npm - odac - Versions diffs - 0.9.0 - Mend

odac 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (213) hide show

package/.editorconfig +21 -0
package/.github/workflows/auto-pr-description.yml +49 -0
package/.github/workflows/release.yml +32 -0
package/.github/workflows/test-coverage.yml +58 -0
package/.husky/pre-commit +2 -0
package/.kiro/steering/code-style.md +56 -0
package/.kiro/steering/product.md +20 -0
package/.kiro/steering/structure.md +77 -0
package/.kiro/steering/tech.md +87 -0
package/.prettierrc +10 -0
package/.releaserc.js +134 -0
package/AGENTS.md +84 -0
package/CHANGELOG.md +181 -0
package/CODE_OF_CONDUCT.md +83 -0
package/CONTRIBUTING.md +63 -0
package/LICENSE +661 -0
package/README.md +57 -0
package/SECURITY.md +26 -0
package/bin/candy +10 -0
package/bin/candypack +10 -0
package/cli/index.js +3 -0
package/cli/src/Cli.js +348 -0
package/cli/src/Connector.js +93 -0
package/cli/src/Monitor.js +416 -0
package/core/Candy.js +87 -0
package/core/Commands.js +239 -0
package/core/Config.js +1094 -0
package/core/Lang.js +52 -0
package/core/Log.js +43 -0
package/core/Process.js +26 -0
package/docs/backend/01-overview/01-whats-in-the-candy-box.md +9 -0
package/docs/backend/01-overview/02-super-handy-helper-functions.md +9 -0
package/docs/backend/01-overview/03-development-server.md +79 -0
package/docs/backend/02-structure/01-typical-project-layout.md +39 -0
package/docs/backend/03-config/00-configuration-overview.md +214 -0
package/docs/backend/03-config/01-database-connection.md +60 -0
package/docs/backend/03-config/02-static-route-mapping-optional.md +20 -0
package/docs/backend/03-config/03-request-timeout.md +11 -0
package/docs/backend/03-config/04-environment-variables.md +227 -0
package/docs/backend/03-config/05-early-hints.md +352 -0
package/docs/backend/04-routing/01-basic-page-routes.md +28 -0
package/docs/backend/04-routing/02-controller-less-view-routes.md +43 -0
package/docs/backend/04-routing/03-api-and-data-routes.md +20 -0
package/docs/backend/04-routing/04-authentication-aware-routes.md +48 -0
package/docs/backend/04-routing/05-advanced-routing.md +14 -0
package/docs/backend/04-routing/06-error-pages.md +101 -0
package/docs/backend/04-routing/07-cron-jobs.md +149 -0
package/docs/backend/05-controllers/01-how-to-build-a-controller.md +17 -0
package/docs/backend/05-controllers/02-your-trusty-candy-assistant.md +20 -0
package/docs/backend/05-controllers/03-controller-classes.md +93 -0
package/docs/backend/05-forms/01-custom-forms.md +395 -0
package/docs/backend/05-forms/02-automatic-database-insert.md +297 -0
package/docs/backend/06-request-and-response/01-the-request-object-what-is-the-user-asking-for.md +96 -0
package/docs/backend/06-request-and-response/02-sending-a-response-replying-to-the-user.md +40 -0
package/docs/backend/07-views/01-the-view-directory.md +73 -0
package/docs/backend/07-views/02-rendering-a-view.md +179 -0
package/docs/backend/07-views/03-template-syntax.md +181 -0
package/docs/backend/07-views/03-variables.md +328 -0
package/docs/backend/07-views/04-request-data.md +231 -0
package/docs/backend/07-views/05-conditionals.md +290 -0
package/docs/backend/07-views/06-loops.md +353 -0
package/docs/backend/07-views/07-translations.md +358 -0
package/docs/backend/07-views/08-backend-javascript.md +398 -0
package/docs/backend/07-views/09-comments.md +297 -0
package/docs/backend/08-database/01-database-connection.md +99 -0
package/docs/backend/08-database/02-using-mysql.md +322 -0
package/docs/backend/09-validation/01-the-validator-service.md +424 -0
package/docs/backend/10-authentication/01-user-logins-with-authjs.md +53 -0
package/docs/backend/10-authentication/02-foiling-villains-with-csrf-protection.md +55 -0
package/docs/backend/10-authentication/03-register.md +134 -0
package/docs/backend/10-authentication/04-candy-register-forms.md +676 -0
package/docs/backend/10-authentication/05-session-management.md +159 -0
package/docs/backend/10-authentication/06-candy-login-forms.md +596 -0
package/docs/backend/11-mail/01-the-mail-service.md +42 -0
package/docs/backend/12-streaming/01-streaming-overview.md +300 -0
package/docs/backend/13-utilities/01-candy-var.md +504 -0
package/docs/frontend/01-overview/01-introduction.md +146 -0
package/docs/frontend/02-ajax-navigation/01-quick-start.md +608 -0
package/docs/frontend/02-ajax-navigation/02-configuration.md +370 -0
package/docs/frontend/02-ajax-navigation/03-advanced-usage.md +519 -0
package/docs/frontend/03-forms/01-form-handling.md +420 -0
package/docs/frontend/04-api-requests/01-get-post.md +443 -0
package/docs/frontend/05-streaming/01-client-streaming.md +163 -0
package/docs/index.json +452 -0
package/docs/server/01-installation/01-quick-install.md +19 -0
package/docs/server/01-installation/02-manual-installation-via-npm.md +9 -0
package/docs/server/02-get-started/01-core-concepts.md +7 -0
package/docs/server/02-get-started/02-basic-commands.md +57 -0
package/docs/server/02-get-started/03-cli-reference.md +276 -0
package/docs/server/02-get-started/04-cli-quick-reference.md +102 -0
package/docs/server/03-service/01-start-a-new-service.md +57 -0
package/docs/server/03-service/02-delete-a-service.md +48 -0
package/docs/server/04-web/01-create-a-website.md +36 -0
package/docs/server/04-web/02-list-websites.md +9 -0
package/docs/server/04-web/03-delete-a-website.md +29 -0
package/docs/server/05-subdomain/01-create-a-subdomain.md +32 -0
package/docs/server/05-subdomain/02-list-subdomains.md +33 -0
package/docs/server/05-subdomain/03-delete-a-subdomain.md +41 -0
package/docs/server/06-ssl/01-renew-an-ssl-certificate.md +34 -0
package/docs/server/07-mail/01-create-a-mail-account.md +23 -0
package/docs/server/07-mail/02-delete-a-mail-account.md +20 -0
package/docs/server/07-mail/03-list-mail-accounts.md +20 -0
package/docs/server/07-mail/04-change-account-password.md +23 -0
package/eslint.config.mjs +120 -0
package/framework/index.js +4 -0
package/framework/src/Auth.js +309 -0
package/framework/src/Candy.js +81 -0
package/framework/src/Config.js +79 -0
package/framework/src/Env.js +60 -0
package/framework/src/Lang.js +57 -0
package/framework/src/Mail.js +83 -0
package/framework/src/Mysql.js +575 -0
package/framework/src/Request.js +301 -0
package/framework/src/Route/Cron.js +128 -0
package/framework/src/Route/Internal.js +439 -0
package/framework/src/Route.js +455 -0
package/framework/src/Server.js +15 -0
package/framework/src/Stream.js +163 -0
package/framework/src/Token.js +37 -0
package/framework/src/Validator.js +271 -0
package/framework/src/Var.js +211 -0
package/framework/src/View/EarlyHints.js +190 -0
package/framework/src/View/Form.js +600 -0
package/framework/src/View.js +513 -0
package/framework/web/candy.js +838 -0
package/jest.config.js +22 -0
package/locale/de-DE.json +80 -0
package/locale/en-US.json +79 -0
package/locale/es-ES.json +80 -0
package/locale/fr-FR.json +80 -0
package/locale/pt-BR.json +80 -0
package/locale/ru-RU.json +80 -0
package/locale/tr-TR.json +85 -0
package/locale/zh-CN.json +80 -0
package/package.json +86 -0
package/server/index.js +5 -0
package/server/src/Api.js +88 -0
package/server/src/DNS.js +940 -0
package/server/src/Hub.js +535 -0
package/server/src/Mail.js +571 -0
package/server/src/SSL.js +180 -0
package/server/src/Server.js +27 -0
package/server/src/Service.js +248 -0
package/server/src/Subdomain.js +64 -0
package/server/src/Web/Firewall.js +170 -0
package/server/src/Web/Proxy.js +134 -0
package/server/src/Web.js +451 -0
package/server/src/mail/imap.js +1091 -0
package/server/src/mail/server.js +32 -0
package/server/src/mail/smtp.js +786 -0
package/test/cli/Cli.test.js +36 -0
package/test/core/Candy.test.js +234 -0
package/test/core/Commands.test.js +538 -0
package/test/core/Config.test.js +1435 -0
package/test/core/Lang.test.js +250 -0
package/test/core/Process.test.js +156 -0
package/test/framework/Route.test.js +239 -0
package/test/framework/View/EarlyHints.test.js +282 -0
package/test/scripts/check-coverage.js +132 -0
package/test/server/Api.test.js +647 -0
package/test/server/Client.test.js +338 -0
package/test/server/DNS.test.js +2050 -0
package/test/server/DNS.test.js.bak +2084 -0
package/test/server/Log.test.js +73 -0
package/test/server/Mail.account.test_.js +460 -0
package/test/server/Mail.init.test_.js +411 -0
package/test/server/Mail.test_.js +1340 -0
package/test/server/SSL.test_.js +1491 -0
package/test/server/Server.test.js +765 -0
package/test/server/Service.test_.js +1127 -0
package/test/server/Subdomain.test.js +440 -0
package/test/server/Web/Firewall.test.js +175 -0
package/test/server/Web.test_.js +1562 -0
package/test/server/__mocks__/acme-client.js +17 -0
package/test/server/__mocks__/bcrypt.js +50 -0
package/test/server/__mocks__/child_process.js +389 -0
package/test/server/__mocks__/crypto.js +432 -0
package/test/server/__mocks__/fs.js +450 -0
package/test/server/__mocks__/globalCandy.js +227 -0
package/test/server/__mocks__/http-proxy.js +105 -0
package/test/server/__mocks__/http.js +575 -0
package/test/server/__mocks__/https.js +272 -0
package/test/server/__mocks__/index.js +249 -0
package/test/server/__mocks__/mail/server.js +100 -0
package/test/server/__mocks__/mail/smtp.js +31 -0
package/test/server/__mocks__/mailparser.js +81 -0
package/test/server/__mocks__/net.js +369 -0
package/test/server/__mocks__/node-forge.js +328 -0
package/test/server/__mocks__/os.js +320 -0
package/test/server/__mocks__/path.js +291 -0
package/test/server/__mocks__/selfsigned.js +8 -0
package/test/server/__mocks__/server/src/mail/server.js +100 -0
package/test/server/__mocks__/server/src/mail/smtp.js +31 -0
package/test/server/__mocks__/smtp-server.js +106 -0
package/test/server/__mocks__/sqlite3.js +394 -0
package/test/server/__mocks__/testFactories.js +299 -0
package/test/server/__mocks__/testHelpers.js +363 -0
package/test/server/__mocks__/tls.js +229 -0
package/watchdog/index.js +3 -0
package/watchdog/src/Watchdog.js +156 -0
package/web/config.json +5 -0
package/web/controller/page/about.js +27 -0
package/web/controller/page/index.js +34 -0
package/web/package.json +18 -0
package/web/public/assets/css/style.css +1835 -0
package/web/public/assets/js/app.js +96 -0
package/web/route/www.js +19 -0
package/web/skeleton/main.html +22 -0
package/web/view/content/about.html +65 -0
package/web/view/content/home.html +205 -0
package/web/view/footer/main.html +11 -0
package/web/view/head/main.html +5 -0
package/web/view/header/main.html +14 -0

package/server/src/DNS.js ADDED Viewed

@@ -0,0 +1,940 @@
+const {log, error} = Candy.core('Log', false).init('DNS')
+const axios = require('axios')
+const dns = require('native-dns')
+const {execSync} = require('child_process')
+const fs = require('fs')
+const os = require('os')
+class DNS {
+  ip = '127.0.0.1'
+  #loaded = false
+  #tcp
+  #types = ['A', 'AAAA', 'CNAME', 'MX', 'TXT', 'NS', 'SOA', 'CAA']
+  #udp
+  #requestCount = new Map() // Rate limiting
+  #rateLimit = 100 // requests per minute per IP
+  #rateLimitWindow = 60000 // 1 minute
+  delete(...args) {
+    for (let obj of args) {
+      let domain = obj.name
+      while (!Candy.core('Config').config.websites[domain] && domain.includes('.')) domain = domain.split('.').slice(1).join('.')
+      if (!Candy.core('Config').config.websites[domain]) continue
+      if (!obj.type) continue
+      let type = obj.type.toUpperCase()
+      if (!this.#types.includes(type)) continue
+      if (!Candy.core('Config').config.websites[domain].DNS || !Candy.core('Config').config.websites[domain].DNS[type]) continue
+      Candy.core('Config').config.websites[domain].DNS[type] = Candy.core('Config').config.websites[domain].DNS[type].filter(
+        record => !(record.name === obj.name && (!obj.value || record.value === obj.value))
+      )
+    }
+  }
+  init() {
+    this.#udp = dns.createServer()
+    this.#tcp = dns.createTCPServer()
+    this.#getExternalIP()
+    this.#publish()
+  }
+  async #getExternalIP() {
+    // Multiple IP detection services as fallbacks
+    const ipServices = [
+      'https://curlmyip.org/',
+      'https://ipv4.icanhazip.com/',
+      'https://api.ipify.org/',
+      'https://checkip.amazonaws.com/',
+      'https://ipinfo.io/ip'
+    ]
+    for (const service of ipServices) {
+      try {
+        log(`Attempting to get external IP from ${service}`)
+        const response = await axios.get(service, {
+          timeout: 5000,
+          headers: {
+            'User-Agent': 'CandyPack-DNS/1.0'
+          }
+        })
+        const ip = response.data.trim()
+        if (ip && /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.test(ip)) {
+          log('External IP detected:', ip)
+          this.ip = ip
+          return
+        } else {
+          log(`Invalid IP format from ${service}:`, ip)
+        }
+      } catch (err) {
+        log(`Failed to get IP from ${service}:`, err.message)
+        continue
+      }
+    }
+    // If all services fail, try to get local network IP
+    try {
+      const networkInterfaces = require('os').networkInterfaces()
+      for (const interfaceName in networkInterfaces) {
+        const interfaces = networkInterfaces[interfaceName]
+        for (const iface of interfaces) {
+          // Skip loopback and non-IPv4 addresses
+          if (!iface.internal && iface.family === 'IPv4') {
+            log('Using local network IP as fallback:', iface.address)
+            this.ip = iface.address
+            return
+          }
+        }
+      }
+    } catch (err) {
+      log('Failed to get local network IP:', err.message)
+    }
+    log('Could not determine external IP, using default 127.0.0.1')
+    error('DNS', 'All IP detection methods failed, DNS A records will use 127.0.0.1')
+  }
+  #publish() {
+    if (this.#loaded || !Object.keys(Candy.core('Config').config.websites ?? {}).length) return
+    this.#loaded = true
+    // Set up request handlers
+    this.#udp.on('request', (request, response) => {
+      try {
+        this.#request(request, response)
+      } catch (err) {
+        error('DNS UDP request handler error:', err.message)
+      }
+    })
+    this.#tcp.on('request', (request, response) => {
+      try {
+        this.#request(request, response)
+      } catch (err) {
+        error('DNS TCP request handler error:', err.message)
+      }
+    })
+    // Log system information before starting
+    this.#logSystemInfo()
+    this.#startDNSServers()
+  }
+  #logSystemInfo() {
+    try {
+      log('DNS Server initialization - System information:')
+      log('Platform:', os.platform())
+      log('Architecture:', os.arch())
+      // Check what's using port 53
+      try {
+        const port53Info = execSync(
+          'lsof -i :53 2>/dev/null || netstat -tulpn 2>/dev/null | grep :53 || ss -tulpn 2>/dev/null | grep :53 || echo "Port 53 appears to be free"',
+          {
+            encoding: 'utf8',
+            timeout: 5000
+          }
+        )
+        log('Port 53 status:', port53Info.trim() || 'No processes found on port 53')
+      } catch (err) {
+        log('Could not check port 53 status:', err.message)
+      }
+      // Check systemd-resolved status on Linux
+      if (os.platform() === 'linux') {
+        try {
+          const resolvedStatus = execSync('systemctl is-active systemd-resolved 2>/dev/null || echo "not-active"', {
+            encoding: 'utf8',
+            timeout: 3000
+          }).trim()
+          log('systemd-resolved status:', resolvedStatus)
+          if (resolvedStatus === 'active') {
+            try {
+              const resolvedConfig = execSync(
+                'systemd-resolve --status 2>/dev/null | head -20 || resolvectl status 2>/dev/null | head -20 || echo "Could not get resolver status"',
+                {
+                  encoding: 'utf8',
+                  timeout: 3000
+                }
+              )
+              log('Current DNS resolver configuration:', resolvedConfig.trim())
+            } catch {
+              log('Could not get DNS resolver configuration')
+            }
+          }
+        } catch (err) {
+          log('Could not check systemd-resolved status:', err.message)
+        }
+      }
+    } catch (err) {
+      log('Error logging system info:', err.message)
+    }
+  }
+  async #startDNSServers() {
+    // First, proactively check if port 53 is available
+    const portAvailable = await this.#checkPortAvailability(53)
+    if (!portAvailable) {
+      log('Port 53 is already in use, attempting to resolve conflict...')
+      const resolved = await this.#handleSystemdResolveConflict()
+      if (resolved) {
+        // Wait a bit and retry
+        setTimeout(() => this.#attemptDNSStart(53), 3000)
+      } else {
+        log('Could not resolve port 53 conflict, using alternative port...')
+        this.#useAlternativePort()
+      }
+      return
+    }
+    // Port seems available, try to start
+    this.#attemptDNSStart(53)
+  }
+  #attemptDNSStart(port) {
+    try {
+      // Set up error handlers before starting
+      this.#udp.on('error', async err => {
+        error('DNS UDP Server Error:', err.message)
+        if (err.code === 'EADDRINUSE' || err.code === 'EACCES') {
+          log(`Port ${port} conflict detected via error event, attempting resolution...`)
+          if (port === 53) {
+            const resolved = await this.#handleSystemdResolveConflict()
+            if (!resolved) {
+              this.#useAlternativePort()
+            }
+          }
+        }
+      })
+      this.#tcp.on('error', async err => {
+        error('DNS TCP Server Error:', err.message)
+        if (err.code === 'EADDRINUSE' || err.code === 'EACCES') {
+          log(`Port ${port} conflict detected via error event, attempting resolution...`)
+          if (port === 53) {
+            const resolved = await this.#handleSystemdResolveConflict()
+            if (!resolved) {
+              this.#useAlternativePort()
+            }
+          }
+        }
+      })
+      // Try to start servers
+      this.#udp.serve(port)
+      this.#tcp.serve(port)
+      log(`DNS servers started on port ${port}`)
+      // Update system DNS configuration for internet access
+      if (port === 53) {
+        this.#setupSystemDNSForInternet()
+      }
+    } catch (err) {
+      error('Failed to start DNS servers:', err.message)
+      if (err.code === 'EADDRINUSE' || err.code === 'EACCES') {
+        log(`Port ${port} is in use (caught exception), attempting resolution...`)
+        if (port === 53) {
+          this.#handleSystemdResolveConflict().then(resolved => {
+            if (resolved) {
+              setTimeout(() => this.#attemptDNSStart(53), 3000)
+            } else {
+              this.#useAlternativePort()
+            }
+          })
+        } else {
+          this.#useAlternativePort()
+        }
+      }
+    }
+  }
+  async #checkPortAvailability(port) {
+    try {
+      // Check if anything is listening on the port
+      const portCheck = execSync(
+        `lsof -i :${port} 2>/dev/null || netstat -tulpn 2>/dev/null | grep :${port} || ss -tulpn 2>/dev/null | grep :${port} || true`,
+        {
+          encoding: 'utf8',
+          timeout: 5000
+        }
+      )
+      if (portCheck.trim()) {
+        log(`Port ${port} is in use by:`, portCheck.trim())
+        return false
+      }
+      return true
+    } catch (err) {
+      log('Error checking port availability:', err.message)
+      return false
+    }
+  }
+  async #handleSystemdResolveConflict() {
+    try {
+      // Check if we're on Linux
+      if (os.platform() !== 'linux') {
+        log('Not on Linux, skipping systemd-resolve conflict resolution')
+        return false
+      }
+      // More comprehensive check for what's using port 53
+      let portInfo = ''
+      try {
+        portInfo = execSync(
+          'lsof -i :53 2>/dev/null || netstat -tulpn 2>/dev/null | grep :53 || ss -tulpn 2>/dev/null | grep :53 || true',
+          {
+            encoding: 'utf8',
+            timeout: 5000
+          }
+        )
+      } catch (err) {
+        log('Could not check port 53 usage:', err.message)
+        return false
+      }
+      if (!portInfo || (!portInfo.includes('systemd-resolve') && !portInfo.includes('resolved'))) {
+        log('systemd-resolve not detected on port 53, conflict may be with another service')
+        return false
+      }
+      log('Detected systemd-resolve using port 53, attempting resolution...')
+      // Try the direct approach first - disable DNS stub listener
+      const stubDisabled = await this.#disableSystemdResolveStub()
+      if (stubDisabled) {
+        return true
+      }
+      // If that fails, try alternative approach
+      return this.#tryAlternativeApproach()
+    } catch (err) {
+      error('Error handling systemd-resolve conflict:', err.message)
+      return false
+    }
+  }
+  async #disableSystemdResolveStub() {
+    try {
+      log('Attempting to disable systemd-resolved DNS stub listener...')
+      // Check if systemd-resolved is active
+      const isActive = execSync('systemctl is-active systemd-resolved 2>/dev/null || echo inactive', {
+        encoding: 'utf8',
+        timeout: 5000
+      }).trim()
+      if (isActive !== 'active') {
+        log('systemd-resolved is not active')
+        return false
+      }
+      // Create or update resolved.conf to disable DNS stub
+      const resolvedConfDir = '/etc/systemd/resolved.conf.d'
+      const resolvedConfFile = `${resolvedConfDir}/candypack-dns.conf`
+      try {
+        // Ensure directory exists
+        if (!fs.existsSync(resolvedConfDir)) {
+          execSync(`sudo mkdir -p ${resolvedConfDir}`, {timeout: 10000})
+        }
+        // Create configuration to disable DNS stub listener and use public DNS
+        const resolvedConfig = `[Resolve]
+DNSStubListener=no
+DNS=1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4
+FallbackDNS=1.1.1.1 1.0.0.1
+`
+        execSync(`echo '${resolvedConfig}' | sudo tee ${resolvedConfFile}`, {timeout: 10000})
+        log('Created systemd-resolved configuration to disable DNS stub listener')
+        // Restart systemd-resolved
+        execSync('sudo systemctl restart systemd-resolved', {timeout: 15000})
+        log('Restarted systemd-resolved service')
+        // Wait for service to restart and port to be freed
+        return new Promise(resolve => {
+          setTimeout(() => {
+            try {
+              // Check if port 53 is now free
+              const portCheck = execSync('lsof -i :53 2>/dev/null || true', {
+                encoding: 'utf8',
+                timeout: 3000
+              })
+              if (!portCheck.includes('systemd-resolve') && !portCheck.includes('resolved')) {
+                log('Port 53 is now available')
+                resolve(true)
+              } else {
+                log('Port 53 still in use, trying alternative approach')
+                resolve(this.#tryAlternativeApproach())
+              }
+            } catch (err) {
+              log('Error checking port availability:', err.message)
+              resolve(this.#tryAlternativeApproach())
+            }
+          }, 3000)
+        })
+      } catch (sudoErr) {
+        log('Could not configure systemd-resolved (no sudo access):', sudoErr.message)
+        return false
+      }
+    } catch (err) {
+      log('Error disabling systemd-resolved stub:', err.message)
+      return false
+    }
+  }
+  #tryAlternativeApproach() {
+    try {
+      log('Trying alternative approach: temporarily stopping systemd-resolved...')
+      // Check if we can stop systemd-resolved
+      try {
+        execSync('sudo systemctl stop systemd-resolved', {timeout: 10000})
+        log('Temporarily stopped systemd-resolved')
+        // Set up cleanup handlers to restart systemd-resolved when process exits
+        this.#setupCleanupHandlers()
+        return true
+      } catch (stopErr) {
+        log('Could not stop systemd-resolved:', stopErr.message)
+        // Last resort: try to use a different port for our DNS server
+        return this.#useAlternativePort()
+      }
+    } catch (err) {
+      log('Alternative approach failed:', err.message)
+      return false
+    }
+  }
+  #setupCleanupHandlers() {
+    const restartSystemdResolved = () => {
+      try {
+        execSync('sudo systemctl start systemd-resolved', {timeout: 10000})
+        log('Restarted systemd-resolved on cleanup')
+      } catch (err) {
+        error('Failed to restart systemd-resolved on cleanup:', err.message)
+      }
+    }
+    // Handle various exit scenarios
+    process.on('exit', restartSystemdResolved)
+    process.on('SIGINT', () => {
+      restartSystemdResolved()
+      process.exit(0)
+    })
+    process.on('SIGTERM', () => {
+      restartSystemdResolved()
+      process.exit(0)
+    })
+    process.on('uncaughtException', err => {
+      error('Uncaught exception:', err.message)
+      restartSystemdResolved()
+      process.exit(1)
+    })
+    process.on('unhandledRejection', (reason, promise) => {
+      error('Unhandled rejection at:', promise, 'reason:', reason)
+      restartSystemdResolved()
+      process.exit(1)
+    })
+    log('Set up cleanup handlers to restart systemd-resolved on exit')
+  }
+  async #useAlternativePort() {
+    try {
+      log('Attempting to use alternative port for DNS server...')
+      // Try ports 5353, 1053, 8053 as alternatives
+      const alternativePorts = [5353, 1053, 8053]
+      for (const port of alternativePorts) {
+        const available = await this.#checkPortAvailability(port)
+        if (available) {
+          try {
+            // Create new server instances for alternative port
+            const udpAlt = dns.createServer()
+            const tcpAlt = dns.createTCPServer()
+            // Copy event handlers
+            udpAlt.on('request', (request, response) => {
+              try {
+                this.#request(request, response)
+              } catch (err) {
+                error('DNS UDP request handler error:', err.message)
+              }
+            })
+            tcpAlt.on('request', (request, response) => {
+              try {
+                this.#request(request, response)
+              } catch (err) {
+                error('DNS TCP request handler error:', err.message)
+              }
+            })
+            udpAlt.on('error', err => error('DNS UDP Server Error (alt port):', err.stack))
+            tcpAlt.on('error', err => error('DNS TCP Server Error (alt port):', err.stack))
+            // Start on alternative port
+            udpAlt.serve(port)
+            tcpAlt.serve(port)
+            // Replace original servers
+            this.#udp = udpAlt
+            this.#tcp = tcpAlt
+            log(`DNS servers started on alternative port ${port}`)
+            // Update system to use our alternative port
+            this.#updateSystemDNSConfig(port)
+            return true
+          } catch (portErr) {
+            log(`Failed to start on port ${port}:`, portErr.message)
+            continue
+          }
+        } else {
+          log(`Port ${port} is also in use, trying next...`)
+          continue
+        }
+      }
+      error('All alternative ports are in use')
+      return false
+    } catch (err) {
+      error('Failed to use alternative port:', err.message)
+      return false
+    }
+  }
+  #setupSystemDNSForInternet() {
+    try {
+      // Configure system to use public DNS for internet access
+      const resolvConf = `# CandyPack DNS Configuration
+# CandyPack handles local domains on port 53
+# Public DNS servers handle all internet domains
+nameserver 1.1.1.1
+nameserver 1.0.0.1
+nameserver 8.8.8.8
+nameserver 8.8.4.4
+# Cloudflare DNS (1.1.1.1) - Fast and privacy-focused
+# Google DNS (8.8.8.8) - Reliable fallback
+# Original configuration backed up to /etc/resolv.conf.candypack.backup
+`
+      // Backup original resolv.conf
+      execSync('sudo cp /etc/resolv.conf /etc/resolv.conf.candypack.backup 2>/dev/null || true', {timeout: 5000})
+      // Update resolv.conf with public DNS servers
+      execSync(`echo '${resolvConf}' | sudo tee /etc/resolv.conf`, {timeout: 5000})
+      log('Configured system to use public DNS servers for internet access')
+      log('Cloudflare DNS (1.1.1.1) and Google DNS (8.8.8.8) will handle non-CandyPack domains')
+      // Set up restoration on exit
+      process.on('exit', () => {
+        try {
+          execSync('sudo mv /etc/resolv.conf.candypack.backup /etc/resolv.conf 2>/dev/null || true', {timeout: 5000})
+        } catch {
+          // Silent fail on exit
+        }
+      })
+    } catch (err) {
+      log('Warning: Could not configure system DNS for internet access:', err.message)
+    }
+  }
+  #updateSystemDNSConfig(port) {
+    try {
+      // Use reliable public DNS servers for internet access
+      // CandyPack DNS only handles local domains, everything else goes to public DNS
+      const resolvConf = `# CandyPack DNS Configuration
+# Local domains handled by CandyPack DNS on port ${port}
+# All other domains handled by reliable public DNS servers
+nameserver 1.1.1.1
+nameserver 1.0.0.1
+nameserver 8.8.8.8
+nameserver 8.8.4.4
+# Cloudflare DNS (1.1.1.1) - Fast and privacy-focused
+# Google DNS (8.8.8.8) - Reliable fallback
+# Original configuration backed up to /etc/resolv.conf.candypack.backup
+`
+      // Backup original resolv.conf
+      execSync('sudo cp /etc/resolv.conf /etc/resolv.conf.candypack.backup 2>/dev/null || true', {timeout: 5000})
+      // Update resolv.conf with public DNS servers
+      execSync(`echo '${resolvConf}' | sudo tee /etc/resolv.conf`, {timeout: 5000})
+      log('Updated /etc/resolv.conf to use reliable public DNS servers (1.1.1.1, 8.8.8.8)')
+      log('CandyPack domains will be handled locally, all other domains via public DNS')
+      // Set up restoration on exit
+      process.on('exit', () => {
+        try {
+          execSync('sudo mv /etc/resolv.conf.candypack.backup /etc/resolv.conf 2>/dev/null || true', {timeout: 5000})
+        } catch {
+          // Silent fail on exit
+        }
+      })
+    } catch (err) {
+      log('Warning: Could not update system DNS configuration:', err.message)
+    }
+  }
+  #request(request, response) {
+    try {
+      // Basic rate limiting (skip for localhost)
+      const clientIP = request.address?.address || 'unknown'
+      const now = Date.now()
+      // Skip rate limiting for localhost/loopback addresses
+      if (clientIP !== '127.0.0.1' && clientIP !== '::1' && clientIP !== 'localhost') {
+        if (!this.#requestCount.has(clientIP)) {
+          this.#requestCount.set(clientIP, {count: 1, firstRequest: now})
+        } else {
+          const clientData = this.#requestCount.get(clientIP)
+          if (now - clientData.firstRequest > this.#rateLimitWindow) {
+            // Reset window
+            this.#requestCount.set(clientIP, {count: 1, firstRequest: now})
+          } else {
+            clientData.count++
+            if (clientData.count > this.#rateLimit) {
+              log(`Rate limit exceeded for ${clientIP}`)
+              return response.send()
+            }
+          }
+        }
+      }
+      // Validate request structure
+      if (!request || !response || !response.question || !response.question[0]) {
+        log(`Invalid DNS request structure from ${clientIP}`)
+        return response.send()
+      }
+      const questionName = response.question[0].name.toLowerCase()
+      const questionType = response.question[0].type
+      response.question[0].name = questionName
+      let domain = questionName
+      while (!Candy.core('Config').config.websites[domain] && domain.includes('.')) {
+        domain = domain.split('.').slice(1).join('.')
+      }
+      if (!Candy.core('Config').config.websites[domain] || !Candy.core('Config').config.websites[domain].DNS) {
+        // For unknown domains, send proper NXDOMAIN response instead of empty response
+        response.header.rcode = dns.consts.NAME_TO_RCODE.NXDOMAIN
+        return response.send()
+      }
+      const dnsRecords = Candy.core('Config').config.websites[domain].DNS
+      // Only process records relevant to the question type for better performance
+      switch (questionType) {
+        case dns.consts.NAME_TO_QTYPE.A:
+          this.#processARecords(dnsRecords.A, questionName, response)
+          break
+        case dns.consts.NAME_TO_QTYPE.AAAA:
+          this.#processAAAARecords(dnsRecords.AAAA, questionName, response)
+          break
+        case dns.consts.NAME_TO_QTYPE.CNAME:
+          this.#processCNAMERecords(dnsRecords.CNAME, questionName, response)
+          break
+        case dns.consts.NAME_TO_QTYPE.MX:
+          this.#processMXRecords(dnsRecords.MX, questionName, response)
+          break
+        case dns.consts.NAME_TO_QTYPE.TXT:
+          this.#processTXTRecords(dnsRecords.TXT, questionName, response)
+          break
+        case dns.consts.NAME_TO_QTYPE.NS:
+          this.#processNSRecords(dnsRecords.NS, questionName, response, domain)
+          break
+        case dns.consts.NAME_TO_QTYPE.SOA:
+          this.#processSOARecords(dnsRecords.SOA, questionName, response)
+          break
+        case dns.consts.NAME_TO_QTYPE.CAA:
+          this.#processCAARecords(dnsRecords.CAA, questionName, response)
+          // If no CAA records found, add default Let's Encrypt CAA records
+          if (!response.answer.length && dnsRecords.CAA?.length === 0) {
+            this.#addDefaultCAARecords(questionName, response)
+          }
+          break
+        default:
+          // For ANY queries or unknown types, process all relevant records
+          this.#processARecords(dnsRecords.A, questionName, response)
+          this.#processAAAARecords(dnsRecords.AAAA, questionName, response)
+          this.#processCNAMERecords(dnsRecords.CNAME, questionName, response)
+          this.#processMXRecords(dnsRecords.MX, questionName, response)
+          this.#processTXTRecords(dnsRecords.TXT, questionName, response)
+          this.#processNSRecords(dnsRecords.NS, questionName, response, domain)
+          this.#processSOARecords(dnsRecords.SOA, questionName, response)
+          this.#processCAARecords(dnsRecords.CAA, questionName, response)
+      }
+      response.send()
+    } catch (err) {
+      error('DNS request processing error:', err.message)
+      // Log client info for debugging
+      const clientIP = request?.address?.address || 'unknown'
+      log(`Error processing DNS request from ${clientIP}`)
+      // Try to send an empty response if possible
+      try {
+        if (response && typeof response.send === 'function') {
+          response.send()
+        }
+      } catch (sendErr) {
+        error('Failed to send DNS error response:', sendErr.message)
+      }
+    }
+  }
+  #processARecords(records, questionName, response) {
+    try {
+      for (const record of records ?? []) {
+        if (record.name !== questionName) continue
+        response.answer.push(
+          dns.A({
+            name: record.name,
+            address: record.value ?? this.ip,
+            ttl: record.ttl ?? 3600
+          })
+        )
+      }
+    } catch (err) {
+      error('Error processing A records:', err.message)
+    }
+  }
+  #processAAAARecords(records, questionName, response) {
+    try {
+      for (const record of records ?? []) {
+        if (record.name !== questionName) continue
+        response.answer.push(
+          dns.AAAA({
+            name: record.name,
+            address: record.value,
+            ttl: record.ttl ?? 3600
+          })
+        )
+      }
+    } catch (err) {
+      error('Error processing AAAA records:', err.message)
+    }
+  }
+  #processCNAMERecords(records, questionName, response) {
+    try {
+      for (const record of records ?? []) {
+        if (record.name !== questionName) continue
+        response.answer.push(
+          dns.CNAME({
+            name: record.name,
+            data: record.value ?? questionName,
+            ttl: record.ttl ?? 3600
+          })
+        )
+      }
+    } catch (err) {
+      error('Error processing CNAME records:', err.message)
+    }
+  }
+  #processMXRecords(records, questionName, response) {
+    try {
+      for (const record of records ?? []) {
+        if (record.name !== questionName) continue
+        response.answer.push(
+          dns.MX({
+            name: record.name,
+            exchange: record.value ?? questionName,
+            priority: record.priority ?? 10,
+            ttl: record.ttl ?? 3600
+          })
+        )
+      }
+    } catch (err) {
+      error('Error processing MX records:', err.message)
+    }
+  }
+  #processNSRecords(records, questionName, response, domain) {
+    try {
+      for (const record of records ?? []) {
+        if (record.name !== questionName) continue
+        response.header.aa = 1
+        response.authority.push(
+          dns.NS({
+            name: record.name,
+            data: record.value ?? domain,
+            ttl: record.ttl ?? 3600
+          })
+        )
+      }
+    } catch (err) {
+      error('Error processing NS records:', err.message)
+    }
+  }
+  #processTXTRecords(records, questionName, response) {
+    try {
+      for (const record of records ?? []) {
+        if (!record || record.name !== questionName) continue
+        response.answer.push(
+          dns.TXT({
+            name: record.name,
+            data: [record.value],
+            ttl: record.ttl ?? 3600
+          })
+        )
+      }
+    } catch (err) {
+      error('Error processing TXT records:', err.message)
+    }
+  }
+  #processSOARecords(records, questionName, response) {
+    try {
+      for (const record of records ?? []) {
+        if (!record || !record.value) continue
+        const soaParts = record.value.split(' ')
+        if (soaParts.length < 7) continue
+        response.header.aa = 1
+        response.authority.push(
+          dns.SOA({
+            name: record.name,
+            primary: soaParts[0],
+            admin: soaParts[1],
+            serial: parseInt(soaParts[2]) || 1,
+            refresh: parseInt(soaParts[3]) || 3600,
+            retry: parseInt(soaParts[4]) || 600,
+            expiration: parseInt(soaParts[5]) || 604800,
+            minimum: parseInt(soaParts[6]) || 3600,
+            ttl: record.ttl ?? 3600
+          })
+        )
+      }
+    } catch (err) {
+      error('Error processing SOA records:', err.message)
+    }
+  }
+  #processCAARecords(records, questionName, response) {
+    try {
+      for (const record of records ?? []) {
+        if (!record || record.name !== questionName) continue
+        // CAA record format: flags tag value
+        // Example: "0 issue letsencrypt.org"
+        const caaParts = record.value.split(' ')
+        if (caaParts.length < 3) continue
+        const flags = parseInt(caaParts[0]) || 0
+        const tag = caaParts[1]
+        const value = caaParts.slice(2).join(' ')
+        response.answer.push(
+          dns.CAA({
+            name: record.name,
+            flags: flags,
+            tag: tag,
+            value: value,
+            ttl: record.ttl ?? 3600
+          })
+        )
+      }
+    } catch (err) {
+      error('Error processing CAA records:', err.message)
+    }
+  }
+  #addDefaultCAARecords(questionName, response) {
+    try {
+      // Add default CAA records allowing Let's Encrypt
+      response.answer.push(
+        dns.CAA({
+          name: questionName,
+          flags: 0,
+          tag: 'issue',
+          value: 'letsencrypt.org',
+          ttl: 3600
+        })
+      )
+      response.answer.push(
+        dns.CAA({
+          name: questionName,
+          flags: 0,
+          tag: 'issuewild',
+          value: 'letsencrypt.org',
+          ttl: 3600
+        })
+      )
+      log("Added default CAA records for Let's Encrypt to response for:", questionName)
+    } catch (err) {
+      error('Error adding default CAA records:', err.message)
+    }
+  }
+  record(...args) {
+    let domains = []
+    for (let obj of args) {
+      let domain = obj.name
+      while (!Candy.core('Config').config.websites[domain] && domain.includes('.')) domain = domain.split('.').slice(1).join('.')
+      if (!Candy.core('Config').config.websites[domain]) continue
+      if (!obj.type) continue
+      let type = obj.type.toUpperCase()
+      delete obj.type
+      if (!this.#types.includes(type)) continue
+      if (!Candy.core('Config').config.websites[domain].DNS) Candy.core('Config').config.websites[domain].DNS = {}
+      if (!Candy.core('Config').config.websites[domain].DNS[type]) Candy.core('Config').config.websites[domain].DNS[type] = []
+      if (obj.unique !== false) {
+        Candy.core('Config').config.websites[domain].DNS[type] = Candy.core('Config').config.websites[domain].DNS[type].filter(
+          record => record.name !== obj.name
+        )
+      }
+      Candy.core('Config').config.websites[domain].DNS[type].push(obj)
+      domains.push(domain)
+    }
+    let date = new Date()
+      .toISOString()
+      .replace(/[^0-9]/g, '')
+      .slice(0, 10)
+    for (let domain of domains) {
+      // Add SOA record
+      Candy.core('Config').config.websites[domain].DNS.SOA = [
+        {
+          name: domain,
+          value: 'ns1.' + domain + ' hostmaster.' + domain + ' ' + date + ' 3600 600 604800 3600'
+        }
+      ]
+      // Add default CAA records for Let's Encrypt SSL certificates
+      if (!Candy.core('Config').config.websites[domain].DNS.CAA) {
+        Candy.core('Config').config.websites[domain].DNS.CAA = [
+          {
+            name: domain,
+            value: '0 issue letsencrypt.org',
+            ttl: 3600
+          },
+          {
+            name: domain,
+            value: '0 issuewild letsencrypt.org',
+            ttl: 3600
+          }
+        ]
+        log("Added default CAA records for Let's Encrypt to domain:", domain)
+      }
+    }
+  }
+}
+module.exports = new DNS()