@arcote.tech/arc-host 0.1.11 → 0.3.1

package/src/arc-host.ts

@@ -0,0 +1,646 @@
+import { liveQuery } from "@arcote.tech/arc";
+import type { Server, ServerWebSocket } from "bun";
+import jwt from "jsonwebtoken";
+import { ConnectionManager } from "./connection-manager";
+import { ContextHandler } from "./context-handler";
+import { filterEventsForToken } from "./event-auth";
+import type {
+  ArcHostConfig,
+  ClientToHostMessage,
+  HostToClientMessage,
+  TokenPayload,
+} from "./types";
+
+type WebSocketData = {
+  clientId: string;
+  token: TokenPayload | null;
+  rawToken: string | null;
+};
+
+/**
+ * Active SSE stream connection
+ */
+interface StreamConnection {
+  id: string;
+  controller: ReadableStreamDefaultController<Uint8Array>;
+  unsubscribe: () => void;
+}
+
+/**
+ * Arc Host - WebSocket server for real-time event sync
+ */
+export class ArcHost {
+  private server!: Server<WebSocketData>;
+  private connectionManager = new ConnectionManager();
+  private contextHandler!: ContextHandler;
+  private streamConnections = new Map<string, StreamConnection>();
+  private jwtSecret: string;
+  private port: number;
+  private streamIdCounter = 0;
+
+  constructor(private config: ArcHostConfig) {
+    this.jwtSecret =
+      config.jwtSecret ||
+      process.env.JWT_SECRET ||
+      "arc-host-secret-change-in-production";
+    this.port = config.port || 5005;
+  }
+
+  /**
+   * Start the host server
+   */
+  async start(): Promise<void> {
+    // Initialize context handler
+    const dbAdapter = this.config.dbAdapterFactory(this.config.context);
+    this.contextHandler = new ContextHandler(this.config.context, dbAdapter);
+    await this.contextHandler.init();
+
+    this.setupServer();
+  }
+
+  /**
+   * Verify JWT token
+   * Supports both standard JWT (jsonwebtoken) and Arc's custom JWT format
+   */
+  private verifyToken(token: string): TokenPayload | null {
+    try {
+      // Try standard JWT first
+      const decoded = jwt.verify(token, this.jwtSecret) as any;
+
+      // Handle Arc's custom JWT format (tokenName -> tokenType)
+      if (decoded.tokenName && !decoded.tokenType) {
+        return {
+          tokenType: decoded.tokenName,
+          params: decoded.params || {},
+          iat: decoded.iat,
+          exp: decoded.exp,
+        };
+      }
+
+      return decoded as TokenPayload;
+    } catch {
+      // Try Arc's custom JWT format (base64 encoded, custom signature)
+      try {
+        const parts = token.split(".");
+        if (parts.length !== 3) return null;
+
+        const payload = JSON.parse(atob(parts[1]));
+
+        // TODO: Verify signature with context's token secret
+        // For now, just decode and trust (signature verification should be added)
+
+        return {
+          tokenType: payload.tokenName,
+          params: payload.params || {},
+          iat: payload.iat,
+          exp: payload.exp,
+        };
+      } catch {
+        return null;
+      }
+    }
+  }
+
+  /**
+   * Handle WebSocket message
+   */
+  private async handleMessage(
+    ws: ServerWebSocket<WebSocketData>,
+    message: ClientToHostMessage,
+  ): Promise<void> {
+    const client = this.connectionManager.getClientByWs(ws);
+    if (!client) {
+      this.sendError(ws, "Client not found");
+      return;
+    }
+
+    switch (message.type) {
+      case "sync-events":
+        await this.handleSyncEvents(client.id, message, client.token);
+        break;
+
+      case "request-sync":
+        await this.handleRequestSync(client.id, message, client.token);
+        break;
+
+      case "execute-command":
+        await this.handleExecuteCommand(client.id, message, client.rawToken);
+        break;
+
+      default:
+        this.sendError(ws, `Unknown message type: ${(message as any).type}`);
+    }
+  }
+
+  /**
+   * Handle sync-events message
+   */
+  private async handleSyncEvents(
+    clientId: string,
+    message: Extract<ClientToHostMessage, { type: "sync-events" }>,
+    token: TokenPayload | null,
+  ): Promise<void> {
+    // Persist events
+    const persistedEvents = await this.contextHandler.persistEvents(
+      message.events,
+      clientId,
+      token,
+    );
+
+    if (persistedEvents.length === 0) {
+      return;
+    }
+
+    // Broadcast to other authorized clients
+    const clients = this.connectionManager.getAllClients();
+
+    for (const client of clients) {
+      if (client.id === clientId) continue;
+
+      // Filter events for this client's token
+      const authorizedEvents = filterEventsForToken(
+        client.token,
+        persistedEvents,
+        this.contextHandler.getEventDefinitions(),
+      );
+
+      if (authorizedEvents.length > 0) {
+        this.connectionManager.sendToClient(client.id, {
+          type: "events",
+          events: authorizedEvents,
+        });
+      }
+    }
+
+    // Update sender's last synced ID
+    const lastEvent = persistedEvents[persistedEvents.length - 1];
+    this.connectionManager.updateLastSyncedEventId(clientId, lastEvent.hostId);
+
+    // Confirm sync to sender
+    this.connectionManager.sendToClient(clientId, {
+      type: "sync-complete",
+      lastHostEventId: lastEvent.hostId,
+    });
+  }
+
+  /**
+   * Handle request-sync message (initial sync or catch-up)
+   */
+  private async handleRequestSync(
+    clientId: string,
+    message: Extract<ClientToHostMessage, { type: "request-sync" }>,
+    token: TokenPayload | null,
+  ): Promise<void> {
+    const events = await this.contextHandler.getEventsSince(
+      message.lastHostEventId,
+      token,
+    );
+
+    this.connectionManager.sendToClient(clientId, {
+      type: "events",
+      events,
+    });
+
+    if (events.length > 0) {
+      const lastEvent = events[events.length - 1];
+      this.connectionManager.updateLastSyncedEventId(
+        clientId,
+        lastEvent.hostId,
+      );
+
+      this.connectionManager.sendToClient(clientId, {
+        type: "sync-complete",
+        lastHostEventId: lastEvent.hostId,
+      });
+    } else {
+      this.connectionManager.sendToClient(clientId, {
+        type: "sync-complete",
+        lastHostEventId: message.lastHostEventId || "",
+      });
+    }
+  }
+
+  /**
+   * Handle execute-command message
+   */
+  private async handleExecuteCommand(
+    clientId: string,
+    message: Extract<ClientToHostMessage, { type: "execute-command" }>,
+    rawToken: string | null,
+  ): Promise<void> {
+    try {
+      const result = await this.contextHandler.executeCommand(
+        message.commandName,
+        message.params,
+        rawToken,
+      );
+
+      this.connectionManager.sendToClient(clientId, {
+        type: "command-result",
+        requestId: message.requestId,
+        result,
+      });
+    } catch (error) {
+      this.connectionManager.sendToClient(clientId, {
+        type: "command-result",
+        requestId: message.requestId,
+        error: (error as Error).message,
+      });
+    }
+  }
+
+  /**
+   * Send error to WebSocket
+   */
+  private sendError(ws: ServerWebSocket<WebSocketData>, message: string): void {
+    ws.send(JSON.stringify({ type: "error", message } as HostToClientMessage));
+  }
+
+  /**
+   * Setup Bun server
+   */
+  private setupServer(): void {
+    const self = this;
+
+    this.server = Bun.serve<WebSocketData>({
+      port: this.port,
+
+      fetch(req, server) {
+        const url = new URL(req.url);
+
+        // CORS headers
+        const corsHeaders = {
+          "Access-Control-Allow-Origin": "*",
+          "Access-Control-Allow-Methods": "GET, POST, OPTIONS",
+          "Access-Control-Allow-Headers": "Content-Type, Authorization",
+        };
+
+        // Handle preflight
+        if (req.method === "OPTIONS") {
+          return new Response(null, { headers: corsHeaders });
+        }
+
+        // Extract token
+        const authHeader = req.headers.get("Authorization");
+        const token =
+          authHeader?.replace("Bearer ", "") || url.searchParams.get("token");
+
+        // Verify token
+        let tokenPayload: TokenPayload | null = null;
+        if (token) {
+          tokenPayload = self.verifyToken(token);
+        }
+
+        // WebSocket upgrade for /ws
+        if (
+          url.pathname === "/ws" &&
+          req.headers.get("Upgrade") === "websocket"
+        ) {
+          // Pass token to WebSocket data
+          if (
+            server.upgrade(req, {
+              data: {
+                clientId: "",
+                token: tokenPayload,
+                rawToken: token,
+              },
+            })
+          ) {
+            // Connection will be set up in websocket.open
+            return undefined;
+          }
+          return new Response("WebSocket upgrade failed", {
+            status: 500,
+            headers: corsHeaders,
+          });
+        }
+
+        // Health check
+        if (url.pathname === "/health") {
+          return new Response(
+            JSON.stringify({
+              status: "ok",
+              clients: self.connectionManager.clientCount,
+            }),
+            {
+              headers: { ...corsHeaders, "Content-Type": "application/json" },
+            },
+          );
+        }
+
+        // HTTP command endpoint: POST /command/:commandName
+        if (url.pathname.startsWith("/command/") && req.method === "POST") {
+          return self.handleHttpCommand(req, url, corsHeaders, token);
+        }
+
+        // HTTP query endpoint: POST /query/:viewName
+        if (url.pathname.startsWith("/query/") && req.method === "POST") {
+          return self.handleHttpQuery(req, url, tokenPayload, corsHeaders);
+        }
+
+        // SSE stream endpoint: GET /stream/:viewName
+        if (url.pathname.startsWith("/stream/") && req.method === "GET") {
+          return self.handleHttpStream(
+            req,
+            url,
+            tokenPayload,
+            corsHeaders,
+            token,
+          );
+        }
+
+        // HTTP event sync endpoint: POST /sync/events
+        if (url.pathname === "/sync/events" && req.method === "POST") {
+          return self.handleHttpEventSync(req, tokenPayload, corsHeaders);
+        }
+
+        return new Response("Not Found", { status: 404, headers: corsHeaders });
+      },
+
+      websocket: {
+        open(ws) {
+          // Get token from upgrade data
+          const tokenPayload = ws.data?.token || null;
+          const rawToken = ws.data?.rawToken || null;
+
+          // Add client to connection manager
+          const client = self.connectionManager.addClient(
+            ws,
+            tokenPayload,
+            rawToken,
+          );
+
+          console.log(`Client connected: ${client.id}`);
+        },
+
+        message(ws, messageStr) {
+          try {
+            const message = JSON.parse(
+              messageStr as string,
+            ) as ClientToHostMessage;
+            self.handleMessage(ws, message);
+          } catch (error) {
+            console.error("Failed to parse message:", error);
+            self.sendError(ws, "Invalid message format");
+          }
+        },
+
+        close(ws) {
+          const client = self.connectionManager.getClientByWs(ws);
+          if (client) {
+            console.log(`Client disconnected: ${client.id}`);
+            self.connectionManager.removeClient(client.id);
+          }
+        },
+      },
+    });
+
+    console.log(`✅ Arc Host running on http://localhost:${this.port}`);
+  }
+
+  /**
+   * Handle HTTP command request
+   */
+  private async handleHttpCommand(
+    req: Request,
+    url: URL,
+    corsHeaders: Record<string, string>,
+    rawToken: string | null,
+  ): Promise<Response> {
+    const commandName = url.pathname.split("/command/")[1];
+    if (!commandName) {
+      return new Response("Invalid command path", {
+        status: 400,
+        headers: corsHeaders,
+      });
+    }
+
+    try {
+      const params = await req.json();
+      const result = await this.contextHandler.executeCommand(
+        commandName,
+        params,
+        rawToken,
+      );
+
+      return new Response(JSON.stringify(result ?? { success: true }), {
+        headers: { ...corsHeaders, "Content-Type": "application/json" },
+      });
+    } catch (error) {
+      return new Response(JSON.stringify({ error: (error as Error).message }), {
+        status: 500,
+        headers: { ...corsHeaders, "Content-Type": "application/json" },
+      });
+    }
+  }
+
+  /**
+   * Handle HTTP query request
+   */
+  private async handleHttpQuery(
+    req: Request,
+    url: URL,
+    token: TokenPayload | null,
+    corsHeaders: Record<string, string>,
+  ): Promise<Response> {
+    const viewName = url.pathname.split("/query/")[1];
+    if (!viewName) {
+      return new Response("Invalid query path", {
+        status: 400,
+        headers: corsHeaders,
+      });
+    }
+
+    try {
+      const params = await req.json();
+      const dataStorage = this.contextHandler.getDataStorage();
+      const tx = await dataStorage.getReadTransaction();
+      const result = await tx.find(viewName, params);
+
+      // TODO: Apply view protection filtering based on token
+
+      return new Response(JSON.stringify(result), {
+        headers: { ...corsHeaders, "Content-Type": "application/json" },
+      });
+    } catch (error) {
+      return new Response(JSON.stringify({ error: (error as Error).message }), {
+        status: 500,
+        headers: { ...corsHeaders, "Content-Type": "application/json" },
+      });
+    }
+  }
+
+  /**
+   * Handle HTTP stream (SSE) request for live queries
+   */
+  private handleHttpStream(
+    _req: Request,
+    url: URL,
+    token: TokenPayload | null,
+    corsHeaders: Record<string, string>,
+    rawToken: string | null,
+  ): Response {
+    const viewName = url.pathname.split("/stream/")[1];
+    if (!viewName) {
+      return new Response("Invalid stream path", {
+        status: 400,
+        headers: corsHeaders,
+      });
+    }
+
+    // Parse query options from URL params
+    const findOptions: any = {};
+    const whereParam = url.searchParams.get("where");
+    if (whereParam) {
+      try {
+        findOptions.where = JSON.parse(whereParam);
+      } catch {
+        return new Response("Invalid 'where' parameter", {
+          status: 400,
+          headers: corsHeaders,
+        });
+      }
+    }
+
+    const orderByParam = url.searchParams.get("orderBy");
+    if (orderByParam) {
+      try {
+        findOptions.orderBy = JSON.parse(orderByParam);
+      } catch {
+        return new Response("Invalid 'orderBy' parameter", {
+          status: 400,
+          headers: corsHeaders,
+        });
+      }
+    }
+
+    const limitParam = url.searchParams.get("limit");
+    if (limitParam) {
+      findOptions.limit = parseInt(limitParam, 10);
+    }
+
+    // Create SSE stream
+    const streamId = `stream_${++this.streamIdCounter}_${Date.now()}`;
+    const self = this;
+
+    const stream = new ReadableStream<Uint8Array>({
+      start(controller) {
+        // Set up live query
+        const model = self.contextHandler.getModel();
+
+        // Set the token on the auth adapter so view protection is applied
+        self.contextHandler.setAuthToken(rawToken);
+
+        const { unsubscribe } = liveQuery(
+          model,
+          async (q: any) => {
+            const view = q[viewName];
+            if (!view) {
+              throw new Error(`View '${viewName}' not found`);
+            }
+            return view.find(findOptions);
+          },
+          (data: any[]) => {
+            // Send SSE event
+            const event = `data: ${JSON.stringify({ type: "data", data })}\n\n`;
+            try {
+              controller.enqueue(new TextEncoder().encode(event));
+            } catch {
+              // Stream closed
+              unsubscribe();
+            }
+          },
+        );
+
+        // Store connection for cleanup
+        self.streamConnections.set(streamId, {
+          id: streamId,
+          controller,
+          unsubscribe,
+        });
+
+        // Send initial connection event
+        const connectEvent = `data: ${JSON.stringify({ type: "connected", streamId })}\n\n`;
+        controller.enqueue(new TextEncoder().encode(connectEvent));
+      },
+
+      cancel() {
+        // Clean up on client disconnect
+        const conn = self.streamConnections.get(streamId);
+        if (conn) {
+          conn.unsubscribe();
+          self.streamConnections.delete(streamId);
+        }
+      },
+    });
+
+    return new Response(stream, {
+      headers: {
+        ...corsHeaders,
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache",
+        Connection: "keep-alive",
+      },
+    });
+  }
+
+  /**
+   * Handle HTTP event sync request
+   */
+  private async handleHttpEventSync(
+    req: Request,
+    token: TokenPayload | null,
+    corsHeaders: Record<string, string>,
+  ): Promise<Response> {
+    try {
+      const body = await req.json();
+      const events = body.events || [];
+
+      // Persist events via context handler
+      const persistedEvents = await this.contextHandler.persistEvents(
+        events.map((e: any) => ({
+          localId: e.localId,
+          type: e.type,
+          payload: e.payload,
+          createdAt: e.createdAt,
+        })),
+        "http-sync",
+        token,
+      );
+
+      return new Response(
+        JSON.stringify({
+          success: true,
+          syncedIds: persistedEvents.map((e) => e.localId),
+        }),
+        {
+          headers: { ...corsHeaders, "Content-Type": "application/json" },
+        },
+      );
+    } catch (error) {
+      return new Response(
+        JSON.stringify({
+          success: false,
+          error: (error as Error).message,
+        }),
+        {
+          status: 500,
+          headers: { ...corsHeaders, "Content-Type": "application/json" },
+        },
+      );
+    }
+  }
+
+  /**
+   * Stop the server
+   */
+  stop(): void {
+    // Clean up all stream connections
+    for (const conn of this.streamConnections.values()) {
+      conn.unsubscribe();
+    }
+    this.streamConnections.clear();
+
+    this.server?.stop();
+  }
+}