@holo-js/broadcast 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/dist/auth.d.ts +35 -0
  2. package/dist/auth.mjs +18 -0
  3. package/dist/chunk-5XRABYQH.mjs +404 -0
  4. package/dist/chunk-742LGR5P.mjs +528 -0
  5. package/dist/chunk-QW6MHEWS.mjs +281 -0
  6. package/dist/contracts.d.ts +287 -0
  7. package/dist/contracts.mjs +32 -0
  8. package/dist/index.d.ts +177 -0
  9. package/dist/index.mjs +1445 -0
  10. package/dist/runtime.d.ts +91 -0
  11. package/dist/runtime.mjs +19 -0
  12. package/package.json +61 -0
package/dist/auth.d.ts ADDED
@@ -0,0 +1,35 @@
1
+ import { BroadcastChannelAuthRequest, BroadcastChannelAuthRuntimeBindings, BroadcastChannelAuthResult, GeneratedChannelAuthRegistryEntry, ChannelDefinition, BroadcastAuthEndpointPayload, BroadcastAuthEndpointOptions, BroadcastJsonObject, BroadcastWhisperValidationResult } from './contracts.js';
2
+ import '@holo-js/config';
3
+ import '@holo-js/validation';
4
+
5
+ type LoadedChannelDefinitions = Readonly<Record<string, ChannelDefinition>>;
6
+ type MatchedChannelDefinition = {
7
+ readonly definition: ChannelDefinition;
8
+ readonly params: Readonly<Record<string, string>>;
9
+ };
10
+ declare function importChannelDefinition(entry: GeneratedChannelAuthRegistryEntry, bindings: BroadcastChannelAuthRuntimeBindings): Promise<ChannelDefinition>;
11
+ declare function loadChannelDefinitions(bindings: BroadcastChannelAuthRuntimeBindings): Promise<LoadedChannelDefinitions>;
12
+ declare function matchPattern(pattern: string, channel: string): Readonly<Record<string, string>> | null;
13
+ declare function resolveChannelMatch(channel: string, definitions: LoadedChannelDefinitions): MatchedChannelDefinition | null;
14
+ declare function resolveAuthDefinitions(override?: BroadcastChannelAuthRuntimeBindings): Promise<LoadedChannelDefinitions>;
15
+ declare function authorizeBroadcastChannel(input: BroadcastChannelAuthRequest, channelAuth?: BroadcastChannelAuthRuntimeBindings): Promise<BroadcastChannelAuthResult>;
16
+ declare function resolveBroadcastWhisperSchema(channel: string, event: string, channelAuth?: BroadcastChannelAuthRuntimeBindings): Promise<{
17
+ readonly channel: string;
18
+ readonly event: string;
19
+ readonly schema: unknown;
20
+ } | null>;
21
+ declare function validateBroadcastWhisperPayload<TPayload extends BroadcastJsonObject = BroadcastJsonObject>(channel: string, event: string, payload: BroadcastJsonObject, channelAuth?: BroadcastChannelAuthRuntimeBindings): Promise<BroadcastWhisperValidationResult<TPayload>>;
22
+ declare function parseBroadcastAuthEndpointPayload(request: Request): Promise<BroadcastAuthEndpointPayload>;
23
+ declare function renderBroadcastAuthResponse(request: Request, options?: BroadcastAuthEndpointOptions): Promise<Response>;
24
+ declare const broadcastAuthInternals: {
25
+ importChannelDefinition: typeof importChannelDefinition;
26
+ loadChannelDefinitions: typeof loadChannelDefinitions;
27
+ matchPattern: typeof matchPattern;
28
+ parseBroadcastAuthEndpointPayload: typeof parseBroadcastAuthEndpointPayload;
29
+ resolveAuthDefinitions: typeof resolveAuthDefinitions;
30
+ resolveChannelMatch: typeof resolveChannelMatch;
31
+ resolveChannelMatchFromMap(channel: string, definitions: Readonly<Record<string, ChannelDefinition>>): MatchedChannelDefinition | null;
32
+ reset(): void;
33
+ };
34
+
35
+ export { authorizeBroadcastChannel, broadcastAuthInternals, parseBroadcastAuthEndpointPayload, renderBroadcastAuthResponse, resolveBroadcastWhisperSchema, validateBroadcastWhisperPayload };
package/dist/auth.mjs ADDED
@@ -0,0 +1,18 @@
1
+ import {
2
+ authorizeBroadcastChannel,
3
+ broadcastAuthInternals,
4
+ parseBroadcastAuthEndpointPayload,
5
+ renderBroadcastAuthResponse,
6
+ resolveBroadcastWhisperSchema,
7
+ validateBroadcastWhisperPayload
8
+ } from "./chunk-5XRABYQH.mjs";
9
+ import "./chunk-742LGR5P.mjs";
10
+ import "./chunk-QW6MHEWS.mjs";
11
+ export {
12
+ authorizeBroadcastChannel,
13
+ broadcastAuthInternals,
14
+ parseBroadcastAuthEndpointPayload,
15
+ renderBroadcastAuthResponse,
16
+ resolveBroadcastWhisperSchema,
17
+ validateBroadcastWhisperPayload
18
+ };
package/dist/chunk-5XRABYQH.mjs ADDED
@@ -0,0 +1,404 @@
1
+ import {
2
+ getBroadcastRuntimeBindings
3
+ } from "./chunk-742LGR5P.mjs";
4
+ import {
5
+ isChannelDefinition
6
+ } from "./chunk-QW6MHEWS.mjs";
7
+
8
+ // src/auth.ts
9
+ import { resolve } from "path";
10
+ import { pathToFileURL } from "url";
11
+ import { parse } from "@holo-js/validation";
12
+ function getRuntimeState() {
13
+ const runtime = globalThis;
14
+ runtime.__holoBroadcastAuthRuntime__ ??= {};
15
+ return runtime.__holoBroadcastAuthRuntime__;
16
+ }
17
+ function isRecord(value) {
18
+ return !!value && typeof value === "object" && !Array.isArray(value) && (Object.getPrototypeOf(value) === Object.prototype || Object.getPrototypeOf(value) === null);
19
+ }
20
+ function normalizeRequiredString(value, label) {
21
+ const normalized = value.trim();
22
+ if (!normalized) {
23
+ throw new Error(`[@holo-js/broadcast] ${label} must be a non-empty string.`);
24
+ }
25
+ return normalized;
26
+ }
27
+ function normalizeOptionalString(value, label) {
28
+ if (typeof value === "undefined") {
29
+ return void 0;
30
+ }
31
+ return normalizeRequiredString(value, label);
32
+ }
33
+ function normalizeLookupChannel(channel, label) {
34
+ const normalized = normalizeRequiredString(channel, label);
35
+ if (normalized.startsWith("private-")) {
36
+ return normalized.slice("private-".length);
37
+ }
38
+ if (normalized.startsWith("presence-")) {
39
+ return normalized.slice("presence-".length);
40
+ }
41
+ return normalized;
42
+ }
43
+ function normalizeJsonValue(value, path) {
44
+ if (value === null || typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
45
+ return value;
46
+ }
47
+ if (Array.isArray(value)) {
48
+ return Object.freeze(value.map((entry, index) => normalizeJsonValue(entry, `${path}[${index}]`)));
49
+ }
50
+ if (!isRecord(value)) {
51
+ throw new Error(`[@holo-js/broadcast] ${path} must be JSON-serializable.`);
52
+ }
53
+ return Object.freeze(Object.fromEntries(
54
+ Object.entries(value).map(([key, entry]) => [key, normalizeJsonValue(entry, `${path}.${key}`)])
55
+ ));
56
+ }
57
+ function normalizePresenceMember(value) {
58
+ if (!isRecord(value)) {
59
+ throw new Error("[@holo-js/broadcast] Presence authorization must return a serializable member object when allowed.");
60
+ }
61
+ return normalizeJsonValue(value, "Broadcast presence member");
62
+ }
63
+ function normalizeDefinitionMap(bindings) {
64
+ const definitions = bindings.definitions;
65
+ if (!definitions) {
66
+ return Object.freeze({});
67
+ }
68
+ const normalized = /* @__PURE__ */ new Map();
69
+ const addDefinition = (definition, source) => {
70
+ if (normalized.has(definition.pattern)) {
71
+ throw new Error(`[@holo-js/broadcast] duplicate broadcast channel pattern "${definition.pattern}" was configured more than once (${source}).`);
72
+ }
73
+ normalized.set(definition.pattern, definition);
74
+ };
75
+ if (Array.isArray(definitions)) {
76
+ definitions.forEach((definition) => {
77
+ if (!isChannelDefinition(definition)) {
78
+ throw new Error("[@holo-js/broadcast] Broadcast channel auth definitions must contain only defineChannel(...) values.");
79
+ }
80
+ addDefinition(definition, "array");
81
+ });
82
+ return Object.freeze(Object.fromEntries(normalized));
83
+ }
84
+ for (const [pattern, definition] of Object.entries(definitions)) {
85
+ if (!isChannelDefinition(definition)) {
86
+ throw new Error(`[@holo-js/broadcast] Broadcast channel auth definition "${pattern}" is not a defineChannel(...) value.`);
87
+ }
88
+ addDefinition(definition, `entry "${pattern}"`);
89
+ }
90
+ return Object.freeze(Object.fromEntries(normalized));
91
+ }
92
+ function normalizeRegistryEntry(entry) {
93
+ return Object.freeze({
94
+ sourcePath: normalizeRequiredString(entry.sourcePath, "Broadcast channel source path"),
95
+ pattern: normalizeRequiredString(entry.pattern, "Broadcast channel pattern"),
96
+ type: entry.type,
97
+ params: Object.freeze([...entry.params]),
98
+ whispers: Object.freeze([...entry.whispers]),
99
+ ...typeof entry.exportName === "string" ? { exportName: normalizeRequiredString(entry.exportName, "Broadcast channel exportName") } : {}
100
+ });
101
+ }
102
+ async function importChannelDefinition(entry, bindings) {
103
+ const registry = bindings.registry;
104
+ if (!registry) {
105
+ throw new Error("[@holo-js/broadcast] Broadcast channel registry bindings are missing.");
106
+ }
107
+ const importPath = resolve(registry.projectRoot, entry.sourcePath);
108
+ const importer = bindings.importModule ?? (async (absolutePath) => await import(pathToFileURL(absolutePath).href));
109
+ const moduleValue = await importer(importPath);
110
+ if (!isRecord(moduleValue)) {
111
+ throw new Error(`[@holo-js/broadcast] Broadcast channel module "${entry.sourcePath}" must export an object module namespace.`);
112
+ }
113
+ const exportName = entry.exportName ?? "default";
114
+ const definition = moduleValue[exportName];
115
+ if (!isChannelDefinition(definition)) {
116
+ throw new Error(`[@holo-js/broadcast] Broadcast channel "${entry.sourcePath}" export "${exportName}" is not a channel definition.`);
117
+ }
118
+ return definition;
119
+ }
120
+ async function loadRegistryDefinitions(bindings) {
121
+ const registry = bindings.registry;
122
+ if (!registry) {
123
+ return Object.freeze({});
124
+ }
125
+ const entries = registry.channels.map(normalizeRegistryEntry);
126
+ const definitions = await Promise.all(entries.map(async (entry) => {
127
+ const definition = await importChannelDefinition(entry, bindings);
128
+ return [definition.pattern, definition];
129
+ }));
130
+ const seenPatterns = /* @__PURE__ */ new Set();
131
+ for (const [pattern] of definitions) {
132
+ if (seenPatterns.has(pattern)) {
133
+ throw new Error(`[@holo-js/broadcast] duplicate broadcast channel pattern "${pattern}" was configured more than once (registry).`);
134
+ }
135
+ seenPatterns.add(pattern);
136
+ }
137
+ return Object.freeze(Object.fromEntries(definitions));
138
+ }
139
+ async function loadChannelDefinitions(bindings) {
140
+ const cached = getRuntimeState().byBindings?.get(bindings);
141
+ if (cached) {
142
+ return await cached;
143
+ }
144
+ const pending = (async () => {
145
+ const inlineDefinitions = normalizeDefinitionMap(bindings);
146
+ const registryDefinitions = await loadRegistryDefinitions(bindings);
147
+ const duplicatePattern = Object.keys(inlineDefinitions).find((pattern) => Object.hasOwn(registryDefinitions, pattern));
148
+ if (duplicatePattern) {
149
+ throw new Error(`[@holo-js/broadcast] duplicate broadcast channel pattern "${duplicatePattern}" was configured in both inline definitions and registry definitions.`);
150
+ }
151
+ const merged = Object.freeze({
152
+ ...inlineDefinitions,
153
+ ...registryDefinitions
154
+ });
155
+ return merged;
156
+ })();
157
+ getRuntimeState().byBindings ??= /* @__PURE__ */ new WeakMap();
158
+ getRuntimeState().byBindings.set(bindings, pending);
159
+ return await pending;
160
+ }
161
+ function matchPattern(pattern, channel) {
162
+ const patternSegments = pattern.split(".");
163
+ const channelSegments = channel.split(".");
164
+ if (patternSegments.length !== channelSegments.length) {
165
+ return null;
166
+ }
167
+ const params = {};
168
+ for (let index = 0; index < patternSegments.length; index += 1) {
169
+ const patternSegment = patternSegments[index];
170
+ const channelSegment = channelSegments[index];
171
+ const wildcardMatch = patternSegment.match(/^\{([A-Za-z_][A-Za-z0-9_]*)\}$/);
172
+ if (wildcardMatch) {
173
+ params[wildcardMatch[1]] = channelSegment;
174
+ continue;
175
+ }
176
+ if (patternSegment !== channelSegment) {
177
+ return null;
178
+ }
179
+ }
180
+ return Object.freeze(params);
181
+ }
182
+ function resolveChannelMatch(channel, definitions) {
183
+ for (const definition of Object.values(definitions)) {
184
+ const params = matchPattern(definition.pattern, channel);
185
+ if (!params) {
186
+ continue;
187
+ }
188
+ if (definition.pattern === channel || Object.keys(params).length === 0) {
189
+ return Object.freeze({
190
+ definition,
191
+ params
192
+ });
193
+ }
194
+ }
195
+ for (const definition of Object.values(definitions)) {
196
+ const params = matchPattern(definition.pattern, channel);
197
+ if (!params) {
198
+ continue;
199
+ }
200
+ return Object.freeze({
201
+ definition,
202
+ params
203
+ });
204
+ }
205
+ return null;
206
+ }
207
+ async function resolveAuthDefinitions(override) {
208
+ const bindings = override ?? getBroadcastRuntimeBindings().channelAuth;
209
+ if (!bindings) {
210
+ return Object.freeze({});
211
+ }
212
+ return await loadChannelDefinitions(bindings);
213
+ }
214
+ async function authorizeBroadcastChannel(input, channelAuth) {
215
+ const channel = normalizeRequiredString(input.channel, "Broadcast auth channel");
216
+ const definitions = await resolveAuthDefinitions(channelAuth);
217
+ const match = resolveChannelMatch(normalizeLookupChannel(channel, "Broadcast auth channel"), definitions);
218
+ if (!match) {
219
+ return Object.freeze({
220
+ ok: false,
221
+ channel,
222
+ code: "not-found"
223
+ });
224
+ }
225
+ const decision = await match.definition.authorize(input.user, match.params);
226
+ if (match.definition.type === "private") {
227
+ if (decision !== true) {
228
+ return Object.freeze({
229
+ ok: false,
230
+ channel,
231
+ code: "unauthorized"
232
+ });
233
+ }
234
+ return Object.freeze({
235
+ ok: true,
236
+ channel,
237
+ type: "private",
238
+ pattern: match.definition.pattern,
239
+ params: match.params,
240
+ whispers: Object.freeze(Object.keys(match.definition.whispers))
241
+ });
242
+ }
243
+ if (decision === false) {
244
+ return Object.freeze({
245
+ ok: false,
246
+ channel,
247
+ code: "unauthorized"
248
+ });
249
+ }
250
+ return Object.freeze({
251
+ ok: true,
252
+ channel,
253
+ type: "presence",
254
+ pattern: match.definition.pattern,
255
+ params: match.params,
256
+ member: normalizePresenceMember(decision),
257
+ whispers: Object.freeze(Object.keys(match.definition.whispers))
258
+ });
259
+ }
260
+ async function resolveBroadcastWhisperSchema(channel, event, channelAuth) {
261
+ const normalizedChannel = normalizeRequiredString(channel, "Broadcast whisper channel");
262
+ const normalizedEvent = normalizeRequiredString(event, "Broadcast whisper event");
263
+ const definitions = await resolveAuthDefinitions(channelAuth);
264
+ const match = resolveChannelMatch(
265
+ normalizeLookupChannel(normalizedChannel, "Broadcast whisper channel"),
266
+ definitions
267
+ );
268
+ if (!match) {
269
+ return null;
270
+ }
271
+ const schema = match.definition.whispers[normalizedEvent];
272
+ if (!schema) {
273
+ return null;
274
+ }
275
+ return Object.freeze({
276
+ channel: normalizedChannel,
277
+ event: normalizedEvent,
278
+ schema
279
+ });
280
+ }
281
+ async function validateBroadcastWhisperPayload(channel, event, payload, channelAuth) {
282
+ const resolved = await resolveBroadcastWhisperSchema(channel, event, channelAuth);
283
+ if (!resolved) {
284
+ throw new Error(`[@holo-js/broadcast] Whisper "${event}" is not allowed for channel "${channel}".`);
285
+ }
286
+ const validated = await parse(payload, resolved.schema);
287
+ return Object.freeze({
288
+ channel: resolved.channel,
289
+ event: resolved.event,
290
+ payload: Object.freeze({ ...validated })
291
+ });
292
+ }
293
+ async function parseBroadcastAuthEndpointPayload(request) {
294
+ if (request.method.toUpperCase() !== "POST") {
295
+ throw new Error("method-not-allowed");
296
+ }
297
+ const contentType = request.headers.get("content-type") ?? "";
298
+ let rawChannel;
299
+ let rawSocketId;
300
+ if (contentType.includes("application/json")) {
301
+ const body = await request.json();
302
+ rawChannel = typeof body.channel_name === "string" ? body.channel_name : void 0;
303
+ rawChannel ??= typeof body.channel === "string" ? body.channel : void 0;
304
+ rawSocketId = typeof body.socket_id === "string" ? body.socket_id : void 0;
305
+ rawSocketId ??= typeof body.socketId === "string" ? body.socketId : void 0;
306
+ } else {
307
+ const formData = await request.formData();
308
+ const channel = formData.get("channel_name") ?? formData.get("channel");
309
+ const socketId = formData.get("socket_id") ?? formData.get("socketId");
310
+ rawChannel = typeof channel === "string" ? channel : void 0;
311
+ rawSocketId = typeof socketId === "string" ? socketId : void 0;
312
+ }
313
+ return Object.freeze({
314
+ channel: normalizeRequiredString(rawChannel ?? "", "Broadcast auth channel"),
315
+ ...typeof rawSocketId === "undefined" ? {} : { socketId: normalizeOptionalString(rawSocketId, "Broadcast auth socket id") }
316
+ });
317
+ }
318
+ function jsonResponse(body, status) {
319
+ return new Response(JSON.stringify(body, null, 2), {
320
+ status,
321
+ headers: {
322
+ "content-type": "application/json; charset=utf-8",
323
+ "cache-control": "no-store"
324
+ }
325
+ });
326
+ }
327
+ async function renderBroadcastAuthResponse(request, options = {}) {
328
+ let payload;
329
+ try {
330
+ payload = await parseBroadcastAuthEndpointPayload(request);
331
+ } catch (error) {
332
+ const message = error instanceof Error ? error.message : "Invalid broadcast auth request.";
333
+ if (message === "method-not-allowed") {
334
+ return jsonResponse({
335
+ ok: false,
336
+ error: "method-not-allowed",
337
+ message: "Broadcast auth endpoint only supports POST."
338
+ }, 405);
339
+ }
340
+ return jsonResponse({
341
+ ok: false,
342
+ error: "invalid-request",
343
+ message
344
+ }, 400);
345
+ }
346
+ const user = typeof options.resolveUser === "function" ? await options.resolveUser(request) : options.user;
347
+ if (typeof user === "undefined" || user === null) {
348
+ return jsonResponse({
349
+ ok: false,
350
+ error: "unauthenticated",
351
+ message: "Broadcast channel authorization requires an authenticated user."
352
+ }, 401);
353
+ }
354
+ const result = await authorizeBroadcastChannel({
355
+ channel: payload.channel,
356
+ socketId: payload.socketId,
357
+ user
358
+ }, options.channelAuth);
359
+ if (!result.ok) {
360
+ if (result.code === "not-found") {
361
+ return jsonResponse({
362
+ ok: false,
363
+ error: "not-found",
364
+ message: `No channel authorization rule matches "${result.channel}".`
365
+ }, 404);
366
+ }
367
+ return jsonResponse({
368
+ ok: false,
369
+ error: "unauthorized",
370
+ message: `Channel authorization denied for "${result.channel}".`
371
+ }, 403);
372
+ }
373
+ return jsonResponse({
374
+ ok: true,
375
+ channel: result.channel,
376
+ type: result.type,
377
+ params: result.params,
378
+ whispers: result.whispers,
379
+ ...result.type === "presence" ? { member: result.member } : {}
380
+ }, 200);
381
+ }
382
+ var broadcastAuthInternals = {
383
+ importChannelDefinition,
384
+ loadChannelDefinitions,
385
+ matchPattern,
386
+ parseBroadcastAuthEndpointPayload,
387
+ resolveAuthDefinitions,
388
+ resolveChannelMatch,
389
+ resolveChannelMatchFromMap(channel, definitions) {
390
+ return resolveChannelMatch(channel, definitions);
391
+ },
392
+ reset() {
393
+ getRuntimeState().byBindings = void 0;
394
+ }
395
+ };
396
+
397
+ export {
398
+ authorizeBroadcastChannel,
399
+ resolveBroadcastWhisperSchema,
400
+ validateBroadcastWhisperPayload,
401
+ parseBroadcastAuthEndpointPayload,
402
+ renderBroadcastAuthResponse,
403
+ broadcastAuthInternals
404
+ };