@radio-garden/ditojs-server 2.85.2-0.5067ad799

package/src/controllers/AdminController.js

@@ -0,0 +1,322 @@
+import path from 'path'
+import Koa from 'koa'
+import serve from 'koa-static'
+import { defineConfig, createServer } from 'vite'
+import createVuePlugin from '@vitejs/plugin-vue'
+import { viteCommonjs as createCommonJsPlugin } from '@originjs/vite-plugin-commonjs'
+import { testModuleIdentifier, getPostCssConfig } from '@ditojs/build'
+import { assignDeeply } from '@ditojs/utils'
+import { Controller } from './Controller.js'
+import { handleConnectMiddleware } from '../middleware/index.js'
+import { ControllerError } from '../errors/index.js'
+import { getRandomFreePort } from '../utils/net.js'
+import { formatJson } from '../utils/json.js'
+
+export class AdminController extends Controller {
+  // @override
+  constructor(app, namespace) {
+    super(app, namespace)
+    // Merge `this.app.config.admin` into config as default, but allow overrides
+    // on the controller itself:
+    this.config = {
+      ...this.app.config.admin,
+      ...this.config
+    }
+    // If no mode is specified, use `production` since that's just the hosting
+    // of the pre-built admin files. `development` serves the admin directly
+    // sources with HRM, and thus should be explicitly activated.
+    this.mode = (
+      this.config.mode ||
+      (this.app.config.env === 'development' ? 'development' : 'production')
+    )
+    this.closed = false
+  }
+
+  getPath(name) {
+    const { config } = this
+    const str = config[name]
+    if (!str) {
+      throw new ControllerError(
+        this,
+        `Missing \`config.admin.${name}\` configuration.`
+      )
+    }
+    return path.resolve(str)
+  }
+
+  getDitoObject() {
+    // Expose api config and definitions to browser side:
+    // Pass on the `config.app.normalizePaths` setting to Dito.js Admin:
+    const {
+      api = {},
+      settings = {}
+    } = this.config
+    if (api.normalizePaths == null) {
+      api.normalizePaths = this.app.config.app.normalizePaths
+    }
+    return {
+      base: this.url,
+      api,
+      settings
+    }
+  }
+
+  sendDitoObject(ctx) {
+    // Send back the global dito object as JavaScript code.
+    ctx.type = 'text/javascript'
+    ctx.body = `window.dito = ${formatJson(this.getDitoObject())}`
+  }
+
+  middleware() {
+    // Shield admin views against unauthorized access.
+    const authorization = this.processAuthorize(this.authorize)
+    return async (ctx, next) => {
+      if (this.closed) {
+        // Avoid strange behavior during shut-down of the vite dev server.
+        // Sending back a 408 response seems to work best, while a 503 sadly
+        // would put the client into a state that prevents the server from a
+        // proper shut-down, and a 205 would kill future hot-reloads.
+        ctx.status = 408 // Request Timeout
+      } else if (ctx.url === '/dito.js') {
+        // Don't call `next()`
+        this.sendDitoObject(ctx)
+      } else {
+        if (/\/views\b/.test(ctx.url)) {
+          await this.handleAuthorization(authorization, ctx)
+        }
+        await next()
+      }
+    }
+  }
+
+  // @override
+  compose() {
+    this.koa = new Koa()
+    this.koa.use(this.middleware())
+    if (this.mode === 'development') {
+      // Calling getPath() throws exception if config.admin.root is not defined:
+      if (this.getPath('root')) {
+        this.app.once('after:start', () => this.setupViteServer())
+      }
+    } else {
+      // Statically serve the pre-built admin SPA. But in order for vue-router
+      // routes inside the SPA to work for sub-routes, use a tiny rewriting
+      // middleware that serves up the `index.html` fur sub-routes:
+      this.koa.use(async (ctx, next) => {
+        // // Exclude asset requests (css, js)
+        if (!ctx.url.match(/\.(?:css|js)$/)) {
+          ctx.url = '/'
+        }
+        await next()
+      })
+      this.koa.use(serve(this.getPath('dist')))
+    }
+    return this.koa
+  }
+
+  async setupViteServer() {
+    const defaultConfig = {
+      server: {
+        middlewareMode: true,
+        ...(this.mode === 'development' && {
+          watch: {
+            // Watch the @ditojs packages while in dev mode, although they are
+            // inside the node_modules folder.
+            ignored: ['!**/node_modules/@ditojs/**']
+          }
+        })
+      }
+    }
+
+    const viteConfig = (
+      (await this.app.loadAdminViteConfig()) ||
+      this.defineViteConfig()
+    )
+
+    const config = assignDeeply(defaultConfig, viteConfig)
+
+    if (config.server?.hmr?.port === 0) {
+      // Setting the port to 0 means use a random free port instead of vite's
+      // default 24678, since we may be running multiple servers in parallel.
+      config.server.hmr.port = await getRandomFreePort()
+    }
+
+    const server = await createServer(config)
+
+    this.closed = false
+
+    this.app.once('after:stop', () => {
+      // For good timing it seems crucial to not add more ticks with async
+      // signature, so we directly return the `server.close()` promise instead.
+      if (!this.closed) {
+        this.closed = true
+        return server.close()
+      }
+    })
+
+    this.koa.use(
+      handleConnectMiddleware(server.middlewares, {
+        expandMountPath: true
+      })
+    )
+  }
+
+  defineViteConfig(config = {}) {
+    const isDevelopment = this.mode === 'development'
+
+    const root = this.getPath('root')
+    const base = `${this.url}/`
+    const views = path.join(root, 'views')
+
+    return defineConfig(
+      assignDeeply(
+        {
+          root,
+          base,
+          mode: this.mode,
+          envFile: false,
+          configFile: false,
+          plugins: [
+            createVuePlugin(),
+            createCommonJsPlugin(),
+            {
+              // Private plugin to inject script tag above main module that
+              // loads the `dito` object through its own end-point, see:
+              // `sendDitoObject()`
+              name: 'inject-dito-object',
+              transformIndexHtml: {
+                order: 'post',
+                handler(html) {
+                  return html.replace(
+                    /(\s*)(<script type="module"[^>]*?><\/script>)/,
+                    `$1<script src="${base}dito.js"></script>$1$2`
+                  )
+                }
+              }
+            }
+          ],
+          build: isDevelopment
+            ? {}
+            : {
+                outDir: this.getPath('dist'),
+                assetsDir: '.',
+                emptyOutDir: true,
+                chunkSizeWarningLimit: 1000,
+                rollupOptions: {
+                  output: {
+                    manualChunks: id => {
+                      if (id.startsWith(views)) {
+                        return 'views'
+                      } else if (id.startsWith(this.app.basePath)) {
+                        return 'common'
+                      } else {
+                        const module = id.match(
+                          /node_modules\/((?:@[^/]*\/)?[^/$]*)/
+                        )?.[1]
+                        // Internal ids (vite modules) don't come from
+                        // node_modules, and the ids actually start with \0x00.
+                        return (
+                          !module ||
+                          testModuleIdentifier(module, coreDependencies)
+                        )
+                          ? 'core'
+                          : 'vendor'
+                      }
+                    }
+                  }
+                }
+              },
+          css: {
+            postcss: getPostCssConfig(),
+            devSourcemap: isDevelopment,
+            preprocessorOptions: {
+              scss: {
+                // https://sass-lang.com/documentation/breaking-changes/legacy-js-api/
+                // TODO: Remove once vite has been updated to new API:
+                silenceDeprecations: ['legacy-js-api']
+              }
+            }
+          },
+          optimizeDeps: {
+            exclude: isDevelopment ? ditoPackages : [],
+            include: [
+              ...(
+                isDevelopment
+                  ? // https://discuss.prosemirror.net/t/rangeerror-adding-different-instances-of-a-keyed-plugin-plugin/4242/13
+                    [
+                      'prosemirror-state',
+                      'prosemirror-transform',
+                      'prosemirror-model',
+                      'prosemirror-view'
+                    ]
+                  : ditoPackages
+              ),
+              ...nonEsmDependencies
+            ]
+          },
+          resolve: {
+            extensions: [
+              '.js', '.mjs', '.jsx', '.ts', '.mts', '.tsx', '.json', '.vue'
+            ],
+            preserveSymlinks: true,
+            alias: [
+              {
+                find: '@',
+                replacement: root
+              }
+            ]
+          }
+        },
+        config
+      )
+    )
+  }
+}
+
+const ditoPackages = [
+  '@ditojs/admin',
+  '@ditojs/ui',
+  '@ditojs/utils'
+]
+
+const nonEsmDependencies = [
+  // All non-es modules need to be explicitly included here, and some of
+  // them only work due to the use of `createCommonJsPlugin()`.
+  '@lk77/vue3-color'
+]
+
+const coreDependencies = [
+  ...ditoPackages,
+
+  // TODO: Figure out a way to generate this automatically for the current
+  // dito-admin dependencies, e.g. similar to
+  // `getRollupExternalsFromDependencies()`, perhaps as a script to persist to
+  // a json file?
+
+  'vue',
+  '@vue/*',
+  '@vueuse/*',
+  '@lk77/vue3-color',
+  '@kyvg/vue3-notification',
+  'vue-multiselect',
+  'vue-router',
+  'vue-upload-component',
+  'tinycolor2',
+  'focus-trap',
+  'tabbable',
+  'sortablejs',
+  'tippy.js',
+  '@tiptap/*',
+  'tiptap-*',
+  'prosemirror-*',
+  'linkifyjs',
+  'codeflask',
+  'nanoid',
+  'punycode',
+  'rope-sequence',
+  'filesize',
+  'filesize-parser',
+  'tslib', // ?
+  'orderedmap',
+  'w3c-keyname'
+]

package/src/controllers/CollectionController.js

@@ -0,0 +1,274 @@
+import { isObject, isArray, asArray } from '@ditojs/utils'
+import { Controller } from './Controller.js'
+import { ControllerError } from '../errors/index.js'
+
+// Abstract base class for ModelController and RelationController
+export class CollectionController extends Controller {
+  graph = false
+  scope = null
+  relate = false
+  unrelate = false
+  modelClass = null // To be defined by sub-classes
+  isOneToOne = false
+  idParam = null
+  idValidator = null
+
+  // @override
+  configure() {
+    super.configure()
+    this.idParam = this.level ? `id${this.level}` : 'id'
+    // Create a dummy model instance to validate the requested id against.
+    // eslint-disable-next-line new-cap
+    this.idValidator = new this.modelClass()
+  }
+
+  // @override
+  setup() {
+    this.logController()
+    this.setProperty('collection', this.setupActions('collection'))
+    this.setProperty(
+      'member',
+      this.isOneToOne ? {} : this.setupActions('member')
+    )
+    this.setProperty('assets', this.setupAssets())
+  }
+
+  // @override
+  setupAssets() {
+    const { modelClass } = this
+    if (this.assets === true) {
+      this.assets = modelClass.definition.assets || null
+    } else if (isObject(this.assets)) {
+      // Merge in the assets definition from the model into the assets config.
+      // That way, we can still use `allow` and `authorize` to control the
+      // upload access, while keeping the assets definitions in one central
+      // location on the model.
+      this.assets = {
+        ...modelClass.definition.assets,
+        ...this.assets
+      }
+    } else {
+      this.assets = null
+    }
+    // Now call `super.setupAssets()` which performs the usual inheritance /
+    // allow / authorize tricks:
+    return super.setupAssets()
+  }
+
+  // @override
+  getPath(type, path) {
+    return type === 'member'
+      ? path
+        ? `:${this.idParam}/${path}`
+        : `:${this.idParam}`
+      : path
+  }
+
+  getMemberId(ctx) {
+    return this.validateId(ctx.params[this.idParam])
+  }
+
+  getContextWithMemberId(ctx, memberId = this.getMemberId(ctx)) {
+    return ctx.extend({ memberId })
+  }
+
+  getModelId(model) {
+    const idProperty = this.modelClass.getIdProperty()
+    // Handle both composite keys and normal ones.
+    return isArray(idProperty)
+      ? idProperty.map(property => model[property])
+      : model[idProperty]
+  }
+
+  getCollectionIds(ctx) {
+    return asArray(ctx.request.body).map(
+      model => this.validateId(this.getModelId(model))
+    )
+  }
+
+  getIds(ctx) {
+    // Returns the model ids that this request concerns, read from the param
+    // for member ids, and from the payload for collection ids:
+    const { type } = ctx.action
+    return type === 'member'
+      ? [this.getMemberId(ctx)]
+      : type === 'collection'
+        ? this.getCollectionIds(ctx)
+        : []
+  }
+
+  validateId(id) {
+    const reference = this.modelClass.getReference(id)
+    // This validates and coerces at the same time, so extract the coerced id
+    // from `reference` again afterwards.
+    this.idValidator.$validate(reference, {
+      coerceTypes: true,
+      patch: true
+    })
+    const values = Object.values(reference)
+    return values.length > 1 ? values : values[0]
+  }
+
+  async getMember(
+    ctx,
+    base = this,
+    { query = {}, modify = null, forUpdate = false } = {}
+  ) {
+    return this.member.get.call(
+      this,
+      // Extend `ctx` with a new `query` object, while inheriting the route
+      // params in `ctx.params`, so fining the member by id still works.
+      ctx.extend({ query }),
+      (query, trx) => {
+        this.setupQuery(query, base)
+        query.modify(modify)
+        if (forUpdate) {
+          if (!trx) {
+            throw new ControllerError(
+              this,
+              'Using `forUpdate()` without a transaction is invalid'
+            )
+          }
+          query.forUpdate()
+        }
+      }
+    )
+  }
+
+  query(trx) {
+    return this.setupQuery(this.modelClass.query(trx))
+  }
+
+  setupQuery(query, base = this) {
+    const { scope } = base
+    const { allowScope, allowFilter } = this
+
+    const asAllowArray = value => (value === false ? [] : asArray(value))
+
+    if (allowScope !== undefined && allowScope !== true) {
+      query.allowScope(
+        ...asAllowArray(allowScope),
+        // Also include the scopes defined by scope so these can pass through.
+        ...asArray(scope)
+      )
+    }
+    if (allowFilter !== undefined && allowFilter !== true) {
+      query.allowFilter(...asAllowArray(allowFilter))
+    }
+    if (scope) {
+      query.withScope(...asArray(scope))
+    }
+    return query
+  }
+
+  async execute(/* ctx, execute(query, trx) {} */) {
+    // Does nothing in base class.
+    // Overrides are in ModelController and RelationController.
+  }
+
+  async executeAndFetch(action, ctx, modify, body = ctx.request.body) {
+    const name = `${action}${this.graph ? 'DitoGraph' : ''}AndFetch`
+    return this.execute(ctx, (query, trx) =>
+      query[name](body).modify(getModify(modify, trx))
+    )
+  }
+
+  async executeAndFetchById(action, ctx, modify, body = ctx.request.body) {
+    const name = `${action}${this.graph ? 'DitoGraph' : ''}AndFetchById`
+    return this.execute(ctx, (query, trx) =>
+      query[name](ctx.memberId, body)
+        .throwIfNotFound()
+        .modify(getModify(modify, trx))
+    )
+  }
+
+  collection = this.markAsCoreActions({
+    async get(ctx, modify) {
+      const result = await this.execute(ctx, (query, trx) => {
+        query
+          .find(ctx.filteredQuery, this.allowParam)
+          .modify(getModify(modify, trx))
+        return this.isOneToOne ? query.first() : query
+      })
+      // This method doesn't always return an array:
+      // For RelationControllers where `isOneToOne` is true, it can return
+      // `undefined`. Cast to `null` for such cases:
+      return result || null
+    },
+
+    async delete(ctx, modify) {
+      const count = await this.execute(ctx, (query, trx) =>
+        query
+          .ignoreScope()
+          .find(ctx.filteredQuery, this.allowParam)
+          .modify(query => this.isOneToOne && query.throwIfNotFound())
+          .modify(getModify(modify, trx))
+          .modify(query => (this.unrelate ? query.unrelate() : query.delete()))
+      )
+      return { count }
+    },
+
+    async post(ctx, modify) {
+      const result = this.relate
+        ? // Use patchDitoGraphAndFetch() to handle relates for us.
+          await this.execute(ctx, (query, trx) =>
+            query
+              .patchDitoGraphAndFetch(ctx.request.body, { relate: true })
+              .modify(getModify(modify, trx))
+          )
+        : await this.executeAndFetch('insert', ctx, modify)
+      ctx.status = 201 // Created
+      if (isObject(result)) {
+        ctx.set('Location', this.getUrl('collection', this.getModelId(result)))
+      }
+      return result
+    },
+
+    async put(ctx, modify) {
+      return this.executeAndFetch('update', ctx, modify)
+    },
+
+    async patch(ctx, modify) {
+      return this.executeAndFetch('patch', ctx, modify)
+    }
+  })
+
+  member = this.markAsCoreActions({
+    async get(ctx, modify) {
+      return this.execute(ctx, (query, trx) =>
+        query
+          .findById(ctx.memberId)
+          .find(ctx.filteredQuery, this.allowParam)
+          .throwIfNotFound()
+          .modify(getModify(modify, trx))
+      )
+    },
+
+    async delete(ctx, modify) {
+      const count = await this.execute(ctx, (query, trx) =>
+        query
+          .ignoreScope()
+          .findById(ctx.memberId)
+          .find(ctx.filteredQuery, this.allowParam)
+          .throwIfNotFound()
+          .modify(getModify(modify, trx))
+          .modify(query => (this.unrelate ? query.unrelate() : query.delete()))
+      )
+      return { count }
+    },
+
+    async put(ctx, modify) {
+      return this.executeAndFetchById('update', ctx, modify)
+    },
+
+    async patch(ctx, modify) {
+      return this.executeAndFetchById('patch', ctx, modify)
+    }
+  })
+}
+
+function getModify(modify, trx) {
+  return modify
+    ? query => modify(query, trx)
+    : null
+}