@anteros/core 0.0.1-alpha.1

package/server/boot.ts

@@ -0,0 +1,101 @@
+
+import { createApp } from './hono'
+import type { ServerConfig } from '../types/config'
+import dayjs from 'dayjs';
+import pkg from '../package.json';
+import boxen from 'boxen';
+import "@colors/colors";
+import { cfg, formatConfig } from './config' // import the config
+import { syncTenants } from '../database/tenant'
+import { syncCollections } from '../database/collection'
+import { syncFileCollections } from '../database/file'
+
+import { loadRoutes } from '../lib/routes'
+import { runScripts } from '../lib/scripts'
+import { io, engineIo, websocket } from './io'
+import { loadServices } from '../lib/services'
+import { loadSockets } from '../lib/sockets'
+import { syncWorkflows } from '../lib/workflow'
+import { loadTenantsMiddlewares } from '../lib/middleware'
+type BootAppOptions = ServerConfig & {
+
+}
+async function bootApp(options: BootAppOptions = {} as BootAppOptions) {
+
+    try {
+
+        // Load required resources
+        //******************************* */
+        options = formatConfig(options);
+        await syncTenants(); // sync tenants and connect to database
+        await syncCollections(); // sync collections and create collections on database
+        await syncFileCollections(); // sync file collections
+        await loadServices(); // load services
+        await loadSockets(); // load websocket handlers
+        await syncWorkflows();
+        await loadTenantsMiddlewares();
+        loadRoutes(); // load routes
+        //******************************* */
+
+
+        const PORT = (cfg.server.port || 4000);
+        const NAME = cfg.server.name || process.env.APP_NAME || 'SERVER';
+        const useClusterMode = cfg.clusterMode || false;
+        const env = process.env.NODE_ENV || Bun.env.NODE_ENV || 'dev';
+
+
+        const app = createApp();
+
+        const server = Bun.serve({
+            port: PORT,
+            reusePort: useClusterMode,
+            fetch: (req, server) => {
+                const url = new URL(req.url);
+
+                if (url.pathname === "/socket.io/") {
+                    return engineIo.handleRequest(req, server);
+                } else {
+                    return app.fetch(req, server);
+                }
+
+            },
+            websocket: websocket,
+            maxRequestBodySize: 1024 * 1024 * 100, // 100MB
+        })
+
+        let box = '';
+        box += `${NAME}`.gray.underline + ` (PID: ${process.pid})\n\n`
+        box += `Env: ${env || 'dev'}`.green.bold + '\n'
+        box += `Cluster mode: ${useClusterMode ? 'On'.green.bold : 'Off'.red.bold}\n`.gray.bold
+        box += `Url: http://localhost:${PORT}`.gray.bold;
+        box += '\n\n';
+        box += `Last boot: 🔄 ${dayjs().format('YYYY-MM-DD HH:mm:ss')}`.gray;
+
+        console.log(boxen(box, {
+            title: ` @anteros/core ${pkg.version}`,
+            padding: 1,
+            float: 'left',
+            borderColor: 'gray',
+            titleAlignment: 'center',
+            borderStyle: 'double',
+            textAlignment: 'left',
+            dimBorder: true
+        }))
+
+
+        // After boot and App ready.
+        setTimeout(() => {
+            runScripts().catch(); // run scripts
+
+        }, 150);
+
+        return server;
+    } catch (err: any) {
+        console.error('Failed to boot server', err?.message);
+        process.exit(1);
+    }
+}
+
+export {
+    bootApp
+}

package/server/config.ts

@@ -0,0 +1,107 @@
+import type { ServerConfig, Config } from "../types/config"
+import path from "path"
+import pkg from '../package.json';
+import { cleanDeep } from "../utils/func";
+const cfg: Config = { // app Config
+
+    server: {
+        port: 4000,
+    },
+    tenants: []
+}
+
+
+
+
+function formatConfig(config: ServerConfig) { // format the config
+
+    cfg.clusterMode = config.clusterMode ?? true;
+    cfg.server = {
+        ...cfg.server,
+        ...config.server,
+    }
+    cfg.version = config.version;
+    cfg.tenants = config.tenants ?? [];
+    return cfg;
+}
+
+async function loadAppConfig(serverConfig: ServerConfig) {
+    try {
+        /* const PKG =
+            await import(path.resolve(process.cwd(), 'package.json')); */
+        formatConfig({
+            ...serverConfig,
+            version: pkg.version,
+        });
+    } catch (err: any) {
+        console.error('Error loading app config', err?.message);
+    }
+}
+
+
+
+function safePublicConfig() {
+    return cleanDeep({
+        tenants: (cfg.tenants ?? []).map(t => ({
+            id: t.id,
+            name: t.name ?? t.id,
+        })),
+        collections: (cfg.collections ?? []).map(c => ({
+            _tenant_: c._tenant_,
+            slug: c.slug,
+            type: c.type,
+            actions: [
+                'insertOne', 'insertMany', 'updateOne', 'updateMany',
+                'deleteOne', 'deleteMany', 'findOne', 'find',
+                'findOneAndUpdate', 'aggregate',
+                ...Object.keys(c.actions ?? {}),
+            ],
+            fields: (c.fields ?? []).map(f => ({
+                name: f.name,
+                type: f.type,
+                description: f.description,
+                required: f.required,
+                nullable: f.nullable,
+                empty: f.empty,
+                relation: f.relation,
+                enumOptions: f.enumOptions,
+                randomOptions: f.randomOptions,
+                defaultValue: f.defaultValue,
+                studio: f.studio,
+            })),
+            readOnlyFields: c.api?.readOnlyFields,
+            studio: c.studio,
+        })),
+        services: (cfg.services ?? []).map(s => ({
+            _tenant_: s._tenant_,
+            name: s.name,
+            enabled: s.enabled,
+            actions: Object.keys(s.actions ?? {}),
+        })),
+        fileCollections: (cfg.fileCollections ?? []).map(fc => ({
+            _tenant_: fc._tenant_,
+            slug: fc.slug,
+            fields: (fc.fields ?? []).map(f => ({
+                name: f.name,
+                type: f.type,
+                description: f.description,
+                required: f.required,
+                nullable: f.nullable,
+                empty: f.empty,
+                relation: f.relation,
+                enumOptions: f.enumOptions,
+                randomOptions: f.randomOptions,
+                defaultValue: f.defaultValue,
+                studio: f.studio,
+            })),
+            readOnlyFields: fc.api?.readOnlyFields,
+        })),
+    })
+}
+
+export {
+    formatConfig,
+    cfg,
+    loadAppConfig,
+    safePublicConfig
+}

package/server/env.ts

@@ -0,0 +1,16 @@
+/**
+ * Hono context variables shared by middleware and route handlers.
+ */
+export type HonoVariables = {
+    /** Present when `Authorization: Bearer <jwt>` was sent and verification succeeded. */
+    token?: {
+        /** Raw JWT string from the `Authorization` header. */
+        value: string | null;
+        /** Verified payload (claims). */
+        decoded: Record<string, unknown> | null;
+        /** Whether a token was provided in the Authorization header */
+        provided: boolean;
+        /** Whether the token is expired */
+        expired: boolean;
+    };
+};

package/server/hono.ts

@@ -0,0 +1,176 @@
+import { Hono } from "hono";
+import { cors } from "hono/cors"
+import { compress } from 'hono/compress'
+import { ipRestriction } from "hono/ip-restriction"
+import { bodyLimit } from "hono/body-limit"
+import { secureHeaders } from "hono/secure-headers"
+import { getConnInfo } from "hono/bun"
+import { cfg } from "./config"
+import { rateLimit } from "./security"
+import { initializeRoutes } from "./routes";
+import { sessionCtxStorage, asyncContextStorage, requestCtxStorage } from "../lib/asyncContextStorage";
+import { initializeApi } from "./api";
+import { getGlobalMiddlewares } from "../lib/middleware";
+import { jwt } from "../utils/func";
+import { AppError } from "../lib/error";
+import type { HonoVariables } from "./env";
+
+const app = new Hono<{ Variables: HonoVariables }>();
+function createApp(): Hono<{ Variables: HonoVariables }> {
+    const allowHeaders = [
+        "Tenant-Id",
+        "Content-Type",
+        "Authorization",
+        "Accept",
+        "Origin",
+        "X-Requested-With",
+        "Access-Control-Request-Method",
+        "Access-Control-Request-Headers",
+        "CF-Connecting-IP",
+        "True-Client-IP",
+        "X-Forwarded-For",
+        "Cookie",
+        "X-Forwarded-Host",
+        ...(cfg.server.cors?.allowHeaders as string[] || []),
+    ]
+    const allowMethods = [
+        "GET",
+        "POST",
+        "PUT",
+        "DELETE",
+        "OPTIONS",
+        "PATCH",
+        "HEAD",
+        ...(cfg.server.cors?.allowMethods as string[] || []),
+    ]
+    // cors
+    const corsOrigin = cfg.server.cors?.origin as string[] | undefined;
+    const corsCredentials = cfg.server.cors?.credentials as boolean | undefined ?? false;
+
+    if (corsCredentials && (!corsOrigin || corsOrigin.includes('*'))) {
+        throw new Error(
+            'CORS misconfiguration: credentials: true is incompatible with origin: *. '
+            + 'Set explicit origins in cfg.server.cors.origin.'
+        );
+    }
+
+
+
+    app.use(cors({
+        origin: corsOrigin || ['*'],
+        credentials: corsCredentials,
+        allowMethods: allowMethods,
+        allowHeaders: allowHeaders,
+    }));
+
+    // compress
+    app.use(compress());
+
+    // ip restriction
+    app.use(ipRestriction(getConnInfo, {
+        denyList: cfg.server?.ipRestriction?.denyList || [],
+        allowList: cfg.server?.ipRestriction?.allowList || [],
+    }))
+
+    // security headers
+    app.use(secureHeaders({
+        strictTransportSecurity: true,
+        xFrameOptions: true,
+        xContentTypeOptions: true,
+        xXssProtection: true,
+        referrerPolicy: true,
+        removePoweredBy: true,
+    }))
+
+
+    // body limit
+    app.use(bodyLimit({
+        maxSize: cfg.server.body?.maxSize ?? 1024 * 1024 * 100, // 100MB
+    }));
+
+
+
+    // rate limiting (global)
+    if (cfg.server.rateLimit?.enabled !== false) {
+        app.use('*', rateLimit({
+            windowMs: cfg.server.rateLimit?.windowMs ?? 60_000,
+            max: cfg.server.rateLimit?.max ?? 100,
+        }));
+
+        // stricter limit for login endpoints
+        app.use('/api/*/login', rateLimit({
+            windowMs: cfg.server.rateLimit?.login?.windowMs ?? 60_000,
+            max: cfg.server.rateLimit?.login?.max ?? 10,
+        }));
+    }
+
+    //  async Context Storage
+    app.use(async (c, next) => {
+        return asyncContextStorage.run(new Map(), async () => {
+            const traceId = crypto.randomUUID();
+            const connInfo = getConnInfo(c);
+            requestCtxStorage.set('trace', { id: traceId });
+            requestCtxStorage.set('internal', false);
+
+
+
+            requestCtxStorage.set('meta', {
+                request: {
+                    ip: connInfo.remote.address ?? c.req.header('CF-Connecting-IP') ?? c.req.header('True-Client-IP') ?? c.req.header('X-Forwarded-For') ?? 'unknown',
+                    user_agent: c.req.header('User-Agent') ?? '',
+                    headers: c.req.header(),
+                    method: c.req.method,
+                    path: c.req.path,
+                    query: c.req.query(),
+                },
+                environment: Bun.env.NODE_ENV || process.env.NODE_ENV || 'dev',
+                hostname: Bun.env.HOSTNAME || process.env.HOSTNAME || 'localhost',
+                platform: Bun.env.PLATFORM || process.env.PLATFORM || 'unknown',
+            })
+            const bearer = c.req.header('Authorization')?.replace('Bearer ', '');
+            if (bearer) {
+                const { value, error } = await jwt.verify(bearer);
+                const isValid = !error && value != null;
+                const isExpired = !!error && error.toLowerCase().includes('exp');
+
+                const tokenData = {
+                    value: bearer,
+                    decoded: isValid ? (value as Record<string, unknown>) : null,
+                    provided: true,
+                    expired: isExpired || (value != null && typeof (value as any)?.exp === 'number' && (value as any).exp * 1000 < Date.now()),
+                };
+
+                requestCtxStorage.set('token', tokenData);
+                c.set('token', tokenData);
+            } else {
+                const emptyToken = { value: null, decoded: null, provided: false, expired: false };
+                requestCtxStorage.set('token', emptyToken);
+                c.set('token', emptyToken);
+            }
+
+            return await next();
+        })
+    })
+
+    // Global user-defined middlewares — has access to requestCtxStorage, asyncContextStorage, etc.
+    for (const mw of getGlobalMiddlewares()) {
+        app.use(mw.handler);
+    }
+
+    // initialize routes
+    initializeRoutes(app);
+
+    // initialize api
+    initializeApi(app);
+
+
+    return app;
+}
+
+
+
+
+export {
+    createApp,
+    app
+}

package/server/io.ts

@@ -0,0 +1,15 @@
+import { Server as Engine } from "@socket.io/bun-engine";
+import { Server } from "socket.io";
+
+const io = new Server();
+const engineIo = new Engine();
+io.bind(engineIo);
+const { websocket } = engineIo.handler()
+
+
+
+export {
+    io,
+    engineIo,
+    websocket
+}

package/server/routes.ts

@@ -0,0 +1,48 @@
+import type { Hono } from "hono";
+import { cfg } from "./config";
+import path from "path";
+import { jwt } from "../utils/func";
+import { useRest } from "../database/rest";
+import { io } from "./io";
+import type { HonoVariables } from "./env";
+
+function initializeRoutes(app: Hono<{ Variables: HonoVariables }>) {
+    for (let route of cfg.routes ?? []) {
+        if (route._prefix_) {
+            let method = route.method.toLocaleLowerCase();
+            let routePath = path.posix.join(route._prefix_, route.path);
+
+            if (route.method == "GET") {
+                app.get(routePath, async (c) => { //
+                    return route.handler({
+                        c,
+                        rest: new useRest({
+                            tenant_id: route._tenant_,
+                        }),
+                        jwt: jwt,
+                        io: io,
+                    });
+                });
+            }
+
+            if (route.method == 'POST') {
+                app.post(routePath, async (c) => {
+                    return route.handler({
+                        c,
+                        rest: new useRest({
+                            tenant_id: route._tenant_,
+                        }),
+                        jwt: jwt,
+                        io: io,
+                    });
+                });
+            }
+        }
+    }
+
+}
+
+
+export {
+    initializeRoutes
+}

package/server/security.ts

@@ -0,0 +1,138 @@
+import type { Context } from "hono";
+import { getConnInfo } from "hono/bun";
+
+// ─── Types ───────────────────────────────────────────────────────────────────
+
+export type RateLimitStore = {
+  increment(key: string, windowMs: number): Promise<{ count: number; resetAt: number }>;
+};
+
+export type RateLimitOptions = {
+  windowMs?: number;
+  max?: number;
+  message?: string;
+  code?: string;
+  statusCode?: number;
+  keyGenerator?: (c: Context) => string | Promise<string>;
+  store?: RateLimitStore;
+};
+
+export type RedisClient = {
+  incr(key: string): Promise<number>;
+  pexpire(key: string, ms: number): Promise<number>;
+  pttl(key: string): Promise<number>;
+};
+
+// ─── In-Memory Store ─────────────────────────────────────────────────────────
+
+interface MemoryEntry {
+  count: number;
+  resetAt: number;
+}
+
+export function createMemoryStore(cleanupIntervalMs = 60000): RateLimitStore & { dispose(): void } {
+  const store = new Map<string, MemoryEntry>();
+  let cleanupTimer: ReturnType<typeof setInterval> | null = null;
+
+  const cleanup = () => {
+    const now = Date.now();
+    for (const [key, entry] of store) {
+      if (entry.resetAt <= now) {
+        store.delete(key);
+      }
+    }
+  };
+
+  cleanupTimer = setInterval(cleanup, cleanupIntervalMs);
+  if (cleanupTimer && typeof cleanupTimer === "object" && "unref" in cleanupTimer) {
+    (cleanupTimer as any).unref();
+  }
+
+  return {
+    async increment(key: string, windowMs: number) {
+      const now = Date.now();
+      const entry = store.get(key);
+
+      if (!entry || entry.resetAt <= now) {
+        const resetAt = now + windowMs;
+        store.set(key, { count: 1, resetAt });
+        return { count: 1, resetAt };
+      }
+
+      entry.count += 1;
+      return { count: entry.count, resetAt: entry.resetAt };
+    },
+
+    dispose() {
+      if (cleanupTimer) {
+        clearInterval(cleanupTimer);
+        cleanupTimer = null;
+      }
+      store.clear();
+    },
+  };
+}
+
+// ─── Redis Store ─────────────────────────────────────────────────────────────
+
+export function createRedisStore(redis: RedisClient): RateLimitStore {
+  return {
+    async increment(key: string, windowMs: number) {
+      const count = await redis.incr(key);
+
+      // First increment in this window – set the expiry
+      if (count === 1) {
+        await redis.pexpire(key, windowMs);
+      }
+
+      const ttl = await redis.pttl(key);
+      const resetAt = Date.now() + Math.max(0, ttl);
+
+      return { count, resetAt };
+    },
+  };
+}
+
+// ─── Default key generator ───────────────────────────────────────────────────
+
+function defaultKeyGenerator(c: Context): string {
+  const connInfo = getConnInfo(c);
+  const ip =
+    connInfo.remote.address ??
+    c.req.header("CF-Connecting-IP") ??
+    c.req.header("True-Client-IP") ??
+    c.req.header("X-Forwarded-For") ??
+    "unknown";
+
+  return `rn:rl:${ip}`;
+}
+
+// ─── Middleware ──────────────────────────────────────────────────────────────
+
+export function rateLimit(opts: RateLimitOptions = {}) {
+  const windowMs = opts.windowMs ?? 60_000;
+  const max = opts.max ?? 60;
+  const message = opts.message ?? "Too many requests, please try again later";
+  const code = opts.code ?? "RATE_LIMIT_EXCEEDED";
+  const statusCode = opts.statusCode ?? 429;
+  const keyGenerator = opts.keyGenerator ?? defaultKeyGenerator;
+  const store = opts.store ?? createMemoryStore();
+
+  return async (c: Context, next: () => Promise<void>): Promise<Response | void> => {
+    const key = await keyGenerator(c);
+    const { count, resetAt } = await store.increment(key, windowMs);
+    const remaining = Math.max(0, max - count);
+
+    c.header("X-RateLimit-Limit", String(max));
+    c.header("X-RateLimit-Remaining", String(remaining));
+    c.header("X-RateLimit-Reset", String(Math.ceil(resetAt / 1000)));
+
+    if (count > max) {
+      const retryAfter = Math.ceil((resetAt - Date.now()) / 1000);
+      c.header("Retry-After", String(retryAfter));
+      return c.json({ message, code }, statusCode as any);
+    }
+
+    await next();
+  };
+}