@axium/server 0.9.0 → 0.11.0

package/dist/routes.js

@@ -1,39 +1,47 @@
+import { apps } from './apps.js';
+import config from './config.js';
+import { output } from './io.js';
+import { _unique } from './state.js';
 /**
  * @internal
  */
-export const routes = new Map();
-const kBuiltin = Symbol('kBuiltin');
-export function addRoute(opt, _routeMap = routes) {
-    const route = { ...opt, server: !('page' in opt), [kBuiltin]: false };
+export const routes = _unique('routes', new Map());
+export function addRoute(opt) {
+    const route = { ...opt, server: !('page' in opt) };
     if (!route.path.startsWith('/')) {
         throw new Error(`Route path must start with a slash: ${route.path}`);
     }
-    if (route.path.startsWith('/api/') && !route.server) {
+    if (route.path.startsWith('/api/'))
+        route.api = true;
+    if (route.api && !route.server)
         throw new Error(`API routes cannot have a client page: ${route.path}`);
-    }
-    _routeMap.set(route.path, route);
+    routes.set(route.path, route);
+    output.debug('Added route: ' + route.path);
 }
 /**
  * Resolve a request URL into a route.
  * This handles parsing of parameters in the URL.
  */
-export function resolveRoute(event, _routeMap = routes) {
+export function resolveRoute(event) {
     const { pathname } = event.url;
-    if (_routeMap.has(pathname) && !pathname.split('/').some(p => p.startsWith(':')))
-        return _routeMap.get(pathname);
+    if (routes.has(pathname) && !pathname.split('/').some(p => p.startsWith(':')))
+        return routes.get(pathname);
     // Otherwise we must have a parameterized route
-    routes: for (const route of _routeMap.values()) {
+    _routes: for (const route of routes.values()) {
         const params = {};
         // Split the path and route into parts, zipped together
         const pathParts = pathname.split('/').filter(Boolean);
+        // Skips routes in disabled apps
+        if (apps.has(pathParts[0]) && config.apps.disabled.includes(pathParts[0]))
+            continue;
         for (const routePart of route.path.split('/').filter(Boolean)) {
             const pathPart = pathParts.shift();
             if (!pathPart)
-                continue routes;
+                continue _routes;
             if (pathPart == routePart)
                 continue;
             if (!routePart.startsWith(':'))
-                continue routes;
+                continue _routes;
             params[routePart.slice(1)] = pathPart;
         }
         // we didn't find a match, since an exact match would have been found already
@@ -43,12 +51,3 @@ export function resolveRoute(event, _routeMap = routes) {
         return route;
     }
 }
-/**
- * This function marks all existing routes as built-in.
- * @internal
- */
-export function _markDefaults() {
-    for (const route of routes.values()) {
-        route[kBuiltin] = true;
-    }
-}

package/dist/serve.d.ts

@@ -0,0 +1,7 @@
+import type { Server } from 'node:http';
+export interface ServeOptions {
+    secure: boolean;
+    ssl_key: string;
+    ssl_cert: string;
+}
+export declare function serve(opt: Partial<ServeOptions>): Promise<Server>;

package/dist/serve.js

@@ -0,0 +1,11 @@
+import { readFileSync } from 'node:fs';
+import { createServer } from 'node:http';
+import { createServer as createSecureServer } from 'node:https';
+import config from './config.js';
+const _handlerPath = '../build/handler.js';
+export async function serve(opt) {
+    const { handler } = await import(_handlerPath);
+    if (!opt.secure && !config.web.secure)
+        return createServer(handler);
+    return createSecureServer({ key: readFileSync(opt.ssl_key || config.web.ssl_key), cert: readFileSync(opt.ssl_cert || config.web.ssl_cert) }, handler);
+}

package/dist/state.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Prevent duplicate shared state.
+ */
+export declare function _unique<T>(id: string, value: T): T;

package/dist/state.js

@@ -0,0 +1,22 @@
+import { styleText } from 'node:util';
+const sym = Symbol.for('Axium:state');
+globalThis[sym] ||= Object.create({ _errored: false });
+/**
+ * Prevent duplicate shared state.
+ */
+export function _unique(id, value) {
+    const state = globalThis[sym];
+    const _err = new Error();
+    Error.captureStackTrace(_err, _unique);
+    const stack = _err.stack.slice(6);
+    if (!(id in state)) {
+        state[id] = { value, stack };
+        return value;
+    }
+    if (!state._errored) {
+        console.error(styleText('red', 'Duplicate Axium server state! You might have multiple instances of the same module loaded.'));
+        state._errored = true;
+    }
+    console.warn(styleText('yellow', `Mitigating duplicate state! (${id})\n${stack}\nFrom original\n${state[id].stack}`));
+    return state[id].value;
+}

package/dist/sveltekit.d.ts

@@ -0,0 +1,8 @@
+import type { RequestEvent, ResolveOptions } from '@sveltejs/kit';
+/**
+ * @internal
+ */
+export declare function handle({ event, resolve, }: {
+    event: RequestEvent;
+    resolve: (event: RequestEvent, opts?: ResolveOptions) => Promise<Response>;
+}): Promise<Response>;

package/dist/sveltekit.js

@@ -0,0 +1,94 @@
+import { error, json } from '@sveltejs/kit';
+import { readFileSync } from 'node:fs';
+import { styleText } from 'node:util';
+import { render } from 'svelte/server';
+import z from 'zod/v4';
+import { config } from './config.js';
+import { resolveRoute } from './routes.js';
+async function handleAPIRequest(event, route) {
+    const method = event.request.method;
+    const _warnings = [];
+    if (route.api && !event.request.headers.get('Accept')?.includes('application/json')) {
+        _warnings.push('Only application/json is supported');
+        event.request.headers.set('Accept', 'application/json');
+    }
+    for (const [key, type] of Object.entries(route.params || {})) {
+        if (!type)
+            continue;
+        try {
+            event.params[key] = type.parse(event.params[key]);
+        }
+        catch (e) {
+            error(400, `Invalid parameter: ${z.prettifyError(e)}`);
+        }
+    }
+    if (typeof route[method] != 'function')
+        error(405, `Method ${method} not allowed for ${route.path}`);
+    const result = await route[method](event);
+    if (result instanceof Response)
+        return result;
+    result._warnings ||= [];
+    result._warnings.push(..._warnings);
+    return json(result);
+}
+function handleError(e) {
+    if ('body' in e)
+        return json(e.body, { status: e.status });
+    if ('location' in e)
+        return Response.redirect(e.location, e.status);
+    console.error(e);
+    return json({ message: 'Internal Error' + (config.debug ? ': ' + e.message : '') }, { status: 500 });
+}
+let template = null;
+function fillTemplate({ head, body }, env = {}, nonce = '') {
+    template ||= readFileSync(config.web.template, 'utf-8');
+    return (template
+        .replace('%sveltekit.head%', head)
+        .replace('%sveltekit.body%', body)
+        .replace(/%sveltekit\.assets%/g, config.web.assets)
+        // Unused for now.
+        .replace(/%sveltekit\.nonce%/g, nonce)
+        .replace(/%sveltekit\.env\.([^%]+)%/g, (_match, key) => env[key] ?? ''));
+}
+/**
+ * @internal
+ */
+export async function handle({ event, resolve, }) {
+    const route = resolveRoute(event);
+    if (!route && event.url.pathname === '/' && config.debug)
+        return new Response(null, { status: 303, headers: { Location: '/_axium/default' } });
+    if (config.debug)
+        console.log(styleText('blueBright', event.request.method.padEnd(7)), route ? route.path : event.url.pathname);
+    if (!route)
+        return await resolve(event).catch(handleError);
+    if (route.server == true) {
+        if (route.api)
+            return await handleAPIRequest(event, route).catch(handleError);
+        const run = route[event.request.method];
+        if (typeof run !== 'function') {
+            error(405, `Method ${event.request.method} not allowed for ${route.path}`);
+        }
+        try {
+            const result = await run(event);
+            if (result instanceof Response)
+                return result;
+            return json(result);
+        }
+        catch (e) {
+            return handleError(e);
+        }
+    }
+    const data = await route.load?.(event);
+    const body = fillTemplate(render(route.page));
+    return new Response(body, {
+        headers: config.web.disable_cache
+            ? {
+                'Content-Type': 'text/html; charset=utf-8',
+                'Cache-Control': 'no-cache, no-store, must-revalidate',
+                Pragma: 'no-cache',
+                Expires: '0',
+            }
+            : {},
+        status: 200,
+    });
+}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@axium/server",
-	"version": "0.9.0",
+	"version": "0.11.0",
 	"author": "James Prevett <axium@jamespre.dev> (https://jamespre.dev)",
 	"funding": {
 		"type": "individual",
@@ -20,12 +20,19 @@
 	"exports": {
 		".": "./dist/index.js",
 		"./*": "./dist/*.js",
-		"./web": "./web/index.js",
-		"./web/*": "./web/*"
+		"./lib/*": "./web/lib/*",
+		"./$hooks": "./web/hooks.server.ts",
+		"./$routes": "./routes",
+		"./$template": "./web/template.html",
+		"./svelte.config.js": "./svelte.config.js"
 	},
 	"files": [
+		"assets",
+		"build",
 		"dist",
-		"web"
+		"routes",
+		"web",
+		"svelte.config.js"
 	],
 	"bin": {
 		"axium": "dist/cli.js"
@@ -34,24 +41,26 @@
 		"build": "tsc"
 	},
 	"peerDependencies": {
-		"@axium/core": ">=0.3.0",
-		"@axium/client": ">=0.0.2",
+		"@axium/client": ">=0.1.0",
+		"@axium/core": ">=0.4.0",
 		"utilium": "^2.3.8",
 		"zod": "^3.25.61"
 	},
 	"dependencies": {
+		"@axium/server": "file:.",
 		"@simplewebauthn/server": "^13.1.1",
 		"@sveltejs/kit": "^2.20.2",
 		"@types/pg": "^8.11.11",
 		"commander": "^13.1.0",
+		"cookie": "^1.0.2",
 		"kysely": "^0.28.0",
 		"logzen": "^0.7.0",
 		"mime": "^4.0.7",
-		"pg": "^8.14.1"
+		"pg": "^8.14.1",
+		"svelte": "^5.25.3"
 	},
 	"devDependencies": {
 		"@sveltejs/adapter-node": "^5.2.12",
-		"svelte": "^5.25.3",
 		"vite-plugin-mkcert": "^1.17.8"
 	}
 }

package/{web/routes → routes}/account/+page.svelte

@@ -191,11 +191,12 @@
 				</div>
 				<FormDialog
 					bind:dialog={dialogs['logout#' + session.id]}
-					submit={() =>
-						logout(user.id, session.id).then(() => {
-							if (session.id == currentSession.id) goto('/');
-							else sessions.splice(sessions.indexOf(session), 1);
-						})}
+					submit={async () => {
+						await logout(user.id, session.id);
+						dialogs['logout#' + session.id].remove();
+						sessions.splice(sessions.indexOf(session), 1);
+						if (session.id == currentSession.id) goto('/');
+					}}
 					submitText="Logout"
 				>
 					<p>Are you sure you want to log out this session?</p>

package/svelte.config.js

@@ -0,0 +1,37 @@
+import node from '@sveltejs/adapter-node';
+import { vitePreprocess } from '@sveltejs/vite-plugin-svelte';
+import { join } from 'node:path/posix';
+import config from '@axium/server/config';
+
+/**
+ * Paths relative to the directory of this file.
+ * This allows this file to be imported from other projects and still resolve to the correct paths.
+ */
+const fixed = p => join(import.meta.dirname, p);
+
+/** @type {import('@sveltejs/kit').Config} */
+export default {
+	compilerOptions: {
+		runes: true,
+	},
+	preprocess: vitePreprocess({ script: true }),
+	vitePlugin: {
+		exclude: '@axium/server/**',
+	},
+	kit: {
+		adapter: node(),
+		alias: {
+			$stores: fixed('web/stores'),
+			$lib: fixed('web/lib'),
+		},
+		files: {
+			routes: config.web.routes,
+			lib: fixed('web/lib'),
+			assets: fixed('assets'),
+			appTemplate: fixed('web/template.html'),
+			hooks: {
+				server: fixed('web/hooks.server.ts'),
+			},
+		},
+	},
+};

package/web/hooks.server.ts

@@ -1,12 +1,17 @@
+import '@axium/server/api/index';
 import { loadDefaultConfigs } from '@axium/server/config';
 import { clean, database } from '@axium/server/database';
-import { _markDefaults } from '@axium/server/routes';
-import './api/index.js';
+import { dirs, logger } from '@axium/server/io';
+import { allLogLevels } from 'logzen';
+import { createWriteStream } from 'node:fs';
+import { join } from 'node:path/posix';
 
-_markDefaults();
+logger.attach(createWriteStream(join(dirs.at(-1), 'server.log')), { output: allLogLevels });
 await loadDefaultConfigs();
 await clean({});
 
 process.on('beforeExit', async () => {
 	await database.destroy();
 });
+
+export { handle } from '@axium/server/sveltekit';

package/web/lib/Dialog.svelte

@@ -1,6 +1,5 @@
 <script>
 	let { children, dialog = $bindable(), ...rest } = $props();
-	import './styles.css';
 </script>
 
 <dialog bind:this={dialog} {...rest}>

package/web/lib/FormDialog.svelte

@@ -2,7 +2,6 @@
 	import { goto } from '$app/navigation';
 	import { page } from '$app/state';
 	import Dialog from './Dialog.svelte';
-	import './styles.css';
 
 	function resolveRedirectAfter() {
 		const maybe = page.url.searchParams.get('after');

package/web/lib/Upload.svelte

@@ -0,0 +1,58 @@
+<script lang="ts">
+	import Icon from './icons/Icon.svelte';
+	import { iconForMime, iconForPath } from './icons';
+
+	let { files = $bindable(), name = 'files', ...rest }: { files?: FileList; name?: string; multiple?: any; required?: any } = $props();
+
+	let input = $state<HTMLInputElement>();
+
+	const id = 'input:' + Math.random().toString(36).slice(2);
+</script>
+
+<div>
+	{#if files?.length}
+		<label for={id} class="file">
+			{#each files as file}
+				<Icon i={iconForMime(file.type) || iconForPath(file.name) || 'file'} />
+				<span>{file.name}</span>
+				<button
+					onclick={e => {
+						e.preventDefault();
+						const dt = new DataTransfer();
+						for (let f of files) if (file !== f) dt.items.add(f);
+						input.files = files = dt.files;
+					}}
+					style:display="contents"
+				>
+					<Icon i="trash" />
+				</button>
+			{/each}
+		</label>
+	{:else}
+		<label for={id}><Icon i="upload" />Upload</label>
+	{/if}
+
+	<input bind:this={input} {name} {id} type="file" bind:files {...rest} />
+</div>
+
+<style>
+	input {
+		display: none;
+	}
+
+	label {
+		padding: 0.5em 1em;
+		border: 1px solid #cccc;
+		cursor: pointer;
+		display: flex;
+		align-items: center;
+		gap: 0.5em;
+		border-radius: 0.5em;
+		width: 20em;
+	}
+
+	label.file {
+		display: grid;
+		grid-template-columns: 2em 1fr 2em;
+	}
+</style>

package/web/lib/icons/Icon.svelte

@@ -1,16 +1,11 @@
 <script lang="ts">
-	import light from './light.svg';
-	import solid from './solid.svg';
-	import regular from './regular.svg';
-	const urls = { light, solid, regular };
 	const { i } = $props();
-
 	const [style, id] = $derived(i.includes('/') ? i.split('/') : ['solid', i]);
-	const url = $derived(urls[style]);
+	const href = $derived(`/icons/${style}.svg#${id}`);
 </script>
 
 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" width="1em" height="1em">
-	<use href="{url}#{id}" />
+	<use {href} />
 </svg>
 
 <style>

package/web/lib/icons/index.ts

@@ -3,8 +3,11 @@ import mimeIcons from './mime.json' with { type: 'json' };
 
 export { default as Icon } from './Icon.svelte';
 
-export function iconFor(path: string): string {
-	type K = keyof typeof mimeIcons;
+export function iconForMime(mimeType: string): string {
+	return mimeIcons[mimeType as keyof typeof mimeIcons] || 'file';
+}
+
+export function iconForPath(path: string): string {
 	const type = mime.getType(path) || 'application/octet-stream';
-	return mimeIcons[type as K] || mimeIcons[type.split('/')[0] as K] || 'file';
+	return iconForMime(type);
 }

package/web/lib/icons/mime.json

@@ -21,7 +21,8 @@
 	"text/css": "css",
 	"text/csv": "file-csv",
 	"text/html": "code",
-	"text/javascript": "square-js",
+	"text/javascript": "brands/square-js",
+	"application/x-javascript": "brands/square-js",
 	"text/plain": "file-lines",
 	"text/xml": "code",
 	"video": "clapperboard-play"

package/web/template.html

@@ -0,0 +1,18 @@
+<!doctype html>
+<html lang="en">
+	<head>
+		<meta charset="utf-8" />
+		<link rel="icon" href="%sveltekit.assets%/favicon.svg" />
+		<meta name="viewport" content="width=device-width, initial-scale=1" />
+		<meta name="color-scheme" content="dark light" />
+		<link rel="stylesheet" href="%sveltekit.assets%/styles.css" />
+		<link rel="preload" href="%sveltekit.assets%/icons/light.svg" as="image" type="image/svg+xml" />
+		<link rel="preload" href="%sveltekit.assets%/icons/regular.svg" as="image" type="image/svg+xml" />
+		<link rel="preload" href="%sveltekit.assets%/icons/solid.svg" as="image" type="image/svg+xml" />
+		%sveltekit.head%
+	</head>
+
+	<body>
+		<div style="display: contents">%sveltekit.body%</div>
+	</body>
+</html>

package/web/tsconfig.json

@@ -1,8 +1,8 @@
 {
 	"extends": "../.svelte-kit/tsconfig.json",
 	"compilerOptions": {
-		"target": "ES2021",
+		"target": "ES2023",
 		"lib": ["ESNext", "DOM", "DOM.Iterable"]
 	},
-	"include": ["**/*.ts", "**/*.svelte"]
+	"include": ["./**/*", "../lib"]
 }

package/web/api/metadata.ts

@@ -1,35 +0,0 @@
-import type { Result } from '@axium/core/api';
-import { requestMethods } from '@axium/core/requests';
-import { config } from '@axium/server/config';
-import { plugins } from '@axium/server/plugins';
-import { addRoute, routes } from '@axium/server/routes';
-import { error } from '@sveltejs/kit';
-import pkg from '../../package.json' with { type: 'json' };
-
-addRoute({
-	path: '/api/metadata',
-	async GET(): Result<'GET', 'metadata'> {
-		if (config.api.disable_metadata) {
-			error(401, { message: 'API metadata is disabled' });
-		}
-
-		return {
-			version: pkg.version,
-			routes: Object.fromEntries(
-				routes
-					.entries()
-					.filter(([path]) => path.startsWith('/api/'))
-					.map(([path, route]) => [
-						path,
-						{
-							params: Object.fromEntries(
-								Object.entries(route.params || {}).map(([key, type]) => [key, type ? type.def.type : null])
-							),
-							methods: requestMethods.filter(m => m in route),
-						},
-					])
-			),
-			plugins: Object.fromEntries(plugins.values().map(plugin => [plugin.id, plugin.version])),
-		};
-	},
-});

package/web/api/passkeys.ts

@@ -1,56 +0,0 @@
-import type { Result } from '@axium/core/api';
-import { PasskeyChangeable } from '@axium/core/schemas';
-import { getPasskey } from '@axium/server/auth';
-import { database as db } from '@axium/server/database';
-import { addRoute } from '@axium/server/routes';
-import { error } from '@sveltejs/kit';
-import { omit } from 'utilium';
-import z from 'zod/v4';
-import { checkAuth, parseBody, withError } from './utils';
-
-addRoute({
-	path: '/api/passkeys/:id',
-	params: {
-		id: z.string(),
-	},
-	async GET(event): Result<'GET', 'passkeys/:id'> {
-		const passkey = await getPasskey(event.params.id);
-		await checkAuth(event, passkey.userId);
-		return omit(passkey, 'counter', 'publicKey');
-	},
-	async PATCH(event): Result<'PATCH', 'passkeys/:id'> {
-		const body = await parseBody(event, PasskeyChangeable);
-		const passkey = await getPasskey(event.params.id);
-		await checkAuth(event, passkey.userId);
-		const result = await db
-			.updateTable('passkeys')
-			.set(body)
-			.where('id', '=', passkey.id)
-			.returningAll()
-			.executeTakeFirstOrThrow()
-			.catch(withError('Could not update passkey'));
-
-		return omit(result, 'counter', 'publicKey');
-	},
-	async DELETE(event): Result<'DELETE', 'passkeys/:id'> {
-		const passkey = await getPasskey(event.params.id);
-		await checkAuth(event, passkey.userId);
-
-		const { count } = await db
-			.selectFrom('passkeys')
-			.select(db.fn.countAll().as('count'))
-			.where('userId', '=', passkey.userId)
-			.executeTakeFirstOrThrow();
-
-		if (Number(count) <= 1) error(409, 'At least one passkey is required');
-
-		const result = await db
-			.deleteFrom('passkeys')
-			.where('id', '=', passkey.id)
-			.returningAll()
-			.executeTakeFirstOrThrow()
-			.catch(withError('Could not delete passkey'));
-
-		return omit(result, 'counter', 'publicKey');
-	},
-});

package/web/api/readme.md

@@ -1 +0,0 @@
-This is the web-facing API, not a TypeScript API. In this directory you'll find the `addRoute` calls for the built-in `/api` routes along with the utilities and other helpers used.