@canva/cli 0.0.1-beta.2 → 0.0.1-beta.20

package/templates/base/scripts/start/start.ts

@@ -23,6 +23,17 @@ yargs(hideBin(process.argv))
     default:
       process.env.npm_config_use_https?.toLocaleLowerCase().trim() === "true",
   })
+  .option("override-frontend-port", {
+    description:
+      "Port to run the local development server on. Overrides the frontend port set in the .env file.",
+    type: "number",
+    alias: "p",
+  })
+  .option("preview", {
+    description: "Open the app in Canva.",
+    type: "boolean",
+    default: false,
+  })
   .command(
     "$0",
     "Starts local development",

package/templates/base/scripts/start/tests/start.tests.ts

@@ -0,0 +1,61 @@
+/* eslint-disable no-console */
+
+import type { ChildProcess } from "child_process";
+import { spawn } from "child_process";
+import * as treeKill from "tree-kill";
+
+describe("start script", () => {
+  let serverProcess: ChildProcess;
+
+  afterEach(() => {
+    if (serverProcess?.pid && !serverProcess.exitCode) {
+      treeKill(serverProcess.pid);
+    }
+  });
+
+  it("should execute 'npm run start' and start a dev server", async () => {
+    const testServerPort = 8089;
+    serverProcess = await spawn(
+      `npm run start -- -p ${testServerPort} --no-preview`,
+      {
+        shell: true,
+      },
+    );
+
+    if (!serverProcess.pid) {
+      throw new Error("Unable to start server");
+    }
+
+    // wait for the server to start and collect output until it reports the running URL
+    let output = "";
+    await new Promise<void>((resolve, reject) => {
+      serverProcess.stdout?.on("data", (data) => {
+        output += data.toString();
+        if (output.includes("Development URL")) {
+          resolve();
+        }
+      });
+
+      serverProcess.stderr?.on("data", (data) => {
+        console.error("Server process error: ", data.toString());
+        reject();
+      });
+
+      // timeout and fail test if the server hasn't correctly started in 10 seconds
+      setTimeout(() => {
+        if (serverProcess?.pid && !serverProcess.exitCode) {
+          treeKill(serverProcess.pid);
+        }
+        reject(new Error("Test timed out"));
+      }, 10000);
+    });
+
+    // check that the server is running and accessible
+    const expectedServerURL = `http://localhost:${testServerPort}`;
+    expect(output).toContain(expectedServerURL);
+    expect(serverProcess.exitCode).toBeNull();
+
+    // clean up
+    treeKill(serverProcess.pid);
+  }, 15000); // 15 seconds timeout to allow for the server to start
+});

package/templates/base/utils/backend/bearer_middleware/bearer_middleware.ts

@@ -0,0 +1,101 @@
+/* eslint-disable no-console */
+import * as debug from "debug";
+import type { Request, Response, NextFunction } from "express";
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+import Express from "express-serve-static-core";
+
+/**
+ * Prefix your start command with `DEBUG=express:middleware:bearer` to enable debug logging
+ * for this middleware
+ */
+const debugLogger = debug("express:middleware:bearer");
+
+/**
+ * Augment the Express request context to include the appId/userId/brandId fields decoded
+ * from the JWT.
+ */
+declare module "express-serve-static-core" {
+  export interface Request {
+    user_id: string;
+  }
+}
+
+const sendUnauthorizedResponse = (res: Response, message?: string) =>
+  res.status(401).json({ error: "unauthorized", message });
+
+/**
+ * An Express.js middleware verifying a Bearer token.
+ * This middleware extracts the token from the `Authorization` header.
+ *
+ * @param getTokenFromRequest - A function that extracts a token from the request. If a token isn't found, throw a `JWTAuthorizationError`.
+ * @returns An Express.js middleware for verifying and decoding JWTs.
+ */
+export function createBearerMiddleware(
+  tokenToUser: (access_token: string) => Promise<string | undefined>,
+  getTokenFromRequest: GetTokenFromRequest = getTokenFromHttpHeader,
+): (req: Request, res: Response, next: NextFunction) => void {
+  return async (req, res, next) => {
+    try {
+      debugLogger(`processing token for '${req.url}'`);
+
+      const token = await getTokenFromRequest(req);
+      const user = await tokenToUser(token);
+
+      if (!user) {
+        throw new AuthorizationError("Token is invalid");
+      }
+
+      req.user_id = user;
+
+      next();
+    } catch (e) {
+      if (e instanceof AuthorizationError) {
+        return sendUnauthorizedResponse(res, e.message);
+      }
+
+      next(e);
+    }
+  };
+}
+
+export type GetTokenFromRequest = (req: Request) => Promise<string> | string;
+
+export const getTokenFromHttpHeader: GetTokenFromRequest = (
+  req: Request,
+): string => {
+  // The names of a HTTP header bearing the JWT, and a scheme
+  const headerName = "Authorization";
+  const schemeName = "Bearer";
+
+  const header = req.header(headerName);
+  if (!header) {
+    throw new AuthorizationError(`Missing the "${headerName}" header`);
+  }
+
+  if (!header.match(new RegExp(`^${schemeName}\\s+[^\\s]+$`, "i"))) {
+    console.trace(
+      `jwtMiddleware: failed to match token in "${headerName}" header`,
+    );
+    throw new AuthorizationError(
+      `Missing a "${schemeName}" token in the "${headerName}" header`,
+    );
+  }
+
+  const token = header.replace(new RegExp(`^${schemeName}\\s+`, "i"), "");
+
+  return token;
+};
+
+/**
+ * A class representing JWT validation errors in the JWT middleware.
+ * The error message provided to the constructor will be forwarded to the
+ * API consumer trying to access a JWT-protected endpoint.
+ * @private
+ */
+export class AuthorizationError extends Error {
+  constructor(message: string) {
+    super(message);
+
+    Object.setPrototypeOf(this, AuthorizationError.prototype);
+  }
+}

package/templates/base/utils/backend/bearer_middleware/index.ts

@@ -0,0 +1 @@
+export { createBearerMiddleware } from "./bearer_middleware";

package/templates/base/utils/backend/bearer_middleware/tests/bearer_middleware.tests.ts

@@ -0,0 +1,192 @@
+/* eslint-disable @typescript-eslint/no-require-imports */
+import type { NextFunction, Request, Response } from "express";
+import type {
+  createBearerMiddleware,
+  GetTokenFromRequest,
+} from "../bearer_middleware";
+
+type Middleware = (req: Request, res: Response, next: NextFunction) => void;
+
+describe("createBearerMiddleware", () => {
+  let fakeGetTokenFromRequest: jest.MockedFn<GetTokenFromRequest>;
+  let verify: jest.MockedFn<(token: string) => Promise<string | undefined>>;
+
+  let req: Request;
+  let res: Response;
+  let next: jest.MockedFn<() => void>;
+
+  let AuthorizationError: typeof Error;
+  let createBearerMiddlewareFn: typeof createBearerMiddleware;
+  let bearerMiddleware: Middleware;
+
+  beforeEach(() => {
+    jest.resetAllMocks();
+    jest.resetModules();
+
+    fakeGetTokenFromRequest = jest.fn();
+    verify = jest.fn();
+
+    const middlewareModule = require("../bearer_middleware");
+    createBearerMiddlewareFn = middlewareModule.createBearerMiddleware;
+    AuthorizationError = middlewareModule.AuthorizationError;
+  });
+
+  describe("When called", () => {
+    beforeEach(() => {
+      req = {
+        header: (_name: string) => undefined,
+      } as Request;
+
+      res = {
+        status: jest.fn().mockReturnThis(),
+        json: jest.fn().mockReturnThis(),
+        send: jest.fn().mockReturnThis(),
+      } as unknown as Response;
+
+      next = jest.fn();
+
+      bearerMiddleware = createBearerMiddlewareFn(
+        verify,
+        fakeGetTokenFromRequest,
+      );
+    });
+
+    describe("When `getTokenFromRequest` throws an exception ('Fake error')", () => {
+      beforeEach(() => {
+        fakeGetTokenFromRequest.mockRejectedValue(
+          new AuthorizationError("Fake error"),
+        );
+      });
+
+      it(`Does not call next() and returns HTTP 401 with error = "unauthorized" and message = "Fake error"`, async () => {
+        expect.assertions(8);
+
+        expect(fakeGetTokenFromRequest).not.toHaveBeenCalled();
+        await bearerMiddleware(req, res, next);
+
+        expect(fakeGetTokenFromRequest).toHaveBeenCalledTimes(1);
+        expect(fakeGetTokenFromRequest).toHaveBeenLastCalledWith(req);
+
+        expect(res.status).toHaveBeenCalledTimes(1);
+        expect(res.status).toHaveBeenLastCalledWith(401);
+
+        expect(res.json).toHaveBeenCalledTimes(1);
+        expect(res.json).toHaveBeenLastCalledWith({
+          error: "unauthorized",
+          message: "Fake error",
+        });
+
+        expect(next).not.toHaveBeenCalled();
+      });
+    });
+
+    describe("When the middleware cannot verify the token", () => {
+      beforeEach(() => {
+        fakeGetTokenFromRequest.mockReturnValue("TOKEN");
+
+        verify.mockImplementation(() => Promise.resolve(undefined));
+      });
+
+      it(`Does not call next() and returns HTTP 401 with error = "unauthorized" and message = "Token is invalid"`, async () => {
+        expect.assertions(5);
+
+        await bearerMiddleware(req, res, next);
+
+        expect(res.status).toHaveBeenCalledTimes(1);
+        expect(res.status).toHaveBeenLastCalledWith(401);
+
+        expect(res.json).toHaveBeenCalledTimes(1);
+        expect(res.json).toHaveBeenLastCalledWith({
+          error: "unauthorized",
+          message: "Token is invalid",
+        });
+
+        expect(next).not.toHaveBeenCalled();
+      });
+    });
+  });
+});
+
+describe("getTokenFromHttpHeader", () => {
+  let getHeader: jest.MockedFn<(name: string) => string | undefined>;
+  let req: Request;
+  let getTokenFromHttpHeader: (req: Request) => string;
+  let AuthorizationError: typeof Error;
+
+  beforeEach(() => {
+    getHeader = jest.fn();
+    req = {
+      header: (name: string) => getHeader(name),
+    } as Request;
+
+    const bearerMiddlewareModule = require("../bearer_middleware");
+    getTokenFromHttpHeader = bearerMiddlewareModule.getTokenFromHttpHeader;
+    AuthorizationError = bearerMiddlewareModule.AuthorizationError;
+  });
+
+  describe("When the 'Authorization' header is missing", () => {
+    beforeEach(() => {
+      getHeader.mockReturnValue(undefined);
+    });
+
+    it(`Throws a AuthorizationError with message = 'Missing the "Authorization" header'`, async () => {
+      expect.assertions(3);
+
+      expect(() => getTokenFromHttpHeader(req)).toThrow(
+        new AuthorizationError('Missing the "Authorization" header'),
+      );
+      expect(getHeader).toHaveBeenCalledTimes(1);
+      expect(getHeader).toHaveBeenLastCalledWith("Authorization");
+    });
+  });
+
+  describe("When the 'Authorization' header doesn't have a Bearer scheme", () => {
+    beforeEach(() => {
+      getHeader.mockReturnValue("Beerer FAKE_TOKEN");
+    });
+
+    it(`Throws a AuthorizationError with message = 'Missing a "Bearer" token in the "Authorization" header''`, async () => {
+      expect.assertions(3);
+
+      expect(() => getTokenFromHttpHeader(req)).toThrow(
+        new AuthorizationError(
+          'Missing a "Bearer" token in the "Authorization" header',
+        ),
+      );
+      expect(getHeader).toHaveBeenCalledTimes(1);
+      expect(getHeader).toHaveBeenLastCalledWith("Authorization");
+    });
+  });
+
+  describe("When the 'Authorization' Bearer scheme header doesn't have a token", () => {
+    beforeEach(() => {
+      getHeader.mockReturnValue("Bearer ");
+    });
+
+    it(`Throws a AuthorizationError with message = 'Missing a "Bearer" token in the "Authorization" header'`, async () => {
+      expect.assertions(3);
+
+      expect(() => getTokenFromHttpHeader(req)).toThrow(
+        new AuthorizationError(
+          'Missing a "Bearer" token in the "Authorization" header',
+        ),
+      );
+      expect(getHeader).toHaveBeenCalledTimes(1);
+      expect(getHeader).toHaveBeenLastCalledWith("Authorization");
+    });
+  });
+
+  describe("When the 'Authorization' Bearer scheme header has a token", () => {
+    beforeEach(() => {
+      getHeader.mockReturnValue("Bearer TOKEN");
+    });
+
+    it(`Returns the token`, async () => {
+      expect.assertions(3);
+
+      expect(getTokenFromHttpHeader(req)).toEqual("TOKEN");
+      expect(getHeader).toHaveBeenCalledTimes(1);
+      expect(getHeader).toHaveBeenLastCalledWith("Authorization");
+    });
+  });
+});

package/templates/base/utils/use_add_element.ts

@@ -0,0 +1,48 @@
+import type {
+  EmbedElement,
+  ImageElement,
+  RichtextElement,
+  TableElement,
+  TextElement,
+  VideoElement,
+} from "@canva/design";
+import { addElementAtCursor, addElementAtPoint } from "@canva/design";
+import { useFeatureSupport } from "./use_feature_support";
+import { features } from "@canva/platform";
+import { useEffect, useState } from "react";
+
+type AddElementParams =
+  | ImageElement
+  | VideoElement
+  | EmbedElement
+  | TextElement
+  | RichtextElement
+  | TableElement;
+
+export const useAddElement = () => {
+  const isSupported = useFeatureSupport();
+
+  // Store a wrapped addElement function that checks feature support
+  const [addElement, setAddElement] = useState(() => {
+    return (element: AddElementParams) => {
+      if (features.isSupported(addElementAtPoint)) {
+        return addElementAtPoint(element);
+      } else if (features.isSupported(addElementAtCursor)) {
+        return addElementAtCursor(element);
+      }
+    };
+  });
+
+  useEffect(() => {
+    const addElement = (element: AddElementParams) => {
+      if (isSupported(addElementAtPoint)) {
+        return addElementAtPoint(element);
+      } else if (isSupported(addElementAtCursor)) {
+        return addElementAtCursor(element);
+      }
+    };
+    setAddElement(() => addElement);
+  }, [isSupported]);
+
+  return addElement;
+};

package/templates/base/utils/use_feature_support.ts

@@ -0,0 +1,28 @@
+import { features } from "@canva/platform";
+import type { Feature } from "@canva/platform";
+import { useState, useEffect } from "react";
+
+/**
+ * This hook allows re-rendering of a React component whenever
+ * the state of feature support changes in Canva.
+ *
+ * @returns isSupported - callback to inspect a Canva SDK method.
+ **/
+export function useFeatureSupport() {
+  // Store a wrapped function that checks feature support
+  const [isSupported, setIsSupported] = useState(() => {
+    return (...args: Feature[]) => features.isSupported(...args);
+  });
+
+  useEffect(() => {
+    // create new function ref when feature support changes to trigger
+    // re-render
+    return features.registerOnSupportChange(() => {
+      setIsSupported(() => {
+        return (...args: Feature[]) => features.isSupported(...args);
+      });
+    });
+  }, []);
+
+  return isSupported;
+}

package/templates/base/{webpack.config.cjs → webpack.config.ts}

@@ -1,30 +1,33 @@
-require("dotenv").config();
-const path = require("path");
-const TerserPlugin = require("terser-webpack-plugin");
-const { DefinePlugin, optimize } = require("webpack");
-const chalk = require("chalk");
-const { transform } = require("@formatjs/ts-transformer");
+import type { Configuration } from "webpack";
+import { DefinePlugin, optimize } from "webpack";
+import * as path from "path";
+import * as TerserPlugin from "terser-webpack-plugin";
+import { transform } from "@formatjs/ts-transformer";
+import * as chalk from "chalk";
+import { config } from "dotenv";
+import { Configuration as DevServerConfiguration } from "webpack-dev-server";
 
-/**
- *
- * @param {Object} [options]
- * @param {string} [options.appEntry=./src/index.tsx]
- * @param {string} [options.backendHost]
- * @param {Object} [options.devConfig]
- * @param {number} [options.devConfig.port]
- * @param {boolean} [options.devConfig.enableHmr]
- * @param {boolean} [options.devConfig.enableHttps]
- * @param {string} [options.devConfig.appOrigin]
- * @param {string} [options.devConfig.appId] - Deprecated in favour of appOrigin
- * @param {string} [options.devConfig.certFile]
- * @param {string} [options.devConfig.keyFile]
- * @returns {Object}
- */
-function buildConfig({
+config();
+
+type DevConfig = {
+  port: number;
+  enableHmr: boolean;
+  enableHttps: boolean;
+  appOrigin?: string;
+  appId?: string; // Deprecated in favour of appOrigin
+  certFile?: string;
+  keyFile?: string;
+};
+
+export function buildConfig({
   devConfig,
   appEntry = path.join(process.cwd(), "src", "index.tsx"),
   backendHost = process.env.CANVA_BACKEND_HOST,
-} = {}) {
+}: {
+  devConfig?: DevConfig;
+  appEntry?: string;
+  backendHost?: string;
+} = {}): Configuration & DevServerConfiguration {
   const mode = devConfig ? "development" : "production";
 
   if (!backendHost) {
@@ -173,32 +176,23 @@ function buildConfig({
       }),
       // Apps can only submit a single JS file via the developer portal
       new optimize.LimitChunkCountPlugin({ maxChunks: 1 }),
-    ],
+    ].filter(Boolean),
     ...buildDevConfig(devConfig),
   };
 }
 
-/**
- *
- * @param {Object} [options]
- * @param {number} [options.port]
- * @param {boolean} [options.enableHmr]
- * @param {boolean} [options.enableHttps]
- * @param {string} [options.appOrigin]
- * @param {string} [options.appId] - Deprecated in favour of appOrigin
- * @param {string} [options.certFile]
- * @param {string} [options.keyFile]
- * @returns {Object|null}
- */
-function buildDevConfig(options) {
+function buildDevConfig(options?: DevConfig): {
+  devtool?: string;
+  devServer?: DevServerConfiguration;
+} {
   if (!options) {
-    return null;
+    return {};
   }
 
   const { port, enableHmr, appOrigin, appId, enableHttps, certFile, keyFile } =
     options;
 
-  let devServer = {
+  let devServer: DevServerConfiguration = {
     server: enableHttps
       ? {
           type: "https",
@@ -265,6 +259,4 @@ function buildDevConfig(options) {
   };
 }
 
-module.exports = () => buildConfig();
-
-module.exports.buildConfig = buildConfig;
+export default buildConfig;

package/templates/common/.gitignore.template

@@ -1,9 +1,8 @@
-.idea
-.ssl
-node_modules
 .DS_Store
-yarn-error.log
-dist
-secrets.json
 .env
+.idea
+.ssl
+*.log*
 **/*/db.json
+dist
+node_modules

package/templates/common/.nvmrc

@@ -0,0 +1 @@
+20.10.0

package/templates/common/.prettierrc

@@ -0,0 +1,21 @@
+{
+  "arrowParens": "always",
+  "bracketSpacing": true,
+  "endOfLine": "lf",
+  "htmlWhitespaceSensitivity": "css",
+  "insertPragma": false,
+  "singleAttributePerLine": false,
+  "bracketSameLine": false,
+  "jsxSingleQuote": false,
+  "printWidth": 80,
+  "proseWrap": "preserve",
+  "quoteProps": "as-needed",
+  "requirePragma": false,
+  "semi": true,
+  "singleQuote": false,
+  "tabWidth": 2,
+  "trailingComma": "all",
+  "useTabs": false,
+  "embeddedLanguageFormatting": "auto",
+  "experimentalTernaries": false
+}

package/templates/common/.vscode/extensions.json

@@ -0,0 +1,6 @@
+{
+  // For developers using vscode we recommend the following extensions. Following
+  // and listening to the formatting and linting guidelines can help with
+  // implementation quality and in some instances reduce app review timelines.
+  "recommendations": ["esbenp.prettier-vscode", "dbaeumer.vscode-eslint"]
+}