@arcote.tech/arc-host 0.3.4 → 0.4.1

package/src/middleware/http.ts

@@ -0,0 +1,414 @@
+import type { ArcRouteAny } from "@arcote.tech/arc";
+import { ScopedModel } from "@arcote.tech/arc";
+import type { ConnectionManager } from "../connection-manager";
+import type { ContextHandler } from "../context-handler";
+import type { ArcHttpHandler, ArcRequestContext } from "./types";
+
+// ---------------------------------------------------------------------------
+// Shared
+// ---------------------------------------------------------------------------
+
+async function parseCommandParams(req: Request): Promise<any> {
+  const contentType = req.headers.get("Content-Type") || "";
+  if (contentType.includes("multipart/form-data")) {
+    const formData = await req.formData();
+    const params: Record<string, any> = {};
+    for (const [key, value] of formData.entries()) {
+      if (
+        typeof value === "object" &&
+        value !== null &&
+        "name" in value &&
+        "size" in value
+      ) {
+        params[key] = value;
+      } else {
+        try {
+          params[key] = JSON.parse(value as string);
+        } catch {
+          params[key] = value;
+        }
+      }
+    }
+    return params;
+  }
+  return await req.json();
+}
+
+// ---------------------------------------------------------------------------
+// Health
+// ---------------------------------------------------------------------------
+
+export function healthHandler(cm: ConnectionManager): ArcHttpHandler {
+  return (_req, url, ctx) => {
+    if (url.pathname !== "/health") return null;
+    return Response.json(
+      { status: "ok", clients: cm.clientCount },
+      { headers: ctx.corsHeaders },
+    );
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Command — POST /command/:name
+// ---------------------------------------------------------------------------
+
+export function commandHandler(ch: ContextHandler): ArcHttpHandler {
+  return async (req, url, ctx) => {
+    if (!url.pathname.startsWith("/command/") || req.method !== "POST")
+      return null;
+
+    const commandName = url.pathname.split("/command/")[1];
+    if (!commandName) {
+      return new Response("Invalid command path", {
+        status: 400,
+        headers: ctx.corsHeaders,
+      });
+    }
+
+    try {
+      const params = await parseCommandParams(req);
+      const result = await ch.executeCommand(
+        commandName,
+        params,
+        ctx.rawToken,
+      );
+      return Response.json(result ?? { success: true }, {
+        headers: ctx.corsHeaders,
+      });
+    } catch (error) {
+      console.error(`[ARC] Command '${commandName}' error:`, error);
+      return Response.json(
+        { error: (error as Error).message },
+        { status: 500, headers: ctx.corsHeaders },
+      );
+    }
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Query — POST /query/:viewName
+// ---------------------------------------------------------------------------
+
+export function queryHandler(ch: ContextHandler): ArcHttpHandler {
+  return async (req, url, ctx) => {
+    if (!url.pathname.startsWith("/query/") || req.method !== "POST")
+      return null;
+
+    const viewName = url.pathname.split("/query/")[1];
+    if (!viewName) {
+      return new Response("Invalid query path", {
+        status: 400,
+        headers: ctx.corsHeaders,
+      });
+    }
+
+    try {
+      const params = await req.json();
+      const viewElement = ch.getModel().context.get(viewName) as any;
+      if (!viewElement?.queryContext) {
+        return Response.json(
+          { error: "View not found" },
+          { status: 404, headers: ctx.corsHeaders },
+        );
+      }
+
+      const scoped = new ScopedModel(ch.getModel(), "request");
+      if (ctx.rawToken) scoped.setToken(ctx.rawToken);
+      const queryCtx = viewElement.queryContext(scoped.getAdapters());
+      const result = await queryCtx.find(params);
+
+      return Response.json(result, { headers: ctx.corsHeaders });
+    } catch (error) {
+      return Response.json(
+        { error: (error as Error).message },
+        { status: 500, headers: ctx.corsHeaders },
+      );
+    }
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Stream — GET /stream/:viewName (SSE)
+// ---------------------------------------------------------------------------
+
+interface StreamConnection {
+  id: string;
+  controller: ReadableStreamDefaultController<Uint8Array>;
+  unsubscribe: () => void;
+}
+
+let streamIdCounter = 0;
+const streamConnections = new Map<string, StreamConnection>();
+
+export function streamHandler(ch: ContextHandler): ArcHttpHandler {
+  return (_req, url, ctx) => {
+    if (!url.pathname.startsWith("/stream/") || _req.method !== "GET")
+      return null;
+
+    const viewName = url.pathname.split("/stream/")[1];
+    if (!viewName) {
+      return new Response("Invalid stream path", {
+        status: 400,
+        headers: ctx.corsHeaders,
+      });
+    }
+
+    const findOptions: any = {};
+    const whereParam = url.searchParams.get("where");
+    if (whereParam) {
+      try {
+        findOptions.where = JSON.parse(whereParam);
+      } catch {
+        return new Response("Invalid 'where' parameter", {
+          status: 400,
+          headers: ctx.corsHeaders,
+        });
+      }
+    }
+    const orderByParam = url.searchParams.get("orderBy");
+    if (orderByParam) {
+      try {
+        findOptions.orderBy = JSON.parse(orderByParam);
+      } catch {
+        return new Response("Invalid 'orderBy' parameter", {
+          status: 400,
+          headers: ctx.corsHeaders,
+        });
+      }
+    }
+    const limitParam = url.searchParams.get("limit");
+    if (limitParam) findOptions.limit = parseInt(limitParam, 10);
+
+    const streamId = `stream_${++streamIdCounter}_${Date.now()}`;
+    const rawToken = ctx.rawToken;
+
+    const stream = new ReadableStream<Uint8Array>({
+      start(controller) {
+        const scoped = new ScopedModel(ch.getModel(), "stream");
+        if (rawToken) scoped.setToken(rawToken);
+
+        const descriptor = { element: viewName, method: "find", args: [findOptions] };
+
+        const sendData = async () => {
+          try {
+            const data = await scoped.callQuery(descriptor);
+            controller.enqueue(
+              new TextEncoder().encode(
+                `data: ${JSON.stringify({ type: "data", data })}\n\n`,
+              ),
+            );
+          } catch {
+            unsubscribe();
+          }
+        };
+
+        // Initial data
+        sendData();
+
+        // Subscribe to changes
+        const unsubscribe = ch
+          .getEventPublisher()
+          .subscribe("*", () => sendData());
+
+        streamConnections.set(streamId, { id: streamId, controller, unsubscribe });
+        controller.enqueue(
+          new TextEncoder().encode(
+            `data: ${JSON.stringify({ type: "connected", streamId })}\n\n`,
+          ),
+        );
+      },
+      cancel() {
+        const conn = streamConnections.get(streamId);
+        if (conn) {
+          conn.unsubscribe();
+          streamConnections.delete(streamId);
+        }
+      },
+    });
+
+    return new Response(stream, {
+      headers: {
+        ...ctx.corsHeaders,
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache",
+        Connection: "keep-alive",
+      },
+    });
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Event Sync — POST /sync/events
+// ---------------------------------------------------------------------------
+
+export function eventSyncHandler(ch: ContextHandler): ArcHttpHandler {
+  return async (req, url, ctx) => {
+    if (url.pathname !== "/sync/events" || req.method !== "POST") return null;
+
+    try {
+      const body = await req.json();
+      const events = body.events || [];
+      const persisted = await ch.persistEvents(
+        events.map((e: any) => ({
+          localId: e.localId,
+          type: e.type,
+          payload: e.payload,
+          createdAt: e.createdAt,
+        })),
+        "http-sync",
+        ctx.tokenPayload,
+      );
+      return Response.json(
+        { success: true, syncedIds: persisted.map((e) => e.localId) },
+        { headers: ctx.corsHeaders },
+      );
+    } catch (error) {
+      return Response.json(
+        { success: false, error: (error as Error).message },
+        { status: 500, headers: ctx.corsHeaders },
+      );
+    }
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Route — /route/*
+// ---------------------------------------------------------------------------
+
+export function routeHandler(ch: ContextHandler): ArcHttpHandler {
+  return async (req, url, ctx) => {
+    if (!url.pathname.startsWith("/route/")) return null;
+
+    const method = req.method as "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
+    const context = ch.getModel().context;
+    let matchedRoute: ArcRouteAny | null = null;
+    let routeParams: Record<string, string> = {};
+
+    for (const element of context.elements) {
+      if (element && typeof (element as any).matchesPath === "function") {
+        const route = element as ArcRouteAny;
+        const match = route.matchesPath(url.pathname);
+        if (match.matches) {
+          matchedRoute = route;
+          routeParams = match.params;
+          break;
+        }
+      }
+    }
+
+    if (!matchedRoute) {
+      return Response.json(
+        { error: "Route not found" },
+        { status: 404, headers: ctx.corsHeaders },
+      );
+    }
+
+    const handler = matchedRoute.getHandler(method);
+    if (!handler) {
+      return Response.json(
+        { error: `Method ${method} not allowed` },
+        { status: 405, headers: ctx.corsHeaders },
+      );
+    }
+
+    // Protection checks
+    if (!matchedRoute.isPublic && matchedRoute.hasProtections) {
+      if (!ctx.tokenPayload) {
+        return Response.json(
+          { error: "Unauthorized" },
+          { status: 401, headers: ctx.corsHeaders },
+        );
+      }
+      let isAuthorized = false;
+      for (const protection of matchedRoute.protections) {
+        if (protection.token.name === ctx.tokenPayload.tokenType) {
+          const mockTokenInstance = {
+            params: ctx.tokenPayload.params,
+            getTokenDefinition: () => protection.token,
+          };
+          const allowed = await protection.check(mockTokenInstance as any);
+          if (allowed) {
+            isAuthorized = true;
+            break;
+          }
+        }
+      }
+      if (!isAuthorized) {
+        return Response.json(
+          { error: "Forbidden" },
+          { status: 403, headers: ctx.corsHeaders },
+        );
+      }
+    } else if (!matchedRoute.isPublic && !matchedRoute.hasProtections) {
+      if (!ctx.tokenPayload) {
+        return Response.json(
+          { error: "Unauthorized" },
+          { status: 401, headers: ctx.corsHeaders },
+        );
+      }
+    }
+
+    // Build route context with scoped auth
+    const scoped = new ScopedModel(ch.getModel(), "request");
+    if (ctx.rawToken) scoped.setToken(ctx.rawToken);
+
+    const authParams = ctx.tokenPayload
+      ? {
+          params: ctx.tokenPayload.params,
+          tokenName: ctx.tokenPayload.tokenType,
+        }
+      : undefined;
+
+    const routeContext = matchedRoute.buildContext(
+      scoped.getAdapters(),
+      authParams,
+    );
+
+    try {
+      const response = await handler(routeContext, req, routeParams, url);
+      const newHeaders = new Headers(response.headers);
+      for (const [key, value] of Object.entries(ctx.corsHeaders))
+        newHeaders.set(key, value);
+      const body =
+        response.status >= 300 && response.status < 400
+          ? null
+          : response.body;
+      return new Response(body, {
+        status: response.status,
+        statusText: response.statusText,
+        headers: newHeaders,
+      });
+    } catch (error) {
+      return Response.json(
+        { error: (error as Error).message },
+        { status: 500, headers: ctx.corsHeaders },
+      );
+    }
+  };
+}
+
+// ---------------------------------------------------------------------------
+// Convenience: all Arc HTTP handlers
+// ---------------------------------------------------------------------------
+
+export function arcHttpHandlers(
+  ch: ContextHandler,
+  cm: ConnectionManager,
+): ArcHttpHandler[] {
+  return [
+    healthHandler(cm),
+    commandHandler(ch),
+    queryHandler(ch),
+    streamHandler(ch),
+    eventSyncHandler(ch),
+    routeHandler(ch),
+  ];
+}
+
+/**
+ * Cleanup all active SSE stream connections.
+ */
+export function cleanupStreams(): void {
+  for (const conn of streamConnections.values()) conn.unsubscribe();
+  streamConnections.clear();
+}

package/src/middleware/index.ts

@@ -0,0 +1,27 @@
+export type {
+  ArcHttpHandler,
+  ArcRequestContext,
+  ArcWsContext,
+  ArcWsHandler,
+} from "./types";
+
+export {
+  arcHttpHandlers,
+  cleanupStreams,
+  commandHandler,
+  eventSyncHandler,
+  healthHandler,
+  queryHandler,
+  routeHandler,
+  streamHandler,
+} from "./http";
+
+export {
+  arcWsHandlers,
+  cleanupClientSubs,
+  executeCommandHandler,
+  requestSyncHandler,
+  scopeAuthHandler,
+  syncEventsHandler,
+  querySubscriptionHandler,
+} from "./ws";

package/src/middleware/types.ts

@@ -0,0 +1,42 @@
+import type { ConnectionManager } from "../connection-manager";
+import type { ContextHandler } from "../context-handler";
+import type { ConnectedClient, TokenPayload } from "../types";
+
+/**
+ * Per-request context passed to HTTP handlers.
+ * Created by createArcServer before running the handler chain.
+ */
+export interface ArcRequestContext {
+  rawToken: string | null;
+  tokenPayload: TokenPayload | null;
+  corsHeaders: Record<string, string>;
+}
+
+/**
+ * HTTP middleware handler.
+ * Return a Response to stop the chain, or null to pass to the next handler.
+ */
+export type ArcHttpHandler = (
+  req: Request,
+  url: URL,
+  ctx: ArcRequestContext,
+) => Promise<Response | null> | Response | null;
+
+/**
+ * Server context shared by all WS handlers.
+ */
+export interface ArcWsContext {
+  contextHandler: ContextHandler;
+  connectionManager: ConnectionManager;
+  verifyToken: (token: string) => TokenPayload | null;
+}
+
+/**
+ * WebSocket message handler.
+ * Return true if handled, false to pass to the next handler.
+ */
+export type ArcWsHandler = (
+  client: ConnectedClient,
+  message: any,
+  ctx: ArcWsContext,
+) => Promise<boolean>;