odac 0.9.0

package/framework/src/Validator.js

@@ -0,0 +1,271 @@
+class Validator {
+  #checklist = {}
+  #completed = false
+  #message = {}
+  #method = 'POST'
+  #name = ''
+  #request
+
+  constructor(Request) {
+    this.#request = Request
+  }
+
+  check(rules) {
+    if (!this.#checklist[this.#method]) this.#checklist[this.#method] = {}
+    if (!this.#checklist[this.#method][this.#name]) this.#checklist[this.#method][this.#name] = []
+    this.#checklist[this.#method][this.#name].push({rules: rules, message: null})
+    return this
+  }
+
+  async error() {
+    if (!this.#completed) await this.#validate()
+    return Object.keys(this.#message).length > 0
+  }
+
+  get(key) {
+    if (this.#completed) this.#completed = false
+    this.#method = 'GET'
+    this.#name = key
+    return this
+  }
+
+  message(value) {
+    const checks = this.#checklist[this.#method][this.#name]
+    if (checks && checks.length > 0) {
+      checks[checks.length - 1].message = value
+    }
+    return this
+  }
+
+  post(key) {
+    if (this.#completed) this.#completed = false
+    this.#method = 'POST'
+    this.#name = key
+    return this
+  }
+
+  async result(message, data) {
+    if (!this.#completed) await this.#validate()
+    let result = {}
+    result.result = {}
+    result.result.success = Object.keys(this.#message).length === 0
+    if (result.result.success) {
+      result.result.message = message ?? ''
+      result.data = data ?? null
+    } else {
+      result.errors = this.#message['_candy_form'] ? {_candy_form: this.#message['_candy_form']} : this.#message
+    }
+    return result
+  }
+
+  success(callback) {
+    if (typeof callback === 'string') return this.result(callback)
+    else return this.result(null, callback)
+  }
+
+  async #validate() {
+    for (const method of Object.keys(this.#checklist)) {
+      for (const key of Object.keys(this.#checklist[method])) {
+        const checks = this.#checklist[method][key]
+        let value
+
+        if (method === 'VAR') {
+          value = checks.customValue
+        } else if (method === 'FILES') {
+          value = this.#request.file ? await this.#request.file(key) : null
+        } else {
+          value = await this.#request.request(key, method)
+        }
+
+        for (const checkItem of checks) {
+          if (this.#message[key]) break
+
+          let error = false
+          let rules = checkItem.rules
+
+          if (typeof rules === 'boolean') {
+            error = rules === false
+          } else {
+            for (const rule of rules.includes('|') ? rules.split('|') : [rules]) {
+              let vars = rule.split(':')
+              let inverse = vars[0].startsWith('!')
+              if (!error) {
+                switch (inverse ? vars[0].substr(1) : vars[0]) {
+                  case 'required':
+                    error = value === undefined || value === '' || value === null
+                    break
+                  case 'accepted':
+                    error = !value || (value !== 1 && value !== '1' && value !== 'on' && value !== 'yes' && value !== true)
+                    break
+                  case 'numeric':
+                    error = value && value !== '' && !Candy.Var(value).is('numeric')
+                    break
+                  case 'alpha':
+                    error = value && value !== '' && !Candy.Var(value).is('alpha')
+                    break
+                  case 'alphaspace':
+                    error = value && value !== '' && !Candy.Var(value).is('alphaspace')
+                    break
+                  case 'alphanumeric':
+                    error = value && value !== '' && !Candy.Var(value).is('alphanumeric')
+                    break
+                  case 'alphanumericspace':
+                    error = value && value !== '' && !Candy.Var(value).is('alphanumericspace')
+                    break
+                  case 'email':
+                    error = value && value !== '' && !Candy.Var(value).is('email')
+                    break
+                  case 'ip':
+                    error = value && value !== '' && !Candy.Var(value).is('ip')
+                    break
+                  case 'float':
+                    error = value && value !== '' && !Candy.Var(value).is('float')
+                    break
+                  case 'mac':
+                    error = value && value !== '' && !Candy.Var(value).is('mac')
+                    break
+                  case 'domain':
+                    error = value && value !== '' && !Candy.Var(value).is('domain')
+                    break
+                  case 'url':
+                    error = value && value !== '' && !Candy.Var(value).is('url')
+                    break
+                  case 'username':
+                    error = value && value !== '' && !/^[a-zA-Z0-9]+$/.test(value)
+                    break
+                  case 'xss':
+                    error = value && value !== '' && /<[^>]*>/g.test(value)
+                    break
+                  case 'usercheck':
+                    error = !(await Candy.Auth.check())
+                    break
+                  case 'array':
+                    error = value && !Array.isArray(value)
+                    break
+                  case 'date':
+                    error = value && value !== '' && isNaN(Date.parse(value))
+                    break
+                  case 'min':
+                    error = value && value !== '' && vars[1] && value < vars[1]
+                    break
+                  case 'max':
+                    error = value && value !== '' && vars[1] && value > vars[1]
+                    break
+                  case 'len':
+                    error = value && value !== '' && vars[1] && String(value).length !== parseInt(vars[1])
+                    break
+                  case 'minlen':
+                    error = value && value !== '' && vars[1] && String(value).length < parseInt(vars[1])
+                    break
+                  case 'maxlen':
+                    error = value && value !== '' && vars[1] && String(value).length > parseInt(vars[1])
+                    break
+                  case 'mindate':
+                    error = value && value !== '' && vars[1] && new Date(value).getTime() < new Date(vars[1]).getTime()
+                    break
+                  case 'maxdate':
+                    error = value && value !== '' && vars[1] && new Date(value).getTime() > new Date(vars[1]).getTime()
+                    break
+                  case 'same': {
+                    const otherValue = await this.#request.request(vars[1], method)
+                    error = value !== otherValue
+                    break
+                  }
+                  case 'different': {
+                    const otherValue = await this.#request.request(vars[1], method)
+                    error = value === otherValue
+                    break
+                  }
+                  case 'equal':
+                    error = value && vars[1] && value !== vars[1]
+                    break
+                  case 'notin':
+                    error = value && value !== '' && vars[1] && String(value).includes(vars[1])
+                    break
+                  case 'in':
+                    error = value && value !== '' && vars[1] && !String(value).includes(vars[1])
+                    break
+                  case 'not':
+                    error = value && vars[1] && value === vars[1]
+                    break
+                  case 'regex':
+                    error = value && value !== '' && vars[1] && !new RegExp(vars[1]).test(value)
+                    break
+                  case 'user': {
+                    if (!(await Candy.Auth.check())) {
+                      error = true
+                    } else {
+                      const userData = Candy.Auth.user(vars[1])
+                      if (Candy.Var(userData).is('bcrypt')) {
+                        error = !Candy.Var(userData).hashCheck(value)
+                      } else {
+                        error = value !== userData
+                      }
+                    }
+                    break
+                  }
+                }
+                if (inverse) error = !error
+              }
+            }
+          }
+
+          if (error) {
+            this.#message[key] = checkItem.message
+            break
+          }
+        }
+      }
+    }
+    this.#completed = true
+  }
+
+  var(name, value = null) {
+    if (this.#completed) this.#completed = false
+    this.#method = 'VAR'
+    this.#name = name
+    if (!this.#checklist[this.#method]) this.#checklist[this.#method] = {}
+    if (!this.#checklist[this.#method][name]) {
+      this.#checklist[this.#method][name] = []
+      this.#checklist[this.#method][name].customValue = value === null ? name : value
+    }
+    return this
+  }
+
+  file(name) {
+    if (this.#completed) this.#completed = false
+    this.#method = 'FILES'
+    this.#name = name
+    return this
+  }
+
+  async brute(maxAttempts = 5) {
+    const ip = this.#request.ip()
+    const now = new Date().toISOString().slice(0, 13).replace(/[-:T]/g, '')
+    const page = this.#request.path()
+    const storage = Candy.storage('sys')
+    const validation = storage.get('validation') || {}
+
+    this.#name = '_candy_form'
+
+    if (Object.keys(this.#message).length > 0) {
+      if (!validation.brute) validation.brute = {}
+      if (!validation.brute[now]) validation.brute[now] = {}
+      if (!validation.brute[now][page]) validation.brute[now][page] = {}
+      if (!validation.brute[now][page][ip]) validation.brute[now][page][ip] = 0
+
+      validation.brute[now][page][ip]++
+
+      if (validation.brute[now][page][ip] >= maxAttempts) {
+        this.#message['_candy_form'] = Candy.Lang
+          ? Candy.Lang.get('Too many failed attempts. Please try again later.')
+          : 'Too many failed attempts. Please try again later.'
+      }
+    }
+
+    storage.set('validation', validation)
+    return this
+  }
+}
+
+module.exports = Validator

package/framework/src/Var.js

@@ -0,0 +1,211 @@
+const fs = require('fs')
+const nodeCrypto = require('crypto')
+const bcrypt = require('bcrypt')
+
+class Var {
+  #value = null
+  #any = false
+
+  constructor(value) {
+    this.#value = value
+  }
+
+  clear(...args) {
+    args = this.#parse(args)
+    let str = this.#value
+    for (const arg of args) str = str.replace(new RegExp(arg, 'g'), '')
+    return str
+  }
+
+  contains(...args) {
+    args = this.#parse(args)
+    let any = this.#any
+    this.#any = false
+    let result = !any
+    for (const key of args) {
+      if (any) result = result || this.#value.includes(key)
+      else result = result && this.#value.includes(key)
+    }
+    return result
+  }
+
+  containsAny(...args) {
+    args = this.#parse(args)
+    this.#any = true
+    return this.contains(args)
+  }
+
+  date(format) {
+    if (!format) format = 'Y-m-d H:i:s'
+    let date = new Date(this.#value)
+    let year = date.getFullYear()
+    let month = date.getMonth() + 1
+    let day = date.getDate()
+    let hour = date.getHours()
+    let minute = date.getMinutes()
+    let second = date.getSeconds()
+    return Candy.Var(format).replace({
+      Y: year,
+      m: month < 10 ? `0${month}` : month,
+      d: day < 10 ? `0${day}` : day,
+      H: hour < 10 ? `0${hour}` : hour,
+      i: minute < 10 ? `0${minute}` : minute,
+      s: second < 10 ? `0${second}` : second,
+      y: year.toString().substr(2, 2)
+    })
+  }
+
+  decrypt(key) {
+    if (!key) key = Candy.Config.encrypt.key
+    const iv = '2dea8a25e5e8f004'
+    try {
+      const encryptedText = Buffer.from(this.#value, 'base64')
+      const decipher = nodeCrypto.createDecipheriv('aes-256-cbc', key, iv)
+      let decrypted = decipher.update(encryptedText)
+      decrypted = Buffer.concat([decrypted, decipher.final()])
+      return decrypted.toString()
+    } catch (e) {
+      console.log(e)
+      return null
+    }
+  }
+
+  encrypt(key) {
+    if (!key) key = Candy.Config.encrypt.key
+    const iv = '2dea8a25e5e8f004'
+    const cipher = nodeCrypto.createCipheriv('aes-256-cbc', key, iv)
+    let encrypted = cipher.update(this.#value)
+    encrypted = Buffer.concat([encrypted, cipher.final()])
+    return encrypted.toString('base64')
+  }
+
+  hash(salt = 10) {
+    return bcrypt.hashSync(this.#value, bcrypt.genSaltSync(salt))
+  }
+
+  hashCheck(check) {
+    return bcrypt.compareSync(check, this.#value)
+  }
+
+  html() {
+    if (this.#value === null || this.#value === undefined) return ''
+    return String(this.#value).replace(/</g, '&lt;').replace(/>/g, '&gt;')
+  }
+
+  is(...args) {
+    args = this.#parse(args)
+    let any = this.#any
+    this.#any = false
+    let result = !any
+    //     if(\Candy::config('locale')->get() == 'tr') $this->str = \Candy::var($this->str)->clear('Ç','ç','Ğ','ğ','İ','ı','Ö','ö','Ş','ş','Ü','ü');
+    if (args.includes('alpha')) result = (result || any) && ((any && result) || /^[A-Za-z]+$/.test(this.#value))
+    if (args.includes('alphaspace')) result = (result || any) && ((any && result) || /^[A-Za-z\s]+$/.test(this.#value))
+    if (args.includes('alphanumeric')) result = (result || any) && ((any && result) || /^[A-Za-z0-9]+$/.test(this.#value))
+    if (args.includes('alphanumericspace')) result = (result || any) && ((any && result) || /^[A-Za-z0-9\s]+$/.test(this.#value))
+    if (args.includes('bcrypt')) result = (result || any) && ((any && result) || /^\$2[ayb]\$.{56}$/.test(this.#value))
+    if (args.includes('date')) result = (result || any) && ((any && result) || !isNaN(Date.parse(this.#value)))
+    if (args.includes('domain')) result = (result || any) && ((any && result) || /^([a-z0-9-]+\.){1,2}[a-z]{2,6}$/i.test(this.#value))
+    if (args.includes('email'))
+      result = (result || any) && ((any && result) || /^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,}$/i.test(this.#value))
+    if (args.includes('float')) result = (result || any) && ((any && result) || !isNaN(parseFloat(this.#value)))
+    if (args.includes('host')) result = (result || any) && ((any && result) || /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/.test(this.#value))
+    if (args.includes('ip')) result = (result || any) && ((any && result) || /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/.test(this.#value))
+    if (args.includes('json'))
+      result = (result || any) && ((any && result) || (JSON.parse(this.#value) && JSON.parse(this.#value).length >= 0))
+    if (args.includes('mac')) result = (result || any) && ((any && result) || /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/.test(this.#value))
+    if (args.includes('md5')) result = (result || any) && ((any && result) || /^[a-f0-9A-F]{32}$/.test(this.#value))
+    if (args.includes('numeric')) result = (result || any) && ((any && result) || !isNaN(this.#value))
+    if (args.includes('url')) result = (result || any) && ((any && result) || /^[a-z0-9]+:\/\/[a-z0-9]+\.[a-z]{2,6}/i.test(this.#value))
+    if (args.includes('emoji'))
+      result =
+        (result || any) &&
+        ((any && result) ||
+          /([0-9#][\u20E3])|[\u00ae\u00a9\u203C\u2047\u2048\u2049\u3030\u303D\u2139\u2122\u3297\u3299][\uFE00-\uFEFF]?|[\u2190-\u21FF][\uFE00-\uFEFF]?|[\u2300-\u23FF][\uFE00-\uFEFF]?|[\u2460-\u24FF][\uFE00-\uFEFF]?|[\u25A0-\u25FF][\uFE00-\uFEFF]?|[\u2600-\u27BF][\uFE00-\uFEFF]?|[\u2900-\u297F][\uFE00-\uFEFF]?|[\u2B00-\u2BF0][\uFE00-\uFEFF]?|[\u1F000-\u1F6FF][\uFE00-\uFEFF]?/u.test(
+            this.#value
+          ))
+    if (args.includes('xss')) result = (result || any) && ((any && result) || this.#value == this.#value.replace(/<[^>]*>/g, ''))
+    return result
+  }
+
+  isAny(...args) {
+    args = this.#parse(args)
+    this.#any = true
+    return this.is(args)
+  }
+
+  isBegin(...args) {
+    args = this.#parse(args)
+    for (const arg of args) if (this.#value.startsWith(arg)) return true
+    return false
+  }
+
+  isEnd(...args) {
+    args = this.#parse(args)
+    for (const arg of args) if (this.#value.endsWith(arg)) return true
+    return false
+  }
+
+  md5() {
+    return nodeCrypto.createHash('md5').update(this.#value).digest('hex')
+  }
+
+  #parse(value) {
+    if (!['array', 'object'].includes(typeof value)) return [value]
+    if (value.length == 1 && Array.isArray(value[0])) return value[0]
+    return value
+  }
+
+  replace(...args) {
+    args = this.#parse(args)
+    if (args.length == 1) args = args[0]
+    if (['array', 'object'].includes(typeof this.#value)) {
+      let new_value = {}
+      for (const key of Object.keys(this.#value)) new_value[key] = Candy.Var(this.#value[key]).replace(args)
+      return new_value
+    }
+    for (const arg of Object.keys(args)) this.#value = this.#value.replace(arg, args[arg])
+    return this.#value
+  }
+
+  save(path) {
+    if (this.#value.includes('/')) {
+      let exp = path.split('/')
+      exp.pop()
+      let dir = ''
+      for (const key of exp) {
+        dir += (dir === '' ? '' : '/') + key
+        if (!fs.existsSync(dir) || !fs.lstatSync(dir).isDirectory()) fs.mkdirSync(dir)
+      }
+    }
+    return fs.writeFileSync(path, this.#value)
+  }
+
+  slug(separator = '-') {
+    let str = this.#value
+    str = str.replace(/[^a-zA-Z0-9\s]/g, separator)
+    str = str.replace(/[\s]/g, separator)
+    str = str.replace(/[-]+/g, separator)
+    str = str.toLowerCase()
+    return str
+  }
+
+  format(format) {
+    let str = this.#value
+    let result = ''
+    let letter = 0
+    for (let i = 0; i < format.length; i++) {
+      if (format[i] == '?') {
+        result += str[letter]
+        letter++
+      } else if (format[i] == '*') {
+        result += str.substr(letter)
+        letter += str.substr(letter).length
+      } else {
+        result += format[i]
+      }
+    }
+    return result
+  }
+}
+
+module.exports = Var

package/framework/src/View/EarlyHints.js

@@ -0,0 +1,190 @@
+const fs = require('fs')
+const path = require('path')
+
+class EarlyHints {
+  #manifest = {}
+  #cache = new Map()
+  #config = null
+  #initialized = false
+
+  constructor(config) {
+    this.#config = config || {
+      enabled: true,
+      auto: true,
+      maxResources: 5
+    }
+  }
+
+  init() {
+    if (this.#initialized) return
+    this.#initialized = true
+
+    if (!this.#config.enabled) return
+
+    this.#buildManifest()
+  }
+
+  #buildManifest() {
+    const viewDir = path.join(process.cwd(), 'view')
+    const skeletonDir = path.join(process.cwd(), 'skeleton')
+
+    try {
+      if (fs.existsSync(viewDir)) {
+        const files = this.#getAllViewFiles(viewDir)
+        for (const file of files) {
+          const html = fs.readFileSync(file, 'utf8')
+          const resources = this.#extractResources(html)
+
+          const relativePath = path.relative(viewDir, file)
+          const viewName = 'view/' + relativePath.replace(/\.html$/, '').replace(/\\/g, '/')
+
+          if (resources.length > 0) {
+            this.#manifest[viewName] = resources
+          }
+        }
+      }
+
+      if (fs.existsSync(skeletonDir)) {
+        const files = this.#getAllViewFiles(skeletonDir)
+        for (const file of files) {
+          const html = fs.readFileSync(file, 'utf8')
+          const resources = this.#extractResources(html)
+
+          const relativePath = path.relative(skeletonDir, file)
+          const viewName = 'skeleton/' + relativePath.replace(/\.html$/, '').replace(/\\/g, '/')
+
+          if (resources.length > 0) {
+            this.#manifest[viewName] = resources
+          }
+        }
+      }
+    } catch {
+      // Silently fail, manifest building is optional
+    }
+  }
+
+  #getAllViewFiles(dir, files = []) {
+    const entries = fs.readdirSync(dir, {withFileTypes: true})
+
+    for (const entry of entries) {
+      const fullPath = path.join(dir, entry.name)
+      if (entry.isDirectory()) {
+        this.#getAllViewFiles(fullPath, files)
+      } else if (entry.isFile() && entry.name.endsWith('.html')) {
+        files.push(fullPath)
+      }
+    }
+
+    return files
+  }
+
+  #extractResources(html) {
+    const resources = []
+
+    const headMatch = html.match(/<head[^>]*>([\s\S]*?)<\/head>/i)
+    if (!headMatch) return resources
+
+    const head = headMatch[1]
+
+    const cssMatches = head.matchAll(/<link[^>]+href=["']([^"']+\.css)["'][^>]*>/gi)
+    for (const match of cssMatches) {
+      const fullTag = match[0].toLowerCase()
+      if (fullTag.includes('defer')) continue
+      if (fullTag.includes('rel="stylesheet"') || fullTag.includes("rel='stylesheet'")) {
+        resources.push({href: match[1], as: 'style'})
+      }
+    }
+
+    const jsMatches = head.matchAll(/<script[^>]+src=["']([^"']+\.js)["'][^>]*>/gi)
+    for (const match of jsMatches) {
+      const fullTag = match[0]
+      if (!fullTag.includes('defer') && !fullTag.includes('async')) {
+        resources.push({href: match[1], as: 'script'})
+      }
+    }
+
+    const fontMatches = head.matchAll(/<link[^>]+href=["']([^"']+\.(woff2?|ttf|otf|eot))["'][^>]*>/gi)
+    for (const match of fontMatches) {
+      const fullTag = match[0]
+      if (fullTag.includes('defer')) continue
+      resources.push({
+        href: match[1],
+        as: 'font',
+        crossorigin: 'anonymous'
+      })
+    }
+
+    return resources.slice(0, this.#config.maxResources)
+  }
+
+  getHints(viewPath, routePath) {
+    if (!this.#config.enabled || !this.#config.auto) return null
+
+    let hints = this.#manifest[viewPath]
+
+    if (!hints && routePath) {
+      hints = this.#cache.get(routePath)
+    }
+
+    return hints || null
+  }
+
+  getHintsForViewFiles(viewPaths) {
+    if (!this.#config.enabled || !this.#config.auto) return null
+
+    for (const viewPath of viewPaths) {
+      const hints = this.#manifest[viewPath]
+      if (hints && hints.length > 0) {
+        return hints
+      }
+    }
+
+    return null
+  }
+
+  cacheHints(routePath, resources) {
+    if (!this.#config.enabled || !this.#config.auto) return
+
+    if (resources && resources.length > 0) {
+      this.#cache.set(routePath, resources)
+    }
+  }
+
+  extractFromHtml(html) {
+    if (!this.#config.enabled || !this.#config.auto) return []
+
+    return this.#extractResources(html)
+  }
+
+  formatLinkHeader(resource) {
+    let header = `<${resource.href}>; rel=preload; as=${resource.as}`
+    if (resource.crossorigin) {
+      header += `; crossorigin`
+    }
+    if (resource.type) {
+      header += `; type=${resource.type}`
+    }
+    return header
+  }
+
+  send(res, resources) {
+    if (!this.#config.enabled || !resources || resources.length === 0) return false
+    if (res.headersSent || res.writableEnded) return false
+
+    try {
+      const links = resources.map(r => this.formatLinkHeader(r))
+
+      if (typeof res.writeEarlyHints === 'function') {
+        res.writeEarlyHints({link: links})
+      }
+
+      res.setHeader('X-Candy-Early-Hints', JSON.stringify(links))
+
+      return true
+    } catch {
+      return false
+    }
+  }
+}
+
+module.exports = EarlyHints