Pode v2.13.0-alpha.3

.github/workflows/ci-powershell.yml

@@ -51,8 +51,18 @@ jobs:
     - name: Run Pester Tests
       shell: powershell
       run: |
-        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-        Invoke-Build Test
+        # Check if the runner is in debug mode
+        if ($env:RUNNER_DEBUG -eq '1') {
+            $debug = $true
+        } else {
+            $debug = $false
+        }
+
+        if ($debug) {
+            Invoke-Build Test -PesterVerbosity Diagnostic
+        } else {
+            Invoke-Build Test
+        }
 
     - name: Build Packages
       shell: powershell

.github/workflows/ci-pwsh7_5.yml

@@ -72,7 +72,18 @@ jobs:
     - name: Run Pester Tests
       shell: pwsh
       run: |
-        Invoke-Build Test
+        # Check if the runner is in debug mode
+        if ($env:RUNNER_DEBUG -eq '1') {
+            $debug = $true
+        } else {
+            $debug = $false
+        }
+
+        if ($debug) {
+            Invoke-Build Test -PesterVerbosity Diagnostic
+        } else {
+            Invoke-Build Test
+        }
 
     - name: Build Packages
       shell: pwsh

.github/workflows/ci-pwsh_lts.yml

@@ -71,7 +71,18 @@ jobs:
     - name: Run Pester Tests
       shell: pwsh
       run: |
-        Invoke-Build Test
+        # Check if the runner is in debug mode
+        if ($env:RUNNER_DEBUG -eq '1') {
+            $debug = $true
+        } else {
+            $debug = $false
+        }
+
+        if ($debug) {
+            Invoke-Build Test -PesterVerbosity Diagnostic
+        } else {
+            Invoke-Build Test
+        }
 
     - name: Build Packages
       shell: pwsh

.github/workflows/ci-pwsh_preview.yml

@@ -71,7 +71,18 @@ jobs:
     - name: Run Pester Tests
       shell: pwsh
       run: |
-        Invoke-Build Test
+        # Check if the runner is in debug mode
+        if ($env:RUNNER_DEBUG -eq '1') {
+            $debug = $true
+        } else {
+            $debug = $false
+        }
+
+        if ($debug) {
+            Invoke-Build Test -PesterVerbosity Diagnostic
+        } else {
+            Invoke-Build Test
+        }
 
     - name: Build Packages
       shell: pwsh

.gitignore

@@ -8,6 +8,7 @@ docs/[Ff]unctions/
 examples/state.json
 examples/issue-*
 examples/issues/
+examples/State/
 pkg/
 deliverable/
 .vs/
@@ -266,6 +267,13 @@ examples/PetStore/data/PetData.json
 packers/choco/pode.nuspec
 packers/choco/tools/ChocolateyInstall.ps1
 docs/Getting-Started/Samples.md
+examples/HelloService/*_svcsettings.json
+examples/HelloService/svc_settings
 
 # Dump Folder
 Dump
+examples/certs/*-public.pem
+examples/certs/*-private.pem
+tests/certs/*
+/examples/certs
+examples/Authentication/certs/*

.vscode/settings.json

@@ -38,5 +38,13 @@
     "javascript.format.insertSpaceBeforeFunctionParenthesis": false,
     "[yaml]": {
         "editor.tabSize": 2
+    },
+    "markdownlint.config": {
+        "default": true,
+        "MD045": false,
+        "MD033": false,
+        "MD026": {
+            "punctuation": ".,;:"
+        }
     }
 }

Pode.sln

@@ -7,6 +7,8 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{41F81369-868
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Pode", "src\Listener\Pode.csproj", "{772D5C9F-1B25-46A7-8977-412A5F7F77D1}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PodeMonitor", "src\PodeMonitor\PodeMonitor.csproj", "{A927D6A5-A2AC-471A-9ABA-45916B597EB6}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU

README.md

@@ -1,6 +1,6 @@
-<p align="center">
+<h1 align="center">
     <img src="https://github.com/Badgerati/Pode/raw/develop/images/icon-new.svg?raw=true" width="250" />
-</p>
+</h1>
 
 [![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)](https://raw.githubusercontent.com/Badgerati/Pode/master/LICENSE.txt)
 [![Documentation](https://img.shields.io/github/v/release/badgerati/pode?label=docs&logo=readthedocs&logoColor=white)](https://badgerati.github.io/Pode)
@@ -53,36 +53,37 @@ Then navigate to `http://127.0.0.1:8000` in your browser.
 
 ## 🚀 Features
 
-* Cross-platform using PowerShell Core (with support for PS5)
-* Docker support, including images for ARM/Raspberry Pi
-* Azure Functions, AWS Lambda, and IIS support
-* OpenAPI specification version 3.0.x and 3.1.0
-* OpenAPI documentation with Swagger, Redoc, RapidDoc, StopLight, OpenAPI-Explorer and RapiPdf
-* Listen on a single or multiple IP(v4/v6) address/hostnames
-* Cross-platform support for HTTP(S), WS(S), SSE, SMTP(S), and TCP(S)
-* Host REST APIs, Web Pages, and Static Content (with caching)
-* Support for custom error pages
-* Request and Response compression using GZip/Deflate
-* Multi-thread support for incoming requests
-* Inbuilt template engine, with support for third-parties
-* Async timers for short-running repeatable processes
-* Async scheduled tasks using cron expressions for short/long-running processes
-* Supports logging to CLI, Files, and custom logic for other services like LogStash
-* Cross-state variable access across multiple runspaces
-* Restart the server via file monitoring, or defined periods/times
-* Ability to allow/deny requests from certain IP addresses and subnets
-* Basic rate limiting for IP addresses and subnets
-* Middleware and Sessions on web servers, with Flash message and CSRF support
-* Authentication on requests, such as Basic, Windows and Azure AD
-* Authorisation support on requests, using Roles, Groups, Scopes, etc.
-* Support for dynamically building Routes from Functions and Modules
-* Generate/bind self-signed certificates
-* Secret management support to load secrets from vaults
-* Support for File Watchers
-* In-memory caching, with optional support for external providers (such as Redis)
-* (Windows) Open the hosted server as a desktop application
-* FileBrowsing support
-* Localization (i18n) in Arabic, German, Spanish, France, Italian, Japanese, Korean, Polish, Portuguese, and Chinese
+- ✅ Cross-platform using PowerShell Core (with support for PS5)
+- ✅ Docker support, including images for ARM/Raspberry Pi
+- ✅ Azure Functions, AWS Lambda, and IIS support
+- ✅ OpenAPI specification version 3.0.x and 3.1.0
+- ✅ OpenAPI documentation with Swagger, Redoc, RapidDoc, StopLight, OpenAPI-Explorer and RapiPdf
+- ✅ Listen on a single or multiple IP(v4/v6) addresses/hostnames
+- ✅ Cross-platform support for HTTP(S), WS(S), SSE, SMTP(S), and TCP(S)
+- ✅ Host REST APIs, Web Pages, and Static Content (with caching)
+- ✅ Support for custom error pages
+- ✅ Request and Response compression using GZip/Deflate
+- ✅ Multi-thread support for incoming requests
+- ✅ Inbuilt template engine, with support for third-parties
+- ✅ Async timers for short-running repeatable processes
+- ✅ Async scheduled tasks using cron expressions for short/long-running processes
+- ✅ Supports logging to CLI, Files, and custom logic for other services like LogStash
+- ✅ Cross-state variable access across multiple runspaces
+- ✅ Restart the server via file monitoring, or defined periods/times
+- ✅ Ability to allow/deny requests from certain IP addresses and subnets
+- ✅ Basic rate limiting for IP addresses and subnets
+- ✅ Middleware and Sessions on web servers, with Flash message and CSRF support
+- ✅ Authentication on requests, such as Basic, Windows and Azure AD
+- ✅ Authorisation support on requests, using Roles, Groups, Scopes, etc.
+- ✅ Enhanced authentication support, including Basic, Bearer (with JWT), Certificate, Digest, Form, OAuth2, and ApiKey (with JWT).
+- ✅ Support for dynamically building Routes from Functions and Modules
+- ✅ Generate/bind self-signed certificates
+- ✅ Secret management support to load secrets from vaults
+- ✅ Support for File Watchers
+- ✅ In-memory caching, with optional support for external providers (such as Redis)
+- ✅ (Windows) Open the hosted server as a desktop application
+- ✅ FileBrowsing support
+- ✅ Localization (i18n) in Arabic, German, Spanish, France, Italian, Japanese, Korean, Polish, Portuguese,Dutch and Chinese
 
 ## 📦 Install
 

Version.json

@@ -0,0 +1,4 @@
+{
+    "Version": "2.13.0",
+    "Prerelease": "alpha.3"
+}

docs/Getting-Started/Migrating/0X-to-1X.md

@@ -154,7 +154,7 @@ Request and Error logging are inbuilt logging types that can be enabled using [`
 | [`Disable-PodeRequestLogging`](../../../Functions/Logging/Disable-PodeRequestLogging) |
 | [`Disable-PodeErrorLogging`](../../../Functions/Logging/Disable-PodeErrorLogging) |
 | [`Remove-PodeLogger`](../../../Functions/Logging/Remove-PodeLogger) |
-| [`Clear-PodeLoggers`](../../../Functions/Logging/Clear-PodeLoggers) |
+| [`Clear-PodeLogger`](../../../Functions/Logging/Clear-PodeLogger) |
 
 ### Writing Logs
 

docs/Hosting/PortsBelow1024.md

@@ -0,0 +1,55 @@
+# Using Ports Below 1024
+
+#### Introduction
+
+Traditionally in Linux, binding to ports below 1024 requires root privileges. This is a security measure, as these low-numbered ports are considered privileged. However, running applications as the root user poses significant security risks. This article explores methods to use these privileged ports with PowerShell (`pwsh`) in Linux, without running it as the root user.
+There are different methods to achieve the goals.
+Reverse Proxy is the right approach for a production environment, primarily if the server is connected directly to the internet.
+The other solutions are reasonable after an in-depth risk analysis.
+
+#### Using a Reverse Proxy
+
+A reverse proxy like Nginx can listen on the privileged port and forward requests to your application running on an unprivileged port.
+
+**Configuration:**
+
+* Configure Nginx to listen on port 443 and forward requests to the port where your PowerShell script is listening.
+* This method is widely used in web applications for its additional benefits like load balancing and SSL termination.
+
+#### iptables Redirection
+
+Using iptables, you can redirect traffic from a privileged port to a higher, unprivileged port.
+
+**Implementation:**
+
+* Set up an iptables rule to redirect traffic from, say, port 443 to a higher port where your PowerShell script is listening.
+* `sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8080`
+
+**Benefits:**
+
+* This approach doesn't require changing the privileges of the PowerShell executable or script.
+
+#### Using `setcap` Command
+
+The `setcap` utility can grant specific capabilities to an executable, like `pwsh`, enabling it to bind to privileged ports.
+
+**How it Works:**
+
+* Run `sudo setcap 'cap_net_bind_service=+ep' $(which pwsh)`. This command sets the `CAP_NET_BIND_SERVICE` capability on the PowerShell executable, allowing it to bind to any port below 1024.
+
+**Security Consideration:**
+
+* This method enhances security by avoiding running PowerShell as root, but it still grants significant privileges to the PowerShell process.
+
+#### Utilizing Authbind
+
+Authbind is a tool that allows a non-root user to bind to privileged ports.
+
+**Setup:**
+
+* Install Authbind, configure it to allow the desired port, and then start your PowerShell script using Authbind.
+* For instance, `authbind --deep pwsh yourscript.ps1` allows the script to bind to a privileged port.
+
+**Advantages:**
+
+* It provides a finer-grained control over port access and doesn't require setting special capabilities on the PowerShell binary itself.