@emdash-cms/cloudflare 0.0.1

package/src/sandbox/wrapper.ts

@@ -0,0 +1,238 @@
+/**
+ * Plugin Wrapper Generator
+ *
+ * Generates the code that wraps a plugin to run in a Worker Loader isolate.
+ * The wrapper:
+ * - Imports plugin hooks and routes from a separate module ("sandbox-plugin.js")
+ * - Creates plugin context that proxies to BRIDGE service binding
+ * - Exposes hooks and routes via RPC through WorkerEntrypoint
+ *
+ * Plugin code runs in its own module scope, isolated from the wrapper template.
+ *
+ */
+
+import type { PluginManifest } from "emdash";
+
+const TRAILING_SLASH_RE = /\/$/;
+const NEWLINE_RE = /[\n\r]/g;
+const COMMENT_CLOSE_RE = /\*\//g;
+
+/**
+ * Options for wrapper generation
+ *
+ * **Known limitation:** `site` info is baked into the generated wrapper code
+ * at load time. If site settings change (e.g., admin updates site name/URL),
+ * sandboxed plugins will see stale values until the worker restarts.
+ * Trusted-mode plugins always read fresh values from the database.
+ */
+export interface WrapperOptions {
+	/** Site info to inject into the context (no RPC needed) */
+	site?: { name: string; url: string; locale: string };
+}
+
+export function generatePluginWrapper(manifest: PluginManifest, options?: WrapperOptions): string {
+	const storageCollections = Object.keys(manifest.storage || {});
+	const site = options?.site ?? { name: "", url: "", locale: "en" };
+	const hasReadUsers = manifest.capabilities.includes("read:users");
+	const hasEmailSend = manifest.capabilities.includes("email:send");
+
+	return `
+// =============================================================================
+// Sandboxed Plugin Wrapper
+// Generated by @emdash-cms/cloudflare
+// Plugin: ${sanitizeComment(manifest.id)}@${sanitizeComment(manifest.version)}
+// =============================================================================
+
+import { WorkerEntrypoint } from "cloudflare:workers";
+
+// Plugin code lives in a separate module for scope isolation
+import pluginModule from "sandbox-plugin.js";
+
+// Extract hooks and routes from the plugin module
+const hooks = pluginModule?.hooks || pluginModule?.default?.hooks || {};
+const routes = pluginModule?.routes || pluginModule?.default?.routes || {};
+
+// -----------------------------------------------------------------------------
+// Context Factory - creates ctx that proxies to BRIDGE
+// -----------------------------------------------------------------------------
+
+function createContext(env) {
+	const bridge = env.BRIDGE;
+	const storageCollections = ${JSON.stringify(storageCollections)};
+	
+	// KV - proxies to bridge.kvGet/Set/Delete/List
+	const kv = {
+		get: (key) => bridge.kvGet(key),
+		set: (key, value) => bridge.kvSet(key, value),
+		delete: (key) => bridge.kvDelete(key),
+		list: (prefix) => bridge.kvList(prefix)
+	};
+	
+	// Storage collection factory
+	function createStorageCollection(collectionName) {
+		return {
+			get: (id) => bridge.storageGet(collectionName, id),
+			put: (id, data) => bridge.storagePut(collectionName, id, data),
+			delete: (id) => bridge.storageDelete(collectionName, id),
+			exists: async (id) => (await bridge.storageGet(collectionName, id)) !== null,
+			query: (opts) => bridge.storageQuery(collectionName, opts),
+			count: (where) => bridge.storageCount(collectionName, where),
+			getMany: (ids) => bridge.storageGetMany(collectionName, ids),
+			putMany: (items) => bridge.storagePutMany(collectionName, items),
+			deleteMany: (ids) => bridge.storageDeleteMany(collectionName, ids)
+		};
+	}
+	
+	// Storage proxy that creates collections on access
+	const storage = new Proxy({}, {
+		get(_, collectionName) {
+			if (typeof collectionName !== "string") return undefined;
+			return createStorageCollection(collectionName);
+		}
+	});
+	
+	// Content access - proxies to bridge (capability enforced by bridge)
+	const content = {
+		get: (collection, id) => bridge.contentGet(collection, id),
+		list: (collection, opts) => bridge.contentList(collection, opts),
+		create: (collection, data) => bridge.contentCreate(collection, data),
+		update: (collection, id, data) => bridge.contentUpdate(collection, id, data),
+		delete: (collection, id) => bridge.contentDelete(collection, id)
+	};
+	
+	// Media access - proxies to bridge (capability enforced by bridge)
+	const media = {
+		get: (id) => bridge.mediaGet(id),
+		list: (opts) => bridge.mediaList(opts),
+		upload: (filename, contentType, bytes) => bridge.mediaUpload(filename, contentType, bytes),
+		getUploadUrl: () => { throw new Error("getUploadUrl is not available in sandbox mode. Use media.upload(filename, contentType, bytes) instead."); },
+		delete: (id) => bridge.mediaDelete(id)
+	};
+	
+	// HTTP access - proxies to bridge (capability + host enforced by bridge)
+	const http = {
+		fetch: async (url, init) => {
+			const result = await bridge.httpFetch(url, init);
+			// Bridge returns serialized response, reconstruct Response-like object
+			return {
+				status: result.status,
+				ok: result.status >= 200 && result.status < 300,
+				headers: new Headers(result.headers),
+				text: async () => result.text,
+				json: async () => JSON.parse(result.text)
+			};
+		}
+	};
+	
+	// Logger - proxies to bridge
+	const log = {
+		debug: (msg, data) => bridge.log("debug", msg, data),
+		info: (msg, data) => bridge.log("info", msg, data),
+		warn: (msg, data) => bridge.log("warn", msg, data),
+		error: (msg, data) => bridge.log("error", msg, data)
+	};
+	
+	// Site info - injected at wrapper generation time, no RPC needed
+	const site = ${JSON.stringify(site)};
+	
+	// URL helper - generates absolute URLs from paths
+	const siteBaseUrl = ${JSON.stringify(site.url.replace(TRAILING_SLASH_RE, ""))};
+	function url(path) {
+		if (!path.startsWith("/")) {
+			throw new Error('URL path must start with "/", got: "' + path + '"');
+		}
+		if (path.startsWith("//")) {
+			throw new Error('URL path must not be protocol-relative, got: "' + path + '"');
+		}
+		return siteBaseUrl + path;
+	}
+	
+	// User access - proxies to bridge (capability enforced by bridge)
+	const users = ${hasReadUsers} ? {
+		get: (id) => bridge.userGet(id),
+		getByEmail: (email) => bridge.userGetByEmail(email),
+		list: (opts) => bridge.userList(opts)
+	} : undefined;
+	
+	// Email access - proxies to bridge (capability enforced by bridge)
+	const email = ${hasEmailSend} ? {
+		send: (message) => bridge.emailSend(message)
+	} : undefined;
+	
+	return {
+		plugin: {
+			id: env.PLUGIN_ID,
+			version: env.PLUGIN_VERSION
+		},
+		storage,
+		kv,
+		content,
+		media,
+		http,
+		log,
+		site,
+		url,
+		users,
+		email
+	};
+}
+
+// -----------------------------------------------------------------------------
+// Worker Entrypoint (RPC interface)
+// -----------------------------------------------------------------------------
+
+export default class PluginEntrypoint extends WorkerEntrypoint {
+	async invokeHook(hookName, event) {
+		const ctx = createContext(this.env);
+		
+		// Find the hook handler
+		const hookDef = hooks[hookName];
+		
+		if (!hookDef) {
+			// No handler for this hook - that's ok, return undefined
+			return undefined;
+		}
+		
+		// Get the handler (might be wrapped in config object)
+		const handler = typeof hookDef === "function" ? hookDef : hookDef.handler;
+		
+		if (typeof handler !== "function") {
+			throw new Error(\`Hook \${hookName} handler is not a function\`);
+		}
+		
+		// Execute the hook
+		return handler(event, ctx);
+	}
+	
+	async invokeRoute(routeName, input, serializedRequest) {
+		const ctx = createContext(this.env);
+		
+		// Find the route handler
+		const route = routes[routeName];
+		
+		if (!route) {
+			throw new Error(\`Route not found: \${routeName}\`);
+		}
+		
+		// Get handler (might be direct function or object with handler)
+		const handler = typeof route === "function" ? route : route.handler;
+		
+		if (typeof handler !== "function") {
+			throw new Error(\`Route \${routeName} handler is not a function\`);
+		}
+		
+		// Execute the route handler with input, request metadata, and context
+		return handler({ input, request: serializedRequest, requestMeta: serializedRequest.meta }, ctx);
+	}
+}
+`;
+}
+
+/**
+ * Sanitize a string for inclusion in a JavaScript comment.
+ * Prevents comment injection via manifest.id or manifest.version containing
+ * newlines or comment-closing sequences.
+ */
+function sanitizeComment(s: string): string {
+	return s.replace(NEWLINE_RE, " ").replace(COMMENT_CLOSE_RE, "* /");
+}

package/src/storage/r2.ts

@@ -0,0 +1,200 @@
+/**
+ * Cloudflare R2 Storage Implementation - RUNTIME ENTRY
+ *
+ * Uses R2 bindings directly when running on Cloudflare Workers.
+ * This avoids the AWS SDK overhead and works with the native R2 API.
+ *
+ * This module imports directly from cloudflare:workers to access R2 bindings.
+ * Do NOT import this at config time - use { r2 } from "@emdash-cms/cloudflare" instead.
+ *
+ * For Astro 6 / Cloudflare adapter v13+:
+ * - Bindings are accessed via `import { env } from 'cloudflare:workers'`
+ */
+
+import { env } from "cloudflare:workers";
+import type {
+	Storage,
+	UploadResult,
+	DownloadResult,
+	ListResult,
+	ListOptions,
+	SignedUploadUrl,
+	SignedUploadOptions,
+} from "emdash";
+import { EmDashStorageError } from "emdash";
+
+/** Regex to remove trailing slashes from URLs */
+const TRAILING_SLASH_REGEX = /\/$/;
+
+/**
+ * R2 Storage implementation using native bindings
+ */
+export class R2Storage implements Storage {
+	private bucket: R2Bucket;
+	private publicUrl?: string;
+
+	constructor(bucket: R2Bucket, publicUrl?: string) {
+		this.bucket = bucket;
+		this.publicUrl = publicUrl;
+	}
+
+	async upload(options: {
+		key: string;
+		body: Buffer | Uint8Array | ReadableStream<Uint8Array>;
+		contentType: string;
+	}): Promise<UploadResult> {
+		try {
+			const result = await this.bucket.put(options.key, options.body, {
+				httpMetadata: {
+					contentType: options.contentType,
+				},
+			});
+
+			if (!result) {
+				throw new EmDashStorageError(`Failed to upload file: ${options.key}`, "UPLOAD_FAILED");
+			}
+
+			return {
+				key: options.key,
+				url: this.getPublicUrl(options.key),
+				size: result.size,
+			};
+		} catch (error) {
+			if (error instanceof EmDashStorageError) throw error;
+			throw new EmDashStorageError(
+				`Failed to upload file: ${options.key}`,
+				"UPLOAD_FAILED",
+				error,
+			);
+		}
+	}
+
+	async download(key: string): Promise<DownloadResult> {
+		try {
+			const object = await this.bucket.get(key);
+
+			if (!object) {
+				throw new EmDashStorageError(`File not found: ${key}`, "NOT_FOUND");
+			}
+
+			// R2ObjectBody has the body property — use it as a type guard
+			if (!("body" in object) || !object.body) {
+				throw new EmDashStorageError(`File not found: ${key}`, "NOT_FOUND");
+			}
+
+			return {
+				body: object.body,
+				contentType: object.httpMetadata?.contentType || "application/octet-stream",
+				size: object.size,
+			};
+		} catch (error) {
+			if (error instanceof EmDashStorageError) throw error;
+			throw new EmDashStorageError(`Failed to download file: ${key}`, "DOWNLOAD_FAILED", error);
+		}
+	}
+
+	async delete(key: string): Promise<void> {
+		try {
+			await this.bucket.delete(key);
+		} catch (error) {
+			// R2 delete is idempotent
+			throw new EmDashStorageError(`Failed to delete file: ${key}`, "DELETE_FAILED", error);
+		}
+	}
+
+	async exists(key: string): Promise<boolean> {
+		try {
+			const object = await this.bucket.head(key);
+			return object !== null;
+		} catch (error) {
+			throw new EmDashStorageError(
+				`Failed to check file existence: ${key}`,
+				"HEAD_FAILED",
+				error,
+			);
+		}
+	}
+
+	async list(options: ListOptions = {}): Promise<ListResult> {
+		try {
+			const response = await this.bucket.list({
+				prefix: options.prefix,
+				limit: options.limit,
+				cursor: options.cursor,
+			});
+
+			return {
+				files: response.objects.map((item) => ({
+					key: item.key,
+					size: item.size,
+					lastModified: item.uploaded,
+					etag: item.etag,
+				})),
+				nextCursor: response.truncated ? response.cursor : undefined,
+			};
+		} catch (error) {
+			throw new EmDashStorageError("Failed to list files", "LIST_FAILED", error);
+		}
+	}
+
+	async getSignedUploadUrl(_options: SignedUploadOptions): Promise<SignedUploadUrl> {
+		// R2 doesn't support pre-signed URLs in the same way as S3
+		// For R2, uploads go through the Worker
+		// This method is here for interface compatibility but throws an error
+		throw new EmDashStorageError(
+			"R2 bindings do not support pre-signed upload URLs. " +
+				"Use the S3 API with R2 credentials for signed URL support, " +
+				"or upload through the Worker.",
+			"NOT_SUPPORTED",
+		);
+	}
+
+	getPublicUrl(key: string): string {
+		if (this.publicUrl) {
+			return `${this.publicUrl.replace(TRAILING_SLASH_REGEX, "")}/${key}`;
+		}
+		// Without a public URL, we can't generate one for R2 bindings
+		// Return a relative path that should be served through the API
+		return `/_emdash/api/media/file/${key}`;
+	}
+}
+
+/**
+ * Create R2 storage adapter
+ * This is the factory function called at runtime
+ *
+ * Uses cloudflare:workers to access bindings directly.
+ */
+export function createStorage(config: Record<string, unknown>): Storage {
+	const binding = typeof config.binding === "string" ? config.binding : "";
+	const publicUrl = typeof config.publicUrl === "string" ? config.publicUrl : undefined;
+
+	if (!binding) {
+		throw new EmDashStorageError(
+			`R2 binding name is required in storage config.`,
+			"BINDING_NOT_FOUND",
+		);
+	}
+
+	// env from cloudflare:workers doesn't have an index signature, so cast is needed
+	// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- R2Bucket binding accessed from untyped env object
+	const bucket = (env as Record<string, unknown>)[binding] as R2Bucket | undefined;
+
+	if (!bucket) {
+		throw new EmDashStorageError(
+			`R2 binding "${binding}" not found. ` +
+				`Make sure the binding is defined in wrangler.jsonc and ` +
+				`you're running on Cloudflare Workers.\n\n` +
+				`Example wrangler.jsonc:\n` +
+				`{\n` +
+				`  "r2_buckets": [{\n` +
+				`    "binding": "${binding}",\n` +
+				`    "bucket_name": "my-bucket"\n` +
+				`  }]\n` +
+				`}`,
+			"BINDING_NOT_FOUND",
+		);
+	}
+
+	return new R2Storage(bucket, publicUrl);
+}