zero-query 1.1.1 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (156) hide show
  1. package/LICENSE +21 -21
  2. package/README.md +2 -0
  3. package/cli/args.js +33 -33
  4. package/cli/commands/build-api.js +442 -442
  5. package/cli/commands/build.js +253 -247
  6. package/cli/commands/bundle.js +1226 -1224
  7. package/cli/commands/create.js +178 -121
  8. package/cli/commands/dev/devtools/index.js +56 -56
  9. package/cli/commands/dev/devtools/js/components.js +49 -49
  10. package/cli/commands/dev/devtools/js/core.js +423 -423
  11. package/cli/commands/dev/devtools/js/elements.js +421 -421
  12. package/cli/commands/dev/devtools/js/network.js +166 -166
  13. package/cli/commands/dev/devtools/js/performance.js +73 -73
  14. package/cli/commands/dev/devtools/js/router.js +105 -105
  15. package/cli/commands/dev/devtools/js/source.js +132 -132
  16. package/cli/commands/dev/devtools/js/stats.js +35 -35
  17. package/cli/commands/dev/devtools/js/tabs.js +79 -79
  18. package/cli/commands/dev/devtools/panel.html +95 -95
  19. package/cli/commands/dev/devtools/styles.css +244 -244
  20. package/cli/commands/dev/index.js +107 -107
  21. package/cli/commands/dev/logger.js +75 -75
  22. package/cli/commands/dev/overlay.js +858 -858
  23. package/cli/commands/dev/server.js +220 -220
  24. package/cli/commands/dev/validator.js +94 -94
  25. package/cli/commands/dev/watcher.js +172 -172
  26. package/cli/help.js +114 -112
  27. package/cli/index.js +52 -52
  28. package/cli/scaffold/default/LICENSE +21 -21
  29. package/cli/scaffold/default/app/app.js +207 -207
  30. package/cli/scaffold/default/app/components/about.js +201 -201
  31. package/cli/scaffold/default/app/components/api-demo.js +143 -143
  32. package/cli/scaffold/default/app/components/contact-card.js +231 -231
  33. package/cli/scaffold/default/app/components/contacts/contacts.css +706 -706
  34. package/cli/scaffold/default/app/components/contacts/contacts.html +200 -200
  35. package/cli/scaffold/default/app/components/contacts/contacts.js +196 -196
  36. package/cli/scaffold/default/app/components/counter.js +127 -127
  37. package/cli/scaffold/default/app/components/home.js +249 -249
  38. package/cli/scaffold/default/app/components/not-found.js +16 -16
  39. package/cli/scaffold/default/app/components/playground/playground.css +115 -115
  40. package/cli/scaffold/default/app/components/playground/playground.html +161 -161
  41. package/cli/scaffold/default/app/components/playground/playground.js +116 -116
  42. package/cli/scaffold/default/app/components/todos.js +225 -225
  43. package/cli/scaffold/default/app/components/toolkit/toolkit.css +97 -97
  44. package/cli/scaffold/default/app/components/toolkit/toolkit.html +146 -146
  45. package/cli/scaffold/default/app/components/toolkit/toolkit.js +280 -280
  46. package/cli/scaffold/default/app/routes.js +15 -15
  47. package/cli/scaffold/default/app/store.js +101 -101
  48. package/cli/scaffold/default/global.css +552 -552
  49. package/cli/scaffold/default/index.html +99 -99
  50. package/cli/scaffold/minimal/app/app.js +85 -85
  51. package/cli/scaffold/minimal/app/components/about.js +68 -68
  52. package/cli/scaffold/minimal/app/components/counter.js +122 -122
  53. package/cli/scaffold/minimal/app/components/home.js +68 -68
  54. package/cli/scaffold/minimal/app/components/not-found.js +16 -16
  55. package/cli/scaffold/minimal/app/routes.js +9 -9
  56. package/cli/scaffold/minimal/app/store.js +36 -36
  57. package/cli/scaffold/minimal/global.css +300 -300
  58. package/cli/scaffold/minimal/index.html +44 -44
  59. package/cli/scaffold/ssr/app/app.js +41 -41
  60. package/cli/scaffold/ssr/app/components/about.js +55 -55
  61. package/cli/scaffold/ssr/app/components/blog/index.js +65 -65
  62. package/cli/scaffold/ssr/app/components/blog/post.js +86 -86
  63. package/cli/scaffold/ssr/app/components/home.js +37 -37
  64. package/cli/scaffold/ssr/app/components/not-found.js +15 -15
  65. package/cli/scaffold/ssr/app/routes.js +8 -8
  66. package/cli/scaffold/ssr/global.css +228 -228
  67. package/cli/scaffold/ssr/index.html +37 -37
  68. package/cli/scaffold/ssr/package.json +8 -8
  69. package/cli/scaffold/ssr/server/data/posts.js +144 -144
  70. package/cli/scaffold/ssr/server/index.js +213 -213
  71. package/cli/scaffold/webrtc/app/app.js +11 -0
  72. package/cli/scaffold/webrtc/app/components/video-room.js +441 -0
  73. package/cli/scaffold/webrtc/assets/.gitkeep +0 -0
  74. package/cli/scaffold/webrtc/global.css +250 -0
  75. package/cli/scaffold/webrtc/index.html +21 -0
  76. package/cli/scaffold/webrtc/package.json +16 -0
  77. package/cli/scaffold/webrtc/server/index.js +198 -0
  78. package/cli/utils.js +305 -287
  79. package/dist/API.md +661 -0
  80. package/dist/zquery.dist.zip +0 -0
  81. package/dist/zquery.js +10454 -6614
  82. package/dist/zquery.min.js +8 -631
  83. package/index.d.ts +570 -371
  84. package/index.js +311 -240
  85. package/package.json +77 -70
  86. package/src/component.js +1758 -1691
  87. package/src/core.js +929 -921
  88. package/src/diff.js +497 -497
  89. package/src/errors.js +209 -209
  90. package/src/expression.js +929 -922
  91. package/src/http.js +242 -242
  92. package/src/package.json +1 -1
  93. package/src/reactive.js +271 -255
  94. package/src/router.js +878 -843
  95. package/src/ssr.js +421 -418
  96. package/src/store.js +325 -318
  97. package/src/utils.js +534 -515
  98. package/src/webrtc/e2ee.js +351 -0
  99. package/src/webrtc/errors.js +116 -0
  100. package/src/webrtc/ice.js +301 -0
  101. package/src/webrtc/index.js +131 -0
  102. package/src/webrtc/joinToken.js +119 -0
  103. package/src/webrtc/observe.js +172 -0
  104. package/src/webrtc/peer.js +351 -0
  105. package/src/webrtc/reactive.js +268 -0
  106. package/src/webrtc/room.js +625 -0
  107. package/src/webrtc/sdp.js +302 -0
  108. package/src/webrtc/sfu/index.js +43 -0
  109. package/src/webrtc/sfu/livekit.js +131 -0
  110. package/src/webrtc/sfu/mediasoup.js +150 -0
  111. package/src/webrtc/signaling.js +373 -0
  112. package/src/webrtc/turn.js +237 -0
  113. package/tests/_helpers/webrtcFakes.js +289 -0
  114. package/tests/audit.test.js +4158 -4158
  115. package/tests/bench/render.bench.js +77 -0
  116. package/tests/cli.test.js +1136 -1103
  117. package/tests/compare.test.js +497 -486
  118. package/tests/component.test.js +4076 -3938
  119. package/tests/core.test.js +1926 -1910
  120. package/tests/dev-server.test.js +489 -489
  121. package/tests/diff.test.js +1416 -1416
  122. package/tests/docs.test.js +1664 -1650
  123. package/tests/electron-features.test.js +864 -864
  124. package/tests/errors.test.js +619 -619
  125. package/tests/expression.test.js +1087 -1056
  126. package/tests/http.test.js +693 -648
  127. package/tests/reactive.test.js +844 -819
  128. package/tests/router.test.js +2423 -2327
  129. package/tests/ssr.test.js +916 -870
  130. package/tests/store.test.js +840 -830
  131. package/tests/test-minifier.js +153 -153
  132. package/tests/test-ssr.js +27 -27
  133. package/tests/utils.test.js +1411 -1377
  134. package/tests/webrtc/e2ee.test.js +283 -0
  135. package/tests/webrtc/ice.test.js +202 -0
  136. package/tests/webrtc/joinToken.test.js +89 -0
  137. package/tests/webrtc/observe.test.js +111 -0
  138. package/tests/webrtc/peer.test.js +373 -0
  139. package/tests/webrtc/reactive.test.js +235 -0
  140. package/tests/webrtc/room.test.js +406 -0
  141. package/tests/webrtc/sdp.test.js +151 -0
  142. package/tests/webrtc/sfu-livekit.test.js +119 -0
  143. package/tests/webrtc/sfu.test.js +160 -0
  144. package/tests/webrtc/signaling.test.js +251 -0
  145. package/tests/webrtc/turn.test.js +256 -0
  146. package/types/collection.d.ts +383 -383
  147. package/types/component.d.ts +186 -186
  148. package/types/errors.d.ts +135 -135
  149. package/types/http.d.ts +92 -92
  150. package/types/misc.d.ts +201 -201
  151. package/types/reactive.d.ts +98 -98
  152. package/types/router.d.ts +190 -190
  153. package/types/ssr.d.ts +102 -102
  154. package/types/store.d.ts +146 -146
  155. package/types/utils.d.ts +245 -245
  156. package/types/webrtc.d.ts +653 -0
package/src/ssr.js CHANGED
@@ -1,418 +1,421 @@
1
- /**
2
- * zQuery SSR - Server-side rendering to HTML string
3
- *
4
- * Renders registered components to static HTML strings for SEO,
5
- * initial page load performance, and static site generation.
6
- *
7
- * Works in Node.js - no DOM required for basic rendering.
8
- * Supports hydration markers for client-side takeover.
9
- *
10
- * Usage (Node.js):
11
- * import { renderToString, createSSRApp } from 'zero-query/ssr';
12
- *
13
- * const app = createSSRApp();
14
- * app.component('my-page', {
15
- * state: () => ({ title: 'Hello' }),
16
- * render() { return `<h1>${this.state.title}</h1>`; }
17
- * });
18
- *
19
- * const html = await app.renderToString('my-page', { title: 'World' });
20
- * // → '<my-page data-zq-ssr><h1>World</h1></my-page>'
21
- */
22
-
23
- import { safeEval } from './expression.js';
24
- import { reportError, ErrorCode, ZQueryError } from './errors.js';
25
-
26
- // ---------------------------------------------------------------------------
27
- // SSR Component renderer
28
- // ---------------------------------------------------------------------------
29
- class SSRComponent {
30
- constructor(definition, props = {}) {
31
- this._def = definition;
32
- this.props = Object.freeze({ ...props });
33
- this.refs = {};
34
- this.templates = {};
35
- this.computed = {};
36
-
37
- // Initialize state
38
- const initialState = typeof definition.state === 'function'
39
- ? definition.state()
40
- : { ...(definition.state || {}) };
41
- this.state = initialState;
42
-
43
- // Add __raw to match client-side API
44
- Object.defineProperty(this.state, '__raw', { value: this.state, enumerable: false });
45
-
46
- // Computed properties
47
- if (definition.computed) {
48
- for (const [name, fn] of Object.entries(definition.computed)) {
49
- Object.defineProperty(this.computed, name, {
50
- get: () => {
51
- try {
52
- return fn.call(this, this.state);
53
- } catch (err) {
54
- reportError(ErrorCode.SSR_RENDER, `Computed property "${name}" threw during SSR`, { property: name }, err);
55
- return undefined;
56
- }
57
- },
58
- enumerable: true
59
- });
60
- }
61
- }
62
-
63
- // Bind user methods
64
- for (const [key, val] of Object.entries(definition)) {
65
- if (typeof val === 'function' && !SSR_RESERVED.has(key)) {
66
- this[key] = val.bind(this);
67
- }
68
- }
69
-
70
- // Init lifecycle - guarded so a broken init doesn't crash the whole render
71
- if (definition.init) {
72
- try {
73
- definition.init.call(this);
74
- } catch (err) {
75
- reportError(ErrorCode.SSR_RENDER, 'Component init() threw during SSR', {}, err);
76
- }
77
- }
78
- }
79
-
80
- render() {
81
- if (this._def.render) {
82
- try {
83
- let html = this._def.render.call(this);
84
- html = this._interpolate(html);
85
- return html;
86
- } catch (err) {
87
- reportError(ErrorCode.SSR_RENDER, 'Component render() threw during SSR', {}, err);
88
- return `<!-- SSR render error -->`;
89
- }
90
- }
91
- return '';
92
- }
93
-
94
- // Basic {{expression}} interpolation for SSR
95
- _interpolate(html) {
96
- return html.replace(/\{\{(.+?)\}\}/g, (_, expr) => {
97
- try {
98
- const result = safeEval(expr.trim(), [
99
- this.state,
100
- { props: this.props, computed: this.computed }
101
- ]);
102
- return result != null ? _escapeHtml(String(result)) : '';
103
- } catch (err) {
104
- reportError(ErrorCode.SSR_RENDER, `Expression "{{${expr.trim()}}}" failed during SSR`, { expression: expr.trim() }, err);
105
- return '';
106
- }
107
- });
108
- }
109
- }
110
-
111
- const SSR_RESERVED = new Set([
112
- 'state', 'render', 'styles', 'init', 'mounted', 'updated', 'destroyed',
113
- 'props', 'templateUrl', 'styleUrl', 'templates',
114
- 'base', 'computed', 'watch'
115
- ]);
116
-
117
- // ---------------------------------------------------------------------------
118
- // HTML escaping for SSR output
119
- // ---------------------------------------------------------------------------
120
- const _escapeMap = { '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;' };
121
- function _escapeHtml(str) {
122
- return str.replace(/[&<>"']/g, c => _escapeMap[c]);
123
- }
124
-
125
- // ---------------------------------------------------------------------------
126
- // SSR App - component registry + renderer
127
- // ---------------------------------------------------------------------------
128
- class SSRApp {
129
- constructor() {
130
- this._registry = new Map();
131
- }
132
-
133
- /**
134
- * Register a component for SSR.
135
- * @param {string} name
136
- * @param {object} definition
137
- */
138
- component(name, definition) {
139
- if (typeof name !== 'string' || !name) {
140
- throw new ZQueryError(ErrorCode.SSR_COMPONENT, 'Component name must be a non-empty string');
141
- }
142
- if (!definition || typeof definition !== 'object') {
143
- throw new ZQueryError(ErrorCode.SSR_COMPONENT, `Invalid definition for component "${name}"`);
144
- }
145
- this._registry.set(name, definition);
146
- return this;
147
- }
148
-
149
- /**
150
- * Check whether a component is registered.
151
- * @param {string} name
152
- * @returns {boolean}
153
- */
154
- has(name) {
155
- return this._registry.has(name);
156
- }
157
-
158
- /**
159
- * Render a component to an HTML string.
160
- *
161
- * @param {string} componentName - registered component name
162
- * @param {object} [props] - props to pass
163
- * @param {object} [options] - rendering options
164
- * @param {boolean} [options.hydrate=true] - add hydration marker
165
- * @param {string} [options.mode='html'] - 'html' (default) or 'fragment' (no wrapper tag)
166
- * @returns {Promise<string>} - rendered HTML
167
- */
168
- async renderToString(componentName, props = {}, options = {}) {
169
- const def = this._registry.get(componentName);
170
- if (!def) {
171
- throw new ZQueryError(
172
- ErrorCode.SSR_COMPONENT,
173
- `SSR: Component "${componentName}" not registered`,
174
- { component: componentName }
175
- );
176
- }
177
-
178
- const instance = new SSRComponent(def, props);
179
- let html = instance.render();
180
-
181
- // Strip z-cloak attributes (they're only for client-side FOUC prevention)
182
- html = html.replace(/\s*z-cloak\s*/g, ' ');
183
-
184
- // Clean up SSR-irrelevant attributes
185
- html = html.replace(/\s*@[\w.]+="[^"]*"/g, ''); // Remove event bindings
186
- html = html.replace(/\s*z-on:[\w.]+="[^"]*"/g, '');
187
-
188
- // Fragment mode - return inner HTML without wrapper tag
189
- if (options.mode === 'fragment') return html;
190
-
191
- const hydrate = options.hydrate !== false;
192
- const marker = hydrate ? ' data-zq-ssr' : '';
193
-
194
- return `<${componentName}${marker}>${html}</${componentName}>`;
195
- }
196
-
197
- /**
198
- * Render multiple components as a batch.
199
- *
200
- * @param {Array<{ name: string, props?: object, options?: object }>} entries
201
- * @returns {Promise<string[]>} - array of rendered HTML strings
202
- */
203
- async renderBatch(entries) {
204
- return Promise.all(
205
- entries.map(({ name, props, options }) => this.renderToString(name, props, options))
206
- );
207
- }
208
-
209
- /**
210
- * Render a full HTML page with a component mounted in a shell.
211
- *
212
- * @param {object} options
213
- * @param {string} options.component - component name to render
214
- * @param {object} [options.props] - props
215
- * @param {string} [options.title] - page title
216
- * @param {string} [options.description] - meta description for SEO
217
- * @param {string[]} [options.styles] - CSS file paths
218
- * @param {string[]} [options.scripts] - JS file paths
219
- * @param {string} [options.lang] - html lang attribute
220
- * @param {string} [options.meta] - additional head content
221
- * @param {string} [options.bodyAttrs] - extra body attributes
222
- * @param {object} [options.head] - structured head options
223
- * @param {string} [options.head.canonical] - canonical URL
224
- * @param {object} [options.head.og] - Open Graph tags
225
- * @returns {Promise<string>}
226
- */
227
- async renderPage(options = {}) {
228
- const {
229
- component: comp,
230
- props = {},
231
- title = '',
232
- description = '',
233
- styles = [],
234
- scripts = [],
235
- lang = 'en',
236
- meta = '',
237
- bodyAttrs = '',
238
- head = {},
239
- } = options;
240
-
241
- let content = '';
242
- if (comp) {
243
- try {
244
- content = await this.renderToString(comp, props);
245
- } catch (err) {
246
- reportError(ErrorCode.SSR_PAGE, `renderPage failed for component "${comp}"`, { component: comp }, err);
247
- content = `<!-- SSR error: ${_escapeHtml(err.message)} -->`;
248
- }
249
- }
250
-
251
- const styleLinks = styles.map(s => `<link rel="stylesheet" href="${_escapeHtml(s)}">`).join('\n ');
252
- const scriptTags = scripts.map(s => `<script src="${_escapeHtml(s)}"></script>`).join('\n ');
253
-
254
- // Build SEO / structured head tags
255
- let headExtra = meta;
256
- if (description) {
257
- headExtra += `\n <meta name="description" content="${_escapeHtml(description)}">`;
258
- }
259
- if (head.canonical) {
260
- headExtra += `\n <link rel="canonical" href="${_escapeHtml(head.canonical)}">`;
261
- }
262
- if (head.og) {
263
- for (const [key, val] of Object.entries(head.og)) {
264
- headExtra += `\n <meta property="og:${_escapeHtml(key)}" content="${_escapeHtml(String(val))}">`;
265
- }
266
- }
267
-
268
- return `<!DOCTYPE html>
269
- <html lang="${_escapeHtml(lang)}">
270
- <head>
271
- <meta charset="UTF-8">
272
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
273
- <title>${_escapeHtml(title)}</title>
274
- ${headExtra}
275
- ${styleLinks}
276
- </head>
277
- <body ${bodyAttrs.replace(/on\w+\s*=/gi, '').replace(/javascript\s*:/gi, '')}>
278
- <div id="app">${content}</div>
279
- ${scriptTags}
280
- </body>
281
- </html>`;
282
- }
283
-
284
- /**
285
- * Render a component into an existing HTML shell template.
286
- *
287
- * Unlike renderPage() which generates a full HTML document from scratch,
288
- * renderShell() takes your own index.html (with nav, footer, custom markup)
289
- * and injects the SSR-rendered component body plus metadata into it.
290
- *
291
- * Handles:
292
- * - Component rendering into <z-outlet>
293
- * - <title> replacement
294
- * - <meta name="description"> replacement
295
- * - Open Graph meta tag replacement (og:title, og:description, og:type, etc.)
296
- * - window.__SSR_DATA__ hydration script injection
297
- *
298
- * @param {string} shell - HTML template string (your index.html)
299
- * @param {object} options
300
- * @param {string} options.component - registered component name to render
301
- * @param {object} [options.props] - props passed to the component
302
- * @param {string} [options.title] - page title (replaces <title>)
303
- * @param {string} [options.description] - meta description (replaces <meta name="description">)
304
- * @param {object} [options.og] - Open Graph tags to replace (e.g. { title, description, type, image })
305
- * @param {any} [options.ssrData] - data to embed as window.__SSR_DATA__ for client hydration
306
- * @param {object} [options.renderOptions] - options passed to renderToString (hydrate, mode)
307
- * @returns {Promise<string>} - the shell with SSR content and metadata injected
308
- */
309
- async renderShell(shell, options = {}) {
310
- const {
311
- component: comp,
312
- props = {},
313
- title,
314
- description,
315
- og,
316
- ssrData,
317
- renderOptions,
318
- } = options;
319
-
320
- // Render the component
321
- let body = '';
322
- if (comp) {
323
- try {
324
- body = await this.renderToString(comp, props, renderOptions);
325
- } catch (err) {
326
- reportError(ErrorCode.SSR_PAGE, `renderShell failed for component "${comp}"`, { component: comp }, err);
327
- body = `<!-- SSR error: ${_escapeHtml(err.message)} -->`;
328
- }
329
- }
330
-
331
- let html = shell;
332
-
333
- // Inject SSR body into <z-outlet>
334
- // Use a replacer function to avoid $ substitution patterns in body
335
- html = html.replace(/(<z-outlet[^>]*>)([\s\S]*?)(<\/z-outlet>)?/, (_, open) => `${open}${body}</z-outlet>`);
336
-
337
- // Replace <title>
338
- if (title != null) {
339
- const safeTitle = _escapeHtml(title);
340
- html = html.replace(/<title>[^<]*<\/title>/, () => `<title>${safeTitle}</title>`);
341
- }
342
-
343
- // Replace <meta name="description">
344
- if (description != null) {
345
- const safeDesc = _escapeHtml(description);
346
- html = html.replace(
347
- /<meta\s+name="description"\s+content="[^"]*">/,
348
- () => `<meta name="description" content="${safeDesc}">`
349
- );
350
- }
351
-
352
- // Replace Open Graph meta tags
353
- if (og) {
354
- for (const [key, value] of Object.entries(og)) {
355
- // Sanitize key: allow only safe OG property characters (alphanumeric, hyphens, underscores, colons)
356
- const safeKey = key.replace(/[^a-zA-Z0-9_:\-]/g, '');
357
- if (!safeKey) continue;
358
- const escaped = _escapeHtml(String(value));
359
- // Escape key for use in RegExp to prevent ReDoS
360
- const escapedKey = safeKey.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
361
- const pattern = new RegExp(`<meta\\s+property="og:${escapedKey}"\\s+content="[^"]*">`);
362
- if (pattern.test(html)) {
363
- html = html.replace(pattern, () => `<meta property="og:${safeKey}" content="${escaped}">`);
364
- } else {
365
- // Tag doesn't exist — inject before </head>
366
- html = html.replace('</head>', () => `<meta property="og:${safeKey}" content="${escaped}">\n</head>`);
367
- }
368
- }
369
- }
370
-
371
- // Inject hydration data as window.__SSR_DATA__
372
- if (ssrData !== undefined) {
373
- // Escape </script> and <!-- sequences to prevent breaking out of the script tag
374
- const json = JSON.stringify(ssrData).replace(/<\//g, '<\\/').replace(/<!--/g, '<\\!--');
375
- html = html.replace('</head>', () => `<script>window.__SSR_DATA__=${json};</script>\n</head>`);
376
- }
377
-
378
- return html;
379
- }
380
- }
381
-
382
- // ---------------------------------------------------------------------------
383
- // Public API
384
- // ---------------------------------------------------------------------------
385
-
386
- /**
387
- * Create an SSR application instance.
388
- * @returns {SSRApp}
389
- */
390
- export function createSSRApp() {
391
- return new SSRApp();
392
- }
393
-
394
- /**
395
- * Quick one-shot render of a component definition to string.
396
- * @param {object} definition - component definition
397
- * @param {object} [props] - props
398
- * @returns {string}
399
- */
400
- export function renderToString(definition, props = {}) {
401
- if (!definition || typeof definition !== 'object') {
402
- throw new ZQueryError(ErrorCode.SSR_COMPONENT, 'renderToString requires a component definition object');
403
- }
404
- const instance = new SSRComponent(definition, props);
405
- return instance.render();
406
- }
407
-
408
- /**
409
- * Escape HTML entities - exposed for use in SSR templates.
410
- * @param {string} str
411
- * @returns {string}
412
- */
413
- export function escapeHtml(str) {
414
- return _escapeHtml(String(str));
415
- }
416
-
417
- // Re-export matchRoute so SSR servers can import from 'zero-query/ssr'
418
- export { matchRoute } from './router.js';
1
+ /**
2
+ * zQuery SSR - Server-side rendering to HTML string
3
+ *
4
+ * Renders registered components to static HTML strings for SEO,
5
+ * initial page load performance, and static site generation.
6
+ *
7
+ * Works in Node.js - no DOM required for basic rendering.
8
+ * Supports hydration markers for client-side takeover.
9
+ *
10
+ * Usage (Node.js):
11
+ * import { renderToString, createSSRApp } from 'zero-query/ssr';
12
+ *
13
+ * const app = createSSRApp();
14
+ * app.component('my-page', {
15
+ * state: () => ({ title: 'Hello' }),
16
+ * render() { return `<h1>${this.state.title}</h1>`; }
17
+ * });
18
+ *
19
+ * const html = await app.renderToString('my-page', { title: 'World' });
20
+ * // → '<my-page data-zq-ssr><h1>World</h1></my-page>'
21
+ */
22
+
23
+ import { safeEval } from './expression.js';
24
+ import { reportError, ErrorCode, ZQueryError } from './errors.js';
25
+ import { escapeHtml as _escapeHtml } from './utils.js';
26
+
27
+ // ---------------------------------------------------------------------------
28
+ // SSR Component renderer
29
+ // ---------------------------------------------------------------------------
30
+ class SSRComponent {
31
+ constructor(definition, props = {}) {
32
+ this._def = definition;
33
+ this.props = Object.freeze({ ...props });
34
+ this.refs = {};
35
+ this.templates = {};
36
+ this.computed = {};
37
+
38
+ // Initialize state
39
+ const initialState = typeof definition.state === 'function'
40
+ ? definition.state()
41
+ : { ...(definition.state || {}) };
42
+ this.state = initialState;
43
+
44
+ // Add __raw to match client-side API
45
+ Object.defineProperty(this.state, '__raw', { value: this.state, enumerable: false });
46
+
47
+ // Computed properties
48
+ if (definition.computed) {
49
+ for (const [name, fn] of Object.entries(definition.computed)) {
50
+ Object.defineProperty(this.computed, name, {
51
+ get: () => {
52
+ try {
53
+ return fn.call(this, this.state);
54
+ } catch (err) {
55
+ reportError(ErrorCode.SSR_RENDER, `Computed property "${name}" threw during SSR`, { property: name }, err);
56
+ return undefined;
57
+ }
58
+ },
59
+ enumerable: true
60
+ });
61
+ }
62
+ }
63
+
64
+ // Bind user methods
65
+ for (const [key, val] of Object.entries(definition)) {
66
+ if (typeof val === 'function' && !SSR_RESERVED.has(key)) {
67
+ this[key] = val.bind(this);
68
+ }
69
+ }
70
+
71
+ // Init lifecycle - guarded so a broken init doesn't crash the whole render
72
+ if (definition.init) {
73
+ try {
74
+ definition.init.call(this);
75
+ } catch (err) {
76
+ reportError(ErrorCode.SSR_RENDER, 'Component init() threw during SSR', {}, err);
77
+ }
78
+ }
79
+ }
80
+
81
+ render() {
82
+ if (this._def.render) {
83
+ try {
84
+ let html = this._def.render.call(this);
85
+ html = this._interpolate(html);
86
+ return html;
87
+ } catch (err) {
88
+ reportError(ErrorCode.SSR_RENDER, 'Component render() threw during SSR', {}, err);
89
+ return `<!-- SSR render error -->`;
90
+ }
91
+ }
92
+ return '';
93
+ }
94
+
95
+ // Basic {{expression}} interpolation for SSR
96
+ _interpolate(html) {
97
+ return html.replace(/\{\{(.+?)\}\}/g, (_, expr) => {
98
+ try {
99
+ const result = safeEval(expr.trim(), [
100
+ this.state,
101
+ { props: this.props, computed: this.computed }
102
+ ]);
103
+ return result != null ? _escapeHtml(String(result)) : '';
104
+ } catch (err) {
105
+ reportError(ErrorCode.SSR_RENDER, `Expression "{{${expr.trim()}}}" failed during SSR`, { expression: expr.trim() }, err);
106
+ return '';
107
+ }
108
+ });
109
+ }
110
+ }
111
+
112
+ const SSR_RESERVED = new Set([
113
+ 'state', 'render', 'styles', 'init', 'mounted', 'updated', 'destroyed',
114
+ 'props', 'templateUrl', 'styleUrl', 'templates',
115
+ 'base', 'computed', 'watch'
116
+ ]);
117
+
118
+ // ---------------------------------------------------------------------------
119
+ // HTML escaping for SSR output (re-uses utils.escapeHtml)
120
+ // ---------------------------------------------------------------------------
121
+
122
+ // ---------------------------------------------------------------------------
123
+ // SSR App - component registry + renderer
124
+ // ---------------------------------------------------------------------------
125
+ class SSRApp {
126
+ constructor() {
127
+ this._registry = new Map();
128
+ }
129
+
130
+ /**
131
+ * Register a component for SSR.
132
+ * @param {string} name
133
+ * @param {object} definition
134
+ */
135
+ component(name, definition) {
136
+ if (typeof name !== 'string' || !name) {
137
+ throw new ZQueryError(ErrorCode.SSR_COMPONENT, 'Component name must be a non-empty string');
138
+ }
139
+ if (!definition || typeof definition !== 'object') {
140
+ throw new ZQueryError(ErrorCode.SSR_COMPONENT, `Invalid definition for component "${name}"`);
141
+ }
142
+ this._registry.set(name, definition);
143
+ return this;
144
+ }
145
+
146
+ /**
147
+ * Check whether a component is registered.
148
+ * @param {string} name
149
+ * @returns {boolean}
150
+ */
151
+ has(name) {
152
+ return this._registry.has(name);
153
+ }
154
+
155
+ /**
156
+ * Render a component to an HTML string.
157
+ *
158
+ * @param {string} componentName - registered component name
159
+ * @param {object} [props] - props to pass
160
+ * @param {object} [options] - rendering options
161
+ * @param {boolean} [options.hydrate=true] - add hydration marker
162
+ * @param {string} [options.mode='html'] - 'html' (default) or 'fragment' (no wrapper tag)
163
+ * @returns {Promise<string>} - rendered HTML
164
+ */
165
+ async renderToString(componentName, props = {}, options = {}) {
166
+ const def = this._registry.get(componentName);
167
+ if (!def) {
168
+ throw new ZQueryError(
169
+ ErrorCode.SSR_COMPONENT,
170
+ `SSR: Component "${componentName}" not registered`,
171
+ { component: componentName }
172
+ );
173
+ }
174
+
175
+ const instance = new SSRComponent(def, props);
176
+ let html = instance.render();
177
+
178
+ // Strip z-cloak attributes (they're only for client-side FOUC prevention)
179
+ html = html.replace(/\s*z-cloak\s*/g, ' ');
180
+
181
+ // Clean up SSR-irrelevant attributes
182
+ html = html.replace(/\s*@[\w.]+="[^"]*"/g, ''); // Remove event bindings
183
+ html = html.replace(/\s*z-on:[\w.]+="[^"]*"/g, '');
184
+
185
+ // Fragment mode - return inner HTML without wrapper tag
186
+ if (options.mode === 'fragment') return html;
187
+
188
+ const hydrate = options.hydrate !== false;
189
+ const marker = hydrate ? ' data-zq-ssr' : '';
190
+
191
+ return `<${componentName}${marker}>${html}</${componentName}>`;
192
+ }
193
+
194
+ /**
195
+ * Render multiple components as a batch.
196
+ *
197
+ * @param {Array<{ name: string, props?: object, options?: object }>} entries
198
+ * @returns {Promise<string[]>} - array of rendered HTML strings
199
+ */
200
+ async renderBatch(entries) {
201
+ return Promise.all(
202
+ entries.map(({ name, props, options }) => this.renderToString(name, props, options))
203
+ );
204
+ }
205
+
206
+ /**
207
+ * Render a full HTML page with a component mounted in a shell.
208
+ *
209
+ * @param {object} options
210
+ * @param {string} options.component - component name to render
211
+ * @param {object} [options.props] - props
212
+ * @param {string} [options.title] - page title
213
+ * @param {string} [options.description] - meta description for SEO
214
+ * @param {string[]} [options.styles] - CSS file paths
215
+ * @param {string[]} [options.scripts] - JS file paths
216
+ * @param {string} [options.lang] - html lang attribute
217
+ * @param {string} [options.meta] - additional head content
218
+ * @param {string} [options.bodyAttrs] - extra body attributes
219
+ * @param {object} [options.head] - structured head options
220
+ * @param {string} [options.head.canonical] - canonical URL
221
+ * @param {object} [options.head.og] - Open Graph tags
222
+ * @returns {Promise<string>}
223
+ */
224
+ async renderPage(options = {}) {
225
+ const {
226
+ component: comp,
227
+ props = {},
228
+ title = '',
229
+ description = '',
230
+ styles = [],
231
+ scripts = [],
232
+ lang = 'en',
233
+ meta = '',
234
+ bodyAttrs = '',
235
+ head = {},
236
+ } = options;
237
+
238
+ let content = '';
239
+ if (comp) {
240
+ try {
241
+ content = await this.renderToString(comp, props);
242
+ } catch (err) {
243
+ reportError(ErrorCode.SSR_PAGE, `renderPage failed for component "${comp}"`, { component: comp }, err);
244
+ content = `<!-- SSR error: ${_escapeHtml(err.message)} -->`;
245
+ }
246
+ }
247
+
248
+ const styleLinks = styles.map(s => `<link rel="stylesheet" href="${_escapeHtml(s)}">`).join('\n ');
249
+ const scriptTags = scripts.map(s => `<script src="${_escapeHtml(s)}"></script>`).join('\n ');
250
+
251
+ // Build SEO / structured head tags
252
+ let headExtra = meta;
253
+ if (description) {
254
+ headExtra += `\n <meta name="description" content="${_escapeHtml(description)}">`;
255
+ }
256
+ if (head.canonical) {
257
+ headExtra += `\n <link rel="canonical" href="${_escapeHtml(head.canonical)}">`;
258
+ }
259
+ if (head.og) {
260
+ for (const [key, val] of Object.entries(head.og)) {
261
+ headExtra += `\n <meta property="og:${_escapeHtml(key)}" content="${_escapeHtml(String(val))}">`;
262
+ }
263
+ }
264
+
265
+ return `<!DOCTYPE html>
266
+ <html lang="${_escapeHtml(lang)}">
267
+ <head>
268
+ <meta charset="UTF-8">
269
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
270
+ <title>${_escapeHtml(title)}</title>
271
+ ${headExtra}
272
+ ${styleLinks}
273
+ </head>
274
+ <body ${bodyAttrs.replace(/on\w+\s*=/gi, '').replace(/javascript\s*:/gi, '')}>
275
+ <div id="app">${content}</div>
276
+ ${scriptTags}
277
+ </body>
278
+ </html>`;
279
+ }
280
+
281
+ /**
282
+ * Render a component into an existing HTML shell template.
283
+ *
284
+ * Unlike renderPage() which generates a full HTML document from scratch,
285
+ * renderShell() takes your own index.html (with nav, footer, custom markup)
286
+ * and injects the SSR-rendered component body plus metadata into it.
287
+ *
288
+ * Handles:
289
+ * - Component rendering into <z-outlet>
290
+ * - <title> replacement
291
+ * - <meta name="description"> replacement
292
+ * - Open Graph meta tag replacement (og:title, og:description, og:type, etc.)
293
+ * - window.__SSR_DATA__ hydration script injection
294
+ *
295
+ * @param {string} shell - HTML template string (your index.html)
296
+ * @param {object} options
297
+ * @param {string} options.component - registered component name to render
298
+ * @param {object} [options.props] - props passed to the component
299
+ * @param {string} [options.title] - page title (replaces <title>)
300
+ * @param {string} [options.description] - meta description (replaces <meta name="description">)
301
+ * @param {object} [options.og] - Open Graph tags to replace (e.g. { title, description, type, image })
302
+ * @param {any} [options.ssrData] - data to embed as window.__SSR_DATA__ for client hydration
303
+ * @param {object} [options.renderOptions] - options passed to renderToString (hydrate, mode)
304
+ * @returns {Promise<string>} - the shell with SSR content and metadata injected
305
+ */
306
+ async renderShell(shell, options = {}) {
307
+ const {
308
+ component: comp,
309
+ props = {},
310
+ title,
311
+ description,
312
+ og,
313
+ ssrData,
314
+ renderOptions,
315
+ } = options;
316
+
317
+ // Render the component
318
+ let body = '';
319
+ if (comp) {
320
+ try {
321
+ body = await this.renderToString(comp, props, renderOptions);
322
+ } catch (err) {
323
+ reportError(ErrorCode.SSR_PAGE, `renderShell failed for component "${comp}"`, { component: comp }, err);
324
+ body = `<!-- SSR error: ${_escapeHtml(err.message)} -->`;
325
+ }
326
+ }
327
+
328
+ let html = shell;
329
+
330
+ // Inject SSR body into <z-outlet>
331
+ // Use a replacer function to avoid $ substitution patterns in body
332
+ html = html.replace(/(<z-outlet[^>]*>)([\s\S]*?)(<\/z-outlet>)?/, (_, open) => `${open}${body}</z-outlet>`);
333
+
334
+ // Replace <title>
335
+ if (title != null) {
336
+ const safeTitle = _escapeHtml(title);
337
+ html = html.replace(/<title>[^<]*<\/title>/, () => `<title>${safeTitle}</title>`);
338
+ }
339
+
340
+ // Replace <meta name="description">
341
+ if (description != null) {
342
+ const safeDesc = _escapeHtml(description);
343
+ // Permissive: match any <meta ...> whose attributes contain
344
+ // name="description" (any attribute order, single or double quotes,
345
+ // additional attributes, optional self-closing slash, any whitespace).
346
+ const descPattern = /<meta\b[^>]*\bname\s*=\s*["']description["'][^>]*\/?>/i;
347
+ if (descPattern.test(html)) {
348
+ html = html.replace(descPattern, () => `<meta name="description" content="${safeDesc}">`);
349
+ } else {
350
+ html = html.replace('</head>', () => `<meta name="description" content="${safeDesc}">\n</head>`);
351
+ }
352
+ }
353
+
354
+ // Replace Open Graph meta tags
355
+ if (og) {
356
+ for (const [key, value] of Object.entries(og)) {
357
+ // Sanitize key: allow only safe OG property characters (alphanumeric, hyphens, underscores, colons)
358
+ const safeKey = key.replace(/[^a-zA-Z0-9_:\-]/g, '');
359
+ if (!safeKey) continue;
360
+ const escaped = _escapeHtml(String(value));
361
+ // Escape key for use in RegExp to prevent ReDoS
362
+ const escapedKey = safeKey.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
363
+ // Permissive pattern (any attribute order / quoting / extra attrs / self-closing).
364
+ const pattern = new RegExp(`<meta\\b[^>]*\\bproperty\\s*=\\s*["']og:${escapedKey}["'][^>]*\\/?>`, 'i');
365
+ if (pattern.test(html)) {
366
+ html = html.replace(pattern, () => `<meta property="og:${safeKey}" content="${escaped}">`);
367
+ } else {
368
+ // Tag doesn't exist — inject before </head>
369
+ html = html.replace('</head>', () => `<meta property="og:${safeKey}" content="${escaped}">\n</head>`);
370
+ }
371
+ }
372
+ }
373
+
374
+ // Inject hydration data as window.__SSR_DATA__
375
+ if (ssrData !== undefined) {
376
+ // Escape </script> and <!-- sequences to prevent breaking out of the script tag
377
+ const json = JSON.stringify(ssrData).replace(/<\//g, '<\\/').replace(/<!--/g, '<\\!--');
378
+ html = html.replace('</head>', () => `<script>window.__SSR_DATA__=${json};</script>\n</head>`);
379
+ }
380
+
381
+ return html;
382
+ }
383
+ }
384
+
385
+ // ---------------------------------------------------------------------------
386
+ // Public API
387
+ // ---------------------------------------------------------------------------
388
+
389
+ /**
390
+ * Create an SSR application instance.
391
+ * @returns {SSRApp}
392
+ */
393
+ export function createSSRApp() {
394
+ return new SSRApp();
395
+ }
396
+
397
+ /**
398
+ * Quick one-shot render of a component definition to string.
399
+ * @param {object} definition - component definition
400
+ * @param {object} [props] - props
401
+ * @returns {string}
402
+ */
403
+ export function renderToString(definition, props = {}) {
404
+ if (!definition || typeof definition !== 'object') {
405
+ throw new ZQueryError(ErrorCode.SSR_COMPONENT, 'renderToString requires a component definition object');
406
+ }
407
+ const instance = new SSRComponent(definition, props);
408
+ return instance.render();
409
+ }
410
+
411
+ /**
412
+ * Escape HTML entities - exposed for use in SSR templates.
413
+ * @param {string} str
414
+ * @returns {string}
415
+ */
416
+ export function escapeHtml(str) {
417
+ return _escapeHtml(str);
418
+ }
419
+
420
+ // Re-export matchRoute so SSR servers can import from 'zero-query/ssr'
421
+ export { matchRoute } from './router.js';