@powerhousedao/reactor-api 6.0.0-dev.216 → 6.0.0-dev.218

package/dist/index.mjs

@@ -928,7 +928,7 @@ function parseBodyLimit(limit) {
 var FastifyHttpAdapter = class {
 	#fetchRoutes = [];
 	#getRoutes = /* @__PURE__ */ new Map();
-	#nodeRoutes = /* @__PURE__ */ new Map();
+	#nodeRoutes = [];
 	#setupOps = [];
 	#instance;
 	get handle() {
@@ -955,8 +955,11 @@ var FastifyHttpAdapter = class {
 		});
 	}
 	mountNodeRoute(method, path, handler) {
-		if (!this.#nodeRoutes.has(path)) this.#nodeRoutes.set(path, /* @__PURE__ */ new Map());
-		this.#nodeRoutes.get(path).set(method, handler);
+		this.#nodeRoutes.push({
+			method,
+			matcher: match(normalizePath(path)),
+			handler
+		});
 	}
 	mountRawMiddleware(middleware) {
 		if (this.#instance) this.#instance.use(middleware);
@@ -1026,14 +1029,14 @@ var FastifyHttpAdapter = class {
 	#dispatch(req, reply) {
 		const pathname = new URL(req.url, "http://localhost").pathname;
 		const method = req.method.toUpperCase();
-		const nodeHandlers = this.#nodeRoutes.get(pathname);
-		if (nodeHandlers) {
-			const handler = nodeHandlers.get(method);
-			if (handler) {
-				reply.hijack();
-				handler(req.raw, reply.raw, req.body);
-				return;
-			}
+		for (const entry of this.#nodeRoutes) {
+			if (entry.method !== method) continue;
+			const result = entry.matcher(pathname);
+			if (!result) continue;
+			req.raw.params = result.params;
+			reply.hijack();
+			entry.handler(req.raw, reply.raw, req.body);
+			return;
 		}
 		if (method === "GET") {
 			for (const entry of this.#getRoutes.values()) if (entry.matcher(pathname)) return this.#serveGetEntry(entry, req, reply);
@@ -2721,8 +2724,15 @@ function matchesJobFilter(payload, args) {
 	return payload.jobId === args.jobId;
 }
 //#endregion
-//#region src/graphql/reactor/resolvers.ts
+//#region src/graphql/reactor/constants.ts
+/**
+* Document-type sentinel for drive documents. Drives are the unit
+* the LB shards on (via the `Drive-Id` request header) and the unit
+* the drive-ownership cache tracks on each switchboard instance.
+*/
 const DRIVE_DOCUMENT_TYPE = "powerhouse/document-drive";
+//#endregion
+//#region src/graphql/reactor/resolvers.ts
 const POLL_SYNC_ENVELOPES_MAX_LIMIT = 100;
 async function documentModels(reactorClient, args) {
 	const namespace = fromInputMaybe(args.namespace);
@@ -2919,7 +2929,7 @@ async function createDocument(reactorClient, args) {
 	const parentIdentifier = fromInputMaybe(args.parentIdentifier);
 	let result;
 	try {
-		if (parentIdentifier) if ((await reactorClient.get(parentIdentifier)).header.documentType === DRIVE_DOCUMENT_TYPE) result = await reactorClient.drives.addFile(parentIdentifier, document);
+		if (parentIdentifier) if ((await reactorClient.get(parentIdentifier)).header.documentType === "powerhouse/document-drive") result = await reactorClient.drives.addFile(parentIdentifier, document);
 		else result = await reactorClient.create(document, parentIdentifier);
 		else result = await reactorClient.create(document);
 	} catch (error) {
@@ -2936,7 +2946,7 @@ async function createEmptyDocument(reactorClient, args) {
 	const name = fromInputMaybe(args.name);
 	let result;
 	try {
-		if (parentIdentifier) if ((await reactorClient.get(parentIdentifier)).header.documentType === DRIVE_DOCUMENT_TYPE) {
+		if (parentIdentifier) if ((await reactorClient.get(parentIdentifier)).header.documentType === "powerhouse/document-drive") {
 			const document = (await reactorClient.getDocumentModelModule(args.documentType)).utils.createDocument();
 			if (name) document.header.name = name;
 			result = await reactorClient.drives.addFile(parentIdentifier, document);
@@ -2983,7 +2993,7 @@ async function createDocumentWithInitialState(reactorClient, args) {
 		} catch (error) {
 			throw new GraphQLError(`Parent document not found: ${error instanceof Error ? error.message : "Unknown error"}`);
 		}
-		if (parent.header.documentType === DRIVE_DOCUMENT_TYPE) try {
+		if (parent.header.documentType === "powerhouse/document-drive") try {
 			result = await reactorClient.drives.addFile(parentIdentifier, document);
 		} catch (error) {
 			throw new GraphQLError(`Failed to create document in drive: ${error instanceof Error ? error.message : "Unknown error"}`);
@@ -3478,6 +3488,110 @@ var DocumentModelSubgraph = class extends BaseSubgraph {
 	}
 };
 //#endregion
+//#region src/graphql/gateway/drive-middleware.ts
+const DRIVE_ID_HEADER = "drive-id";
+/**
+* Operations that legitimately run before the target drive exists in the
+* cache. Drive creation is the obvious case (a brand-new drive cannot be
+* in the ownership set yet); other create-shaped operations that may
+* synthesize a drive must be added here too.
+*/
+const CACHE_BYPASS_OPERATIONS = new Set(["createDocument", "createEmptyDocument"]);
+const driveIdMap = /* @__PURE__ */ new WeakMap();
+/** Internal — only `graphql-manager.ts` should call this. */
+function getRequestDriveId(request) {
+	return driveIdMap.get(request);
+}
+/**
+* Returns a fetch middleware that validates the `Drive-Id` header against
+* the in-memory ownership cache. Layout:
+*
+* - No header → pass through. The LB has already round-robined; nothing
+*   to validate here.
+* - Header present and drive in cache → record on the request map (for
+*   the context factory to read into `context.driveId`) and pass through.
+* - Header present, drive missing, but the operation is `createDocument`
+*   or `createEmptyDocument` → pass through. The drive may be in the
+*   process of being created.
+* - Otherwise → return `421 Misdirected Request` with a structured body.
+*   The client (or LB) can surface this as a wrong-shard signal.
+*/
+function createDriveFetchMiddleware(cache) {
+	return (next) => async (request) => {
+		const driveId = request.headers.get(DRIVE_ID_HEADER) ?? "";
+		if (driveId === "") return next(request);
+		if (cache.has(driveId)) {
+			driveIdMap.set(request, driveId);
+			return next(request);
+		}
+		if (await isCacheBypassOperation(request)) return next(request);
+		return wrongShardResponse(driveId);
+	};
+}
+async function isCacheBypassOperation(request) {
+	if (request.method !== "POST") return false;
+	try {
+		const body = await request.clone().json();
+		if (typeof body.operationName === "string") return CACHE_BYPASS_OPERATIONS.has(body.operationName);
+		if (typeof body.query === "string") return CACHE_BYPASS_OPERATIONS.has(extractOperationName(body.query));
+		return false;
+	} catch {
+		return false;
+	}
+}
+const OPERATION_NAME_PATTERN = /\b(?:mutation|query|subscription)\s+(\w+)/;
+function extractOperationName(query) {
+	const match = OPERATION_NAME_PATTERN.exec(query);
+	return match ? match[1] : "";
+}
+function wrongShardResponse(driveId) {
+	return new globalThis.Response(JSON.stringify({
+		error: "wrong-shard",
+		driveId
+	}), {
+		status: 421,
+		headers: { "content-type": "application/json" }
+	});
+}
+//#endregion
+//#region src/graphql/gateway/drive-ownership-cache.ts
+/**
+* In-memory record of which drives this switchboard instance owns.
+*
+* Populated at startup by walking the reactor for documents of type
+* `powerhouse/document-drive`. Mutated explicitly by resolver hooks
+* after successful drive create / delete operations. Read by the
+* drive-validation fetch middleware to short-circuit wrong-shard
+* requests with a structured 421 response.
+*/
+var DriveOwnershipCache = class {
+	drives = /* @__PURE__ */ new Set();
+	constructor(reactorClient) {
+		this.reactorClient = reactorClient;
+	}
+	async init() {
+		this.drives.clear();
+		let page = await this.reactorClient.find({ type: DRIVE_DOCUMENT_TYPE });
+		while (true) {
+			for (const drive of page.results) this.drives.add(drive.header.id);
+			if (!page.next) return;
+			page = await page.next();
+		}
+	}
+	has(driveId) {
+		return this.drives.has(driveId);
+	}
+	add(driveId) {
+		this.drives.add(driveId);
+	}
+	remove(driveId) {
+		this.drives.delete(driveId);
+	}
+	size() {
+		return this.drives.size;
+	}
+};
+//#endregion
 //#region src/graphql/sse.ts
 /**
 * Create a Fetch-API-compatible SSE handler for GraphQL subscriptions
@@ -3541,6 +3655,8 @@ var GraphQLManager = class {
 	authService = null;
 	subgraphWsDisposers = /* @__PURE__ */ new Map();
 	#authMiddleware;
+	#driveMiddleware;
+	driveOwnershipCache;
 	/** Cached document models for schema generation - updated on init and regenerate */
 	cachedDocumentModels = [];
 	subgraphHandlerCache = /* @__PURE__ */ new Map();
@@ -3561,11 +3677,15 @@ var GraphQLManager = class {
 		this.port = port;
 		this.authorizationService = authorizationService;
 		if (this.authConfig) this.authService = new AuthService(this.authConfig);
+		this.driveOwnershipCache = new DriveOwnershipCache(this.reactorClient);
 		this.wsServer.setMaxListeners(0);
 	}
 	async init(coreSubgraphs, authMiddleware) {
 		this.#authMiddleware = authMiddleware;
 		this.logger.debug(`Initializing Subgraph Manager...`);
+		await this.driveOwnershipCache.init();
+		this.#driveMiddleware = createDriveFetchMiddleware(this.driveOwnershipCache);
+		this.logger.debug(`Drive ownership cache populated with ${this.driveOwnershipCache.size()} drives`);
 		const models = (await this.reactorClient.getDocumentModelModules()).results;
 		this.cachedDocumentModels = models;
 		if (!models.find((it) => it.documentModel.global.name === "DocumentDrive")) throw new Error("DocumentDrive model required");
@@ -3580,12 +3700,12 @@ var GraphQLManager = class {
 			if (!driveIdOrSlug) return Response.json({ error: "Drive ID or slug is required" }, { status: 400 });
 			try {
 				const driveDoc = await this.reactorClient.get(driveIdOrSlug);
-				const graphqlEndpoint = `${(request.headers.get("x-forwarded-proto") ?? url.protocol.replace(":", "")) + ":"}//${request.headers.get("host") ?? ""}${this.path === "/" ? "" : this.path}/graphql/r`;
+				const graphqlEndpoint = `${(request.headers.get("x-forwarded-proto")?.split(",")[0].trim() ?? url.protocol.replace(":", "")) + ":"}//${request.headers.get("x-forwarded-host")?.split(",")[0].trim() ?? request.headers.get("host") ?? ""}${this.path === "/" ? "" : this.path}/graphql/r`;
 				return Response.json({
 					id: driveDoc.header.id,
 					slug: driveDoc.header.slug,
 					meta: driveDoc.header.meta,
-					name: driveDoc.state.global.name,
+					name: driveDoc.state.global.name || driveDoc.header.name,
 					icon: driveDoc.state.global.icon ?? void 0,
 					...graphqlEndpoint && { graphqlEndpoint }
 				});
@@ -3725,6 +3845,7 @@ var GraphQLManager = class {
 	#makeContextFactory() {
 		return (request) => {
 			const authCtx = getAuthContext(request);
+			const driveId = getRequestDriveId(request);
 			const headers = {};
 			request.headers.forEach((v, k) => {
 				headers[k] = v;
@@ -3733,6 +3854,7 @@ var GraphQLManager = class {
 				headers,
 				db: this.relationalDb,
 				...this.getAdditionalContextFields(),
+				driveId,
 				user: authCtx?.user,
 				isAdmin: authCtx ? (addr) => !authCtx.auth_enabled ? true : authCtx.admins.includes(addr.toLowerCase()) : () => true
 			});
@@ -3771,7 +3893,7 @@ var GraphQLManager = class {
 				if (this.subgraphHandlerCache.has(subgraphPath)) continue;
 				const schema = createSchema(this.cachedDocumentModels, subgraph.resolvers, subgraph.typeDefs);
 				const rawHandler = await this.gatewayAdapter.createHandler(schema, this.#makeContextFactory());
-				const fetchHandler = this.#authMiddleware ? this.#authMiddleware(rawHandler) : rawHandler;
+				const fetchHandler = this.#composeFetchMiddleware(rawHandler);
 				this.subgraphHandlerCache.set(subgraphPath, fetchHandler);
 				this.httpAdapter.mount(subgraphPath, fetchHandler);
 				if (subgraph.hasSubscriptions) {
@@ -3821,7 +3943,7 @@ var GraphQLManager = class {
 	async #createSupergraphGateway() {
 		const superGraphPath = path.join(this.path, "graphql");
 		const rawHandler = await this.gatewayAdapter.createSupergraphHandler(() => this.#getSubgraphDefinitions(), this.httpServer, this.#makeContextFactory());
-		const fetchHandler = this.#authMiddleware ? this.#authMiddleware(rawHandler) : rawHandler;
+		const fetchHandler = this.#composeFetchMiddleware(rawHandler);
 		this.httpAdapter.mount(superGraphPath, fetchHandler);
 		this.#setupSupergraphSSE(superGraphPath);
 		if (!this.initialized) {
@@ -3861,9 +3983,20 @@ var GraphQLManager = class {
 			schema,
 			contextFactory: this.#makeContextFactory()
 		});
-		const handler = this.#authMiddleware ? this.#authMiddleware(rawHandler) : rawHandler;
+		const handler = this.#composeFetchMiddleware(rawHandler);
 		this.httpAdapter.mount(ssePath, handler, { exact: true });
 	}
+	/**
+	* Compose the request-level fetch middleware chain. Auth runs first
+	* (so we don't validate shard before knowing the request is even
+	* authorized), drive-ownership validation runs after.
+	*/
+	#composeFetchMiddleware(rawHandler) {
+		let handler = rawHandler;
+		if (this.#driveMiddleware) handler = this.#driveMiddleware(handler);
+		if (this.#authMiddleware) handler = this.#authMiddleware(handler);
+		return handler;
+	}
 };
 //#endregion
 //#region src/graphql/packages/resolvers.ts
@@ -4379,6 +4512,21 @@ var ReactorSubgraph = class extends BaseSubgraph {
 			await this.assertCanExecuteOperation(documentId, operationType, ctx);
 		}
 	}
+	/**
+	* Returns the drive id when the given identifier (id or slug) refers
+	* to a drive document, otherwise undefined. Used by deleteDocument to
+	* decide whether to invalidate the drive-ownership cache after a
+	* successful delete.
+	*/
+	async #resolveDriveId(identifier) {
+		try {
+			const doc = await this.reactorClient.get(identifier);
+			if (doc.header.documentType === "powerhouse/document-drive") return doc.header.id;
+			return;
+		} catch {
+			return;
+		}
+	}
 	typeDefs = gql(schema_default);
 	resolvers = {
 		PHDocument: { operations: async (parent, args, ctx) => {
@@ -4519,6 +4667,7 @@ var ReactorSubgraph = class extends BaseSubgraph {
 						if (!ctx.user?.address) throw new GraphQLError("Forbidden: authentication required to create documents");
 					} else if (!this.hasGlobalAdminAccess(ctx)) throw new GraphQLError("Forbidden: insufficient permissions to create documents");
 					const result = await createDocument(this.reactorClient, args);
+					if (result?.id && result.documentType === "powerhouse/document-drive") this.graphqlManager.driveOwnershipCache.add(result.id);
 					if (this.authorizationService && ctx.user?.address && result?.id) await this.documentPermissionService?.initializeDocumentProtection(result.id, ctx.user.address, this.authorizationService.config.defaultProtection);
 					return result;
 				} catch (error) {
@@ -4536,6 +4685,7 @@ var ReactorSubgraph = class extends BaseSubgraph {
 						if (!ctx.user?.address) throw new GraphQLError("Forbidden: authentication required to create documents");
 					} else if (!this.hasGlobalAdminAccess(ctx)) throw new GraphQLError("Forbidden: insufficient permissions to create documents");
 					const result = await createEmptyDocument(this.reactorClient, args);
+					if (result?.id && result.documentType === "powerhouse/document-drive") this.graphqlManager.driveOwnershipCache.add(result.id);
 					if (this.authorizationService && ctx.user?.address && result?.id) await this.documentPermissionService?.initializeDocumentProtection(result.id, ctx.user.address, this.authorizationService.config.defaultProtection);
 					return result;
 				} catch (error) {
@@ -4610,7 +4760,10 @@ var ReactorSubgraph = class extends BaseSubgraph {
 				this.logger.debug("deleteDocument(@args)", args);
 				try {
 					await this.assertCanWrite(args.identifier, ctx);
-					return await deleteDocument(this.reactorClient, args);
+					const driveIdToInvalidate = await this.#resolveDriveId(args.identifier);
+					const result = await deleteDocument(this.reactorClient, args);
+					if (result && driveIdToInvalidate) this.graphqlManager.driveOwnershipCache.remove(driveIdToInvalidate);
+					return result;
 				} catch (error) {
 					this.logger.error("Error in deleteDocument(@args): @Error", error);
 					throw error;