npm - slicejs-web-framework - Versions diffs - 3.2.3 → 3.3.1 - Mend

slicejs-web-framework 3.2.3 → 3.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (124) hide show

package/.opencode/opencode.json +13 -13
package/LICENSE +21 -21
package/README.md +97 -174
package/Slice/Components/Structural/ContextManager/ContextManager.js +369 -369
package/Slice/Components/Structural/ContextManager/ContextManagerDebugger.js +420 -297
package/Slice/Components/Structural/Controller/Controller.js +1129 -1131
package/Slice/Components/Structural/Debugger/Debugger.html +72 -72
package/Slice/Components/Structural/Debugger/Debugger.js +1497 -1547
package/Slice/Components/Structural/EventManager/EventManager.js +338 -338
package/Slice/Components/Structural/EventManager/EventManagerDebugger.js +476 -361
package/Slice/Components/Structural/Logger/Log.js +10 -10
package/Slice/Components/Structural/Logger/Logger.js +145 -146
package/Slice/Components/Structural/Router/Router.js +752 -721
package/Slice/Components/Structural/StylesManager/StylesManager.js +78 -78
package/Slice/Components/Structural/StylesManager/ThemeManager/ThemeManager.js +84 -84
package/Slice/Slice.js +530 -542
package/Slice/tests/build-bundled-component-without-category.test.js +103 -103
package/Slice/tests/build-js-only-visual-components.test.js +144 -144
package/Slice/tests/bundle-v2-runtime-contract.test.js +728 -728
package/Slice/tests/public-env-runtime-accessors.test.js +44 -44
package/Slice/tests/router-loading-finally.test.js +68 -68
package/api/index.js +286 -286
package/api/middleware/securityMiddleware.js +252 -252
package/api/tests/public-env-resolver.test.js +193 -193
package/api/utils/publicEnvResolver.js +117 -117
package/package.json +40 -38
package/sliceConfig.schema.json +109 -109
package/src/App/index.html +16 -22
package/src/App/index.js +20 -23
package/src/App/style.css +11 -40
package/src/Components/AppComponents/AboutSection/AboutSection.css +9 -0
package/src/Components/AppComponents/AboutSection/AboutSection.html +8 -0
package/src/Components/AppComponents/AboutSection/AboutSection.js +12 -0
package/src/Components/AppComponents/AppShell/AppShell.css +10 -0
package/src/Components/AppComponents/AppShell/AppShell.html +4 -0
package/src/Components/AppComponents/AppShell/AppShell.js +36 -0
package/src/Components/AppComponents/HomeSection/HomeSection.css +20 -0
package/src/Components/AppComponents/HomeSection/HomeSection.html +10 -0
package/src/Components/AppComponents/HomeSection/HomeSection.js +19 -0
package/src/Components/components.js +8 -27
package/src/Styles/sliceStyles.css +34 -34
package/src/Themes/Dark.css +42 -42
package/src/Themes/Light.css +31 -31
package/src/Themes/Slice.css +47 -47
package/src/routes.js +9 -15
package/src/sliceConfig.json +74 -73
package/types/index.d.ts +207 -207
package/Slice/Components/Structural/Debugger/Debugger.css +0 -620
package/src/Components/AppComponents/HomePage/HomePage.css +0 -201
package/src/Components/AppComponents/HomePage/HomePage.html +0 -37
package/src/Components/AppComponents/HomePage/HomePage.js +0 -210
package/src/Components/AppComponents/Playground/Playground.css +0 -12
package/src/Components/AppComponents/Playground/Playground.html +0 -0
package/src/Components/AppComponents/Playground/Playground.js +0 -111
package/src/Components/Service/FetchManager/FetchManager.js +0 -133
package/src/Components/Service/IndexedDbManager/IndexedDbManager.js +0 -141
package/src/Components/Service/LocalStorageManager/LocalStorageManager.js +0 -45
package/src/Components/Visual/Button/Button.css +0 -47
package/src/Components/Visual/Button/Button.html +0 -5
package/src/Components/Visual/Button/Button.js +0 -93
package/src/Components/Visual/Card/Card.css +0 -68
package/src/Components/Visual/Card/Card.html +0 -7
package/src/Components/Visual/Card/Card.js +0 -107
package/src/Components/Visual/Checkbox/Checkbox.css +0 -87
package/src/Components/Visual/Checkbox/Checkbox.html +0 -8
package/src/Components/Visual/Checkbox/Checkbox.js +0 -86
package/src/Components/Visual/CodeVisualizer/CodeVisualizer.css +0 -130
package/src/Components/Visual/CodeVisualizer/CodeVisualizer.html +0 -4
package/src/Components/Visual/CodeVisualizer/CodeVisualizer.js +0 -262
package/src/Components/Visual/Details/Details.css +0 -70
package/src/Components/Visual/Details/Details.html +0 -9
package/src/Components/Visual/Details/Details.js +0 -76
package/src/Components/Visual/DropDown/DropDown.css +0 -60
package/src/Components/Visual/DropDown/DropDown.html +0 -5
package/src/Components/Visual/DropDown/DropDown.js +0 -63
package/src/Components/Visual/Grid/Grid.css +0 -7
package/src/Components/Visual/Grid/Grid.html +0 -1
package/src/Components/Visual/Grid/Grid.js +0 -57
package/src/Components/Visual/Icon/Icon.css +0 -510
package/src/Components/Visual/Icon/Icon.html +0 -1
package/src/Components/Visual/Icon/Icon.js +0 -89
package/src/Components/Visual/Icon/slc.eot +0 -0
package/src/Components/Visual/Icon/slc.json +0 -555
package/src/Components/Visual/Icon/slc.styl +0 -507
package/src/Components/Visual/Icon/slc.svg +0 -1485
package/src/Components/Visual/Icon/slc.symbol.svg +0 -1059
package/src/Components/Visual/Icon/slc.ttf +0 -0
package/src/Components/Visual/Icon/slc.woff +0 -0
package/src/Components/Visual/Icon/slc.woff2 +0 -0
package/src/Components/Visual/Input/Input.css +0 -91
package/src/Components/Visual/Input/Input.html +0 -4
package/src/Components/Visual/Input/Input.js +0 -215
package/src/Components/Visual/Layout/Layout.css +0 -0
package/src/Components/Visual/Layout/Layout.html +0 -0
package/src/Components/Visual/Layout/Layout.js +0 -49
package/src/Components/Visual/Link/Link.css +0 -8
package/src/Components/Visual/Link/Link.html +0 -1
package/src/Components/Visual/Link/Link.js +0 -63
package/src/Components/Visual/Loading/Loading.css +0 -56
package/src/Components/Visual/Loading/Loading.html +0 -83
package/src/Components/Visual/Loading/Loading.js +0 -38
package/src/Components/Visual/MultiRoute/MultiRoute.js +0 -93
package/src/Components/Visual/Navbar/Navbar.css +0 -115
package/src/Components/Visual/Navbar/Navbar.html +0 -44
package/src/Components/Visual/Navbar/Navbar.js +0 -141
package/src/Components/Visual/NotFound/NotFound.css +0 -117
package/src/Components/Visual/NotFound/NotFound.html +0 -24
package/src/Components/Visual/NotFound/NotFound.js +0 -16
package/src/Components/Visual/Route/Route.js +0 -93
package/src/Components/Visual/Select/Select.css +0 -84
package/src/Components/Visual/Select/Select.html +0 -8
package/src/Components/Visual/Select/Select.js +0 -195
package/src/Components/Visual/Switch/Switch.css +0 -76
package/src/Components/Visual/Switch/Switch.html +0 -8
package/src/Components/Visual/Switch/Switch.js +0 -102
package/src/Components/Visual/TreeItem/TreeItem.css +0 -36
package/src/Components/Visual/TreeItem/TreeItem.html +0 -1
package/src/Components/Visual/TreeItem/TreeItem.js +0 -126
package/src/Components/Visual/TreeView/TreeView.css +0 -8
package/src/Components/Visual/TreeView/TreeView.html +0 -1
package/src/Components/Visual/TreeView/TreeView.js +0 -48
package/src/images/Slice.js-logo.png +0 -0
package/src/images/im2/Slice.js-logo.png +0 -0
package/src/testing.js +0 -888

package/api/middleware/securityMiddleware.js CHANGED Viewed

@@ -1,253 +1,253 @@
-// api/middleware/securityMiddleware.js
-import path from 'path';
-/**
- * Middleware de seguridad para prevenir acceso directo malicioso
- * pero permitir que la aplicación cargue sus dependencias normalmente
- */
-export function securityMiddleware(options = {}) {
-  const {
-    allowedExtensions = ['.js', '.css', '.html', '.json', '.svg', '.png', '.jpg', '.jpeg', '.gif', '.woff', '.woff2', '.ttf'],
-    blockedPaths = [
-      '/node_modules',
-      '/package.json',
-      '/package-lock.json',
-      '/.env',
-      '/.git'
-    ],
-    allowPublicAssets = true
-  } = options;
-  return (req, res, next) => {
-    const requestPath = req.path;
-    // 1. Bloquear acceso a rutas definitivamente sensibles (configuración, dependencias)
-    const isBlockedPath = blockedPaths.some(blocked =>
-      requestPath.startsWith(blocked) || requestPath.includes(blocked)
-    );
-    if (isBlockedPath) {
-      console.warn(`🚫 Blocked access to sensitive path: ${requestPath}`);
-      return res.status(403).json({
-        error: 'Forbidden',
-        message: 'Access to this resource is not allowed',
-        path: requestPath
-      });
-    }
-    // 2. Permitir acceso a assets públicos
-    if (allowPublicAssets) {
-      const publicPaths = ['/assets', '/public', '/images', '/styles'];
-      const isPublicAsset = publicPaths.some(publicPath =>
-        requestPath.startsWith(publicPath)
-      );
-      if (isPublicAsset) {
-        return next();
-      }
-    }
-    // 3. Validar extensiones de archivo
-    const fileExtension = path.extname(requestPath).toLowerCase();
-    if (fileExtension && !allowedExtensions.includes(fileExtension)) {
-      console.warn(`🚫 Blocked file type: ${requestPath}`);
-      return res.status(403).json({
-        error: 'Forbidden',
-        message: 'File type not allowed',
-        extension: fileExtension
-      });
-    }
-    // 4. Prevenir path traversal attacks
-    const normalizedPath = path.normalize(requestPath);
-    if (normalizedPath.includes('..') || normalizedPath.includes('~')) {
-      console.warn(`🚫 Path traversal attempt: ${requestPath}`);
-      return res.status(403).json({
-        error: 'Forbidden',
-        message: 'Invalid path',
-        path: requestPath
-      });
-    }
-    // Todo está bien, continuar
-    next();
-  };
-}
-/**
- * Middleware específico para proteger archivos del framework Slice.js
- * PERMITE acceso cuando viene desde la propia aplicación (Referer válido)
- * BLOQUEA acceso directo desde navegador o herramientas externas
- */
-export function sliceFrameworkProtection(options = {}) {
-  const {
-    port = 3000,
-    strictMode = false,
-    allowedDomains = [] // Dominios personalizados permitidos
-  } = options;
-  return (req, res, next) => {
-    const requestPath = req.path;
-    // Rutas del framework que requieren verificación
-    const frameworkPaths = [
-      '/Slice/Components/Structural',
-      '/Slice/Core',
-      '/Slice/Services'
-    ];
-    const isFrameworkFile = frameworkPaths.some(fwPath =>
-      requestPath.startsWith(fwPath)
-    );
-    if (!isFrameworkFile) {
-      return next();
-    }
-    // Verificar el origen de la petición
-    const referer = req.get('Referer') || req.get('Referrer');
-    const origin = req.get('Origin');
-    const host = req.get('Host');
-    // Construir lista de orígenes válidos dinámicamente
-    const validOrigins = [
-      `http://localhost:${port}`,
-      `http://127.0.0.1:${port}`,
-      `http://0.0.0.0:${port}`,
-      `https://localhost:${port}`,
-      ...allowedDomains // Dominios personalizados del usuario
-    ];
-    // Si hay un Host header, agregarlo automáticamente
-    if (host) {
-      validOrigins.push(`http://${host}`);
-      validOrigins.push(`https://${host}`);
-    }
-    // Verificar si la petición viene de un origen válido
-    const hasValidReferer = referer && validOrigins.some(valid => referer.startsWith(valid));
-    const hasValidOrigin = origin && validOrigins.some(valid => origin === valid);
-    const isSameHost = host && referer && referer.includes(host);
-    // Permitir si viene desde la aplicación
-    if (hasValidReferer || hasValidOrigin || isSameHost) {
-      return next();
-    }
-    // En modo estricto, bloquear todo acceso sin referer válido
-    if (strictMode) {
-      console.warn(`🚫 Blocked direct framework file access: ${requestPath}`);
-      return res.status(403).json({
-        error: 'Framework Protection',
-        message: 'Direct access to Slice.js framework files is blocked',
-        tip: 'Framework files must be loaded through the application',
-        path: requestPath
-      });
-    }
-    // En modo normal (desarrollo), permitir pero advertir
-    console.warn(`⚠️  Framework file accessed without valid referer: ${requestPath}`);
-    next();
-  };
-}
-/**
- * Middleware para logging de peticiones sospechosas
- */
-export function suspiciousRequestLogger() {
-  const suspiciousPatterns = [
-    /\.\.\//, // Path traversal
-    /~/, // Home directory access
-    /\.env/, // Environment files
-    /\.git/, // Git files
-    /package\.json/, // Package files
-    /package-lock\.json/,
-    /node_modules/, // Dependencies
-  ];
-  return (req, res, next) => {
-    const requestPath = req.path;
-    const isSuspicious = suspiciousPatterns.some(pattern =>
-      pattern.test(requestPath)
-    );
-    if (isSuspicious) {
-      const clientIp = req.ip || req.connection.remoteAddress;
-      console.warn(`⚠️  Suspicious request: ${requestPath} from ${clientIp}`);
-    }
-    next();
-  };
-}
-/**
- * Middleware para bloquear acceso directo vía navegador (typing en la URL)
- * pero permitir peticiones desde scripts (fetch, import, etc.)
- */
-export function directAccessProtection(options = {}) {
-  const { protectedPaths = [] } = options;
-  return (req, res, next) => {
-    const requestPath = req.path;
-    const isProtectedPath = protectedPaths.some(protectedPath =>
-      requestPath.startsWith(protectedPath)
-    );
-    if (!isProtectedPath) {
-      return next();
-    }
-    // Detectar acceso directo:
-    // - No tiene Referer (usuario escribió la URL directamente)
-    // - Accept header indica navegación HTML
-    const referer = req.get('Referer');
-    const accept = req.get('Accept') || '';
-    const isDirectBrowserAccess = !referer && accept.includes('text/html');
-    if (isDirectBrowserAccess) {
-      console.warn(`🚫 Blocked direct browser access: ${requestPath}`);
-      return res.status(403).send(`
-        <!DOCTYPE html>
-        <html>
-        <head>
-          <title>Access Denied</title>
-          <style>
-            body {
-              font-family: system-ui;
-              max-width: 600px;
-              margin: 100px auto;
-              padding: 20px;
-            }
-            h1 { color: #d32f2f; }
-            code {
-              background: #f5f5f5;
-              padding: 2px 6px;
-              border-radius: 3px;
-            }
-          </style>
-        </head>
-        <body>
-          <h1>🚫 Direct Access Denied</h1>
-          <p>This file cannot be accessed directly.</p>
-          <p>Path: <code>${requestPath}</code></p>
-          <p>Framework files are automatically loaded by the application.</p>
-          <p><a href="/">← Return to application</a></p>
-        </body>
-        </html>
-      `);
-    }
-    next();
-  };
-}
-export default {
-  securityMiddleware,
-  sliceFrameworkProtection,
-  suspiciousRequestLogger,
-  directAccessProtection
+// api/middleware/securityMiddleware.js
+import path from 'path';
+/**
+ * Middleware de seguridad para prevenir acceso directo malicioso
+ * pero permitir que la aplicación cargue sus dependencias normalmente
+ */
+export function securityMiddleware(options = {}) {
+  const {
+    allowedExtensions = ['.js', '.css', '.html', '.json', '.svg', '.png', '.jpg', '.jpeg', '.gif', '.woff', '.woff2', '.ttf'],
+    blockedPaths = [
+      '/node_modules',
+      '/package.json',
+      '/package-lock.json',
+      '/.env',
+      '/.git'
+    ],
+    allowPublicAssets = true
+  } = options;
+  return (req, res, next) => {
+    const requestPath = req.path;
+    // 1. Bloquear acceso a rutas definitivamente sensibles (configuración, dependencias)
+    const isBlockedPath = blockedPaths.some(blocked =>
+      requestPath.startsWith(blocked) || requestPath.includes(blocked)
+    );
+    if (isBlockedPath) {
+      console.warn(`🚫 Blocked access to sensitive path: ${requestPath}`);
+      return res.status(403).json({
+        error: 'Forbidden',
+        message: 'Access to this resource is not allowed',
+        path: requestPath
+      });
+    }
+    // 2. Permitir acceso a assets públicos
+    if (allowPublicAssets) {
+      const publicPaths = ['/assets', '/public', '/images', '/styles'];
+      const isPublicAsset = publicPaths.some(publicPath =>
+        requestPath.startsWith(publicPath)
+      );
+      if (isPublicAsset) {
+        return next();
+      }
+    }
+    // 3. Validar extensiones de archivo
+    const fileExtension = path.extname(requestPath).toLowerCase();
+    if (fileExtension && !allowedExtensions.includes(fileExtension)) {
+      console.warn(`🚫 Blocked file type: ${requestPath}`);
+      return res.status(403).json({
+        error: 'Forbidden',
+        message: 'File type not allowed',
+        extension: fileExtension
+      });
+    }
+    // 4. Prevenir path traversal attacks
+    const normalizedPath = path.normalize(requestPath);
+    if (normalizedPath.includes('..') || normalizedPath.includes('~')) {
+      console.warn(`🚫 Path traversal attempt: ${requestPath}`);
+      return res.status(403).json({
+        error: 'Forbidden',
+        message: 'Invalid path',
+        path: requestPath
+      });
+    }
+    // Todo está bien, continuar
+    next();
+  };
+}
+/**
+ * Middleware específico para proteger archivos del framework Slice.js
+ * PERMITE acceso cuando viene desde la propia aplicación (Referer válido)
+ * BLOQUEA acceso directo desde navegador o herramientas externas
+ */
+export function sliceFrameworkProtection(options = {}) {
+  const {
+    port = 3000,
+    strictMode = false,
+    allowedDomains = [] // Dominios personalizados permitidos
+  } = options;
+  return (req, res, next) => {
+    const requestPath = req.path;
+    // Rutas del framework que requieren verificación
+    const frameworkPaths = [
+      '/Slice/Components/Structural',
+      '/Slice/Core',
+      '/Slice/Services'
+    ];
+    const isFrameworkFile = frameworkPaths.some(fwPath =>
+      requestPath.startsWith(fwPath)
+    );
+    if (!isFrameworkFile) {
+      return next();
+    }
+    // Verificar el origen de la petición
+    const referer = req.get('Referer') || req.get('Referrer');
+    const origin = req.get('Origin');
+    const host = req.get('Host');
+    // Construir lista de orígenes válidos dinámicamente
+    const validOrigins = [
+      `http://localhost:${port}`,
+      `http://127.0.0.1:${port}`,
+      `http://0.0.0.0:${port}`,
+      `https://localhost:${port}`,
+      ...allowedDomains // Dominios personalizados del usuario
+    ];
+    // Si hay un Host header, agregarlo automáticamente
+    if (host) {
+      validOrigins.push(`http://${host}`);
+      validOrigins.push(`https://${host}`);
+    }
+    // Verificar si la petición viene de un origen válido
+    const hasValidReferer = referer && validOrigins.some(valid => referer.startsWith(valid));
+    const hasValidOrigin = origin && validOrigins.some(valid => origin === valid);
+    const isSameHost = host && referer && referer.includes(host);
+    // Permitir si viene desde la aplicación
+    if (hasValidReferer || hasValidOrigin || isSameHost) {
+      return next();
+    }
+    // En modo estricto, bloquear todo acceso sin referer válido
+    if (strictMode) {
+      console.warn(`🚫 Blocked direct framework file access: ${requestPath}`);
+      return res.status(403).json({
+        error: 'Framework Protection',
+        message: 'Direct access to Slice.js framework files is blocked',
+        tip: 'Framework files must be loaded through the application',
+        path: requestPath
+      });
+    }
+    // En modo normal (desarrollo), permitir pero advertir
+    console.warn(`⚠️  Framework file accessed without valid referer: ${requestPath}`);
+    next();
+  };
+}
+/**
+ * Middleware para logging de peticiones sospechosas
+ */
+export function suspiciousRequestLogger() {
+  const suspiciousPatterns = [
+    /\.\.\//, // Path traversal
+    /~/, // Home directory access
+    /\.env/, // Environment files
+    /\.git/, // Git files
+    /package\.json/, // Package files
+    /package-lock\.json/,
+    /node_modules/, // Dependencies
+  ];
+  return (req, res, next) => {
+    const requestPath = req.path;
+    const isSuspicious = suspiciousPatterns.some(pattern =>
+      pattern.test(requestPath)
+    );
+    if (isSuspicious) {
+      const clientIp = req.ip || req.connection.remoteAddress;
+      console.warn(`⚠️  Suspicious request: ${requestPath} from ${clientIp}`);
+    }
+    next();
+  };
+}
+/**
+ * Middleware para bloquear acceso directo vía navegador (typing en la URL)
+ * pero permitir peticiones desde scripts (fetch, import, etc.)
+ */
+export function directAccessProtection(options = {}) {
+  const { protectedPaths = [] } = options;
+  return (req, res, next) => {
+    const requestPath = req.path;
+    const isProtectedPath = protectedPaths.some(protectedPath =>
+      requestPath.startsWith(protectedPath)
+    );
+    if (!isProtectedPath) {
+      return next();
+    }
+    // Detectar acceso directo:
+    // - No tiene Referer (usuario escribió la URL directamente)
+    // - Accept header indica navegación HTML
+    const referer = req.get('Referer');
+    const accept = req.get('Accept') || '';
+    const isDirectBrowserAccess = !referer && accept.includes('text/html');
+    if (isDirectBrowserAccess) {
+      console.warn(`🚫 Blocked direct browser access: ${requestPath}`);
+      return res.status(403).send(`
+        <!DOCTYPE html>
+        <html>
+        <head>
+          <title>Access Denied</title>
+          <style>
+            body {
+              font-family: system-ui;
+              max-width: 600px;
+              margin: 100px auto;
+              padding: 20px;
+            }
+            h1 { color: #d32f2f; }
+            code {
+              background: #f5f5f5;
+              padding: 2px 6px;
+              border-radius: 3px;
+            }
+          </style>
+        </head>
+        <body>
+          <h1>🚫 Direct Access Denied</h1>
+          <p>This file cannot be accessed directly.</p>
+          <p>Path: <code>${requestPath}</code></p>
+          <p>Framework files are automatically loaded by the application.</p>
+          <p><a href="/">← Return to application</a></p>
+        </body>
+        </html>
+      `);
+    }
+    next();
+  };
+}
+export default {
+  securityMiddleware,
+  sliceFrameworkProtection,
+  suspiciousRequestLogger,
+  directAccessProtection
 };