npm - odac - Versions diffs - 0.9.0 - Mend

odac 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (213) hide show

package/.editorconfig +21 -0
package/.github/workflows/auto-pr-description.yml +49 -0
package/.github/workflows/release.yml +32 -0
package/.github/workflows/test-coverage.yml +58 -0
package/.husky/pre-commit +2 -0
package/.kiro/steering/code-style.md +56 -0
package/.kiro/steering/product.md +20 -0
package/.kiro/steering/structure.md +77 -0
package/.kiro/steering/tech.md +87 -0
package/.prettierrc +10 -0
package/.releaserc.js +134 -0
package/AGENTS.md +84 -0
package/CHANGELOG.md +181 -0
package/CODE_OF_CONDUCT.md +83 -0
package/CONTRIBUTING.md +63 -0
package/LICENSE +661 -0
package/README.md +57 -0
package/SECURITY.md +26 -0
package/bin/candy +10 -0
package/bin/candypack +10 -0
package/cli/index.js +3 -0
package/cli/src/Cli.js +348 -0
package/cli/src/Connector.js +93 -0
package/cli/src/Monitor.js +416 -0
package/core/Candy.js +87 -0
package/core/Commands.js +239 -0
package/core/Config.js +1094 -0
package/core/Lang.js +52 -0
package/core/Log.js +43 -0
package/core/Process.js +26 -0
package/docs/backend/01-overview/01-whats-in-the-candy-box.md +9 -0
package/docs/backend/01-overview/02-super-handy-helper-functions.md +9 -0
package/docs/backend/01-overview/03-development-server.md +79 -0
package/docs/backend/02-structure/01-typical-project-layout.md +39 -0
package/docs/backend/03-config/00-configuration-overview.md +214 -0
package/docs/backend/03-config/01-database-connection.md +60 -0
package/docs/backend/03-config/02-static-route-mapping-optional.md +20 -0
package/docs/backend/03-config/03-request-timeout.md +11 -0
package/docs/backend/03-config/04-environment-variables.md +227 -0
package/docs/backend/03-config/05-early-hints.md +352 -0
package/docs/backend/04-routing/01-basic-page-routes.md +28 -0
package/docs/backend/04-routing/02-controller-less-view-routes.md +43 -0
package/docs/backend/04-routing/03-api-and-data-routes.md +20 -0
package/docs/backend/04-routing/04-authentication-aware-routes.md +48 -0
package/docs/backend/04-routing/05-advanced-routing.md +14 -0
package/docs/backend/04-routing/06-error-pages.md +101 -0
package/docs/backend/04-routing/07-cron-jobs.md +149 -0
package/docs/backend/05-controllers/01-how-to-build-a-controller.md +17 -0
package/docs/backend/05-controllers/02-your-trusty-candy-assistant.md +20 -0
package/docs/backend/05-controllers/03-controller-classes.md +93 -0
package/docs/backend/05-forms/01-custom-forms.md +395 -0
package/docs/backend/05-forms/02-automatic-database-insert.md +297 -0
package/docs/backend/06-request-and-response/01-the-request-object-what-is-the-user-asking-for.md +96 -0
package/docs/backend/06-request-and-response/02-sending-a-response-replying-to-the-user.md +40 -0
package/docs/backend/07-views/01-the-view-directory.md +73 -0
package/docs/backend/07-views/02-rendering-a-view.md +179 -0
package/docs/backend/07-views/03-template-syntax.md +181 -0
package/docs/backend/07-views/03-variables.md +328 -0
package/docs/backend/07-views/04-request-data.md +231 -0
package/docs/backend/07-views/05-conditionals.md +290 -0
package/docs/backend/07-views/06-loops.md +353 -0
package/docs/backend/07-views/07-translations.md +358 -0
package/docs/backend/07-views/08-backend-javascript.md +398 -0
package/docs/backend/07-views/09-comments.md +297 -0
package/docs/backend/08-database/01-database-connection.md +99 -0
package/docs/backend/08-database/02-using-mysql.md +322 -0
package/docs/backend/09-validation/01-the-validator-service.md +424 -0
package/docs/backend/10-authentication/01-user-logins-with-authjs.md +53 -0
package/docs/backend/10-authentication/02-foiling-villains-with-csrf-protection.md +55 -0
package/docs/backend/10-authentication/03-register.md +134 -0
package/docs/backend/10-authentication/04-candy-register-forms.md +676 -0
package/docs/backend/10-authentication/05-session-management.md +159 -0
package/docs/backend/10-authentication/06-candy-login-forms.md +596 -0
package/docs/backend/11-mail/01-the-mail-service.md +42 -0
package/docs/backend/12-streaming/01-streaming-overview.md +300 -0
package/docs/backend/13-utilities/01-candy-var.md +504 -0
package/docs/frontend/01-overview/01-introduction.md +146 -0
package/docs/frontend/02-ajax-navigation/01-quick-start.md +608 -0
package/docs/frontend/02-ajax-navigation/02-configuration.md +370 -0
package/docs/frontend/02-ajax-navigation/03-advanced-usage.md +519 -0
package/docs/frontend/03-forms/01-form-handling.md +420 -0
package/docs/frontend/04-api-requests/01-get-post.md +443 -0
package/docs/frontend/05-streaming/01-client-streaming.md +163 -0
package/docs/index.json +452 -0
package/docs/server/01-installation/01-quick-install.md +19 -0
package/docs/server/01-installation/02-manual-installation-via-npm.md +9 -0
package/docs/server/02-get-started/01-core-concepts.md +7 -0
package/docs/server/02-get-started/02-basic-commands.md +57 -0
package/docs/server/02-get-started/03-cli-reference.md +276 -0
package/docs/server/02-get-started/04-cli-quick-reference.md +102 -0
package/docs/server/03-service/01-start-a-new-service.md +57 -0
package/docs/server/03-service/02-delete-a-service.md +48 -0
package/docs/server/04-web/01-create-a-website.md +36 -0
package/docs/server/04-web/02-list-websites.md +9 -0
package/docs/server/04-web/03-delete-a-website.md +29 -0
package/docs/server/05-subdomain/01-create-a-subdomain.md +32 -0
package/docs/server/05-subdomain/02-list-subdomains.md +33 -0
package/docs/server/05-subdomain/03-delete-a-subdomain.md +41 -0
package/docs/server/06-ssl/01-renew-an-ssl-certificate.md +34 -0
package/docs/server/07-mail/01-create-a-mail-account.md +23 -0
package/docs/server/07-mail/02-delete-a-mail-account.md +20 -0
package/docs/server/07-mail/03-list-mail-accounts.md +20 -0
package/docs/server/07-mail/04-change-account-password.md +23 -0
package/eslint.config.mjs +120 -0
package/framework/index.js +4 -0
package/framework/src/Auth.js +309 -0
package/framework/src/Candy.js +81 -0
package/framework/src/Config.js +79 -0
package/framework/src/Env.js +60 -0
package/framework/src/Lang.js +57 -0
package/framework/src/Mail.js +83 -0
package/framework/src/Mysql.js +575 -0
package/framework/src/Request.js +301 -0
package/framework/src/Route/Cron.js +128 -0
package/framework/src/Route/Internal.js +439 -0
package/framework/src/Route.js +455 -0
package/framework/src/Server.js +15 -0
package/framework/src/Stream.js +163 -0
package/framework/src/Token.js +37 -0
package/framework/src/Validator.js +271 -0
package/framework/src/Var.js +211 -0
package/framework/src/View/EarlyHints.js +190 -0
package/framework/src/View/Form.js +600 -0
package/framework/src/View.js +513 -0
package/framework/web/candy.js +838 -0
package/jest.config.js +22 -0
package/locale/de-DE.json +80 -0
package/locale/en-US.json +79 -0
package/locale/es-ES.json +80 -0
package/locale/fr-FR.json +80 -0
package/locale/pt-BR.json +80 -0
package/locale/ru-RU.json +80 -0
package/locale/tr-TR.json +85 -0
package/locale/zh-CN.json +80 -0
package/package.json +86 -0
package/server/index.js +5 -0
package/server/src/Api.js +88 -0
package/server/src/DNS.js +940 -0
package/server/src/Hub.js +535 -0
package/server/src/Mail.js +571 -0
package/server/src/SSL.js +180 -0
package/server/src/Server.js +27 -0
package/server/src/Service.js +248 -0
package/server/src/Subdomain.js +64 -0
package/server/src/Web/Firewall.js +170 -0
package/server/src/Web/Proxy.js +134 -0
package/server/src/Web.js +451 -0
package/server/src/mail/imap.js +1091 -0
package/server/src/mail/server.js +32 -0
package/server/src/mail/smtp.js +786 -0
package/test/cli/Cli.test.js +36 -0
package/test/core/Candy.test.js +234 -0
package/test/core/Commands.test.js +538 -0
package/test/core/Config.test.js +1435 -0
package/test/core/Lang.test.js +250 -0
package/test/core/Process.test.js +156 -0
package/test/framework/Route.test.js +239 -0
package/test/framework/View/EarlyHints.test.js +282 -0
package/test/scripts/check-coverage.js +132 -0
package/test/server/Api.test.js +647 -0
package/test/server/Client.test.js +338 -0
package/test/server/DNS.test.js +2050 -0
package/test/server/DNS.test.js.bak +2084 -0
package/test/server/Log.test.js +73 -0
package/test/server/Mail.account.test_.js +460 -0
package/test/server/Mail.init.test_.js +411 -0
package/test/server/Mail.test_.js +1340 -0
package/test/server/SSL.test_.js +1491 -0
package/test/server/Server.test.js +765 -0
package/test/server/Service.test_.js +1127 -0
package/test/server/Subdomain.test.js +440 -0
package/test/server/Web/Firewall.test.js +175 -0
package/test/server/Web.test_.js +1562 -0
package/test/server/__mocks__/acme-client.js +17 -0
package/test/server/__mocks__/bcrypt.js +50 -0
package/test/server/__mocks__/child_process.js +389 -0
package/test/server/__mocks__/crypto.js +432 -0
package/test/server/__mocks__/fs.js +450 -0
package/test/server/__mocks__/globalCandy.js +227 -0
package/test/server/__mocks__/http-proxy.js +105 -0
package/test/server/__mocks__/http.js +575 -0
package/test/server/__mocks__/https.js +272 -0
package/test/server/__mocks__/index.js +249 -0
package/test/server/__mocks__/mail/server.js +100 -0
package/test/server/__mocks__/mail/smtp.js +31 -0
package/test/server/__mocks__/mailparser.js +81 -0
package/test/server/__mocks__/net.js +369 -0
package/test/server/__mocks__/node-forge.js +328 -0
package/test/server/__mocks__/os.js +320 -0
package/test/server/__mocks__/path.js +291 -0
package/test/server/__mocks__/selfsigned.js +8 -0
package/test/server/__mocks__/server/src/mail/server.js +100 -0
package/test/server/__mocks__/server/src/mail/smtp.js +31 -0
package/test/server/__mocks__/smtp-server.js +106 -0
package/test/server/__mocks__/sqlite3.js +394 -0
package/test/server/__mocks__/testFactories.js +299 -0
package/test/server/__mocks__/testHelpers.js +363 -0
package/test/server/__mocks__/tls.js +229 -0
package/watchdog/index.js +3 -0
package/watchdog/src/Watchdog.js +156 -0
package/web/config.json +5 -0
package/web/controller/page/about.js +27 -0
package/web/controller/page/index.js +34 -0
package/web/package.json +18 -0
package/web/public/assets/css/style.css +1835 -0
package/web/public/assets/js/app.js +96 -0
package/web/route/www.js +19 -0
package/web/skeleton/main.html +22 -0
package/web/view/content/about.html +65 -0
package/web/view/content/home.html +205 -0
package/web/view/footer/main.html +11 -0
package/web/view/head/main.html +5 -0
package/web/view/header/main.html +14 -0

package/server/src/Web/Proxy.js ADDED Viewed

@@ -0,0 +1,134 @@
+const http = require('http')
+const httpProxy = require('http-proxy')
+class WebProxy {
+  #log
+  #proxy
+  constructor(log) {
+    this.#log = log
+    this.#proxy = httpProxy.createProxyServer({
+      timeout: 30000,
+      proxyTimeout: 30000,
+      keepAlive: true
+    })
+  }
+  #handleEarlyHints(proxyRes, res) {
+    if (proxyRes.headers['x-candy-early-hints'] && typeof res.writeEarlyHints === 'function') {
+      try {
+        const links = JSON.parse(proxyRes.headers['x-candy-early-hints'])
+        if (Array.isArray(links) && links.length > 0) {
+          res.writeEarlyHints({link: links})
+        }
+      } catch {
+        // Ignore parsing errors
+      }
+    }
+  }
+  http2(req, res, website, host) {
+    const options = {
+      hostname: '127.0.0.1',
+      port: website.port,
+      path: req.url,
+      method: req.method,
+      headers: {},
+      timeout: 0
+    }
+    for (const [key, value] of Object.entries(req.headers)) {
+      if (!key.startsWith(':')) {
+        options.headers[key.toLowerCase()] = value
+      }
+    }
+    options.headers['x-candy-connection-remoteaddress'] = req.socket.remoteAddress ?? ''
+    options.headers['x-candy-connection-ssl'] = 'true'
+    const proxyReq = http.request(options, proxyRes => {
+      this.#handleEarlyHints(proxyRes, res)
+      const isSSE = proxyRes.headers['content-type']?.includes('text/event-stream')
+      if (isSSE) {
+        req.setTimeout(0)
+        res.setTimeout(0)
+      }
+      const responseHeaders = {}
+      const forbiddenHeaders = [
+        'connection',
+        'keep-alive',
+        'transfer-encoding',
+        'upgrade',
+        'proxy-connection',
+        'proxy-authenticate',
+        'trailer',
+        'x-candy-early-hints'
+      ]
+      for (const [key, value] of Object.entries(proxyRes.headers)) {
+        if (!forbiddenHeaders.includes(key.toLowerCase())) {
+          responseHeaders[key] = value
+        }
+      }
+      res.writeHead(proxyRes.statusCode, responseHeaders)
+      proxyRes.pipe(res)
+    })
+    proxyReq.on('error', err => {
+      this.#log(`HTTP/2 proxy error for ${host}: ${err.message}`)
+      if (!res.headersSent) {
+        res.writeHead(502)
+        res.end('Bad Gateway')
+      }
+    })
+    req.pipe(proxyReq)
+  }
+  http1(req, res, website, host) {
+    const onProxyReq = (proxyReq, req) => {
+      proxyReq.setHeader('x-candy-connection-remoteaddress', req.socket.remoteAddress ?? '')
+      proxyReq.setHeader('x-candy-connection-ssl', 'true')
+    }
+    const onProxyRes = (proxyRes, req, res) => {
+      this.#handleEarlyHints(proxyRes, res)
+      delete proxyRes.headers['x-candy-early-hints']
+      const isSSE = proxyRes.headers['content-type']?.includes('text/event-stream')
+      if (isSSE) {
+        req.setTimeout(0)
+        res.setTimeout(0)
+        proxyRes.setTimeout(0)
+      }
+    }
+    const onError = (err, req, res) => {
+      this.#log(`Proxy error for ${host}: ${err.message}`)
+      if (!res.headersSent) {
+        res.statusCode = 502
+        res.end('Bad Gateway')
+      }
+    }
+    const cleanup = () => {
+      this.#proxy.off('proxyReq', onProxyReq)
+      this.#proxy.off('proxyRes', onProxyRes)
+      this.#proxy.off('error', onError)
+    }
+    this.#proxy.on('proxyReq', onProxyReq)
+    this.#proxy.on('proxyRes', onProxyRes)
+    this.#proxy.on('error', onError)
+    res.on('finish', cleanup)
+    res.on('close', cleanup)
+    this.#proxy.web(req, res, {target: 'http://127.0.0.1:' + website.port, timeout: 0, proxyTimeout: 0})
+  }
+}
+module.exports = WebProxy

package/server/src/Web.js ADDED Viewed

@@ -0,0 +1,451 @@
+const {log, error} = Candy.core('Log', false).init('Web')
+const childProcess = require('child_process')
+const fs = require('fs')
+const http = require('http')
+const https = require('https')
+const http2 = require('http2')
+const net = require('net')
+const os = require('os')
+const path = require('path')
+const tls = require('tls')
+const WebProxy = require('./Web/Proxy.js')
+const WebFirewall = require('./Web/Firewall.js')
+class Web {
+  #active = {}
+  #error_counts = {}
+  #loaded = false
+  #log
+  #logs = {log: {}, err: {}}
+  #sslCache = new Map()
+  #ports = {}
+  #proxy
+  #firewall
+  #server_http
+  #server_https
+  #started = {}
+  #watcher = {}
+  constructor() {
+    this.#log = log
+    this.#proxy = new WebProxy(this.#log)
+    this.#firewall = new WebFirewall()
+  }
+  clearSSLCache(domain) {
+    if (domain) {
+      for (const key of this.#sslCache.keys()) {
+        if (key === domain || key.endsWith('.' + domain)) {
+          this.#sslCache.delete(key)
+        }
+      }
+    } else {
+      this.#sslCache.clear()
+    }
+  }
+  check() {
+    if (!this.#loaded) return
+    for (const domain of Object.keys(Candy.core('Config').config.websites ?? {})) {
+      if (!Candy.core('Config').config.websites[domain].pid) {
+        this.start(domain)
+      } else if (!this.#watcher[Candy.core('Config').config.websites[domain].pid]) {
+        Candy.core('Process').stop(Candy.core('Config').config.websites[domain].pid)
+        Candy.core('Config').config.websites[domain].pid = null
+        this.start(domain)
+      }
+      if (this.#logs.log[domain]) {
+        fs.writeFile(os.homedir() + '/.candypack/logs/' + domain + '.log', this.#logs.log[domain], function (err) {
+          if (err) log(err)
+        })
+      }
+      if (this.#logs.err[domain]) {
+        fs.writeFile(Candy.core('Config').config.websites[domain].path + '/error.log', this.#logs.err[domain], function (err) {
+          if (err) log(err)
+        })
+      }
+    }
+    this.server()
+  }
+  checkPort(port) {
+    return new Promise(resolve => {
+      const server = net.createServer()
+      server.once('error', () => resolve(false))
+      server.once('listening', () => {
+        server.close()
+        resolve(true)
+      })
+      server.listen(port, '127.0.0.1')
+    })
+  }
+  create(domain, progress) {
+    let web = {}
+    for (const iterator of ['http://', 'https://', 'ftp://', 'www.']) {
+      if (domain.startsWith(iterator)) domain = domain.replace(iterator, '')
+    }
+    if (domain.length < 3 || (!domain.includes('.') && domain != 'localhost'))
+      return Candy.server('Api').result(false, __('Invalid domain.'))
+    if (Candy.core('Config').config.websites?.[domain]) return Candy.server('Api').result(false, __('Website %s already exists.', domain))
+    progress('domain', 'progress', __('Setting up domain %s...', domain))
+    web.domain = domain
+    web.path = path.join(Candy.core('Config').config.web.path, domain)
+    if (!fs.existsSync(web.path)) fs.mkdirSync(web.path, {recursive: true})
+    if (!Candy.core('Config').config.websites) Candy.core('Config').config.websites = {}
+    web.cert = false
+    Candy.core('Config').config.websites[web.domain] = web
+    progress('domain', 'success', __('Domain %s set.', domain))
+    if (web.domain != 'localhost' && !web.domain.match(/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/)) {
+      progress('dns', 'progress', __('Setting up DNS records for %s...', domain))
+      Candy.core('Config').config.websites[web.domain].subdomain = ['www']
+      Candy.server('DNS').record(
+        {name: web.domain, type: 'A', value: Candy.server('DNS').ip},
+        {name: 'www.' + web.domain, type: 'CNAME', value: web.domain},
+        {name: web.domain, type: 'MX', value: web.domain},
+        {name: web.domain, type: 'TXT', value: 'v=spf1 a mx ip4:' + Candy.server('DNS').ip + ' ~all'},
+        {
+          name: '_dmarc.' + web.domain,
+          type: 'TXT',
+          value: 'v=DMARC1; p=reject; rua=mailto:postmaster@' + web.domain
+        }
+      )
+      progress('dns', 'success', __('DNS records for %s set.', domain))
+      Candy.core('Config').config.websites[web.domain].cert = {}
+      progress('ssl', 'progress', __('Setting up SSL certificate for %s...', domain))
+    }
+    progress('directory', 'progress', __('Setting up website files for %s...', domain))
+    childProcess.execSync('npm link candypack', {cwd: web.path})
+    if (fs.existsSync(web.path + 'node_modules/.bin')) fs.rmSync(web.path + 'node_modules/.bin', {recursive: true})
+    if (!fs.existsSync(web.path + '/node_modules')) fs.mkdirSync(web.path + '/node_modules')
+    // Copy web template files
+    fs.cpSync(__dirname + '/../../web/', web.path, {recursive: true})
+    // Process package.json template after copying
+    const packageJsonPath = path.join(web.path, 'package.json')
+    if (fs.existsSync(packageJsonPath)) {
+      let packageTemplate = fs.readFileSync(packageJsonPath, 'utf8')
+      // Replace template variables
+      packageTemplate = packageTemplate.replace(/\{\{domain\}\}/g, domain.replace(/\./g, '-')).replace(/\{\{domain_original\}\}/g, domain)
+      fs.writeFileSync(packageJsonPath, packageTemplate)
+    }
+    progress('directory', 'success', __('Website files for %s set.', domain))
+    return Candy.server('Api').result(true, __('Website %s1 created at %s2.', web.domain, web.path))
+  }
+  async delete(domain) {
+    for (const iterator of ['http://', 'https://', 'ftp://', 'www.']) if (domain.startsWith(iterator)) domain = domain.replace(iterator, '')
+    if (!Candy.core('Config').config.websites[domain]) return Candy.server('Api').result(false, __('Website %s not found.', domain))
+    const website = Candy.core('Config').config.websites[domain]
+    delete Candy.core('Config').config.websites[domain]
+    // Stop process if running
+    if (website.pid) {
+      Candy.core('Process').stop(website.pid)
+      delete this.#watcher[website.pid]
+      if (website.port) {
+        delete this.#ports[website.port]
+      }
+    }
+    // Cleanup logs
+    delete this.#logs.log[domain]
+    delete this.#logs.err[domain]
+    delete this.#error_counts[domain]
+    delete this.#active[domain]
+    delete this.#started[domain]
+    return Candy.server('Api').result(true, __('Website %s deleted.', domain))
+  }
+  index(req, res) {
+    res.write('CandyPack Server')
+    res.end()
+  }
+  async init() {
+    this.#loaded = true
+    this.server()
+    if (!Candy.core('Config').config.web?.path || !fs.existsSync(Candy.core('Config').config.web.path)) {
+      if (!Candy.core('Config').config.web) Candy.core('Config').config.web = {}
+      if (os.platform() === 'win32' || os.platform() === 'darwin') {
+        Candy.core('Config').config.web.path = os.homedir() + '/Candypack/'
+      } else {
+        Candy.core('Config').config.web.path = '/var/candypack/'
+      }
+    }
+  }
+  async list() {
+    let websites = Object.keys(Candy.core('Config').config.websites ?? {})
+    if (websites.length == 0) return Candy.server('Api').result(false, __('No websites found.'))
+    return Candy.server('Api').result(true, __('Websites:') + '\n  ' + websites.join('\n  '))
+  }
+  request(req, res, secure) {
+    const result = this.#firewall.check(req)
+    if (!result.allowed) {
+      if (result.reason === 'blacklist') {
+        res.writeHead(403, {'Content-Type': 'text/plain'})
+        res.end('Forbidden')
+      } else {
+        res.writeHead(429, {'Content-Type': 'text/plain'})
+        res.end('Too Many Requests')
+      }
+      return
+    }
+    let host = req.headers.host || req.headers[':authority']
+    if (!host) return this.index(req, res)
+    // Remove port from host
+    if (host.includes(':')) {
+      host = host.split(':')[0]
+    }
+    // Find matching website (check subdomains)
+    let matchedHost = host
+    while (!Candy.core('Config').config.websites[matchedHost] && matchedHost.includes('.')) {
+      matchedHost = matchedHost.split('.').slice(1).join('.')
+    }
+    const website = Candy.core('Config').config.websites[matchedHost]
+    if (!website) return this.index(req, res)
+    if (!website.pid || !this.#watcher[website.pid]) return this.index(req, res)
+    try {
+      if (!secure) {
+        res.writeHead(301, {Location: 'https://' + host + (req.url || req.headers[':path'] || '/')})
+        return res.end()
+      }
+      if (req.httpVersion === '2.0') {
+        if (!req.url && req.headers[':path']) {
+          req.url = req.headers[':path']
+        }
+        if (!req.method && req.headers[':method']) {
+          req.method = req.headers[':method'].toUpperCase()
+        }
+        if (!req.headers.host) {
+          req.headers.host = host
+        }
+        return this.#proxy.http2(req, res, website, host)
+      }
+      return this.#proxy.http1(req, res, website, host)
+    } catch (e) {
+      log(e)
+      return this.index(req, res)
+    }
+  }
+  server() {
+    if (!this.#loaded) return setTimeout(() => this.server(), 1000)
+    if (Object.keys(Candy.core('Config').config.websites ?? {}).length == 0) return
+    if (!this.#server_http) {
+      this.#server_http = http.createServer((req, res) => this.request(req, res, false))
+      this.#server_http.on('error', err => {
+        log(`HTTP server error: ${err.message}`)
+        if (err.code === 'EADDRINUSE') {
+          log('Port 80 is already in use')
+        }
+      })
+      this.#server_http.listen(80)
+    }
+    let ssl = Candy.core('Config').config.ssl ?? {}
+    if (!this.#server_https && ssl && ssl.key && ssl.cert && fs.existsSync(ssl.key) && fs.existsSync(ssl.cert)) {
+      const useHttp2 = Candy.core('Config').config.http2 !== false
+      const serverOptions = {
+        SNICallback: (hostname, callback) => {
+          try {
+            const cached = this.#sslCache.get(hostname)
+            if (cached) return callback(null, cached)
+            let sslOptions
+            while (!Candy.core('Config').config.websites[hostname] && hostname.includes('.'))
+              hostname = hostname.split('.').slice(1).join('.')
+            let website = Candy.core('Config').config.websites[hostname]
+            if (
+              website &&
+              website.cert &&
+              website.cert.ssl &&
+              website.cert.ssl.key &&
+              website.cert.ssl.cert &&
+              fs.existsSync(website.cert.ssl.key) &&
+              fs.existsSync(website.cert.ssl.cert)
+            ) {
+              sslOptions = {
+                key: fs.readFileSync(website.cert.ssl.key),
+                cert: fs.readFileSync(website.cert.ssl.cert)
+              }
+            } else {
+              sslOptions = {
+                key: fs.readFileSync(ssl.key),
+                cert: fs.readFileSync(ssl.cert)
+              }
+            }
+            const ctx = tls.createSecureContext(sslOptions)
+            this.#sslCache.set(hostname, ctx)
+            callback(null, ctx)
+          } catch (err) {
+            log(`SSL certificate error for ${hostname}: ${err.message}`)
+            callback(err)
+          }
+        },
+        key: fs.readFileSync(ssl.key),
+        cert: fs.readFileSync(ssl.cert),
+        sessionTimeout: 300,
+        ciphers:
+          'TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:' +
+          'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:' +
+          'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:' +
+          'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305',
+        honorCipherOrder: true
+      }
+      if (useHttp2) {
+        serverOptions.allowHTTP1 = true
+        this.#server_https = http2.createSecureServer(serverOptions, (req, res) => {
+          this.request(req, res, true)
+        })
+        log('HTTPS server starting with HTTP/2 support enabled')
+      } else {
+        this.#server_https = https.createServer(serverOptions, (req, res) => {
+          this.request(req, res, true)
+        })
+        log('HTTPS server starting with HTTP/1.1 only')
+      }
+      this.#server_https.on('error', err => {
+        log(`HTTPS server error: ${err.message}`)
+        if (err.code === 'EADDRINUSE') {
+          log('Port 443 is already in use')
+        }
+      })
+      this.#server_https.listen(443)
+    }
+  }
+  set(domain, data) {
+    Candy.core('Config').config.websites[domain] = data
+  }
+  async start(domain) {
+    if (this.#active[domain] || !this.#loaded) return
+    this.#active[domain] = true
+    if (!Candy.core('Config').config.websites[domain]) return (this.#active[domain] = false)
+    if (
+      Candy.core('Config').config.websites[domain].status == 'errored' &&
+      Date.now() - Candy.core('Config').config.websites[domain].updated < this.#error_counts[domain] * 1000
+    )
+      return (this.#active[domain] = false)
+    let port = 60000
+    let using = false
+    do {
+      if (this.#ports[port]) {
+        port++
+        using = true
+      } else {
+        if (this.checkPort(port)) {
+          using = false
+        } else {
+          port++
+          using = true
+        }
+      }
+      if (port > 65535) {
+        port = 1000
+        using = true
+      }
+    } while (using)
+    Candy.core('Config').config.websites[domain].port = port
+    this.#ports[port] = true
+    var child = childProcess.spawn('candypack', ['framework', 'run', port], {
+      cwd: Candy.core('Config').config.websites[domain].path
+    })
+    let pid = child.pid
+    log('Web server started for ' + domain + ' with PID ' + pid)
+    child.stdout.on('data', data => {
+      if (!this.#logs.log[domain]) this.#logs.log[domain] = ''
+      this.#logs.log[domain] +=
+        '[LOG][' +
+        Date.now() +
+        '] ' +
+        data
+          .toString()
+          .trim()
+          .split('\n')
+          .join('\n[LOG][' + Date.now() + '] ') +
+        '\n'
+      if (this.#logs.log[domain].length > 100000)
+        this.#logs.log[domain] = this.#logs.log[domain].substr(this.#logs.log[domain].length - 1000000)
+      if (Candy.core('Config').config.websites[domain] && Candy.core('Config').config.websites[domain].status == 'errored')
+        Candy.core('Config').config.websites[domain].status = 'running'
+    })
+    child.stderr.on('data', data => {
+      if (!this.#logs.err[domain]) this.#logs.err[domain] = ''
+      this.#logs.log[domain] +=
+        '[ERR][' +
+        Date.now() +
+        '] ' +
+        data
+          .toString()
+          .trim()
+          .split('\n')
+          .join('\n[ERR][' + Date.now() + '] ') +
+        '\n'
+      this.#logs.err[domain] += data.toString()
+      if (this.#logs.err[domain].length > 100000)
+        this.#logs.err[domain] = this.#logs.err[domain].substr(this.#logs.err[domain].length - 1000000)
+      if (Candy.core('Config').config.websites[domain]) Candy.core('Config').config.websites[domain].status = 'errored'
+    })
+    child.on('exit', () => {
+      error('Child process exited for ' + domain)
+      if (!Candy.core('Config').config.websites[domain]) return
+      Candy.core('Config').config.websites[domain].pid = null
+      Candy.core('Config').config.websites[domain].updated = Date.now()
+      if (Candy.core('Config').config.websites[domain].status == 'errored') {
+        Candy.core('Config').config.websites[domain].status = 'errored'
+        this.#error_counts[domain] = this.#error_counts[domain] ?? 0
+        this.#error_counts[domain]++
+      } else Candy.core('Config').config.websites[domain].status = 'stopped'
+      this.#watcher[pid] = false
+      delete this.#ports[Candy.core('Config').config.websites[domain].port]
+      this.#active[domain] = false
+    })
+    Candy.core('Config').config.websites[domain].pid = pid
+    Candy.core('Config').config.websites[domain].started = Date.now()
+    Candy.core('Config').config.websites[domain].status = 'running'
+    this.#watcher[pid] = true
+    this.#started[domain] = Date.now()
+  }
+  async status() {
+    this.init()
+    return Candy.core('Config').config.websites
+  }
+  stopAll() {
+    for (const domain of Object.keys(Candy.core('Config').config.websites ?? {})) {
+      let website = Candy.core('Config').config.websites[domain]
+      if (website.pid) {
+        Candy.core('Process').stop(website.pid)
+        website.pid = null
+        this.set(domain, website)
+      }
+    }
+  }
+}
+module.exports = new Web()