@eldrin-project/eldrin-app-core 0.0.2 → 0.0.4

package/dist/index.cjs

@@ -1,12 +1,8 @@
 'use strict';
 
-var react = require('react');
 var promises = require('fs/promises');
 var fs = require('fs');
 var path = require('path');
-var jsxRuntime = require('react/jsx-runtime');
-
-// src/app/createApp.tsx
 
 // src/migrations/checksum.ts
 var CHECKSUM_PREFIX = "sha256:";
@@ -444,120 +440,6 @@ async function validateMigrationManifest(manifest, files) {
     errors
   };
 }
-var EldrinDatabaseContext = react.createContext(null);
-function DatabaseProvider({
-  db,
-  migrationsComplete,
-  migrationResult,
-  children
-}) {
-  const value = {
-    db,
-    migrationsComplete,
-    migrationResult
-  };
-  return /* @__PURE__ */ jsxRuntime.jsx(EldrinDatabaseContext.Provider, { value, children });
-}
-function useDatabase() {
-  const context = react.useContext(EldrinDatabaseContext);
-  if (context === null) {
-    throw new Error("useDatabase must be used within a DatabaseProvider (via createApp)");
-  }
-  return context.db;
-}
-function useDatabaseContext() {
-  const context = react.useContext(EldrinDatabaseContext);
-  if (context === null) {
-    throw new Error("useDatabaseContext must be used within a DatabaseProvider (via createApp)");
-  }
-  return context;
-}
-function useMigrationsComplete() {
-  const context = react.useContext(EldrinDatabaseContext);
-  return context?.migrationsComplete ?? false;
-}
-
-// src/app/createApp.tsx
-function createApp(options) {
-  const { name, root: RootComponent, migrations = [], onMigrationsComplete, onMigrationError } = options;
-  const state = {
-    db: null,
-    migrationsComplete: false,
-    migrationResult: void 0,
-    mountedElement: void 0,
-    reactRoot: void 0
-  };
-  async function bootstrap(props) {
-    const db = props.db ?? null;
-    state.db = db;
-    if (db && migrations.length > 0) {
-      try {
-        const result = await runMigrations(db, {
-          migrations,
-          onLog: (message, level) => {
-            const prefix = `[${name}]`;
-            if (level === "error") {
-              console.error(prefix, message);
-            } else if (level === "warn") {
-              console.warn(prefix, message);
-            } else {
-              console.log(prefix, message);
-            }
-          }
-        });
-        state.migrationResult = result;
-        if (result.success) {
-          state.migrationsComplete = true;
-          onMigrationsComplete?.(result);
-        } else {
-          const error = new Error(result.error?.message ?? "Migration failed");
-          onMigrationError?.(error);
-          throw error;
-        }
-      } catch (error) {
-        state.migrationsComplete = false;
-        const err = error instanceof Error ? error : new Error(String(error));
-        onMigrationError?.(err);
-        throw err;
-      }
-    } else {
-      state.migrationsComplete = true;
-    }
-  }
-  async function mount(props) {
-    const domElement = props.domElement ?? document.getElementById(`app-${name}`);
-    if (!domElement) {
-      throw new Error(`No DOM element found for app "${name}". Expected element with id="app-${name}" or domElement prop.`);
-    }
-    state.mountedElement = domElement;
-    const rootElement = react.createElement(RootComponent, props.customProps ?? {});
-    const appElement = react.createElement(DatabaseProvider, {
-      db: state.db,
-      migrationsComplete: state.migrationsComplete,
-      migrationResult: state.migrationResult,
-      children: rootElement
-    });
-    const ReactDOM = await import('react-dom/client');
-    const root = ReactDOM.createRoot(domElement);
-    root.render(appElement);
-    state.reactRoot = root;
-  }
-  async function unmount(_props) {
-    if (state.reactRoot) {
-      state.reactRoot.unmount();
-      state.reactRoot = void 0;
-    }
-    if (state.mountedElement) {
-      state.mountedElement.innerHTML = "";
-      state.mountedElement = void 0;
-    }
-  }
-  return {
-    bootstrap,
-    mount,
-    unmount
-  };
-}
 
 // src/events/client.ts
 var EldrinEventClient = class {
@@ -957,14 +839,218 @@ function requireAllPermissions(request, permissions) {
   return auth;
 }
 
+// src/middleware/matcher.ts
+function compileRoutes(routes, apiPrefix) {
+  return routes.map((route) => {
+    const methods = new Set(
+      Array.isArray(route.method) ? route.method.map((m) => m.toUpperCase()) : [route.method.toUpperCase()]
+    );
+    const fullPath = `${apiPrefix}${route.path}`;
+    const paramNames = [];
+    let regexPattern = fullPath.replace(/[.+?^${}()|[\]\\]/g, "\\$&").replace(/:([a-zA-Z_][a-zA-Z0-9_]*)/g, (_, name) => {
+      paramNames.push(name);
+      return "([^/]+)";
+    }).replace(/\*/g, "[^/]+");
+    const pattern = new RegExp(`^${regexPattern}$`);
+    let permission = null;
+    if (route.permission) {
+      const colonIndex = route.permission.indexOf(":");
+      if (colonIndex > 0) {
+        permission = {
+          resource: route.permission.substring(0, colonIndex),
+          action: route.permission.substring(colonIndex + 1)
+        };
+      }
+    }
+    return {
+      methods,
+      pattern,
+      paramNames,
+      permission,
+      originalPath: route.path
+    };
+  });
+}
+function matchRoute(method, pathname, compiledRoutes) {
+  const upperMethod = method.toUpperCase();
+  for (const route of compiledRoutes) {
+    if (!route.methods.has(upperMethod)) continue;
+    const match = pathname.match(route.pattern);
+    if (match) {
+      const params = {};
+      route.paramNames.forEach((name, index) => {
+        params[name] = match[index + 1];
+      });
+      return { route, params };
+    }
+  }
+  return null;
+}
+function isPublicRoute(pathname, publicRoutes, apiPrefix) {
+  for (const publicPath of publicRoutes) {
+    const fullPath = `${apiPrefix}${publicPath}`;
+    if (pathname === fullPath) return true;
+    if (publicPath.endsWith("/*")) {
+      const prefix = `${apiPrefix}${publicPath.slice(0, -2)}`;
+      if (pathname.startsWith(prefix + "/")) return true;
+    }
+  }
+  return false;
+}
+
+// src/middleware/index.ts
+function createPermissionMiddleware(config) {
+  const apiPrefix = config.apiPrefix ?? "/api";
+  const manifest = config.manifest;
+  const api = manifest.api;
+  const compiledRoutes = api?.routes ? compileRoutes(api.routes, apiPrefix) : [];
+  const defaultPolicy = api?.defaultPolicy ?? "deny";
+  const publicRoutes = api?.publicRoutes ?? [];
+  const emptyAuth = {
+    userId: "",
+    email: "",
+    name: "",
+    platformRoles: [],
+    permissions: []
+  };
+  function createCorsHeaders() {
+    if (!config.cors) return {};
+    return {
+      "Access-Control-Allow-Origin": config.cors.allowOrigin,
+      "Access-Control-Allow-Methods": config.cors.allowMethods,
+      "Access-Control-Allow-Headers": config.cors.allowHeaders
+    };
+  }
+  function withCors(response) {
+    if (!config.cors) return response;
+    const newHeaders = new Headers(response.headers);
+    Object.entries(createCorsHeaders()).forEach(([key, value]) => {
+      newHeaders.set(key, value);
+    });
+    return new Response(response.body, {
+      status: response.status,
+      statusText: response.statusText,
+      headers: newHeaders
+    });
+  }
+  function errorResponse(error) {
+    if (config.onError) {
+      return withCors(config.onError(error));
+    }
+    switch (error.type) {
+      case "unauthorized":
+        return withCors(
+          Response.json(
+            { error: "Unauthorized", message: error.message },
+            { status: 401 }
+          )
+        );
+      case "forbidden":
+        return withCors(
+          Response.json(
+            {
+              error: "Forbidden",
+              message: error.message,
+              permission: error.permission
+            },
+            { status: 403 }
+          )
+        );
+      case "route_not_found":
+        return withCors(
+          Response.json(
+            { error: "Not Found", message: error.message },
+            { status: 404 }
+          )
+        );
+    }
+  }
+  async function verifyAndGetAuth(request, env) {
+    const jwtOptions = {
+      secret: config.getSecret(env),
+      appId: manifest.id,
+      developerId: manifest.developer_id
+    };
+    const result = await verifyJWT(request, jwtOptions);
+    if (!result.success) {
+      return errorResponse({
+        type: "unauthorized",
+        message: result.error
+      });
+    }
+    return result.auth;
+  }
+  return {
+    async handle(request, env) {
+      const url = new URL(request.url);
+      const method = request.method;
+      const pathname = url.pathname;
+      if (config.skipRoutes) {
+        for (const skipPattern of config.skipRoutes) {
+          if (pathname.startsWith(skipPattern)) {
+            return { auth: emptyAuth, url, params: {} };
+          }
+        }
+      }
+      if (method === "OPTIONS") {
+        return {
+          response: new Response(null, {
+            status: 204,
+            headers: createCorsHeaders()
+          })
+        };
+      }
+      if (!pathname.startsWith(apiPrefix)) {
+        return { auth: emptyAuth, url, params: {} };
+      }
+      if (isPublicRoute(pathname, publicRoutes, apiPrefix)) {
+        return { auth: emptyAuth, url, params: {} };
+      }
+      const match = matchRoute(method, pathname, compiledRoutes);
+      if (!match) {
+        if (defaultPolicy === "allow") {
+          return { auth: emptyAuth, url, params: {} };
+        }
+        const authResult2 = await verifyAndGetAuth(request, env);
+        if (authResult2 instanceof Response) {
+          return { response: authResult2 };
+        }
+        return { auth: authResult2, url, params: {} };
+      }
+      if (match.route.permission === null) {
+        return { auth: emptyAuth, url, params: match.params };
+      }
+      const authResult = await verifyAndGetAuth(request, env);
+      if (authResult instanceof Response) {
+        return { response: authResult };
+      }
+      const auth = authResult;
+      if (isPlatformAdmin(auth)) {
+        return { auth, url, params: match.params };
+      }
+      const { resource, action } = match.route.permission;
+      if (!hasPermission(auth, resource, action)) {
+        return {
+          response: errorResponse({
+            type: "forbidden",
+            message: `Missing permission: ${resource}:${action}`,
+            permission: `${resource}:${action}`
+          })
+        };
+      }
+      return { auth, url, params: match.params };
+    }
+  };
+}
+
 exports.AUTH_HEADERS = AUTH_HEADERS;
 exports.CHECKSUM_PREFIX = CHECKSUM_PREFIX;
-exports.DatabaseProvider = DatabaseProvider;
 exports.EldrinEventClient = EldrinEventClient;
 exports.calculateChecksum = calculateChecksum;
 exports.calculatePrefixedChecksum = calculatePrefixedChecksum;
-exports.createApp = createApp;
+exports.compileRoutes = compileRoutes;
 exports.createEventClient = createEventClient;
+exports.createPermissionMiddleware = createPermissionMiddleware;
 exports.extractTimestamp = extractTimestamp;
 exports.generateMigrationManifest = generateMigrationManifest;
 exports.getAuthContext = getAuthContext;
@@ -974,8 +1060,10 @@ exports.getRollbackFilename = getRollbackFilename;
 exports.hasPermission = hasPermission;
 exports.hasPlatformRole = hasPlatformRole;
 exports.isPlatformAdmin = isPlatformAdmin;
+exports.isPublicRoute = isPublicRoute;
 exports.isValidMigrationFilename = isValidMigrationFilename;
 exports.isValidRollbackFilename = isValidRollbackFilename;
+exports.matchRoute = matchRoute;
 exports.parseSQLStatements = parseSQLStatements;
 exports.requireAllPermissions = requireAllPermissions;
 exports.requireAnyPermission = requireAnyPermission;
@@ -985,9 +1073,6 @@ exports.requireJWTPermission = requireJWTPermission;
 exports.requirePermission = requirePermission;
 exports.rollbackMigrations = rollbackMigrations;
 exports.runMigrations = runMigrations;
-exports.useDatabase = useDatabase;
-exports.useDatabaseContext = useDatabaseContext;
-exports.useMigrationsComplete = useMigrationsComplete;
 exports.validateMigrationManifest = validateMigrationManifest;
 exports.verifyChecksum = verifyChecksum;
 exports.verifyJWT = verifyJWT;