what-server 0.6.0 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/actions.js +2 -1
- package/dist/actions.js.map +2 -2
- package/dist/actions.min.js +1 -1
- package/dist/actions.min.js.map +3 -3
- package/dist/index.js +2 -1
- package/dist/index.js.map +2 -2
- package/dist/index.min.js +2 -2
- package/dist/index.min.js.map +3 -3
- package/package.json +2 -2
- package/src/actions.js +6 -2
package/dist/actions.js
CHANGED
|
@@ -38,8 +38,9 @@ function csrfMetaTag(token) {
|
|
|
38
38
|
const escaped = String(token).replace(/&/g, "&").replace(/"/g, """).replace(/</g, "<").replace(/>/g, ">");
|
|
39
39
|
return `<meta name="what-csrf-token" content="${escaped}">`;
|
|
40
40
|
}
|
|
41
|
+
var _actionCounter = 0;
|
|
41
42
|
function generateActionId() {
|
|
42
|
-
const rand = typeof crypto !== "undefined" && crypto.getRandomValues ? Array.from(crypto.getRandomValues(new Uint8Array(6)), (b) => b.toString(16).padStart(2, "0")).join("") :
|
|
43
|
+
const rand = typeof crypto !== "undefined" && crypto.getRandomValues ? Array.from(crypto.getRandomValues(new Uint8Array(6)), (b) => b.toString(16).padStart(2, "0")).join("") : `c${(++_actionCounter).toString(36)}_${Date.now().toString(36)}`;
|
|
43
44
|
return `a_${rand}`;
|
|
44
45
|
}
|
|
45
46
|
function action(fn, options = {}) {
|
package/dist/actions.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../src/actions.js"],
|
|
4
|
-
"sourcesContent": ["// What Framework - Server Actions\n// Call server-side functions from client code seamlessly.\n// Similar to Next.js Server Actions / SolidStart server functions.\n//\n// Usage:\n// // Define on server\n// const saveUser = action(async (formData) => {\n// 'use server';\n// const user = await db.users.create(formData);\n// return { success: true, id: user.id };\n// });\n//\n// // Call from client\n// const result = await saveUser({ name: 'John' });\n\nimport { signal, batch } from 'what-core';\n\n// Registry of server actions\nconst actionRegistry = new Map();\n\n// --- CSRF Protection ---\n// Server generates a token per session; client sends it with every action request.\n// The token is injected into the page via a meta tag or embedded in the server response.\n\n// Client: read the CSRF token from the page meta tag or cookie\n// Re-reads on every call to handle token rotation\nfunction getCsrfToken() {\n if (typeof document !== 'undefined') {\n // Try meta tag first\n const meta = document.querySelector('meta[name=\"what-csrf-token\"]');\n if (meta) {\n return meta.getAttribute('content');\n }\n // Try cookie\n const match = document.cookie.match(/(?:^|;\\s*)what-csrf=([^;]+)/);\n if (match) {\n return decodeURIComponent(match[1]);\n }\n }\n return null;\n}\n\n// Server: generate a CSRF token (call this per session/request)\nexport function generateCsrfToken() {\n if (typeof crypto !== 'undefined' && crypto.randomUUID) {\n return crypto.randomUUID();\n }\n // Fallback for environments without crypto.randomUUID \u2014 use crypto.getRandomValues\n if (typeof crypto !== 'undefined' && crypto.getRandomValues) {\n const arr = new Uint8Array(16);\n crypto.getRandomValues(arr);\n return Array.from(arr, b => b.toString(16).padStart(2, '0')).join('');\n }\n // Last resort \u2014 should not be reached in modern environments\n throw new Error('[what] No secure random source available for CSRF token generation');\n}\n\n// Server: validate CSRF token from request header against session token\nexport function validateCsrfToken(requestToken, sessionToken) {\n if (!requestToken || !sessionToken) return false;\n // Constant-time comparison to prevent timing attacks\n if (requestToken.length !== sessionToken.length) return false;\n let result = 0;\n for (let i = 0; i < requestToken.length; i++) {\n result |= requestToken.charCodeAt(i) ^ sessionToken.charCodeAt(i);\n }\n return result === 0;\n}\n\n// Server: middleware helper to inject CSRF meta tag into HTML\nexport function csrfMetaTag(token) {\n // HTML-escape the token to prevent XSS if a non-standard value is used\n const escaped = String(token).replace(/&/g, '&').replace(/\"/g, '"').replace(/</g, '<').replace(/>/g, '>');\n return `<meta name=\"what-csrf-token\" content=\"${escaped}\">`;\n}\n\n// --- Define a server action ---\n\nfunction generateActionId() {\n // Generate a random ID that's not easily enumerable\n const rand = typeof crypto !== 'undefined' && crypto.getRandomValues\n ? Array.from(crypto.getRandomValues(new Uint8Array(6)), b => b.toString(16).padStart(2, '0')).join('')\n : Math.random().toString(36).slice(2, 10) + Date.now().toString(36);\n return `a_${rand}`;\n}\n\nexport function action(fn, options = {}) {\n const id = options.id || generateActionId();\n const { onError, onSuccess, revalidate } = options;\n\n // Server-side: register the action\n if (typeof window === 'undefined') {\n actionRegistry.set(id, { fn, options });\n }\n\n // Create the callable wrapper\n async function callAction(...args) {\n // Server-side: call directly\n if (typeof window === 'undefined') {\n return fn(...args);\n }\n\n // Client-side: call via fetch with timeout support\n const timeout = options.timeout || 30000; // Default 30s timeout\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), timeout);\n\n try {\n const csrfToken = getCsrfToken();\n const headers = {\n 'Content-Type': 'application/json',\n 'X-What-Action': id,\n };\n if (csrfToken) headers['X-CSRF-Token'] = csrfToken;\n\n const response = await fetch('/__what_action', {\n method: 'POST',\n headers,\n credentials: 'same-origin',\n signal: controller.signal,\n body: JSON.stringify({ args }),\n });\n\n if (!response.ok) {\n const error = await response.json().catch(() => ({ message: 'Action failed' }));\n throw new Error(error.message || 'Action failed');\n }\n\n const result = await response.json();\n\n if (onSuccess) onSuccess(result);\n if (revalidate) {\n // Trigger revalidation of specified paths\n for (const path of revalidate) {\n invalidatePath(path);\n }\n }\n\n return result;\n } catch (error) {\n if (error.name === 'AbortError') {\n const timeoutError = new Error(`Action \"${id}\" timed out after ${timeout}ms`);\n timeoutError.code = 'TIMEOUT';\n if (onError) onError(timeoutError);\n throw timeoutError;\n }\n if (onError) onError(error);\n throw error;\n } finally {\n clearTimeout(timeoutId);\n }\n }\n\n callAction._actionId = id;\n callAction._isAction = true;\n\n return callAction;\n}\n\n// --- Form action helper ---\n// For forms that submit to server actions.\n\nexport function formAction(actionFn, options = {}) {\n const { onSuccess, onError, resetOnSuccess = true } = options;\n\n return async (formDataOrEvent) => {\n let formData;\n let form;\n\n if (formDataOrEvent instanceof Event) {\n formDataOrEvent.preventDefault();\n form = formDataOrEvent.target;\n formData = new FormData(form);\n } else {\n formData = formDataOrEvent;\n }\n\n // Convert FormData to plain object, preserving File instances\n const data = {};\n let hasFiles = false;\n for (const [key, value] of formData.entries()) {\n if (typeof File !== 'undefined' && value instanceof File) {\n hasFiles = true;\n }\n if (data[key]) {\n // Handle multiple values (e.g., checkboxes, multi-file inputs)\n if (Array.isArray(data[key])) {\n data[key].push(value);\n } else {\n data[key] = [data[key], value];\n }\n } else {\n data[key] = value;\n }\n }\n\n try {\n // If form contains files, pass the raw FormData as second arg\n // so the action handler can access files directly\n const result = hasFiles\n ? await actionFn(data, formData)\n : await actionFn(data);\n if (onSuccess) onSuccess(result, form);\n if (resetOnSuccess && form) form.reset();\n return result;\n } catch (error) {\n if (onError) onError(error, form);\n throw error;\n }\n };\n}\n\n// --- useAction hook ---\n// Returns action state and trigger function.\n\nexport function useAction(actionFn) {\n const isPending = signal(false);\n const error = signal(null);\n const data = signal(null);\n\n async function trigger(...args) {\n isPending.set(true);\n error.set(null);\n\n try {\n const result = await actionFn(...args);\n data.set(result);\n return result;\n } catch (e) {\n error.set(e);\n throw e;\n } finally {\n isPending.set(false);\n }\n }\n\n return {\n trigger,\n isPending: () => isPending(),\n error: () => error(),\n data: () => data(),\n reset: () => {\n error.set(null);\n data.set(null);\n },\n };\n}\n\n// --- useFormAction hook ---\n// Combines useAction with form handling.\n\nexport function useFormAction(actionFn, options = {}) {\n const { resetOnSuccess = true } = options;\n const formRef = { current: null };\n const actionState = useAction(formAction(actionFn, { resetOnSuccess }));\n\n function handleSubmit(e) {\n e.preventDefault();\n const formData = new FormData(e.target);\n formRef.current = e.target;\n return actionState.trigger(formData);\n }\n\n return {\n ...actionState,\n handleSubmit,\n formRef,\n };\n}\n\n// --- Optimistic updates ---\n\nexport function useOptimistic(initialValue, reducer) {\n const value = signal(initialValue);\n const pending = signal([]);\n const baseValue = signal(initialValue); // Track the confirmed server value\n\n function addOptimistic(action) {\n const optimisticValue = reducer(value.peek(), action);\n batch(() => {\n pending.set([...pending.peek(), action]);\n value.set(optimisticValue);\n });\n }\n\n function resolve(action, serverValue) {\n batch(() => {\n pending.set(pending.peek().filter(a => a !== action));\n if (serverValue !== undefined) {\n baseValue.set(serverValue);\n // Recompute optimistic state from new base + remaining pending actions\n let current = serverValue;\n for (const a of pending.peek()) {\n current = reducer(current, a);\n }\n value.set(current);\n }\n });\n }\n\n function rollback(action, realValue) {\n batch(() => {\n const newPending = pending.peek().filter(a => a !== action);\n pending.set(newPending);\n const base = realValue !== undefined ? realValue : baseValue.peek();\n baseValue.set(base);\n // Recompute from base + remaining pending actions\n let current = base;\n for (const a of newPending) {\n current = reducer(current, a);\n }\n value.set(current);\n });\n }\n\n // Auto-rollback helper: wraps an async action with automatic rollback on error\n async function withOptimistic(action, asyncFn) {\n addOptimistic(action);\n try {\n const result = await asyncFn();\n resolve(action, result);\n return result;\n } catch (e) {\n rollback(action);\n throw e;\n }\n }\n\n return {\n value: () => value(),\n isPending: () => pending().length > 0,\n addOptimistic,\n resolve,\n rollback,\n withOptimistic,\n set: (v) => { value.set(v); baseValue.set(v); },\n };\n}\n\n// --- Path revalidation ---\n\nconst revalidationCallbacks = new Map();\n\nexport function onRevalidate(path, callback) {\n if (!revalidationCallbacks.has(path)) {\n revalidationCallbacks.set(path, new Set());\n }\n revalidationCallbacks.get(path).add(callback);\n\n return () => {\n revalidationCallbacks.get(path)?.delete(callback);\n };\n}\n\nexport function invalidatePath(path) {\n const callbacks = revalidationCallbacks.get(path);\n if (callbacks) {\n for (const cb of callbacks) {\n try { cb(); } catch (e) { console.error('[what] Revalidation error:', e); }\n }\n }\n}\n\n// --- Server-side action handler ---\n// Add this to your server middleware.\n\nexport function handleActionRequest(req, actionId, args, options = {}) {\n const { csrfToken: sessionCsrfToken, skipCsrf = false } = options;\n\n // Validate CSRF token unless explicitly skipped\n if (!skipCsrf) {\n if (!sessionCsrfToken) {\n // Fail closed: no CSRF token configured means the developer forgot to set it up.\n // This prevents silent security vulnerabilities in production.\n return Promise.resolve({\n status: 500,\n body: {\n message: '[what] CSRF token not configured. ' +\n 'Pass { csrfToken: sessionToken } to handleActionRequest, ' +\n 'or { skipCsrf: true } to explicitly opt out.'\n }\n });\n }\n const requestCsrfToken = req?.headers?.['x-csrf-token'] || req?.headers?.['X-CSRF-Token'];\n if (!validateCsrfToken(requestCsrfToken, sessionCsrfToken)) {\n return Promise.resolve({ status: 403, body: { message: 'Invalid CSRF token' } });\n }\n }\n\n const action = actionRegistry.get(actionId);\n if (!action) {\n return Promise.resolve({ status: 404, body: { message: 'Action not found' } });\n }\n\n // Validate args is an array to prevent prototype pollution\n if (!Array.isArray(args)) {\n return Promise.resolve({ status: 400, body: { message: 'Invalid action arguments' } });\n }\n\n return action.fn(...args)\n .then(result => ({ status: 200, body: result }))\n .catch(error => {\n // Log the full error server-side, return generic message to client\n console.error(`[what] Action \"${actionId}\" error:`, error);\n return {\n status: 500,\n body: { message: 'Action failed' },\n };\n });\n}\n\n// --- Get all registered actions (for SSR/build) ---\n\nexport function getRegisteredActions() {\n return [...actionRegistry.keys()];\n}\n\n// --- Mutation helper ---\n// Like useSWR mutation but simpler.\n\nexport function useMutation(mutationFn, options = {}) {\n const { onSuccess, onError, onSettled } = options;\n\n const state = {\n isPending: signal(false),\n error: signal(null),\n data: signal(null),\n };\n\n async function mutate(...args) {\n state.isPending.set(true);\n state.error.set(null);\n\n try {\n const result = await mutationFn(...args);\n state.data.set(result);\n if (onSuccess) onSuccess(result, ...args);\n return result;\n } catch (error) {\n state.error.set(error);\n if (onError) onError(error, ...args);\n throw error;\n } finally {\n state.isPending.set(false);\n if (onSettled) onSettled(state.data.peek(), state.error.peek(), ...args);\n }\n }\n\n return {\n mutate,\n isPending: () => state.isPending(),\n error: () => state.error(),\n data: () => state.data(),\n reset: () => {\n state.error.set(null);\n state.data.set(null);\n },\n };\n}\n"],
|
|
5
|
-
"mappings": ";AAeA,SAAS,QAAQ,aAAa;AAG9B,IAAM,iBAAiB,oBAAI,IAAI;AAQ/B,SAAS,eAAe;AACtB,MAAI,OAAO,aAAa,aAAa;AAEnC,UAAM,OAAO,SAAS,cAAc,8BAA8B;AAClE,QAAI,MAAM;AACR,aAAO,KAAK,aAAa,SAAS;AAAA,IACpC;AAEA,UAAM,QAAQ,SAAS,OAAO,MAAM,6BAA6B;AACjE,QAAI,OAAO;AACT,aAAO,mBAAmB,MAAM,CAAC,CAAC;AAAA,IACpC;AAAA,EACF;AACA,SAAO;AACT;AAGO,SAAS,oBAAoB;AAClC,MAAI,OAAO,WAAW,eAAe,OAAO,YAAY;AACtD,WAAO,OAAO,WAAW;AAAA,EAC3B;AAEA,MAAI,OAAO,WAAW,eAAe,OAAO,iBAAiB;AAC3D,UAAM,MAAM,IAAI,WAAW,EAAE;AAC7B,WAAO,gBAAgB,GAAG;AAC1B,WAAO,MAAM,KAAK,KAAK,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AAAA,EACtE;AAEA,QAAM,IAAI,MAAM,oEAAoE;AACtF;AAGO,SAAS,kBAAkB,cAAc,cAAc;AAC5D,MAAI,CAAC,gBAAgB,CAAC,aAAc,QAAO;AAE3C,MAAI,aAAa,WAAW,aAAa,OAAQ,QAAO;AACxD,MAAI,SAAS;AACb,WAAS,IAAI,GAAG,IAAI,aAAa,QAAQ,KAAK;AAC5C,cAAU,aAAa,WAAW,CAAC,IAAI,aAAa,WAAW,CAAC;AAAA,EAClE;AACA,SAAO,WAAW;AACpB;AAGO,SAAS,YAAY,OAAO;AAEjC,QAAM,UAAU,OAAO,KAAK,EAAE,QAAQ,MAAM,OAAO,EAAE,QAAQ,MAAM,QAAQ,EAAE,QAAQ,MAAM,MAAM,EAAE,QAAQ,MAAM,MAAM;AACvH,SAAO,yCAAyC,OAAO;AACzD;AAIA,SAAS,mBAAmB;
|
|
4
|
+
"sourcesContent": ["// What Framework - Server Actions\n// Call server-side functions from client code seamlessly.\n// Similar to Next.js Server Actions / SolidStart server functions.\n//\n// Usage:\n// // Define on server\n// const saveUser = action(async (formData) => {\n// 'use server';\n// const user = await db.users.create(formData);\n// return { success: true, id: user.id };\n// });\n//\n// // Call from client\n// const result = await saveUser({ name: 'John' });\n\nimport { signal, batch } from 'what-core';\n\n// Registry of server actions\nconst actionRegistry = new Map();\n\n// --- CSRF Protection ---\n// Server generates a token per session; client sends it with every action request.\n// The token is injected into the page via a meta tag or embedded in the server response.\n\n// Client: read the CSRF token from the page meta tag or cookie\n// Re-reads on every call to handle token rotation\nfunction getCsrfToken() {\n if (typeof document !== 'undefined') {\n // Try meta tag first\n const meta = document.querySelector('meta[name=\"what-csrf-token\"]');\n if (meta) {\n return meta.getAttribute('content');\n }\n // Try cookie\n const match = document.cookie.match(/(?:^|;\\s*)what-csrf=([^;]+)/);\n if (match) {\n return decodeURIComponent(match[1]);\n }\n }\n return null;\n}\n\n// Server: generate a CSRF token (call this per session/request)\nexport function generateCsrfToken() {\n if (typeof crypto !== 'undefined' && crypto.randomUUID) {\n return crypto.randomUUID();\n }\n // Fallback for environments without crypto.randomUUID \u2014 use crypto.getRandomValues\n if (typeof crypto !== 'undefined' && crypto.getRandomValues) {\n const arr = new Uint8Array(16);\n crypto.getRandomValues(arr);\n return Array.from(arr, b => b.toString(16).padStart(2, '0')).join('');\n }\n // Last resort \u2014 should not be reached in modern environments\n throw new Error('[what] No secure random source available for CSRF token generation');\n}\n\n// Server: validate CSRF token from request header against session token\nexport function validateCsrfToken(requestToken, sessionToken) {\n if (!requestToken || !sessionToken) return false;\n // Constant-time comparison to prevent timing attacks\n if (requestToken.length !== sessionToken.length) return false;\n let result = 0;\n for (let i = 0; i < requestToken.length; i++) {\n result |= requestToken.charCodeAt(i) ^ sessionToken.charCodeAt(i);\n }\n return result === 0;\n}\n\n// Server: middleware helper to inject CSRF meta tag into HTML\nexport function csrfMetaTag(token) {\n // HTML-escape the token to prevent XSS if a non-standard value is used\n const escaped = String(token).replace(/&/g, '&').replace(/\"/g, '"').replace(/</g, '<').replace(/>/g, '>');\n return `<meta name=\"what-csrf-token\" content=\"${escaped}\">`;\n}\n\n// --- Define a server action ---\n\nlet _actionCounter = 0;\n\nfunction generateActionId() {\n // Generate a deterministic ID \u2014 prefer crypto.getRandomValues, fall back to a\n // monotonic counter (never Math.random, which is not cryptographically safe and\n // produces predictable IDs in some runtimes).\n const rand = typeof crypto !== 'undefined' && crypto.getRandomValues\n ? Array.from(crypto.getRandomValues(new Uint8Array(6)), b => b.toString(16).padStart(2, '0')).join('')\n : `c${(++_actionCounter).toString(36)}_${Date.now().toString(36)}`;\n return `a_${rand}`;\n}\n\nexport function action(fn, options = {}) {\n const id = options.id || generateActionId();\n const { onError, onSuccess, revalidate } = options;\n\n // Server-side: register the action\n if (typeof window === 'undefined') {\n actionRegistry.set(id, { fn, options });\n }\n\n // Create the callable wrapper\n async function callAction(...args) {\n // Server-side: call directly\n if (typeof window === 'undefined') {\n return fn(...args);\n }\n\n // Client-side: call via fetch with timeout support\n const timeout = options.timeout || 30000; // Default 30s timeout\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), timeout);\n\n try {\n const csrfToken = getCsrfToken();\n const headers = {\n 'Content-Type': 'application/json',\n 'X-What-Action': id,\n };\n if (csrfToken) headers['X-CSRF-Token'] = csrfToken;\n\n const response = await fetch('/__what_action', {\n method: 'POST',\n headers,\n credentials: 'same-origin',\n signal: controller.signal,\n body: JSON.stringify({ args }),\n });\n\n if (!response.ok) {\n const error = await response.json().catch(() => ({ message: 'Action failed' }));\n throw new Error(error.message || 'Action failed');\n }\n\n const result = await response.json();\n\n if (onSuccess) onSuccess(result);\n if (revalidate) {\n // Trigger revalidation of specified paths\n for (const path of revalidate) {\n invalidatePath(path);\n }\n }\n\n return result;\n } catch (error) {\n if (error.name === 'AbortError') {\n const timeoutError = new Error(`Action \"${id}\" timed out after ${timeout}ms`);\n timeoutError.code = 'TIMEOUT';\n if (onError) onError(timeoutError);\n throw timeoutError;\n }\n if (onError) onError(error);\n throw error;\n } finally {\n clearTimeout(timeoutId);\n }\n }\n\n callAction._actionId = id;\n callAction._isAction = true;\n\n return callAction;\n}\n\n// --- Form action helper ---\n// For forms that submit to server actions.\n\nexport function formAction(actionFn, options = {}) {\n const { onSuccess, onError, resetOnSuccess = true } = options;\n\n return async (formDataOrEvent) => {\n let formData;\n let form;\n\n if (formDataOrEvent instanceof Event) {\n formDataOrEvent.preventDefault();\n form = formDataOrEvent.target;\n formData = new FormData(form);\n } else {\n formData = formDataOrEvent;\n }\n\n // Convert FormData to plain object, preserving File instances\n const data = {};\n let hasFiles = false;\n for (const [key, value] of formData.entries()) {\n if (typeof File !== 'undefined' && value instanceof File) {\n hasFiles = true;\n }\n if (data[key]) {\n // Handle multiple values (e.g., checkboxes, multi-file inputs)\n if (Array.isArray(data[key])) {\n data[key].push(value);\n } else {\n data[key] = [data[key], value];\n }\n } else {\n data[key] = value;\n }\n }\n\n try {\n // If form contains files, pass the raw FormData as second arg\n // so the action handler can access files directly\n const result = hasFiles\n ? await actionFn(data, formData)\n : await actionFn(data);\n if (onSuccess) onSuccess(result, form);\n if (resetOnSuccess && form) form.reset();\n return result;\n } catch (error) {\n if (onError) onError(error, form);\n throw error;\n }\n };\n}\n\n// --- useAction hook ---\n// Returns action state and trigger function.\n\nexport function useAction(actionFn) {\n const isPending = signal(false);\n const error = signal(null);\n const data = signal(null);\n\n async function trigger(...args) {\n isPending.set(true);\n error.set(null);\n\n try {\n const result = await actionFn(...args);\n data.set(result);\n return result;\n } catch (e) {\n error.set(e);\n throw e;\n } finally {\n isPending.set(false);\n }\n }\n\n return {\n trigger,\n isPending: () => isPending(),\n error: () => error(),\n data: () => data(),\n reset: () => {\n error.set(null);\n data.set(null);\n },\n };\n}\n\n// --- useFormAction hook ---\n// Combines useAction with form handling.\n\nexport function useFormAction(actionFn, options = {}) {\n const { resetOnSuccess = true } = options;\n const formRef = { current: null };\n const actionState = useAction(formAction(actionFn, { resetOnSuccess }));\n\n function handleSubmit(e) {\n e.preventDefault();\n const formData = new FormData(e.target);\n formRef.current = e.target;\n return actionState.trigger(formData);\n }\n\n return {\n ...actionState,\n handleSubmit,\n formRef,\n };\n}\n\n// --- Optimistic updates ---\n\nexport function useOptimistic(initialValue, reducer) {\n const value = signal(initialValue);\n const pending = signal([]);\n const baseValue = signal(initialValue); // Track the confirmed server value\n\n function addOptimistic(action) {\n const optimisticValue = reducer(value.peek(), action);\n batch(() => {\n pending.set([...pending.peek(), action]);\n value.set(optimisticValue);\n });\n }\n\n function resolve(action, serverValue) {\n batch(() => {\n pending.set(pending.peek().filter(a => a !== action));\n if (serverValue !== undefined) {\n baseValue.set(serverValue);\n // Recompute optimistic state from new base + remaining pending actions\n let current = serverValue;\n for (const a of pending.peek()) {\n current = reducer(current, a);\n }\n value.set(current);\n }\n });\n }\n\n function rollback(action, realValue) {\n batch(() => {\n const newPending = pending.peek().filter(a => a !== action);\n pending.set(newPending);\n const base = realValue !== undefined ? realValue : baseValue.peek();\n baseValue.set(base);\n // Recompute from base + remaining pending actions\n let current = base;\n for (const a of newPending) {\n current = reducer(current, a);\n }\n value.set(current);\n });\n }\n\n // Auto-rollback helper: wraps an async action with automatic rollback on error\n async function withOptimistic(action, asyncFn) {\n addOptimistic(action);\n try {\n const result = await asyncFn();\n resolve(action, result);\n return result;\n } catch (e) {\n rollback(action);\n throw e;\n }\n }\n\n return {\n value: () => value(),\n isPending: () => pending().length > 0,\n addOptimistic,\n resolve,\n rollback,\n withOptimistic,\n set: (v) => { value.set(v); baseValue.set(v); },\n };\n}\n\n// --- Path revalidation ---\n\nconst revalidationCallbacks = new Map();\n\nexport function onRevalidate(path, callback) {\n if (!revalidationCallbacks.has(path)) {\n revalidationCallbacks.set(path, new Set());\n }\n revalidationCallbacks.get(path).add(callback);\n\n return () => {\n revalidationCallbacks.get(path)?.delete(callback);\n };\n}\n\nexport function invalidatePath(path) {\n const callbacks = revalidationCallbacks.get(path);\n if (callbacks) {\n for (const cb of callbacks) {\n try { cb(); } catch (e) { console.error('[what] Revalidation error:', e); }\n }\n }\n}\n\n// --- Server-side action handler ---\n// Add this to your server middleware.\n\nexport function handleActionRequest(req, actionId, args, options = {}) {\n const { csrfToken: sessionCsrfToken, skipCsrf = false } = options;\n\n // Validate CSRF token unless explicitly skipped\n if (!skipCsrf) {\n if (!sessionCsrfToken) {\n // Fail closed: no CSRF token configured means the developer forgot to set it up.\n // This prevents silent security vulnerabilities in production.\n return Promise.resolve({\n status: 500,\n body: {\n message: '[what] CSRF token not configured. ' +\n 'Pass { csrfToken: sessionToken } to handleActionRequest, ' +\n 'or { skipCsrf: true } to explicitly opt out.'\n }\n });\n }\n const requestCsrfToken = req?.headers?.['x-csrf-token'] || req?.headers?.['X-CSRF-Token'];\n if (!validateCsrfToken(requestCsrfToken, sessionCsrfToken)) {\n return Promise.resolve({ status: 403, body: { message: 'Invalid CSRF token' } });\n }\n }\n\n const action = actionRegistry.get(actionId);\n if (!action) {\n return Promise.resolve({ status: 404, body: { message: 'Action not found' } });\n }\n\n // Validate args is an array to prevent prototype pollution\n if (!Array.isArray(args)) {\n return Promise.resolve({ status: 400, body: { message: 'Invalid action arguments' } });\n }\n\n return action.fn(...args)\n .then(result => ({ status: 200, body: result }))\n .catch(error => {\n // Log the full error server-side, return generic message to client\n console.error(`[what] Action \"${actionId}\" error:`, error);\n return {\n status: 500,\n body: { message: 'Action failed' },\n };\n });\n}\n\n// --- Get all registered actions (for SSR/build) ---\n\nexport function getRegisteredActions() {\n return [...actionRegistry.keys()];\n}\n\n// --- Mutation helper ---\n// Like useSWR mutation but simpler.\n\nexport function useMutation(mutationFn, options = {}) {\n const { onSuccess, onError, onSettled } = options;\n\n const state = {\n isPending: signal(false),\n error: signal(null),\n data: signal(null),\n };\n\n async function mutate(...args) {\n state.isPending.set(true);\n state.error.set(null);\n\n try {\n const result = await mutationFn(...args);\n state.data.set(result);\n if (onSuccess) onSuccess(result, ...args);\n return result;\n } catch (error) {\n state.error.set(error);\n if (onError) onError(error, ...args);\n throw error;\n } finally {\n state.isPending.set(false);\n if (onSettled) onSettled(state.data.peek(), state.error.peek(), ...args);\n }\n }\n\n return {\n mutate,\n isPending: () => state.isPending(),\n error: () => state.error(),\n data: () => state.data(),\n reset: () => {\n state.error.set(null);\n state.data.set(null);\n },\n };\n}\n"],
|
|
5
|
+
"mappings": ";AAeA,SAAS,QAAQ,aAAa;AAG9B,IAAM,iBAAiB,oBAAI,IAAI;AAQ/B,SAAS,eAAe;AACtB,MAAI,OAAO,aAAa,aAAa;AAEnC,UAAM,OAAO,SAAS,cAAc,8BAA8B;AAClE,QAAI,MAAM;AACR,aAAO,KAAK,aAAa,SAAS;AAAA,IACpC;AAEA,UAAM,QAAQ,SAAS,OAAO,MAAM,6BAA6B;AACjE,QAAI,OAAO;AACT,aAAO,mBAAmB,MAAM,CAAC,CAAC;AAAA,IACpC;AAAA,EACF;AACA,SAAO;AACT;AAGO,SAAS,oBAAoB;AAClC,MAAI,OAAO,WAAW,eAAe,OAAO,YAAY;AACtD,WAAO,OAAO,WAAW;AAAA,EAC3B;AAEA,MAAI,OAAO,WAAW,eAAe,OAAO,iBAAiB;AAC3D,UAAM,MAAM,IAAI,WAAW,EAAE;AAC7B,WAAO,gBAAgB,GAAG;AAC1B,WAAO,MAAM,KAAK,KAAK,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AAAA,EACtE;AAEA,QAAM,IAAI,MAAM,oEAAoE;AACtF;AAGO,SAAS,kBAAkB,cAAc,cAAc;AAC5D,MAAI,CAAC,gBAAgB,CAAC,aAAc,QAAO;AAE3C,MAAI,aAAa,WAAW,aAAa,OAAQ,QAAO;AACxD,MAAI,SAAS;AACb,WAAS,IAAI,GAAG,IAAI,aAAa,QAAQ,KAAK;AAC5C,cAAU,aAAa,WAAW,CAAC,IAAI,aAAa,WAAW,CAAC;AAAA,EAClE;AACA,SAAO,WAAW;AACpB;AAGO,SAAS,YAAY,OAAO;AAEjC,QAAM,UAAU,OAAO,KAAK,EAAE,QAAQ,MAAM,OAAO,EAAE,QAAQ,MAAM,QAAQ,EAAE,QAAQ,MAAM,MAAM,EAAE,QAAQ,MAAM,MAAM;AACvH,SAAO,yCAAyC,OAAO;AACzD;AAIA,IAAI,iBAAiB;AAErB,SAAS,mBAAmB;AAI1B,QAAM,OAAO,OAAO,WAAW,eAAe,OAAO,kBACjD,MAAM,KAAK,OAAO,gBAAgB,IAAI,WAAW,CAAC,CAAC,GAAG,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE,IACnG,KAAK,EAAE,gBAAgB,SAAS,EAAE,CAAC,IAAI,KAAK,IAAI,EAAE,SAAS,EAAE,CAAC;AAClE,SAAO,KAAK,IAAI;AAClB;AAEO,SAAS,OAAO,IAAI,UAAU,CAAC,GAAG;AACvC,QAAM,KAAK,QAAQ,MAAM,iBAAiB;AAC1C,QAAM,EAAE,SAAS,WAAW,WAAW,IAAI;AAG3C,MAAI,OAAO,WAAW,aAAa;AACjC,mBAAe,IAAI,IAAI,EAAE,IAAI,QAAQ,CAAC;AAAA,EACxC;AAGA,iBAAe,cAAc,MAAM;AAEjC,QAAI,OAAO,WAAW,aAAa;AACjC,aAAO,GAAG,GAAG,IAAI;AAAA,IACnB;AAGA,UAAM,UAAU,QAAQ,WAAW;AACnC,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,OAAO;AAE9D,QAAI;AACF,YAAM,YAAY,aAAa;AAC/B,YAAM,UAAU;AAAA,QACd,gBAAgB;AAAA,QAChB,iBAAiB;AAAA,MACnB;AACA,UAAI,UAAW,SAAQ,cAAc,IAAI;AAEzC,YAAM,WAAW,MAAM,MAAM,kBAAkB;AAAA,QAC7C,QAAQ;AAAA,QACR;AAAA,QACA,aAAa;AAAA,QACb,QAAQ,WAAW;AAAA,QACnB,MAAM,KAAK,UAAU,EAAE,KAAK,CAAC;AAAA,MAC/B,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,QAAQ,MAAM,SAAS,KAAK,EAAE,MAAM,OAAO,EAAE,SAAS,gBAAgB,EAAE;AAC9E,cAAM,IAAI,MAAM,MAAM,WAAW,eAAe;AAAA,MAClD;AAEA,YAAM,SAAS,MAAM,SAAS,KAAK;AAEnC,UAAI,UAAW,WAAU,MAAM;AAC/B,UAAI,YAAY;AAEd,mBAAW,QAAQ,YAAY;AAC7B,yBAAe,IAAI;AAAA,QACrB;AAAA,MACF;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,MAAM,SAAS,cAAc;AAC/B,cAAM,eAAe,IAAI,MAAM,WAAW,EAAE,qBAAqB,OAAO,IAAI;AAC5E,qBAAa,OAAO;AACpB,YAAI,QAAS,SAAQ,YAAY;AACjC,cAAM;AAAA,MACR;AACA,UAAI,QAAS,SAAQ,KAAK;AAC1B,YAAM;AAAA,IACR,UAAE;AACA,mBAAa,SAAS;AAAA,IACxB;AAAA,EACF;AAEA,aAAW,YAAY;AACvB,aAAW,YAAY;AAEvB,SAAO;AACT;AAKO,SAAS,WAAW,UAAU,UAAU,CAAC,GAAG;AACjD,QAAM,EAAE,WAAW,SAAS,iBAAiB,KAAK,IAAI;AAEtD,SAAO,OAAO,oBAAoB;AAChC,QAAI;AACJ,QAAI;AAEJ,QAAI,2BAA2B,OAAO;AACpC,sBAAgB,eAAe;AAC/B,aAAO,gBAAgB;AACvB,iBAAW,IAAI,SAAS,IAAI;AAAA,IAC9B,OAAO;AACL,iBAAW;AAAA,IACb;AAGA,UAAM,OAAO,CAAC;AACd,QAAI,WAAW;AACf,eAAW,CAAC,KAAK,KAAK,KAAK,SAAS,QAAQ,GAAG;AAC7C,UAAI,OAAO,SAAS,eAAe,iBAAiB,MAAM;AACxD,mBAAW;AAAA,MACb;AACA,UAAI,KAAK,GAAG,GAAG;AAEb,YAAI,MAAM,QAAQ,KAAK,GAAG,CAAC,GAAG;AAC5B,eAAK,GAAG,EAAE,KAAK,KAAK;AAAA,QACtB,OAAO;AACL,eAAK,GAAG,IAAI,CAAC,KAAK,GAAG,GAAG,KAAK;AAAA,QAC/B;AAAA,MACF,OAAO;AACL,aAAK,GAAG,IAAI;AAAA,MACd;AAAA,IACF;AAEA,QAAI;AAGF,YAAM,SAAS,WACX,MAAM,SAAS,MAAM,QAAQ,IAC7B,MAAM,SAAS,IAAI;AACvB,UAAI,UAAW,WAAU,QAAQ,IAAI;AACrC,UAAI,kBAAkB,KAAM,MAAK,MAAM;AACvC,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,QAAS,SAAQ,OAAO,IAAI;AAChC,YAAM;AAAA,IACR;AAAA,EACF;AACF;AAKO,SAAS,UAAU,UAAU;AAClC,QAAM,YAAY,OAAO,KAAK;AAC9B,QAAM,QAAQ,OAAO,IAAI;AACzB,QAAM,OAAO,OAAO,IAAI;AAExB,iBAAe,WAAW,MAAM;AAC9B,cAAU,IAAI,IAAI;AAClB,UAAM,IAAI,IAAI;AAEd,QAAI;AACF,YAAM,SAAS,MAAM,SAAS,GAAG,IAAI;AACrC,WAAK,IAAI,MAAM;AACf,aAAO;AAAA,IACT,SAAS,GAAG;AACV,YAAM,IAAI,CAAC;AACX,YAAM;AAAA,IACR,UAAE;AACA,gBAAU,IAAI,KAAK;AAAA,IACrB;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA,WAAW,MAAM,UAAU;AAAA,IAC3B,OAAO,MAAM,MAAM;AAAA,IACnB,MAAM,MAAM,KAAK;AAAA,IACjB,OAAO,MAAM;AACX,YAAM,IAAI,IAAI;AACd,WAAK,IAAI,IAAI;AAAA,IACf;AAAA,EACF;AACF;AAKO,SAAS,cAAc,UAAU,UAAU,CAAC,GAAG;AACpD,QAAM,EAAE,iBAAiB,KAAK,IAAI;AAClC,QAAM,UAAU,EAAE,SAAS,KAAK;AAChC,QAAM,cAAc,UAAU,WAAW,UAAU,EAAE,eAAe,CAAC,CAAC;AAEtE,WAAS,aAAa,GAAG;AACvB,MAAE,eAAe;AACjB,UAAM,WAAW,IAAI,SAAS,EAAE,MAAM;AACtC,YAAQ,UAAU,EAAE;AACpB,WAAO,YAAY,QAAQ,QAAQ;AAAA,EACrC;AAEA,SAAO;AAAA,IACL,GAAG;AAAA,IACH;AAAA,IACA;AAAA,EACF;AACF;AAIO,SAAS,cAAc,cAAc,SAAS;AACnD,QAAM,QAAQ,OAAO,YAAY;AACjC,QAAM,UAAU,OAAO,CAAC,CAAC;AACzB,QAAM,YAAY,OAAO,YAAY;AAErC,WAAS,cAAcA,SAAQ;AAC7B,UAAM,kBAAkB,QAAQ,MAAM,KAAK,GAAGA,OAAM;AACpD,UAAM,MAAM;AACV,cAAQ,IAAI,CAAC,GAAG,QAAQ,KAAK,GAAGA,OAAM,CAAC;AACvC,YAAM,IAAI,eAAe;AAAA,IAC3B,CAAC;AAAA,EACH;AAEA,WAAS,QAAQA,SAAQ,aAAa;AACpC,UAAM,MAAM;AACV,cAAQ,IAAI,QAAQ,KAAK,EAAE,OAAO,OAAK,MAAMA,OAAM,CAAC;AACpD,UAAI,gBAAgB,QAAW;AAC7B,kBAAU,IAAI,WAAW;AAEzB,YAAI,UAAU;AACd,mBAAW,KAAK,QAAQ,KAAK,GAAG;AAC9B,oBAAU,QAAQ,SAAS,CAAC;AAAA,QAC9B;AACA,cAAM,IAAI,OAAO;AAAA,MACnB;AAAA,IACF,CAAC;AAAA,EACH;AAEA,WAAS,SAASA,SAAQ,WAAW;AACnC,UAAM,MAAM;AACV,YAAM,aAAa,QAAQ,KAAK,EAAE,OAAO,OAAK,MAAMA,OAAM;AAC1D,cAAQ,IAAI,UAAU;AACtB,YAAM,OAAO,cAAc,SAAY,YAAY,UAAU,KAAK;AAClE,gBAAU,IAAI,IAAI;AAElB,UAAI,UAAU;AACd,iBAAW,KAAK,YAAY;AAC1B,kBAAU,QAAQ,SAAS,CAAC;AAAA,MAC9B;AACA,YAAM,IAAI,OAAO;AAAA,IACnB,CAAC;AAAA,EACH;AAGA,iBAAe,eAAeA,SAAQ,SAAS;AAC7C,kBAAcA,OAAM;AACpB,QAAI;AACF,YAAM,SAAS,MAAM,QAAQ;AAC7B,cAAQA,SAAQ,MAAM;AACtB,aAAO;AAAA,IACT,SAAS,GAAG;AACV,eAASA,OAAM;AACf,YAAM;AAAA,IACR;AAAA,EACF;AAEA,SAAO;AAAA,IACL,OAAO,MAAM,MAAM;AAAA,IACnB,WAAW,MAAM,QAAQ,EAAE,SAAS;AAAA,IACpC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,KAAK,CAAC,MAAM;AAAE,YAAM,IAAI,CAAC;AAAG,gBAAU,IAAI,CAAC;AAAA,IAAG;AAAA,EAChD;AACF;AAIA,IAAM,wBAAwB,oBAAI,IAAI;AAE/B,SAAS,aAAa,MAAM,UAAU;AAC3C,MAAI,CAAC,sBAAsB,IAAI,IAAI,GAAG;AACpC,0BAAsB,IAAI,MAAM,oBAAI,IAAI,CAAC;AAAA,EAC3C;AACA,wBAAsB,IAAI,IAAI,EAAE,IAAI,QAAQ;AAE5C,SAAO,MAAM;AACX,0BAAsB,IAAI,IAAI,GAAG,OAAO,QAAQ;AAAA,EAClD;AACF;AAEO,SAAS,eAAe,MAAM;AACnC,QAAM,YAAY,sBAAsB,IAAI,IAAI;AAChD,MAAI,WAAW;AACb,eAAW,MAAM,WAAW;AAC1B,UAAI;AAAE,WAAG;AAAA,MAAG,SAAS,GAAG;AAAE,gBAAQ,MAAM,8BAA8B,CAAC;AAAA,MAAG;AAAA,IAC5E;AAAA,EACF;AACF;AAKO,SAAS,oBAAoB,KAAK,UAAU,MAAM,UAAU,CAAC,GAAG;AACrE,QAAM,EAAE,WAAW,kBAAkB,WAAW,MAAM,IAAI;AAG1D,MAAI,CAAC,UAAU;AACb,QAAI,CAAC,kBAAkB;AAGrB,aAAO,QAAQ,QAAQ;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACJ,SAAS;AAAA,QAGX;AAAA,MACF,CAAC;AAAA,IACH;AACA,UAAM,mBAAmB,KAAK,UAAU,cAAc,KAAK,KAAK,UAAU,cAAc;AACxF,QAAI,CAAC,kBAAkB,kBAAkB,gBAAgB,GAAG;AAC1D,aAAO,QAAQ,QAAQ,EAAE,QAAQ,KAAK,MAAM,EAAE,SAAS,qBAAqB,EAAE,CAAC;AAAA,IACjF;AAAA,EACF;AAEA,QAAMA,UAAS,eAAe,IAAI,QAAQ;AAC1C,MAAI,CAACA,SAAQ;AACX,WAAO,QAAQ,QAAQ,EAAE,QAAQ,KAAK,MAAM,EAAE,SAAS,mBAAmB,EAAE,CAAC;AAAA,EAC/E;AAGA,MAAI,CAAC,MAAM,QAAQ,IAAI,GAAG;AACxB,WAAO,QAAQ,QAAQ,EAAE,QAAQ,KAAK,MAAM,EAAE,SAAS,2BAA2B,EAAE,CAAC;AAAA,EACvF;AAEA,SAAOA,QAAO,GAAG,GAAG,IAAI,EACrB,KAAK,aAAW,EAAE,QAAQ,KAAK,MAAM,OAAO,EAAE,EAC9C,MAAM,WAAS;AAEd,YAAQ,MAAM,kBAAkB,QAAQ,YAAY,KAAK;AACzD,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,MAAM,EAAE,SAAS,gBAAgB;AAAA,IACnC;AAAA,EACF,CAAC;AACL;AAIO,SAAS,uBAAuB;AACrC,SAAO,CAAC,GAAG,eAAe,KAAK,CAAC;AAClC;AAKO,SAAS,YAAY,YAAY,UAAU,CAAC,GAAG;AACpD,QAAM,EAAE,WAAW,SAAS,UAAU,IAAI;AAE1C,QAAM,QAAQ;AAAA,IACZ,WAAW,OAAO,KAAK;AAAA,IACvB,OAAO,OAAO,IAAI;AAAA,IAClB,MAAM,OAAO,IAAI;AAAA,EACnB;AAEA,iBAAe,UAAU,MAAM;AAC7B,UAAM,UAAU,IAAI,IAAI;AACxB,UAAM,MAAM,IAAI,IAAI;AAEpB,QAAI;AACF,YAAM,SAAS,MAAM,WAAW,GAAG,IAAI;AACvC,YAAM,KAAK,IAAI,MAAM;AACrB,UAAI,UAAW,WAAU,QAAQ,GAAG,IAAI;AACxC,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM,MAAM,IAAI,KAAK;AACrB,UAAI,QAAS,SAAQ,OAAO,GAAG,IAAI;AACnC,YAAM;AAAA,IACR,UAAE;AACA,YAAM,UAAU,IAAI,KAAK;AACzB,UAAI,UAAW,WAAU,MAAM,KAAK,KAAK,GAAG,MAAM,MAAM,KAAK,GAAG,GAAG,IAAI;AAAA,IACzE;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA,WAAW,MAAM,MAAM,UAAU;AAAA,IACjC,OAAO,MAAM,MAAM,MAAM;AAAA,IACzB,MAAM,MAAM,MAAM,KAAK;AAAA,IACvB,OAAO,MAAM;AACX,YAAM,MAAM,IAAI,IAAI;AACpB,YAAM,KAAK,IAAI,IAAI;AAAA,IACrB;AAAA,EACF;AACF;",
|
|
6
6
|
"names": ["action"]
|
|
7
7
|
}
|
package/dist/actions.min.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import{signal as p,batch as w}from"what-core";var A=new Map;function k(){if(typeof document<"u"){let e=document.querySelector('meta[name="what-csrf-token"]');if(e)return e.getAttribute("content");let t=document.cookie.match(/(?:^|;\s*)what-csrf=([^;]+)/);if(t)return decodeURIComponent(t[1])}return null}function
|
|
1
|
+
import{signal as p,batch as w}from"what-core";var A=new Map;function k(){if(typeof document<"u"){let e=document.querySelector('meta[name="what-csrf-token"]');if(e)return e.getAttribute("content");let t=document.cookie.match(/(?:^|;\s*)what-csrf=([^;]+)/);if(t)return decodeURIComponent(t[1])}return null}function T(){if(typeof crypto<"u"&&crypto.randomUUID)return crypto.randomUUID();if(typeof crypto<"u"&&crypto.getRandomValues){let e=new Uint8Array(16);return crypto.getRandomValues(e),Array.from(e,t=>t.toString(16).padStart(2,"0")).join("")}throw new Error("[what] No secure random source available for CSRF token generation")}function S(e,t){if(!e||!t||e.length!==t.length)return!1;let r=0;for(let n=0;n<e.length;n++)r|=e.charCodeAt(n)^t.charCodeAt(n);return r===0}function F(e){return`<meta name="what-csrf-token" content="${String(e).replace(/&/g,"&").replace(/"/g,""").replace(/</g,"<").replace(/>/g,">")}">`}var b=0;function C(){return`a_${typeof crypto<"u"&&crypto.getRandomValues?Array.from(crypto.getRandomValues(new Uint8Array(6)),t=>t.toString(16).padStart(2,"0")).join(""):`c${(++b).toString(36)}_${Date.now().toString(36)}`}`}function I(e,t={}){let r=t.id||C(),{onError:n,onSuccess:f,revalidate:o}=t;typeof window>"u"&&A.set(r,{fn:e,options:t});async function s(...i){if(typeof window>"u")return e(...i);let u=t.timeout||3e4,l=new AbortController,a=setTimeout(()=>l.abort(),u);try{let c=k(),d={"Content-Type":"application/json","X-What-Action":r};c&&(d["X-CSRF-Token"]=c);let g=await fetch("/__what_action",{method:"POST",headers:d,credentials:"same-origin",signal:l.signal,body:JSON.stringify({args:i})});if(!g.ok){let h=await g.json().catch(()=>({message:"Action failed"}));throw new Error(h.message||"Action failed")}let m=await g.json();if(f&&f(m),o)for(let h of o)x(h);return m}catch(c){if(c.name==="AbortError"){let d=new Error(`Action "${r}" timed out after ${u}ms`);throw d.code="TIMEOUT",n&&n(d),d}throw n&&n(c),c}finally{clearTimeout(a)}}return s._actionId=r,s._isAction=!0,s}function R(e,t={}){let{onSuccess:r,onError:n,resetOnSuccess:f=!0}=t;return async o=>{let s,i;o instanceof Event?(o.preventDefault(),i=o.target,s=new FormData(i)):s=o;let u={},l=!1;for(let[a,c]of s.entries())typeof File<"u"&&c instanceof File&&(l=!0),u[a]?Array.isArray(u[a])?u[a].push(c):u[a]=[u[a],c]:u[a]=c;try{let a=l?await e(u,s):await e(u);return r&&r(a,i),f&&i&&i.reset(),a}catch(a){throw n&&n(a,i),a}}}function P(e){let t=p(!1),r=p(null),n=p(null);async function f(...o){t.set(!0),r.set(null);try{let s=await e(...o);return n.set(s),s}catch(s){throw r.set(s),s}finally{t.set(!1)}}return{trigger:f,isPending:()=>t(),error:()=>r(),data:()=>n(),reset:()=>{r.set(null),n.set(null)}}}function U(e,t={}){let{resetOnSuccess:r=!0}=t,n={current:null},f=P(R(e,{resetOnSuccess:r}));function o(s){s.preventDefault();let i=new FormData(s.target);return n.current=s.target,f.trigger(i)}return{...f,handleSubmit:o,formRef:n}}function _(e,t){let r=p(e),n=p([]),f=p(e);function o(l){let a=t(r.peek(),l);w(()=>{n.set([...n.peek(),l]),r.set(a)})}function s(l,a){w(()=>{if(n.set(n.peek().filter(c=>c!==l)),a!==void 0){f.set(a);let c=a;for(let d of n.peek())c=t(c,d);r.set(c)}})}function i(l,a){w(()=>{let c=n.peek().filter(m=>m!==l);n.set(c);let d=a!==void 0?a:f.peek();f.set(d);let g=d;for(let m of c)g=t(g,m);r.set(g)})}async function u(l,a){o(l);try{let c=await a();return s(l,c),c}catch(c){throw i(l),c}}return{value:()=>r(),isPending:()=>n().length>0,addOptimistic:o,resolve:s,rollback:i,withOptimistic:u,set:l=>{r.set(l),f.set(l)}}}var y=new Map;function E(e,t){return y.has(e)||y.set(e,new Set),y.get(e).add(t),()=>{y.get(e)?.delete(t)}}function x(e){let t=y.get(e);if(t)for(let r of t)try{r()}catch(n){console.error("[what] Revalidation error:",n)}}function $(e,t,r,n={}){let{csrfToken:f,skipCsrf:o=!1}=n;if(!o){if(!f)return Promise.resolve({status:500,body:{message:"[what] CSRF token not configured. Pass { csrfToken: sessionToken } to handleActionRequest, or { skipCsrf: true } to explicitly opt out."}});let i=e?.headers?.["x-csrf-token"]||e?.headers?.["X-CSRF-Token"];if(!S(i,f))return Promise.resolve({status:403,body:{message:"Invalid CSRF token"}})}let s=A.get(t);return s?Array.isArray(r)?s.fn(...r).then(i=>({status:200,body:i})).catch(i=>(console.error(`[what] Action "${t}" error:`,i),{status:500,body:{message:"Action failed"}})):Promise.resolve({status:400,body:{message:"Invalid action arguments"}}):Promise.resolve({status:404,body:{message:"Action not found"}})}function D(){return[...A.keys()]}function j(e,t={}){let{onSuccess:r,onError:n,onSettled:f}=t,o={isPending:p(!1),error:p(null),data:p(null)};async function s(...i){o.isPending.set(!0),o.error.set(null);try{let u=await e(...i);return o.data.set(u),r&&r(u,...i),u}catch(u){throw o.error.set(u),n&&n(u,...i),u}finally{o.isPending.set(!1),f&&f(o.data.peek(),o.error.peek(),...i)}}return{mutate:s,isPending:()=>o.isPending(),error:()=>o.error(),data:()=>o.data(),reset:()=>{o.error.set(null),o.data.set(null)}}}export{I as action,F as csrfMetaTag,R as formAction,T as generateCsrfToken,D as getRegisteredActions,$ as handleActionRequest,x as invalidatePath,E as onRevalidate,P as useAction,U as useFormAction,j as useMutation,_ as useOptimistic,S as validateCsrfToken};
|
|
2
2
|
//# sourceMappingURL=actions.min.js.map
|
package/dist/actions.min.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../src/actions.js"],
|
|
4
|
-
"sourcesContent": ["// What Framework - Server Actions\n// Call server-side functions from client code seamlessly.\n// Similar to Next.js Server Actions / SolidStart server functions.\n//\n// Usage:\n// // Define on server\n// const saveUser = action(async (formData) => {\n// 'use server';\n// const user = await db.users.create(formData);\n// return { success: true, id: user.id };\n// });\n//\n// // Call from client\n// const result = await saveUser({ name: 'John' });\n\nimport { signal, batch } from 'what-core';\n\n// Registry of server actions\nconst actionRegistry = new Map();\n\n// --- CSRF Protection ---\n// Server generates a token per session; client sends it with every action request.\n// The token is injected into the page via a meta tag or embedded in the server response.\n\n// Client: read the CSRF token from the page meta tag or cookie\n// Re-reads on every call to handle token rotation\nfunction getCsrfToken() {\n if (typeof document !== 'undefined') {\n // Try meta tag first\n const meta = document.querySelector('meta[name=\"what-csrf-token\"]');\n if (meta) {\n return meta.getAttribute('content');\n }\n // Try cookie\n const match = document.cookie.match(/(?:^|;\\s*)what-csrf=([^;]+)/);\n if (match) {\n return decodeURIComponent(match[1]);\n }\n }\n return null;\n}\n\n// Server: generate a CSRF token (call this per session/request)\nexport function generateCsrfToken() {\n if (typeof crypto !== 'undefined' && crypto.randomUUID) {\n return crypto.randomUUID();\n }\n // Fallback for environments without crypto.randomUUID \u2014 use crypto.getRandomValues\n if (typeof crypto !== 'undefined' && crypto.getRandomValues) {\n const arr = new Uint8Array(16);\n crypto.getRandomValues(arr);\n return Array.from(arr, b => b.toString(16).padStart(2, '0')).join('');\n }\n // Last resort \u2014 should not be reached in modern environments\n throw new Error('[what] No secure random source available for CSRF token generation');\n}\n\n// Server: validate CSRF token from request header against session token\nexport function validateCsrfToken(requestToken, sessionToken) {\n if (!requestToken || !sessionToken) return false;\n // Constant-time comparison to prevent timing attacks\n if (requestToken.length !== sessionToken.length) return false;\n let result = 0;\n for (let i = 0; i < requestToken.length; i++) {\n result |= requestToken.charCodeAt(i) ^ sessionToken.charCodeAt(i);\n }\n return result === 0;\n}\n\n// Server: middleware helper to inject CSRF meta tag into HTML\nexport function csrfMetaTag(token) {\n // HTML-escape the token to prevent XSS if a non-standard value is used\n const escaped = String(token).replace(/&/g, '&').replace(/\"/g, '"').replace(/</g, '<').replace(/>/g, '>');\n return `<meta name=\"what-csrf-token\" content=\"${escaped}\">`;\n}\n\n// --- Define a server action ---\n\nfunction generateActionId() {\n // Generate a random ID that's not easily enumerable\n const rand = typeof crypto !== 'undefined' && crypto.getRandomValues\n ? Array.from(crypto.getRandomValues(new Uint8Array(6)), b => b.toString(16).padStart(2, '0')).join('')\n : Math.random().toString(36).slice(2, 10) + Date.now().toString(36);\n return `a_${rand}`;\n}\n\nexport function action(fn, options = {}) {\n const id = options.id || generateActionId();\n const { onError, onSuccess, revalidate } = options;\n\n // Server-side: register the action\n if (typeof window === 'undefined') {\n actionRegistry.set(id, { fn, options });\n }\n\n // Create the callable wrapper\n async function callAction(...args) {\n // Server-side: call directly\n if (typeof window === 'undefined') {\n return fn(...args);\n }\n\n // Client-side: call via fetch with timeout support\n const timeout = options.timeout || 30000; // Default 30s timeout\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), timeout);\n\n try {\n const csrfToken = getCsrfToken();\n const headers = {\n 'Content-Type': 'application/json',\n 'X-What-Action': id,\n };\n if (csrfToken) headers['X-CSRF-Token'] = csrfToken;\n\n const response = await fetch('/__what_action', {\n method: 'POST',\n headers,\n credentials: 'same-origin',\n signal: controller.signal,\n body: JSON.stringify({ args }),\n });\n\n if (!response.ok) {\n const error = await response.json().catch(() => ({ message: 'Action failed' }));\n throw new Error(error.message || 'Action failed');\n }\n\n const result = await response.json();\n\n if (onSuccess) onSuccess(result);\n if (revalidate) {\n // Trigger revalidation of specified paths\n for (const path of revalidate) {\n invalidatePath(path);\n }\n }\n\n return result;\n } catch (error) {\n if (error.name === 'AbortError') {\n const timeoutError = new Error(`Action \"${id}\" timed out after ${timeout}ms`);\n timeoutError.code = 'TIMEOUT';\n if (onError) onError(timeoutError);\n throw timeoutError;\n }\n if (onError) onError(error);\n throw error;\n } finally {\n clearTimeout(timeoutId);\n }\n }\n\n callAction._actionId = id;\n callAction._isAction = true;\n\n return callAction;\n}\n\n// --- Form action helper ---\n// For forms that submit to server actions.\n\nexport function formAction(actionFn, options = {}) {\n const { onSuccess, onError, resetOnSuccess = true } = options;\n\n return async (formDataOrEvent) => {\n let formData;\n let form;\n\n if (formDataOrEvent instanceof Event) {\n formDataOrEvent.preventDefault();\n form = formDataOrEvent.target;\n formData = new FormData(form);\n } else {\n formData = formDataOrEvent;\n }\n\n // Convert FormData to plain object, preserving File instances\n const data = {};\n let hasFiles = false;\n for (const [key, value] of formData.entries()) {\n if (typeof File !== 'undefined' && value instanceof File) {\n hasFiles = true;\n }\n if (data[key]) {\n // Handle multiple values (e.g., checkboxes, multi-file inputs)\n if (Array.isArray(data[key])) {\n data[key].push(value);\n } else {\n data[key] = [data[key], value];\n }\n } else {\n data[key] = value;\n }\n }\n\n try {\n // If form contains files, pass the raw FormData as second arg\n // so the action handler can access files directly\n const result = hasFiles\n ? await actionFn(data, formData)\n : await actionFn(data);\n if (onSuccess) onSuccess(result, form);\n if (resetOnSuccess && form) form.reset();\n return result;\n } catch (error) {\n if (onError) onError(error, form);\n throw error;\n }\n };\n}\n\n// --- useAction hook ---\n// Returns action state and trigger function.\n\nexport function useAction(actionFn) {\n const isPending = signal(false);\n const error = signal(null);\n const data = signal(null);\n\n async function trigger(...args) {\n isPending.set(true);\n error.set(null);\n\n try {\n const result = await actionFn(...args);\n data.set(result);\n return result;\n } catch (e) {\n error.set(e);\n throw e;\n } finally {\n isPending.set(false);\n }\n }\n\n return {\n trigger,\n isPending: () => isPending(),\n error: () => error(),\n data: () => data(),\n reset: () => {\n error.set(null);\n data.set(null);\n },\n };\n}\n\n// --- useFormAction hook ---\n// Combines useAction with form handling.\n\nexport function useFormAction(actionFn, options = {}) {\n const { resetOnSuccess = true } = options;\n const formRef = { current: null };\n const actionState = useAction(formAction(actionFn, { resetOnSuccess }));\n\n function handleSubmit(e) {\n e.preventDefault();\n const formData = new FormData(e.target);\n formRef.current = e.target;\n return actionState.trigger(formData);\n }\n\n return {\n ...actionState,\n handleSubmit,\n formRef,\n };\n}\n\n// --- Optimistic updates ---\n\nexport function useOptimistic(initialValue, reducer) {\n const value = signal(initialValue);\n const pending = signal([]);\n const baseValue = signal(initialValue); // Track the confirmed server value\n\n function addOptimistic(action) {\n const optimisticValue = reducer(value.peek(), action);\n batch(() => {\n pending.set([...pending.peek(), action]);\n value.set(optimisticValue);\n });\n }\n\n function resolve(action, serverValue) {\n batch(() => {\n pending.set(pending.peek().filter(a => a !== action));\n if (serverValue !== undefined) {\n baseValue.set(serverValue);\n // Recompute optimistic state from new base + remaining pending actions\n let current = serverValue;\n for (const a of pending.peek()) {\n current = reducer(current, a);\n }\n value.set(current);\n }\n });\n }\n\n function rollback(action, realValue) {\n batch(() => {\n const newPending = pending.peek().filter(a => a !== action);\n pending.set(newPending);\n const base = realValue !== undefined ? realValue : baseValue.peek();\n baseValue.set(base);\n // Recompute from base + remaining pending actions\n let current = base;\n for (const a of newPending) {\n current = reducer(current, a);\n }\n value.set(current);\n });\n }\n\n // Auto-rollback helper: wraps an async action with automatic rollback on error\n async function withOptimistic(action, asyncFn) {\n addOptimistic(action);\n try {\n const result = await asyncFn();\n resolve(action, result);\n return result;\n } catch (e) {\n rollback(action);\n throw e;\n }\n }\n\n return {\n value: () => value(),\n isPending: () => pending().length > 0,\n addOptimistic,\n resolve,\n rollback,\n withOptimistic,\n set: (v) => { value.set(v); baseValue.set(v); },\n };\n}\n\n// --- Path revalidation ---\n\nconst revalidationCallbacks = new Map();\n\nexport function onRevalidate(path, callback) {\n if (!revalidationCallbacks.has(path)) {\n revalidationCallbacks.set(path, new Set());\n }\n revalidationCallbacks.get(path).add(callback);\n\n return () => {\n revalidationCallbacks.get(path)?.delete(callback);\n };\n}\n\nexport function invalidatePath(path) {\n const callbacks = revalidationCallbacks.get(path);\n if (callbacks) {\n for (const cb of callbacks) {\n try { cb(); } catch (e) { console.error('[what] Revalidation error:', e); }\n }\n }\n}\n\n// --- Server-side action handler ---\n// Add this to your server middleware.\n\nexport function handleActionRequest(req, actionId, args, options = {}) {\n const { csrfToken: sessionCsrfToken, skipCsrf = false } = options;\n\n // Validate CSRF token unless explicitly skipped\n if (!skipCsrf) {\n if (!sessionCsrfToken) {\n // Fail closed: no CSRF token configured means the developer forgot to set it up.\n // This prevents silent security vulnerabilities in production.\n return Promise.resolve({\n status: 500,\n body: {\n message: '[what] CSRF token not configured. ' +\n 'Pass { csrfToken: sessionToken } to handleActionRequest, ' +\n 'or { skipCsrf: true } to explicitly opt out.'\n }\n });\n }\n const requestCsrfToken = req?.headers?.['x-csrf-token'] || req?.headers?.['X-CSRF-Token'];\n if (!validateCsrfToken(requestCsrfToken, sessionCsrfToken)) {\n return Promise.resolve({ status: 403, body: { message: 'Invalid CSRF token' } });\n }\n }\n\n const action = actionRegistry.get(actionId);\n if (!action) {\n return Promise.resolve({ status: 404, body: { message: 'Action not found' } });\n }\n\n // Validate args is an array to prevent prototype pollution\n if (!Array.isArray(args)) {\n return Promise.resolve({ status: 400, body: { message: 'Invalid action arguments' } });\n }\n\n return action.fn(...args)\n .then(result => ({ status: 200, body: result }))\n .catch(error => {\n // Log the full error server-side, return generic message to client\n console.error(`[what] Action \"${actionId}\" error:`, error);\n return {\n status: 500,\n body: { message: 'Action failed' },\n };\n });\n}\n\n// --- Get all registered actions (for SSR/build) ---\n\nexport function getRegisteredActions() {\n return [...actionRegistry.keys()];\n}\n\n// --- Mutation helper ---\n// Like useSWR mutation but simpler.\n\nexport function useMutation(mutationFn, options = {}) {\n const { onSuccess, onError, onSettled } = options;\n\n const state = {\n isPending: signal(false),\n error: signal(null),\n data: signal(null),\n };\n\n async function mutate(...args) {\n state.isPending.set(true);\n state.error.set(null);\n\n try {\n const result = await mutationFn(...args);\n state.data.set(result);\n if (onSuccess) onSuccess(result, ...args);\n return result;\n } catch (error) {\n state.error.set(error);\n if (onError) onError(error, ...args);\n throw error;\n } finally {\n state.isPending.set(false);\n if (onSettled) onSettled(state.data.peek(), state.error.peek(), ...args);\n }\n }\n\n return {\n mutate,\n isPending: () => state.isPending(),\n error: () => state.error(),\n data: () => state.data(),\n reset: () => {\n state.error.set(null);\n state.data.set(null);\n },\n };\n}\n"],
|
|
5
|
-
"mappings": "AAeA,OAAS,UAAAA,EAAQ,SAAAC,MAAa,YAG9B,IAAMC,EAAiB,IAAI,IAQ3B,SAASC,GAAe,CACtB,GAAI,OAAO,SAAa,IAAa,CAEnC,IAAMC,EAAO,SAAS,cAAc,8BAA8B,EAClE,GAAIA,EACF,OAAOA,EAAK,aAAa,SAAS,EAGpC,IAAMC,EAAQ,SAAS,OAAO,MAAM,6BAA6B,EACjE,GAAIA,EACF,OAAO,mBAAmBA,EAAM,CAAC,CAAC,CAEtC,CACA,OAAO,IACT,CAGO,SAASC,GAAoB,CAClC,GAAI,OAAO,OAAW,KAAe,OAAO,WAC1C,OAAO,OAAO,WAAW,EAG3B,GAAI,OAAO,OAAW,KAAe,OAAO,gBAAiB,CAC3D,IAAMC,EAAM,IAAI,WAAW,EAAE,EAC7B,cAAO,gBAAgBA,CAAG,EACnB,MAAM,KAAKA,EAAKC,GAAKA,EAAE,SAAS,EAAE,EAAE,SAAS,EAAG,GAAG,CAAC,EAAE,KAAK,EAAE,CACtE,CAEA,MAAM,IAAI,MAAM,oEAAoE,CACtF,CAGO,SAASC,EAAkBC,EAAcC,EAAc,CAG5D,GAFI,CAACD,GAAgB,CAACC,GAElBD,EAAa,SAAWC,EAAa,OAAQ,MAAO,GACxD,IAAIC,EAAS,EACb,QAASC,EAAI,EAAGA,EAAIH,EAAa,OAAQG,IACvCD,GAAUF,EAAa,WAAWG,CAAC,EAAIF,EAAa,WAAWE,CAAC,EAElE,OAAOD,IAAW,CACpB,CAGO,SAASE,EAAYC,EAAO,CAGjC,MAAO,yCADS,OAAOA,CAAK,EAAE,QAAQ,KAAM,OAAO,EAAE,QAAQ,KAAM,QAAQ,EAAE,QAAQ,KAAM,MAAM,EAAE,QAAQ,KAAM,MAAM,CAChE,IACzD,CAIA,SAASC,GAAmB,
|
|
6
|
-
"names": ["signal", "batch", "actionRegistry", "getCsrfToken", "meta", "match", "generateCsrfToken", "arr", "b", "validateCsrfToken", "requestToken", "sessionToken", "result", "i", "csrfMetaTag", "token", "generateActionId", "action", "fn", "options", "id", "onError", "onSuccess", "revalidate", "callAction", "args", "timeout", "controller", "timeoutId", "csrfToken", "headers", "response", "error", "path", "invalidatePath", "timeoutError", "formAction", "actionFn", "resetOnSuccess", "formDataOrEvent", "formData", "form", "data", "hasFiles", "key", "value", "useAction", "isPending", "trigger", "e", "useFormAction", "formRef", "actionState", "handleSubmit", "useOptimistic", "initialValue", "reducer", "pending", "baseValue", "addOptimistic", "optimisticValue", "resolve", "serverValue", "a", "current", "rollback", "realValue", "newPending", "base", "withOptimistic", "asyncFn", "v", "revalidationCallbacks", "onRevalidate", "callback", "callbacks", "cb", "handleActionRequest", "req", "actionId", "sessionCsrfToken", "skipCsrf", "requestCsrfToken", "getRegisteredActions", "useMutation", "mutationFn", "onSettled", "state", "mutate"]
|
|
4
|
+
"sourcesContent": ["// What Framework - Server Actions\n// Call server-side functions from client code seamlessly.\n// Similar to Next.js Server Actions / SolidStart server functions.\n//\n// Usage:\n// // Define on server\n// const saveUser = action(async (formData) => {\n// 'use server';\n// const user = await db.users.create(formData);\n// return { success: true, id: user.id };\n// });\n//\n// // Call from client\n// const result = await saveUser({ name: 'John' });\n\nimport { signal, batch } from 'what-core';\n\n// Registry of server actions\nconst actionRegistry = new Map();\n\n// --- CSRF Protection ---\n// Server generates a token per session; client sends it with every action request.\n// The token is injected into the page via a meta tag or embedded in the server response.\n\n// Client: read the CSRF token from the page meta tag or cookie\n// Re-reads on every call to handle token rotation\nfunction getCsrfToken() {\n if (typeof document !== 'undefined') {\n // Try meta tag first\n const meta = document.querySelector('meta[name=\"what-csrf-token\"]');\n if (meta) {\n return meta.getAttribute('content');\n }\n // Try cookie\n const match = document.cookie.match(/(?:^|;\\s*)what-csrf=([^;]+)/);\n if (match) {\n return decodeURIComponent(match[1]);\n }\n }\n return null;\n}\n\n// Server: generate a CSRF token (call this per session/request)\nexport function generateCsrfToken() {\n if (typeof crypto !== 'undefined' && crypto.randomUUID) {\n return crypto.randomUUID();\n }\n // Fallback for environments without crypto.randomUUID \u2014 use crypto.getRandomValues\n if (typeof crypto !== 'undefined' && crypto.getRandomValues) {\n const arr = new Uint8Array(16);\n crypto.getRandomValues(arr);\n return Array.from(arr, b => b.toString(16).padStart(2, '0')).join('');\n }\n // Last resort \u2014 should not be reached in modern environments\n throw new Error('[what] No secure random source available for CSRF token generation');\n}\n\n// Server: validate CSRF token from request header against session token\nexport function validateCsrfToken(requestToken, sessionToken) {\n if (!requestToken || !sessionToken) return false;\n // Constant-time comparison to prevent timing attacks\n if (requestToken.length !== sessionToken.length) return false;\n let result = 0;\n for (let i = 0; i < requestToken.length; i++) {\n result |= requestToken.charCodeAt(i) ^ sessionToken.charCodeAt(i);\n }\n return result === 0;\n}\n\n// Server: middleware helper to inject CSRF meta tag into HTML\nexport function csrfMetaTag(token) {\n // HTML-escape the token to prevent XSS if a non-standard value is used\n const escaped = String(token).replace(/&/g, '&').replace(/\"/g, '"').replace(/</g, '<').replace(/>/g, '>');\n return `<meta name=\"what-csrf-token\" content=\"${escaped}\">`;\n}\n\n// --- Define a server action ---\n\nlet _actionCounter = 0;\n\nfunction generateActionId() {\n // Generate a deterministic ID \u2014 prefer crypto.getRandomValues, fall back to a\n // monotonic counter (never Math.random, which is not cryptographically safe and\n // produces predictable IDs in some runtimes).\n const rand = typeof crypto !== 'undefined' && crypto.getRandomValues\n ? Array.from(crypto.getRandomValues(new Uint8Array(6)), b => b.toString(16).padStart(2, '0')).join('')\n : `c${(++_actionCounter).toString(36)}_${Date.now().toString(36)}`;\n return `a_${rand}`;\n}\n\nexport function action(fn, options = {}) {\n const id = options.id || generateActionId();\n const { onError, onSuccess, revalidate } = options;\n\n // Server-side: register the action\n if (typeof window === 'undefined') {\n actionRegistry.set(id, { fn, options });\n }\n\n // Create the callable wrapper\n async function callAction(...args) {\n // Server-side: call directly\n if (typeof window === 'undefined') {\n return fn(...args);\n }\n\n // Client-side: call via fetch with timeout support\n const timeout = options.timeout || 30000; // Default 30s timeout\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), timeout);\n\n try {\n const csrfToken = getCsrfToken();\n const headers = {\n 'Content-Type': 'application/json',\n 'X-What-Action': id,\n };\n if (csrfToken) headers['X-CSRF-Token'] = csrfToken;\n\n const response = await fetch('/__what_action', {\n method: 'POST',\n headers,\n credentials: 'same-origin',\n signal: controller.signal,\n body: JSON.stringify({ args }),\n });\n\n if (!response.ok) {\n const error = await response.json().catch(() => ({ message: 'Action failed' }));\n throw new Error(error.message || 'Action failed');\n }\n\n const result = await response.json();\n\n if (onSuccess) onSuccess(result);\n if (revalidate) {\n // Trigger revalidation of specified paths\n for (const path of revalidate) {\n invalidatePath(path);\n }\n }\n\n return result;\n } catch (error) {\n if (error.name === 'AbortError') {\n const timeoutError = new Error(`Action \"${id}\" timed out after ${timeout}ms`);\n timeoutError.code = 'TIMEOUT';\n if (onError) onError(timeoutError);\n throw timeoutError;\n }\n if (onError) onError(error);\n throw error;\n } finally {\n clearTimeout(timeoutId);\n }\n }\n\n callAction._actionId = id;\n callAction._isAction = true;\n\n return callAction;\n}\n\n// --- Form action helper ---\n// For forms that submit to server actions.\n\nexport function formAction(actionFn, options = {}) {\n const { onSuccess, onError, resetOnSuccess = true } = options;\n\n return async (formDataOrEvent) => {\n let formData;\n let form;\n\n if (formDataOrEvent instanceof Event) {\n formDataOrEvent.preventDefault();\n form = formDataOrEvent.target;\n formData = new FormData(form);\n } else {\n formData = formDataOrEvent;\n }\n\n // Convert FormData to plain object, preserving File instances\n const data = {};\n let hasFiles = false;\n for (const [key, value] of formData.entries()) {\n if (typeof File !== 'undefined' && value instanceof File) {\n hasFiles = true;\n }\n if (data[key]) {\n // Handle multiple values (e.g., checkboxes, multi-file inputs)\n if (Array.isArray(data[key])) {\n data[key].push(value);\n } else {\n data[key] = [data[key], value];\n }\n } else {\n data[key] = value;\n }\n }\n\n try {\n // If form contains files, pass the raw FormData as second arg\n // so the action handler can access files directly\n const result = hasFiles\n ? await actionFn(data, formData)\n : await actionFn(data);\n if (onSuccess) onSuccess(result, form);\n if (resetOnSuccess && form) form.reset();\n return result;\n } catch (error) {\n if (onError) onError(error, form);\n throw error;\n }\n };\n}\n\n// --- useAction hook ---\n// Returns action state and trigger function.\n\nexport function useAction(actionFn) {\n const isPending = signal(false);\n const error = signal(null);\n const data = signal(null);\n\n async function trigger(...args) {\n isPending.set(true);\n error.set(null);\n\n try {\n const result = await actionFn(...args);\n data.set(result);\n return result;\n } catch (e) {\n error.set(e);\n throw e;\n } finally {\n isPending.set(false);\n }\n }\n\n return {\n trigger,\n isPending: () => isPending(),\n error: () => error(),\n data: () => data(),\n reset: () => {\n error.set(null);\n data.set(null);\n },\n };\n}\n\n// --- useFormAction hook ---\n// Combines useAction with form handling.\n\nexport function useFormAction(actionFn, options = {}) {\n const { resetOnSuccess = true } = options;\n const formRef = { current: null };\n const actionState = useAction(formAction(actionFn, { resetOnSuccess }));\n\n function handleSubmit(e) {\n e.preventDefault();\n const formData = new FormData(e.target);\n formRef.current = e.target;\n return actionState.trigger(formData);\n }\n\n return {\n ...actionState,\n handleSubmit,\n formRef,\n };\n}\n\n// --- Optimistic updates ---\n\nexport function useOptimistic(initialValue, reducer) {\n const value = signal(initialValue);\n const pending = signal([]);\n const baseValue = signal(initialValue); // Track the confirmed server value\n\n function addOptimistic(action) {\n const optimisticValue = reducer(value.peek(), action);\n batch(() => {\n pending.set([...pending.peek(), action]);\n value.set(optimisticValue);\n });\n }\n\n function resolve(action, serverValue) {\n batch(() => {\n pending.set(pending.peek().filter(a => a !== action));\n if (serverValue !== undefined) {\n baseValue.set(serverValue);\n // Recompute optimistic state from new base + remaining pending actions\n let current = serverValue;\n for (const a of pending.peek()) {\n current = reducer(current, a);\n }\n value.set(current);\n }\n });\n }\n\n function rollback(action, realValue) {\n batch(() => {\n const newPending = pending.peek().filter(a => a !== action);\n pending.set(newPending);\n const base = realValue !== undefined ? realValue : baseValue.peek();\n baseValue.set(base);\n // Recompute from base + remaining pending actions\n let current = base;\n for (const a of newPending) {\n current = reducer(current, a);\n }\n value.set(current);\n });\n }\n\n // Auto-rollback helper: wraps an async action with automatic rollback on error\n async function withOptimistic(action, asyncFn) {\n addOptimistic(action);\n try {\n const result = await asyncFn();\n resolve(action, result);\n return result;\n } catch (e) {\n rollback(action);\n throw e;\n }\n }\n\n return {\n value: () => value(),\n isPending: () => pending().length > 0,\n addOptimistic,\n resolve,\n rollback,\n withOptimistic,\n set: (v) => { value.set(v); baseValue.set(v); },\n };\n}\n\n// --- Path revalidation ---\n\nconst revalidationCallbacks = new Map();\n\nexport function onRevalidate(path, callback) {\n if (!revalidationCallbacks.has(path)) {\n revalidationCallbacks.set(path, new Set());\n }\n revalidationCallbacks.get(path).add(callback);\n\n return () => {\n revalidationCallbacks.get(path)?.delete(callback);\n };\n}\n\nexport function invalidatePath(path) {\n const callbacks = revalidationCallbacks.get(path);\n if (callbacks) {\n for (const cb of callbacks) {\n try { cb(); } catch (e) { console.error('[what] Revalidation error:', e); }\n }\n }\n}\n\n// --- Server-side action handler ---\n// Add this to your server middleware.\n\nexport function handleActionRequest(req, actionId, args, options = {}) {\n const { csrfToken: sessionCsrfToken, skipCsrf = false } = options;\n\n // Validate CSRF token unless explicitly skipped\n if (!skipCsrf) {\n if (!sessionCsrfToken) {\n // Fail closed: no CSRF token configured means the developer forgot to set it up.\n // This prevents silent security vulnerabilities in production.\n return Promise.resolve({\n status: 500,\n body: {\n message: '[what] CSRF token not configured. ' +\n 'Pass { csrfToken: sessionToken } to handleActionRequest, ' +\n 'or { skipCsrf: true } to explicitly opt out.'\n }\n });\n }\n const requestCsrfToken = req?.headers?.['x-csrf-token'] || req?.headers?.['X-CSRF-Token'];\n if (!validateCsrfToken(requestCsrfToken, sessionCsrfToken)) {\n return Promise.resolve({ status: 403, body: { message: 'Invalid CSRF token' } });\n }\n }\n\n const action = actionRegistry.get(actionId);\n if (!action) {\n return Promise.resolve({ status: 404, body: { message: 'Action not found' } });\n }\n\n // Validate args is an array to prevent prototype pollution\n if (!Array.isArray(args)) {\n return Promise.resolve({ status: 400, body: { message: 'Invalid action arguments' } });\n }\n\n return action.fn(...args)\n .then(result => ({ status: 200, body: result }))\n .catch(error => {\n // Log the full error server-side, return generic message to client\n console.error(`[what] Action \"${actionId}\" error:`, error);\n return {\n status: 500,\n body: { message: 'Action failed' },\n };\n });\n}\n\n// --- Get all registered actions (for SSR/build) ---\n\nexport function getRegisteredActions() {\n return [...actionRegistry.keys()];\n}\n\n// --- Mutation helper ---\n// Like useSWR mutation but simpler.\n\nexport function useMutation(mutationFn, options = {}) {\n const { onSuccess, onError, onSettled } = options;\n\n const state = {\n isPending: signal(false),\n error: signal(null),\n data: signal(null),\n };\n\n async function mutate(...args) {\n state.isPending.set(true);\n state.error.set(null);\n\n try {\n const result = await mutationFn(...args);\n state.data.set(result);\n if (onSuccess) onSuccess(result, ...args);\n return result;\n } catch (error) {\n state.error.set(error);\n if (onError) onError(error, ...args);\n throw error;\n } finally {\n state.isPending.set(false);\n if (onSettled) onSettled(state.data.peek(), state.error.peek(), ...args);\n }\n }\n\n return {\n mutate,\n isPending: () => state.isPending(),\n error: () => state.error(),\n data: () => state.data(),\n reset: () => {\n state.error.set(null);\n state.data.set(null);\n },\n };\n}\n"],
|
|
5
|
+
"mappings": "AAeA,OAAS,UAAAA,EAAQ,SAAAC,MAAa,YAG9B,IAAMC,EAAiB,IAAI,IAQ3B,SAASC,GAAe,CACtB,GAAI,OAAO,SAAa,IAAa,CAEnC,IAAMC,EAAO,SAAS,cAAc,8BAA8B,EAClE,GAAIA,EACF,OAAOA,EAAK,aAAa,SAAS,EAGpC,IAAMC,EAAQ,SAAS,OAAO,MAAM,6BAA6B,EACjE,GAAIA,EACF,OAAO,mBAAmBA,EAAM,CAAC,CAAC,CAEtC,CACA,OAAO,IACT,CAGO,SAASC,GAAoB,CAClC,GAAI,OAAO,OAAW,KAAe,OAAO,WAC1C,OAAO,OAAO,WAAW,EAG3B,GAAI,OAAO,OAAW,KAAe,OAAO,gBAAiB,CAC3D,IAAMC,EAAM,IAAI,WAAW,EAAE,EAC7B,cAAO,gBAAgBA,CAAG,EACnB,MAAM,KAAKA,EAAKC,GAAKA,EAAE,SAAS,EAAE,EAAE,SAAS,EAAG,GAAG,CAAC,EAAE,KAAK,EAAE,CACtE,CAEA,MAAM,IAAI,MAAM,oEAAoE,CACtF,CAGO,SAASC,EAAkBC,EAAcC,EAAc,CAG5D,GAFI,CAACD,GAAgB,CAACC,GAElBD,EAAa,SAAWC,EAAa,OAAQ,MAAO,GACxD,IAAIC,EAAS,EACb,QAASC,EAAI,EAAGA,EAAIH,EAAa,OAAQG,IACvCD,GAAUF,EAAa,WAAWG,CAAC,EAAIF,EAAa,WAAWE,CAAC,EAElE,OAAOD,IAAW,CACpB,CAGO,SAASE,EAAYC,EAAO,CAGjC,MAAO,yCADS,OAAOA,CAAK,EAAE,QAAQ,KAAM,OAAO,EAAE,QAAQ,KAAM,QAAQ,EAAE,QAAQ,KAAM,MAAM,EAAE,QAAQ,KAAM,MAAM,CAChE,IACzD,CAIA,IAAIC,EAAiB,EAErB,SAASC,GAAmB,CAO1B,MAAO,KAHM,OAAO,OAAW,KAAe,OAAO,gBACjD,MAAM,KAAK,OAAO,gBAAgB,IAAI,WAAW,CAAC,CAAC,EAAGT,GAAKA,EAAE,SAAS,EAAE,EAAE,SAAS,EAAG,GAAG,CAAC,EAAE,KAAK,EAAE,EACnG,KAAK,EAAEQ,GAAgB,SAAS,EAAE,CAAC,IAAI,KAAK,IAAI,EAAE,SAAS,EAAE,CAAC,EAClD,EAClB,CAEO,SAASE,EAAOC,EAAIC,EAAU,CAAC,EAAG,CACvC,IAAMC,EAAKD,EAAQ,IAAMH,EAAiB,EACpC,CAAE,QAAAK,EAAS,UAAAC,EAAW,WAAAC,CAAW,EAAIJ,EAGvC,OAAO,OAAW,KACpBlB,EAAe,IAAImB,EAAI,CAAE,GAAAF,EAAI,QAAAC,CAAQ,CAAC,EAIxC,eAAeK,KAAcC,EAAM,CAEjC,GAAI,OAAO,OAAW,IACpB,OAAOP,EAAG,GAAGO,CAAI,EAInB,IAAMC,EAAUP,EAAQ,SAAW,IAC7BQ,EAAa,IAAI,gBACjBC,EAAY,WAAW,IAAMD,EAAW,MAAM,EAAGD,CAAO,EAE9D,GAAI,CACF,IAAMG,EAAY3B,EAAa,EACzB4B,EAAU,CACd,eAAgB,mBAChB,gBAAiBV,CACnB,EACIS,IAAWC,EAAQ,cAAc,EAAID,GAEzC,IAAME,EAAW,MAAM,MAAM,iBAAkB,CAC7C,OAAQ,OACR,QAAAD,EACA,YAAa,cACb,OAAQH,EAAW,OACnB,KAAM,KAAK,UAAU,CAAE,KAAAF,CAAK,CAAC,CAC/B,CAAC,EAED,GAAI,CAACM,EAAS,GAAI,CAChB,IAAMC,EAAQ,MAAMD,EAAS,KAAK,EAAE,MAAM,KAAO,CAAE,QAAS,eAAgB,EAAE,EAC9E,MAAM,IAAI,MAAMC,EAAM,SAAW,eAAe,CAClD,CAEA,IAAMrB,EAAS,MAAMoB,EAAS,KAAK,EAGnC,GADIT,GAAWA,EAAUX,CAAM,EAC3BY,EAEF,QAAWU,KAAQV,EACjBW,EAAeD,CAAI,EAIvB,OAAOtB,CACT,OAASqB,EAAO,CACd,GAAIA,EAAM,OAAS,aAAc,CAC/B,IAAMG,EAAe,IAAI,MAAM,WAAWf,CAAE,qBAAqBM,CAAO,IAAI,EAC5E,MAAAS,EAAa,KAAO,UAChBd,GAASA,EAAQc,CAAY,EAC3BA,CACR,CACA,MAAId,GAASA,EAAQW,CAAK,EACpBA,CACR,QAAE,CACA,aAAaJ,CAAS,CACxB,CACF,CAEA,OAAAJ,EAAW,UAAYJ,EACvBI,EAAW,UAAY,GAEhBA,CACT,CAKO,SAASY,EAAWC,EAAUlB,EAAU,CAAC,EAAG,CACjD,GAAM,CAAE,UAAAG,EAAW,QAAAD,EAAS,eAAAiB,EAAiB,EAAK,EAAInB,EAEtD,MAAO,OAAOoB,GAAoB,CAChC,IAAIC,EACAC,EAEAF,aAA2B,OAC7BA,EAAgB,eAAe,EAC/BE,EAAOF,EAAgB,OACvBC,EAAW,IAAI,SAASC,CAAI,GAE5BD,EAAWD,EAIb,IAAMG,EAAO,CAAC,EACVC,EAAW,GACf,OAAW,CAACC,EAAKC,CAAK,IAAKL,EAAS,QAAQ,EACtC,OAAO,KAAS,KAAeK,aAAiB,OAClDF,EAAW,IAETD,EAAKE,CAAG,EAEN,MAAM,QAAQF,EAAKE,CAAG,CAAC,EACzBF,EAAKE,CAAG,EAAE,KAAKC,CAAK,EAEpBH,EAAKE,CAAG,EAAI,CAACF,EAAKE,CAAG,EAAGC,CAAK,EAG/BH,EAAKE,CAAG,EAAIC,EAIhB,GAAI,CAGF,IAAMlC,EAASgC,EACX,MAAMN,EAASK,EAAMF,CAAQ,EAC7B,MAAMH,EAASK,CAAI,EACvB,OAAIpB,GAAWA,EAAUX,EAAQ8B,CAAI,EACjCH,GAAkBG,GAAMA,EAAK,MAAM,EAChC9B,CACT,OAASqB,EAAO,CACd,MAAIX,GAASA,EAAQW,EAAOS,CAAI,EAC1BT,CACR,CACF,CACF,CAKO,SAASc,EAAUT,EAAU,CAClC,IAAMU,EAAYhD,EAAO,EAAK,EACxBiC,EAAQjC,EAAO,IAAI,EACnB2C,EAAO3C,EAAO,IAAI,EAExB,eAAeiD,KAAWvB,EAAM,CAC9BsB,EAAU,IAAI,EAAI,EAClBf,EAAM,IAAI,IAAI,EAEd,GAAI,CACF,IAAMrB,EAAS,MAAM0B,EAAS,GAAGZ,CAAI,EACrC,OAAAiB,EAAK,IAAI/B,CAAM,EACRA,CACT,OAASsC,EAAG,CACV,MAAAjB,EAAM,IAAIiB,CAAC,EACLA,CACR,QAAE,CACAF,EAAU,IAAI,EAAK,CACrB,CACF,CAEA,MAAO,CACL,QAAAC,EACA,UAAW,IAAMD,EAAU,EAC3B,MAAO,IAAMf,EAAM,EACnB,KAAM,IAAMU,EAAK,EACjB,MAAO,IAAM,CACXV,EAAM,IAAI,IAAI,EACdU,EAAK,IAAI,IAAI,CACf,CACF,CACF,CAKO,SAASQ,EAAcb,EAAUlB,EAAU,CAAC,EAAG,CACpD,GAAM,CAAE,eAAAmB,EAAiB,EAAK,EAAInB,EAC5BgC,EAAU,CAAE,QAAS,IAAK,EAC1BC,EAAcN,EAAUV,EAAWC,EAAU,CAAE,eAAAC,CAAe,CAAC,CAAC,EAEtE,SAASe,EAAaJ,EAAG,CACvBA,EAAE,eAAe,EACjB,IAAMT,EAAW,IAAI,SAASS,EAAE,MAAM,EACtC,OAAAE,EAAQ,QAAUF,EAAE,OACbG,EAAY,QAAQZ,CAAQ,CACrC,CAEA,MAAO,CACL,GAAGY,EACH,aAAAC,EACA,QAAAF,CACF,CACF,CAIO,SAASG,EAAcC,EAAcC,EAAS,CACnD,IAAMX,EAAQ9C,EAAOwD,CAAY,EAC3BE,EAAU1D,EAAO,CAAC,CAAC,EACnB2D,EAAY3D,EAAOwD,CAAY,EAErC,SAASI,EAAc1C,EAAQ,CAC7B,IAAM2C,EAAkBJ,EAAQX,EAAM,KAAK,EAAG5B,CAAM,EACpDjB,EAAM,IAAM,CACVyD,EAAQ,IAAI,CAAC,GAAGA,EAAQ,KAAK,EAAGxC,CAAM,CAAC,EACvC4B,EAAM,IAAIe,CAAe,CAC3B,CAAC,CACH,CAEA,SAASC,EAAQ5C,EAAQ6C,EAAa,CACpC9D,EAAM,IAAM,CAEV,GADAyD,EAAQ,IAAIA,EAAQ,KAAK,EAAE,OAAOM,GAAKA,IAAM9C,CAAM,CAAC,EAChD6C,IAAgB,OAAW,CAC7BJ,EAAU,IAAII,CAAW,EAEzB,IAAIE,EAAUF,EACd,QAAWC,KAAKN,EAAQ,KAAK,EAC3BO,EAAUR,EAAQQ,EAASD,CAAC,EAE9BlB,EAAM,IAAImB,CAAO,CACnB,CACF,CAAC,CACH,CAEA,SAASC,EAAShD,EAAQiD,EAAW,CACnClE,EAAM,IAAM,CACV,IAAMmE,EAAaV,EAAQ,KAAK,EAAE,OAAOM,GAAKA,IAAM9C,CAAM,EAC1DwC,EAAQ,IAAIU,CAAU,EACtB,IAAMC,EAAOF,IAAc,OAAYA,EAAYR,EAAU,KAAK,EAClEA,EAAU,IAAIU,CAAI,EAElB,IAAIJ,EAAUI,EACd,QAAWL,KAAKI,EACdH,EAAUR,EAAQQ,EAASD,CAAC,EAE9BlB,EAAM,IAAImB,CAAO,CACnB,CAAC,CACH,CAGA,eAAeK,EAAepD,EAAQqD,EAAS,CAC7CX,EAAc1C,CAAM,EACpB,GAAI,CACF,IAAMN,EAAS,MAAM2D,EAAQ,EAC7B,OAAAT,EAAQ5C,EAAQN,CAAM,EACfA,CACT,OAASsC,EAAG,CACV,MAAAgB,EAAShD,CAAM,EACTgC,CACR,CACF,CAEA,MAAO,CACL,MAAO,IAAMJ,EAAM,EACnB,UAAW,IAAMY,EAAQ,EAAE,OAAS,EACpC,cAAAE,EACA,QAAAE,EACA,SAAAI,EACA,eAAAI,EACA,IAAME,GAAM,CAAE1B,EAAM,IAAI0B,CAAC,EAAGb,EAAU,IAAIa,CAAC,CAAG,CAChD,CACF,CAIA,IAAMC,EAAwB,IAAI,IAE3B,SAASC,EAAaxC,EAAMyC,EAAU,CAC3C,OAAKF,EAAsB,IAAIvC,CAAI,GACjCuC,EAAsB,IAAIvC,EAAM,IAAI,GAAK,EAE3CuC,EAAsB,IAAIvC,CAAI,EAAE,IAAIyC,CAAQ,EAErC,IAAM,CACXF,EAAsB,IAAIvC,CAAI,GAAG,OAAOyC,CAAQ,CAClD,CACF,CAEO,SAASxC,EAAeD,EAAM,CACnC,IAAM0C,EAAYH,EAAsB,IAAIvC,CAAI,EAChD,GAAI0C,EACF,QAAWC,KAAMD,EACf,GAAI,CAAEC,EAAG,CAAG,OAAS3B,EAAG,CAAE,QAAQ,MAAM,6BAA8BA,CAAC,CAAG,CAGhF,CAKO,SAAS4B,EAAoBC,EAAKC,EAAUtD,EAAMN,EAAU,CAAC,EAAG,CACrE,GAAM,CAAE,UAAW6D,EAAkB,SAAAC,EAAW,EAAM,EAAI9D,EAG1D,GAAI,CAAC8D,EAAU,CACb,GAAI,CAACD,EAGH,OAAO,QAAQ,QAAQ,CACrB,OAAQ,IACR,KAAM,CACJ,QAAS,yIAGX,CACF,CAAC,EAEH,IAAME,EAAmBJ,GAAK,UAAU,cAAc,GAAKA,GAAK,UAAU,cAAc,EACxF,GAAI,CAACtE,EAAkB0E,EAAkBF,CAAgB,EACvD,OAAO,QAAQ,QAAQ,CAAE,OAAQ,IAAK,KAAM,CAAE,QAAS,oBAAqB,CAAE,CAAC,CAEnF,CAEA,IAAM/D,EAAShB,EAAe,IAAI8E,CAAQ,EAC1C,OAAK9D,EAKA,MAAM,QAAQQ,CAAI,EAIhBR,EAAO,GAAG,GAAGQ,CAAI,EACrB,KAAKd,IAAW,CAAE,OAAQ,IAAK,KAAMA,CAAO,EAAE,EAC9C,MAAMqB,IAEL,QAAQ,MAAM,kBAAkB+C,CAAQ,WAAY/C,CAAK,EAClD,CACL,OAAQ,IACR,KAAM,CAAE,QAAS,eAAgB,CACnC,EACD,EAZM,QAAQ,QAAQ,CAAE,OAAQ,IAAK,KAAM,CAAE,QAAS,0BAA2B,CAAE,CAAC,EAL9E,QAAQ,QAAQ,CAAE,OAAQ,IAAK,KAAM,CAAE,QAAS,kBAAmB,CAAE,CAAC,CAkBjF,CAIO,SAASmD,GAAuB,CACrC,MAAO,CAAC,GAAGlF,EAAe,KAAK,CAAC,CAClC,CAKO,SAASmF,EAAYC,EAAYlE,EAAU,CAAC,EAAG,CACpD,GAAM,CAAE,UAAAG,EAAW,QAAAD,EAAS,UAAAiE,CAAU,EAAInE,EAEpCoE,EAAQ,CACZ,UAAWxF,EAAO,EAAK,EACvB,MAAOA,EAAO,IAAI,EAClB,KAAMA,EAAO,IAAI,CACnB,EAEA,eAAeyF,KAAU/D,EAAM,CAC7B8D,EAAM,UAAU,IAAI,EAAI,EACxBA,EAAM,MAAM,IAAI,IAAI,EAEpB,GAAI,CACF,IAAM5E,EAAS,MAAM0E,EAAW,GAAG5D,CAAI,EACvC,OAAA8D,EAAM,KAAK,IAAI5E,CAAM,EACjBW,GAAWA,EAAUX,EAAQ,GAAGc,CAAI,EACjCd,CACT,OAASqB,EAAO,CACd,MAAAuD,EAAM,MAAM,IAAIvD,CAAK,EACjBX,GAASA,EAAQW,EAAO,GAAGP,CAAI,EAC7BO,CACR,QAAE,CACAuD,EAAM,UAAU,IAAI,EAAK,EACrBD,GAAWA,EAAUC,EAAM,KAAK,KAAK,EAAGA,EAAM,MAAM,KAAK,EAAG,GAAG9D,CAAI,CACzE,CACF,CAEA,MAAO,CACL,OAAA+D,EACA,UAAW,IAAMD,EAAM,UAAU,EACjC,MAAO,IAAMA,EAAM,MAAM,EACzB,KAAM,IAAMA,EAAM,KAAK,EACvB,MAAO,IAAM,CACXA,EAAM,MAAM,IAAI,IAAI,EACpBA,EAAM,KAAK,IAAI,IAAI,CACrB,CACF,CACF",
|
|
6
|
+
"names": ["signal", "batch", "actionRegistry", "getCsrfToken", "meta", "match", "generateCsrfToken", "arr", "b", "validateCsrfToken", "requestToken", "sessionToken", "result", "i", "csrfMetaTag", "token", "_actionCounter", "generateActionId", "action", "fn", "options", "id", "onError", "onSuccess", "revalidate", "callAction", "args", "timeout", "controller", "timeoutId", "csrfToken", "headers", "response", "error", "path", "invalidatePath", "timeoutError", "formAction", "actionFn", "resetOnSuccess", "formDataOrEvent", "formData", "form", "data", "hasFiles", "key", "value", "useAction", "isPending", "trigger", "e", "useFormAction", "formRef", "actionState", "handleSubmit", "useOptimistic", "initialValue", "reducer", "pending", "baseValue", "addOptimistic", "optimisticValue", "resolve", "serverValue", "a", "current", "rollback", "realValue", "newPending", "base", "withOptimistic", "asyncFn", "v", "revalidationCallbacks", "onRevalidate", "callback", "callbacks", "cb", "handleActionRequest", "req", "actionId", "sessionCsrfToken", "skipCsrf", "requestCsrfToken", "getRegisteredActions", "useMutation", "mutationFn", "onSettled", "state", "mutate"]
|
|
7
7
|
}
|
package/dist/index.js
CHANGED
|
@@ -41,8 +41,9 @@ function csrfMetaTag(token) {
|
|
|
41
41
|
const escaped = String(token).replace(/&/g, "&").replace(/"/g, """).replace(/</g, "<").replace(/>/g, ">");
|
|
42
42
|
return `<meta name="what-csrf-token" content="${escaped}">`;
|
|
43
43
|
}
|
|
44
|
+
var _actionCounter = 0;
|
|
44
45
|
function generateActionId() {
|
|
45
|
-
const rand = typeof crypto !== "undefined" && crypto.getRandomValues ? Array.from(crypto.getRandomValues(new Uint8Array(6)), (b) => b.toString(16).padStart(2, "0")).join("") :
|
|
46
|
+
const rand = typeof crypto !== "undefined" && crypto.getRandomValues ? Array.from(crypto.getRandomValues(new Uint8Array(6)), (b) => b.toString(16).padStart(2, "0")).join("") : `c${(++_actionCounter).toString(36)}_${Date.now().toString(36)}`;
|
|
46
47
|
return `a_${rand}`;
|
|
47
48
|
}
|
|
48
49
|
function action(fn, options = {}) {
|
package/dist/index.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../src/index.js", "../src/actions.js"],
|
|
4
|
-
"sourcesContent": ["// What Framework - Server\n// SSR, static site generation, server components.\n// Zero-JS pages by default. Islands opt-in to client JS.\n\nimport { h } from 'what-core';\n\n// --- Hydration ID Generator ---\nlet _hydrationIdCounter = 0;\n\nfunction resetHydrationId() {\n _hydrationIdCounter = 0;\n}\n\nfunction nextHydrationId() {\n return 'h' + (_hydrationIdCounter++);\n}\n\n// --- Render to Hydratable String ---\n// Renders with hydration markers (data-hk attributes, comment boundaries)\n// so the client can reuse the server-rendered DOM.\n\nexport function renderToHydratableString(vnode) {\n resetHydrationId();\n return _renderHydratable(vnode);\n}\n\nfunction _renderHydratable(vnode) {\n if (vnode == null || vnode === false || vnode === true) return '';\n\n // Text\n if (typeof vnode === 'string' || typeof vnode === 'number') {\n return escapeHtml(String(vnode));\n }\n\n // Signal \u2014 unwrap\n if (typeof vnode === 'function' && vnode._signal) {\n return `<!--$-->${_renderHydratable(vnode())}<!--/$-->`;\n }\n\n // Reactive function child \u2014 wrap in dynamic content markers\n if (typeof vnode === 'function') {\n try {\n return `<!--$-->${_renderHydratable(vnode())}<!--/$-->`;\n } catch (e) {\n if (typeof process !== 'undefined' && process.env?.NODE_ENV !== 'production') {\n console.warn('[what-server] Error rendering reactive function in SSR:', e.message);\n }\n return '<!--$--><!--/$-->';\n }\n }\n\n // Array \u2014 wrap in list markers\n if (Array.isArray(vnode)) {\n return `<!--[]-->${vnode.map(_renderHydratable).join('')}<!--/[]-->`;\n }\n\n // Component \u2014 add hydration key to root element\n if (typeof vnode.tag === 'function') {\n const hkId = nextHydrationId();\n const result = vnode.tag({ ...vnode.props, children: vnode.children });\n const html = _renderHydratable(result);\n // Inject data-hk into the first element tag if present\n return injectHydrationKey(html, hkId);\n }\n\n // Element\n const { tag, props, children } = vnode;\n const attrs = renderAttrs(props || {});\n const open = `<${tag}${attrs}>`;\n\n // Void elements\n if (VOID_ELEMENTS.has(tag)) return open;\n\n const rawInner = _resolveInnerHTML(props);\n const inner = rawInner != null ? String(rawInner) : children.map(_renderHydratable).join('');\n return `${open}${inner}</${tag}>`;\n}\n\n// Inject data-hk=\"id\" into the first HTML opening tag\nfunction injectHydrationKey(html, hkId) {\n // Skip comment markers to find the first real element\n const match = html.match(/^((?:<!--.*?-->)*)<([a-zA-Z][a-zA-Z0-9-]*)/);\n if (match) {\n const prefix = match[1];\n const tagName = match[2];\n const insertAt = prefix.length + 1 + tagName.length; // after '<tagName'\n return html.slice(0, insertAt) + ` data-hk=\"${hkId}\"` + html.slice(insertAt);\n }\n return html;\n}\n\n// --- Render to String ---\n// Renders a VNode tree to an HTML string. Used for SSR and static gen.\n\nexport function renderToString(vnode) {\n if (vnode == null || vnode === false || vnode === true) return '';\n\n // Text\n if (typeof vnode === 'string' || typeof vnode === 'number') {\n return escapeHtml(String(vnode));\n }\n\n // Signal \u2014 unwrap by calling it\n if (typeof vnode === 'function' && vnode._signal) {\n return renderToString(vnode());\n }\n\n // Reactive function child \u2014 call to get value\n if (typeof vnode === 'function') {\n try {\n return renderToString(vnode());\n } catch (e) {\n if (typeof process !== 'undefined' && process.env?.NODE_ENV !== 'production') {\n console.warn('[what-server] Error rendering reactive function in SSR:', e.message);\n }\n return '';\n }\n }\n\n // Array\n if (Array.isArray(vnode)) {\n return vnode.map(renderToString).join('');\n }\n\n // Component\n if (typeof vnode.tag === 'function') {\n const result = vnode.tag({ ...vnode.props, children: vnode.children });\n return renderToString(result);\n }\n\n // Element\n const { tag, props, children } = vnode;\n const attrs = renderAttrs(props || {});\n const open = `<${tag}${attrs}>`;\n\n // Void elements\n if (VOID_ELEMENTS.has(tag)) return open;\n\n const rawInner = _resolveInnerHTML(props);\n const inner = rawInner != null ? String(rawInner) : children.map(renderToString).join('');\n return `${open}${inner}</${tag}>`;\n}\n\n// --- Stream Render ---\n// Returns an async iterator for streaming SSR.\n\nexport async function* renderToStream(vnode) {\n if (vnode == null || vnode === false || vnode === true) return;\n\n if (typeof vnode === 'string' || typeof vnode === 'number') {\n yield escapeHtml(String(vnode));\n return;\n }\n\n // Signal \u2014 unwrap by calling it\n if (typeof vnode === 'function' && vnode._signal) {\n yield* renderToStream(vnode());\n return;\n }\n\n // Reactive function child \u2014 call to get value\n if (typeof vnode === 'function') {\n try {\n yield* renderToStream(vnode());\n } catch (e) {\n if (typeof process !== 'undefined' && process.env?.NODE_ENV !== 'production') {\n console.warn('[what-server] Error rendering reactive function in stream SSR:', e.message);\n }\n }\n return;\n }\n\n if (Array.isArray(vnode)) {\n for (const child of vnode) {\n yield* renderToStream(child);\n }\n return;\n }\n\n if (typeof vnode.tag === 'function') {\n try {\n const result = vnode.tag({ ...vnode.props, children: vnode.children });\n // Support async components\n const resolved = result instanceof Promise ? await result : result;\n yield* renderToStream(resolved);\n } catch (e) {\n if (typeof process !== 'undefined' && process.env?.NODE_ENV !== 'production') {\n console.warn('[what-server] Error rendering component in stream SSR:', e.message);\n }\n yield _isDevMode\n ? `<!-- SSR Error: ${escapeHtml(e.message || 'Component error')} -->`\n : `<!-- SSR Error -->`;\n }\n return;\n }\n\n const { tag, props, children } = vnode;\n const attrs = renderAttrs(props || {});\n yield `<${tag}${attrs}>`;\n\n if (!VOID_ELEMENTS.has(tag)) {\n const rawInner = _resolveInnerHTML(props);\n if (rawInner != null) {\n yield String(rawInner);\n } else {\n for (const child of children) {\n yield* renderToStream(child);\n }\n }\n yield `</${tag}>`;\n }\n}\n\n// --- Static Site Generation ---\n\nexport function definePage(config) {\n return {\n // 'static' = pre-render at build time (default)\n // 'server' = render on each request\n // 'client' = render in browser (SPA)\n // 'hybrid' = static shell + islands\n mode: 'static',\n ...config,\n };\n}\n\n// Generate static HTML for a page\nexport function generateStaticPage(page, data = {}) {\n const vnode = page.component(data);\n const html = renderToString(vnode);\n const islands = page.islands || [];\n\n return wrapDocument({\n title: page.title || '',\n meta: page.meta || {},\n body: html,\n islands,\n scripts: page.mode === 'static' ? [] : page.scripts || [],\n styles: page.styles || [],\n mode: page.mode,\n });\n}\n\nfunction wrapDocument({ title, meta, body, islands, scripts, styles, mode }) {\n const metaTags = Object.entries(meta)\n .map(([name, content]) => `<meta name=\"${escapeHtml(name)}\" content=\"${escapeHtml(content)}\">`)\n .join('\\n ');\n\n const styleTags = styles\n .map(href => `<link rel=\"stylesheet\" href=\"${escapeHtml(href)}\">`)\n .join('\\n ');\n\n const islandScript = islands.length > 0 ? `\n <script type=\"module\">\n import { hydrateIslands } from '/@what/islands.js';\n hydrateIslands();\n </script>` : '';\n\n const scriptTags = scripts\n .map(src => `<script type=\"module\" src=\"${escapeHtml(src)}\"></script>`)\n .join('\\n ');\n\n const clientScript = mode === 'client' ? `\n <script type=\"module\" src=\"/@what/client.js\"></script>` : '';\n\n return `<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n ${metaTags}\n <title>${escapeHtml(title)}</title>\n ${styleTags}\n </head>\n <body>\n <div id=\"app\">${body}</div>\n ${islandScript}\n ${scriptTags}\n ${clientScript}\n </body>\n</html>`;\n}\n\n// --- Server Component ---\n// Renders on the server, sends HTML to client. No JS shipped.\n\nexport function server(Component) {\n Component._server = true;\n return Component;\n}\n\n// --- Helpers ---\n\n// Dev-mode flag for server\nconst _isDevMode = typeof process !== 'undefined'\n ? process.env?.NODE_ENV !== 'production'\n : true;\n\n/**\n * Resolve innerHTML / dangerouslySetInnerHTML from props.\n * Requires { __html: ... } wrapper. Plain string innerHTML is rejected (XSS prevention).\n */\nfunction _resolveInnerHTML(props) {\n if (!props) return null;\n\n // dangerouslySetInnerHTML always requires { __html }\n if (props.dangerouslySetInnerHTML) {\n return props.dangerouslySetInnerHTML.__html ?? null;\n }\n\n // innerHTML with { __html } wrapper \u2014 allowed\n if (props.innerHTML && typeof props.innerHTML === 'object' && '__html' in props.innerHTML) {\n return props.innerHTML.__html ?? null;\n }\n\n // innerHTML as plain string \u2014 reject with warning\n if (props.innerHTML != null && typeof props.innerHTML === 'string') {\n if (_isDevMode) {\n console.warn(\n '[what-server] innerHTML received a raw string. This is a security risk (XSS). ' +\n 'Use innerHTML={{ __html: trustedString }} or dangerouslySetInnerHTML={{ __html: trustedString }} instead.'\n );\n }\n return null;\n }\n\n return null;\n}\n\nfunction renderAttrs(props) {\n let out = '';\n for (const [key, val] of Object.entries(props)) {\n if (key === 'key' || key === 'ref' || key === 'children' || key === 'dangerouslySetInnerHTML' || key === 'innerHTML') continue;\n if (key.startsWith('on') && key.length > 2) continue; // Skip event handlers in SSR\n if (val === false || val == null) continue;\n\n if (key === 'className' || key === 'class') {\n out += ` class=\"${escapeHtml(String(val))}\"`;\n } else if (key === 'style' && typeof val === 'object') {\n const css = Object.entries(val)\n .map(([p, v]) => `${camelToKebab(p)}:${v}`)\n .join(';');\n out += ` style=\"${escapeHtml(css)}\"`;\n } else if (val === true) {\n // ARIA attributes require explicit =\"true\", HTML boolean attrs can be bare\n if (key.startsWith('aria-') || key === 'role') {\n out += ` ${key}=\"true\"`;\n } else {\n out += ` ${key}`;\n }\n } else {\n out += ` ${key}=\"${escapeHtml(String(val))}\"`;\n }\n }\n\n return out;\n}\n\nfunction escapeHtml(str) {\n return str\n .replace(/&/g, '&')\n .replace(/</g, '<')\n .replace(/>/g, '>')\n .replace(/\"/g, '"')\n .replace(/'/g, ''');\n}\n\nfunction camelToKebab(str) {\n if (str.startsWith('--')) return str; // CSS custom properties (variables) \u2014 leave unchanged\n return str.replace(/([A-Z])/g, '-$1').toLowerCase();\n}\n\nconst VOID_ELEMENTS = new Set([\n 'area', 'base', 'br', 'col', 'embed', 'hr', 'img', 'input',\n 'link', 'meta', 'param', 'source', 'track', 'wbr',\n]);\n\n// Re-export server actions\nexport {\n action,\n formAction,\n useAction,\n useFormAction,\n useOptimistic,\n useMutation,\n onRevalidate,\n invalidatePath,\n handleActionRequest,\n getRegisteredActions,\n generateCsrfToken,\n validateCsrfToken,\n csrfMetaTag,\n} from './actions.js';\n", "// What Framework - Server Actions\n// Call server-side functions from client code seamlessly.\n// Similar to Next.js Server Actions / SolidStart server functions.\n//\n// Usage:\n// // Define on server\n// const saveUser = action(async (formData) => {\n// 'use server';\n// const user = await db.users.create(formData);\n// return { success: true, id: user.id };\n// });\n//\n// // Call from client\n// const result = await saveUser({ name: 'John' });\n\nimport { signal, batch } from 'what-core';\n\n// Registry of server actions\nconst actionRegistry = new Map();\n\n// --- CSRF Protection ---\n// Server generates a token per session; client sends it with every action request.\n// The token is injected into the page via a meta tag or embedded in the server response.\n\n// Client: read the CSRF token from the page meta tag or cookie\n// Re-reads on every call to handle token rotation\nfunction getCsrfToken() {\n if (typeof document !== 'undefined') {\n // Try meta tag first\n const meta = document.querySelector('meta[name=\"what-csrf-token\"]');\n if (meta) {\n return meta.getAttribute('content');\n }\n // Try cookie\n const match = document.cookie.match(/(?:^|;\\s*)what-csrf=([^;]+)/);\n if (match) {\n return decodeURIComponent(match[1]);\n }\n }\n return null;\n}\n\n// Server: generate a CSRF token (call this per session/request)\nexport function generateCsrfToken() {\n if (typeof crypto !== 'undefined' && crypto.randomUUID) {\n return crypto.randomUUID();\n }\n // Fallback for environments without crypto.randomUUID \u2014 use crypto.getRandomValues\n if (typeof crypto !== 'undefined' && crypto.getRandomValues) {\n const arr = new Uint8Array(16);\n crypto.getRandomValues(arr);\n return Array.from(arr, b => b.toString(16).padStart(2, '0')).join('');\n }\n // Last resort \u2014 should not be reached in modern environments\n throw new Error('[what] No secure random source available for CSRF token generation');\n}\n\n// Server: validate CSRF token from request header against session token\nexport function validateCsrfToken(requestToken, sessionToken) {\n if (!requestToken || !sessionToken) return false;\n // Constant-time comparison to prevent timing attacks\n if (requestToken.length !== sessionToken.length) return false;\n let result = 0;\n for (let i = 0; i < requestToken.length; i++) {\n result |= requestToken.charCodeAt(i) ^ sessionToken.charCodeAt(i);\n }\n return result === 0;\n}\n\n// Server: middleware helper to inject CSRF meta tag into HTML\nexport function csrfMetaTag(token) {\n // HTML-escape the token to prevent XSS if a non-standard value is used\n const escaped = String(token).replace(/&/g, '&').replace(/\"/g, '"').replace(/</g, '<').replace(/>/g, '>');\n return `<meta name=\"what-csrf-token\" content=\"${escaped}\">`;\n}\n\n// --- Define a server action ---\n\nfunction generateActionId() {\n // Generate a random ID that's not easily enumerable\n const rand = typeof crypto !== 'undefined' && crypto.getRandomValues\n ? Array.from(crypto.getRandomValues(new Uint8Array(6)), b => b.toString(16).padStart(2, '0')).join('')\n : Math.random().toString(36).slice(2, 10) + Date.now().toString(36);\n return `a_${rand}`;\n}\n\nexport function action(fn, options = {}) {\n const id = options.id || generateActionId();\n const { onError, onSuccess, revalidate } = options;\n\n // Server-side: register the action\n if (typeof window === 'undefined') {\n actionRegistry.set(id, { fn, options });\n }\n\n // Create the callable wrapper\n async function callAction(...args) {\n // Server-side: call directly\n if (typeof window === 'undefined') {\n return fn(...args);\n }\n\n // Client-side: call via fetch with timeout support\n const timeout = options.timeout || 30000; // Default 30s timeout\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), timeout);\n\n try {\n const csrfToken = getCsrfToken();\n const headers = {\n 'Content-Type': 'application/json',\n 'X-What-Action': id,\n };\n if (csrfToken) headers['X-CSRF-Token'] = csrfToken;\n\n const response = await fetch('/__what_action', {\n method: 'POST',\n headers,\n credentials: 'same-origin',\n signal: controller.signal,\n body: JSON.stringify({ args }),\n });\n\n if (!response.ok) {\n const error = await response.json().catch(() => ({ message: 'Action failed' }));\n throw new Error(error.message || 'Action failed');\n }\n\n const result = await response.json();\n\n if (onSuccess) onSuccess(result);\n if (revalidate) {\n // Trigger revalidation of specified paths\n for (const path of revalidate) {\n invalidatePath(path);\n }\n }\n\n return result;\n } catch (error) {\n if (error.name === 'AbortError') {\n const timeoutError = new Error(`Action \"${id}\" timed out after ${timeout}ms`);\n timeoutError.code = 'TIMEOUT';\n if (onError) onError(timeoutError);\n throw timeoutError;\n }\n if (onError) onError(error);\n throw error;\n } finally {\n clearTimeout(timeoutId);\n }\n }\n\n callAction._actionId = id;\n callAction._isAction = true;\n\n return callAction;\n}\n\n// --- Form action helper ---\n// For forms that submit to server actions.\n\nexport function formAction(actionFn, options = {}) {\n const { onSuccess, onError, resetOnSuccess = true } = options;\n\n return async (formDataOrEvent) => {\n let formData;\n let form;\n\n if (formDataOrEvent instanceof Event) {\n formDataOrEvent.preventDefault();\n form = formDataOrEvent.target;\n formData = new FormData(form);\n } else {\n formData = formDataOrEvent;\n }\n\n // Convert FormData to plain object, preserving File instances\n const data = {};\n let hasFiles = false;\n for (const [key, value] of formData.entries()) {\n if (typeof File !== 'undefined' && value instanceof File) {\n hasFiles = true;\n }\n if (data[key]) {\n // Handle multiple values (e.g., checkboxes, multi-file inputs)\n if (Array.isArray(data[key])) {\n data[key].push(value);\n } else {\n data[key] = [data[key], value];\n }\n } else {\n data[key] = value;\n }\n }\n\n try {\n // If form contains files, pass the raw FormData as second arg\n // so the action handler can access files directly\n const result = hasFiles\n ? await actionFn(data, formData)\n : await actionFn(data);\n if (onSuccess) onSuccess(result, form);\n if (resetOnSuccess && form) form.reset();\n return result;\n } catch (error) {\n if (onError) onError(error, form);\n throw error;\n }\n };\n}\n\n// --- useAction hook ---\n// Returns action state and trigger function.\n\nexport function useAction(actionFn) {\n const isPending = signal(false);\n const error = signal(null);\n const data = signal(null);\n\n async function trigger(...args) {\n isPending.set(true);\n error.set(null);\n\n try {\n const result = await actionFn(...args);\n data.set(result);\n return result;\n } catch (e) {\n error.set(e);\n throw e;\n } finally {\n isPending.set(false);\n }\n }\n\n return {\n trigger,\n isPending: () => isPending(),\n error: () => error(),\n data: () => data(),\n reset: () => {\n error.set(null);\n data.set(null);\n },\n };\n}\n\n// --- useFormAction hook ---\n// Combines useAction with form handling.\n\nexport function useFormAction(actionFn, options = {}) {\n const { resetOnSuccess = true } = options;\n const formRef = { current: null };\n const actionState = useAction(formAction(actionFn, { resetOnSuccess }));\n\n function handleSubmit(e) {\n e.preventDefault();\n const formData = new FormData(e.target);\n formRef.current = e.target;\n return actionState.trigger(formData);\n }\n\n return {\n ...actionState,\n handleSubmit,\n formRef,\n };\n}\n\n// --- Optimistic updates ---\n\nexport function useOptimistic(initialValue, reducer) {\n const value = signal(initialValue);\n const pending = signal([]);\n const baseValue = signal(initialValue); // Track the confirmed server value\n\n function addOptimistic(action) {\n const optimisticValue = reducer(value.peek(), action);\n batch(() => {\n pending.set([...pending.peek(), action]);\n value.set(optimisticValue);\n });\n }\n\n function resolve(action, serverValue) {\n batch(() => {\n pending.set(pending.peek().filter(a => a !== action));\n if (serverValue !== undefined) {\n baseValue.set(serverValue);\n // Recompute optimistic state from new base + remaining pending actions\n let current = serverValue;\n for (const a of pending.peek()) {\n current = reducer(current, a);\n }\n value.set(current);\n }\n });\n }\n\n function rollback(action, realValue) {\n batch(() => {\n const newPending = pending.peek().filter(a => a !== action);\n pending.set(newPending);\n const base = realValue !== undefined ? realValue : baseValue.peek();\n baseValue.set(base);\n // Recompute from base + remaining pending actions\n let current = base;\n for (const a of newPending) {\n current = reducer(current, a);\n }\n value.set(current);\n });\n }\n\n // Auto-rollback helper: wraps an async action with automatic rollback on error\n async function withOptimistic(action, asyncFn) {\n addOptimistic(action);\n try {\n const result = await asyncFn();\n resolve(action, result);\n return result;\n } catch (e) {\n rollback(action);\n throw e;\n }\n }\n\n return {\n value: () => value(),\n isPending: () => pending().length > 0,\n addOptimistic,\n resolve,\n rollback,\n withOptimistic,\n set: (v) => { value.set(v); baseValue.set(v); },\n };\n}\n\n// --- Path revalidation ---\n\nconst revalidationCallbacks = new Map();\n\nexport function onRevalidate(path, callback) {\n if (!revalidationCallbacks.has(path)) {\n revalidationCallbacks.set(path, new Set());\n }\n revalidationCallbacks.get(path).add(callback);\n\n return () => {\n revalidationCallbacks.get(path)?.delete(callback);\n };\n}\n\nexport function invalidatePath(path) {\n const callbacks = revalidationCallbacks.get(path);\n if (callbacks) {\n for (const cb of callbacks) {\n try { cb(); } catch (e) { console.error('[what] Revalidation error:', e); }\n }\n }\n}\n\n// --- Server-side action handler ---\n// Add this to your server middleware.\n\nexport function handleActionRequest(req, actionId, args, options = {}) {\n const { csrfToken: sessionCsrfToken, skipCsrf = false } = options;\n\n // Validate CSRF token unless explicitly skipped\n if (!skipCsrf) {\n if (!sessionCsrfToken) {\n // Fail closed: no CSRF token configured means the developer forgot to set it up.\n // This prevents silent security vulnerabilities in production.\n return Promise.resolve({\n status: 500,\n body: {\n message: '[what] CSRF token not configured. ' +\n 'Pass { csrfToken: sessionToken } to handleActionRequest, ' +\n 'or { skipCsrf: true } to explicitly opt out.'\n }\n });\n }\n const requestCsrfToken = req?.headers?.['x-csrf-token'] || req?.headers?.['X-CSRF-Token'];\n if (!validateCsrfToken(requestCsrfToken, sessionCsrfToken)) {\n return Promise.resolve({ status: 403, body: { message: 'Invalid CSRF token' } });\n }\n }\n\n const action = actionRegistry.get(actionId);\n if (!action) {\n return Promise.resolve({ status: 404, body: { message: 'Action not found' } });\n }\n\n // Validate args is an array to prevent prototype pollution\n if (!Array.isArray(args)) {\n return Promise.resolve({ status: 400, body: { message: 'Invalid action arguments' } });\n }\n\n return action.fn(...args)\n .then(result => ({ status: 200, body: result }))\n .catch(error => {\n // Log the full error server-side, return generic message to client\n console.error(`[what] Action \"${actionId}\" error:`, error);\n return {\n status: 500,\n body: { message: 'Action failed' },\n };\n });\n}\n\n// --- Get all registered actions (for SSR/build) ---\n\nexport function getRegisteredActions() {\n return [...actionRegistry.keys()];\n}\n\n// --- Mutation helper ---\n// Like useSWR mutation but simpler.\n\nexport function useMutation(mutationFn, options = {}) {\n const { onSuccess, onError, onSettled } = options;\n\n const state = {\n isPending: signal(false),\n error: signal(null),\n data: signal(null),\n };\n\n async function mutate(...args) {\n state.isPending.set(true);\n state.error.set(null);\n\n try {\n const result = await mutationFn(...args);\n state.data.set(result);\n if (onSuccess) onSuccess(result, ...args);\n return result;\n } catch (error) {\n state.error.set(error);\n if (onError) onError(error, ...args);\n throw error;\n } finally {\n state.isPending.set(false);\n if (onSettled) onSettled(state.data.peek(), state.error.peek(), ...args);\n }\n }\n\n return {\n mutate,\n isPending: () => state.isPending(),\n error: () => state.error(),\n data: () => state.data(),\n reset: () => {\n state.error.set(null);\n state.data.set(null);\n },\n };\n}\n"],
|
|
5
|
-
"mappings": ";AAIA,SAAS,SAAS;;;ACWlB,SAAS,QAAQ,aAAa;AAG9B,IAAM,iBAAiB,oBAAI,IAAI;AAQ/B,SAAS,eAAe;AACtB,MAAI,OAAO,aAAa,aAAa;AAEnC,UAAM,OAAO,SAAS,cAAc,8BAA8B;AAClE,QAAI,MAAM;AACR,aAAO,KAAK,aAAa,SAAS;AAAA,IACpC;AAEA,UAAM,QAAQ,SAAS,OAAO,MAAM,6BAA6B;AACjE,QAAI,OAAO;AACT,aAAO,mBAAmB,MAAM,CAAC,CAAC;AAAA,IACpC;AAAA,EACF;AACA,SAAO;AACT;AAGO,SAAS,oBAAoB;AAClC,MAAI,OAAO,WAAW,eAAe,OAAO,YAAY;AACtD,WAAO,OAAO,WAAW;AAAA,EAC3B;AAEA,MAAI,OAAO,WAAW,eAAe,OAAO,iBAAiB;AAC3D,UAAM,MAAM,IAAI,WAAW,EAAE;AAC7B,WAAO,gBAAgB,GAAG;AAC1B,WAAO,MAAM,KAAK,KAAK,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AAAA,EACtE;AAEA,QAAM,IAAI,MAAM,oEAAoE;AACtF;AAGO,SAAS,kBAAkB,cAAc,cAAc;AAC5D,MAAI,CAAC,gBAAgB,CAAC,aAAc,QAAO;AAE3C,MAAI,aAAa,WAAW,aAAa,OAAQ,QAAO;AACxD,MAAI,SAAS;AACb,WAAS,IAAI,GAAG,IAAI,aAAa,QAAQ,KAAK;AAC5C,cAAU,aAAa,WAAW,CAAC,IAAI,aAAa,WAAW,CAAC;AAAA,EAClE;AACA,SAAO,WAAW;AACpB;AAGO,SAAS,YAAY,OAAO;AAEjC,QAAM,UAAU,OAAO,KAAK,EAAE,QAAQ,MAAM,OAAO,EAAE,QAAQ,MAAM,QAAQ,EAAE,QAAQ,MAAM,MAAM,EAAE,QAAQ,MAAM,MAAM;AACvH,SAAO,yCAAyC,OAAO;AACzD;AAIA,SAAS,mBAAmB;AAE1B,QAAM,OAAO,OAAO,WAAW,eAAe,OAAO,kBACjD,MAAM,KAAK,OAAO,gBAAgB,IAAI,WAAW,CAAC,CAAC,GAAG,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE,IACnG,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,GAAG,EAAE,IAAI,KAAK,IAAI,EAAE,SAAS,EAAE;AACpE,SAAO,KAAK,IAAI;AAClB;AAEO,SAAS,OAAO,IAAI,UAAU,CAAC,GAAG;AACvC,QAAM,KAAK,QAAQ,MAAM,iBAAiB;AAC1C,QAAM,EAAE,SAAS,WAAW,WAAW,IAAI;AAG3C,MAAI,OAAO,WAAW,aAAa;AACjC,mBAAe,IAAI,IAAI,EAAE,IAAI,QAAQ,CAAC;AAAA,EACxC;AAGA,iBAAe,cAAc,MAAM;AAEjC,QAAI,OAAO,WAAW,aAAa;AACjC,aAAO,GAAG,GAAG,IAAI;AAAA,IACnB;AAGA,UAAM,UAAU,QAAQ,WAAW;AACnC,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,OAAO;AAE9D,QAAI;AACF,YAAM,YAAY,aAAa;AAC/B,YAAM,UAAU;AAAA,QACd,gBAAgB;AAAA,QAChB,iBAAiB;AAAA,MACnB;AACA,UAAI,UAAW,SAAQ,cAAc,IAAI;AAEzC,YAAM,WAAW,MAAM,MAAM,kBAAkB;AAAA,QAC7C,QAAQ;AAAA,QACR;AAAA,QACA,aAAa;AAAA,QACb,QAAQ,WAAW;AAAA,QACnB,MAAM,KAAK,UAAU,EAAE,KAAK,CAAC;AAAA,MAC/B,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,QAAQ,MAAM,SAAS,KAAK,EAAE,MAAM,OAAO,EAAE,SAAS,gBAAgB,EAAE;AAC9E,cAAM,IAAI,MAAM,MAAM,WAAW,eAAe;AAAA,MAClD;AAEA,YAAM,SAAS,MAAM,SAAS,KAAK;AAEnC,UAAI,UAAW,WAAU,MAAM;AAC/B,UAAI,YAAY;AAEd,mBAAW,QAAQ,YAAY;AAC7B,yBAAe,IAAI;AAAA,QACrB;AAAA,MACF;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,MAAM,SAAS,cAAc;AAC/B,cAAM,eAAe,IAAI,MAAM,WAAW,EAAE,qBAAqB,OAAO,IAAI;AAC5E,qBAAa,OAAO;AACpB,YAAI,QAAS,SAAQ,YAAY;AACjC,cAAM;AAAA,MACR;AACA,UAAI,QAAS,SAAQ,KAAK;AAC1B,YAAM;AAAA,IACR,UAAE;AACA,mBAAa,SAAS;AAAA,IACxB;AAAA,EACF;AAEA,aAAW,YAAY;AACvB,aAAW,YAAY;AAEvB,SAAO;AACT;AAKO,SAAS,WAAW,UAAU,UAAU,CAAC,GAAG;AACjD,QAAM,EAAE,WAAW,SAAS,iBAAiB,KAAK,IAAI;AAEtD,SAAO,OAAO,oBAAoB;AAChC,QAAI;AACJ,QAAI;AAEJ,QAAI,2BAA2B,OAAO;AACpC,sBAAgB,eAAe;AAC/B,aAAO,gBAAgB;AACvB,iBAAW,IAAI,SAAS,IAAI;AAAA,IAC9B,OAAO;AACL,iBAAW;AAAA,IACb;AAGA,UAAM,OAAO,CAAC;AACd,QAAI,WAAW;AACf,eAAW,CAAC,KAAK,KAAK,KAAK,SAAS,QAAQ,GAAG;AAC7C,UAAI,OAAO,SAAS,eAAe,iBAAiB,MAAM;AACxD,mBAAW;AAAA,MACb;AACA,UAAI,KAAK,GAAG,GAAG;AAEb,YAAI,MAAM,QAAQ,KAAK,GAAG,CAAC,GAAG;AAC5B,eAAK,GAAG,EAAE,KAAK,KAAK;AAAA,QACtB,OAAO;AACL,eAAK,GAAG,IAAI,CAAC,KAAK,GAAG,GAAG,KAAK;AAAA,QAC/B;AAAA,MACF,OAAO;AACL,aAAK,GAAG,IAAI;AAAA,MACd;AAAA,IACF;AAEA,QAAI;AAGF,YAAM,SAAS,WACX,MAAM,SAAS,MAAM,QAAQ,IAC7B,MAAM,SAAS,IAAI;AACvB,UAAI,UAAW,WAAU,QAAQ,IAAI;AACrC,UAAI,kBAAkB,KAAM,MAAK,MAAM;AACvC,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,QAAS,SAAQ,OAAO,IAAI;AAChC,YAAM;AAAA,IACR;AAAA,EACF;AACF;AAKO,SAAS,UAAU,UAAU;AAClC,QAAM,YAAY,OAAO,KAAK;AAC9B,QAAM,QAAQ,OAAO,IAAI;AACzB,QAAM,OAAO,OAAO,IAAI;AAExB,iBAAe,WAAW,MAAM;AAC9B,cAAU,IAAI,IAAI;AAClB,UAAM,IAAI,IAAI;AAEd,QAAI;AACF,YAAM,SAAS,MAAM,SAAS,GAAG,IAAI;AACrC,WAAK,IAAI,MAAM;AACf,aAAO;AAAA,IACT,SAAS,GAAG;AACV,YAAM,IAAI,CAAC;AACX,YAAM;AAAA,IACR,UAAE;AACA,gBAAU,IAAI,KAAK;AAAA,IACrB;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA,WAAW,MAAM,UAAU;AAAA,IAC3B,OAAO,MAAM,MAAM;AAAA,IACnB,MAAM,MAAM,KAAK;AAAA,IACjB,OAAO,MAAM;AACX,YAAM,IAAI,IAAI;AACd,WAAK,IAAI,IAAI;AAAA,IACf;AAAA,EACF;AACF;AAKO,SAAS,cAAc,UAAU,UAAU,CAAC,GAAG;AACpD,QAAM,EAAE,iBAAiB,KAAK,IAAI;AAClC,QAAM,UAAU,EAAE,SAAS,KAAK;AAChC,QAAM,cAAc,UAAU,WAAW,UAAU,EAAE,eAAe,CAAC,CAAC;AAEtE,WAAS,aAAa,GAAG;AACvB,MAAE,eAAe;AACjB,UAAM,WAAW,IAAI,SAAS,EAAE,MAAM;AACtC,YAAQ,UAAU,EAAE;AACpB,WAAO,YAAY,QAAQ,QAAQ;AAAA,EACrC;AAEA,SAAO;AAAA,IACL,GAAG;AAAA,IACH;AAAA,IACA;AAAA,EACF;AACF;AAIO,SAAS,cAAc,cAAc,SAAS;AACnD,QAAM,QAAQ,OAAO,YAAY;AACjC,QAAM,UAAU,OAAO,CAAC,CAAC;AACzB,QAAM,YAAY,OAAO,YAAY;AAErC,WAAS,cAAcA,SAAQ;AAC7B,UAAM,kBAAkB,QAAQ,MAAM,KAAK,GAAGA,OAAM;AACpD,UAAM,MAAM;AACV,cAAQ,IAAI,CAAC,GAAG,QAAQ,KAAK,GAAGA,OAAM,CAAC;AACvC,YAAM,IAAI,eAAe;AAAA,IAC3B,CAAC;AAAA,EACH;AAEA,WAAS,QAAQA,SAAQ,aAAa;AACpC,UAAM,MAAM;AACV,cAAQ,IAAI,QAAQ,KAAK,EAAE,OAAO,OAAK,MAAMA,OAAM,CAAC;AACpD,UAAI,gBAAgB,QAAW;AAC7B,kBAAU,IAAI,WAAW;AAEzB,YAAI,UAAU;AACd,mBAAW,KAAK,QAAQ,KAAK,GAAG;AAC9B,oBAAU,QAAQ,SAAS,CAAC;AAAA,QAC9B;AACA,cAAM,IAAI,OAAO;AAAA,MACnB;AAAA,IACF,CAAC;AAAA,EACH;AAEA,WAAS,SAASA,SAAQ,WAAW;AACnC,UAAM,MAAM;AACV,YAAM,aAAa,QAAQ,KAAK,EAAE,OAAO,OAAK,MAAMA,OAAM;AAC1D,cAAQ,IAAI,UAAU;AACtB,YAAM,OAAO,cAAc,SAAY,YAAY,UAAU,KAAK;AAClE,gBAAU,IAAI,IAAI;AAElB,UAAI,UAAU;AACd,iBAAW,KAAK,YAAY;AAC1B,kBAAU,QAAQ,SAAS,CAAC;AAAA,MAC9B;AACA,YAAM,IAAI,OAAO;AAAA,IACnB,CAAC;AAAA,EACH;AAGA,iBAAe,eAAeA,SAAQ,SAAS;AAC7C,kBAAcA,OAAM;AACpB,QAAI;AACF,YAAM,SAAS,MAAM,QAAQ;AAC7B,cAAQA,SAAQ,MAAM;AACtB,aAAO;AAAA,IACT,SAAS,GAAG;AACV,eAASA,OAAM;AACf,YAAM;AAAA,IACR;AAAA,EACF;AAEA,SAAO;AAAA,IACL,OAAO,MAAM,MAAM;AAAA,IACnB,WAAW,MAAM,QAAQ,EAAE,SAAS;AAAA,IACpC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,KAAK,CAAC,MAAM;AAAE,YAAM,IAAI,CAAC;AAAG,gBAAU,IAAI,CAAC;AAAA,IAAG;AAAA,EAChD;AACF;AAIA,IAAM,wBAAwB,oBAAI,IAAI;AAE/B,SAAS,aAAa,MAAM,UAAU;AAC3C,MAAI,CAAC,sBAAsB,IAAI,IAAI,GAAG;AACpC,0BAAsB,IAAI,MAAM,oBAAI,IAAI,CAAC;AAAA,EAC3C;AACA,wBAAsB,IAAI,IAAI,EAAE,IAAI,QAAQ;AAE5C,SAAO,MAAM;AACX,0BAAsB,IAAI,IAAI,GAAG,OAAO,QAAQ;AAAA,EAClD;AACF;AAEO,SAAS,eAAe,MAAM;AACnC,QAAM,YAAY,sBAAsB,IAAI,IAAI;AAChD,MAAI,WAAW;AACb,eAAW,MAAM,WAAW;AAC1B,UAAI;AAAE,WAAG;AAAA,MAAG,SAAS,GAAG;AAAE,gBAAQ,MAAM,8BAA8B,CAAC;AAAA,MAAG;AAAA,IAC5E;AAAA,EACF;AACF;AAKO,SAAS,oBAAoB,KAAK,UAAU,MAAM,UAAU,CAAC,GAAG;AACrE,QAAM,EAAE,WAAW,kBAAkB,WAAW,MAAM,IAAI;AAG1D,MAAI,CAAC,UAAU;AACb,QAAI,CAAC,kBAAkB;AAGrB,aAAO,QAAQ,QAAQ;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACJ,SAAS;AAAA,QAGX;AAAA,MACF,CAAC;AAAA,IACH;AACA,UAAM,mBAAmB,KAAK,UAAU,cAAc,KAAK,KAAK,UAAU,cAAc;AACxF,QAAI,CAAC,kBAAkB,kBAAkB,gBAAgB,GAAG;AAC1D,aAAO,QAAQ,QAAQ,EAAE,QAAQ,KAAK,MAAM,EAAE,SAAS,qBAAqB,EAAE,CAAC;AAAA,IACjF;AAAA,EACF;AAEA,QAAMA,UAAS,eAAe,IAAI,QAAQ;AAC1C,MAAI,CAACA,SAAQ;AACX,WAAO,QAAQ,QAAQ,EAAE,QAAQ,KAAK,MAAM,EAAE,SAAS,mBAAmB,EAAE,CAAC;AAAA,EAC/E;AAGA,MAAI,CAAC,MAAM,QAAQ,IAAI,GAAG;AACxB,WAAO,QAAQ,QAAQ,EAAE,QAAQ,KAAK,MAAM,EAAE,SAAS,2BAA2B,EAAE,CAAC;AAAA,EACvF;AAEA,SAAOA,QAAO,GAAG,GAAG,IAAI,EACrB,KAAK,aAAW,EAAE,QAAQ,KAAK,MAAM,OAAO,EAAE,EAC9C,MAAM,WAAS;AAEd,YAAQ,MAAM,kBAAkB,QAAQ,YAAY,KAAK;AACzD,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,MAAM,EAAE,SAAS,gBAAgB;AAAA,IACnC;AAAA,EACF,CAAC;AACL;AAIO,SAAS,uBAAuB;AACrC,SAAO,CAAC,GAAG,eAAe,KAAK,CAAC;AAClC;AAKO,SAAS,YAAY,YAAY,UAAU,CAAC,GAAG;AACpD,QAAM,EAAE,WAAW,SAAS,UAAU,IAAI;AAE1C,QAAM,QAAQ;AAAA,IACZ,WAAW,OAAO,KAAK;AAAA,IACvB,OAAO,OAAO,IAAI;AAAA,IAClB,MAAM,OAAO,IAAI;AAAA,EACnB;AAEA,iBAAe,UAAU,MAAM;AAC7B,UAAM,UAAU,IAAI,IAAI;AACxB,UAAM,MAAM,IAAI,IAAI;AAEpB,QAAI;AACF,YAAM,SAAS,MAAM,WAAW,GAAG,IAAI;AACvC,YAAM,KAAK,IAAI,MAAM;AACrB,UAAI,UAAW,WAAU,QAAQ,GAAG,IAAI;AACxC,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM,MAAM,IAAI,KAAK;AACrB,UAAI,QAAS,SAAQ,OAAO,GAAG,IAAI;AACnC,YAAM;AAAA,IACR,UAAE;AACA,YAAM,UAAU,IAAI,KAAK;AACzB,UAAI,UAAW,WAAU,MAAM,KAAK,KAAK,GAAG,MAAM,MAAM,KAAK,GAAG,GAAG,IAAI;AAAA,IACzE;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA,WAAW,MAAM,MAAM,UAAU;AAAA,IACjC,OAAO,MAAM,MAAM,MAAM;AAAA,IACzB,MAAM,MAAM,MAAM,KAAK;AAAA,IACvB,OAAO,MAAM;AACX,YAAM,MAAM,IAAI,IAAI;AACpB,YAAM,KAAK,IAAI,IAAI;AAAA,IACrB;AAAA,EACF;AACF;;;ADncA,IAAI,sBAAsB;AAE1B,SAAS,mBAAmB;AAC1B,wBAAsB;AACxB;AAEA,SAAS,kBAAkB;AACzB,SAAO,MAAO;AAChB;AAMO,SAAS,yBAAyB,OAAO;AAC9C,mBAAiB;AACjB,SAAO,kBAAkB,KAAK;AAChC;AAEA,SAAS,kBAAkB,OAAO;AAChC,MAAI,SAAS,QAAQ,UAAU,SAAS,UAAU,KAAM,QAAO;AAG/D,MAAI,OAAO,UAAU,YAAY,OAAO,UAAU,UAAU;AAC1D,WAAO,WAAW,OAAO,KAAK,CAAC;AAAA,EACjC;AAGA,MAAI,OAAO,UAAU,cAAc,MAAM,SAAS;AAChD,WAAO,WAAW,kBAAkB,MAAM,CAAC,CAAC;AAAA,EAC9C;AAGA,MAAI,OAAO,UAAU,YAAY;AAC/B,QAAI;AACF,aAAO,WAAW,kBAAkB,MAAM,CAAC,CAAC;AAAA,IAC9C,SAAS,GAAG;AACV,UAAI,OAAO,YAAY,eAAe,MAAwC;AAC5E,gBAAQ,KAAK,2DAA2D,EAAE,OAAO;AAAA,MACnF;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAGA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,YAAY,MAAM,IAAI,iBAAiB,EAAE,KAAK,EAAE,CAAC;AAAA,EAC1D;AAGA,MAAI,OAAO,MAAM,QAAQ,YAAY;AACnC,UAAM,OAAO,gBAAgB;AAC7B,UAAM,SAAS,MAAM,IAAI,EAAE,GAAG,MAAM,OAAO,UAAU,MAAM,SAAS,CAAC;AACrE,UAAM,OAAO,kBAAkB,MAAM;AAErC,WAAO,mBAAmB,MAAM,IAAI;AAAA,EACtC;AAGA,QAAM,EAAE,KAAK,OAAO,SAAS,IAAI;AACjC,QAAM,QAAQ,YAAY,SAAS,CAAC,CAAC;AACrC,QAAM,OAAO,IAAI,GAAG,GAAG,KAAK;AAG5B,MAAI,cAAc,IAAI,GAAG,EAAG,QAAO;AAEnC,QAAM,WAAW,kBAAkB,KAAK;AACxC,QAAM,QAAQ,YAAY,OAAO,OAAO,QAAQ,IAAI,SAAS,IAAI,iBAAiB,EAAE,KAAK,EAAE;AAC3F,SAAO,GAAG,IAAI,GAAG,KAAK,KAAK,GAAG;AAChC;AAGA,SAAS,mBAAmB,MAAM,MAAM;AAEtC,QAAM,QAAQ,KAAK,MAAM,4CAA4C;AACrE,MAAI,OAAO;AACT,UAAM,SAAS,MAAM,CAAC;AACtB,UAAM,UAAU,MAAM,CAAC;AACvB,UAAM,WAAW,OAAO,SAAS,IAAI,QAAQ;AAC7C,WAAO,KAAK,MAAM,GAAG,QAAQ,IAAI,aAAa,IAAI,MAAM,KAAK,MAAM,QAAQ;AAAA,EAC7E;AACA,SAAO;AACT;AAKO,SAAS,eAAe,OAAO;AACpC,MAAI,SAAS,QAAQ,UAAU,SAAS,UAAU,KAAM,QAAO;AAG/D,MAAI,OAAO,UAAU,YAAY,OAAO,UAAU,UAAU;AAC1D,WAAO,WAAW,OAAO,KAAK,CAAC;AAAA,EACjC;AAGA,MAAI,OAAO,UAAU,cAAc,MAAM,SAAS;AAChD,WAAO,eAAe,MAAM,CAAC;AAAA,EAC/B;AAGA,MAAI,OAAO,UAAU,YAAY;AAC/B,QAAI;AACF,aAAO,eAAe,MAAM,CAAC;AAAA,IAC/B,SAAS,GAAG;AACV,UAAI,OAAO,YAAY,eAAe,MAAwC;AAC5E,gBAAQ,KAAK,2DAA2D,EAAE,OAAO;AAAA,MACnF;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAGA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,IAAI,cAAc,EAAE,KAAK,EAAE;AAAA,EAC1C;AAGA,MAAI,OAAO,MAAM,QAAQ,YAAY;AACnC,UAAM,SAAS,MAAM,IAAI,EAAE,GAAG,MAAM,OAAO,UAAU,MAAM,SAAS,CAAC;AACrE,WAAO,eAAe,MAAM;AAAA,EAC9B;AAGA,QAAM,EAAE,KAAK,OAAO,SAAS,IAAI;AACjC,QAAM,QAAQ,YAAY,SAAS,CAAC,CAAC;AACrC,QAAM,OAAO,IAAI,GAAG,GAAG,KAAK;AAG5B,MAAI,cAAc,IAAI,GAAG,EAAG,QAAO;AAEnC,QAAM,WAAW,kBAAkB,KAAK;AACxC,QAAM,QAAQ,YAAY,OAAO,OAAO,QAAQ,IAAI,SAAS,IAAI,cAAc,EAAE,KAAK,EAAE;AACxF,SAAO,GAAG,IAAI,GAAG,KAAK,KAAK,GAAG;AAChC;AAKA,gBAAuB,eAAe,OAAO;AAC3C,MAAI,SAAS,QAAQ,UAAU,SAAS,UAAU,KAAM;AAExD,MAAI,OAAO,UAAU,YAAY,OAAO,UAAU,UAAU;AAC1D,UAAM,WAAW,OAAO,KAAK,CAAC;AAC9B;AAAA,EACF;AAGA,MAAI,OAAO,UAAU,cAAc,MAAM,SAAS;AAChD,WAAO,eAAe,MAAM,CAAC;AAC7B;AAAA,EACF;AAGA,MAAI,OAAO,UAAU,YAAY;AAC/B,QAAI;AACF,aAAO,eAAe,MAAM,CAAC;AAAA,IAC/B,SAAS,GAAG;AACV,UAAI,OAAO,YAAY,eAAe,MAAwC;AAC5E,gBAAQ,KAAK,kEAAkE,EAAE,OAAO;AAAA,MAC1F;AAAA,IACF;AACA;AAAA,EACF;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,eAAW,SAAS,OAAO;AACzB,aAAO,eAAe,KAAK;AAAA,IAC7B;AACA;AAAA,EACF;AAEA,MAAI,OAAO,MAAM,QAAQ,YAAY;AACnC,QAAI;AACF,YAAM,SAAS,MAAM,IAAI,EAAE,GAAG,MAAM,OAAO,UAAU,MAAM,SAAS,CAAC;AAErE,YAAM,WAAW,kBAAkB,UAAU,MAAM,SAAS;AAC5D,aAAO,eAAe,QAAQ;AAAA,IAChC,SAAS,GAAG;AACV,UAAI,OAAO,YAAY,eAAe,MAAwC;AAC5E,gBAAQ,KAAK,0DAA0D,EAAE,OAAO;AAAA,MAClF;AACA,YAAM,aACF,mBAAmB,WAAW,EAAE,WAAW,iBAAiB,CAAC,SAC7D;AAAA,IACN;AACA;AAAA,EACF;AAEA,QAAM,EAAE,KAAK,OAAO,SAAS,IAAI;AACjC,QAAM,QAAQ,YAAY,SAAS,CAAC,CAAC;AACrC,QAAM,IAAI,GAAG,GAAG,KAAK;AAErB,MAAI,CAAC,cAAc,IAAI,GAAG,GAAG;AAC3B,UAAM,WAAW,kBAAkB,KAAK;AACxC,QAAI,YAAY,MAAM;AACpB,YAAM,OAAO,QAAQ;AAAA,IACvB,OAAO;AACL,iBAAW,SAAS,UAAU;AAC5B,eAAO,eAAe,KAAK;AAAA,MAC7B;AAAA,IACF;AACA,UAAM,KAAK,GAAG;AAAA,EAChB;AACF;AAIO,SAAS,WAAW,QAAQ;AACjC,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA,IAKL,MAAM;AAAA,IACN,GAAG;AAAA,EACL;AACF;AAGO,SAAS,mBAAmB,MAAM,OAAO,CAAC,GAAG;AAClD,QAAM,QAAQ,KAAK,UAAU,IAAI;AACjC,QAAM,OAAO,eAAe,KAAK;AACjC,QAAM,UAAU,KAAK,WAAW,CAAC;AAEjC,SAAO,aAAa;AAAA,IAClB,OAAO,KAAK,SAAS;AAAA,IACrB,MAAM,KAAK,QAAQ,CAAC;AAAA,IACpB,MAAM;AAAA,IACN;AAAA,IACA,SAAS,KAAK,SAAS,WAAW,CAAC,IAAI,KAAK,WAAW,CAAC;AAAA,IACxD,QAAQ,KAAK,UAAU,CAAC;AAAA,IACxB,MAAM,KAAK;AAAA,EACb,CAAC;AACH;AAEA,SAAS,aAAa,EAAE,OAAO,MAAM,MAAM,SAAS,SAAS,QAAQ,KAAK,GAAG;AAC3E,QAAM,WAAW,OAAO,QAAQ,IAAI,EACjC,IAAI,CAAC,CAAC,MAAM,OAAO,MAAM,eAAe,WAAW,IAAI,CAAC,cAAc,WAAW,OAAO,CAAC,IAAI,EAC7F,KAAK,QAAQ;AAEhB,QAAM,YAAY,OACf,IAAI,UAAQ,gCAAgC,WAAW,IAAI,CAAC,IAAI,EAChE,KAAK,QAAQ;AAEhB,QAAM,eAAe,QAAQ,SAAS,IAAI;AAAA;AAAA;AAAA;AAAA,kBAI3B;AAEf,QAAM,aAAa,QAChB,IAAI,SAAO,8BAA8B,WAAW,GAAG,CAAC,cAAa,EACrE,KAAK,QAAQ;AAEhB,QAAM,eAAe,SAAS,WAAW;AAAA,+DACmB;AAE5D,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA,MAKH,QAAQ;AAAA,aACD,WAAW,KAAK,CAAC;AAAA,MACxB,SAAS;AAAA;AAAA;AAAA,oBAGK,IAAI;AAAA,MAClB,YAAY;AAAA,MACZ,UAAU;AAAA,MACV,YAAY;AAAA;AAAA;AAGlB;AAKO,SAAS,OAAO,WAAW;AAChC,YAAU,UAAU;AACpB,SAAO;AACT;AAKA,IAAM,aAAa,OAAO,YAAY,cAClC,OACA;AAMJ,SAAS,kBAAkB,OAAO;AAChC,MAAI,CAAC,MAAO,QAAO;AAGnB,MAAI,MAAM,yBAAyB;AACjC,WAAO,MAAM,wBAAwB,UAAU;AAAA,EACjD;AAGA,MAAI,MAAM,aAAa,OAAO,MAAM,cAAc,YAAY,YAAY,MAAM,WAAW;AACzF,WAAO,MAAM,UAAU,UAAU;AAAA,EACnC;AAGA,MAAI,MAAM,aAAa,QAAQ,OAAO,MAAM,cAAc,UAAU;AAClE,QAAI,YAAY;AACd,cAAQ;AAAA,QACN;AAAA,MAEF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAEA,SAAS,YAAY,OAAO;AAC1B,MAAI,MAAM;AACV,aAAW,CAAC,KAAK,GAAG,KAAK,OAAO,QAAQ,KAAK,GAAG;AAC9C,QAAI,QAAQ,SAAS,QAAQ,SAAS,QAAQ,cAAc,QAAQ,6BAA6B,QAAQ,YAAa;AACtH,QAAI,IAAI,WAAW,IAAI,KAAK,IAAI,SAAS,EAAG;AAC5C,QAAI,QAAQ,SAAS,OAAO,KAAM;AAElC,QAAI,QAAQ,eAAe,QAAQ,SAAS;AAC1C,aAAO,WAAW,WAAW,OAAO,GAAG,CAAC,CAAC;AAAA,IAC3C,WAAW,QAAQ,WAAW,OAAO,QAAQ,UAAU;AACrD,YAAM,MAAM,OAAO,QAAQ,GAAG,EAC3B,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,GAAG,aAAa,CAAC,CAAC,IAAI,CAAC,EAAE,EACzC,KAAK,GAAG;AACX,aAAO,WAAW,WAAW,GAAG,CAAC;AAAA,IACnC,WAAW,QAAQ,MAAM;AAEvB,UAAI,IAAI,WAAW,OAAO,KAAK,QAAQ,QAAQ;AAC7C,eAAO,IAAI,GAAG;AAAA,MAChB,OAAO;AACL,eAAO,IAAI,GAAG;AAAA,MAChB;AAAA,IACF,OAAO;AACL,aAAO,IAAI,GAAG,KAAK,WAAW,OAAO,GAAG,CAAC,CAAC;AAAA,IAC5C;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,WAAW,KAAK;AACvB,SAAO,IACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ,EACtB,QAAQ,MAAM,OAAO;AAC1B;AAEA,SAAS,aAAa,KAAK;AACzB,MAAI,IAAI,WAAW,IAAI,EAAG,QAAO;AACjC,SAAO,IAAI,QAAQ,YAAY,KAAK,EAAE,YAAY;AACpD;AAEA,IAAM,gBAAgB,oBAAI,IAAI;AAAA,EAC5B;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAM;AAAA,EAAO;AAAA,EAAS;AAAA,EAAM;AAAA,EAAO;AAAA,EACnD;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAS;AAAA,EAAU;AAAA,EAAS;AAC9C,CAAC;",
|
|
4
|
+
"sourcesContent": ["// What Framework - Server\n// SSR, static site generation, server components.\n// Zero-JS pages by default. Islands opt-in to client JS.\n\nimport { h } from 'what-core';\n\n// --- Hydration ID Generator ---\nlet _hydrationIdCounter = 0;\n\nfunction resetHydrationId() {\n _hydrationIdCounter = 0;\n}\n\nfunction nextHydrationId() {\n return 'h' + (_hydrationIdCounter++);\n}\n\n// --- Render to Hydratable String ---\n// Renders with hydration markers (data-hk attributes, comment boundaries)\n// so the client can reuse the server-rendered DOM.\n\nexport function renderToHydratableString(vnode) {\n resetHydrationId();\n return _renderHydratable(vnode);\n}\n\nfunction _renderHydratable(vnode) {\n if (vnode == null || vnode === false || vnode === true) return '';\n\n // Text\n if (typeof vnode === 'string' || typeof vnode === 'number') {\n return escapeHtml(String(vnode));\n }\n\n // Signal \u2014 unwrap\n if (typeof vnode === 'function' && vnode._signal) {\n return `<!--$-->${_renderHydratable(vnode())}<!--/$-->`;\n }\n\n // Reactive function child \u2014 wrap in dynamic content markers\n if (typeof vnode === 'function') {\n try {\n return `<!--$-->${_renderHydratable(vnode())}<!--/$-->`;\n } catch (e) {\n if (typeof process !== 'undefined' && process.env?.NODE_ENV !== 'production') {\n console.warn('[what-server] Error rendering reactive function in SSR:', e.message);\n }\n return '<!--$--><!--/$-->';\n }\n }\n\n // Array \u2014 wrap in list markers\n if (Array.isArray(vnode)) {\n return `<!--[]-->${vnode.map(_renderHydratable).join('')}<!--/[]-->`;\n }\n\n // Component \u2014 add hydration key to root element\n if (typeof vnode.tag === 'function') {\n const hkId = nextHydrationId();\n const result = vnode.tag({ ...vnode.props, children: vnode.children });\n const html = _renderHydratable(result);\n // Inject data-hk into the first element tag if present\n return injectHydrationKey(html, hkId);\n }\n\n // Element\n const { tag, props, children } = vnode;\n const attrs = renderAttrs(props || {});\n const open = `<${tag}${attrs}>`;\n\n // Void elements\n if (VOID_ELEMENTS.has(tag)) return open;\n\n const rawInner = _resolveInnerHTML(props);\n const inner = rawInner != null ? String(rawInner) : children.map(_renderHydratable).join('');\n return `${open}${inner}</${tag}>`;\n}\n\n// Inject data-hk=\"id\" into the first HTML opening tag\nfunction injectHydrationKey(html, hkId) {\n // Skip comment markers to find the first real element\n const match = html.match(/^((?:<!--.*?-->)*)<([a-zA-Z][a-zA-Z0-9-]*)/);\n if (match) {\n const prefix = match[1];\n const tagName = match[2];\n const insertAt = prefix.length + 1 + tagName.length; // after '<tagName'\n return html.slice(0, insertAt) + ` data-hk=\"${hkId}\"` + html.slice(insertAt);\n }\n return html;\n}\n\n// --- Render to String ---\n// Renders a VNode tree to an HTML string. Used for SSR and static gen.\n\nexport function renderToString(vnode) {\n if (vnode == null || vnode === false || vnode === true) return '';\n\n // Text\n if (typeof vnode === 'string' || typeof vnode === 'number') {\n return escapeHtml(String(vnode));\n }\n\n // Signal \u2014 unwrap by calling it\n if (typeof vnode === 'function' && vnode._signal) {\n return renderToString(vnode());\n }\n\n // Reactive function child \u2014 call to get value\n if (typeof vnode === 'function') {\n try {\n return renderToString(vnode());\n } catch (e) {\n if (typeof process !== 'undefined' && process.env?.NODE_ENV !== 'production') {\n console.warn('[what-server] Error rendering reactive function in SSR:', e.message);\n }\n return '';\n }\n }\n\n // Array\n if (Array.isArray(vnode)) {\n return vnode.map(renderToString).join('');\n }\n\n // Component\n if (typeof vnode.tag === 'function') {\n const result = vnode.tag({ ...vnode.props, children: vnode.children });\n return renderToString(result);\n }\n\n // Element\n const { tag, props, children } = vnode;\n const attrs = renderAttrs(props || {});\n const open = `<${tag}${attrs}>`;\n\n // Void elements\n if (VOID_ELEMENTS.has(tag)) return open;\n\n const rawInner = _resolveInnerHTML(props);\n const inner = rawInner != null ? String(rawInner) : children.map(renderToString).join('');\n return `${open}${inner}</${tag}>`;\n}\n\n// --- Stream Render ---\n// Returns an async iterator for streaming SSR.\n\nexport async function* renderToStream(vnode) {\n if (vnode == null || vnode === false || vnode === true) return;\n\n if (typeof vnode === 'string' || typeof vnode === 'number') {\n yield escapeHtml(String(vnode));\n return;\n }\n\n // Signal \u2014 unwrap by calling it\n if (typeof vnode === 'function' && vnode._signal) {\n yield* renderToStream(vnode());\n return;\n }\n\n // Reactive function child \u2014 call to get value\n if (typeof vnode === 'function') {\n try {\n yield* renderToStream(vnode());\n } catch (e) {\n if (typeof process !== 'undefined' && process.env?.NODE_ENV !== 'production') {\n console.warn('[what-server] Error rendering reactive function in stream SSR:', e.message);\n }\n }\n return;\n }\n\n if (Array.isArray(vnode)) {\n for (const child of vnode) {\n yield* renderToStream(child);\n }\n return;\n }\n\n if (typeof vnode.tag === 'function') {\n try {\n const result = vnode.tag({ ...vnode.props, children: vnode.children });\n // Support async components\n const resolved = result instanceof Promise ? await result : result;\n yield* renderToStream(resolved);\n } catch (e) {\n if (typeof process !== 'undefined' && process.env?.NODE_ENV !== 'production') {\n console.warn('[what-server] Error rendering component in stream SSR:', e.message);\n }\n yield _isDevMode\n ? `<!-- SSR Error: ${escapeHtml(e.message || 'Component error')} -->`\n : `<!-- SSR Error -->`;\n }\n return;\n }\n\n const { tag, props, children } = vnode;\n const attrs = renderAttrs(props || {});\n yield `<${tag}${attrs}>`;\n\n if (!VOID_ELEMENTS.has(tag)) {\n const rawInner = _resolveInnerHTML(props);\n if (rawInner != null) {\n yield String(rawInner);\n } else {\n for (const child of children) {\n yield* renderToStream(child);\n }\n }\n yield `</${tag}>`;\n }\n}\n\n// --- Static Site Generation ---\n\nexport function definePage(config) {\n return {\n // 'static' = pre-render at build time (default)\n // 'server' = render on each request\n // 'client' = render in browser (SPA)\n // 'hybrid' = static shell + islands\n mode: 'static',\n ...config,\n };\n}\n\n// Generate static HTML for a page\nexport function generateStaticPage(page, data = {}) {\n const vnode = page.component(data);\n const html = renderToString(vnode);\n const islands = page.islands || [];\n\n return wrapDocument({\n title: page.title || '',\n meta: page.meta || {},\n body: html,\n islands,\n scripts: page.mode === 'static' ? [] : page.scripts || [],\n styles: page.styles || [],\n mode: page.mode,\n });\n}\n\nfunction wrapDocument({ title, meta, body, islands, scripts, styles, mode }) {\n const metaTags = Object.entries(meta)\n .map(([name, content]) => `<meta name=\"${escapeHtml(name)}\" content=\"${escapeHtml(content)}\">`)\n .join('\\n ');\n\n const styleTags = styles\n .map(href => `<link rel=\"stylesheet\" href=\"${escapeHtml(href)}\">`)\n .join('\\n ');\n\n const islandScript = islands.length > 0 ? `\n <script type=\"module\">\n import { hydrateIslands } from '/@what/islands.js';\n hydrateIslands();\n </script>` : '';\n\n const scriptTags = scripts\n .map(src => `<script type=\"module\" src=\"${escapeHtml(src)}\"></script>`)\n .join('\\n ');\n\n const clientScript = mode === 'client' ? `\n <script type=\"module\" src=\"/@what/client.js\"></script>` : '';\n\n return `<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n ${metaTags}\n <title>${escapeHtml(title)}</title>\n ${styleTags}\n </head>\n <body>\n <div id=\"app\">${body}</div>\n ${islandScript}\n ${scriptTags}\n ${clientScript}\n </body>\n</html>`;\n}\n\n// --- Server Component ---\n// Renders on the server, sends HTML to client. No JS shipped.\n\nexport function server(Component) {\n Component._server = true;\n return Component;\n}\n\n// --- Helpers ---\n\n// Dev-mode flag for server\nconst _isDevMode = typeof process !== 'undefined'\n ? process.env?.NODE_ENV !== 'production'\n : true;\n\n/**\n * Resolve innerHTML / dangerouslySetInnerHTML from props.\n * Requires { __html: ... } wrapper. Plain string innerHTML is rejected (XSS prevention).\n */\nfunction _resolveInnerHTML(props) {\n if (!props) return null;\n\n // dangerouslySetInnerHTML always requires { __html }\n if (props.dangerouslySetInnerHTML) {\n return props.dangerouslySetInnerHTML.__html ?? null;\n }\n\n // innerHTML with { __html } wrapper \u2014 allowed\n if (props.innerHTML && typeof props.innerHTML === 'object' && '__html' in props.innerHTML) {\n return props.innerHTML.__html ?? null;\n }\n\n // innerHTML as plain string \u2014 reject with warning\n if (props.innerHTML != null && typeof props.innerHTML === 'string') {\n if (_isDevMode) {\n console.warn(\n '[what-server] innerHTML received a raw string. This is a security risk (XSS). ' +\n 'Use innerHTML={{ __html: trustedString }} or dangerouslySetInnerHTML={{ __html: trustedString }} instead.'\n );\n }\n return null;\n }\n\n return null;\n}\n\nfunction renderAttrs(props) {\n let out = '';\n for (const [key, val] of Object.entries(props)) {\n if (key === 'key' || key === 'ref' || key === 'children' || key === 'dangerouslySetInnerHTML' || key === 'innerHTML') continue;\n if (key.startsWith('on') && key.length > 2) continue; // Skip event handlers in SSR\n if (val === false || val == null) continue;\n\n if (key === 'className' || key === 'class') {\n out += ` class=\"${escapeHtml(String(val))}\"`;\n } else if (key === 'style' && typeof val === 'object') {\n const css = Object.entries(val)\n .map(([p, v]) => `${camelToKebab(p)}:${v}`)\n .join(';');\n out += ` style=\"${escapeHtml(css)}\"`;\n } else if (val === true) {\n // ARIA attributes require explicit =\"true\", HTML boolean attrs can be bare\n if (key.startsWith('aria-') || key === 'role') {\n out += ` ${key}=\"true\"`;\n } else {\n out += ` ${key}`;\n }\n } else {\n out += ` ${key}=\"${escapeHtml(String(val))}\"`;\n }\n }\n\n return out;\n}\n\nfunction escapeHtml(str) {\n return str\n .replace(/&/g, '&')\n .replace(/</g, '<')\n .replace(/>/g, '>')\n .replace(/\"/g, '"')\n .replace(/'/g, ''');\n}\n\nfunction camelToKebab(str) {\n if (str.startsWith('--')) return str; // CSS custom properties (variables) \u2014 leave unchanged\n return str.replace(/([A-Z])/g, '-$1').toLowerCase();\n}\n\nconst VOID_ELEMENTS = new Set([\n 'area', 'base', 'br', 'col', 'embed', 'hr', 'img', 'input',\n 'link', 'meta', 'param', 'source', 'track', 'wbr',\n]);\n\n// Re-export server actions\nexport {\n action,\n formAction,\n useAction,\n useFormAction,\n useOptimistic,\n useMutation,\n onRevalidate,\n invalidatePath,\n handleActionRequest,\n getRegisteredActions,\n generateCsrfToken,\n validateCsrfToken,\n csrfMetaTag,\n} from './actions.js';\n", "// What Framework - Server Actions\n// Call server-side functions from client code seamlessly.\n// Similar to Next.js Server Actions / SolidStart server functions.\n//\n// Usage:\n// // Define on server\n// const saveUser = action(async (formData) => {\n// 'use server';\n// const user = await db.users.create(formData);\n// return { success: true, id: user.id };\n// });\n//\n// // Call from client\n// const result = await saveUser({ name: 'John' });\n\nimport { signal, batch } from 'what-core';\n\n// Registry of server actions\nconst actionRegistry = new Map();\n\n// --- CSRF Protection ---\n// Server generates a token per session; client sends it with every action request.\n// The token is injected into the page via a meta tag or embedded in the server response.\n\n// Client: read the CSRF token from the page meta tag or cookie\n// Re-reads on every call to handle token rotation\nfunction getCsrfToken() {\n if (typeof document !== 'undefined') {\n // Try meta tag first\n const meta = document.querySelector('meta[name=\"what-csrf-token\"]');\n if (meta) {\n return meta.getAttribute('content');\n }\n // Try cookie\n const match = document.cookie.match(/(?:^|;\\s*)what-csrf=([^;]+)/);\n if (match) {\n return decodeURIComponent(match[1]);\n }\n }\n return null;\n}\n\n// Server: generate a CSRF token (call this per session/request)\nexport function generateCsrfToken() {\n if (typeof crypto !== 'undefined' && crypto.randomUUID) {\n return crypto.randomUUID();\n }\n // Fallback for environments without crypto.randomUUID \u2014 use crypto.getRandomValues\n if (typeof crypto !== 'undefined' && crypto.getRandomValues) {\n const arr = new Uint8Array(16);\n crypto.getRandomValues(arr);\n return Array.from(arr, b => b.toString(16).padStart(2, '0')).join('');\n }\n // Last resort \u2014 should not be reached in modern environments\n throw new Error('[what] No secure random source available for CSRF token generation');\n}\n\n// Server: validate CSRF token from request header against session token\nexport function validateCsrfToken(requestToken, sessionToken) {\n if (!requestToken || !sessionToken) return false;\n // Constant-time comparison to prevent timing attacks\n if (requestToken.length !== sessionToken.length) return false;\n let result = 0;\n for (let i = 0; i < requestToken.length; i++) {\n result |= requestToken.charCodeAt(i) ^ sessionToken.charCodeAt(i);\n }\n return result === 0;\n}\n\n// Server: middleware helper to inject CSRF meta tag into HTML\nexport function csrfMetaTag(token) {\n // HTML-escape the token to prevent XSS if a non-standard value is used\n const escaped = String(token).replace(/&/g, '&').replace(/\"/g, '"').replace(/</g, '<').replace(/>/g, '>');\n return `<meta name=\"what-csrf-token\" content=\"${escaped}\">`;\n}\n\n// --- Define a server action ---\n\nlet _actionCounter = 0;\n\nfunction generateActionId() {\n // Generate a deterministic ID \u2014 prefer crypto.getRandomValues, fall back to a\n // monotonic counter (never Math.random, which is not cryptographically safe and\n // produces predictable IDs in some runtimes).\n const rand = typeof crypto !== 'undefined' && crypto.getRandomValues\n ? Array.from(crypto.getRandomValues(new Uint8Array(6)), b => b.toString(16).padStart(2, '0')).join('')\n : `c${(++_actionCounter).toString(36)}_${Date.now().toString(36)}`;\n return `a_${rand}`;\n}\n\nexport function action(fn, options = {}) {\n const id = options.id || generateActionId();\n const { onError, onSuccess, revalidate } = options;\n\n // Server-side: register the action\n if (typeof window === 'undefined') {\n actionRegistry.set(id, { fn, options });\n }\n\n // Create the callable wrapper\n async function callAction(...args) {\n // Server-side: call directly\n if (typeof window === 'undefined') {\n return fn(...args);\n }\n\n // Client-side: call via fetch with timeout support\n const timeout = options.timeout || 30000; // Default 30s timeout\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), timeout);\n\n try {\n const csrfToken = getCsrfToken();\n const headers = {\n 'Content-Type': 'application/json',\n 'X-What-Action': id,\n };\n if (csrfToken) headers['X-CSRF-Token'] = csrfToken;\n\n const response = await fetch('/__what_action', {\n method: 'POST',\n headers,\n credentials: 'same-origin',\n signal: controller.signal,\n body: JSON.stringify({ args }),\n });\n\n if (!response.ok) {\n const error = await response.json().catch(() => ({ message: 'Action failed' }));\n throw new Error(error.message || 'Action failed');\n }\n\n const result = await response.json();\n\n if (onSuccess) onSuccess(result);\n if (revalidate) {\n // Trigger revalidation of specified paths\n for (const path of revalidate) {\n invalidatePath(path);\n }\n }\n\n return result;\n } catch (error) {\n if (error.name === 'AbortError') {\n const timeoutError = new Error(`Action \"${id}\" timed out after ${timeout}ms`);\n timeoutError.code = 'TIMEOUT';\n if (onError) onError(timeoutError);\n throw timeoutError;\n }\n if (onError) onError(error);\n throw error;\n } finally {\n clearTimeout(timeoutId);\n }\n }\n\n callAction._actionId = id;\n callAction._isAction = true;\n\n return callAction;\n}\n\n// --- Form action helper ---\n// For forms that submit to server actions.\n\nexport function formAction(actionFn, options = {}) {\n const { onSuccess, onError, resetOnSuccess = true } = options;\n\n return async (formDataOrEvent) => {\n let formData;\n let form;\n\n if (formDataOrEvent instanceof Event) {\n formDataOrEvent.preventDefault();\n form = formDataOrEvent.target;\n formData = new FormData(form);\n } else {\n formData = formDataOrEvent;\n }\n\n // Convert FormData to plain object, preserving File instances\n const data = {};\n let hasFiles = false;\n for (const [key, value] of formData.entries()) {\n if (typeof File !== 'undefined' && value instanceof File) {\n hasFiles = true;\n }\n if (data[key]) {\n // Handle multiple values (e.g., checkboxes, multi-file inputs)\n if (Array.isArray(data[key])) {\n data[key].push(value);\n } else {\n data[key] = [data[key], value];\n }\n } else {\n data[key] = value;\n }\n }\n\n try {\n // If form contains files, pass the raw FormData as second arg\n // so the action handler can access files directly\n const result = hasFiles\n ? await actionFn(data, formData)\n : await actionFn(data);\n if (onSuccess) onSuccess(result, form);\n if (resetOnSuccess && form) form.reset();\n return result;\n } catch (error) {\n if (onError) onError(error, form);\n throw error;\n }\n };\n}\n\n// --- useAction hook ---\n// Returns action state and trigger function.\n\nexport function useAction(actionFn) {\n const isPending = signal(false);\n const error = signal(null);\n const data = signal(null);\n\n async function trigger(...args) {\n isPending.set(true);\n error.set(null);\n\n try {\n const result = await actionFn(...args);\n data.set(result);\n return result;\n } catch (e) {\n error.set(e);\n throw e;\n } finally {\n isPending.set(false);\n }\n }\n\n return {\n trigger,\n isPending: () => isPending(),\n error: () => error(),\n data: () => data(),\n reset: () => {\n error.set(null);\n data.set(null);\n },\n };\n}\n\n// --- useFormAction hook ---\n// Combines useAction with form handling.\n\nexport function useFormAction(actionFn, options = {}) {\n const { resetOnSuccess = true } = options;\n const formRef = { current: null };\n const actionState = useAction(formAction(actionFn, { resetOnSuccess }));\n\n function handleSubmit(e) {\n e.preventDefault();\n const formData = new FormData(e.target);\n formRef.current = e.target;\n return actionState.trigger(formData);\n }\n\n return {\n ...actionState,\n handleSubmit,\n formRef,\n };\n}\n\n// --- Optimistic updates ---\n\nexport function useOptimistic(initialValue, reducer) {\n const value = signal(initialValue);\n const pending = signal([]);\n const baseValue = signal(initialValue); // Track the confirmed server value\n\n function addOptimistic(action) {\n const optimisticValue = reducer(value.peek(), action);\n batch(() => {\n pending.set([...pending.peek(), action]);\n value.set(optimisticValue);\n });\n }\n\n function resolve(action, serverValue) {\n batch(() => {\n pending.set(pending.peek().filter(a => a !== action));\n if (serverValue !== undefined) {\n baseValue.set(serverValue);\n // Recompute optimistic state from new base + remaining pending actions\n let current = serverValue;\n for (const a of pending.peek()) {\n current = reducer(current, a);\n }\n value.set(current);\n }\n });\n }\n\n function rollback(action, realValue) {\n batch(() => {\n const newPending = pending.peek().filter(a => a !== action);\n pending.set(newPending);\n const base = realValue !== undefined ? realValue : baseValue.peek();\n baseValue.set(base);\n // Recompute from base + remaining pending actions\n let current = base;\n for (const a of newPending) {\n current = reducer(current, a);\n }\n value.set(current);\n });\n }\n\n // Auto-rollback helper: wraps an async action with automatic rollback on error\n async function withOptimistic(action, asyncFn) {\n addOptimistic(action);\n try {\n const result = await asyncFn();\n resolve(action, result);\n return result;\n } catch (e) {\n rollback(action);\n throw e;\n }\n }\n\n return {\n value: () => value(),\n isPending: () => pending().length > 0,\n addOptimistic,\n resolve,\n rollback,\n withOptimistic,\n set: (v) => { value.set(v); baseValue.set(v); },\n };\n}\n\n// --- Path revalidation ---\n\nconst revalidationCallbacks = new Map();\n\nexport function onRevalidate(path, callback) {\n if (!revalidationCallbacks.has(path)) {\n revalidationCallbacks.set(path, new Set());\n }\n revalidationCallbacks.get(path).add(callback);\n\n return () => {\n revalidationCallbacks.get(path)?.delete(callback);\n };\n}\n\nexport function invalidatePath(path) {\n const callbacks = revalidationCallbacks.get(path);\n if (callbacks) {\n for (const cb of callbacks) {\n try { cb(); } catch (e) { console.error('[what] Revalidation error:', e); }\n }\n }\n}\n\n// --- Server-side action handler ---\n// Add this to your server middleware.\n\nexport function handleActionRequest(req, actionId, args, options = {}) {\n const { csrfToken: sessionCsrfToken, skipCsrf = false } = options;\n\n // Validate CSRF token unless explicitly skipped\n if (!skipCsrf) {\n if (!sessionCsrfToken) {\n // Fail closed: no CSRF token configured means the developer forgot to set it up.\n // This prevents silent security vulnerabilities in production.\n return Promise.resolve({\n status: 500,\n body: {\n message: '[what] CSRF token not configured. ' +\n 'Pass { csrfToken: sessionToken } to handleActionRequest, ' +\n 'or { skipCsrf: true } to explicitly opt out.'\n }\n });\n }\n const requestCsrfToken = req?.headers?.['x-csrf-token'] || req?.headers?.['X-CSRF-Token'];\n if (!validateCsrfToken(requestCsrfToken, sessionCsrfToken)) {\n return Promise.resolve({ status: 403, body: { message: 'Invalid CSRF token' } });\n }\n }\n\n const action = actionRegistry.get(actionId);\n if (!action) {\n return Promise.resolve({ status: 404, body: { message: 'Action not found' } });\n }\n\n // Validate args is an array to prevent prototype pollution\n if (!Array.isArray(args)) {\n return Promise.resolve({ status: 400, body: { message: 'Invalid action arguments' } });\n }\n\n return action.fn(...args)\n .then(result => ({ status: 200, body: result }))\n .catch(error => {\n // Log the full error server-side, return generic message to client\n console.error(`[what] Action \"${actionId}\" error:`, error);\n return {\n status: 500,\n body: { message: 'Action failed' },\n };\n });\n}\n\n// --- Get all registered actions (for SSR/build) ---\n\nexport function getRegisteredActions() {\n return [...actionRegistry.keys()];\n}\n\n// --- Mutation helper ---\n// Like useSWR mutation but simpler.\n\nexport function useMutation(mutationFn, options = {}) {\n const { onSuccess, onError, onSettled } = options;\n\n const state = {\n isPending: signal(false),\n error: signal(null),\n data: signal(null),\n };\n\n async function mutate(...args) {\n state.isPending.set(true);\n state.error.set(null);\n\n try {\n const result = await mutationFn(...args);\n state.data.set(result);\n if (onSuccess) onSuccess(result, ...args);\n return result;\n } catch (error) {\n state.error.set(error);\n if (onError) onError(error, ...args);\n throw error;\n } finally {\n state.isPending.set(false);\n if (onSettled) onSettled(state.data.peek(), state.error.peek(), ...args);\n }\n }\n\n return {\n mutate,\n isPending: () => state.isPending(),\n error: () => state.error(),\n data: () => state.data(),\n reset: () => {\n state.error.set(null);\n state.data.set(null);\n },\n };\n}\n"],
|
|
5
|
+
"mappings": ";AAIA,SAAS,SAAS;;;ACWlB,SAAS,QAAQ,aAAa;AAG9B,IAAM,iBAAiB,oBAAI,IAAI;AAQ/B,SAAS,eAAe;AACtB,MAAI,OAAO,aAAa,aAAa;AAEnC,UAAM,OAAO,SAAS,cAAc,8BAA8B;AAClE,QAAI,MAAM;AACR,aAAO,KAAK,aAAa,SAAS;AAAA,IACpC;AAEA,UAAM,QAAQ,SAAS,OAAO,MAAM,6BAA6B;AACjE,QAAI,OAAO;AACT,aAAO,mBAAmB,MAAM,CAAC,CAAC;AAAA,IACpC;AAAA,EACF;AACA,SAAO;AACT;AAGO,SAAS,oBAAoB;AAClC,MAAI,OAAO,WAAW,eAAe,OAAO,YAAY;AACtD,WAAO,OAAO,WAAW;AAAA,EAC3B;AAEA,MAAI,OAAO,WAAW,eAAe,OAAO,iBAAiB;AAC3D,UAAM,MAAM,IAAI,WAAW,EAAE;AAC7B,WAAO,gBAAgB,GAAG;AAC1B,WAAO,MAAM,KAAK,KAAK,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AAAA,EACtE;AAEA,QAAM,IAAI,MAAM,oEAAoE;AACtF;AAGO,SAAS,kBAAkB,cAAc,cAAc;AAC5D,MAAI,CAAC,gBAAgB,CAAC,aAAc,QAAO;AAE3C,MAAI,aAAa,WAAW,aAAa,OAAQ,QAAO;AACxD,MAAI,SAAS;AACb,WAAS,IAAI,GAAG,IAAI,aAAa,QAAQ,KAAK;AAC5C,cAAU,aAAa,WAAW,CAAC,IAAI,aAAa,WAAW,CAAC;AAAA,EAClE;AACA,SAAO,WAAW;AACpB;AAGO,SAAS,YAAY,OAAO;AAEjC,QAAM,UAAU,OAAO,KAAK,EAAE,QAAQ,MAAM,OAAO,EAAE,QAAQ,MAAM,QAAQ,EAAE,QAAQ,MAAM,MAAM,EAAE,QAAQ,MAAM,MAAM;AACvH,SAAO,yCAAyC,OAAO;AACzD;AAIA,IAAI,iBAAiB;AAErB,SAAS,mBAAmB;AAI1B,QAAM,OAAO,OAAO,WAAW,eAAe,OAAO,kBACjD,MAAM,KAAK,OAAO,gBAAgB,IAAI,WAAW,CAAC,CAAC,GAAG,OAAK,EAAE,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE,IACnG,KAAK,EAAE,gBAAgB,SAAS,EAAE,CAAC,IAAI,KAAK,IAAI,EAAE,SAAS,EAAE,CAAC;AAClE,SAAO,KAAK,IAAI;AAClB;AAEO,SAAS,OAAO,IAAI,UAAU,CAAC,GAAG;AACvC,QAAM,KAAK,QAAQ,MAAM,iBAAiB;AAC1C,QAAM,EAAE,SAAS,WAAW,WAAW,IAAI;AAG3C,MAAI,OAAO,WAAW,aAAa;AACjC,mBAAe,IAAI,IAAI,EAAE,IAAI,QAAQ,CAAC;AAAA,EACxC;AAGA,iBAAe,cAAc,MAAM;AAEjC,QAAI,OAAO,WAAW,aAAa;AACjC,aAAO,GAAG,GAAG,IAAI;AAAA,IACnB;AAGA,UAAM,UAAU,QAAQ,WAAW;AACnC,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,OAAO;AAE9D,QAAI;AACF,YAAM,YAAY,aAAa;AAC/B,YAAM,UAAU;AAAA,QACd,gBAAgB;AAAA,QAChB,iBAAiB;AAAA,MACnB;AACA,UAAI,UAAW,SAAQ,cAAc,IAAI;AAEzC,YAAM,WAAW,MAAM,MAAM,kBAAkB;AAAA,QAC7C,QAAQ;AAAA,QACR;AAAA,QACA,aAAa;AAAA,QACb,QAAQ,WAAW;AAAA,QACnB,MAAM,KAAK,UAAU,EAAE,KAAK,CAAC;AAAA,MAC/B,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,QAAQ,MAAM,SAAS,KAAK,EAAE,MAAM,OAAO,EAAE,SAAS,gBAAgB,EAAE;AAC9E,cAAM,IAAI,MAAM,MAAM,WAAW,eAAe;AAAA,MAClD;AAEA,YAAM,SAAS,MAAM,SAAS,KAAK;AAEnC,UAAI,UAAW,WAAU,MAAM;AAC/B,UAAI,YAAY;AAEd,mBAAW,QAAQ,YAAY;AAC7B,yBAAe,IAAI;AAAA,QACrB;AAAA,MACF;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,MAAM,SAAS,cAAc;AAC/B,cAAM,eAAe,IAAI,MAAM,WAAW,EAAE,qBAAqB,OAAO,IAAI;AAC5E,qBAAa,OAAO;AACpB,YAAI,QAAS,SAAQ,YAAY;AACjC,cAAM;AAAA,MACR;AACA,UAAI,QAAS,SAAQ,KAAK;AAC1B,YAAM;AAAA,IACR,UAAE;AACA,mBAAa,SAAS;AAAA,IACxB;AAAA,EACF;AAEA,aAAW,YAAY;AACvB,aAAW,YAAY;AAEvB,SAAO;AACT;AAKO,SAAS,WAAW,UAAU,UAAU,CAAC,GAAG;AACjD,QAAM,EAAE,WAAW,SAAS,iBAAiB,KAAK,IAAI;AAEtD,SAAO,OAAO,oBAAoB;AAChC,QAAI;AACJ,QAAI;AAEJ,QAAI,2BAA2B,OAAO;AACpC,sBAAgB,eAAe;AAC/B,aAAO,gBAAgB;AACvB,iBAAW,IAAI,SAAS,IAAI;AAAA,IAC9B,OAAO;AACL,iBAAW;AAAA,IACb;AAGA,UAAM,OAAO,CAAC;AACd,QAAI,WAAW;AACf,eAAW,CAAC,KAAK,KAAK,KAAK,SAAS,QAAQ,GAAG;AAC7C,UAAI,OAAO,SAAS,eAAe,iBAAiB,MAAM;AACxD,mBAAW;AAAA,MACb;AACA,UAAI,KAAK,GAAG,GAAG;AAEb,YAAI,MAAM,QAAQ,KAAK,GAAG,CAAC,GAAG;AAC5B,eAAK,GAAG,EAAE,KAAK,KAAK;AAAA,QACtB,OAAO;AACL,eAAK,GAAG,IAAI,CAAC,KAAK,GAAG,GAAG,KAAK;AAAA,QAC/B;AAAA,MACF,OAAO;AACL,aAAK,GAAG,IAAI;AAAA,MACd;AAAA,IACF;AAEA,QAAI;AAGF,YAAM,SAAS,WACX,MAAM,SAAS,MAAM,QAAQ,IAC7B,MAAM,SAAS,IAAI;AACvB,UAAI,UAAW,WAAU,QAAQ,IAAI;AACrC,UAAI,kBAAkB,KAAM,MAAK,MAAM;AACvC,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,QAAS,SAAQ,OAAO,IAAI;AAChC,YAAM;AAAA,IACR;AAAA,EACF;AACF;AAKO,SAAS,UAAU,UAAU;AAClC,QAAM,YAAY,OAAO,KAAK;AAC9B,QAAM,QAAQ,OAAO,IAAI;AACzB,QAAM,OAAO,OAAO,IAAI;AAExB,iBAAe,WAAW,MAAM;AAC9B,cAAU,IAAI,IAAI;AAClB,UAAM,IAAI,IAAI;AAEd,QAAI;AACF,YAAM,SAAS,MAAM,SAAS,GAAG,IAAI;AACrC,WAAK,IAAI,MAAM;AACf,aAAO;AAAA,IACT,SAAS,GAAG;AACV,YAAM,IAAI,CAAC;AACX,YAAM;AAAA,IACR,UAAE;AACA,gBAAU,IAAI,KAAK;AAAA,IACrB;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA,WAAW,MAAM,UAAU;AAAA,IAC3B,OAAO,MAAM,MAAM;AAAA,IACnB,MAAM,MAAM,KAAK;AAAA,IACjB,OAAO,MAAM;AACX,YAAM,IAAI,IAAI;AACd,WAAK,IAAI,IAAI;AAAA,IACf;AAAA,EACF;AACF;AAKO,SAAS,cAAc,UAAU,UAAU,CAAC,GAAG;AACpD,QAAM,EAAE,iBAAiB,KAAK,IAAI;AAClC,QAAM,UAAU,EAAE,SAAS,KAAK;AAChC,QAAM,cAAc,UAAU,WAAW,UAAU,EAAE,eAAe,CAAC,CAAC;AAEtE,WAAS,aAAa,GAAG;AACvB,MAAE,eAAe;AACjB,UAAM,WAAW,IAAI,SAAS,EAAE,MAAM;AACtC,YAAQ,UAAU,EAAE;AACpB,WAAO,YAAY,QAAQ,QAAQ;AAAA,EACrC;AAEA,SAAO;AAAA,IACL,GAAG;AAAA,IACH;AAAA,IACA;AAAA,EACF;AACF;AAIO,SAAS,cAAc,cAAc,SAAS;AACnD,QAAM,QAAQ,OAAO,YAAY;AACjC,QAAM,UAAU,OAAO,CAAC,CAAC;AACzB,QAAM,YAAY,OAAO,YAAY;AAErC,WAAS,cAAcA,SAAQ;AAC7B,UAAM,kBAAkB,QAAQ,MAAM,KAAK,GAAGA,OAAM;AACpD,UAAM,MAAM;AACV,cAAQ,IAAI,CAAC,GAAG,QAAQ,KAAK,GAAGA,OAAM,CAAC;AACvC,YAAM,IAAI,eAAe;AAAA,IAC3B,CAAC;AAAA,EACH;AAEA,WAAS,QAAQA,SAAQ,aAAa;AACpC,UAAM,MAAM;AACV,cAAQ,IAAI,QAAQ,KAAK,EAAE,OAAO,OAAK,MAAMA,OAAM,CAAC;AACpD,UAAI,gBAAgB,QAAW;AAC7B,kBAAU,IAAI,WAAW;AAEzB,YAAI,UAAU;AACd,mBAAW,KAAK,QAAQ,KAAK,GAAG;AAC9B,oBAAU,QAAQ,SAAS,CAAC;AAAA,QAC9B;AACA,cAAM,IAAI,OAAO;AAAA,MACnB;AAAA,IACF,CAAC;AAAA,EACH;AAEA,WAAS,SAASA,SAAQ,WAAW;AACnC,UAAM,MAAM;AACV,YAAM,aAAa,QAAQ,KAAK,EAAE,OAAO,OAAK,MAAMA,OAAM;AAC1D,cAAQ,IAAI,UAAU;AACtB,YAAM,OAAO,cAAc,SAAY,YAAY,UAAU,KAAK;AAClE,gBAAU,IAAI,IAAI;AAElB,UAAI,UAAU;AACd,iBAAW,KAAK,YAAY;AAC1B,kBAAU,QAAQ,SAAS,CAAC;AAAA,MAC9B;AACA,YAAM,IAAI,OAAO;AAAA,IACnB,CAAC;AAAA,EACH;AAGA,iBAAe,eAAeA,SAAQ,SAAS;AAC7C,kBAAcA,OAAM;AACpB,QAAI;AACF,YAAM,SAAS,MAAM,QAAQ;AAC7B,cAAQA,SAAQ,MAAM;AACtB,aAAO;AAAA,IACT,SAAS,GAAG;AACV,eAASA,OAAM;AACf,YAAM;AAAA,IACR;AAAA,EACF;AAEA,SAAO;AAAA,IACL,OAAO,MAAM,MAAM;AAAA,IACnB,WAAW,MAAM,QAAQ,EAAE,SAAS;AAAA,IACpC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,KAAK,CAAC,MAAM;AAAE,YAAM,IAAI,CAAC;AAAG,gBAAU,IAAI,CAAC;AAAA,IAAG;AAAA,EAChD;AACF;AAIA,IAAM,wBAAwB,oBAAI,IAAI;AAE/B,SAAS,aAAa,MAAM,UAAU;AAC3C,MAAI,CAAC,sBAAsB,IAAI,IAAI,GAAG;AACpC,0BAAsB,IAAI,MAAM,oBAAI,IAAI,CAAC;AAAA,EAC3C;AACA,wBAAsB,IAAI,IAAI,EAAE,IAAI,QAAQ;AAE5C,SAAO,MAAM;AACX,0BAAsB,IAAI,IAAI,GAAG,OAAO,QAAQ;AAAA,EAClD;AACF;AAEO,SAAS,eAAe,MAAM;AACnC,QAAM,YAAY,sBAAsB,IAAI,IAAI;AAChD,MAAI,WAAW;AACb,eAAW,MAAM,WAAW;AAC1B,UAAI;AAAE,WAAG;AAAA,MAAG,SAAS,GAAG;AAAE,gBAAQ,MAAM,8BAA8B,CAAC;AAAA,MAAG;AAAA,IAC5E;AAAA,EACF;AACF;AAKO,SAAS,oBAAoB,KAAK,UAAU,MAAM,UAAU,CAAC,GAAG;AACrE,QAAM,EAAE,WAAW,kBAAkB,WAAW,MAAM,IAAI;AAG1D,MAAI,CAAC,UAAU;AACb,QAAI,CAAC,kBAAkB;AAGrB,aAAO,QAAQ,QAAQ;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACJ,SAAS;AAAA,QAGX;AAAA,MACF,CAAC;AAAA,IACH;AACA,UAAM,mBAAmB,KAAK,UAAU,cAAc,KAAK,KAAK,UAAU,cAAc;AACxF,QAAI,CAAC,kBAAkB,kBAAkB,gBAAgB,GAAG;AAC1D,aAAO,QAAQ,QAAQ,EAAE,QAAQ,KAAK,MAAM,EAAE,SAAS,qBAAqB,EAAE,CAAC;AAAA,IACjF;AAAA,EACF;AAEA,QAAMA,UAAS,eAAe,IAAI,QAAQ;AAC1C,MAAI,CAACA,SAAQ;AACX,WAAO,QAAQ,QAAQ,EAAE,QAAQ,KAAK,MAAM,EAAE,SAAS,mBAAmB,EAAE,CAAC;AAAA,EAC/E;AAGA,MAAI,CAAC,MAAM,QAAQ,IAAI,GAAG;AACxB,WAAO,QAAQ,QAAQ,EAAE,QAAQ,KAAK,MAAM,EAAE,SAAS,2BAA2B,EAAE,CAAC;AAAA,EACvF;AAEA,SAAOA,QAAO,GAAG,GAAG,IAAI,EACrB,KAAK,aAAW,EAAE,QAAQ,KAAK,MAAM,OAAO,EAAE,EAC9C,MAAM,WAAS;AAEd,YAAQ,MAAM,kBAAkB,QAAQ,YAAY,KAAK;AACzD,WAAO;AAAA,MACL,QAAQ;AAAA,MACR,MAAM,EAAE,SAAS,gBAAgB;AAAA,IACnC;AAAA,EACF,CAAC;AACL;AAIO,SAAS,uBAAuB;AACrC,SAAO,CAAC,GAAG,eAAe,KAAK,CAAC;AAClC;AAKO,SAAS,YAAY,YAAY,UAAU,CAAC,GAAG;AACpD,QAAM,EAAE,WAAW,SAAS,UAAU,IAAI;AAE1C,QAAM,QAAQ;AAAA,IACZ,WAAW,OAAO,KAAK;AAAA,IACvB,OAAO,OAAO,IAAI;AAAA,IAClB,MAAM,OAAO,IAAI;AAAA,EACnB;AAEA,iBAAe,UAAU,MAAM;AAC7B,UAAM,UAAU,IAAI,IAAI;AACxB,UAAM,MAAM,IAAI,IAAI;AAEpB,QAAI;AACF,YAAM,SAAS,MAAM,WAAW,GAAG,IAAI;AACvC,YAAM,KAAK,IAAI,MAAM;AACrB,UAAI,UAAW,WAAU,QAAQ,GAAG,IAAI;AACxC,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM,MAAM,IAAI,KAAK;AACrB,UAAI,QAAS,SAAQ,OAAO,GAAG,IAAI;AACnC,YAAM;AAAA,IACR,UAAE;AACA,YAAM,UAAU,IAAI,KAAK;AACzB,UAAI,UAAW,WAAU,MAAM,KAAK,KAAK,GAAG,MAAM,MAAM,KAAK,GAAG,GAAG,IAAI;AAAA,IACzE;AAAA,EACF;AAEA,SAAO;AAAA,IACL;AAAA,IACA,WAAW,MAAM,MAAM,UAAU;AAAA,IACjC,OAAO,MAAM,MAAM,MAAM;AAAA,IACzB,MAAM,MAAM,MAAM,KAAK;AAAA,IACvB,OAAO,MAAM;AACX,YAAM,MAAM,IAAI,IAAI;AACpB,YAAM,KAAK,IAAI,IAAI;AAAA,IACrB;AAAA,EACF;AACF;;;ADvcA,IAAI,sBAAsB;AAE1B,SAAS,mBAAmB;AAC1B,wBAAsB;AACxB;AAEA,SAAS,kBAAkB;AACzB,SAAO,MAAO;AAChB;AAMO,SAAS,yBAAyB,OAAO;AAC9C,mBAAiB;AACjB,SAAO,kBAAkB,KAAK;AAChC;AAEA,SAAS,kBAAkB,OAAO;AAChC,MAAI,SAAS,QAAQ,UAAU,SAAS,UAAU,KAAM,QAAO;AAG/D,MAAI,OAAO,UAAU,YAAY,OAAO,UAAU,UAAU;AAC1D,WAAO,WAAW,OAAO,KAAK,CAAC;AAAA,EACjC;AAGA,MAAI,OAAO,UAAU,cAAc,MAAM,SAAS;AAChD,WAAO,WAAW,kBAAkB,MAAM,CAAC,CAAC;AAAA,EAC9C;AAGA,MAAI,OAAO,UAAU,YAAY;AAC/B,QAAI;AACF,aAAO,WAAW,kBAAkB,MAAM,CAAC,CAAC;AAAA,IAC9C,SAAS,GAAG;AACV,UAAI,OAAO,YAAY,eAAe,MAAwC;AAC5E,gBAAQ,KAAK,2DAA2D,EAAE,OAAO;AAAA,MACnF;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAGA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,YAAY,MAAM,IAAI,iBAAiB,EAAE,KAAK,EAAE,CAAC;AAAA,EAC1D;AAGA,MAAI,OAAO,MAAM,QAAQ,YAAY;AACnC,UAAM,OAAO,gBAAgB;AAC7B,UAAM,SAAS,MAAM,IAAI,EAAE,GAAG,MAAM,OAAO,UAAU,MAAM,SAAS,CAAC;AACrE,UAAM,OAAO,kBAAkB,MAAM;AAErC,WAAO,mBAAmB,MAAM,IAAI;AAAA,EACtC;AAGA,QAAM,EAAE,KAAK,OAAO,SAAS,IAAI;AACjC,QAAM,QAAQ,YAAY,SAAS,CAAC,CAAC;AACrC,QAAM,OAAO,IAAI,GAAG,GAAG,KAAK;AAG5B,MAAI,cAAc,IAAI,GAAG,EAAG,QAAO;AAEnC,QAAM,WAAW,kBAAkB,KAAK;AACxC,QAAM,QAAQ,YAAY,OAAO,OAAO,QAAQ,IAAI,SAAS,IAAI,iBAAiB,EAAE,KAAK,EAAE;AAC3F,SAAO,GAAG,IAAI,GAAG,KAAK,KAAK,GAAG;AAChC;AAGA,SAAS,mBAAmB,MAAM,MAAM;AAEtC,QAAM,QAAQ,KAAK,MAAM,4CAA4C;AACrE,MAAI,OAAO;AACT,UAAM,SAAS,MAAM,CAAC;AACtB,UAAM,UAAU,MAAM,CAAC;AACvB,UAAM,WAAW,OAAO,SAAS,IAAI,QAAQ;AAC7C,WAAO,KAAK,MAAM,GAAG,QAAQ,IAAI,aAAa,IAAI,MAAM,KAAK,MAAM,QAAQ;AAAA,EAC7E;AACA,SAAO;AACT;AAKO,SAAS,eAAe,OAAO;AACpC,MAAI,SAAS,QAAQ,UAAU,SAAS,UAAU,KAAM,QAAO;AAG/D,MAAI,OAAO,UAAU,YAAY,OAAO,UAAU,UAAU;AAC1D,WAAO,WAAW,OAAO,KAAK,CAAC;AAAA,EACjC;AAGA,MAAI,OAAO,UAAU,cAAc,MAAM,SAAS;AAChD,WAAO,eAAe,MAAM,CAAC;AAAA,EAC/B;AAGA,MAAI,OAAO,UAAU,YAAY;AAC/B,QAAI;AACF,aAAO,eAAe,MAAM,CAAC;AAAA,IAC/B,SAAS,GAAG;AACV,UAAI,OAAO,YAAY,eAAe,MAAwC;AAC5E,gBAAQ,KAAK,2DAA2D,EAAE,OAAO;AAAA,MACnF;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAGA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,IAAI,cAAc,EAAE,KAAK,EAAE;AAAA,EAC1C;AAGA,MAAI,OAAO,MAAM,QAAQ,YAAY;AACnC,UAAM,SAAS,MAAM,IAAI,EAAE,GAAG,MAAM,OAAO,UAAU,MAAM,SAAS,CAAC;AACrE,WAAO,eAAe,MAAM;AAAA,EAC9B;AAGA,QAAM,EAAE,KAAK,OAAO,SAAS,IAAI;AACjC,QAAM,QAAQ,YAAY,SAAS,CAAC,CAAC;AACrC,QAAM,OAAO,IAAI,GAAG,GAAG,KAAK;AAG5B,MAAI,cAAc,IAAI,GAAG,EAAG,QAAO;AAEnC,QAAM,WAAW,kBAAkB,KAAK;AACxC,QAAM,QAAQ,YAAY,OAAO,OAAO,QAAQ,IAAI,SAAS,IAAI,cAAc,EAAE,KAAK,EAAE;AACxF,SAAO,GAAG,IAAI,GAAG,KAAK,KAAK,GAAG;AAChC;AAKA,gBAAuB,eAAe,OAAO;AAC3C,MAAI,SAAS,QAAQ,UAAU,SAAS,UAAU,KAAM;AAExD,MAAI,OAAO,UAAU,YAAY,OAAO,UAAU,UAAU;AAC1D,UAAM,WAAW,OAAO,KAAK,CAAC;AAC9B;AAAA,EACF;AAGA,MAAI,OAAO,UAAU,cAAc,MAAM,SAAS;AAChD,WAAO,eAAe,MAAM,CAAC;AAC7B;AAAA,EACF;AAGA,MAAI,OAAO,UAAU,YAAY;AAC/B,QAAI;AACF,aAAO,eAAe,MAAM,CAAC;AAAA,IAC/B,SAAS,GAAG;AACV,UAAI,OAAO,YAAY,eAAe,MAAwC;AAC5E,gBAAQ,KAAK,kEAAkE,EAAE,OAAO;AAAA,MAC1F;AAAA,IACF;AACA;AAAA,EACF;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,eAAW,SAAS,OAAO;AACzB,aAAO,eAAe,KAAK;AAAA,IAC7B;AACA;AAAA,EACF;AAEA,MAAI,OAAO,MAAM,QAAQ,YAAY;AACnC,QAAI;AACF,YAAM,SAAS,MAAM,IAAI,EAAE,GAAG,MAAM,OAAO,UAAU,MAAM,SAAS,CAAC;AAErE,YAAM,WAAW,kBAAkB,UAAU,MAAM,SAAS;AAC5D,aAAO,eAAe,QAAQ;AAAA,IAChC,SAAS,GAAG;AACV,UAAI,OAAO,YAAY,eAAe,MAAwC;AAC5E,gBAAQ,KAAK,0DAA0D,EAAE,OAAO;AAAA,MAClF;AACA,YAAM,aACF,mBAAmB,WAAW,EAAE,WAAW,iBAAiB,CAAC,SAC7D;AAAA,IACN;AACA;AAAA,EACF;AAEA,QAAM,EAAE,KAAK,OAAO,SAAS,IAAI;AACjC,QAAM,QAAQ,YAAY,SAAS,CAAC,CAAC;AACrC,QAAM,IAAI,GAAG,GAAG,KAAK;AAErB,MAAI,CAAC,cAAc,IAAI,GAAG,GAAG;AAC3B,UAAM,WAAW,kBAAkB,KAAK;AACxC,QAAI,YAAY,MAAM;AACpB,YAAM,OAAO,QAAQ;AAAA,IACvB,OAAO;AACL,iBAAW,SAAS,UAAU;AAC5B,eAAO,eAAe,KAAK;AAAA,MAC7B;AAAA,IACF;AACA,UAAM,KAAK,GAAG;AAAA,EAChB;AACF;AAIO,SAAS,WAAW,QAAQ;AACjC,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA,IAKL,MAAM;AAAA,IACN,GAAG;AAAA,EACL;AACF;AAGO,SAAS,mBAAmB,MAAM,OAAO,CAAC,GAAG;AAClD,QAAM,QAAQ,KAAK,UAAU,IAAI;AACjC,QAAM,OAAO,eAAe,KAAK;AACjC,QAAM,UAAU,KAAK,WAAW,CAAC;AAEjC,SAAO,aAAa;AAAA,IAClB,OAAO,KAAK,SAAS;AAAA,IACrB,MAAM,KAAK,QAAQ,CAAC;AAAA,IACpB,MAAM;AAAA,IACN;AAAA,IACA,SAAS,KAAK,SAAS,WAAW,CAAC,IAAI,KAAK,WAAW,CAAC;AAAA,IACxD,QAAQ,KAAK,UAAU,CAAC;AAAA,IACxB,MAAM,KAAK;AAAA,EACb,CAAC;AACH;AAEA,SAAS,aAAa,EAAE,OAAO,MAAM,MAAM,SAAS,SAAS,QAAQ,KAAK,GAAG;AAC3E,QAAM,WAAW,OAAO,QAAQ,IAAI,EACjC,IAAI,CAAC,CAAC,MAAM,OAAO,MAAM,eAAe,WAAW,IAAI,CAAC,cAAc,WAAW,OAAO,CAAC,IAAI,EAC7F,KAAK,QAAQ;AAEhB,QAAM,YAAY,OACf,IAAI,UAAQ,gCAAgC,WAAW,IAAI,CAAC,IAAI,EAChE,KAAK,QAAQ;AAEhB,QAAM,eAAe,QAAQ,SAAS,IAAI;AAAA;AAAA;AAAA;AAAA,kBAI3B;AAEf,QAAM,aAAa,QAChB,IAAI,SAAO,8BAA8B,WAAW,GAAG,CAAC,cAAa,EACrE,KAAK,QAAQ;AAEhB,QAAM,eAAe,SAAS,WAAW;AAAA,+DACmB;AAE5D,SAAO;AAAA;AAAA;AAAA;AAAA;AAAA,MAKH,QAAQ;AAAA,aACD,WAAW,KAAK,CAAC;AAAA,MACxB,SAAS;AAAA;AAAA;AAAA,oBAGK,IAAI;AAAA,MAClB,YAAY;AAAA,MACZ,UAAU;AAAA,MACV,YAAY;AAAA;AAAA;AAGlB;AAKO,SAAS,OAAO,WAAW;AAChC,YAAU,UAAU;AACpB,SAAO;AACT;AAKA,IAAM,aAAa,OAAO,YAAY,cAClC,OACA;AAMJ,SAAS,kBAAkB,OAAO;AAChC,MAAI,CAAC,MAAO,QAAO;AAGnB,MAAI,MAAM,yBAAyB;AACjC,WAAO,MAAM,wBAAwB,UAAU;AAAA,EACjD;AAGA,MAAI,MAAM,aAAa,OAAO,MAAM,cAAc,YAAY,YAAY,MAAM,WAAW;AACzF,WAAO,MAAM,UAAU,UAAU;AAAA,EACnC;AAGA,MAAI,MAAM,aAAa,QAAQ,OAAO,MAAM,cAAc,UAAU;AAClE,QAAI,YAAY;AACd,cAAQ;AAAA,QACN;AAAA,MAEF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAEA,SAAS,YAAY,OAAO;AAC1B,MAAI,MAAM;AACV,aAAW,CAAC,KAAK,GAAG,KAAK,OAAO,QAAQ,KAAK,GAAG;AAC9C,QAAI,QAAQ,SAAS,QAAQ,SAAS,QAAQ,cAAc,QAAQ,6BAA6B,QAAQ,YAAa;AACtH,QAAI,IAAI,WAAW,IAAI,KAAK,IAAI,SAAS,EAAG;AAC5C,QAAI,QAAQ,SAAS,OAAO,KAAM;AAElC,QAAI,QAAQ,eAAe,QAAQ,SAAS;AAC1C,aAAO,WAAW,WAAW,OAAO,GAAG,CAAC,CAAC;AAAA,IAC3C,WAAW,QAAQ,WAAW,OAAO,QAAQ,UAAU;AACrD,YAAM,MAAM,OAAO,QAAQ,GAAG,EAC3B,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,GAAG,aAAa,CAAC,CAAC,IAAI,CAAC,EAAE,EACzC,KAAK,GAAG;AACX,aAAO,WAAW,WAAW,GAAG,CAAC;AAAA,IACnC,WAAW,QAAQ,MAAM;AAEvB,UAAI,IAAI,WAAW,OAAO,KAAK,QAAQ,QAAQ;AAC7C,eAAO,IAAI,GAAG;AAAA,MAChB,OAAO;AACL,eAAO,IAAI,GAAG;AAAA,MAChB;AAAA,IACF,OAAO;AACL,aAAO,IAAI,GAAG,KAAK,WAAW,OAAO,GAAG,CAAC,CAAC;AAAA,IAC5C;AAAA,EACF;AAEA,SAAO;AACT;AAEA,SAAS,WAAW,KAAK;AACvB,SAAO,IACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,QAAQ,EACtB,QAAQ,MAAM,OAAO;AAC1B;AAEA,SAAS,aAAa,KAAK;AACzB,MAAI,IAAI,WAAW,IAAI,EAAG,QAAO;AACjC,SAAO,IAAI,QAAQ,YAAY,KAAK,EAAE,YAAY;AACpD;AAEA,IAAM,gBAAgB,oBAAI,IAAI;AAAA,EAC5B;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAM;AAAA,EAAO;AAAA,EAAS;AAAA,EAAM;AAAA,EAAO;AAAA,EACnD;AAAA,EAAQ;AAAA,EAAQ;AAAA,EAAS;AAAA,EAAU;AAAA,EAAS;AAC9C,CAAC;",
|
|
6
6
|
"names": ["action"]
|
|
7
7
|
}
|
package/dist/index.min.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import"what-core";import{signal as m,batch as T}from"what-core";var b=new Map;function P(){if(typeof document<"u"){let t=document.querySelector('meta[name="what-csrf-token"]');if(t)return t.getAttribute("content");let r=document.cookie.match(/(?:^|;\s*)what-csrf=([^;]+)/);if(r)return decodeURIComponent(r[1])}return null}function H(){if(typeof crypto<"u"&&crypto.randomUUID)return crypto.randomUUID();if(typeof crypto<"u"&&crypto.getRandomValues){let t=new Uint8Array(16);return crypto.getRandomValues(t),Array.from(t,r=>r.toString(16).padStart(2,"0")).join("")}throw new Error("[what] No secure random source available for CSRF token generation")}function R(t,r){if(!t||!r||t.length!==r.length)return!1;let e=0;for(let n=0;n<t.length;n++)e|=t.charCodeAt(n)^r.charCodeAt(n);return e===0}function L(t){return`<meta name="what-csrf-token" content="${String(t).replace(/&/g,"&").replace(/"/g,""").replace(/</g,"<").replace(/>/g,">")}">`}function
|
|
1
|
+
import"what-core";import{signal as m,batch as T}from"what-core";var b=new Map;function P(){if(typeof document<"u"){let t=document.querySelector('meta[name="what-csrf-token"]');if(t)return t.getAttribute("content");let r=document.cookie.match(/(?:^|;\s*)what-csrf=([^;]+)/);if(r)return decodeURIComponent(r[1])}return null}function H(){if(typeof crypto<"u"&&crypto.randomUUID)return crypto.randomUUID();if(typeof crypto<"u"&&crypto.getRandomValues){let t=new Uint8Array(16);return crypto.getRandomValues(t),Array.from(t,r=>r.toString(16).padStart(2,"0")).join("")}throw new Error("[what] No secure random source available for CSRF token generation")}function R(t,r){if(!t||!r||t.length!==r.length)return!1;let e=0;for(let n=0;n<t.length;n++)e|=t.charCodeAt(n)^r.charCodeAt(n);return e===0}function L(t){return`<meta name="what-csrf-token" content="${String(t).replace(/&/g,"&").replace(/"/g,""").replace(/</g,"<").replace(/>/g,">")}">`}var O=0;function D(){return`a_${typeof crypto<"u"&&crypto.getRandomValues?Array.from(crypto.getRandomValues(new Uint8Array(6)),r=>r.toString(16).padStart(2,"0")).join(""):`c${(++O).toString(36)}_${Date.now().toString(36)}`}`}function N(t,r={}){let e=r.id||D(),{onError:n,onSuccess:s,revalidate:o}=r;typeof window>"u"&&b.set(e,{fn:t,options:r});async function i(...c){if(typeof window>"u")return t(...c);let a=r.timeout||3e4,f=new AbortController,u=setTimeout(()=>f.abort(),a);try{let l=P(),d={"Content-Type":"application/json","X-What-Action":e};l&&(d["X-CSRF-Token"]=l);let y=await fetch("/__what_action",{method:"POST",headers:d,credentials:"same-origin",signal:f.signal,body:JSON.stringify({args:c})});if(!y.ok){let A=await y.json().catch(()=>({message:"Action failed"}));throw new Error(A.message||"Action failed")}let g=await y.json();if(s&&s(g),o)for(let A of o)I(A);return g}catch(l){if(l.name==="AbortError"){let d=new Error(`Action "${e}" timed out after ${a}ms`);throw d.code="TIMEOUT",n&&n(d),d}throw n&&n(l),l}finally{clearTimeout(u)}}return i._actionId=e,i._isAction=!0,i}function x(t,r={}){let{onSuccess:e,onError:n,resetOnSuccess:s=!0}=r;return async o=>{let i,c;o instanceof Event?(o.preventDefault(),c=o.target,i=new FormData(c)):i=o;let a={},f=!1;for(let[u,l]of i.entries())typeof File<"u"&&l instanceof File&&(f=!0),a[u]?Array.isArray(a[u])?a[u].push(l):a[u]=[a[u],l]:a[u]=l;try{let u=f?await t(a,i):await t(a);return e&&e(u,c),s&&c&&c.reset(),u}catch(u){throw n&&n(u,c),u}}}function C(t){let r=m(!1),e=m(null),n=m(null);async function s(...o){r.set(!0),e.set(null);try{let i=await t(...o);return n.set(i),i}catch(i){throw e.set(i),i}finally{r.set(!1)}}return{trigger:s,isPending:()=>r(),error:()=>e(),data:()=>n(),reset:()=>{e.set(null),n.set(null)}}}function F(t,r={}){let{resetOnSuccess:e=!0}=r,n={current:null},s=C(x(t,{resetOnSuccess:e}));function o(i){i.preventDefault();let c=new FormData(i.target);return n.current=i.target,s.trigger(c)}return{...s,handleSubmit:o,formRef:n}}function U(t,r){let e=m(t),n=m([]),s=m(t);function o(f){let u=r(e.peek(),f);T(()=>{n.set([...n.peek(),f]),e.set(u)})}function i(f,u){T(()=>{if(n.set(n.peek().filter(l=>l!==f)),u!==void 0){s.set(u);let l=u;for(let d of n.peek())l=r(l,d);e.set(l)}})}function c(f,u){T(()=>{let l=n.peek().filter(g=>g!==f);n.set(l);let d=u!==void 0?u:s.peek();s.set(d);let y=d;for(let g of l)y=r(y,g);e.set(y)})}async function a(f,u){o(f);try{let l=await u();return i(f,l),l}catch(l){throw c(f),l}}return{value:()=>e(),isPending:()=>n().length>0,addOptimistic:o,resolve:i,rollback:c,withOptimistic:a,set:f=>{e.set(f),s.set(f)}}}var S=new Map;function V(t,r){return S.has(t)||S.set(t,new Set),S.get(t).add(r),()=>{S.get(t)?.delete(r)}}function I(t){let r=S.get(t);if(r)for(let e of r)try{e()}catch(n){console.error("[what] Revalidation error:",n)}}function W(t,r,e,n={}){let{csrfToken:s,skipCsrf:o=!1}=n;if(!o){if(!s)return Promise.resolve({status:500,body:{message:"[what] CSRF token not configured. Pass { csrfToken: sessionToken } to handleActionRequest, or { skipCsrf: true } to explicitly opt out."}});let c=t?.headers?.["x-csrf-token"]||t?.headers?.["X-CSRF-Token"];if(!R(c,s))return Promise.resolve({status:403,body:{message:"Invalid CSRF token"}})}let i=b.get(r);return i?Array.isArray(e)?i.fn(...e).then(c=>({status:200,body:c})).catch(c=>(console.error(`[what] Action "${r}" error:`,c),{status:500,body:{message:"Action failed"}})):Promise.resolve({status:400,body:{message:"Invalid action arguments"}}):Promise.resolve({status:404,body:{message:"Action not found"}})}function X(){return[...b.keys()]}function q(t,r={}){let{onSuccess:e,onError:n,onSettled:s}=r,o={isPending:m(!1),error:m(null),data:m(null)};async function i(...c){o.isPending.set(!0),o.error.set(null);try{let a=await t(...c);return o.data.set(a),e&&e(a,...c),a}catch(a){throw o.error.set(a),n&&n(a,...c),a}finally{o.isPending.set(!1),s&&s(o.data.peek(),o.error.peek(),...c)}}return{mutate:i,isPending:()=>o.isPending(),error:()=>o.error(),data:()=>o.data(),reset:()=>{o.error.set(null),o.data.set(null)}}}var M=0;function Z(){M=0}function z(){return"h"+M++}function tt(t){return Z(),h(t)}function h(t){if(t==null||t===!1||t===!0)return"";if(typeof t=="string"||typeof t=="number")return p(String(t));if(typeof t=="function"&&t._signal)return`<!--$-->${h(t())}<!--/$-->`;if(typeof t=="function")try{return`<!--$-->${h(t())}<!--/$-->`}catch{return typeof process<"u","<!--$--><!--/$-->"}if(Array.isArray(t))return`<!--[]-->${t.map(h).join("")}<!--/[]-->`;if(typeof t.tag=="function"){let a=z(),f=t.tag({...t.props,children:t.children}),u=h(f);return K(u,a)}let{tag:r,props:e,children:n}=t,s=_(e||{}),o=`<${r}${s}>`;if(E.has(r))return o;let i=k(e),c=i!=null?String(i):n.map(h).join("");return`${o}${c}</${r}>`}function K(t,r){let e=t.match(/^((?:<!--.*?-->)*)<([a-zA-Z][a-zA-Z0-9-]*)/);if(e){let n=e[1],s=e[2],o=n.length+1+s.length;return t.slice(0,o)+` data-hk="${r}"`+t.slice(o)}return t}function w(t){if(t==null||t===!1||t===!0)return"";if(typeof t=="string"||typeof t=="number")return p(String(t));if(typeof t=="function"&&t._signal)return w(t());if(typeof t=="function")try{return w(t())}catch{return typeof process<"u",""}if(Array.isArray(t))return t.map(w).join("");if(typeof t.tag=="function"){let a=t.tag({...t.props,children:t.children});return w(a)}let{tag:r,props:e,children:n}=t,s=_(e||{}),o=`<${r}${s}>`;if(E.has(r))return o;let i=k(e),c=i!=null?String(i):n.map(w).join("");return`${o}${c}</${r}>`}async function*$(t){if(t==null||t===!1||t===!0)return;if(typeof t=="string"||typeof t=="number"){yield p(String(t));return}if(typeof t=="function"&&t._signal){yield*$(t());return}if(typeof t=="function"){try{yield*$(t())}catch{typeof process<"u"}return}if(Array.isArray(t)){for(let o of t)yield*$(o);return}if(typeof t.tag=="function"){try{let o=t.tag({...t.props,children:t.children}),i=o instanceof Promise?await o:o;yield*$(i)}catch(o){typeof process<"u",yield j?`<!-- SSR Error: ${p(o.message||"Component error")} -->`:"<!-- SSR Error -->"}return}let{tag:r,props:e,children:n}=t,s=_(e||{});if(yield`<${r}${s}>`,!E.has(r)){let o=k(e);if(o!=null)yield String(o);else for(let i of n)yield*$(i);yield`</${r}>`}}function et(t){return{mode:"static",...t}}function rt(t,r={}){let e=t.component(r),n=w(e),s=t.islands||[];return J({title:t.title||"",meta:t.meta||{},body:n,islands:s,scripts:t.mode==="static"?[]:t.scripts||[],styles:t.styles||[],mode:t.mode})}function J({title:t,meta:r,body:e,islands:n,scripts:s,styles:o,mode:i}){let c=Object.entries(r).map(([d,y])=>`<meta name="${p(d)}" content="${p(y)}">`).join(`
|
|
2
2
|
`),a=o.map(d=>`<link rel="stylesheet" href="${p(d)}">`).join(`
|
|
3
3
|
`),f=n.length>0?`
|
|
4
4
|
<script type="module">
|
|
@@ -21,5 +21,5 @@ import"what-core";import{signal as m,batch as T}from"what-core";var b=new Map;fu
|
|
|
21
21
|
${u}
|
|
22
22
|
${l}
|
|
23
23
|
</body>
|
|
24
|
-
</html>`}function
|
|
24
|
+
</html>`}function nt(t){return t._server=!0,t}var j=!(typeof process<"u");function k(t){return t?t.dangerouslySetInnerHTML?t.dangerouslySetInnerHTML.__html??null:t.innerHTML&&typeof t.innerHTML=="object"&&"__html"in t.innerHTML?t.innerHTML.__html??null:(t.innerHTML!=null&&typeof t.innerHTML=="string"&&j&&console.warn("[what-server] innerHTML received a raw string. This is a security risk (XSS). Use innerHTML={{ __html: trustedString }} or dangerouslySetInnerHTML={{ __html: trustedString }} instead."),null):null}function _(t){let r="";for(let[e,n]of Object.entries(t))if(!(e==="key"||e==="ref"||e==="children"||e==="dangerouslySetInnerHTML"||e==="innerHTML")&&!(e.startsWith("on")&&e.length>2)&&!(n===!1||n==null))if(e==="className"||e==="class")r+=` class="${p(String(n))}"`;else if(e==="style"&&typeof n=="object"){let s=Object.entries(n).map(([o,i])=>`${Y(o)}:${i}`).join(";");r+=` style="${p(s)}"`}else n===!0?e.startsWith("aria-")||e==="role"?r+=` ${e}="true"`:r+=` ${e}`:r+=` ${e}="${p(String(n))}"`;return r}function p(t){return t.replace(/&/g,"&").replace(/</g,"<").replace(/>/g,">").replace(/"/g,""").replace(/'/g,"'")}function Y(t){return t.startsWith("--")?t:t.replace(/([A-Z])/g,"-$1").toLowerCase()}var E=new Set(["area","base","br","col","embed","hr","img","input","link","meta","param","source","track","wbr"]);export{N as action,L as csrfMetaTag,et as definePage,x as formAction,H as generateCsrfToken,rt as generateStaticPage,X as getRegisteredActions,W as handleActionRequest,I as invalidatePath,V as onRevalidate,tt as renderToHydratableString,$ as renderToStream,w as renderToString,nt as server,C as useAction,F as useFormAction,q as useMutation,U as useOptimistic,R as validateCsrfToken};
|
|
25
25
|
//# sourceMappingURL=index.min.js.map
|
package/dist/index.min.js.map
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../src/index.js", "../src/actions.js"],
|
|
4
|
-
"sourcesContent": ["// What Framework - Server\n// SSR, static site generation, server components.\n// Zero-JS pages by default. Islands opt-in to client JS.\n\nimport { h } from 'what-core';\n\n// --- Hydration ID Generator ---\nlet _hydrationIdCounter = 0;\n\nfunction resetHydrationId() {\n _hydrationIdCounter = 0;\n}\n\nfunction nextHydrationId() {\n return 'h' + (_hydrationIdCounter++);\n}\n\n// --- Render to Hydratable String ---\n// Renders with hydration markers (data-hk attributes, comment boundaries)\n// so the client can reuse the server-rendered DOM.\n\nexport function renderToHydratableString(vnode) {\n resetHydrationId();\n return _renderHydratable(vnode);\n}\n\nfunction _renderHydratable(vnode) {\n if (vnode == null || vnode === false || vnode === true) return '';\n\n // Text\n if (typeof vnode === 'string' || typeof vnode === 'number') {\n return escapeHtml(String(vnode));\n }\n\n // Signal \u2014 unwrap\n if (typeof vnode === 'function' && vnode._signal) {\n return `<!--$-->${_renderHydratable(vnode())}<!--/$-->`;\n }\n\n // Reactive function child \u2014 wrap in dynamic content markers\n if (typeof vnode === 'function') {\n try {\n return `<!--$-->${_renderHydratable(vnode())}<!--/$-->`;\n } catch (e) {\n if (typeof process !== 'undefined' && process.env?.NODE_ENV !== 'production') {\n console.warn('[what-server] Error rendering reactive function in SSR:', e.message);\n }\n return '<!--$--><!--/$-->';\n }\n }\n\n // Array \u2014 wrap in list markers\n if (Array.isArray(vnode)) {\n return `<!--[]-->${vnode.map(_renderHydratable).join('')}<!--/[]-->`;\n }\n\n // Component \u2014 add hydration key to root element\n if (typeof vnode.tag === 'function') {\n const hkId = nextHydrationId();\n const result = vnode.tag({ ...vnode.props, children: vnode.children });\n const html = _renderHydratable(result);\n // Inject data-hk into the first element tag if present\n return injectHydrationKey(html, hkId);\n }\n\n // Element\n const { tag, props, children } = vnode;\n const attrs = renderAttrs(props || {});\n const open = `<${tag}${attrs}>`;\n\n // Void elements\n if (VOID_ELEMENTS.has(tag)) return open;\n\n const rawInner = _resolveInnerHTML(props);\n const inner = rawInner != null ? String(rawInner) : children.map(_renderHydratable).join('');\n return `${open}${inner}</${tag}>`;\n}\n\n// Inject data-hk=\"id\" into the first HTML opening tag\nfunction injectHydrationKey(html, hkId) {\n // Skip comment markers to find the first real element\n const match = html.match(/^((?:<!--.*?-->)*)<([a-zA-Z][a-zA-Z0-9-]*)/);\n if (match) {\n const prefix = match[1];\n const tagName = match[2];\n const insertAt = prefix.length + 1 + tagName.length; // after '<tagName'\n return html.slice(0, insertAt) + ` data-hk=\"${hkId}\"` + html.slice(insertAt);\n }\n return html;\n}\n\n// --- Render to String ---\n// Renders a VNode tree to an HTML string. Used for SSR and static gen.\n\nexport function renderToString(vnode) {\n if (vnode == null || vnode === false || vnode === true) return '';\n\n // Text\n if (typeof vnode === 'string' || typeof vnode === 'number') {\n return escapeHtml(String(vnode));\n }\n\n // Signal \u2014 unwrap by calling it\n if (typeof vnode === 'function' && vnode._signal) {\n return renderToString(vnode());\n }\n\n // Reactive function child \u2014 call to get value\n if (typeof vnode === 'function') {\n try {\n return renderToString(vnode());\n } catch (e) {\n if (typeof process !== 'undefined' && process.env?.NODE_ENV !== 'production') {\n console.warn('[what-server] Error rendering reactive function in SSR:', e.message);\n }\n return '';\n }\n }\n\n // Array\n if (Array.isArray(vnode)) {\n return vnode.map(renderToString).join('');\n }\n\n // Component\n if (typeof vnode.tag === 'function') {\n const result = vnode.tag({ ...vnode.props, children: vnode.children });\n return renderToString(result);\n }\n\n // Element\n const { tag, props, children } = vnode;\n const attrs = renderAttrs(props || {});\n const open = `<${tag}${attrs}>`;\n\n // Void elements\n if (VOID_ELEMENTS.has(tag)) return open;\n\n const rawInner = _resolveInnerHTML(props);\n const inner = rawInner != null ? String(rawInner) : children.map(renderToString).join('');\n return `${open}${inner}</${tag}>`;\n}\n\n// --- Stream Render ---\n// Returns an async iterator for streaming SSR.\n\nexport async function* renderToStream(vnode) {\n if (vnode == null || vnode === false || vnode === true) return;\n\n if (typeof vnode === 'string' || typeof vnode === 'number') {\n yield escapeHtml(String(vnode));\n return;\n }\n\n // Signal \u2014 unwrap by calling it\n if (typeof vnode === 'function' && vnode._signal) {\n yield* renderToStream(vnode());\n return;\n }\n\n // Reactive function child \u2014 call to get value\n if (typeof vnode === 'function') {\n try {\n yield* renderToStream(vnode());\n } catch (e) {\n if (typeof process !== 'undefined' && process.env?.NODE_ENV !== 'production') {\n console.warn('[what-server] Error rendering reactive function in stream SSR:', e.message);\n }\n }\n return;\n }\n\n if (Array.isArray(vnode)) {\n for (const child of vnode) {\n yield* renderToStream(child);\n }\n return;\n }\n\n if (typeof vnode.tag === 'function') {\n try {\n const result = vnode.tag({ ...vnode.props, children: vnode.children });\n // Support async components\n const resolved = result instanceof Promise ? await result : result;\n yield* renderToStream(resolved);\n } catch (e) {\n if (typeof process !== 'undefined' && process.env?.NODE_ENV !== 'production') {\n console.warn('[what-server] Error rendering component in stream SSR:', e.message);\n }\n yield _isDevMode\n ? `<!-- SSR Error: ${escapeHtml(e.message || 'Component error')} -->`\n : `<!-- SSR Error -->`;\n }\n return;\n }\n\n const { tag, props, children } = vnode;\n const attrs = renderAttrs(props || {});\n yield `<${tag}${attrs}>`;\n\n if (!VOID_ELEMENTS.has(tag)) {\n const rawInner = _resolveInnerHTML(props);\n if (rawInner != null) {\n yield String(rawInner);\n } else {\n for (const child of children) {\n yield* renderToStream(child);\n }\n }\n yield `</${tag}>`;\n }\n}\n\n// --- Static Site Generation ---\n\nexport function definePage(config) {\n return {\n // 'static' = pre-render at build time (default)\n // 'server' = render on each request\n // 'client' = render in browser (SPA)\n // 'hybrid' = static shell + islands\n mode: 'static',\n ...config,\n };\n}\n\n// Generate static HTML for a page\nexport function generateStaticPage(page, data = {}) {\n const vnode = page.component(data);\n const html = renderToString(vnode);\n const islands = page.islands || [];\n\n return wrapDocument({\n title: page.title || '',\n meta: page.meta || {},\n body: html,\n islands,\n scripts: page.mode === 'static' ? [] : page.scripts || [],\n styles: page.styles || [],\n mode: page.mode,\n });\n}\n\nfunction wrapDocument({ title, meta, body, islands, scripts, styles, mode }) {\n const metaTags = Object.entries(meta)\n .map(([name, content]) => `<meta name=\"${escapeHtml(name)}\" content=\"${escapeHtml(content)}\">`)\n .join('\\n ');\n\n const styleTags = styles\n .map(href => `<link rel=\"stylesheet\" href=\"${escapeHtml(href)}\">`)\n .join('\\n ');\n\n const islandScript = islands.length > 0 ? `\n <script type=\"module\">\n import { hydrateIslands } from '/@what/islands.js';\n hydrateIslands();\n </script>` : '';\n\n const scriptTags = scripts\n .map(src => `<script type=\"module\" src=\"${escapeHtml(src)}\"></script>`)\n .join('\\n ');\n\n const clientScript = mode === 'client' ? `\n <script type=\"module\" src=\"/@what/client.js\"></script>` : '';\n\n return `<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n ${metaTags}\n <title>${escapeHtml(title)}</title>\n ${styleTags}\n </head>\n <body>\n <div id=\"app\">${body}</div>\n ${islandScript}\n ${scriptTags}\n ${clientScript}\n </body>\n</html>`;\n}\n\n// --- Server Component ---\n// Renders on the server, sends HTML to client. No JS shipped.\n\nexport function server(Component) {\n Component._server = true;\n return Component;\n}\n\n// --- Helpers ---\n\n// Dev-mode flag for server\nconst _isDevMode = typeof process !== 'undefined'\n ? process.env?.NODE_ENV !== 'production'\n : true;\n\n/**\n * Resolve innerHTML / dangerouslySetInnerHTML from props.\n * Requires { __html: ... } wrapper. Plain string innerHTML is rejected (XSS prevention).\n */\nfunction _resolveInnerHTML(props) {\n if (!props) return null;\n\n // dangerouslySetInnerHTML always requires { __html }\n if (props.dangerouslySetInnerHTML) {\n return props.dangerouslySetInnerHTML.__html ?? null;\n }\n\n // innerHTML with { __html } wrapper \u2014 allowed\n if (props.innerHTML && typeof props.innerHTML === 'object' && '__html' in props.innerHTML) {\n return props.innerHTML.__html ?? null;\n }\n\n // innerHTML as plain string \u2014 reject with warning\n if (props.innerHTML != null && typeof props.innerHTML === 'string') {\n if (_isDevMode) {\n console.warn(\n '[what-server] innerHTML received a raw string. This is a security risk (XSS). ' +\n 'Use innerHTML={{ __html: trustedString }} or dangerouslySetInnerHTML={{ __html: trustedString }} instead.'\n );\n }\n return null;\n }\n\n return null;\n}\n\nfunction renderAttrs(props) {\n let out = '';\n for (const [key, val] of Object.entries(props)) {\n if (key === 'key' || key === 'ref' || key === 'children' || key === 'dangerouslySetInnerHTML' || key === 'innerHTML') continue;\n if (key.startsWith('on') && key.length > 2) continue; // Skip event handlers in SSR\n if (val === false || val == null) continue;\n\n if (key === 'className' || key === 'class') {\n out += ` class=\"${escapeHtml(String(val))}\"`;\n } else if (key === 'style' && typeof val === 'object') {\n const css = Object.entries(val)\n .map(([p, v]) => `${camelToKebab(p)}:${v}`)\n .join(';');\n out += ` style=\"${escapeHtml(css)}\"`;\n } else if (val === true) {\n // ARIA attributes require explicit =\"true\", HTML boolean attrs can be bare\n if (key.startsWith('aria-') || key === 'role') {\n out += ` ${key}=\"true\"`;\n } else {\n out += ` ${key}`;\n }\n } else {\n out += ` ${key}=\"${escapeHtml(String(val))}\"`;\n }\n }\n\n return out;\n}\n\nfunction escapeHtml(str) {\n return str\n .replace(/&/g, '&')\n .replace(/</g, '<')\n .replace(/>/g, '>')\n .replace(/\"/g, '"')\n .replace(/'/g, ''');\n}\n\nfunction camelToKebab(str) {\n if (str.startsWith('--')) return str; // CSS custom properties (variables) \u2014 leave unchanged\n return str.replace(/([A-Z])/g, '-$1').toLowerCase();\n}\n\nconst VOID_ELEMENTS = new Set([\n 'area', 'base', 'br', 'col', 'embed', 'hr', 'img', 'input',\n 'link', 'meta', 'param', 'source', 'track', 'wbr',\n]);\n\n// Re-export server actions\nexport {\n action,\n formAction,\n useAction,\n useFormAction,\n useOptimistic,\n useMutation,\n onRevalidate,\n invalidatePath,\n handleActionRequest,\n getRegisteredActions,\n generateCsrfToken,\n validateCsrfToken,\n csrfMetaTag,\n} from './actions.js';\n", "// What Framework - Server Actions\n// Call server-side functions from client code seamlessly.\n// Similar to Next.js Server Actions / SolidStart server functions.\n//\n// Usage:\n// // Define on server\n// const saveUser = action(async (formData) => {\n// 'use server';\n// const user = await db.users.create(formData);\n// return { success: true, id: user.id };\n// });\n//\n// // Call from client\n// const result = await saveUser({ name: 'John' });\n\nimport { signal, batch } from 'what-core';\n\n// Registry of server actions\nconst actionRegistry = new Map();\n\n// --- CSRF Protection ---\n// Server generates a token per session; client sends it with every action request.\n// The token is injected into the page via a meta tag or embedded in the server response.\n\n// Client: read the CSRF token from the page meta tag or cookie\n// Re-reads on every call to handle token rotation\nfunction getCsrfToken() {\n if (typeof document !== 'undefined') {\n // Try meta tag first\n const meta = document.querySelector('meta[name=\"what-csrf-token\"]');\n if (meta) {\n return meta.getAttribute('content');\n }\n // Try cookie\n const match = document.cookie.match(/(?:^|;\\s*)what-csrf=([^;]+)/);\n if (match) {\n return decodeURIComponent(match[1]);\n }\n }\n return null;\n}\n\n// Server: generate a CSRF token (call this per session/request)\nexport function generateCsrfToken() {\n if (typeof crypto !== 'undefined' && crypto.randomUUID) {\n return crypto.randomUUID();\n }\n // Fallback for environments without crypto.randomUUID \u2014 use crypto.getRandomValues\n if (typeof crypto !== 'undefined' && crypto.getRandomValues) {\n const arr = new Uint8Array(16);\n crypto.getRandomValues(arr);\n return Array.from(arr, b => b.toString(16).padStart(2, '0')).join('');\n }\n // Last resort \u2014 should not be reached in modern environments\n throw new Error('[what] No secure random source available for CSRF token generation');\n}\n\n// Server: validate CSRF token from request header against session token\nexport function validateCsrfToken(requestToken, sessionToken) {\n if (!requestToken || !sessionToken) return false;\n // Constant-time comparison to prevent timing attacks\n if (requestToken.length !== sessionToken.length) return false;\n let result = 0;\n for (let i = 0; i < requestToken.length; i++) {\n result |= requestToken.charCodeAt(i) ^ sessionToken.charCodeAt(i);\n }\n return result === 0;\n}\n\n// Server: middleware helper to inject CSRF meta tag into HTML\nexport function csrfMetaTag(token) {\n // HTML-escape the token to prevent XSS if a non-standard value is used\n const escaped = String(token).replace(/&/g, '&').replace(/\"/g, '"').replace(/</g, '<').replace(/>/g, '>');\n return `<meta name=\"what-csrf-token\" content=\"${escaped}\">`;\n}\n\n// --- Define a server action ---\n\nfunction generateActionId() {\n // Generate a random ID that's not easily enumerable\n const rand = typeof crypto !== 'undefined' && crypto.getRandomValues\n ? Array.from(crypto.getRandomValues(new Uint8Array(6)), b => b.toString(16).padStart(2, '0')).join('')\n : Math.random().toString(36).slice(2, 10) + Date.now().toString(36);\n return `a_${rand}`;\n}\n\nexport function action(fn, options = {}) {\n const id = options.id || generateActionId();\n const { onError, onSuccess, revalidate } = options;\n\n // Server-side: register the action\n if (typeof window === 'undefined') {\n actionRegistry.set(id, { fn, options });\n }\n\n // Create the callable wrapper\n async function callAction(...args) {\n // Server-side: call directly\n if (typeof window === 'undefined') {\n return fn(...args);\n }\n\n // Client-side: call via fetch with timeout support\n const timeout = options.timeout || 30000; // Default 30s timeout\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), timeout);\n\n try {\n const csrfToken = getCsrfToken();\n const headers = {\n 'Content-Type': 'application/json',\n 'X-What-Action': id,\n };\n if (csrfToken) headers['X-CSRF-Token'] = csrfToken;\n\n const response = await fetch('/__what_action', {\n method: 'POST',\n headers,\n credentials: 'same-origin',\n signal: controller.signal,\n body: JSON.stringify({ args }),\n });\n\n if (!response.ok) {\n const error = await response.json().catch(() => ({ message: 'Action failed' }));\n throw new Error(error.message || 'Action failed');\n }\n\n const result = await response.json();\n\n if (onSuccess) onSuccess(result);\n if (revalidate) {\n // Trigger revalidation of specified paths\n for (const path of revalidate) {\n invalidatePath(path);\n }\n }\n\n return result;\n } catch (error) {\n if (error.name === 'AbortError') {\n const timeoutError = new Error(`Action \"${id}\" timed out after ${timeout}ms`);\n timeoutError.code = 'TIMEOUT';\n if (onError) onError(timeoutError);\n throw timeoutError;\n }\n if (onError) onError(error);\n throw error;\n } finally {\n clearTimeout(timeoutId);\n }\n }\n\n callAction._actionId = id;\n callAction._isAction = true;\n\n return callAction;\n}\n\n// --- Form action helper ---\n// For forms that submit to server actions.\n\nexport function formAction(actionFn, options = {}) {\n const { onSuccess, onError, resetOnSuccess = true } = options;\n\n return async (formDataOrEvent) => {\n let formData;\n let form;\n\n if (formDataOrEvent instanceof Event) {\n formDataOrEvent.preventDefault();\n form = formDataOrEvent.target;\n formData = new FormData(form);\n } else {\n formData = formDataOrEvent;\n }\n\n // Convert FormData to plain object, preserving File instances\n const data = {};\n let hasFiles = false;\n for (const [key, value] of formData.entries()) {\n if (typeof File !== 'undefined' && value instanceof File) {\n hasFiles = true;\n }\n if (data[key]) {\n // Handle multiple values (e.g., checkboxes, multi-file inputs)\n if (Array.isArray(data[key])) {\n data[key].push(value);\n } else {\n data[key] = [data[key], value];\n }\n } else {\n data[key] = value;\n }\n }\n\n try {\n // If form contains files, pass the raw FormData as second arg\n // so the action handler can access files directly\n const result = hasFiles\n ? await actionFn(data, formData)\n : await actionFn(data);\n if (onSuccess) onSuccess(result, form);\n if (resetOnSuccess && form) form.reset();\n return result;\n } catch (error) {\n if (onError) onError(error, form);\n throw error;\n }\n };\n}\n\n// --- useAction hook ---\n// Returns action state and trigger function.\n\nexport function useAction(actionFn) {\n const isPending = signal(false);\n const error = signal(null);\n const data = signal(null);\n\n async function trigger(...args) {\n isPending.set(true);\n error.set(null);\n\n try {\n const result = await actionFn(...args);\n data.set(result);\n return result;\n } catch (e) {\n error.set(e);\n throw e;\n } finally {\n isPending.set(false);\n }\n }\n\n return {\n trigger,\n isPending: () => isPending(),\n error: () => error(),\n data: () => data(),\n reset: () => {\n error.set(null);\n data.set(null);\n },\n };\n}\n\n// --- useFormAction hook ---\n// Combines useAction with form handling.\n\nexport function useFormAction(actionFn, options = {}) {\n const { resetOnSuccess = true } = options;\n const formRef = { current: null };\n const actionState = useAction(formAction(actionFn, { resetOnSuccess }));\n\n function handleSubmit(e) {\n e.preventDefault();\n const formData = new FormData(e.target);\n formRef.current = e.target;\n return actionState.trigger(formData);\n }\n\n return {\n ...actionState,\n handleSubmit,\n formRef,\n };\n}\n\n// --- Optimistic updates ---\n\nexport function useOptimistic(initialValue, reducer) {\n const value = signal(initialValue);\n const pending = signal([]);\n const baseValue = signal(initialValue); // Track the confirmed server value\n\n function addOptimistic(action) {\n const optimisticValue = reducer(value.peek(), action);\n batch(() => {\n pending.set([...pending.peek(), action]);\n value.set(optimisticValue);\n });\n }\n\n function resolve(action, serverValue) {\n batch(() => {\n pending.set(pending.peek().filter(a => a !== action));\n if (serverValue !== undefined) {\n baseValue.set(serverValue);\n // Recompute optimistic state from new base + remaining pending actions\n let current = serverValue;\n for (const a of pending.peek()) {\n current = reducer(current, a);\n }\n value.set(current);\n }\n });\n }\n\n function rollback(action, realValue) {\n batch(() => {\n const newPending = pending.peek().filter(a => a !== action);\n pending.set(newPending);\n const base = realValue !== undefined ? realValue : baseValue.peek();\n baseValue.set(base);\n // Recompute from base + remaining pending actions\n let current = base;\n for (const a of newPending) {\n current = reducer(current, a);\n }\n value.set(current);\n });\n }\n\n // Auto-rollback helper: wraps an async action with automatic rollback on error\n async function withOptimistic(action, asyncFn) {\n addOptimistic(action);\n try {\n const result = await asyncFn();\n resolve(action, result);\n return result;\n } catch (e) {\n rollback(action);\n throw e;\n }\n }\n\n return {\n value: () => value(),\n isPending: () => pending().length > 0,\n addOptimistic,\n resolve,\n rollback,\n withOptimistic,\n set: (v) => { value.set(v); baseValue.set(v); },\n };\n}\n\n// --- Path revalidation ---\n\nconst revalidationCallbacks = new Map();\n\nexport function onRevalidate(path, callback) {\n if (!revalidationCallbacks.has(path)) {\n revalidationCallbacks.set(path, new Set());\n }\n revalidationCallbacks.get(path).add(callback);\n\n return () => {\n revalidationCallbacks.get(path)?.delete(callback);\n };\n}\n\nexport function invalidatePath(path) {\n const callbacks = revalidationCallbacks.get(path);\n if (callbacks) {\n for (const cb of callbacks) {\n try { cb(); } catch (e) { console.error('[what] Revalidation error:', e); }\n }\n }\n}\n\n// --- Server-side action handler ---\n// Add this to your server middleware.\n\nexport function handleActionRequest(req, actionId, args, options = {}) {\n const { csrfToken: sessionCsrfToken, skipCsrf = false } = options;\n\n // Validate CSRF token unless explicitly skipped\n if (!skipCsrf) {\n if (!sessionCsrfToken) {\n // Fail closed: no CSRF token configured means the developer forgot to set it up.\n // This prevents silent security vulnerabilities in production.\n return Promise.resolve({\n status: 500,\n body: {\n message: '[what] CSRF token not configured. ' +\n 'Pass { csrfToken: sessionToken } to handleActionRequest, ' +\n 'or { skipCsrf: true } to explicitly opt out.'\n }\n });\n }\n const requestCsrfToken = req?.headers?.['x-csrf-token'] || req?.headers?.['X-CSRF-Token'];\n if (!validateCsrfToken(requestCsrfToken, sessionCsrfToken)) {\n return Promise.resolve({ status: 403, body: { message: 'Invalid CSRF token' } });\n }\n }\n\n const action = actionRegistry.get(actionId);\n if (!action) {\n return Promise.resolve({ status: 404, body: { message: 'Action not found' } });\n }\n\n // Validate args is an array to prevent prototype pollution\n if (!Array.isArray(args)) {\n return Promise.resolve({ status: 400, body: { message: 'Invalid action arguments' } });\n }\n\n return action.fn(...args)\n .then(result => ({ status: 200, body: result }))\n .catch(error => {\n // Log the full error server-side, return generic message to client\n console.error(`[what] Action \"${actionId}\" error:`, error);\n return {\n status: 500,\n body: { message: 'Action failed' },\n };\n });\n}\n\n// --- Get all registered actions (for SSR/build) ---\n\nexport function getRegisteredActions() {\n return [...actionRegistry.keys()];\n}\n\n// --- Mutation helper ---\n// Like useSWR mutation but simpler.\n\nexport function useMutation(mutationFn, options = {}) {\n const { onSuccess, onError, onSettled } = options;\n\n const state = {\n isPending: signal(false),\n error: signal(null),\n data: signal(null),\n };\n\n async function mutate(...args) {\n state.isPending.set(true);\n state.error.set(null);\n\n try {\n const result = await mutationFn(...args);\n state.data.set(result);\n if (onSuccess) onSuccess(result, ...args);\n return result;\n } catch (error) {\n state.error.set(error);\n if (onError) onError(error, ...args);\n throw error;\n } finally {\n state.isPending.set(false);\n if (onSettled) onSettled(state.data.peek(), state.error.peek(), ...args);\n }\n }\n\n return {\n mutate,\n isPending: () => state.isPending(),\n error: () => state.error(),\n data: () => state.data(),\n reset: () => {\n state.error.set(null);\n state.data.set(null);\n },\n };\n}\n"],
|
|
5
|
-
"mappings": "AAIA,MAAkB,YCWlB,OAAS,UAAAA,EAAQ,SAAAC,MAAa,YAG9B,IAAMC,EAAiB,IAAI,IAQ3B,SAASC,GAAe,CACtB,GAAI,OAAO,SAAa,IAAa,CAEnC,IAAMC,EAAO,SAAS,cAAc,8BAA8B,EAClE,GAAIA,EACF,OAAOA,EAAK,aAAa,SAAS,EAGpC,IAAMC,EAAQ,SAAS,OAAO,MAAM,6BAA6B,EACjE,GAAIA,EACF,OAAO,mBAAmBA,EAAM,CAAC,CAAC,CAEtC,CACA,OAAO,IACT,CAGO,SAASC,GAAoB,CAClC,GAAI,OAAO,OAAW,KAAe,OAAO,WAC1C,OAAO,OAAO,WAAW,EAG3B,GAAI,OAAO,OAAW,KAAe,OAAO,gBAAiB,CAC3D,IAAMC,EAAM,IAAI,WAAW,EAAE,EAC7B,cAAO,gBAAgBA,CAAG,EACnB,MAAM,KAAKA,EAAKC,GAAKA,EAAE,SAAS,EAAE,EAAE,SAAS,EAAG,GAAG,CAAC,EAAE,KAAK,EAAE,CACtE,CAEA,MAAM,IAAI,MAAM,oEAAoE,CACtF,CAGO,SAASC,EAAkBC,EAAcC,EAAc,CAG5D,GAFI,CAACD,GAAgB,CAACC,GAElBD,EAAa,SAAWC,EAAa,OAAQ,MAAO,GACxD,IAAIC,EAAS,EACb,QAASC,EAAI,EAAGA,EAAIH,EAAa,OAAQG,IACvCD,GAAUF,EAAa,WAAWG,CAAC,EAAIF,EAAa,WAAWE,CAAC,EAElE,OAAOD,IAAW,CACpB,CAGO,SAASE,EAAYC,EAAO,CAGjC,MAAO,yCADS,OAAOA,CAAK,EAAE,QAAQ,KAAM,OAAO,EAAE,QAAQ,KAAM,QAAQ,EAAE,QAAQ,KAAM,MAAM,EAAE,QAAQ,KAAM,MAAM,CAChE,IACzD,CAIA,SAASC,GAAmB,CAK1B,MAAO,KAHM,OAAO,OAAW,KAAe,OAAO,gBACjD,MAAM,KAAK,OAAO,gBAAgB,IAAI,WAAW,CAAC,CAAC,EAAGR,GAAKA,EAAE,SAAS,EAAE,EAAE,SAAS,EAAG,GAAG,CAAC,EAAE,KAAK,EAAE,EACnG,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,EAAG,EAAE,EAAI,KAAK,IAAI,EAAE,SAAS,EAAE,CACpD,EAClB,CAEO,SAASS,EAAOC,EAAIC,EAAU,CAAC,EAAG,CACvC,IAAMC,EAAKD,EAAQ,IAAMH,EAAiB,EACpC,CAAE,QAAAK,EAAS,UAAAC,EAAW,WAAAC,CAAW,EAAIJ,EAGvC,OAAO,OAAW,KACpBjB,EAAe,IAAIkB,EAAI,CAAE,GAAAF,EAAI,QAAAC,CAAQ,CAAC,EAIxC,eAAeK,KAAcC,EAAM,CAEjC,GAAI,OAAO,OAAW,IACpB,OAAOP,EAAG,GAAGO,CAAI,EAInB,IAAMC,EAAUP,EAAQ,SAAW,IAC7BQ,EAAa,IAAI,gBACjBC,EAAY,WAAW,IAAMD,EAAW,MAAM,EAAGD,CAAO,EAE9D,GAAI,CACF,IAAMG,EAAY1B,EAAa,EACzB2B,EAAU,CACd,eAAgB,mBAChB,gBAAiBV,CACnB,EACIS,IAAWC,EAAQ,cAAc,EAAID,GAEzC,IAAME,EAAW,MAAM,MAAM,iBAAkB,CAC7C,OAAQ,OACR,QAAAD,EACA,YAAa,cACb,OAAQH,EAAW,OACnB,KAAM,KAAK,UAAU,CAAE,KAAAF,CAAK,CAAC,CAC/B,CAAC,EAED,GAAI,CAACM,EAAS,GAAI,CAChB,IAAMC,EAAQ,MAAMD,EAAS,KAAK,EAAE,MAAM,KAAO,CAAE,QAAS,eAAgB,EAAE,EAC9E,MAAM,IAAI,MAAMC,EAAM,SAAW,eAAe,CAClD,CAEA,IAAMpB,EAAS,MAAMmB,EAAS,KAAK,EAGnC,GADIT,GAAWA,EAAUV,CAAM,EAC3BW,EAEF,QAAWU,KAAQV,EACjBW,EAAeD,CAAI,EAIvB,OAAOrB,CACT,OAASoB,EAAO,CACd,GAAIA,EAAM,OAAS,aAAc,CAC/B,IAAMG,EAAe,IAAI,MAAM,WAAWf,CAAE,qBAAqBM,CAAO,IAAI,EAC5E,MAAAS,EAAa,KAAO,UAChBd,GAASA,EAAQc,CAAY,EAC3BA,CACR,CACA,MAAId,GAASA,EAAQW,CAAK,EACpBA,CACR,QAAE,CACA,aAAaJ,CAAS,CACxB,CACF,CAEA,OAAAJ,EAAW,UAAYJ,EACvBI,EAAW,UAAY,GAEhBA,CACT,CAKO,SAASY,EAAWC,EAAUlB,EAAU,CAAC,EAAG,CACjD,GAAM,CAAE,UAAAG,EAAW,QAAAD,EAAS,eAAAiB,EAAiB,EAAK,EAAInB,EAEtD,MAAO,OAAOoB,GAAoB,CAChC,IAAIC,EACAC,EAEAF,aAA2B,OAC7BA,EAAgB,eAAe,EAC/BE,EAAOF,EAAgB,OACvBC,EAAW,IAAI,SAASC,CAAI,GAE5BD,EAAWD,EAIb,IAAMG,EAAO,CAAC,EACVC,EAAW,GACf,OAAW,CAACC,EAAKC,CAAK,IAAKL,EAAS,QAAQ,EACtC,OAAO,KAAS,KAAeK,aAAiB,OAClDF,EAAW,IAETD,EAAKE,CAAG,EAEN,MAAM,QAAQF,EAAKE,CAAG,CAAC,EACzBF,EAAKE,CAAG,EAAE,KAAKC,CAAK,EAEpBH,EAAKE,CAAG,EAAI,CAACF,EAAKE,CAAG,EAAGC,CAAK,EAG/BH,EAAKE,CAAG,EAAIC,EAIhB,GAAI,CAGF,IAAMjC,EAAS+B,EACX,MAAMN,EAASK,EAAMF,CAAQ,EAC7B,MAAMH,EAASK,CAAI,EACvB,OAAIpB,GAAWA,EAAUV,EAAQ6B,CAAI,EACjCH,GAAkBG,GAAMA,EAAK,MAAM,EAChC7B,CACT,OAASoB,EAAO,CACd,MAAIX,GAASA,EAAQW,EAAOS,CAAI,EAC1BT,CACR,CACF,CACF,CAKO,SAASc,EAAUT,EAAU,CAClC,IAAMU,EAAY/C,EAAO,EAAK,EACxBgC,EAAQhC,EAAO,IAAI,EACnB0C,EAAO1C,EAAO,IAAI,EAExB,eAAegD,KAAWvB,EAAM,CAC9BsB,EAAU,IAAI,EAAI,EAClBf,EAAM,IAAI,IAAI,EAEd,GAAI,CACF,IAAMpB,EAAS,MAAMyB,EAAS,GAAGZ,CAAI,EACrC,OAAAiB,EAAK,IAAI9B,CAAM,EACRA,CACT,OAASqC,EAAG,CACV,MAAAjB,EAAM,IAAIiB,CAAC,EACLA,CACR,QAAE,CACAF,EAAU,IAAI,EAAK,CACrB,CACF,CAEA,MAAO,CACL,QAAAC,EACA,UAAW,IAAMD,EAAU,EAC3B,MAAO,IAAMf,EAAM,EACnB,KAAM,IAAMU,EAAK,EACjB,MAAO,IAAM,CACXV,EAAM,IAAI,IAAI,EACdU,EAAK,IAAI,IAAI,CACf,CACF,CACF,CAKO,SAASQ,EAAcb,EAAUlB,EAAU,CAAC,EAAG,CACpD,GAAM,CAAE,eAAAmB,EAAiB,EAAK,EAAInB,EAC5BgC,EAAU,CAAE,QAAS,IAAK,EAC1BC,EAAcN,EAAUV,EAAWC,EAAU,CAAE,eAAAC,CAAe,CAAC,CAAC,EAEtE,SAASe,EAAaJ,EAAG,CACvBA,EAAE,eAAe,EACjB,IAAMT,EAAW,IAAI,SAASS,EAAE,MAAM,EACtC,OAAAE,EAAQ,QAAUF,EAAE,OACbG,EAAY,QAAQZ,CAAQ,CACrC,CAEA,MAAO,CACL,GAAGY,EACH,aAAAC,EACA,QAAAF,CACF,CACF,CAIO,SAASG,EAAcC,EAAcC,EAAS,CACnD,IAAMX,EAAQ7C,EAAOuD,CAAY,EAC3BE,EAAUzD,EAAO,CAAC,CAAC,EACnB0D,EAAY1D,EAAOuD,CAAY,EAErC,SAASI,EAAc1C,EAAQ,CAC7B,IAAM2C,EAAkBJ,EAAQX,EAAM,KAAK,EAAG5B,CAAM,EACpDhB,EAAM,IAAM,CACVwD,EAAQ,IAAI,CAAC,GAAGA,EAAQ,KAAK,EAAGxC,CAAM,CAAC,EACvC4B,EAAM,IAAIe,CAAe,CAC3B,CAAC,CACH,CAEA,SAASC,EAAQ5C,EAAQ6C,EAAa,CACpC7D,EAAM,IAAM,CAEV,GADAwD,EAAQ,IAAIA,EAAQ,KAAK,EAAE,OAAOM,GAAKA,IAAM9C,CAAM,CAAC,EAChD6C,IAAgB,OAAW,CAC7BJ,EAAU,IAAII,CAAW,EAEzB,IAAIE,EAAUF,EACd,QAAWC,KAAKN,EAAQ,KAAK,EAC3BO,EAAUR,EAAQQ,EAASD,CAAC,EAE9BlB,EAAM,IAAImB,CAAO,CACnB,CACF,CAAC,CACH,CAEA,SAASC,EAAShD,EAAQiD,EAAW,CACnCjE,EAAM,IAAM,CACV,IAAMkE,EAAaV,EAAQ,KAAK,EAAE,OAAOM,GAAKA,IAAM9C,CAAM,EAC1DwC,EAAQ,IAAIU,CAAU,EACtB,IAAMC,EAAOF,IAAc,OAAYA,EAAYR,EAAU,KAAK,EAClEA,EAAU,IAAIU,CAAI,EAElB,IAAIJ,EAAUI,EACd,QAAWL,KAAKI,EACdH,EAAUR,EAAQQ,EAASD,CAAC,EAE9BlB,EAAM,IAAImB,CAAO,CACnB,CAAC,CACH,CAGA,eAAeK,EAAepD,EAAQqD,EAAS,CAC7CX,EAAc1C,CAAM,EACpB,GAAI,CACF,IAAML,EAAS,MAAM0D,EAAQ,EAC7B,OAAAT,EAAQ5C,EAAQL,CAAM,EACfA,CACT,OAASqC,EAAG,CACV,MAAAgB,EAAShD,CAAM,EACTgC,CACR,CACF,CAEA,MAAO,CACL,MAAO,IAAMJ,EAAM,EACnB,UAAW,IAAMY,EAAQ,EAAE,OAAS,EACpC,cAAAE,EACA,QAAAE,EACA,SAAAI,EACA,eAAAI,EACA,IAAME,GAAM,CAAE1B,EAAM,IAAI0B,CAAC,EAAGb,EAAU,IAAIa,CAAC,CAAG,CAChD,CACF,CAIA,IAAMC,EAAwB,IAAI,IAE3B,SAASC,EAAaxC,EAAMyC,EAAU,CAC3C,OAAKF,EAAsB,IAAIvC,CAAI,GACjCuC,EAAsB,IAAIvC,EAAM,IAAI,GAAK,EAE3CuC,EAAsB,IAAIvC,CAAI,EAAE,IAAIyC,CAAQ,EAErC,IAAM,CACXF,EAAsB,IAAIvC,CAAI,GAAG,OAAOyC,CAAQ,CAClD,CACF,CAEO,SAASxC,EAAeD,EAAM,CACnC,IAAM0C,EAAYH,EAAsB,IAAIvC,CAAI,EAChD,GAAI0C,EACF,QAAWC,KAAMD,EACf,GAAI,CAAEC,EAAG,CAAG,OAAS3B,EAAG,CAAE,QAAQ,MAAM,6BAA8BA,CAAC,CAAG,CAGhF,CAKO,SAAS4B,EAAoBC,EAAKC,EAAUtD,EAAMN,EAAU,CAAC,EAAG,CACrE,GAAM,CAAE,UAAW6D,EAAkB,SAAAC,EAAW,EAAM,EAAI9D,EAG1D,GAAI,CAAC8D,EAAU,CACb,GAAI,CAACD,EAGH,OAAO,QAAQ,QAAQ,CACrB,OAAQ,IACR,KAAM,CACJ,QAAS,yIAGX,CACF,CAAC,EAEH,IAAME,EAAmBJ,GAAK,UAAU,cAAc,GAAKA,GAAK,UAAU,cAAc,EACxF,GAAI,CAACrE,EAAkByE,EAAkBF,CAAgB,EACvD,OAAO,QAAQ,QAAQ,CAAE,OAAQ,IAAK,KAAM,CAAE,QAAS,oBAAqB,CAAE,CAAC,CAEnF,CAEA,IAAM/D,EAASf,EAAe,IAAI6E,CAAQ,EAC1C,OAAK9D,EAKA,MAAM,QAAQQ,CAAI,EAIhBR,EAAO,GAAG,GAAGQ,CAAI,EACrB,KAAKb,IAAW,CAAE,OAAQ,IAAK,KAAMA,CAAO,EAAE,EAC9C,MAAMoB,IAEL,QAAQ,MAAM,kBAAkB+C,CAAQ,WAAY/C,CAAK,EAClD,CACL,OAAQ,IACR,KAAM,CAAE,QAAS,eAAgB,CACnC,EACD,EAZM,QAAQ,QAAQ,CAAE,OAAQ,IAAK,KAAM,CAAE,QAAS,0BAA2B,CAAE,CAAC,EAL9E,QAAQ,QAAQ,CAAE,OAAQ,IAAK,KAAM,CAAE,QAAS,kBAAmB,CAAE,CAAC,CAkBjF,CAIO,SAASmD,GAAuB,CACrC,MAAO,CAAC,GAAGjF,EAAe,KAAK,CAAC,CAClC,CAKO,SAASkF,EAAYC,EAAYlE,EAAU,CAAC,EAAG,CACpD,GAAM,CAAE,UAAAG,EAAW,QAAAD,EAAS,UAAAiE,CAAU,EAAInE,EAEpCoE,EAAQ,CACZ,UAAWvF,EAAO,EAAK,EACvB,MAAOA,EAAO,IAAI,EAClB,KAAMA,EAAO,IAAI,CACnB,EAEA,eAAewF,KAAU/D,EAAM,CAC7B8D,EAAM,UAAU,IAAI,EAAI,EACxBA,EAAM,MAAM,IAAI,IAAI,EAEpB,GAAI,CACF,IAAM3E,EAAS,MAAMyE,EAAW,GAAG5D,CAAI,EACvC,OAAA8D,EAAM,KAAK,IAAI3E,CAAM,EACjBU,GAAWA,EAAUV,EAAQ,GAAGa,CAAI,EACjCb,CACT,OAASoB,EAAO,CACd,MAAAuD,EAAM,MAAM,IAAIvD,CAAK,EACjBX,GAASA,EAAQW,EAAO,GAAGP,CAAI,EAC7BO,CACR,QAAE,CACAuD,EAAM,UAAU,IAAI,EAAK,EACrBD,GAAWA,EAAUC,EAAM,KAAK,KAAK,EAAGA,EAAM,MAAM,KAAK,EAAG,GAAG9D,CAAI,CACzE,CACF,CAEA,MAAO,CACL,OAAA+D,EACA,UAAW,IAAMD,EAAM,UAAU,EACjC,MAAO,IAAMA,EAAM,MAAM,EACzB,KAAM,IAAMA,EAAM,KAAK,EACvB,MAAO,IAAM,CACXA,EAAM,MAAM,IAAI,IAAI,EACpBA,EAAM,KAAK,IAAI,IAAI,CACrB,CACF,CACF,CDncA,IAAIE,EAAsB,EAE1B,SAASC,GAAmB,CAC1BD,EAAsB,CACxB,CAEA,SAASE,GAAkB,CACzB,MAAO,IAAOF,GAChB,CAMO,SAASG,EAAyBC,EAAO,CAC9C,OAAAH,EAAiB,EACVI,EAAkBD,CAAK,CAChC,CAEA,SAASC,EAAkBD,EAAO,CAChC,GAAIA,GAAS,MAAQA,IAAU,IAASA,IAAU,GAAM,MAAO,GAG/D,GAAI,OAAOA,GAAU,UAAY,OAAOA,GAAU,SAChD,OAAOE,EAAW,OAAOF,CAAK,CAAC,EAIjC,GAAI,OAAOA,GAAU,YAAcA,EAAM,QACvC,MAAO,WAAWC,EAAkBD,EAAM,CAAC,CAAC,YAI9C,GAAI,OAAOA,GAAU,WACnB,GAAI,CACF,MAAO,WAAWC,EAAkBD,EAAM,CAAC,CAAC,WAC9C,MAAY,CACN,cAAO,QAAY,IAGhB,mBACT,CAIF,GAAI,MAAM,QAAQA,CAAK,EACrB,MAAO,YAAYA,EAAM,IAAIC,CAAiB,EAAE,KAAK,EAAE,CAAC,aAI1D,GAAI,OAAOD,EAAM,KAAQ,WAAY,CACnC,IAAMG,EAAOL,EAAgB,EACvBM,EAASJ,EAAM,IAAI,CAAE,GAAGA,EAAM,MAAO,SAAUA,EAAM,QAAS,CAAC,EAC/DK,EAAOJ,EAAkBG,CAAM,EAErC,OAAOE,EAAmBD,EAAMF,CAAI,CACtC,CAGA,GAAM,CAAE,IAAAI,EAAK,MAAAC,EAAO,SAAAC,CAAS,EAAIT,EAC3BU,EAAQC,EAAYH,GAAS,CAAC,CAAC,EAC/BI,EAAO,IAAIL,CAAG,GAAGG,CAAK,IAG5B,GAAIG,EAAc,IAAIN,CAAG,EAAG,OAAOK,EAEnC,IAAME,EAAWC,EAAkBP,CAAK,EAClCQ,EAAQF,GAAY,KAAO,OAAOA,CAAQ,EAAIL,EAAS,IAAIR,CAAiB,EAAE,KAAK,EAAE,EAC3F,MAAO,GAAGW,CAAI,GAAGI,CAAK,KAAKT,CAAG,GAChC,CAGA,SAASD,EAAmBD,EAAMF,EAAM,CAEtC,IAAMc,EAAQZ,EAAK,MAAM,4CAA4C,EACrE,GAAIY,EAAO,CACT,IAAMC,EAASD,EAAM,CAAC,EAChBE,EAAUF,EAAM,CAAC,EACjBG,EAAWF,EAAO,OAAS,EAAIC,EAAQ,OAC7C,OAAOd,EAAK,MAAM,EAAGe,CAAQ,EAAI,aAAajB,CAAI,IAAME,EAAK,MAAMe,CAAQ,CAC7E,CACA,OAAOf,CACT,CAKO,SAASgB,EAAerB,EAAO,CACpC,GAAIA,GAAS,MAAQA,IAAU,IAASA,IAAU,GAAM,MAAO,GAG/D,GAAI,OAAOA,GAAU,UAAY,OAAOA,GAAU,SAChD,OAAOE,EAAW,OAAOF,CAAK,CAAC,EAIjC,GAAI,OAAOA,GAAU,YAAcA,EAAM,QACvC,OAAOqB,EAAerB,EAAM,CAAC,EAI/B,GAAI,OAAOA,GAAU,WACnB,GAAI,CACF,OAAOqB,EAAerB,EAAM,CAAC,CAC/B,MAAY,CACN,cAAO,QAAY,IAGhB,EACT,CAIF,GAAI,MAAM,QAAQA,CAAK,EACrB,OAAOA,EAAM,IAAIqB,CAAc,EAAE,KAAK,EAAE,EAI1C,GAAI,OAAOrB,EAAM,KAAQ,WAAY,CACnC,IAAMI,EAASJ,EAAM,IAAI,CAAE,GAAGA,EAAM,MAAO,SAAUA,EAAM,QAAS,CAAC,EACrE,OAAOqB,EAAejB,CAAM,CAC9B,CAGA,GAAM,CAAE,IAAAG,EAAK,MAAAC,EAAO,SAAAC,CAAS,EAAIT,EAC3BU,EAAQC,EAAYH,GAAS,CAAC,CAAC,EAC/BI,EAAO,IAAIL,CAAG,GAAGG,CAAK,IAG5B,GAAIG,EAAc,IAAIN,CAAG,EAAG,OAAOK,EAEnC,IAAME,EAAWC,EAAkBP,CAAK,EAClCQ,EAAQF,GAAY,KAAO,OAAOA,CAAQ,EAAIL,EAAS,IAAIY,CAAc,EAAE,KAAK,EAAE,EACxF,MAAO,GAAGT,CAAI,GAAGI,CAAK,KAAKT,CAAG,GAChC,CAKA,eAAuBe,EAAetB,EAAO,CAC3C,GAAIA,GAAS,MAAQA,IAAU,IAASA,IAAU,GAAM,OAExD,GAAI,OAAOA,GAAU,UAAY,OAAOA,GAAU,SAAU,CAC1D,MAAME,EAAW,OAAOF,CAAK,CAAC,EAC9B,MACF,CAGA,GAAI,OAAOA,GAAU,YAAcA,EAAM,QAAS,CAChD,MAAOsB,EAAetB,EAAM,CAAC,EAC7B,MACF,CAGA,GAAI,OAAOA,GAAU,WAAY,CAC/B,GAAI,CACF,MAAOsB,EAAetB,EAAM,CAAC,CAC/B,MAAY,CACN,OAAO,QAAY,GAGzB,CACA,MACF,CAEA,GAAI,MAAM,QAAQA,CAAK,EAAG,CACxB,QAAWuB,KAASvB,EAClB,MAAOsB,EAAeC,CAAK,EAE7B,MACF,CAEA,GAAI,OAAOvB,EAAM,KAAQ,WAAY,CACnC,GAAI,CACF,IAAMI,EAASJ,EAAM,IAAI,CAAE,GAAGA,EAAM,MAAO,SAAUA,EAAM,QAAS,CAAC,EAE/DwB,EAAWpB,aAAkB,QAAU,MAAMA,EAASA,EAC5D,MAAOkB,EAAeE,CAAQ,CAChC,OAASC,EAAG,CACN,OAAO,QAAY,IAGvB,MAAMC,EACF,mBAAmBxB,EAAWuB,EAAE,SAAW,iBAAiB,CAAC,OAC7D,oBACN,CACA,MACF,CAEA,GAAM,CAAE,IAAAlB,EAAK,MAAAC,EAAO,SAAAC,CAAS,EAAIT,EAC3BU,EAAQC,EAAYH,GAAS,CAAC,CAAC,EAGrC,GAFA,KAAM,IAAID,CAAG,GAAGG,CAAK,IAEjB,CAACG,EAAc,IAAIN,CAAG,EAAG,CAC3B,IAAMO,EAAWC,EAAkBP,CAAK,EACxC,GAAIM,GAAY,KACd,MAAM,OAAOA,CAAQ,MAErB,SAAWS,KAASd,EAClB,MAAOa,EAAeC,CAAK,EAG/B,KAAM,KAAKhB,CAAG,GAChB,CACF,CAIO,SAASoB,GAAWC,EAAQ,CACjC,MAAO,CAKL,KAAM,SACN,GAAGA,CACL,CACF,CAGO,SAASC,GAAmBC,EAAMC,EAAO,CAAC,EAAG,CAClD,IAAM/B,EAAQ8B,EAAK,UAAUC,CAAI,EAC3B1B,EAAOgB,EAAerB,CAAK,EAC3BgC,EAAUF,EAAK,SAAW,CAAC,EAEjC,OAAOG,EAAa,CAClB,MAAOH,EAAK,OAAS,GACrB,KAAMA,EAAK,MAAQ,CAAC,EACpB,KAAMzB,EACN,QAAA2B,EACA,QAASF,EAAK,OAAS,SAAW,CAAC,EAAIA,EAAK,SAAW,CAAC,EACxD,OAAQA,EAAK,QAAU,CAAC,EACxB,KAAMA,EAAK,IACb,CAAC,CACH,CAEA,SAASG,EAAa,CAAE,MAAAC,EAAO,KAAAC,EAAM,KAAAC,EAAM,QAAAJ,EAAS,QAAAK,EAAS,OAAAC,EAAQ,KAAAC,CAAK,EAAG,CAC3E,IAAMC,EAAW,OAAO,QAAQL,CAAI,EACjC,IAAI,CAAC,CAACM,EAAMC,CAAO,IAAM,eAAexC,EAAWuC,CAAI,CAAC,cAAcvC,EAAWwC,CAAO,CAAC,IAAI,EAC7F,KAAK;AAAA,KAAQ,EAEVC,EAAYL,EACf,IAAIM,GAAQ,gCAAgC1C,EAAW0C,CAAI,CAAC,IAAI,EAChE,KAAK;AAAA,KAAQ,EAEVC,EAAeb,EAAQ,OAAS,EAAI;AAAA;AAAA;AAAA;AAAA,gBAI3B,GAETc,EAAaT,EAChB,IAAIU,GAAO,8BAA8B7C,EAAW6C,CAAG,CAAC,cAAa,EACrE,KAAK;AAAA,KAAQ,EAEVC,EAAeT,IAAS,SAAW;AAAA,6DACmB,GAE5D,MAAO;AAAA;AAAA;AAAA;AAAA;AAAA,MAKHC,CAAQ;AAAA,aACDtC,EAAWgC,CAAK,CAAC;AAAA,MACxBS,CAAS;AAAA;AAAA;AAAA,oBAGKP,CAAI;AAAA,MAClBS,CAAY;AAAA,MACZC,CAAU;AAAA,MACVE,CAAY;AAAA;AAAA,QAGlB,CAKO,SAASC,GAAOC,EAAW,CAChC,OAAAA,EAAU,QAAU,GACbA,CACT,CAKA,IAAMxB,EAAa,SAAO,QAAY,KAQtC,SAASX,EAAkBP,EAAO,CAChC,OAAKA,EAGDA,EAAM,wBACDA,EAAM,wBAAwB,QAAU,KAI7CA,EAAM,WAAa,OAAOA,EAAM,WAAc,UAAY,WAAYA,EAAM,UACvEA,EAAM,UAAU,QAAU,MAI/BA,EAAM,WAAa,MAAQ,OAAOA,EAAM,WAAc,UACpDkB,GACF,QAAQ,KACN,yLAEF,EAEK,MApBU,IAwBrB,CAEA,SAASf,EAAYH,EAAO,CAC1B,IAAI2C,EAAM,GACV,OAAW,CAACC,EAAKC,CAAG,IAAK,OAAO,QAAQ7C,CAAK,EAC3C,GAAI,EAAA4C,IAAQ,OAASA,IAAQ,OAASA,IAAQ,YAAcA,IAAQ,2BAA6BA,IAAQ,cACrG,EAAAA,EAAI,WAAW,IAAI,GAAKA,EAAI,OAAS,IACrC,EAAAC,IAAQ,IAASA,GAAO,MAE5B,GAAID,IAAQ,aAAeA,IAAQ,QACjCD,GAAO,WAAWjD,EAAW,OAAOmD,CAAG,CAAC,CAAC,YAChCD,IAAQ,SAAW,OAAOC,GAAQ,SAAU,CACrD,IAAMC,EAAM,OAAO,QAAQD,CAAG,EAC3B,IAAI,CAAC,CAACE,EAAGC,CAAC,IAAM,GAAGC,EAAaF,CAAC,CAAC,IAAIC,CAAC,EAAE,EACzC,KAAK,GAAG,EACXL,GAAO,WAAWjD,EAAWoD,CAAG,CAAC,GACnC,MAAWD,IAAQ,GAEbD,EAAI,WAAW,OAAO,GAAKA,IAAQ,OACrCD,GAAO,IAAIC,CAAG,UAEdD,GAAO,IAAIC,CAAG,GAGhBD,GAAO,IAAIC,CAAG,KAAKlD,EAAW,OAAOmD,CAAG,CAAC,CAAC,IAI9C,OAAOF,CACT,CAEA,SAASjD,EAAWwD,EAAK,CACvB,OAAOA,EACJ,QAAQ,KAAM,OAAO,EACrB,QAAQ,KAAM,MAAM,EACpB,QAAQ,KAAM,MAAM,EACpB,QAAQ,KAAM,QAAQ,EACtB,QAAQ,KAAM,OAAO,CAC1B,CAEA,SAASD,EAAaC,EAAK,CACzB,OAAIA,EAAI,WAAW,IAAI,EAAUA,EAC1BA,EAAI,QAAQ,WAAY,KAAK,EAAE,YAAY,CACpD,CAEA,IAAM7C,EAAgB,IAAI,IAAI,CAC5B,OAAQ,OAAQ,KAAM,MAAO,QAAS,KAAM,MAAO,QACnD,OAAQ,OAAQ,QAAS,SAAU,QAAS,KAC9C,CAAC",
|
|
6
|
-
"names": ["signal", "batch", "actionRegistry", "getCsrfToken", "meta", "match", "generateCsrfToken", "arr", "b", "validateCsrfToken", "requestToken", "sessionToken", "result", "i", "csrfMetaTag", "token", "generateActionId", "action", "fn", "options", "id", "onError", "onSuccess", "revalidate", "callAction", "args", "timeout", "controller", "timeoutId", "csrfToken", "headers", "response", "error", "path", "invalidatePath", "timeoutError", "formAction", "actionFn", "resetOnSuccess", "formDataOrEvent", "formData", "form", "data", "hasFiles", "key", "value", "useAction", "isPending", "trigger", "e", "useFormAction", "formRef", "actionState", "handleSubmit", "useOptimistic", "initialValue", "reducer", "pending", "baseValue", "addOptimistic", "optimisticValue", "resolve", "serverValue", "a", "current", "rollback", "realValue", "newPending", "base", "withOptimistic", "asyncFn", "v", "revalidationCallbacks", "onRevalidate", "callback", "callbacks", "cb", "handleActionRequest", "req", "actionId", "sessionCsrfToken", "skipCsrf", "requestCsrfToken", "getRegisteredActions", "useMutation", "mutationFn", "onSettled", "state", "mutate", "_hydrationIdCounter", "resetHydrationId", "nextHydrationId", "renderToHydratableString", "vnode", "_renderHydratable", "escapeHtml", "hkId", "result", "html", "injectHydrationKey", "tag", "props", "children", "attrs", "renderAttrs", "open", "VOID_ELEMENTS", "rawInner", "_resolveInnerHTML", "inner", "match", "prefix", "tagName", "insertAt", "renderToString", "renderToStream", "child", "resolved", "e", "_isDevMode", "definePage", "config", "generateStaticPage", "page", "data", "islands", "wrapDocument", "title", "meta", "body", "scripts", "styles", "mode", "metaTags", "name", "content", "styleTags", "href", "islandScript", "scriptTags", "src", "clientScript", "server", "Component", "out", "key", "val", "css", "p", "v", "camelToKebab", "str"]
|
|
4
|
+
"sourcesContent": ["// What Framework - Server\n// SSR, static site generation, server components.\n// Zero-JS pages by default. Islands opt-in to client JS.\n\nimport { h } from 'what-core';\n\n// --- Hydration ID Generator ---\nlet _hydrationIdCounter = 0;\n\nfunction resetHydrationId() {\n _hydrationIdCounter = 0;\n}\n\nfunction nextHydrationId() {\n return 'h' + (_hydrationIdCounter++);\n}\n\n// --- Render to Hydratable String ---\n// Renders with hydration markers (data-hk attributes, comment boundaries)\n// so the client can reuse the server-rendered DOM.\n\nexport function renderToHydratableString(vnode) {\n resetHydrationId();\n return _renderHydratable(vnode);\n}\n\nfunction _renderHydratable(vnode) {\n if (vnode == null || vnode === false || vnode === true) return '';\n\n // Text\n if (typeof vnode === 'string' || typeof vnode === 'number') {\n return escapeHtml(String(vnode));\n }\n\n // Signal \u2014 unwrap\n if (typeof vnode === 'function' && vnode._signal) {\n return `<!--$-->${_renderHydratable(vnode())}<!--/$-->`;\n }\n\n // Reactive function child \u2014 wrap in dynamic content markers\n if (typeof vnode === 'function') {\n try {\n return `<!--$-->${_renderHydratable(vnode())}<!--/$-->`;\n } catch (e) {\n if (typeof process !== 'undefined' && process.env?.NODE_ENV !== 'production') {\n console.warn('[what-server] Error rendering reactive function in SSR:', e.message);\n }\n return '<!--$--><!--/$-->';\n }\n }\n\n // Array \u2014 wrap in list markers\n if (Array.isArray(vnode)) {\n return `<!--[]-->${vnode.map(_renderHydratable).join('')}<!--/[]-->`;\n }\n\n // Component \u2014 add hydration key to root element\n if (typeof vnode.tag === 'function') {\n const hkId = nextHydrationId();\n const result = vnode.tag({ ...vnode.props, children: vnode.children });\n const html = _renderHydratable(result);\n // Inject data-hk into the first element tag if present\n return injectHydrationKey(html, hkId);\n }\n\n // Element\n const { tag, props, children } = vnode;\n const attrs = renderAttrs(props || {});\n const open = `<${tag}${attrs}>`;\n\n // Void elements\n if (VOID_ELEMENTS.has(tag)) return open;\n\n const rawInner = _resolveInnerHTML(props);\n const inner = rawInner != null ? String(rawInner) : children.map(_renderHydratable).join('');\n return `${open}${inner}</${tag}>`;\n}\n\n// Inject data-hk=\"id\" into the first HTML opening tag\nfunction injectHydrationKey(html, hkId) {\n // Skip comment markers to find the first real element\n const match = html.match(/^((?:<!--.*?-->)*)<([a-zA-Z][a-zA-Z0-9-]*)/);\n if (match) {\n const prefix = match[1];\n const tagName = match[2];\n const insertAt = prefix.length + 1 + tagName.length; // after '<tagName'\n return html.slice(0, insertAt) + ` data-hk=\"${hkId}\"` + html.slice(insertAt);\n }\n return html;\n}\n\n// --- Render to String ---\n// Renders a VNode tree to an HTML string. Used for SSR and static gen.\n\nexport function renderToString(vnode) {\n if (vnode == null || vnode === false || vnode === true) return '';\n\n // Text\n if (typeof vnode === 'string' || typeof vnode === 'number') {\n return escapeHtml(String(vnode));\n }\n\n // Signal \u2014 unwrap by calling it\n if (typeof vnode === 'function' && vnode._signal) {\n return renderToString(vnode());\n }\n\n // Reactive function child \u2014 call to get value\n if (typeof vnode === 'function') {\n try {\n return renderToString(vnode());\n } catch (e) {\n if (typeof process !== 'undefined' && process.env?.NODE_ENV !== 'production') {\n console.warn('[what-server] Error rendering reactive function in SSR:', e.message);\n }\n return '';\n }\n }\n\n // Array\n if (Array.isArray(vnode)) {\n return vnode.map(renderToString).join('');\n }\n\n // Component\n if (typeof vnode.tag === 'function') {\n const result = vnode.tag({ ...vnode.props, children: vnode.children });\n return renderToString(result);\n }\n\n // Element\n const { tag, props, children } = vnode;\n const attrs = renderAttrs(props || {});\n const open = `<${tag}${attrs}>`;\n\n // Void elements\n if (VOID_ELEMENTS.has(tag)) return open;\n\n const rawInner = _resolveInnerHTML(props);\n const inner = rawInner != null ? String(rawInner) : children.map(renderToString).join('');\n return `${open}${inner}</${tag}>`;\n}\n\n// --- Stream Render ---\n// Returns an async iterator for streaming SSR.\n\nexport async function* renderToStream(vnode) {\n if (vnode == null || vnode === false || vnode === true) return;\n\n if (typeof vnode === 'string' || typeof vnode === 'number') {\n yield escapeHtml(String(vnode));\n return;\n }\n\n // Signal \u2014 unwrap by calling it\n if (typeof vnode === 'function' && vnode._signal) {\n yield* renderToStream(vnode());\n return;\n }\n\n // Reactive function child \u2014 call to get value\n if (typeof vnode === 'function') {\n try {\n yield* renderToStream(vnode());\n } catch (e) {\n if (typeof process !== 'undefined' && process.env?.NODE_ENV !== 'production') {\n console.warn('[what-server] Error rendering reactive function in stream SSR:', e.message);\n }\n }\n return;\n }\n\n if (Array.isArray(vnode)) {\n for (const child of vnode) {\n yield* renderToStream(child);\n }\n return;\n }\n\n if (typeof vnode.tag === 'function') {\n try {\n const result = vnode.tag({ ...vnode.props, children: vnode.children });\n // Support async components\n const resolved = result instanceof Promise ? await result : result;\n yield* renderToStream(resolved);\n } catch (e) {\n if (typeof process !== 'undefined' && process.env?.NODE_ENV !== 'production') {\n console.warn('[what-server] Error rendering component in stream SSR:', e.message);\n }\n yield _isDevMode\n ? `<!-- SSR Error: ${escapeHtml(e.message || 'Component error')} -->`\n : `<!-- SSR Error -->`;\n }\n return;\n }\n\n const { tag, props, children } = vnode;\n const attrs = renderAttrs(props || {});\n yield `<${tag}${attrs}>`;\n\n if (!VOID_ELEMENTS.has(tag)) {\n const rawInner = _resolveInnerHTML(props);\n if (rawInner != null) {\n yield String(rawInner);\n } else {\n for (const child of children) {\n yield* renderToStream(child);\n }\n }\n yield `</${tag}>`;\n }\n}\n\n// --- Static Site Generation ---\n\nexport function definePage(config) {\n return {\n // 'static' = pre-render at build time (default)\n // 'server' = render on each request\n // 'client' = render in browser (SPA)\n // 'hybrid' = static shell + islands\n mode: 'static',\n ...config,\n };\n}\n\n// Generate static HTML for a page\nexport function generateStaticPage(page, data = {}) {\n const vnode = page.component(data);\n const html = renderToString(vnode);\n const islands = page.islands || [];\n\n return wrapDocument({\n title: page.title || '',\n meta: page.meta || {},\n body: html,\n islands,\n scripts: page.mode === 'static' ? [] : page.scripts || [],\n styles: page.styles || [],\n mode: page.mode,\n });\n}\n\nfunction wrapDocument({ title, meta, body, islands, scripts, styles, mode }) {\n const metaTags = Object.entries(meta)\n .map(([name, content]) => `<meta name=\"${escapeHtml(name)}\" content=\"${escapeHtml(content)}\">`)\n .join('\\n ');\n\n const styleTags = styles\n .map(href => `<link rel=\"stylesheet\" href=\"${escapeHtml(href)}\">`)\n .join('\\n ');\n\n const islandScript = islands.length > 0 ? `\n <script type=\"module\">\n import { hydrateIslands } from '/@what/islands.js';\n hydrateIslands();\n </script>` : '';\n\n const scriptTags = scripts\n .map(src => `<script type=\"module\" src=\"${escapeHtml(src)}\"></script>`)\n .join('\\n ');\n\n const clientScript = mode === 'client' ? `\n <script type=\"module\" src=\"/@what/client.js\"></script>` : '';\n\n return `<!DOCTYPE html>\n<html lang=\"en\">\n <head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n ${metaTags}\n <title>${escapeHtml(title)}</title>\n ${styleTags}\n </head>\n <body>\n <div id=\"app\">${body}</div>\n ${islandScript}\n ${scriptTags}\n ${clientScript}\n </body>\n</html>`;\n}\n\n// --- Server Component ---\n// Renders on the server, sends HTML to client. No JS shipped.\n\nexport function server(Component) {\n Component._server = true;\n return Component;\n}\n\n// --- Helpers ---\n\n// Dev-mode flag for server\nconst _isDevMode = typeof process !== 'undefined'\n ? process.env?.NODE_ENV !== 'production'\n : true;\n\n/**\n * Resolve innerHTML / dangerouslySetInnerHTML from props.\n * Requires { __html: ... } wrapper. Plain string innerHTML is rejected (XSS prevention).\n */\nfunction _resolveInnerHTML(props) {\n if (!props) return null;\n\n // dangerouslySetInnerHTML always requires { __html }\n if (props.dangerouslySetInnerHTML) {\n return props.dangerouslySetInnerHTML.__html ?? null;\n }\n\n // innerHTML with { __html } wrapper \u2014 allowed\n if (props.innerHTML && typeof props.innerHTML === 'object' && '__html' in props.innerHTML) {\n return props.innerHTML.__html ?? null;\n }\n\n // innerHTML as plain string \u2014 reject with warning\n if (props.innerHTML != null && typeof props.innerHTML === 'string') {\n if (_isDevMode) {\n console.warn(\n '[what-server] innerHTML received a raw string. This is a security risk (XSS). ' +\n 'Use innerHTML={{ __html: trustedString }} or dangerouslySetInnerHTML={{ __html: trustedString }} instead.'\n );\n }\n return null;\n }\n\n return null;\n}\n\nfunction renderAttrs(props) {\n let out = '';\n for (const [key, val] of Object.entries(props)) {\n if (key === 'key' || key === 'ref' || key === 'children' || key === 'dangerouslySetInnerHTML' || key === 'innerHTML') continue;\n if (key.startsWith('on') && key.length > 2) continue; // Skip event handlers in SSR\n if (val === false || val == null) continue;\n\n if (key === 'className' || key === 'class') {\n out += ` class=\"${escapeHtml(String(val))}\"`;\n } else if (key === 'style' && typeof val === 'object') {\n const css = Object.entries(val)\n .map(([p, v]) => `${camelToKebab(p)}:${v}`)\n .join(';');\n out += ` style=\"${escapeHtml(css)}\"`;\n } else if (val === true) {\n // ARIA attributes require explicit =\"true\", HTML boolean attrs can be bare\n if (key.startsWith('aria-') || key === 'role') {\n out += ` ${key}=\"true\"`;\n } else {\n out += ` ${key}`;\n }\n } else {\n out += ` ${key}=\"${escapeHtml(String(val))}\"`;\n }\n }\n\n return out;\n}\n\nfunction escapeHtml(str) {\n return str\n .replace(/&/g, '&')\n .replace(/</g, '<')\n .replace(/>/g, '>')\n .replace(/\"/g, '"')\n .replace(/'/g, ''');\n}\n\nfunction camelToKebab(str) {\n if (str.startsWith('--')) return str; // CSS custom properties (variables) \u2014 leave unchanged\n return str.replace(/([A-Z])/g, '-$1').toLowerCase();\n}\n\nconst VOID_ELEMENTS = new Set([\n 'area', 'base', 'br', 'col', 'embed', 'hr', 'img', 'input',\n 'link', 'meta', 'param', 'source', 'track', 'wbr',\n]);\n\n// Re-export server actions\nexport {\n action,\n formAction,\n useAction,\n useFormAction,\n useOptimistic,\n useMutation,\n onRevalidate,\n invalidatePath,\n handleActionRequest,\n getRegisteredActions,\n generateCsrfToken,\n validateCsrfToken,\n csrfMetaTag,\n} from './actions.js';\n", "// What Framework - Server Actions\n// Call server-side functions from client code seamlessly.\n// Similar to Next.js Server Actions / SolidStart server functions.\n//\n// Usage:\n// // Define on server\n// const saveUser = action(async (formData) => {\n// 'use server';\n// const user = await db.users.create(formData);\n// return { success: true, id: user.id };\n// });\n//\n// // Call from client\n// const result = await saveUser({ name: 'John' });\n\nimport { signal, batch } from 'what-core';\n\n// Registry of server actions\nconst actionRegistry = new Map();\n\n// --- CSRF Protection ---\n// Server generates a token per session; client sends it with every action request.\n// The token is injected into the page via a meta tag or embedded in the server response.\n\n// Client: read the CSRF token from the page meta tag or cookie\n// Re-reads on every call to handle token rotation\nfunction getCsrfToken() {\n if (typeof document !== 'undefined') {\n // Try meta tag first\n const meta = document.querySelector('meta[name=\"what-csrf-token\"]');\n if (meta) {\n return meta.getAttribute('content');\n }\n // Try cookie\n const match = document.cookie.match(/(?:^|;\\s*)what-csrf=([^;]+)/);\n if (match) {\n return decodeURIComponent(match[1]);\n }\n }\n return null;\n}\n\n// Server: generate a CSRF token (call this per session/request)\nexport function generateCsrfToken() {\n if (typeof crypto !== 'undefined' && crypto.randomUUID) {\n return crypto.randomUUID();\n }\n // Fallback for environments without crypto.randomUUID \u2014 use crypto.getRandomValues\n if (typeof crypto !== 'undefined' && crypto.getRandomValues) {\n const arr = new Uint8Array(16);\n crypto.getRandomValues(arr);\n return Array.from(arr, b => b.toString(16).padStart(2, '0')).join('');\n }\n // Last resort \u2014 should not be reached in modern environments\n throw new Error('[what] No secure random source available for CSRF token generation');\n}\n\n// Server: validate CSRF token from request header against session token\nexport function validateCsrfToken(requestToken, sessionToken) {\n if (!requestToken || !sessionToken) return false;\n // Constant-time comparison to prevent timing attacks\n if (requestToken.length !== sessionToken.length) return false;\n let result = 0;\n for (let i = 0; i < requestToken.length; i++) {\n result |= requestToken.charCodeAt(i) ^ sessionToken.charCodeAt(i);\n }\n return result === 0;\n}\n\n// Server: middleware helper to inject CSRF meta tag into HTML\nexport function csrfMetaTag(token) {\n // HTML-escape the token to prevent XSS if a non-standard value is used\n const escaped = String(token).replace(/&/g, '&').replace(/\"/g, '"').replace(/</g, '<').replace(/>/g, '>');\n return `<meta name=\"what-csrf-token\" content=\"${escaped}\">`;\n}\n\n// --- Define a server action ---\n\nlet _actionCounter = 0;\n\nfunction generateActionId() {\n // Generate a deterministic ID \u2014 prefer crypto.getRandomValues, fall back to a\n // monotonic counter (never Math.random, which is not cryptographically safe and\n // produces predictable IDs in some runtimes).\n const rand = typeof crypto !== 'undefined' && crypto.getRandomValues\n ? Array.from(crypto.getRandomValues(new Uint8Array(6)), b => b.toString(16).padStart(2, '0')).join('')\n : `c${(++_actionCounter).toString(36)}_${Date.now().toString(36)}`;\n return `a_${rand}`;\n}\n\nexport function action(fn, options = {}) {\n const id = options.id || generateActionId();\n const { onError, onSuccess, revalidate } = options;\n\n // Server-side: register the action\n if (typeof window === 'undefined') {\n actionRegistry.set(id, { fn, options });\n }\n\n // Create the callable wrapper\n async function callAction(...args) {\n // Server-side: call directly\n if (typeof window === 'undefined') {\n return fn(...args);\n }\n\n // Client-side: call via fetch with timeout support\n const timeout = options.timeout || 30000; // Default 30s timeout\n const controller = new AbortController();\n const timeoutId = setTimeout(() => controller.abort(), timeout);\n\n try {\n const csrfToken = getCsrfToken();\n const headers = {\n 'Content-Type': 'application/json',\n 'X-What-Action': id,\n };\n if (csrfToken) headers['X-CSRF-Token'] = csrfToken;\n\n const response = await fetch('/__what_action', {\n method: 'POST',\n headers,\n credentials: 'same-origin',\n signal: controller.signal,\n body: JSON.stringify({ args }),\n });\n\n if (!response.ok) {\n const error = await response.json().catch(() => ({ message: 'Action failed' }));\n throw new Error(error.message || 'Action failed');\n }\n\n const result = await response.json();\n\n if (onSuccess) onSuccess(result);\n if (revalidate) {\n // Trigger revalidation of specified paths\n for (const path of revalidate) {\n invalidatePath(path);\n }\n }\n\n return result;\n } catch (error) {\n if (error.name === 'AbortError') {\n const timeoutError = new Error(`Action \"${id}\" timed out after ${timeout}ms`);\n timeoutError.code = 'TIMEOUT';\n if (onError) onError(timeoutError);\n throw timeoutError;\n }\n if (onError) onError(error);\n throw error;\n } finally {\n clearTimeout(timeoutId);\n }\n }\n\n callAction._actionId = id;\n callAction._isAction = true;\n\n return callAction;\n}\n\n// --- Form action helper ---\n// For forms that submit to server actions.\n\nexport function formAction(actionFn, options = {}) {\n const { onSuccess, onError, resetOnSuccess = true } = options;\n\n return async (formDataOrEvent) => {\n let formData;\n let form;\n\n if (formDataOrEvent instanceof Event) {\n formDataOrEvent.preventDefault();\n form = formDataOrEvent.target;\n formData = new FormData(form);\n } else {\n formData = formDataOrEvent;\n }\n\n // Convert FormData to plain object, preserving File instances\n const data = {};\n let hasFiles = false;\n for (const [key, value] of formData.entries()) {\n if (typeof File !== 'undefined' && value instanceof File) {\n hasFiles = true;\n }\n if (data[key]) {\n // Handle multiple values (e.g., checkboxes, multi-file inputs)\n if (Array.isArray(data[key])) {\n data[key].push(value);\n } else {\n data[key] = [data[key], value];\n }\n } else {\n data[key] = value;\n }\n }\n\n try {\n // If form contains files, pass the raw FormData as second arg\n // so the action handler can access files directly\n const result = hasFiles\n ? await actionFn(data, formData)\n : await actionFn(data);\n if (onSuccess) onSuccess(result, form);\n if (resetOnSuccess && form) form.reset();\n return result;\n } catch (error) {\n if (onError) onError(error, form);\n throw error;\n }\n };\n}\n\n// --- useAction hook ---\n// Returns action state and trigger function.\n\nexport function useAction(actionFn) {\n const isPending = signal(false);\n const error = signal(null);\n const data = signal(null);\n\n async function trigger(...args) {\n isPending.set(true);\n error.set(null);\n\n try {\n const result = await actionFn(...args);\n data.set(result);\n return result;\n } catch (e) {\n error.set(e);\n throw e;\n } finally {\n isPending.set(false);\n }\n }\n\n return {\n trigger,\n isPending: () => isPending(),\n error: () => error(),\n data: () => data(),\n reset: () => {\n error.set(null);\n data.set(null);\n },\n };\n}\n\n// --- useFormAction hook ---\n// Combines useAction with form handling.\n\nexport function useFormAction(actionFn, options = {}) {\n const { resetOnSuccess = true } = options;\n const formRef = { current: null };\n const actionState = useAction(formAction(actionFn, { resetOnSuccess }));\n\n function handleSubmit(e) {\n e.preventDefault();\n const formData = new FormData(e.target);\n formRef.current = e.target;\n return actionState.trigger(formData);\n }\n\n return {\n ...actionState,\n handleSubmit,\n formRef,\n };\n}\n\n// --- Optimistic updates ---\n\nexport function useOptimistic(initialValue, reducer) {\n const value = signal(initialValue);\n const pending = signal([]);\n const baseValue = signal(initialValue); // Track the confirmed server value\n\n function addOptimistic(action) {\n const optimisticValue = reducer(value.peek(), action);\n batch(() => {\n pending.set([...pending.peek(), action]);\n value.set(optimisticValue);\n });\n }\n\n function resolve(action, serverValue) {\n batch(() => {\n pending.set(pending.peek().filter(a => a !== action));\n if (serverValue !== undefined) {\n baseValue.set(serverValue);\n // Recompute optimistic state from new base + remaining pending actions\n let current = serverValue;\n for (const a of pending.peek()) {\n current = reducer(current, a);\n }\n value.set(current);\n }\n });\n }\n\n function rollback(action, realValue) {\n batch(() => {\n const newPending = pending.peek().filter(a => a !== action);\n pending.set(newPending);\n const base = realValue !== undefined ? realValue : baseValue.peek();\n baseValue.set(base);\n // Recompute from base + remaining pending actions\n let current = base;\n for (const a of newPending) {\n current = reducer(current, a);\n }\n value.set(current);\n });\n }\n\n // Auto-rollback helper: wraps an async action with automatic rollback on error\n async function withOptimistic(action, asyncFn) {\n addOptimistic(action);\n try {\n const result = await asyncFn();\n resolve(action, result);\n return result;\n } catch (e) {\n rollback(action);\n throw e;\n }\n }\n\n return {\n value: () => value(),\n isPending: () => pending().length > 0,\n addOptimistic,\n resolve,\n rollback,\n withOptimistic,\n set: (v) => { value.set(v); baseValue.set(v); },\n };\n}\n\n// --- Path revalidation ---\n\nconst revalidationCallbacks = new Map();\n\nexport function onRevalidate(path, callback) {\n if (!revalidationCallbacks.has(path)) {\n revalidationCallbacks.set(path, new Set());\n }\n revalidationCallbacks.get(path).add(callback);\n\n return () => {\n revalidationCallbacks.get(path)?.delete(callback);\n };\n}\n\nexport function invalidatePath(path) {\n const callbacks = revalidationCallbacks.get(path);\n if (callbacks) {\n for (const cb of callbacks) {\n try { cb(); } catch (e) { console.error('[what] Revalidation error:', e); }\n }\n }\n}\n\n// --- Server-side action handler ---\n// Add this to your server middleware.\n\nexport function handleActionRequest(req, actionId, args, options = {}) {\n const { csrfToken: sessionCsrfToken, skipCsrf = false } = options;\n\n // Validate CSRF token unless explicitly skipped\n if (!skipCsrf) {\n if (!sessionCsrfToken) {\n // Fail closed: no CSRF token configured means the developer forgot to set it up.\n // This prevents silent security vulnerabilities in production.\n return Promise.resolve({\n status: 500,\n body: {\n message: '[what] CSRF token not configured. ' +\n 'Pass { csrfToken: sessionToken } to handleActionRequest, ' +\n 'or { skipCsrf: true } to explicitly opt out.'\n }\n });\n }\n const requestCsrfToken = req?.headers?.['x-csrf-token'] || req?.headers?.['X-CSRF-Token'];\n if (!validateCsrfToken(requestCsrfToken, sessionCsrfToken)) {\n return Promise.resolve({ status: 403, body: { message: 'Invalid CSRF token' } });\n }\n }\n\n const action = actionRegistry.get(actionId);\n if (!action) {\n return Promise.resolve({ status: 404, body: { message: 'Action not found' } });\n }\n\n // Validate args is an array to prevent prototype pollution\n if (!Array.isArray(args)) {\n return Promise.resolve({ status: 400, body: { message: 'Invalid action arguments' } });\n }\n\n return action.fn(...args)\n .then(result => ({ status: 200, body: result }))\n .catch(error => {\n // Log the full error server-side, return generic message to client\n console.error(`[what] Action \"${actionId}\" error:`, error);\n return {\n status: 500,\n body: { message: 'Action failed' },\n };\n });\n}\n\n// --- Get all registered actions (for SSR/build) ---\n\nexport function getRegisteredActions() {\n return [...actionRegistry.keys()];\n}\n\n// --- Mutation helper ---\n// Like useSWR mutation but simpler.\n\nexport function useMutation(mutationFn, options = {}) {\n const { onSuccess, onError, onSettled } = options;\n\n const state = {\n isPending: signal(false),\n error: signal(null),\n data: signal(null),\n };\n\n async function mutate(...args) {\n state.isPending.set(true);\n state.error.set(null);\n\n try {\n const result = await mutationFn(...args);\n state.data.set(result);\n if (onSuccess) onSuccess(result, ...args);\n return result;\n } catch (error) {\n state.error.set(error);\n if (onError) onError(error, ...args);\n throw error;\n } finally {\n state.isPending.set(false);\n if (onSettled) onSettled(state.data.peek(), state.error.peek(), ...args);\n }\n }\n\n return {\n mutate,\n isPending: () => state.isPending(),\n error: () => state.error(),\n data: () => state.data(),\n reset: () => {\n state.error.set(null);\n state.data.set(null);\n },\n };\n}\n"],
|
|
5
|
+
"mappings": "AAIA,MAAkB,YCWlB,OAAS,UAAAA,EAAQ,SAAAC,MAAa,YAG9B,IAAMC,EAAiB,IAAI,IAQ3B,SAASC,GAAe,CACtB,GAAI,OAAO,SAAa,IAAa,CAEnC,IAAMC,EAAO,SAAS,cAAc,8BAA8B,EAClE,GAAIA,EACF,OAAOA,EAAK,aAAa,SAAS,EAGpC,IAAMC,EAAQ,SAAS,OAAO,MAAM,6BAA6B,EACjE,GAAIA,EACF,OAAO,mBAAmBA,EAAM,CAAC,CAAC,CAEtC,CACA,OAAO,IACT,CAGO,SAASC,GAAoB,CAClC,GAAI,OAAO,OAAW,KAAe,OAAO,WAC1C,OAAO,OAAO,WAAW,EAG3B,GAAI,OAAO,OAAW,KAAe,OAAO,gBAAiB,CAC3D,IAAMC,EAAM,IAAI,WAAW,EAAE,EAC7B,cAAO,gBAAgBA,CAAG,EACnB,MAAM,KAAKA,EAAKC,GAAKA,EAAE,SAAS,EAAE,EAAE,SAAS,EAAG,GAAG,CAAC,EAAE,KAAK,EAAE,CACtE,CAEA,MAAM,IAAI,MAAM,oEAAoE,CACtF,CAGO,SAASC,EAAkBC,EAAcC,EAAc,CAG5D,GAFI,CAACD,GAAgB,CAACC,GAElBD,EAAa,SAAWC,EAAa,OAAQ,MAAO,GACxD,IAAIC,EAAS,EACb,QAASC,EAAI,EAAGA,EAAIH,EAAa,OAAQG,IACvCD,GAAUF,EAAa,WAAWG,CAAC,EAAIF,EAAa,WAAWE,CAAC,EAElE,OAAOD,IAAW,CACpB,CAGO,SAASE,EAAYC,EAAO,CAGjC,MAAO,yCADS,OAAOA,CAAK,EAAE,QAAQ,KAAM,OAAO,EAAE,QAAQ,KAAM,QAAQ,EAAE,QAAQ,KAAM,MAAM,EAAE,QAAQ,KAAM,MAAM,CAChE,IACzD,CAIA,IAAIC,EAAiB,EAErB,SAASC,GAAmB,CAO1B,MAAO,KAHM,OAAO,OAAW,KAAe,OAAO,gBACjD,MAAM,KAAK,OAAO,gBAAgB,IAAI,WAAW,CAAC,CAAC,EAAGT,GAAKA,EAAE,SAAS,EAAE,EAAE,SAAS,EAAG,GAAG,CAAC,EAAE,KAAK,EAAE,EACnG,KAAK,EAAEQ,GAAgB,SAAS,EAAE,CAAC,IAAI,KAAK,IAAI,EAAE,SAAS,EAAE,CAAC,EAClD,EAClB,CAEO,SAASE,EAAOC,EAAIC,EAAU,CAAC,EAAG,CACvC,IAAMC,EAAKD,EAAQ,IAAMH,EAAiB,EACpC,CAAE,QAAAK,EAAS,UAAAC,EAAW,WAAAC,CAAW,EAAIJ,EAGvC,OAAO,OAAW,KACpBlB,EAAe,IAAImB,EAAI,CAAE,GAAAF,EAAI,QAAAC,CAAQ,CAAC,EAIxC,eAAeK,KAAcC,EAAM,CAEjC,GAAI,OAAO,OAAW,IACpB,OAAOP,EAAG,GAAGO,CAAI,EAInB,IAAMC,EAAUP,EAAQ,SAAW,IAC7BQ,EAAa,IAAI,gBACjBC,EAAY,WAAW,IAAMD,EAAW,MAAM,EAAGD,CAAO,EAE9D,GAAI,CACF,IAAMG,EAAY3B,EAAa,EACzB4B,EAAU,CACd,eAAgB,mBAChB,gBAAiBV,CACnB,EACIS,IAAWC,EAAQ,cAAc,EAAID,GAEzC,IAAME,EAAW,MAAM,MAAM,iBAAkB,CAC7C,OAAQ,OACR,QAAAD,EACA,YAAa,cACb,OAAQH,EAAW,OACnB,KAAM,KAAK,UAAU,CAAE,KAAAF,CAAK,CAAC,CAC/B,CAAC,EAED,GAAI,CAACM,EAAS,GAAI,CAChB,IAAMC,EAAQ,MAAMD,EAAS,KAAK,EAAE,MAAM,KAAO,CAAE,QAAS,eAAgB,EAAE,EAC9E,MAAM,IAAI,MAAMC,EAAM,SAAW,eAAe,CAClD,CAEA,IAAMrB,EAAS,MAAMoB,EAAS,KAAK,EAGnC,GADIT,GAAWA,EAAUX,CAAM,EAC3BY,EAEF,QAAWU,KAAQV,EACjBW,EAAeD,CAAI,EAIvB,OAAOtB,CACT,OAASqB,EAAO,CACd,GAAIA,EAAM,OAAS,aAAc,CAC/B,IAAMG,EAAe,IAAI,MAAM,WAAWf,CAAE,qBAAqBM,CAAO,IAAI,EAC5E,MAAAS,EAAa,KAAO,UAChBd,GAASA,EAAQc,CAAY,EAC3BA,CACR,CACA,MAAId,GAASA,EAAQW,CAAK,EACpBA,CACR,QAAE,CACA,aAAaJ,CAAS,CACxB,CACF,CAEA,OAAAJ,EAAW,UAAYJ,EACvBI,EAAW,UAAY,GAEhBA,CACT,CAKO,SAASY,EAAWC,EAAUlB,EAAU,CAAC,EAAG,CACjD,GAAM,CAAE,UAAAG,EAAW,QAAAD,EAAS,eAAAiB,EAAiB,EAAK,EAAInB,EAEtD,MAAO,OAAOoB,GAAoB,CAChC,IAAIC,EACAC,EAEAF,aAA2B,OAC7BA,EAAgB,eAAe,EAC/BE,EAAOF,EAAgB,OACvBC,EAAW,IAAI,SAASC,CAAI,GAE5BD,EAAWD,EAIb,IAAMG,EAAO,CAAC,EACVC,EAAW,GACf,OAAW,CAACC,EAAKC,CAAK,IAAKL,EAAS,QAAQ,EACtC,OAAO,KAAS,KAAeK,aAAiB,OAClDF,EAAW,IAETD,EAAKE,CAAG,EAEN,MAAM,QAAQF,EAAKE,CAAG,CAAC,EACzBF,EAAKE,CAAG,EAAE,KAAKC,CAAK,EAEpBH,EAAKE,CAAG,EAAI,CAACF,EAAKE,CAAG,EAAGC,CAAK,EAG/BH,EAAKE,CAAG,EAAIC,EAIhB,GAAI,CAGF,IAAMlC,EAASgC,EACX,MAAMN,EAASK,EAAMF,CAAQ,EAC7B,MAAMH,EAASK,CAAI,EACvB,OAAIpB,GAAWA,EAAUX,EAAQ8B,CAAI,EACjCH,GAAkBG,GAAMA,EAAK,MAAM,EAChC9B,CACT,OAASqB,EAAO,CACd,MAAIX,GAASA,EAAQW,EAAOS,CAAI,EAC1BT,CACR,CACF,CACF,CAKO,SAASc,EAAUT,EAAU,CAClC,IAAMU,EAAYhD,EAAO,EAAK,EACxBiC,EAAQjC,EAAO,IAAI,EACnB2C,EAAO3C,EAAO,IAAI,EAExB,eAAeiD,KAAWvB,EAAM,CAC9BsB,EAAU,IAAI,EAAI,EAClBf,EAAM,IAAI,IAAI,EAEd,GAAI,CACF,IAAMrB,EAAS,MAAM0B,EAAS,GAAGZ,CAAI,EACrC,OAAAiB,EAAK,IAAI/B,CAAM,EACRA,CACT,OAASsC,EAAG,CACV,MAAAjB,EAAM,IAAIiB,CAAC,EACLA,CACR,QAAE,CACAF,EAAU,IAAI,EAAK,CACrB,CACF,CAEA,MAAO,CACL,QAAAC,EACA,UAAW,IAAMD,EAAU,EAC3B,MAAO,IAAMf,EAAM,EACnB,KAAM,IAAMU,EAAK,EACjB,MAAO,IAAM,CACXV,EAAM,IAAI,IAAI,EACdU,EAAK,IAAI,IAAI,CACf,CACF,CACF,CAKO,SAASQ,EAAcb,EAAUlB,EAAU,CAAC,EAAG,CACpD,GAAM,CAAE,eAAAmB,EAAiB,EAAK,EAAInB,EAC5BgC,EAAU,CAAE,QAAS,IAAK,EAC1BC,EAAcN,EAAUV,EAAWC,EAAU,CAAE,eAAAC,CAAe,CAAC,CAAC,EAEtE,SAASe,EAAaJ,EAAG,CACvBA,EAAE,eAAe,EACjB,IAAMT,EAAW,IAAI,SAASS,EAAE,MAAM,EACtC,OAAAE,EAAQ,QAAUF,EAAE,OACbG,EAAY,QAAQZ,CAAQ,CACrC,CAEA,MAAO,CACL,GAAGY,EACH,aAAAC,EACA,QAAAF,CACF,CACF,CAIO,SAASG,EAAcC,EAAcC,EAAS,CACnD,IAAMX,EAAQ9C,EAAOwD,CAAY,EAC3BE,EAAU1D,EAAO,CAAC,CAAC,EACnB2D,EAAY3D,EAAOwD,CAAY,EAErC,SAASI,EAAc1C,EAAQ,CAC7B,IAAM2C,EAAkBJ,EAAQX,EAAM,KAAK,EAAG5B,CAAM,EACpDjB,EAAM,IAAM,CACVyD,EAAQ,IAAI,CAAC,GAAGA,EAAQ,KAAK,EAAGxC,CAAM,CAAC,EACvC4B,EAAM,IAAIe,CAAe,CAC3B,CAAC,CACH,CAEA,SAASC,EAAQ5C,EAAQ6C,EAAa,CACpC9D,EAAM,IAAM,CAEV,GADAyD,EAAQ,IAAIA,EAAQ,KAAK,EAAE,OAAOM,GAAKA,IAAM9C,CAAM,CAAC,EAChD6C,IAAgB,OAAW,CAC7BJ,EAAU,IAAII,CAAW,EAEzB,IAAIE,EAAUF,EACd,QAAWC,KAAKN,EAAQ,KAAK,EAC3BO,EAAUR,EAAQQ,EAASD,CAAC,EAE9BlB,EAAM,IAAImB,CAAO,CACnB,CACF,CAAC,CACH,CAEA,SAASC,EAAShD,EAAQiD,EAAW,CACnClE,EAAM,IAAM,CACV,IAAMmE,EAAaV,EAAQ,KAAK,EAAE,OAAOM,GAAKA,IAAM9C,CAAM,EAC1DwC,EAAQ,IAAIU,CAAU,EACtB,IAAMC,EAAOF,IAAc,OAAYA,EAAYR,EAAU,KAAK,EAClEA,EAAU,IAAIU,CAAI,EAElB,IAAIJ,EAAUI,EACd,QAAWL,KAAKI,EACdH,EAAUR,EAAQQ,EAASD,CAAC,EAE9BlB,EAAM,IAAImB,CAAO,CACnB,CAAC,CACH,CAGA,eAAeK,EAAepD,EAAQqD,EAAS,CAC7CX,EAAc1C,CAAM,EACpB,GAAI,CACF,IAAMN,EAAS,MAAM2D,EAAQ,EAC7B,OAAAT,EAAQ5C,EAAQN,CAAM,EACfA,CACT,OAASsC,EAAG,CACV,MAAAgB,EAAShD,CAAM,EACTgC,CACR,CACF,CAEA,MAAO,CACL,MAAO,IAAMJ,EAAM,EACnB,UAAW,IAAMY,EAAQ,EAAE,OAAS,EACpC,cAAAE,EACA,QAAAE,EACA,SAAAI,EACA,eAAAI,EACA,IAAME,GAAM,CAAE1B,EAAM,IAAI0B,CAAC,EAAGb,EAAU,IAAIa,CAAC,CAAG,CAChD,CACF,CAIA,IAAMC,EAAwB,IAAI,IAE3B,SAASC,EAAaxC,EAAMyC,EAAU,CAC3C,OAAKF,EAAsB,IAAIvC,CAAI,GACjCuC,EAAsB,IAAIvC,EAAM,IAAI,GAAK,EAE3CuC,EAAsB,IAAIvC,CAAI,EAAE,IAAIyC,CAAQ,EAErC,IAAM,CACXF,EAAsB,IAAIvC,CAAI,GAAG,OAAOyC,CAAQ,CAClD,CACF,CAEO,SAASxC,EAAeD,EAAM,CACnC,IAAM0C,EAAYH,EAAsB,IAAIvC,CAAI,EAChD,GAAI0C,EACF,QAAWC,KAAMD,EACf,GAAI,CAAEC,EAAG,CAAG,OAAS3B,EAAG,CAAE,QAAQ,MAAM,6BAA8BA,CAAC,CAAG,CAGhF,CAKO,SAAS4B,EAAoBC,EAAKC,EAAUtD,EAAMN,EAAU,CAAC,EAAG,CACrE,GAAM,CAAE,UAAW6D,EAAkB,SAAAC,EAAW,EAAM,EAAI9D,EAG1D,GAAI,CAAC8D,EAAU,CACb,GAAI,CAACD,EAGH,OAAO,QAAQ,QAAQ,CACrB,OAAQ,IACR,KAAM,CACJ,QAAS,yIAGX,CACF,CAAC,EAEH,IAAME,EAAmBJ,GAAK,UAAU,cAAc,GAAKA,GAAK,UAAU,cAAc,EACxF,GAAI,CAACtE,EAAkB0E,EAAkBF,CAAgB,EACvD,OAAO,QAAQ,QAAQ,CAAE,OAAQ,IAAK,KAAM,CAAE,QAAS,oBAAqB,CAAE,CAAC,CAEnF,CAEA,IAAM/D,EAAShB,EAAe,IAAI8E,CAAQ,EAC1C,OAAK9D,EAKA,MAAM,QAAQQ,CAAI,EAIhBR,EAAO,GAAG,GAAGQ,CAAI,EACrB,KAAKd,IAAW,CAAE,OAAQ,IAAK,KAAMA,CAAO,EAAE,EAC9C,MAAMqB,IAEL,QAAQ,MAAM,kBAAkB+C,CAAQ,WAAY/C,CAAK,EAClD,CACL,OAAQ,IACR,KAAM,CAAE,QAAS,eAAgB,CACnC,EACD,EAZM,QAAQ,QAAQ,CAAE,OAAQ,IAAK,KAAM,CAAE,QAAS,0BAA2B,CAAE,CAAC,EAL9E,QAAQ,QAAQ,CAAE,OAAQ,IAAK,KAAM,CAAE,QAAS,kBAAmB,CAAE,CAAC,CAkBjF,CAIO,SAASmD,GAAuB,CACrC,MAAO,CAAC,GAAGlF,EAAe,KAAK,CAAC,CAClC,CAKO,SAASmF,EAAYC,EAAYlE,EAAU,CAAC,EAAG,CACpD,GAAM,CAAE,UAAAG,EAAW,QAAAD,EAAS,UAAAiE,CAAU,EAAInE,EAEpCoE,EAAQ,CACZ,UAAWxF,EAAO,EAAK,EACvB,MAAOA,EAAO,IAAI,EAClB,KAAMA,EAAO,IAAI,CACnB,EAEA,eAAeyF,KAAU/D,EAAM,CAC7B8D,EAAM,UAAU,IAAI,EAAI,EACxBA,EAAM,MAAM,IAAI,IAAI,EAEpB,GAAI,CACF,IAAM5E,EAAS,MAAM0E,EAAW,GAAG5D,CAAI,EACvC,OAAA8D,EAAM,KAAK,IAAI5E,CAAM,EACjBW,GAAWA,EAAUX,EAAQ,GAAGc,CAAI,EACjCd,CACT,OAASqB,EAAO,CACd,MAAAuD,EAAM,MAAM,IAAIvD,CAAK,EACjBX,GAASA,EAAQW,EAAO,GAAGP,CAAI,EAC7BO,CACR,QAAE,CACAuD,EAAM,UAAU,IAAI,EAAK,EACrBD,GAAWA,EAAUC,EAAM,KAAK,KAAK,EAAGA,EAAM,MAAM,KAAK,EAAG,GAAG9D,CAAI,CACzE,CACF,CAEA,MAAO,CACL,OAAA+D,EACA,UAAW,IAAMD,EAAM,UAAU,EACjC,MAAO,IAAMA,EAAM,MAAM,EACzB,KAAM,IAAMA,EAAM,KAAK,EACvB,MAAO,IAAM,CACXA,EAAM,MAAM,IAAI,IAAI,EACpBA,EAAM,KAAK,IAAI,IAAI,CACrB,CACF,CACF,CDvcA,IAAIE,EAAsB,EAE1B,SAASC,GAAmB,CAC1BD,EAAsB,CACxB,CAEA,SAASE,GAAkB,CACzB,MAAO,IAAOF,GAChB,CAMO,SAASG,GAAyBC,EAAO,CAC9C,OAAAH,EAAiB,EACVI,EAAkBD,CAAK,CAChC,CAEA,SAASC,EAAkBD,EAAO,CAChC,GAAIA,GAAS,MAAQA,IAAU,IAASA,IAAU,GAAM,MAAO,GAG/D,GAAI,OAAOA,GAAU,UAAY,OAAOA,GAAU,SAChD,OAAOE,EAAW,OAAOF,CAAK,CAAC,EAIjC,GAAI,OAAOA,GAAU,YAAcA,EAAM,QACvC,MAAO,WAAWC,EAAkBD,EAAM,CAAC,CAAC,YAI9C,GAAI,OAAOA,GAAU,WACnB,GAAI,CACF,MAAO,WAAWC,EAAkBD,EAAM,CAAC,CAAC,WAC9C,MAAY,CACN,cAAO,QAAY,IAGhB,mBACT,CAIF,GAAI,MAAM,QAAQA,CAAK,EACrB,MAAO,YAAYA,EAAM,IAAIC,CAAiB,EAAE,KAAK,EAAE,CAAC,aAI1D,GAAI,OAAOD,EAAM,KAAQ,WAAY,CACnC,IAAMG,EAAOL,EAAgB,EACvBM,EAASJ,EAAM,IAAI,CAAE,GAAGA,EAAM,MAAO,SAAUA,EAAM,QAAS,CAAC,EAC/DK,EAAOJ,EAAkBG,CAAM,EAErC,OAAOE,EAAmBD,EAAMF,CAAI,CACtC,CAGA,GAAM,CAAE,IAAAI,EAAK,MAAAC,EAAO,SAAAC,CAAS,EAAIT,EAC3BU,EAAQC,EAAYH,GAAS,CAAC,CAAC,EAC/BI,EAAO,IAAIL,CAAG,GAAGG,CAAK,IAG5B,GAAIG,EAAc,IAAIN,CAAG,EAAG,OAAOK,EAEnC,IAAME,EAAWC,EAAkBP,CAAK,EAClCQ,EAAQF,GAAY,KAAO,OAAOA,CAAQ,EAAIL,EAAS,IAAIR,CAAiB,EAAE,KAAK,EAAE,EAC3F,MAAO,GAAGW,CAAI,GAAGI,CAAK,KAAKT,CAAG,GAChC,CAGA,SAASD,EAAmBD,EAAMF,EAAM,CAEtC,IAAMc,EAAQZ,EAAK,MAAM,4CAA4C,EACrE,GAAIY,EAAO,CACT,IAAMC,EAASD,EAAM,CAAC,EAChBE,EAAUF,EAAM,CAAC,EACjBG,EAAWF,EAAO,OAAS,EAAIC,EAAQ,OAC7C,OAAOd,EAAK,MAAM,EAAGe,CAAQ,EAAI,aAAajB,CAAI,IAAME,EAAK,MAAMe,CAAQ,CAC7E,CACA,OAAOf,CACT,CAKO,SAASgB,EAAerB,EAAO,CACpC,GAAIA,GAAS,MAAQA,IAAU,IAASA,IAAU,GAAM,MAAO,GAG/D,GAAI,OAAOA,GAAU,UAAY,OAAOA,GAAU,SAChD,OAAOE,EAAW,OAAOF,CAAK,CAAC,EAIjC,GAAI,OAAOA,GAAU,YAAcA,EAAM,QACvC,OAAOqB,EAAerB,EAAM,CAAC,EAI/B,GAAI,OAAOA,GAAU,WACnB,GAAI,CACF,OAAOqB,EAAerB,EAAM,CAAC,CAC/B,MAAY,CACN,cAAO,QAAY,IAGhB,EACT,CAIF,GAAI,MAAM,QAAQA,CAAK,EACrB,OAAOA,EAAM,IAAIqB,CAAc,EAAE,KAAK,EAAE,EAI1C,GAAI,OAAOrB,EAAM,KAAQ,WAAY,CACnC,IAAMI,EAASJ,EAAM,IAAI,CAAE,GAAGA,EAAM,MAAO,SAAUA,EAAM,QAAS,CAAC,EACrE,OAAOqB,EAAejB,CAAM,CAC9B,CAGA,GAAM,CAAE,IAAAG,EAAK,MAAAC,EAAO,SAAAC,CAAS,EAAIT,EAC3BU,EAAQC,EAAYH,GAAS,CAAC,CAAC,EAC/BI,EAAO,IAAIL,CAAG,GAAGG,CAAK,IAG5B,GAAIG,EAAc,IAAIN,CAAG,EAAG,OAAOK,EAEnC,IAAME,EAAWC,EAAkBP,CAAK,EAClCQ,EAAQF,GAAY,KAAO,OAAOA,CAAQ,EAAIL,EAAS,IAAIY,CAAc,EAAE,KAAK,EAAE,EACxF,MAAO,GAAGT,CAAI,GAAGI,CAAK,KAAKT,CAAG,GAChC,CAKA,eAAuBe,EAAetB,EAAO,CAC3C,GAAIA,GAAS,MAAQA,IAAU,IAASA,IAAU,GAAM,OAExD,GAAI,OAAOA,GAAU,UAAY,OAAOA,GAAU,SAAU,CAC1D,MAAME,EAAW,OAAOF,CAAK,CAAC,EAC9B,MACF,CAGA,GAAI,OAAOA,GAAU,YAAcA,EAAM,QAAS,CAChD,MAAOsB,EAAetB,EAAM,CAAC,EAC7B,MACF,CAGA,GAAI,OAAOA,GAAU,WAAY,CAC/B,GAAI,CACF,MAAOsB,EAAetB,EAAM,CAAC,CAC/B,MAAY,CACN,OAAO,QAAY,GAGzB,CACA,MACF,CAEA,GAAI,MAAM,QAAQA,CAAK,EAAG,CACxB,QAAWuB,KAASvB,EAClB,MAAOsB,EAAeC,CAAK,EAE7B,MACF,CAEA,GAAI,OAAOvB,EAAM,KAAQ,WAAY,CACnC,GAAI,CACF,IAAMI,EAASJ,EAAM,IAAI,CAAE,GAAGA,EAAM,MAAO,SAAUA,EAAM,QAAS,CAAC,EAE/DwB,EAAWpB,aAAkB,QAAU,MAAMA,EAASA,EAC5D,MAAOkB,EAAeE,CAAQ,CAChC,OAASC,EAAG,CACN,OAAO,QAAY,IAGvB,MAAMC,EACF,mBAAmBxB,EAAWuB,EAAE,SAAW,iBAAiB,CAAC,OAC7D,oBACN,CACA,MACF,CAEA,GAAM,CAAE,IAAAlB,EAAK,MAAAC,EAAO,SAAAC,CAAS,EAAIT,EAC3BU,EAAQC,EAAYH,GAAS,CAAC,CAAC,EAGrC,GAFA,KAAM,IAAID,CAAG,GAAGG,CAAK,IAEjB,CAACG,EAAc,IAAIN,CAAG,EAAG,CAC3B,IAAMO,EAAWC,EAAkBP,CAAK,EACxC,GAAIM,GAAY,KACd,MAAM,OAAOA,CAAQ,MAErB,SAAWS,KAASd,EAClB,MAAOa,EAAeC,CAAK,EAG/B,KAAM,KAAKhB,CAAG,GAChB,CACF,CAIO,SAASoB,GAAWC,EAAQ,CACjC,MAAO,CAKL,KAAM,SACN,GAAGA,CACL,CACF,CAGO,SAASC,GAAmBC,EAAMC,EAAO,CAAC,EAAG,CAClD,IAAM/B,EAAQ8B,EAAK,UAAUC,CAAI,EAC3B1B,EAAOgB,EAAerB,CAAK,EAC3BgC,EAAUF,EAAK,SAAW,CAAC,EAEjC,OAAOG,EAAa,CAClB,MAAOH,EAAK,OAAS,GACrB,KAAMA,EAAK,MAAQ,CAAC,EACpB,KAAMzB,EACN,QAAA2B,EACA,QAASF,EAAK,OAAS,SAAW,CAAC,EAAIA,EAAK,SAAW,CAAC,EACxD,OAAQA,EAAK,QAAU,CAAC,EACxB,KAAMA,EAAK,IACb,CAAC,CACH,CAEA,SAASG,EAAa,CAAE,MAAAC,EAAO,KAAAC,EAAM,KAAAC,EAAM,QAAAJ,EAAS,QAAAK,EAAS,OAAAC,EAAQ,KAAAC,CAAK,EAAG,CAC3E,IAAMC,EAAW,OAAO,QAAQL,CAAI,EACjC,IAAI,CAAC,CAACM,EAAMC,CAAO,IAAM,eAAexC,EAAWuC,CAAI,CAAC,cAAcvC,EAAWwC,CAAO,CAAC,IAAI,EAC7F,KAAK;AAAA,KAAQ,EAEVC,EAAYL,EACf,IAAIM,GAAQ,gCAAgC1C,EAAW0C,CAAI,CAAC,IAAI,EAChE,KAAK;AAAA,KAAQ,EAEVC,EAAeb,EAAQ,OAAS,EAAI;AAAA;AAAA;AAAA;AAAA,gBAI3B,GAETc,EAAaT,EAChB,IAAIU,GAAO,8BAA8B7C,EAAW6C,CAAG,CAAC,cAAa,EACrE,KAAK;AAAA,KAAQ,EAEVC,EAAeT,IAAS,SAAW;AAAA,6DACmB,GAE5D,MAAO;AAAA;AAAA;AAAA;AAAA;AAAA,MAKHC,CAAQ;AAAA,aACDtC,EAAWgC,CAAK,CAAC;AAAA,MACxBS,CAAS;AAAA;AAAA;AAAA,oBAGKP,CAAI;AAAA,MAClBS,CAAY;AAAA,MACZC,CAAU;AAAA,MACVE,CAAY;AAAA;AAAA,QAGlB,CAKO,SAASC,GAAOC,EAAW,CAChC,OAAAA,EAAU,QAAU,GACbA,CACT,CAKA,IAAMxB,EAAa,SAAO,QAAY,KAQtC,SAASX,EAAkBP,EAAO,CAChC,OAAKA,EAGDA,EAAM,wBACDA,EAAM,wBAAwB,QAAU,KAI7CA,EAAM,WAAa,OAAOA,EAAM,WAAc,UAAY,WAAYA,EAAM,UACvEA,EAAM,UAAU,QAAU,MAI/BA,EAAM,WAAa,MAAQ,OAAOA,EAAM,WAAc,UACpDkB,GACF,QAAQ,KACN,yLAEF,EAEK,MApBU,IAwBrB,CAEA,SAASf,EAAYH,EAAO,CAC1B,IAAI2C,EAAM,GACV,OAAW,CAACC,EAAKC,CAAG,IAAK,OAAO,QAAQ7C,CAAK,EAC3C,GAAI,EAAA4C,IAAQ,OAASA,IAAQ,OAASA,IAAQ,YAAcA,IAAQ,2BAA6BA,IAAQ,cACrG,EAAAA,EAAI,WAAW,IAAI,GAAKA,EAAI,OAAS,IACrC,EAAAC,IAAQ,IAASA,GAAO,MAE5B,GAAID,IAAQ,aAAeA,IAAQ,QACjCD,GAAO,WAAWjD,EAAW,OAAOmD,CAAG,CAAC,CAAC,YAChCD,IAAQ,SAAW,OAAOC,GAAQ,SAAU,CACrD,IAAMC,EAAM,OAAO,QAAQD,CAAG,EAC3B,IAAI,CAAC,CAACE,EAAGC,CAAC,IAAM,GAAGC,EAAaF,CAAC,CAAC,IAAIC,CAAC,EAAE,EACzC,KAAK,GAAG,EACXL,GAAO,WAAWjD,EAAWoD,CAAG,CAAC,GACnC,MAAWD,IAAQ,GAEbD,EAAI,WAAW,OAAO,GAAKA,IAAQ,OACrCD,GAAO,IAAIC,CAAG,UAEdD,GAAO,IAAIC,CAAG,GAGhBD,GAAO,IAAIC,CAAG,KAAKlD,EAAW,OAAOmD,CAAG,CAAC,CAAC,IAI9C,OAAOF,CACT,CAEA,SAASjD,EAAWwD,EAAK,CACvB,OAAOA,EACJ,QAAQ,KAAM,OAAO,EACrB,QAAQ,KAAM,MAAM,EACpB,QAAQ,KAAM,MAAM,EACpB,QAAQ,KAAM,QAAQ,EACtB,QAAQ,KAAM,OAAO,CAC1B,CAEA,SAASD,EAAaC,EAAK,CACzB,OAAIA,EAAI,WAAW,IAAI,EAAUA,EAC1BA,EAAI,QAAQ,WAAY,KAAK,EAAE,YAAY,CACpD,CAEA,IAAM7C,EAAgB,IAAI,IAAI,CAC5B,OAAQ,OAAQ,KAAM,MAAO,QAAS,KAAM,MAAO,QACnD,OAAQ,OAAQ,QAAS,SAAU,QAAS,KAC9C,CAAC",
|
|
6
|
+
"names": ["signal", "batch", "actionRegistry", "getCsrfToken", "meta", "match", "generateCsrfToken", "arr", "b", "validateCsrfToken", "requestToken", "sessionToken", "result", "i", "csrfMetaTag", "token", "_actionCounter", "generateActionId", "action", "fn", "options", "id", "onError", "onSuccess", "revalidate", "callAction", "args", "timeout", "controller", "timeoutId", "csrfToken", "headers", "response", "error", "path", "invalidatePath", "timeoutError", "formAction", "actionFn", "resetOnSuccess", "formDataOrEvent", "formData", "form", "data", "hasFiles", "key", "value", "useAction", "isPending", "trigger", "e", "useFormAction", "formRef", "actionState", "handleSubmit", "useOptimistic", "initialValue", "reducer", "pending", "baseValue", "addOptimistic", "optimisticValue", "resolve", "serverValue", "a", "current", "rollback", "realValue", "newPending", "base", "withOptimistic", "asyncFn", "v", "revalidationCallbacks", "onRevalidate", "callback", "callbacks", "cb", "handleActionRequest", "req", "actionId", "sessionCsrfToken", "skipCsrf", "requestCsrfToken", "getRegisteredActions", "useMutation", "mutationFn", "onSettled", "state", "mutate", "_hydrationIdCounter", "resetHydrationId", "nextHydrationId", "renderToHydratableString", "vnode", "_renderHydratable", "escapeHtml", "hkId", "result", "html", "injectHydrationKey", "tag", "props", "children", "attrs", "renderAttrs", "open", "VOID_ELEMENTS", "rawInner", "_resolveInnerHTML", "inner", "match", "prefix", "tagName", "insertAt", "renderToString", "renderToStream", "child", "resolved", "e", "_isDevMode", "definePage", "config", "generateStaticPage", "page", "data", "islands", "wrapDocument", "title", "meta", "body", "scripts", "styles", "mode", "metaTags", "name", "content", "styleTags", "href", "islandScript", "scriptTags", "src", "clientScript", "server", "Component", "out", "key", "val", "css", "p", "v", "camelToKebab", "str"]
|
|
7
7
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "what-server",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.8.0",
|
|
4
4
|
"description": "What Framework - SSR, islands architecture, static generation",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "src/index.js",
|
|
@@ -36,7 +36,7 @@
|
|
|
36
36
|
"author": "ZVN DEV (https://zvndev.com)",
|
|
37
37
|
"license": "MIT",
|
|
38
38
|
"peerDependencies": {
|
|
39
|
-
"what-core": "^0.
|
|
39
|
+
"what-core": "^0.7.0"
|
|
40
40
|
},
|
|
41
41
|
"repository": {
|
|
42
42
|
"type": "git",
|
package/src/actions.js
CHANGED
|
@@ -76,11 +76,15 @@ export function csrfMetaTag(token) {
|
|
|
76
76
|
|
|
77
77
|
// --- Define a server action ---
|
|
78
78
|
|
|
79
|
+
let _actionCounter = 0;
|
|
80
|
+
|
|
79
81
|
function generateActionId() {
|
|
80
|
-
// Generate a
|
|
82
|
+
// Generate a deterministic ID — prefer crypto.getRandomValues, fall back to a
|
|
83
|
+
// monotonic counter (never Math.random, which is not cryptographically safe and
|
|
84
|
+
// produces predictable IDs in some runtimes).
|
|
81
85
|
const rand = typeof crypto !== 'undefined' && crypto.getRandomValues
|
|
82
86
|
? Array.from(crypto.getRandomValues(new Uint8Array(6)), b => b.toString(16).padStart(2, '0')).join('')
|
|
83
|
-
:
|
|
87
|
+
: `c${(++_actionCounter).toString(36)}_${Date.now().toString(36)}`;
|
|
84
88
|
return `a_${rand}`;
|
|
85
89
|
}
|
|
86
90
|
|