@bleedingdev/modern-js-plugin-bff 3.2.0-ultramodern.99 → 3.4.0-ultramodern.1

package/dist/esm/runtime/effect-client/runtime.mjs

@@ -0,0 +1,228 @@
+import { DEFAULT_DATA_BATCH_HEADER, DEFAULT_DATA_ENVELOPE_HEADER, createDataBatchTransport, createRequestEnvelope, encodeRequestEnvelopeHeader } from "../data-platform/index.mjs";
+const METHODS_WITHOUT_BODY = new Set([
+    'GET',
+    'DELETE',
+    'HEAD',
+    'OPTIONS'
+]);
+const DATA_REQUEST_MODES = new Set([
+    'cache-first',
+    'stale-while-revalidate',
+    'network-only'
+]);
+const DATA_MUTATION_MODES = new Set([
+    'optimistic',
+    'pessimistic',
+    'fire-and-forget'
+]);
+const isRecord = (value)=>'object' == typeof value && null !== value;
+const stringOrUndefined = (value)=>'string' == typeof value && value.length > 0 ? value : void 0;
+const isDataRequestMode = (value)=>'string' == typeof value && DATA_REQUEST_MODES.has(value);
+const isDataMutationMode = (value)=>'string' == typeof value && DATA_MUTATION_MODES.has(value);
+const normalizeOrigin = (value)=>{
+    if ('string' != typeof value || 0 === value.length) return;
+    try {
+        return new URL(value).origin;
+    } catch  {
+        return;
+    }
+};
+const resolveRuntimeFetch = ()=>'function' == typeof fetch ? fetch.bind(globalThis) : void 0;
+const resolveOrigin = (defaultOrigin)=>{
+    if ("u" > typeof window && window.location && 'string' == typeof window.location.origin && window.location.origin) return window.location.origin;
+    const globalLocation = globalThis?.location;
+    if (globalLocation && 'string' == typeof globalLocation.origin && globalLocation.origin) return globalLocation.origin;
+    return defaultOrigin;
+};
+const normalizeRequest = (method, request)=>{
+    if (!isRecord(request)) return {};
+    const payload = {
+        ...request
+    };
+    if (isRecord(request.path) && !isRecord(payload.params)) payload.params = request.path;
+    if (isRecord(request.urlParams) && !isRecord(payload.query)) payload.query = request.urlParams;
+    if (isRecord(request.headers) && !isRecord(payload.headers)) payload.headers = request.headers;
+    if ('payload' in request && void 0 !== request.payload) if ("u" > typeof FormData && request.payload instanceof FormData && !('formData' in payload)) payload.formData = request.payload;
+    else if (METHODS_WITHOUT_BODY.has(method)) {
+        if (isRecord(request.payload)) payload.query = isRecord(payload.query) ? {
+            ...payload.query,
+            ...request.payload
+        } : request.payload;
+        else if (!('body' in payload)) payload.body = request.payload;
+    } else if (!isRecord(request.payload) || 'data' in payload) {
+        if (!('body' in payload)) payload.body = request.payload;
+    } else payload.data = request.payload;
+    return payload;
+};
+const resolveTargetOrigin = (dataPlatform, defaultOrigin)=>{
+    const explicitTargetOrigin = stringOrUndefined(dataPlatform.targetOrigin) || stringOrUndefined(dataPlatform.endpointOrigin);
+    if (explicitTargetOrigin) return explicitTargetOrigin;
+    return defaultOrigin;
+};
+const shouldAttachEnvelopeHeader = (dataPlatform, defaultOrigin)=>{
+    if (true === dataPlatform.allowCrossOriginEnvelope) return true;
+    const currentOrigin = normalizeOrigin(resolveOrigin(defaultOrigin));
+    const targetOrigin = normalizeOrigin(resolveTargetOrigin(dataPlatform, defaultOrigin));
+    if (!currentOrigin || !targetOrigin) return true;
+    return currentOrigin === targetOrigin;
+};
+const toEnvelopeInput = (normalizedRequest)=>{
+    const payload = {};
+    if (isRecord(normalizedRequest.params)) payload.path = normalizedRequest.params;
+    if (isRecord(normalizedRequest.query)) payload.query = normalizedRequest.query;
+    if ('data' in normalizedRequest && void 0 !== normalizedRequest.data) payload.data = normalizedRequest.data;
+    if ('body' in normalizedRequest && void 0 !== normalizedRequest.body) payload.body = normalizedRequest.body;
+    if ("u" > typeof FormData && normalizedRequest.formData instanceof FormData) payload.formData = Array.from(normalizedRequest.formData.entries()).map(([key, value])=>[
+            key,
+            String(value)
+        ]);
+    if ("u" > typeof URLSearchParams && normalizedRequest.formUrlencoded instanceof URLSearchParams) payload.formUrlencoded = normalizedRequest.formUrlencoded.toString();
+    return payload;
+};
+const createGeneratedEffectClient = (manifest, config, requestRuntime)=>{
+    const createRequest = requestRuntime.createRequest;
+    const configureRequest = 'function' == typeof requestRuntime.configure ? requestRuntime.configure : void 0;
+    const createRequestContextHeaders = 'function' == typeof requestRuntime.createRequestContextHeaders ? requestRuntime.createRequestContextHeaders : void 0;
+    const defaultOrigin = config.defaultOrigin;
+    const httpMethodDecider = config.httpMethodDecider || 'functionName';
+    const port = config.useEnvPort && "u" > typeof process && process.env && process.env.PORT ? process.env.PORT : config.port;
+    if (config.requestId && configureRequest) {
+        const configurePayload = {
+            requestId: config.requestId,
+            requireEnvelope: true,
+            identityBinding: {
+                enabled: true,
+                strict: true
+            },
+            operationContract: {
+                enabled: true,
+                strict: true,
+                requireSchemaHash: true,
+                requireOperationVersion: true
+            },
+            setDomain: ()=>resolveOrigin(defaultOrigin)
+        };
+        const runtimeFetch = resolveRuntimeFetch();
+        if (false !== config.batch.enabled && runtimeFetch) configurePayload.request = createDataBatchTransport({
+            fetch: runtimeFetch,
+            endpoint: config.batch.endpoint,
+            flushIntervalMs: config.batch.flushIntervalMs,
+            maxBatchSize: config.batch.maxBatchSize,
+            maxBatchBytes: config.batch.maxBatchBytes,
+            requestTimeoutMs: config.batch.requestTimeoutMs,
+            allowedMethods: config.batch.allowedMethods
+        });
+        configureRequest(configurePayload);
+    }
+    const createEffectRequestContext = (requestContext)=>{
+        if (!isRecord(requestContext)) return {};
+        const headers = createRequestContextHeaders ? createRequestContextHeaders(requestContext) : {};
+        return {
+            ...requestContext,
+            headers
+        };
+    };
+    const applyRequestContext = (normalizedRequest, request)=>{
+        if (!isRecord(request) || !isRecord(request.requestContext)) return normalizedRequest;
+        const requestContext = createEffectRequestContext(request.requestContext);
+        const requestHeaders = isRecord(requestContext.headers) ? requestContext.headers : {};
+        if (0 === Object.keys(requestHeaders).length) return normalizedRequest;
+        return {
+            ...normalizedRequest,
+            headers: {
+                ...requestHeaders,
+                ...isRecord(normalizedRequest.headers) ? normalizedRequest.headers : {}
+            }
+        };
+    };
+    const prepareEffectRequest = (endpoint, operation, request)=>{
+        const normalizedRequest = applyRequestContext(normalizeRequest(endpoint.method, request), request);
+        const dataPlatform = isRecord(request) && isRecord(request.dataPlatform) ? request.dataPlatform : {};
+        const strictEnvelope = true === dataPlatform.requireEnvelope || true === dataPlatform.strict;
+        if (!strictEnvelope && !shouldAttachEnvelopeHeader(dataPlatform, defaultOrigin)) return normalizedRequest;
+        try {
+            const namespace = stringOrUndefined(dataPlatform.appNamespace) || config.appNamespace;
+            const origin = stringOrUndefined(dataPlatform.origin) || resolveOrigin(defaultOrigin);
+            const envelope = createRequestEnvelope({
+                operation: {
+                    ...operation,
+                    appNamespace: namespace
+                },
+                scope: {
+                    appNamespace: namespace,
+                    origin,
+                    tenantId: stringOrUndefined(dataPlatform.tenantId),
+                    userId: stringOrUndefined(dataPlatform.userId),
+                    sessionId: stringOrUndefined(dataPlatform.sessionId)
+                },
+                requestInput: {
+                    method: endpoint.method,
+                    routePath: endpoint.routePath,
+                    payload: toEnvelopeInput(normalizedRequest)
+                },
+                requestMode: isDataRequestMode(dataPlatform.requestMode) ? dataPlatform.requestMode : void 0,
+                mutationMode: isDataMutationMode(dataPlatform.mutationMode) ? dataPlatform.mutationMode : void 0,
+                selectionPlan: isRecord(dataPlatform.selectionPlan) ? dataPlatform.selectionPlan : void 0,
+                traceContext: isRecord(dataPlatform.traceContext) ? dataPlatform.traceContext : void 0,
+                requireTraceContext: true === dataPlatform.requireTraceContext
+            });
+            const headerName = stringOrUndefined(dataPlatform.envelopeHeader) || DEFAULT_DATA_ENVELOPE_HEADER;
+            const headers = isRecord(normalizedRequest.headers) ? {
+                ...normalizedRequest.headers
+            } : {};
+            if (false === dataPlatform.batch) headers[DEFAULT_DATA_BATCH_HEADER] = 'off';
+            headers[headerName] = encodeRequestEnvelopeHeader(envelope);
+            return {
+                ...normalizedRequest,
+                headers
+            };
+        } catch (error) {
+            if (strictEnvelope) throw error;
+            return normalizedRequest;
+        }
+    };
+    const client = {};
+    const operationManifest = {};
+    for (const endpoint of manifest.endpoints){
+        const operationId = `${endpoint.method}:${endpoint.routePath}`;
+        const operation = {
+            appNamespace: config.appNamespace,
+            apiId: endpoint.apiId,
+            group: endpoint.group,
+            endpoint: endpoint.endpoint,
+            operationId,
+            routePath: endpoint.routePath,
+            method: endpoint.method,
+            operationVersion: endpoint.operationVersion,
+            schemaHash: endpoint.schemaHash,
+            version: endpoint.operationVersion
+        };
+        const sender = createRequest({
+            path: endpoint.routePath,
+            method: endpoint.method,
+            port,
+            operationContext: {
+                operationId,
+                routePath: endpoint.routePath,
+                method: endpoint.method,
+                schemaHash: endpoint.schemaHash,
+                operationVersion: endpoint.operationVersion
+            },
+            httpMethodDecider,
+            ...config.requestId ? {
+                requestId: config.requestId
+            } : {}
+        });
+        const call = (request = {})=>sender(prepareEffectRequest(endpoint, operation, request));
+        client[endpoint.group] ??= {};
+        client[endpoint.group][endpoint.endpoint] = call;
+        operationManifest[endpoint.group] ??= {};
+        operationManifest[endpoint.group][endpoint.endpoint] = operation;
+    }
+    return {
+        client,
+        operationManifest,
+        createEffectRequestContext
+    };
+};
+export { createGeneratedEffectClient };

package/dist/esm/runtime/hono/adapter.mjs

@@ -1,6 +1,8 @@
 import { Hono, run } from "@modern-js/server-core";
 import { isProd, logger } from "@modern-js/utils";
 import createHonoRoutes from "../../utils/createHonoRoutes.mjs";
+import { checkCrossProjectPolicyResponse, resolveAdapterCrossProjectPolicy } from "../../utils/crossProjectServerPolicy.mjs";
+import { createSafeFailureResponse } from "../safe-failure.mjs";
 const before = [
     'custom-server-hook',
     'custom-server-middleware',
@@ -18,6 +20,7 @@ class HonoAdapter {
         this.apiMiddleware = [];
         this.apiServer = null;
         this.isHono = true;
+        this.prefix = '/api';
         this.setHandlers = async ()=>{
             if (!this.isHono) return;
             const { apiHandlerInfos } = this.api.getServerContext();
@@ -30,6 +33,22 @@ class HonoAdapter {
                     order: 'post',
                     before: before
                 }));
+            this.crossProjectPolicy = resolveAdapterCrossProjectPolicy(this.api, apiHandlerInfos || []);
+            if (this.crossProjectPolicy) {
+                const policyMiddleware = async (c, next)=>{
+                    const denial = checkCrossProjectPolicyResponse(c.req.header(), this.crossProjectPolicy);
+                    if (denial) return denial;
+                    await next();
+                };
+                this.apiMiddleware.unshift({
+                    name: 'bff-cross-project-policy',
+                    path: `${this.prefix}/*`,
+                    method: 'all',
+                    handler: policyMiddleware,
+                    order: 'post',
+                    before: before
+                });
+            }
         };
         this.registerApiRoutes = async ()=>{
             if (!this.isHono) return;
@@ -66,15 +85,7 @@ class HonoAdapter {
                 } catch (configError) {
                     logger.error(`Error in serverConfig.onError handler: ${configError}`);
                 }
-                const status = 'object' == typeof err && null !== err && 'status' in err && 'number' == typeof err.status ? err.status : 500;
-                return new Response(JSON.stringify({
-                    message: err instanceof Error ? err.message : '[BFF] Internal Server Error'
-                }), {
-                    status,
-                    headers: {
-                        'content-type': 'application/json; charset=utf-8'
-                    }
-                });
+                return createSafeFailureResponse(err);
             });
         };
         this.registerMiddleware = async (options)=>{
@@ -84,6 +95,7 @@ class HonoAdapter {
                 this.isHono = false;
                 return;
             }
+            this.prefix = prefix || this.prefix;
             const { middlewares: globalMiddlewares } = this.api.getServerContext();
             await this.setHandlers();
             if (isProd()) globalMiddlewares.push(...this.apiMiddleware);

package/dist/esm/runtime/safe-failure.mjs

@@ -0,0 +1,45 @@
+const SAFE_FAILURE_MESSAGES = {
+    500: 'Internal Server Error',
+    503: 'Service Unavailable'
+};
+const SAFE_FAILURE_CODES = {
+    500: 'INTERNAL_SERVER_ERROR',
+    503: 'SERVICE_UNAVAILABLE'
+};
+const readErrorProperty = (error, key)=>{
+    if ('object' != typeof error || null === error || !(key in error)) return;
+    return error[key];
+};
+const normalizeFailureStatus = (value)=>{
+    if ('number' != typeof value || !Number.isInteger(value)) return;
+    return value >= 400 && value <= 599 ? value : void 0;
+};
+const normalizeRetryAfter = (value)=>{
+    if ('number' == typeof value && Number.isFinite(value) && value >= 0) return String(Math.ceil(value));
+    if ('string' == typeof value) {
+        const trimmed = value.trim();
+        return trimmed.length > 0 ? trimmed : void 0;
+    }
+    if (value instanceof Date) return value.toUTCString();
+};
+const createSafeFailureResponse = (error)=>{
+    const status = normalizeFailureStatus(readErrorProperty(error, 'status')) ?? normalizeFailureStatus(readErrorProperty(error, 'statusCode')) ?? 500;
+    const retryAfter = 503 === status ? normalizeRetryAfter(readErrorProperty(error, 'retryAfter')) ?? normalizeRetryAfter(readErrorProperty(error, 'retryAfterSeconds')) ?? normalizeRetryAfter('number' == typeof readErrorProperty(error, 'retryAfterMs') ? readErrorProperty(error, 'retryAfterMs') / 1000 : void 0) : void 0;
+    const body = {
+        success: false,
+        error: {
+            code: SAFE_FAILURE_CODES[status] ?? 'REQUEST_FAILED',
+            message: SAFE_FAILURE_MESSAGES[status] ?? 'Request failed',
+            status
+        }
+    };
+    const headers = {
+        'content-type': 'application/json; charset=utf-8'
+    };
+    if (void 0 !== retryAfter) headers['Retry-After'] = retryAfter;
+    return new Response(JSON.stringify(body), {
+        status,
+        headers
+    });
+};
+export { createSafeFailureResponse };

package/dist/esm/utils/clientGenerator.mjs

@@ -1,7 +1,7 @@
 import { generateClient } from "@modern-js/bff-core";
 import { fs, logger } from "@modern-js/utils";
 import path from "path";
-import { generateEffectClientCode, renderEffectClientDeclaration, resolveEffectEntryFile } from "./effectClientGenerator.mjs";
+import { generateEffectClient, resolveEffectEntryFile } from "./effectClientGenerator.mjs";
 const API_DIR = 'api';
 const PLUGIN_DIR = 'plugin';
 const RUNTIME_DIR = 'runtime';
@@ -262,7 +262,7 @@ async function clientGenerator(draftOptions) {
                     source: effectSource,
                     relativeDistPath: draftOptions.relativeDistPath
                 });
-                const effectClientCode = await generateEffectClientCode({
+                const effectClientArtifacts = await generateEffectClient({
                     appDir: draftOptions.appDir,
                     apiDir: draftOptions.apiDir,
                     resourcePath: effectEntryFile,
@@ -273,10 +273,10 @@ async function clientGenerator(draftOptions) {
                     httpMethodDecider: draftOptions.httpMethodDecider,
                     dataPlatformBatch: draftOptions.effectDataPlatformBatch
                 });
-                if (effectClientCode) {
+                if (effectClientArtifacts) {
                     const targetTypeFile = effectFileDetails.targetDir.replace(/\.js$/, '.d.ts');
-                    await writeTargetFile(effectFileDetails.absTargetDir, effectClientCode);
-                    await writeTargetFile(path.resolve(targetTypeFile), renderEffectClientDeclaration());
+                    await writeTargetFile(effectFileDetails.absTargetDir, effectClientArtifacts.code);
+                    await writeTargetFile(path.resolve(targetTypeFile), effectClientArtifacts.declaration);
                     generatedSourceList.push(effectFileDetails);
                 }
             }

package/dist/esm/utils/crossProjectServerPolicy.mjs

@@ -0,0 +1,50 @@
+import { checkCrossProjectPolicy, deriveOperationVersion, resolveCrossProjectPolicy } from "@modern-js/bff-core";
+import path from "path";
+const readNearestPackageVersion = (startDir)=>{
+    if (!startDir) return;
+    let current = path.resolve(startDir);
+    for(let depth = 0; depth < 10; depth += 1){
+        try {
+            const packageJson = require(path.join(current, 'package.json'));
+            if ('string' == typeof packageJson.version) return packageJson.version;
+        } catch  {}
+        const parent = path.dirname(current);
+        if (parent === current) break;
+        current = parent;
+    }
+};
+const resolveAdapterCrossProjectPolicy = (api, handlers)=>{
+    const bff = api.getServerConfig()?.bff;
+    const { apiDirectory, appDirectory } = api.getServerContext();
+    return resolveCrossProjectPolicy({
+        crossProjectPolicy: bff?.crossProjectPolicy,
+        handlers,
+        requestId: bff?.requestId,
+        isCrossProjectServer: bff?.isCrossProjectServer,
+        operationVersion: deriveOperationVersion(readNearestPackageVersion(apiDirectory) ?? readNearestPackageVersion(appDirectory))
+    });
+};
+const DENIAL_HEADERS = {
+    'content-type': 'application/json; charset=utf-8'
+};
+const checkCrossProjectPolicyResponse = (headers, policy)=>{
+    if (!policy?.enabled) return null;
+    const denial = checkCrossProjectPolicy(headers, policy);
+    if (!denial) return null;
+    return new Response(JSON.stringify(denial.body), {
+        status: denial.status,
+        headers: DENIAL_HEADERS
+    });
+};
+const toHeaderRecord = (headers)=>{
+    const record = {};
+    headers.forEach((value, key)=>{
+        record[key] = value;
+    });
+    return record;
+};
+const checkCrossProjectPolicyForRequest = (request, policy)=>{
+    if (!policy?.enabled) return null;
+    return checkCrossProjectPolicyResponse(toHeaderRecord(request.headers), policy);
+};
+export { checkCrossProjectPolicyForRequest, checkCrossProjectPolicyResponse, resolveAdapterCrossProjectPolicy };