@arcote.tech/arc-host 0.1.11 → 0.3.1

package/src/connection-manager.ts

@@ -0,0 +1,115 @@
+import type { ServerWebSocket } from "bun";
+import type {
+  ConnectedClient,
+  HostToClientMessage,
+  TokenPayload,
+} from "./types";
+
+/**
+ * Manages WebSocket connections for a host
+ */
+export class ConnectionManager {
+  private clients = new Map<string, ConnectedClient>();
+  private clientIdCounter = 0;
+
+  /**
+   * Add a new client connection
+   */
+  addClient(
+    ws: ServerWebSocket<{ clientId: string }>,
+    token: TokenPayload | null,
+    rawToken: string | null,
+  ): ConnectedClient {
+    const clientId = `client_${++this.clientIdCounter}_${Date.now()}`;
+
+    const client: ConnectedClient = {
+      id: clientId,
+      token,
+      rawToken,
+      lastHostEventId: null,
+      ws,
+    };
+
+    this.clients.set(clientId, client);
+
+    // Store clientId in WebSocket data for later lookup
+    ws.data = { clientId };
+
+    return client;
+  }
+
+  /**
+   * Remove a client connection
+   */
+  removeClient(clientId: string): void {
+    this.clients.delete(clientId);
+  }
+
+  /**
+   * Get client by ID
+   */
+  getClient(clientId: string): ConnectedClient | undefined {
+    return this.clients.get(clientId);
+  }
+
+  /**
+   * Get client by WebSocket
+   */
+  getClientByWs(
+    ws: ServerWebSocket<{ clientId: string }>,
+  ): ConnectedClient | undefined {
+    const clientId = ws.data?.clientId;
+    if (!clientId) return undefined;
+    return this.clients.get(clientId);
+  }
+
+  /**
+   * Update client's last synced event ID
+   */
+  updateLastSyncedEventId(clientId: string, hostEventId: string): void {
+    const client = this.clients.get(clientId);
+    if (client) {
+      client.lastHostEventId = hostEventId;
+    }
+  }
+
+  /**
+   * Get all connected clients
+   */
+  getAllClients(): ConnectedClient[] {
+    return Array.from(this.clients.values());
+  }
+
+  /**
+   * Send message to a specific client
+   */
+  sendToClient(clientId: string, message: HostToClientMessage): boolean {
+    const client = this.clients.get(clientId);
+    if (!client) return false;
+
+    try {
+      client.ws.send(JSON.stringify(message));
+      return true;
+    } catch (error) {
+      console.error(`Failed to send message to client ${clientId}:`, error);
+      return false;
+    }
+  }
+
+  /**
+   * Broadcast message to all clients
+   */
+  broadcast(message: HostToClientMessage, excludeClientId?: string): void {
+    for (const client of this.clients.values()) {
+      if (client.id === excludeClientId) continue;
+      this.sendToClient(client.id, message);
+    }
+  }
+
+  /**
+   * Get total number of connected clients
+   */
+  get clientCount(): number {
+    return this.clients.size;
+  }
+}

package/src/context-handler.ts

@@ -0,0 +1,219 @@
+import {
+  type ArcContextAny,
+  type ArcEventAny,
+  AuthAdapter,
+  type DatabaseAdapter,
+  LocalEventPublisher,
+  MasterDataStorage,
+  Model,
+  mutationExecutor,
+} from "@arcote.tech/arc";
+import { canTokenEmitEvent, filterEventsForToken } from "./event-auth";
+import type { SyncableEvent, TokenPayload } from "./types";
+
+/**
+ * Handles a single context on the host
+ */
+export class ContextHandler {
+  private model: Model<ArcContextAny>;
+  private dataStorage: MasterDataStorage;
+  private eventPublisher: LocalEventPublisher;
+  private authAdapter: AuthAdapter;
+  private eventDefinitions = new Map<string, ArcEventAny>();
+  private hostEventIdCounter = 0;
+  private initialized = false;
+
+  constructor(
+    public readonly context: ArcContextAny,
+    dbAdapter: Promise<DatabaseAdapter>,
+  ) {
+    this.dataStorage = new MasterDataStorage(dbAdapter);
+    this.eventPublisher = new LocalEventPublisher(this.dataStorage);
+    this.authAdapter = new AuthAdapter();
+
+    this.model = new Model(context, {
+      adapters: {
+        dataStorage: this.dataStorage,
+        eventPublisher: this.eventPublisher,
+        authAdapter: this.authAdapter,
+      },
+      environment: "server",
+    });
+
+    // Build event definitions map
+    for (const element of context.elements) {
+      if ("tagFields" in element && "payload" in element) {
+        this.eventDefinitions.set(element.name, element as ArcEventAny);
+      }
+    }
+  }
+
+  /**
+   * Initialize the context handler
+   */
+  async init(): Promise<void> {
+    if (this.initialized) return;
+    await this.model.init();
+    this.initialized = true;
+  }
+
+  /**
+   * Execute a command
+   */
+  async executeCommand(
+    commandName: string,
+    params: any,
+    rawToken: string | null,
+  ): Promise<any> {
+    const mutations = mutationExecutor(this.model);
+    const command = (mutations as any)[commandName];
+
+    if (!command) {
+      throw new Error(`Command '${commandName}' not found`);
+    }
+
+    // Set auth token on adapter so commands can access $auth.params
+    // AuthAdapter decodes the JWT internally
+    this.authAdapter.setToken(rawToken);
+
+    // TODO: Check command protection with token
+
+    return await command(params);
+  }
+
+  /**
+   * Persist events from a client and return with host IDs
+   */
+  async persistEvents(
+    events: Array<{
+      localId: string;
+      type: string;
+      payload: any;
+      createdAt: string;
+    }>,
+    clientId: string,
+    token: TokenPayload | null,
+  ): Promise<SyncableEvent[]> {
+    const persistedEvents: SyncableEvent[] = [];
+
+    for (const event of events) {
+      // Get event definition
+      const eventDef = this.eventDefinitions.get(event.type);
+      if (!eventDef) {
+        console.warn(`Unknown event type: ${event.type}`);
+        continue;
+      }
+
+      // Check if token can emit this event
+      if (!canTokenEmitEvent(token, eventDef, event.payload)) {
+        console.warn(`Token not authorized to emit event: ${event.type}`);
+        continue;
+      }
+
+      // Generate host ID
+      const hostId = `host_${++this.hostEventIdCounter}_${Date.now()}`;
+
+      const syncableEvent: SyncableEvent = {
+        localId: event.localId,
+        hostId,
+        type: event.type,
+        payload: event.payload,
+        createdAt: event.createdAt,
+        clientId,
+      };
+
+      // Persist to database via event publisher
+      await this.eventPublisher.publish({
+        id: hostId,
+        type: event.type,
+        payload: event.payload,
+        createdAt: new Date(event.createdAt),
+      });
+
+      persistedEvents.push(syncableEvent);
+    }
+
+    return persistedEvents;
+  }
+
+  /**
+   * Get events after a specific host ID, filtered by token
+   */
+  async getEventsSince(
+    lastHostEventId: string | null,
+    token: TokenPayload | null,
+  ): Promise<SyncableEvent[]> {
+    // Query events from database
+    const eventsStore = this.dataStorage.getStore<any>("events");
+    const allEvents: any[] = await eventsStore.find({});
+
+    let filteredEvents: any[];
+    if (lastHostEventId) {
+      // Extract timestamp from lastHostEventId (format: host_{counter}_{timestamp})
+      const parts = lastHostEventId.split("_");
+      const lastTimestamp = parts.length >= 3 ? parseInt(parts[2], 10) : 0;
+
+      // Filter events with timestamp > lastTimestamp
+      filteredEvents = allEvents.filter((e) => {
+        if (!e._id.startsWith("host_")) return false;
+        const eventParts = e._id.split("_");
+        const eventTimestamp =
+          eventParts.length >= 3 ? parseInt(eventParts[2], 10) : 0;
+        return eventTimestamp > lastTimestamp;
+      });
+    } else {
+      // Return all host events
+      filteredEvents = allEvents.filter((e) => e._id.startsWith("host_"));
+    }
+
+    // Sort by timestamp to ensure correct order
+    filteredEvents.sort((a, b) => {
+      const aTimestamp = parseInt(a._id.split("_")[2] || "0", 10);
+      const bTimestamp = parseInt(b._id.split("_")[2] || "0", 10);
+      return aTimestamp - bTimestamp;
+    });
+
+    // Convert to SyncableEvent format
+    const syncableEvents: SyncableEvent[] = filteredEvents.map((e) => ({
+      localId: e._id,
+      hostId: e._id,
+      type: e.type,
+      payload:
+        typeof e.payload === "string" ? JSON.parse(e.payload) : e.payload,
+      createdAt: e.createdAt,
+      clientId: "host",
+    }));
+
+    // Filter by token authorization
+    return filterEventsForToken(token, syncableEvents, this.eventDefinitions);
+  }
+
+  /**
+   * Get the model for advanced operations
+   */
+  getModel(): Model<ArcContextAny> {
+    return this.model;
+  }
+
+  /**
+   * Get data storage for queries
+   */
+  getDataStorage(): MasterDataStorage {
+    return this.dataStorage;
+  }
+
+  /**
+   * Get event definitions map
+   */
+  getEventDefinitions(): Map<string, ArcEventAny> {
+    return this.eventDefinitions;
+  }
+
+  /**
+   * Set auth token on the adapter
+   * Used to apply view protection for queries
+   */
+  setAuthToken(rawToken: string | null): void {
+    this.authAdapter.setToken(rawToken);
+  }
+}

package/src/event-auth.ts

@@ -0,0 +1,127 @@
+import type { ArcEventAny } from "@arcote.tech/arc";
+import type { SyncableEvent, TokenPayload } from "./types";
+
+/**
+ * Check if a token can receive an event based on explicit protectBy rules
+ *
+ * Security model:
+ * - Events WITHOUT protections: public, anyone can receive
+ * - Events WITH protections: MUST have matching read rule for token
+ */
+export function canTokenReceiveEvent(
+  token: TokenPayload | null,
+  event: ArcEventAny,
+  eventInstance: SyncableEvent,
+): boolean {
+  // If event has no protections, it's public - allow everyone
+  if (!event.hasProtections) {
+    return true;
+  }
+
+  // Event has protections - require valid token
+  if (!token) {
+    return false;
+  }
+
+  // Check event protections for matching read rule
+  for (const protection of event.protections) {
+    // Check if this protection applies to the token type
+    if (protection.token.name !== token.tokenType) {
+      continue;
+    }
+
+    // Get protection rules for this token's params
+    const rules = protection.protectionFn(token.params);
+
+    // If read is explicitly false, deny access
+    if (rules.read === false) {
+      continue;
+    }
+
+    // Check read conditions against event payload
+    if (rules.read) {
+      const matches = checkConditionsMatch(rules.read, eventInstance.payload);
+      if (matches) {
+        return true;
+      }
+    }
+  }
+
+  // No matching protection rule found - deny access
+  return false;
+}
+
+/**
+ * Check if a token can emit an event
+ */
+export function canTokenEmitEvent(
+  token: TokenPayload | null,
+  event: ArcEventAny,
+  payload: any,
+): boolean {
+  // If no token, only allow unprotected events
+  if (!token) {
+    return !event.hasProtections;
+  }
+
+  // If event has no protections, allow all authenticated users
+  if (!event.hasProtections) {
+    return true;
+  }
+
+  // Check event protections
+  for (const protection of event.protections) {
+    // Check if this protection applies to the token type
+    if (protection.token.name !== token.tokenType) {
+      continue;
+    }
+
+    // Get protection rules for this token's params
+    const rules = protection.protectionFn(token.params);
+
+    // Check write rules against payload
+    if (rules.write) {
+      const matches = checkConditionsMatch(rules.write, payload);
+      if (matches) {
+        return true;
+      }
+    }
+  }
+
+  return false;
+}
+
+/**
+ * Check if conditions match against data
+ */
+function checkConditionsMatch(
+  conditions: Record<string, any>,
+  data: Record<string, any>,
+): boolean {
+  for (const [key, expectedValue] of Object.entries(conditions)) {
+    const actualValue = data[key];
+
+    if (actualValue !== expectedValue) {
+      return false;
+    }
+  }
+  return true;
+}
+
+/**
+ * Filter events that a token can receive
+ */
+export function filterEventsForToken(
+  token: TokenPayload | null,
+  events: SyncableEvent[],
+  eventDefinitions: Map<string, ArcEventAny>,
+): SyncableEvent[] {
+  return events.filter((eventInstance) => {
+    const eventDef = eventDefinitions.get(eventInstance.type);
+    if (!eventDef) {
+      // Unknown event type, don't send
+      return false;
+    }
+    return canTokenReceiveEvent(token, eventDef, eventInstance);
+  });
+}

package/src/index.ts

@@ -0,0 +1,24 @@
+// Main exports
+export { ArcHost } from "./arc-host";
+export { ConnectionManager } from "./connection-manager";
+export { ContextHandler } from "./context-handler";
+
+// Types
+export type {
+  ArcHostConfig,
+  ClientToHostMessage,
+  ConnectedClient,
+  HostToClientMessage,
+  SyncableEvent,
+  TokenPayload,
+} from "./types";
+
+// Auth utilities
+export {
+  canTokenEmitEvent,
+  canTokenReceiveEvent,
+  filterEventsForToken,
+} from "./event-auth";
+
+// Re-export adapters
+export { sqliteAdapterFactory } from "../sqliteAdapter";

package/src/types.ts

@@ -0,0 +1,112 @@
+import type { ArcContextAny, DBAdapterFactory } from "@arcote.tech/arc";
+
+/**
+ * Host configuration options
+ */
+export interface ArcHostConfig {
+  /** Context to serve */
+  context: ArcContextAny;
+  /** Database adapter factory */
+  dbAdapterFactory: DBAdapterFactory;
+  /** Server port */
+  port?: number;
+  /** JWT secret for token verification */
+  jwtSecret?: string;
+  /** JWT expiration time */
+  jwtExpiresIn?: string;
+}
+
+/**
+ * Token payload from JWT
+ */
+export interface TokenPayload {
+  /** Token type name (e.g., "user") */
+  tokenType: string;
+  /** Token params (e.g., { userId: "123" }) */
+  params: Record<string, any>;
+  /** Issued at timestamp */
+  iat?: number;
+  /** Expiration timestamp */
+  exp?: number;
+}
+
+/**
+ * Connected client info
+ */
+export interface ConnectedClient {
+  /** Unique client ID */
+  id: string;
+  /** Token payload (decoded) */
+  token: TokenPayload | null;
+  /** Raw JWT token string */
+  rawToken: string | null;
+  /** Last synced host event ID */
+  lastHostEventId: string | null;
+  /** WebSocket instance */
+  ws: any;
+}
+
+/**
+ * Event with sync IDs
+ */
+export interface SyncableEvent {
+  /** Local ID generated by client */
+  localId: string;
+  /** Host ID assigned when persisted */
+  hostId: string;
+  /** Event type */
+  type: string;
+  /** Event payload */
+  payload: any;
+  /** Creation timestamp */
+  createdAt: string;
+  /** Client ID that created this event */
+  clientId: string;
+}
+
+/**
+ * Messages from client to host
+ */
+export type ClientToHostMessage =
+  | {
+      type: "sync-events";
+      events: Array<{
+        localId: string;
+        type: string;
+        payload: any;
+        createdAt: string;
+      }>;
+    }
+  | {
+      type: "request-sync";
+      lastHostEventId: string | null;
+    }
+  | {
+      type: "execute-command";
+      commandName: string;
+      params: any;
+      requestId: string;
+    };
+
+/**
+ * Messages from host to client
+ */
+export type HostToClientMessage =
+  | {
+      type: "events";
+      events: SyncableEvent[];
+    }
+  | {
+      type: "command-result";
+      requestId: string;
+      result?: any;
+      error?: string;
+    }
+  | {
+      type: "sync-complete";
+      lastHostEventId: string;
+    }
+  | {
+      type: "error";
+      message: string;
+    };

package/dist/host.d.ts

@@ -1,45 +0,0 @@
-import { type ArcContextAny, type DatabaseAdapter, type DataStorageChanges, type RealTimeCommunicationAdapter } from "@arcote.tech/arc";
-declare class RTCHost implements RealTimeCommunicationAdapter {
-    private context;
-    private server;
-    private dataStore;
-    private model;
-    constructor(context: ArcContextAny, dbAdapter: Promise<DatabaseAdapter>);
-    commitChanges(changes: DataStorageChanges[]): void;
-    sync(progressCallback: ({ store, size, }: {
-        store: string;
-        size: number;
-    }) => void): Promise<void>;
-    private verifyAuthToken;
-    /**
-     * Convert JWT payload to AuthContext
-     */
-    private tokenToAuthContext;
-    /**
-     * Extract client IP address from request headers
-     */
-    private getClientIpAddress;
-    /**
-     * Get default auth context for anonymous users
-     */
-    private getDefaultAuthContext;
-    /**
-     * Parse FormData back to an object structure
-     */
-    private parseFormDataToObject;
-    /**
-     * Helper method to set nested properties from FormData keys like "user[profile][avatar]"
-     */
-    private setNestedProperty;
-    private handleCommand;
-    private handleQuery;
-    private handleRoute;
-    private setupServer;
-    private isPublicEndpoint;
-    private handleSync;
-    private onMessage;
-    private publishMessage;
-}
-export declare const rtcHostFactory: (context: ArcContextAny, dbAdapter: Promise<DatabaseAdapter>) => () => RTCHost;
-export {};
-//# sourceMappingURL=host.d.ts.map

package/dist/host.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"host.d.ts","sourceRoot":"","sources":["../host.ts"],"names":[],"mappings":"AAAA,OAAO,EAKL,KAAK,aAAa,EAElB,KAAK,eAAe,EACpB,KAAK,kBAAkB,EAGvB,KAAK,4BAA4B,EAClC,MAAM,kBAAkB,CAAC;AAI1B,cAAM,OAAQ,YAAW,4BAA4B;IAMjD,OAAO,CAAC,OAAO;IALjB,OAAO,CAAC,MAAM,CAAU;IACxB,OAAO,CAAC,SAAS,CAAoB;IACrC,OAAO,CAAC,KAAK,CAAuB;gBAG1B,OAAO,EAAE,aAAa,EAC9B,SAAS,EAAE,OAAO,CAAC,eAAe,CAAC;IASrC,aAAa,CAAC,OAAO,EAAE,kBAAkB,EAAE,GAAG,IAAI;IAI5C,IAAI,CACR,gBAAgB,EAAE,CAAC,EACjB,KAAK,EACL,IAAI,GACL,EAAE;QACD,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;KACd,KAAK,IAAI,GACT,OAAO,CAAC,IAAI,CAAC;YAIF,eAAe;IAS7B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAU1B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAuB1B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAM7B;;OAEG;YACW,qBAAqB;IAWnC;;OAEG;IACH,OAAO,CAAC,iBAAiB;YAwCX,aAAa;YAoDb,WAAW;YAiEX,WAAW;IAgEzB,OAAO,CAAC,WAAW;IAoEnB,OAAO,CAAC,gBAAgB;YA4BV,UAAU;YA+CV,SAAS;IAevB,OAAO,CAAC,cAAc;CAGvB;AAED,eAAO,MAAM,cAAc,YACf,aAAa,aAAa,OAAO,CAAC,eAAe,CAAC,kBAE3D,CAAC"}

package/dist/postgresAdapter.d.ts

@@ -1,3 +0,0 @@
-import { type DBAdapterFactory } from "@arcote.tech/arc";
-export declare const postgreSQLAdapterFactory: (connectionString: string) => DBAdapterFactory;
-//# sourceMappingURL=postgresAdapter.d.ts.map

package/dist/postgresAdapter.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"postgresAdapter.d.ts","sourceRoot":"","sources":["../postgresAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,gBAAgB,EAEtB,MAAM,kBAAkB,CAAC;AAqC1B,eAAO,MAAM,wBAAwB,qBACjB,MAAM,KACvB,gBAKF,CAAC"}