npm - odac - Versions diffs - 1.0.1 → 1.2.0 - Mend

odac 1.0.1 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (143) hide show

package/.agent/rules/coding.md +27 -0
package/.agent/rules/memory.md +33 -0
package/.agent/rules/project.md +30 -0
package/.agent/rules/workflow.md +16 -0
package/.github/workflows/auto-pr-description.yml +3 -1
package/.github/workflows/release.yml +42 -1
package/.github/workflows/test-coverage.yml +6 -5
package/.github/workflows/test-publish.yml +36 -0
package/.husky/pre-commit +10 -0
package/.husky/pre-push +13 -0
package/.releaserc.js +3 -3
package/CHANGELOG.md +184 -0
package/README.md +53 -34
package/bin/odac.js +181 -49
package/client/odac.js +878 -995
package/docs/backend/01-overview/03-development-server.md +39 -46
package/docs/backend/02-structure/01-typical-project-layout.md +59 -25
package/docs/backend/03-config/00-configuration-overview.md +15 -6
package/docs/backend/03-config/01-database-connection.md +3 -3
package/docs/backend/03-config/02-static-route-mapping-optional.md +1 -1
package/docs/backend/03-config/03-request-timeout.md +1 -1
package/docs/backend/03-config/04-environment-variables.md +4 -4
package/docs/backend/03-config/05-early-hints.md +2 -2
package/docs/backend/04-routing/02-controller-less-view-routes.md +9 -3
package/docs/backend/04-routing/03-api-and-data-routes.md +18 -0
package/docs/backend/04-routing/07-cron-jobs.md +17 -1
package/docs/backend/04-routing/09-websocket.md +29 -0
package/docs/backend/05-controllers/01-how-to-build-a-controller.md +48 -3
package/docs/backend/05-controllers/02-your-trusty-odac-assistant.md +2 -0
package/docs/backend/05-controllers/03-controller-classes.md +61 -55
package/docs/backend/05-forms/01-custom-forms.md +103 -95
package/docs/backend/05-forms/02-automatic-database-insert.md +21 -21
package/docs/backend/06-request-and-response/01-the-request-object-what-is-the-user-asking-for.md +17 -0
package/docs/backend/07-views/02-rendering-a-view.md +1 -1
package/docs/backend/07-views/03-variables.md +5 -5
package/docs/backend/07-views/04-request-data.md +1 -1
package/docs/backend/07-views/08-backend-javascript.md +1 -1
package/docs/backend/07-views/10-styling-and-tailwind.md +93 -0
package/docs/backend/08-database/01-getting-started.md +100 -0
package/docs/backend/08-database/02-basics.md +136 -0
package/docs/backend/08-database/03-advanced.md +84 -0
package/docs/backend/08-database/04-migrations.md +48 -0
package/docs/backend/09-validation/01-the-validator-service.md +1 -0
package/docs/backend/10-authentication/03-register.md +9 -2
package/docs/backend/10-authentication/04-odac-register-forms.md +48 -48
package/docs/backend/10-authentication/05-session-management.md +16 -2
package/docs/backend/10-authentication/06-odac-login-forms.md +50 -50
package/docs/backend/10-authentication/07-magic-links.md +134 -0
package/docs/backend/11-mail/01-the-mail-service.md +118 -28
package/docs/backend/12-streaming/01-streaming-overview.md +2 -2
package/docs/backend/13-utilities/01-odac-var.md +7 -7
package/docs/backend/13-utilities/02-ipc.md +73 -0
package/docs/frontend/01-overview/01-introduction.md +5 -1
package/docs/frontend/02-ajax-navigation/01-quick-start.md +1 -1
package/docs/index.json +21 -125
package/eslint.config.mjs +5 -47
package/jest.config.js +1 -1
package/package.json +16 -7
package/src/Auth.js +414 -121
package/src/Config.js +12 -7
package/src/Database.js +188 -0
package/src/Env.js +3 -1
package/src/Ipc.js +337 -0
package/src/Lang.js +9 -2
package/src/Mail.js +408 -37
package/src/Odac.js +105 -40
package/src/Request.js +71 -49
package/src/Route/Cron.js +62 -18
package/src/Route/Internal.js +215 -12
package/src/Route/Middleware.js +7 -2
package/src/Route.js +372 -109
package/src/Server.js +118 -12
package/src/Storage.js +169 -0
package/src/Token.js +6 -4
package/src/Validator.js +95 -3
package/src/Var.js +22 -6
package/src/View/EarlyHints.js +43 -33
package/src/View/Form.js +210 -28
package/src/View.js +108 -7
package/src/WebSocket.js +18 -3
package/template/odac.json +5 -0
package/template/package.json +3 -1
package/template/route/www.js +12 -10
package/template/view/content/home.html +3 -3
package/template/view/head/main.html +2 -2
package/test/Client.test.js +168 -0
package/test/Config.test.js +112 -0
package/test/Lang.test.js +92 -0
package/test/Odac.test.js +86 -0
package/test/{framework/middleware.test.js → Route/Middleware.test.js} +2 -2
package/test/{framework/Route.test.js → Route.test.js} +1 -1
package/test/{framework/View → View}/EarlyHints.test.js +1 -1
package/test/{framework/WebSocket.test.js → WebSocket.test.js} +2 -2
package/test/scripts/check-coverage.js +4 -4
package/docs/backend/08-database/01-database-connection.md +0 -99
package/docs/backend/08-database/02-using-mysql.md +0 -322
package/src/Mysql.js +0 -575
package/template/config.json +0 -5
package/test/cli/Cli.test.js +0 -36
package/test/core/Candy.test.js +0 -234
package/test/core/Commands.test.js +0 -538
package/test/core/Config.test.js +0 -1432
package/test/core/Lang.test.js +0 -250
package/test/core/Process.test.js +0 -156
package/test/server/Api.test.js +0 -647
package/test/server/DNS.test.js +0 -2050
package/test/server/DNS.test.js.bak +0 -2084
package/test/server/Hub.test.js +0 -497
package/test/server/Log.test.js +0 -73
package/test/server/Mail.account.test_.js +0 -460
package/test/server/Mail.init.test_.js +0 -411
package/test/server/Mail.test_.js +0 -1340
package/test/server/SSL.test_.js +0 -1491
package/test/server/Server.test.js +0 -765
package/test/server/Service.test_.js +0 -1127
package/test/server/Subdomain.test.js +0 -440
package/test/server/Web/Firewall.test.js +0 -175
package/test/server/Web/Proxy.test.js +0 -397
package/test/server/Web.test.js +0 -1494
package/test/server/__mocks__/acme-client.js +0 -17
package/test/server/__mocks__/bcrypt.js +0 -50
package/test/server/__mocks__/child_process.js +0 -389
package/test/server/__mocks__/crypto.js +0 -432
package/test/server/__mocks__/fs.js +0 -450
package/test/server/__mocks__/globalOdac.js +0 -227
package/test/server/__mocks__/http.js +0 -575
package/test/server/__mocks__/https.js +0 -272
package/test/server/__mocks__/index.js +0 -249
package/test/server/__mocks__/mail/server.js +0 -100
package/test/server/__mocks__/mail/smtp.js +0 -31
package/test/server/__mocks__/mailparser.js +0 -81
package/test/server/__mocks__/net.js +0 -369
package/test/server/__mocks__/node-forge.js +0 -328
package/test/server/__mocks__/os.js +0 -320
package/test/server/__mocks__/path.js +0 -291
package/test/server/__mocks__/selfsigned.js +0 -8
package/test/server/__mocks__/server/src/mail/server.js +0 -100
package/test/server/__mocks__/server/src/mail/smtp.js +0 -31
package/test/server/__mocks__/smtp-server.js +0 -106
package/test/server/__mocks__/sqlite3.js +0 -394
package/test/server/__mocks__/testFactories.js +0 -299
package/test/server/__mocks__/testHelpers.js +0 -363
package/test/server/__mocks__/tls.js +0 -229

package/src/Server.js CHANGED Viewed

@@ -1,22 +1,128 @@
-const http = require(`http`)
+const http = require('http')
+const nodeCrypto = require('crypto')
+const cluster = require('node:cluster')
+const os = require('node:os')
 module.exports = {
   init: function () {
     let args = process.argv.slice(2)
     if (args[0] == 'framework' && args[1] == 'run') args = args.slice(2)
-    let port = parseInt(args[0] ?? '1071')
-    console.log(`Odac Server running on \x1b]8;;http://127.0.0.1:${port}\x1b\\\x1b[4mhttp://127.0.0.1:${port}\x1b[0m\x1b]8;;\x1b\\.`)
+    let port = parseInt(args[0])
+    if (isNaN(port)) port = parseInt(process.env.PORT || '1071')
-    const server = http.createServer((req, res) => {
-      return Odac.Route.request(req, res)
-    })
+    if (cluster.isPrimary) {
+      const numCPUs = Odac.Config.debug ? 1 : os.cpus().length
+      let isShuttingDown = false
-    server.on('upgrade', (req, socket, head) => {
-      const id = `${Date.now()}${Math.random().toString(36).substr(2, 9)}`
-      const param = Odac.instance(id, req, null)
-      Odac.Route.handleWebSocketUpgrade(req, socket, head, param)
-    })
+      const mode = Odac.Config.debug ? '\x1b[33mDevelopment\x1b[0m' : '\x1b[32mProduction\x1b[0m'
+      console.log(
+        `Odac Server running on \x1b]8;;http://127.0.0.1:${port}\x1b\\\x1b[4mhttp://127.0.0.1:${port}\x1b[0m\x1b]8;;\x1b\\ in ${mode} mode.`
+      )
-    server.listen(port)
+      // Start session garbage collector (runs every hour, expires after 7 days)
+      Odac.Storage.startSessionGC()
+      for (let i = 0; i < numCPUs; i++) {
+        cluster.fork()
+      }
+      cluster.on('exit', () => {
+        // Don't restart workers during shutdown
+        if (!isShuttingDown) {
+          cluster.fork()
+        }
+      })
+      // Graceful shutdown handler for primary
+      const gracefulShutdown = signal => {
+        if (isShuttingDown) return
+        isShuttingDown = true
+        console.log(`\n\x1b[33m[Shutdown]\x1b[0m ${signal} received, shutting down gracefully...`)
+        // Disconnect all workers
+        for (const id in cluster.workers) {
+          cluster.workers[id].send('shutdown')
+          cluster.workers[id].disconnect()
+        }
+        let workersAlive = Object.keys(cluster.workers).length
+        cluster.on('exit', () => {
+          workersAlive--
+          if (workersAlive === 0) {
+            console.log('\x1b[32m[Shutdown]\x1b[0m All workers stopped.')
+            Odac.Storage.close()
+            console.log('\x1b[32m[Shutdown]\x1b[0m Storage closed. Goodbye!')
+            process.exit(0)
+          }
+        })
+        // Force exit after 30 seconds
+        setTimeout(() => {
+          console.error('\x1b[31m[Shutdown]\x1b[0m Timeout! Forcing exit...')
+          process.exit(1)
+        }, 30000)
+      }
+      process.on('SIGTERM', () => gracefulShutdown('SIGTERM'))
+      process.on('SIGINT', () => gracefulShutdown('SIGINT'))
+    } else {
+      const server = http.createServer((req, res) => {
+        return Odac.Route.request(req, res)
+      })
+      /**
+       * ENTERPRISE PERFORMANCE CONFIGURATION
+       * ------------------------------------
+       * 1. Keep-Alive: Set higher than the upstream Load Balancer/Proxy (usually 60s).
+       *    This prevents the "502 Bad Gateway" race condition where Node closes
+       *    an idle connection while the proxy attempts to reuse it.
+       */
+      server.keepAliveTimeout = 65000 // 65 seconds
+      server.headersTimeout = 66000 // 66 seconds (Must be > keepAliveTimeout)
+      /**
+       * 2. Low Latency: Disable Nagle's Algorithm.
+       *    We want to send data immediately, even if the packet is small.
+       *    Critical for sub-millisecond API responses.
+       */
+      server.on('connection', socket => {
+        socket.setNoDelay(true)
+      })
+      /**
+       * 3. Connection Rotation: Force reset after 10k requests.
+       *    - Helps with Load Balancing (clients are forced to reconnect and potentially pick a new pod/worker).
+       *    - Mitigates long-term memory leaks in the TLS/Socket layer.
+       */
+      server.maxRequestsPerSocket = 10000
+      /**
+       * 4. Hard Timeout: Kill connection if request processing (headers + body) takes too long.
+       *    - Defaults to 0 (unlimited) or 5min in older Node.
+       *    - 30s is more than enough for an API; fail fast if the client is stuck.
+       */
+      server.requestTimeout = 30000 // 30 seconds
+      server.on('upgrade', (req, socket, head) => {
+        const id = nodeCrypto.randomBytes(16).toString('hex')
+        const param = Odac.instance(id, req, null)
+        Odac.Route.handleWebSocketUpgrade(req, socket, head, param)
+      })
+      server.listen(port)
+      // Graceful shutdown handler for worker
+      process.on('message', msg => {
+        if (msg === 'shutdown') {
+          console.log(`\x1b[36m[Worker ${process.pid}]\x1b[0m Closing server...`)
+          server.close(() => {
+            console.log(`\x1b[36m[Worker ${process.pid}]\x1b[0m Server closed.`)
+            process.exit(0)
+          })
+        }
+      })
+    }
   }
 }

package/src/Storage.js ADDED Viewed

@@ -0,0 +1,169 @@
+const fs = require('fs')
+const path = require('path')
+class OdacStorage {
+  constructor() {
+    this.db = null
+    this.ready = false
+  }
+  init() {
+    const {open} = require('lmdb')
+    const storagePath = path.join(global.__dir, 'storage')
+    const dbPath = path.join(storagePath, 'sessions.db')
+    try {
+      // Ensure storage directory exists
+      if (!fs.existsSync(storagePath)) {
+        fs.mkdirSync(storagePath, {recursive: true})
+      }
+      this.db = open({
+        path: dbPath,
+        compression: true
+        // CLUSTER SAFETY NOTE:
+        // LMDB uses memory-mapped files with OS-level locking logic.
+        // Multiple workers can safely read/write to this DB simultaneously.
+        // Data committed by Worker A is immediately visible to Worker B.
+      })
+      this.ready = true
+    } catch (error) {
+      console.error('\x1b[31m[Storage Error]\x1b[0m Failed to initialize LMDB:', error.message)
+      console.error('\x1b[33m[Storage]\x1b[0m Path:', dbPath)
+      this.ready = false
+    }
+  }
+  // --- Basic KV Operations ---
+  get(key) {
+    if (!this.ready) return null
+    return this.db.get(key) ?? null
+  }
+  put(key, value) {
+    if (!this.ready) return false
+    return this.db.put(key, value)
+  }
+  remove(key) {
+    if (!this.ready) return false
+    return this.db.remove(key)
+  }
+  // --- Range Operations ---
+  getRange(options = {}) {
+    if (!this.ready) return []
+    return this.db.getRange(options)
+  }
+  getKeys(options = {}) {
+    if (!this.ready) return []
+    return this.db.getKeys(options)
+  }
+  // --- Session Garbage Collector ---
+  startSessionGC(intervalMs = 60 * 60 * 1000, expirationMs = 7 * 24 * 60 * 60 * 1000) {
+    if (!this.ready) {
+      console.warn('[Storage] GC not started: Storage not ready')
+      return null
+    }
+    const BATCH_THRESHOLD = 10000
+    const BATCH_SIZE = 1000
+    return setInterval(() => {
+      try {
+        // Count sessions to decide mode
+        let sessionCount = 0
+        // eslint-disable-next-line
+        for (const _ of this.db.getKeys({start: 'sess:', end: 'sess:~', limit: BATCH_THRESHOLD + 1})) {
+          sessionCount++
+          if (sessionCount > BATCH_THRESHOLD) break
+        }
+        if (sessionCount > BATCH_THRESHOLD) {
+          this._cleanSessionsBatch(expirationMs, BATCH_SIZE)
+        } else {
+          this._cleanSessionsSimple(expirationMs)
+        }
+      } catch (error) {
+        console.error('\x1b[31m[Storage GC Error]\x1b[0m', error.message)
+      }
+    }, intervalMs)
+  }
+  // Simple mode: Load all sessions at once (fast for small datasets)
+  _cleanSessionsSimple(expirationMs) {
+    const now = Date.now()
+    let count = 0
+    for (const {key, value} of this.db.getRange({start: 'sess:', end: 'sess:~', snapshot: false})) {
+      if (key.endsWith(':_created') && now - value > expirationMs) {
+        const prefix = key.replace(':_created', '')
+        for (const subKey of this.db.getKeys({start: prefix, end: prefix + '~'})) {
+          this.db.remove(subKey)
+        }
+        count++
+      }
+    }
+    if (count > 0) {
+      console.log(`\x1b[36m[Storage GC]\x1b[0m Cleaned ${count} expired sessions.`)
+    }
+  }
+  // Batch mode: Process sessions in chunks (memory-safe for large datasets)
+  _cleanSessionsBatch(expirationMs, batchSize) {
+    const now = Date.now()
+    let count = 0
+    let cursor = 'sess:'
+    let hasMore = true
+    console.log('\x1b[36m[Storage GC]\x1b[0m Running in batch mode...')
+    while (hasMore) {
+      hasMore = false
+      let lastKey = null
+      for (const {key, value} of this.db.getRange({start: cursor, end: 'sess:~', limit: batchSize, snapshot: false})) {
+        lastKey = key
+        hasMore = true
+        if (key.endsWith(':_created') && now - value > expirationMs) {
+          const prefix = key.replace(':_created', '')
+          for (const subKey of this.db.getKeys({start: prefix, end: prefix + '~'})) {
+            this.db.remove(subKey)
+          }
+          count++
+        }
+      }
+      if (lastKey) {
+        cursor = lastKey + '\0'
+      }
+    }
+    if (count > 0) {
+      console.log(`\x1b[36m[Storage GC]\x1b[0m Cleaned ${count} expired sessions (batch mode).`)
+    }
+  }
+  // --- Utility ---
+  close() {
+    if (this.db) {
+      this.db.close()
+      this.ready = false
+    }
+  }
+  isReady() {
+    return this.ready
+  }
+}
+module.exports = new OdacStorage()

package/src/Token.js CHANGED Viewed

@@ -1,6 +1,9 @@
 const nodeCrypto = require('crypto')
 class Token {
+  // CLUSTER SAFETY NOTE:
+  // This is a request-scoped local cache (debounce) for performance.
+  // Valid tokens represent state persisted in Session (LMDB), shared across all workers.
   confirmed = []
   constructor(Request) {
@@ -22,10 +25,9 @@ class Token {
   // - GENERATE TOKEN
   generate() {
-    let token = nodeCrypto
-      .createHash('md5')
-      .update(this.Request.id + Date.now().toString() + Math.random().toString())
-      .digest('hex')
+    // Enterprise Standard: Use CSPRNG (Cryptographically Secure Pseudo-Random Number Generator)
+    // Replaced weak MD5(Math.random) with randomBytes(32)
+    let token = nodeCrypto.randomBytes(32).toString('hex')
     let tokens = this.Request.session('_token') || []
     tokens.push(token)
     if (tokens.length > 50) tokens = tokens.slice(-50)

package/src/Validator.js CHANGED Viewed

@@ -1,3 +1,82 @@
+const https = require('https')
+const fs = require('fs')
+const os = require('os')
+const path = require('path')
+let disposableDomains = null
+const CACHE_FILE = path.join(os.tmpdir(), 'odac_disposable_domains.conf')
+const SOURCE_URL = 'https://hub.odac.run/blocklist/disposable-emails'
+async function loadDisposableDomains() {
+  if (disposableDomains instanceof Set) return
+  disposableDomains = new Set()
+  let content = ''
+  let shouldUpdate = true
+  try {
+    try {
+      const fd = fs.openSync(CACHE_FILE, 'r')
+      try {
+        const stats = fs.fstatSync(fd)
+        const ageInHours = (new Date() - stats.mtime) / (1000 * 60 * 60)
+        if (ageInHours < 24) {
+          content = fs.readFileSync(fd, 'utf8')
+          shouldUpdate = false
+        }
+      } finally {
+        fs.closeSync(fd)
+      }
+    } catch {
+      // Cache error check failed, proceed to validation update
+    }
+    if (shouldUpdate) {
+      try {
+        content = await new Promise((resolve, reject) => {
+          const req = https.get(SOURCE_URL, res => {
+            if (res.statusCode !== 200) {
+              res.resume()
+              reject(new Error(`Failed to fetch: ${res.statusCode}`))
+              return
+            }
+            let data = ''
+            res.on('data', chunk => (data += chunk))
+            res.on('end', () => resolve(data))
+          })
+          req.on('error', reject)
+          req.end()
+        })
+        const tempFile = `${CACHE_FILE}_${Date.now()}_${Math.random().toString(36).slice(2)}`
+        const fd = fs.openSync(tempFile, 'wx')
+        try {
+          // Sanitize content before writing to file to avoid injection attacks
+          const sanitizedContent = content.replace(/[^a-zA-Z0-9.\-\n\r]/g, '')
+          fs.writeSync(fd, sanitizedContent)
+        } finally {
+          fs.closeSync(fd)
+        }
+        fs.renameSync(tempFile, CACHE_FILE)
+      } catch {
+        if (fs.existsSync(CACHE_FILE)) {
+          content = fs.readFileSync(CACHE_FILE, 'utf8')
+        }
+      }
+    }
+    if (content) {
+      content.split('\n').forEach(line => {
+        const domain = line.trim().toLowerCase()
+        if (domain && !domain.startsWith('#')) {
+          disposableDomains.add(domain)
+        }
+      })
+    }
+  } catch (error) {
+    console.error('Validator Warning: Could not load disposable domains.', error.message)
+  }
+}
 class Validator {
   #checklist = {}
   #completed = false
@@ -88,9 +167,12 @@ class Validator {
           } else {
             for (const rule of rules.includes('|') ? rules.split('|') : [rules]) {
               let vars = rule.split(':')
-              let inverse = vars[0].startsWith('!')
+              let ruleName = vars[0].trim()
+              let inverse = ruleName.startsWith('!')
+              if (inverse) ruleName = ruleName.substr(1)
               if (!error) {
-                switch (inverse ? vars[0].substr(1) : vars[0]) {
+                switch (ruleName) {
                   case 'required':
                     error = value === undefined || value === '' || value === null
                     break
@@ -196,7 +278,7 @@ class Validator {
                       error = true
                     } else {
                       const userData = Odac.Auth.user(vars[1])
-                      if (Odac.Var(userData).is('bcrypt')) {
+                      if (Odac.Var(userData).is('hash')) {
                         error = !Odac.Var(userData).hashCheck(value)
                       } else {
                         error = value !== userData
@@ -204,6 +286,9 @@ class Validator {
                     }
                     break
                   }
+                  case 'disposable':
+                    error = value && value !== '' && !(await Validator.isDisposable(value))
+                    break
                 }
                 if (inverse) error = !error
               }
@@ -220,6 +305,13 @@ class Validator {
     this.#completed = true
   }
+  static async isDisposable(email) {
+    if (!email || typeof email !== 'string') return false
+    await loadDisposableDomains()
+    const domain = email.split('@').pop().toLowerCase()
+    return disposableDomains && disposableDomains.has(domain)
+  }
   var(name, value = null) {
     if (this.#completed) this.#completed = false
     this.#method = 'VAR'

package/src/Var.js CHANGED Viewed

@@ -1,6 +1,5 @@
 const fs = require('fs')
 const nodeCrypto = require('crypto')
-const bcrypt = require('bcrypt')
 class Var {
   #value = null
@@ -79,17 +78,34 @@ class Var {
     return encrypted.toString('base64')
   }
-  hash(salt = 10) {
-    return bcrypt.hashSync(this.#value, bcrypt.genSaltSync(salt))
+  hash() {
+    const salt = nodeCrypto.randomBytes(16).toString('hex')
+    const derivedKey = nodeCrypto.scryptSync(this.#value, salt, 64)
+    return `$scrypt$${salt}$${derivedKey.toString('hex')}`
   }
   hashCheck(check) {
-    return bcrypt.compareSync(check, this.#value)
+    if (!this.#value.startsWith('$scrypt$')) return false
+    const parts = this.#value.split('$')
+    if (parts.length < 4) return false
+    const salt = parts[2]
+    const originalHash = Buffer.from(parts[3], 'hex')
+    const derivedKey = nodeCrypto.scryptSync(check, salt, 64)
+    return nodeCrypto.timingSafeEqual(originalHash, derivedKey)
   }
   html() {
     if (this.#value === null || this.#value === undefined) return ''
-    return String(this.#value).replace(/</g, '&lt;').replace(/>/g, '&gt;')
+    const map = {
+      '&': '&amp;',
+      '<': '&lt;',
+      '>': '&gt;',
+      '"': '&quot;',
+      "'": '&#39;'
+    }
+    return String(this.#value).replace(/[&<>"']/g, m => map[m])
   }
   is(...args) {
@@ -102,7 +118,7 @@ class Var {
     if (args.includes('alphaspace')) result = (result || any) && ((any && result) || /^[A-Za-z\s]+$/.test(this.#value))
     if (args.includes('alphanumeric')) result = (result || any) && ((any && result) || /^[A-Za-z0-9]+$/.test(this.#value))
     if (args.includes('alphanumericspace')) result = (result || any) && ((any && result) || /^[A-Za-z0-9\s]+$/.test(this.#value))
-    if (args.includes('bcrypt')) result = (result || any) && ((any && result) || /^\$2[ayb]\$.{56}$/.test(this.#value))
+    if (args.includes('hash')) result = (result || any) && ((any && result) || /^\$scrypt\$[a-f0-9]+\$[a-f0-9]+$/.test(this.#value))
     if (args.includes('date')) result = (result || any) && ((any && result) || !isNaN(Date.parse(this.#value)))
     if (args.includes('domain')) result = (result || any) && ((any && result) || /^([a-z0-9-]+\.){1,2}[a-z]{2,6}$/i.test(this.#value))
     if (args.includes('email'))

package/src/View/EarlyHints.js CHANGED Viewed

@@ -1,4 +1,4 @@
-const fs = require('fs')
+const fs = require('fs').promises
 const path = require('path')
 class EarlyHints {
@@ -15,61 +15,71 @@ class EarlyHints {
     }
   }
-  init() {
+  async init() {
     if (this.#initialized) return
     this.#initialized = true
     if (!this.#config.enabled) return
-    this.#buildManifest()
+    await this.#buildManifest()
   }
-  #buildManifest() {
+  async #buildManifest() {
     const viewDir = path.join(process.cwd(), 'view')
     const skeletonDir = path.join(process.cwd(), 'skeleton')
     try {
-      if (fs.existsSync(viewDir)) {
-        const files = this.#getAllViewFiles(viewDir)
-        for (const file of files) {
-          const html = fs.readFileSync(file, 'utf8')
-          const resources = this.#extractResources(html)
-          const relativePath = path.relative(viewDir, file)
-          const viewName = 'view/' + relativePath.replace(/\.html$/, '').replace(/\\/g, '/')
-          if (resources.length > 0) {
-            this.#manifest[viewName] = resources
-          }
-        }
+      try {
+        await fs.access(viewDir)
+        const files = await this.#getAllViewFiles(viewDir)
+        await Promise.all(
+          files.map(async file => {
+            const html = await fs.readFile(file, 'utf8')
+            const resources = this.#extractResources(html)
+            const relativePath = path.relative(viewDir, file)
+            const viewName = 'view/' + relativePath.replace(/\.html$/, '').replace(/\\/g, '/')
+            if (resources.length > 0) {
+              this.#manifest[viewName] = resources
+            }
+          })
+        )
+      } catch {
+        // viewDir might not exist
       }
-      if (fs.existsSync(skeletonDir)) {
-        const files = this.#getAllViewFiles(skeletonDir)
-        for (const file of files) {
-          const html = fs.readFileSync(file, 'utf8')
-          const resources = this.#extractResources(html)
-          const relativePath = path.relative(skeletonDir, file)
-          const viewName = 'skeleton/' + relativePath.replace(/\.html$/, '').replace(/\\/g, '/')
-          if (resources.length > 0) {
-            this.#manifest[viewName] = resources
-          }
-        }
+      try {
+        await fs.access(skeletonDir)
+        const files = await this.#getAllViewFiles(skeletonDir)
+        await Promise.all(
+          files.map(async file => {
+            const html = await fs.readFile(file, 'utf8')
+            const resources = this.#extractResources(html)
+            const relativePath = path.relative(skeletonDir, file)
+            const viewName = 'skeleton/' + relativePath.replace(/\.html$/, '').replace(/\\/g, '/')
+            if (resources.length > 0) {
+              this.#manifest[viewName] = resources
+            }
+          })
+        )
+      } catch {
+        // skeletonDir might not exist
       }
     } catch {
       // Silently fail, manifest building is optional
     }
   }
-  #getAllViewFiles(dir, files = []) {
-    const entries = fs.readdirSync(dir, {withFileTypes: true})
+  async #getAllViewFiles(dir, files = []) {
+    const entries = await fs.readdir(dir, {withFileTypes: true})
     for (const entry of entries) {
       const fullPath = path.join(dir, entry.name)
       if (entry.isDirectory()) {
-        this.#getAllViewFiles(fullPath, files)
+        await this.#getAllViewFiles(fullPath, files)
       } else if (entry.isFile() && entry.name.endsWith('.html')) {
         files.push(fullPath)
       }