@graffiti-garden/implementation-local 0.4.3 → 0.5.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@graffiti-garden/implementation-local",
-  "version": "0.4.3",
+  "version": "0.5.0",
   "description": "A local implementation of the Graffiti API using PouchDB",
   "types": "./dist/index.d.ts",
   "module": "./dist/esm/index.js",
@@ -73,6 +73,7 @@
     "url": "https://github.com/graffiti-garden/implementation-local/issues"
   },
   "devDependencies": {
+    "@vitest/coverage-v8": "^3.0.6",
     "esbuild": "^0.25.0",
     "esbuild-plugin-polyfill-node": "^0.3.0",
     "tsx": "^4.19.2",
@@ -80,7 +81,7 @@
     "vitest": "^3.0.5"
   },
   "dependencies": {
-    "@graffiti-garden/api": "^0.4.1",
+    "@graffiti-garden/api": "^0.5.0",
     "@repeaterjs/repeater": "^3.0.6",
     "@types/pouchdb": "^6.4.2",
     "ajv": "^8.17.1",

package/src/database.ts

@@ -3,6 +3,7 @@ import type {
   GraffitiObjectBase,
   GraffitiLocation,
   JSONSchema,
+  GraffitiSession,
 } from "@graffiti-garden/api";
 import {
   GraffitiErrorNotFound,
@@ -11,14 +12,13 @@ import {
   GraffitiErrorPatchError,
 } from "@graffiti-garden/api";
 import {
-  locationToUri,
-  unpackLocationOrUri,
   randomBase64,
   applyGraffitiPatch,
   maskGraffitiObject,
   isActorAllowedGraffitiObject,
   isObjectNewer,
   compileGraffitiObjectSchema,
+  unpackLocationOrUri,
 } from "./utilities.js";
 import { Repeater } from "@repeaterjs/repeater";
 import type Ajv from "ajv";
@@ -37,19 +37,19 @@ export interface GraffitiLocalOptions {
    */
   pouchDBOptions?: PouchDB.Configuration.DatabaseConfiguration;
   /**
-   * Defines the name of the {@link https://api.graffiti.garden/interfaces/GraffitiObjectBase.html#source | `source` }
-   * under which to store objects.
-   * Defaults to `"local"`.
+   * Includes the scheme and other information (possibly domain name)
+   * to prefix prefixes all URIs put in the system. Defaults to `graffiti:local`.
    */
-  sourceName?: string;
+  origin?: string;
   /**
-   * Whether to allow putting objects with a different than the
-   * default source name. Defaults to `false`.
+   * Whether to allow putting objects at arbtirary URIs, i.e.
+   * URIs that are *not* prefixed with the origin or not generated
+   * by the system. Defaults to `false`.
    *
    * Allows this implementation to be used as a client-side cache
    * for remote sources.
    */
-  allowOtherSources?: boolean;
+  allowSettingArbitraryUris?: boolean;
   /**
    * Whether to allow the user to set the lastModified field
    * when putting objects. Defaults to `false`.
@@ -72,7 +72,7 @@ export interface GraffitiLocalOptions {
 }
 
 const DEFAULT_TOMBSTONE_RETENTION = 86400000; // 1 day in milliseconds
-const DEFAULT_SOURCE_NAME = "local";
+const DEFAULT_ORIGIN = "graffiti:local:";
 
 /**
  * An implementation of only the database operations of the
@@ -95,6 +95,7 @@ export class GraffitiLocalDatabase
   protected applyPatch_: Promise<typeof applyPatch> | undefined;
   protected ajv_: Promise<Ajv> | undefined;
   protected readonly options: GraffitiLocalOptions;
+  protected readonly origin: string;
 
   get db() {
     if (!this.db_) {
@@ -201,10 +202,14 @@ export class GraffitiLocalDatabase
 
   constructor(options?: GraffitiLocalOptions) {
     this.options = options ?? {};
+    this.origin = this.options.origin ?? DEFAULT_ORIGIN;
+    if (!this.origin.endsWith(":") && !this.origin.endsWith("/")) {
+      this.origin += "/";
+    }
   }
 
-  protected async queryByLocation(location: GraffitiLocation) {
-    const uri = locationToUri(location) + "/";
+  protected async allDocsAtLocation(locationOrUri: GraffitiLocation | string) {
+    const uri = unpackLocationOrUri(locationOrUri) + "/";
     const results = await (
       await this.db
     ).allDocs({
@@ -227,20 +232,22 @@ export class GraffitiLocalDatabase
   }
 
   protected docId(location: GraffitiLocation) {
-    return locationToUri(location) + "/" + randomBase64();
+    return location.uri + "/" + randomBase64();
   }
 
   get: Graffiti["get"] = async (...args) => {
     const [locationOrUri, schema, session] = args;
-    const { location } = unpackLocationOrUri(locationOrUri);
 
-    const docsAll = await this.queryByLocation(location);
+    const docsAll = await this.allDocsAtLocation(locationOrUri);
 
     // Filter out ones not allowed
     const docs = docsAll.filter((doc) =>
       isActorAllowedGraffitiObject(doc, session),
     );
-    if (!docs.length) throw new GraffitiErrorNotFound();
+    if (!docs.length)
+      throw new GraffitiErrorNotFound(
+        "The object you are trying to get either does not exist or you are not allowed to see it",
+      );
 
     // Get the most recent document
     const doc = docs.reduce((a, b) => (isObjectNewer(a, b) ? a : b));
@@ -268,11 +275,35 @@ export class GraffitiLocalDatabase
    * spared.
    */
   protected async deleteAtLocation(
-    location: GraffitiLocation,
-    keepLatest: boolean = false,
+    locationOrUri: GraffitiLocation | string,
+    options: {
+      keepLatest?: boolean;
+      session?: GraffitiSession;
+    } = {
+      keepLatest: false,
+    },
   ) {
-    const docsAtLocationAll = await this.queryByLocation(location);
-    const docsAtLocation = docsAtLocationAll.filter((doc) => !doc.tombstone);
+    const docsAtLocationAll = await this.allDocsAtLocation(locationOrUri);
+    const docsAtLocationAllowed = options.session
+      ? docsAtLocationAll.filter((doc) =>
+          isActorAllowedGraffitiObject(doc, options.session),
+        )
+      : docsAtLocationAll;
+    if (!docsAtLocationAllowed.length) {
+      throw new GraffitiErrorNotFound(
+        "The object you are trying to delete either does not exist or you are not allowed to see it",
+      );
+    } else if (
+      options.session &&
+      docsAtLocationAllowed.some((doc) => doc.actor !== options.session?.actor)
+    ) {
+      throw new GraffitiErrorForbidden(
+        "You cannot delete an object owned by another actor",
+      );
+    }
+    const docsAtLocation = docsAtLocationAllowed.filter(
+      (doc) => !doc.tombstone,
+    );
     if (!docsAtLocation.length) return undefined;
 
     // Get the most recent lastModified timestamp.
@@ -282,14 +313,14 @@ export class GraffitiLocalDatabase
 
     // Delete all old docs
     const docsToDelete = docsAtLocation.filter(
-      (doc) => !keepLatest || doc.lastModified < latestModified,
+      (doc) => !options.keepLatest || doc.lastModified < latestModified,
     );
 
     // For docs with the same timestamp,
     // keep the one with the highest _id
     // to break concurrency ties
     const concurrentDocsAll = docsAtLocation.filter(
-      (doc) => keepLatest && doc.lastModified === latestModified,
+      (doc) => options.keepLatest && doc.lastModified === latestModified,
     );
     if (concurrentDocsAll.length) {
       const keepDocId = concurrentDocsAll
@@ -301,7 +332,9 @@ export class GraffitiLocalDatabase
       docsToDelete.push(...concurrentDocsToDelete);
     }
 
-    const lastModified = keepLatest ? latestModified : new Date().getTime();
+    const lastModified = options.keepLatest
+      ? latestModified
+      : new Date().getTime();
 
     const deleteResults = await (
       await this.db
@@ -336,14 +369,11 @@ export class GraffitiLocalDatabase
 
   delete: Graffiti["delete"] = async (...args) => {
     const [locationOrUri, session] = args;
-    const { location } = unpackLocationOrUri(locationOrUri);
-    if (location.actor !== session.actor) {
-      throw new GraffitiErrorForbidden();
-    }
-
-    const deletedObject = await this.deleteAtLocation(location);
+    const deletedObject = await this.deleteAtLocation(locationOrUri, {
+      session,
+    });
     if (!deletedObject) {
-      throw new GraffitiErrorNotFound();
+      throw new GraffitiErrorNotFound("The object has already been deleted");
     }
     return deletedObject;
   };
@@ -351,19 +381,33 @@ export class GraffitiLocalDatabase
   put: Graffiti["put"] = async (...args) => {
     const [objectPartial, session] = args;
     if (objectPartial.actor && objectPartial.actor !== session.actor) {
-      throw new GraffitiErrorForbidden();
-    }
-    if (
-      objectPartial.source &&
-      objectPartial.source !==
-        (this.options.sourceName ?? DEFAULT_SOURCE_NAME) &&
-      !(this.options.allowOtherSources ?? false)
-    ) {
       throw new GraffitiErrorForbidden(
-        "Putting an object that does not match this source",
+        "Cannot put an object with a different actor than the session actor",
       );
     }
 
+    if (objectPartial.uri) {
+      let oldObject: GraffitiObjectBase | undefined;
+      try {
+        oldObject = await this.get(objectPartial.uri, {}, session);
+      } catch (e) {
+        if (e instanceof GraffitiErrorNotFound) {
+          if (!this.options.allowSettingArbitraryUris) {
+            throw new GraffitiErrorNotFound(
+              "The object you are trying to replace does not exist or you are not allowed to see it",
+            );
+          }
+        } else {
+          throw e;
+        }
+      }
+      if (oldObject?.actor !== session.actor) {
+        throw new GraffitiErrorForbidden(
+          "The object you are trying to replace is owned by another actor",
+        );
+      }
+    }
+
     const lastModified =
       ((this.options.allowSettinngLastModified ?? false) &&
         objectPartial.lastModified) ||
@@ -373,9 +417,7 @@ export class GraffitiLocalDatabase
       value: objectPartial.value,
       channels: objectPartial.channels,
       allowed: objectPartial.allowed,
-      name: objectPartial.name ?? randomBase64(),
-      source:
-        objectPartial.source ?? this.options.sourceName ?? DEFAULT_SOURCE_NAME,
+      uri: objectPartial.uri ?? this.origin + randomBase64(),
       actor: session.actor,
       tombstone: false,
       lastModified,
@@ -389,7 +431,9 @@ export class GraffitiLocalDatabase
     });
 
     // Delete the old object
-    const previousObject = await this.deleteAtLocation(object, true);
+    const previousObject = await this.deleteAtLocation(object, {
+      keepLatest: true,
+    });
     if (previousObject) {
       return previousObject;
     } else {
@@ -397,7 +441,7 @@ export class GraffitiLocalDatabase
         ...object,
         value: {},
         channels: [],
-        allowed: undefined,
+        allowed: [],
         tombstone: true,
       };
     }
@@ -405,12 +449,23 @@ export class GraffitiLocalDatabase
 
   patch: Graffiti["patch"] = async (...args) => {
     const [patch, locationOrUri, session] = args;
-    const { location } = unpackLocationOrUri(locationOrUri);
-    if (location.actor !== session.actor) {
-      throw new GraffitiErrorForbidden();
+    let originalObject: GraffitiObjectBase;
+    try {
+      originalObject = await this.get(locationOrUri, {}, session);
+    } catch (e) {
+      if (e instanceof GraffitiErrorNotFound) {
+        throw new GraffitiErrorNotFound(
+          "The object you are trying to patch does not exist or you are not allowed to see it",
+        );
+      } else {
+        throw e;
+      }
     }
-    const originalObject = await this.get(locationOrUri, {}, session);
-    if (originalObject.tombstone) {
+    if (originalObject.actor !== session.actor) {
+      throw new GraffitiErrorForbidden(
+        "The object you are trying to patch is owned by another actor",
+      );
+    } else if (originalObject.tombstone) {
       throw new GraffitiErrorNotFound(
         "The object you are trying to patch has been deleted",
       );
@@ -461,7 +516,9 @@ export class GraffitiLocalDatabase
     });
 
     // Delete the old object
-    await this.deleteAtLocation(patchObject, true);
+    await this.deleteAtLocation(patchObject, {
+      keepLatest: true,
+    });
 
     return {
       ...originalObject,

package/src/index.ts

@@ -4,7 +4,6 @@ import {
   GraffitiLocalDatabase,
   type GraffitiLocalOptions,
 } from "./database.js";
-import { locationToUri, uriToLocation } from "./utilities.js";
 
 export type { GraffitiLocalOptions };
 
@@ -16,9 +15,6 @@ export type { GraffitiLocalOptions };
  * although using it with a remote server will not be secure.
  */
 export class GraffitiLocal extends Graffiti {
-  locationToUri = locationToUri;
-  uriToLocation = uriToLocation;
-
   protected sessionManagerLocal = new GraffitiLocalSessionManager();
   login = this.sessionManagerLocal.login.bind(this.sessionManagerLocal);
   logout = this.sessionManagerLocal.logout.bind(this.sessionManagerLocal);

package/src/tests.spec.ts

@@ -1,5 +1,4 @@
 import {
-  graffitiLocationTests,
   graffitiCRUDTests,
   graffitiDiscoverTests,
   graffitiOrphanTests,
@@ -11,7 +10,6 @@ const useGraffiti = () => new GraffitiLocal();
 const useSession1 = () => ({ actor: "someone" });
 const useSession2 = () => ({ actor: "someoneelse" });
 
-graffitiLocationTests(useGraffiti);
 graffitiCRUDTests(useGraffiti, useSession1, useSession2);
 graffitiDiscoverTests(useGraffiti, useSession1, useSession2);
 graffitiOrphanTests(useGraffiti, useSession1, useSession2);

package/src/utilities.ts

@@ -5,36 +5,21 @@ import {
   GraffitiErrorPatchTestFailed,
 } from "@graffiti-garden/api";
 import type {
-  Graffiti,
   GraffitiObject,
   GraffitiObjectBase,
-  GraffitiLocation,
   GraffitiPatch,
   JSONSchema,
   GraffitiSession,
+  GraffitiLocation,
 } from "@graffiti-garden/api";
 import type { Ajv } from "ajv";
 import type { applyPatch } from "fast-json-patch";
 
-export const locationToUri: Graffiti["locationToUri"] = (location) => {
-  return `${location.source}/${encodeURIComponent(location.actor)}/${encodeURIComponent(location.name)}`;
-};
-
-export const uriToLocation: Graffiti["uriToLocation"] = (uri) => {
-  const parts = uri.split("/");
-  const nameEncoded = parts.pop();
-  const webIdEncoded = parts.pop();
-  if (!nameEncoded || !webIdEncoded || !parts.length) {
-    throw new GraffitiErrorInvalidUri();
-  }
-  return {
-    name: decodeURIComponent(nameEncoded),
-    actor: decodeURIComponent(webIdEncoded),
-    source: parts.join("/"),
-  };
-};
+export function unpackLocationOrUri(locationOrUri: GraffitiLocation | string) {
+  return typeof locationOrUri === "string" ? locationOrUri : locationOrUri.uri;
+}
 
-export function randomBase64(numBytes: number = 16) {
+export function randomBase64(numBytes: number = 24) {
   const bytes = new Uint8Array(numBytes);
   crypto.getRandomValues(bytes);
   // Convert it to base64
@@ -43,24 +28,6 @@ export function randomBase64(numBytes: number = 16) {
   return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/\=+$/, "");
 }
 
-export function unpackLocationOrUri(locationOrUri: GraffitiLocation | string) {
-  if (typeof locationOrUri === "string") {
-    return {
-      location: uriToLocation(locationOrUri),
-      uri: locationOrUri,
-    };
-  } else {
-    return {
-      location: {
-        name: locationOrUri.name,
-        actor: locationOrUri.actor,
-        source: locationOrUri.source,
-      },
-      uri: locationToUri(locationOrUri),
-    };
-  }
-}
-
 export function isObjectNewer(
   left: GraffitiObjectBase,
   right: GraffitiObjectBase,