@ditojs/server 1.4.3 → 1.5.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ditojs/server",
-  "version": "1.4.3",
+  "version": "1.5.2",
   "type": "module",
   "description": "Dito.js Server – Dito.js is a declarative and modern web framework, based on Objection.js, Koa.js and Vue.js",
   "repository": "https://github.com/ditojs/dito/tree/master/packages/server",
@@ -21,22 +21,22 @@
     "node >= 16"
   ],
   "dependencies": {
-    "@ditojs/admin": "^1.4.3",
-    "@ditojs/router": "^1.4.3",
-    "@ditojs/utils": "^1.4.3",
-    "@koa/cors": "^3.2.0",
+    "@ditojs/admin": "^1.5.0",
+    "@ditojs/build": "^1.5.0",
+    "@ditojs/router": "^1.5.0",
+    "@ditojs/utils": "^1.5.0",
+    "@koa/cors": "^3.3.0",
     "@koa/multer": "^3.0.0",
     "@originjs/vite-plugin-commonjs": "^1.0.3",
     "ajv": "^8.11.0",
     "ajv-formats": "^2.1.1",
-    "aws-sdk": "^2.1098.0",
+    "aws-sdk": "^2.1108.0",
     "axios": "^0.26.1",
     "bcryptjs": "^2.4.3",
     "bytes": "^3.1.2",
     "data-uri-to-buffer": "^4.0.0",
     "eventemitter2": "^6.4.5",
     "file-type": "^17.1.1",
-    "find-up": "^6.3.0",
     "fs-extra": "^10.0.1",
     "image-size": "^1.0.1",
     "is-svg": "^4.3.2",
@@ -55,31 +55,31 @@
     "mime-types": "^2.1.35",
     "multer": "^1.4.4",
     "multer-s3": "^2.10.0",
-    "nanoid": "^3.3.1",
+    "nanoid": "^3.3.2",
     "parse-duration": "^1.0.2",
     "passport-local": "^1.0.0",
     "passthrough-counter": "^1.0.0",
     "picocolors": "^1.0.0",
     "picomatch": "^2.3.1",
     "pino": "^7.9.2",
-    "pino-pretty": "^7.5.4",
+    "pino-pretty": "^7.6.0",
     "pluralize": "^8.0.0",
     "repl": "^0.1.3",
     "uuid": "^8.3.2",
-    "vite": "^2.8.6",
+    "vite": "^2.9.1",
     "vite-plugin-vue2": "^1.9.3",
     "vue": "^2.6.14",
     "vue-template-compiler": "^2.6.14"
   },
   "peerDependencies": {
-    "knex": "^0.21.0",
-    "objection": "^2.2.0"
+    "knex": "^1.0.4",
+    "objection": "^3.0.1"
   },
   "devDependencies": {
-    "knex": "^0.21.21",
-    "objection": "^2.2.18",
+    "knex": "^1.0.5",
+    "objection": "^3.0.1",
     "pg": "^8.7.3",
     "sqlite3": "^5.0.2"
   },
-  "gitHead": "f2a544aef8ab0a12c7019650cd86558f8365b007"
+  "gitHead": "b7861d7cea5426a8a487ce4c3b9d9f1ff3e908ce"
 }

package/src/app/Application.js

@@ -1,11 +1,13 @@
+import os from 'os'
+import path from 'path'
+import util from 'util'
+import zlib from 'zlib'
+import fs from 'fs-extra'
 import Koa from 'koa'
 import Knex from 'knex'
-import util from 'util'
 import axios from 'axios'
 import pico from 'picocolors'
-import zlib from 'zlib'
 import pino from 'pino'
-import os from 'os'
 import parseDuration from 'parse-duration'
 import bodyParser from 'koa-bodyparser'
 import cors from '@koa/cors'
@@ -20,8 +22,8 @@ import helmet from 'koa-helmet'
 import responseTime from 'koa-response-time'
 import Router from '@ditojs/router'
 import {
-  isArray, isObject, isString, asArray, isPlainObject, hyphenate, clone, merge,
-  parseDataPath, normalizeDataPath, isModule
+  isArray, isObject, isString, asArray, isPlainObject, isModule,
+  hyphenate, clone, merge, parseDataPath, normalizeDataPath, toPromiseCallback
 } from '@ditojs/utils'
 import SessionStore from './SessionStore.js'
 import { Validator } from './Validator.js'
@@ -46,11 +48,10 @@ import {
   handleUser,
   logRequests
 } from '../middleware/index.js'
-import objection, {
+import {
   Model,
   BelongsToOneRelation,
-  // TODO: Import directly once we can move to Objection 3
-  // knexSnakeCaseMappers,
+  knexSnakeCaseMappers,
   ref
 } from 'objection'
 
@@ -73,6 +74,7 @@ export class Application extends Koa {
       log = {},
       ...rest
     } = config
+    this.server = null
     this.config = {
       app,
       log: log.silent || process.env.DITO_SILENT ? {} : log,
@@ -105,6 +107,10 @@ export class Application extends Koa {
     }
   }
 
+  get isRunning() {
+    return !!this.server
+  }
+
   addRoute(
     method, path, transacted, middlewares, controller = null, action = null
   ) {
@@ -282,10 +288,6 @@ export class Application extends Koa {
     return Object.values(this.services).find(callback)
   }
 
-  forEachService(callback) {
-    return Promise.all(Object.values(this.services).map(callback))
-  }
-
   addControllers(controllers, namespace) {
     for (const [key, value] of Object.entries(controllers)) {
       if (isModule(value) || isPlainObject(value)) {
@@ -626,7 +628,7 @@ export class Application extends Koa {
       if (snakeCaseOptions) {
         knex = {
           ...knex,
-          ...objection.knexSnakeCaseMappers(snakeCaseOptions)
+          ...knexSnakeCaseMappers(snakeCaseOptions)
         }
       }
       this.knex = Knex(knex)
@@ -717,46 +719,54 @@ export class Application extends Koa {
       this.on('error', this.logError)
     }
     await this.emit('before:start')
-    await this.forEachService(service => service.start())
-    const { server: { host, port } } = this.config
-    this.server = await new Promise((resolve, reject) => {
-      const server = this.listen(port, host, () => {
-        const { port } = server.address()
+    this.server = await new Promise(resolve => {
+      const server = this.listen(this.config.server, () => {
+        const { address, port } = server.address()
         console.info(
-          `Dito server started at http://${host}:${port}`
+          `Dito.js server started at http://${address}:${port}`
         )
         resolve(server)
       })
-      if (!server) {
-        reject(new Error(`Unable to start server at http://${host}:${port}`))
-      }
     })
+    if (!this.server) {
+      throw new Error('Unable to start Dito.js server')
+    }
     await this.emit('after:start')
   }
 
-  async stop() {
-    await this.emit('before:stop')
-    this.server = await new Promise((resolve, reject) => {
-      const { server } = this
-      if (server) {
-        server.close(err => {
-          if (err) {
-            reject(err)
-          } else {
-            resolve(null)
-          }
-        })
-        // Hack to make sure that we close the server,
-        //  even if sockets are still open.
-        //  Taken from https://stackoverflow.com/a/36830072.
-        //  A proper solution would be to use a library, ex: https://github.com/godaddy/terminus
-        setImmediate(() => server.emit('close'))
-      } else {
-        reject(new Error('Server is not running'))
-      }
-    })
-    await this.forEachService(service => service.stop())
-    await this.emit('after:stop')
+  async stop(timeout = 0) {
+    if (!this.server) {
+      throw new Error('Dito.js server is not running')
+    }
+
+    const promise = (async () => {
+      await this.emit('before:stop')
+      await new Promise((resolve, reject) => {
+        this.server.close(toPromiseCallback(resolve, reject))
+      })
+      // Hack to make sure that the server is closed, even if sockets are still
+      // open after `server.close()`, see: https://stackoverflow.com/a/36830072
+      this.server.emit('close')
+      this.server = null
+      await this.emit('after:stop')
+    })()
+
+    if (timeout > 0) {
+      await Promise.race([
+        promise,
+        new Promise((resolve, reject) =>
+          setTimeout(reject,
+            timeout,
+            new Error(
+              `Timeout reached while stopping Dito.js server (${timeout}ms)`
+            )
+          )
+        )
+      ])
+    } else {
+      await promise
+    }
+
     if (this.config.log.errors !== false) {
       this.off('error', this.logError)
     }
@@ -853,23 +863,38 @@ export class Application extends Koa {
             if (file.data || file.url) {
               let { data } = file
               if (!data) {
+                const { url } = file
+                if (!storage.isImportSourceAllowed(url)) {
+                  throw new AssetError(
+                    `Unable to import asset from foreign source: '${
+                      file.name
+                    }' ('${
+                      url
+                    }'): The source needs to be explicitly allowed.`
+                  )
+                }
                 console.info(
                   `${
                     pico.red('INFO:')
                   } Asset ${
                     pico.green(`'${file.name}'`)
                   } is from a foreign source, fetching from ${
-                    pico.green(`'${file.url}'`)
+                    pico.green(`'${url}'`)
                   } and adding to storage ${
                     pico.green(`'${storage.name}'`)
                   }...`
                 )
-                const response = await axios.request({
-                  method: 'get',
-                  url: file.url,
-                  responseType: 'arraybuffer'
-                })
-                data = response.data
+                if (url.startsWith('file://')) {
+                  const filepath = path.resolve(url.substring(7))
+                  data = await fs.readFile(filepath)
+                } else {
+                  const response = await axios.request({
+                    method: 'get',
+                    responseType: 'arraybuffer',
+                    url
+                  })
+                  data = response.data
+                }
               }
               const importedFile = await storage.addFile(file, data)
               await this.createAssets(storage, [importedFile], 0, trx)

package/src/controllers/AdminController.js

@@ -1,5 +1,5 @@
 import path from 'path'
-import fs from 'fs'
+import { exit } from 'process'
 import Koa from 'koa'
 import serve from 'koa-static'
 import { defineConfig, createServer } from 'vite'
@@ -7,8 +7,10 @@ import { createVuePlugin } from 'vite-plugin-vue2'
 import {
   viteCommonjs as createCommonJsPlugin
 } from '@originjs/vite-plugin-commonjs'
-import picomatch from 'picomatch'
-import { findUpSync } from 'find-up'
+import {
+  createRollupImportsResolver,
+  testModuleIdentifier
+} from '@ditojs/build'
 import { merge } from '@ditojs/utils'
 import { Controller } from './Controller.js'
 import { handleConnectMiddleware } from '../middleware/index.js'
@@ -89,6 +91,7 @@ export class AdminController extends Controller {
     }
   }
 
+  // @override
   compose() {
     this.koa = new Koa()
     this.koa.use(this.middleware())
@@ -127,6 +130,32 @@ export class AdminController extends Controller {
         }
       }
     })
+
+    let closed = false
+
+    // Monkey-patch `process.exit()` to filter out the calls caused by vite's
+    // handling of SIGTERM, see: https://github.com/vitejs/vite/issues/7627
+    process.exit = code => {
+      // Filter out calls from inside vite by looking at the stack trace.
+      if (new Error().stack.includes('/vite/dist/')) {
+        // vite's own `exitProcess()` just called `process.exit(), and this
+        // means it has already called `server.close()` internally.
+        closed = true
+        process.exit = exit
+      } else {
+        exit(code)
+      }
+    }
+
+    this.app.once('before:stop', () => {
+      // For good timing it seems crucial to not add more ticks with async
+      // signature, so we directly return the `server.close()` promise instead.
+      process.exit = exit
+      if (!closed) {
+        closed = true
+        return server.close()
+      }
+    })
     this.koa.use(handleConnectMiddleware(server.middlewares, {
       expandMountPath: true
     }))
@@ -135,16 +164,11 @@ export class AdminController extends Controller {
   getViteConfig(config = {}) {
     const development = this.mode === 'development'
 
-    const cwd = path.resolve('.')
+    const cwd = process.cwd()
     const root = this.getPath('root')
     const base = `${this.url}/`
     const views = path.join(root, 'views')
 
-    // Read `package.json` from the closest package.json, so we can emulate
-    // ESM-style imports mappings in rollup / vite.
-    const pkg = findUpSync('package.json', { cwd: root })
-    const { imports = {} } = JSON.parse(fs.readFileSync(pkg, 'utf8'))
-
     return defineConfig(merge({
       root,
       base,
@@ -185,7 +209,7 @@ export class AdminController extends Controller {
                     return 'common'
                   } else {
                     const module = id.match(/node_modules\/([^/$]*)/)?.[1] || ''
-                    return picomatch.isMatch(module, CORE_DEPENDENCIES)
+                    return testModuleIdentifier(module, CORE_DEPENDENCIES)
                       ? 'core'
                       : 'vendor'
                   }
@@ -210,27 +234,7 @@ export class AdminController extends Controller {
             find: '@',
             replacement: root
           },
-          {
-            // Use a custom rollup resolver to emulate ESM-style imports
-            // mappings in vite, as read from `package.json` above:
-            find: /^#/,
-            replacement: '#',
-            customResolver(id) {
-              for (const [find, replacement] of Object.entries(imports)) {
-                picomatch.isMatch(id, find.replace('*', '**'), {
-                  capture: true,
-                  onMatch({ input, regex }) {
-                    const replacementPath = path.resolve(replacement)
-                    const match = input.match(regex)?.[1]
-                    id = match
-                      ? replacementPath.replace('*', match)
-                      : replacementPath
-                  }
-                })
-              }
-              return id
-            }
-          }
+          createRollupImportsResolver({ cwd: root })
         ]
       }
     }, config))

package/src/controllers/CollectionController.js

@@ -68,17 +68,18 @@ export class CollectionController extends Controller {
     return this.extendContext(ctx, { memberId })
   }
 
-  getCollectionIds(ctx) {
+  getModelId(model) {
     const idProperty = this.modelClass.getIdProperty()
     // Handle both composite keys and normal ones.
-    const getId = isArray(idProperty)
-      ? model => idProperty.reduce(
-        (id, key) => {
-          id.push(model[key])
-          return id
-        }, [])
-      : model => model[idProperty]
-    return asArray(ctx.request.body).map(model => this.validateId(getId(model)))
+    return isArray(idProperty)
+      ? idProperty.map(property => model[property])
+      : model[idProperty]
+  }
+
+  getCollectionIds(ctx) {
+    return asArray(ctx.request.body).map(
+      model => this.validateId(this.getModelId(model))
+    )
   }
 
   getIds(ctx) {
@@ -219,9 +220,9 @@ export class CollectionController extends Controller {
           .modify(getModify(modify, trx))
         )
         : await this.executeAndFetch('insert', ctx, modify)
-      ctx.status = 201
+      ctx.status = 201 // Created
       if (isObject(result)) {
-        ctx.set('Location', this.getUrl('collection', result.id))
+        ctx.set('Location', this.getUrl('collection', this.getModelId(result)))
       }
       return result
     },

package/src/controllers/Controller.js

@@ -26,6 +26,12 @@ export class Controller {
   initialize() {
   }
 
+  // @return {Application|Function} [app or function]
+  compose() {
+    // To be overridden in sub-classes, if the controller needs to install
+    // middleware. For normal routes, use `this.app.addRoute()` instead.
+  }
+
   setup(isRoot = true, setupActionsObject = true) {
     this._setupEmitter(this.hooks, {
       // Support wildcard hooks only on controllers:
@@ -246,12 +252,6 @@ export class Controller {
     ])
   }
 
-  // @return {Application|Function} [app or function]
-  compose() {
-    // To be overridden in sub-classes, if the controller needs to install
-    // middleware. For normal routes, use `this.app.addRoute()` instead.
-  }
-
   getPath(type, path) {
     // To be overridden by sub-classes.
     return path

package/src/models/Model.js

@@ -929,11 +929,9 @@ export class Model extends objection.Model {
         )
         : assetDataPaths
 
-      // `dataPaths` will be empty in the case of an update/insert that do not
+      // `dataPaths` is empty in the case of an update/insert that does not
       // affect the assets.
-      if (dataPaths.length === 0) {
-        return
-      }
+      if (dataPaths.length === 0) return
 
       // Load the model's asset files in their current state before the query is
       // executed.
@@ -972,7 +970,7 @@ export class Model extends objection.Model {
           if (modifiedFiles.length > 0) {
             // TODO: `modifiedFiles` should be restored as well, but that's far
             // from trivial since no backup is kept in `handleModifiedAssets`
-            console.info(
+            console.warn(
               `Unable to restore these already modified files: ${
                 modifiedFiles.map(file => `'${file.name}'`)
               }`

package/src/schema/relations.test.js

@@ -5,7 +5,7 @@ import {
   HasManyRelation,
   ManyToManyRelation
 } from 'objection'
-import { Model } from '../models.js'
+import { Model } from '../models/index.js'
 import {
   getRelationClass, convertRelation, addRelationSchemas
 } from './relations.js'

package/src/services/Service.js

@@ -11,6 +11,8 @@ export class Service {
 
   setup(config) {
     this.config = config
+    this.app.on('before:start', () => this.start())
+    this.app.on('after:stop', () => this.stop())
   }
 
   // @overridable

package/src/storage/Storage.js

@@ -1,8 +1,9 @@
 import path from 'path'
+import { URL } from 'url'
 import multer from '@koa/multer'
+import picomatch from 'picomatch'
 import imageSize from 'image-size'
 import { PassThrough } from 'stream'
-import { URL } from 'url'
 import { hyphenate, toPromiseCallback } from '@ditojs/utils'
 import { AssetFile } from './AssetFile.js'
 
@@ -57,6 +58,10 @@ export class Storage {
     return AssetFile.getUniqueKey(name)
   }
 
+  isImportSourceAllowed(url) {
+    return picomatch.isMatch(url, this.config.allowedImports || [])
+  }
+
   convertAssetFile(file) {
     return AssetFile.convert(file, this)
   }