajax-navigation/02-configuration.md +370 -0
package/docs/frontend/02-ajax-navigation/03-advanced-usage.md +519 -0
package/docs/frontend/03-forms/01-form-handling.md +420 -0
package/docs/frontend/04-api-requests/01-get-post.md +443 -0
package/docs/frontend/05-streaming/01-client-streaming.md +163 -0
package/docs/index.json +452 -0
package/docs/server/01-installation/01-quick-install.md +19 -0
package/docs/server/01-installation/02-manual-installation-via-npm.md +9 -0
package/docs/server/02-get-started/01-core-concepts.md +7 -0
package/docs/server/02-get-started/02-basic-commands.md +57 -0
package/docs/server/02-get-started/03-cli-reference.md +276 -0
package/docs/server/02-get-started/04-cli-quick-reference.md +102 -0
package/docs/server/03-service/01-start-a-new-service.md +57 -0
package/docs/server/03-service/02-delete-a-service.md +48 -0
package/docs/server/04-web/01-create-a-website.md +36 -0
package/docs/server/04-web/02-list-websites.md +9 -0
package/docs/server/04-web/03-delete-a-website.md +29 -0
package/docs/server/05-subdomain/01-create-a-subdomain.md +32 -0
package/docs/server/05-subdomain/02-list-subdomains.md +33 -0
package/docs/server/05-subdomain/03-delete-a-subdomain.md +41 -0
package/docs/server/06-ssl/01-renew-an-ssl-certificate.md +34 -0
package/docs/server/07-mail/01-create-a-mail-account.md +23 -0
package/docs/server/07-mail/02-delete-a-mail-account.md +20 -0
package/docs/server/07-mail/03-list-mail-accounts.md +20 -0
package/docs/server/07-mail/04-change-account-password.md +23 -0
package/eslint.config.mjs +120 -0
package/framework/index.js +4 -0
package/framework/src/Auth.js +309 -0
package/framework/src/Candy.js +81 -0
package/framework/src/Config.js +79 -0
package/framework/src/Env.js +60 -0
package/framework/src/Lang.js +57 -0
package/framework/src/Mail.js +83 -0
package/framework/src/Mysql.js +575 -0
package/framework/src/Request.js +301 -0
package/framework/src/Route/Cron.js +128 -0
package/framework/src/Route/Internal.js +439 -0
package/framework/src/Route.js +455 -0
package/framework/src/Server.js +15 -0
package/framework/src/Stream.js +163 -0
package/framework/src/Token.js +37 -0
package/framework/src/Validator.js +271 -0
package/framework/src/Var.js +211 -0
package/framework/src/View/EarlyHints.js +190 -0
package/framework/src/View/Form.js +600 -0
package/framework/src/View.js +513 -0
package/framework/web/candy.js +838 -0
package/jest.config.js +22 -0
package/locale/de-DE.json +80 -0
package/locale/en-US.json +79 -0
package/locale/es-ES.json +80 -0
package/locale/fr-FR.json +80 -0
package/locale/pt-BR.json +80 -0
package/locale/ru-RU.json +80 -0
package/locale/tr-TR.json +85 -0
package/locale/zh-CN.json +80 -0
package/package.json +86 -0
package/server/index.js +5 -0
package/server/src/Api.js +88 -0
package/server/src/DNS.js +940 -0
package/server/src/Hub.js +535 -0
package/server/src/Mail.js +571 -0
package/server/src/SSL.js +180 -0
package/server/src/Server.js +27 -0
package/server/src/Service.js +248 -0
package/server/src/Subdomain.js +64 -0
package/server/src/Web/Firewall.js +170 -0
package/server/src/Web/Proxy.js +134 -0
package/server/src/Web.js +451 -0
package/server/src/mail/imap.js +1091 -0
package/server/src/mail/server.js +32 -0
package/server/src/mail/smtp.js +786 -0
package/test/cli/Cli.test.js +36 -0
package/test/core/Candy.test.js +234 -0
package/test/core/Commands.test.js +538 -0
package/test/core/Config.test.js +1435 -0
package/test/core/Lang.test.js +250 -0
package/test/core/Process.test.js +156 -0
package/test/framework/Route.test.js +239 -0
package/test/framework/View/EarlyHints.test.js +282 -0
package/test/scripts/check-coverage.js +132 -0
package/test/server/Api.test.js +647 -0
package/test/server/Client.test.js +338 -0
package/test/server/DNS.test.js +2050 -0
package/test/server/DNS.test.js.bak +2084 -0
package/test/server/Log.test.js +73 -0
package/test/server/Mail.account.test_.js +460 -0
package/test/server/Mail.init.test_.js +411 -0
package/test/server/Mail.test_.js +1340 -0
package/test/server/SSL.test_.js +1491 -0
package/test/server/Server.test.js +765 -0
package/test/server/Service.test_.js +1127 -0
package/test/server/Subdomain.test.js +440 -0
package/test/server/Web/Firewall.test.js +175 -0
package/test/server/Web.test_.js +1562 -0
package/test/server/__mocks__/acme-client.js +17 -0
package/test/server/__mocks__/bcrypt.js +50 -0
package/test/server/__mocks__/child_process.js +389 -0
package/test/server/__mocks__/crypto.js +432 -0
package/test/server/__mocks__/fs.js +450 -0
package/test/server/__mocks__/globalCandy.js +227 -0
package/test/server/__mocks__/http-proxy.js +105 -0
package/test/server/__mocks__/http.js +575 -0
package/test/server/__mocks__/https.js +272 -0
package/test/server/__mocks__/index.js +249 -0
package/test/server/__mocks__/mail/server.js +100 -0
package/test/server/__mocks__/mail/smtp.js +31 -0
package/test/server/__mocks__/mailparser.js +81 -0
package/test/server/__mocks__/net.js +369 -0
package/test/server/__mocks__/node-forge.js +328 -0
package/test/server/__mocks__/os.js +320 -0
package/test/server/__mocks__/path.js +291 -0
package/test/server/__mocks__/selfsigned.js +8 -0
package/test/server/__mocks__/server/src/mail/server.js +100 -0
package/test/server/__mocks__/server/src/mail/smtp.js +31 -0
package/test/server/__mocks__/smtp-server.js +106 -0
package/test/server/__mocks__/sqlite3.js +394 -0
package/test/server/__mocks__/testFactories.js +299 -0
package/test/server/__mocks__/testHelpers.js +363 -0
package/test/server/__mocks__/tls.js +229 -0
package/watchdog/index.js +3 -0
package/watchdog/src/Watchdog.js +156 -0
package/web/config.json +5 -0
package/web/controller/page/about.js +27 -0
package/web/controller/page/index.js +34 -0
package/web/package.json +18 -0
package/web/public/assets/css/style.css +1835 -0
package/web/public/assets/js/app.js +96 -0
package/web/route/www.js +19 -0
package/web/skeleton/main.html +22 -0
package/web/view/content/about.html +65 -0
package/web/view/content/home.html +205 -0
package/web/view/footer/main.html +11 -0
package/web/view/head/main.html +5 -0
package/web/view/header/main.html +14 -0

package/docs/backend/10-authentication/05-session-management.md ADDED Viewed

@@ -0,0 +1,159 @@
+## ⏰ Session Management
+CandyPack uses a secure cookie-based session system with automatic expiration and cleanup.
+### How Sessions Work
+When a user logs in, CandyPack creates a session token stored in secure cookies:
+```javascript
+// Login creates a session
+await Candy.Auth.login({email, password})
+// Session is automatically checked on each request
+if (await Candy.Auth.check()) {
+  const user = Candy.Auth.user(null)
+}
+```
+### Session Expiration
+Sessions use a **sliding window** approach (similar to NextAuth.js):
+- **maxAge**: Maximum session lifetime (default: 30 days)
+- **updateAge**: How often to refresh the session (default: 1 day)
+**How it works:**
+1. User logs in, session created
+2. User is active, session refreshed every 24 hours
+3. User inactive for 30 days, session expires
+4. Active users stay logged in indefinitely (up to 30 days of inactivity)
+### Configuration
+Configure session behavior in `config.json`:
+```json
+{
+  "auth": {
+    "table": "users",
+    "token": "user_tokens",
+    "maxAge": 2592000000,
+    "updateAge": 86400000
+  }
+}
+```
+**Options:**
+- `maxAge` (milliseconds): Maximum inactivity period before session expires
+  - Default: `2592000000` (30 days)
+  - Example: `604800000` (7 days)
+- `updateAge` (milliseconds): How often to update the session timestamp
+  - Default: `86400000` (1 day)
+  - Example: `3600000` (1 hour)
+### Common Configurations
+**Short sessions (banking apps):**
+```json
+{
+  "auth": {
+    "maxAge": 900000,
+    "updateAge": 300000
+  }
+}
+```
+- 15 minutes inactivity timeout
+- Refresh every 5 minutes
+**Long sessions (social apps):**
+```json
+{
+  "auth": {
+    "maxAge": 7776000000,
+    "updateAge": 86400000
+  }
+}
+```
+- 90 days inactivity timeout
+- Refresh every 1 day
+**Standard sessions (most apps):**
+```json
+{
+  "auth": {
+    "maxAge": 2592000000,
+    "updateAge": 86400000
+  }
+}
+```
+- 30 days inactivity timeout (default)
+- Refresh every 1 day (default)
+### Automatic Cleanup
+Expired sessions are automatically cleaned up:
+- **When**: During each login
+- **What**: Removes sessions older than `maxAge`
+- **Why**: Keeps database clean and performant
+No manual cleanup needed!
+### Session Security
+Sessions are protected with:
+- **httpOnly cookies**: JavaScript cannot access tokens
+- **secure flag**: Only sent over HTTPS
+- **sameSite: Strict**: CSRF protection
+- **bcrypt hashing**: Tokens are hashed in database
+- **browser fingerprinting**: Tied to user agent
+### Manual Session Management
+**Logout current session:**
+```javascript
+await Candy.Auth.logout()
+```
+**Check session status:**
+```javascript
+const isLoggedIn = await Candy.Auth.check()
+```
+**Get user info:**
+```javascript
+const user = Candy.Auth.user(null)  // Full user object
+const email = Candy.Auth.user('email')  // Specific field
+```
+### Best Practices
+1. **Choose appropriate timeouts** based on your app's security needs
+2. **Use shorter sessions** for sensitive operations (banking, admin panels)
+3. **Use longer sessions** for convenience apps (social media, content sites)
+4. **Don't set updateAge too low** - it causes unnecessary database writes
+5. **Monitor session table size** - cleanup runs automatically but check periodically
+### Troubleshooting
+**Users getting logged out too quickly:**
+- Increase `maxAge` value
+- Check if users are actually inactive
+**Too many database writes:**
+- Increase `updateAge` value
+- Default (1 day) is usually optimal
+**Session table growing too large:**
+- Check if cleanup is running (happens on login)
+- Manually clean old sessions if needed:
+```javascript
+const cutoffDate = new Date(Date.now() - 30 * 24 * 60 * 60 * 1000)
+await Candy.Mysql.table('user_tokens')
+  .where('active', '<', cutoffDate)
+  .delete()
+```