@risingwave/wavelet-server 0.1.4 → 0.2.4

package/src/ddl-manager.ts

@@ -1,11 +1,11 @@
 import pg from 'pg'
-import type { WaveletConfig, StreamDef, ViewDef, SqlFragment, PostgresCdcSource } from '@risingwave/wavelet'
+import type { WaveletConfig, EventDef, QueryDef, SqlFragment, PostgresCdcSource } from '@risingwave/wavelet'
 
 const { Client } = pg
 
 export interface DdlAction {
   type: 'create' | 'update' | 'delete' | 'unchanged'
-  resource: 'stream' | 'source' | 'view' | 'subscription'
+  resource: 'event' | 'source' | 'query' | 'subscription'
   name: string
   detail?: string
 }
@@ -26,13 +26,13 @@ function normalizeSql(sql: string): string {
   return stripped.replace(/\s+/g, ' ').trim().toLowerCase()
 }
 
-function getViewQuery(viewDef: ViewDef | SqlFragment): string {
-  if ('_tag' in viewDef && viewDef._tag === 'sql') return viewDef.text
-  return (viewDef as ViewDef).query.text
+function getQuerySql(queryDef: QueryDef | SqlFragment): string {
+  if ('_tag' in queryDef && queryDef._tag === 'sql') return queryDef.text
+  return (queryDef as QueryDef).query.text
 }
 
-function buildCreateTableSql(name: string, streamDef: StreamDef): string {
-  const cols = Object.entries(streamDef.columns)
+function buildCreateTableSql(name: string, eventDef: EventDef): string {
+  const cols = Object.entries(eventDef.columns)
     .map(([colName, colType]) => {
       const sqlType = COLUMN_TYPE_MAP[colType]
       if (!sqlType) throw new Error(`Unknown column type "${colType}" for column "${colName}"`)
@@ -60,7 +60,7 @@ export class DdlManager {
   }
 
   /**
-   * Sync all streams, views, and subscriptions to match the config.
+   * Sync all events, queries, and subscriptions to match the config.
    * Returns a list of actions taken.
    * Idempotent - safe to call multiple times.
    */
@@ -71,24 +71,24 @@ export class DdlManager {
 
     // 1. Fetch existing state from RisingWave
     const existingTables = await this.getExistingTables()
-    const existingViews = await this.getExistingViews()
+    const existingMVs = await this.getExistingMaterializedViews()
     const existingSubscriptions = await this.getExistingSubscriptions()
 
-    const desiredStreams = config.streams ?? {}
+    const desiredEvents = config.events ?? config.streams ?? {}
     const desiredSources = config.sources ?? {}
-    const desiredViews = config.views ?? {}
+    const desiredQueries = config.queries ?? config.views ?? {}
 
-    // 2. Determine which streams (tables) to create or remove
-    const desiredStreamNames = new Set(Object.keys(desiredStreams))
-    const desiredViewNames = new Set(Object.keys(desiredViews))
+    // 2. Determine which events (tables) to create or remove
+    const desiredEventNames = new Set(Object.keys(desiredEvents))
+    const desiredQueryNames = new Set(Object.keys(desiredQueries))
 
-    // 3. Sync streams - create missing tables
-    for (const [streamName, streamDef] of Object.entries(desiredStreams)) {
-      if (existingTables.has(streamName)) {
-        actions.push({ type: 'unchanged', resource: 'stream', name: streamName })
+    // 3. Sync events - create missing tables
+    for (const [eventName, eventDef] of Object.entries(desiredEvents)) {
+      if (existingTables.has(eventName)) {
+        actions.push({ type: 'unchanged', resource: 'event', name: eventName })
       } else {
-        await this.createTable(streamName, streamDef)
-        actions.push({ type: 'create', resource: 'stream', name: streamName })
+        await this.createTable(eventName, eventDef)
+        actions.push({ type: 'create', resource: 'event', name: eventName })
       }
     }
 
@@ -108,41 +108,41 @@ export class DdlManager {
       }
     }
 
-    // 4. Sync views - create, update, or leave unchanged
-    for (const [viewName, viewDef] of Object.entries(desiredViews)) {
-      const subName = `wavelet_sub_${viewName}`
-      const desiredSql = getViewQuery(viewDef)
-      const existingSql = existingViews.get(viewName)
+    // 4. Sync queries - create, update, or leave unchanged
+    for (const [queryName, queryDef] of Object.entries(desiredQueries)) {
+      const subName = `wavelet_sub_${queryName}`
+      const desiredSql = getQuerySql(queryDef)
+      const existingSql = existingMVs.get(queryName)
 
       if (existingSql === undefined) {
-        // View does not exist - create MV and subscription
-        await this.createMaterializedView(viewName, desiredSql)
-        actions.push({ type: 'create', resource: 'view', name: viewName })
+        // MV does not exist - create MV and subscription
+        await this.createMaterializedView(queryName, desiredSql)
+        actions.push({ type: 'create', resource: 'query', name: queryName })
 
-        await this.createSubscription(subName, viewName)
+        await this.createSubscription(subName, queryName)
         actions.push({ type: 'create', resource: 'subscription', name: subName })
       } else if (normalizeSql(existingSql) !== normalizeSql(desiredSql)) {
-        // View SQL changed - drop subscription, drop MV, recreate
+        // Query SQL changed - drop subscription, drop MV, recreate
         if (existingSubscriptions.has(subName)) {
           await this.dropSubscription(subName)
-          actions.push({ type: 'delete', resource: 'subscription', name: subName, detail: 'dropped for view update' })
+          actions.push({ type: 'delete', resource: 'subscription', name: subName, detail: 'dropped for query update' })
         }
 
-        await this.dropMaterializedView(viewName)
-        actions.push({ type: 'delete', resource: 'view', name: viewName, detail: 'dropped for update' })
+        await this.dropMaterializedView(queryName)
+        actions.push({ type: 'delete', resource: 'query', name: queryName, detail: 'dropped for update' })
 
-        await this.createMaterializedView(viewName, desiredSql)
-        actions.push({ type: 'create', resource: 'view', name: viewName, detail: 'recreated with updated SQL' })
+        await this.createMaterializedView(queryName, desiredSql)
+        actions.push({ type: 'create', resource: 'query', name: queryName, detail: 'recreated with updated SQL' })
 
-        await this.createSubscription(subName, viewName)
-        actions.push({ type: 'create', resource: 'subscription', name: subName, detail: 'recreated after view update' })
+        await this.createSubscription(subName, queryName)
+        actions.push({ type: 'create', resource: 'subscription', name: subName, detail: 'recreated after query update' })
       } else {
-        // View SQL unchanged
-        actions.push({ type: 'unchanged', resource: 'view', name: viewName })
+        // Query SQL unchanged
+        actions.push({ type: 'unchanged', resource: 'query', name: queryName })
 
-        // Ensure subscription exists even if the view is unchanged
+        // Ensure subscription exists even if the query is unchanged
         if (!existingSubscriptions.has(subName)) {
-          await this.createSubscription(subName, viewName)
+          await this.createSubscription(subName, queryName)
           actions.push({ type: 'create', resource: 'subscription', name: subName })
         } else {
           actions.push({ type: 'unchanged', resource: 'subscription', name: subName })
@@ -150,19 +150,19 @@ export class DdlManager {
       }
     }
 
-    // 5. Remove views that are no longer in the config
-    for (const [existingViewName] of existingViews) {
-      if (!desiredViewNames.has(existingViewName)) {
-        const subName = `wavelet_sub_${existingViewName}`
+    // 5. Remove queries that are no longer in the config
+    for (const [existingMVName] of existingMVs) {
+      if (!desiredQueryNames.has(existingMVName)) {
+        const subName = `wavelet_sub_${existingMVName}`
 
         // Drop subscription first
         if (existingSubscriptions.has(subName)) {
           await this.dropSubscription(subName)
-          actions.push({ type: 'delete', resource: 'subscription', name: subName, detail: 'view removed from config' })
+          actions.push({ type: 'delete', resource: 'subscription', name: subName, detail: 'query removed from config' })
         }
 
-        await this.dropMaterializedView(existingViewName)
-        actions.push({ type: 'delete', resource: 'view', name: existingViewName, detail: 'removed from config' })
+        await this.dropMaterializedView(existingMVName)
+        actions.push({ type: 'delete', resource: 'query', name: existingMVName, detail: 'removed from config' })
       }
     }
 
@@ -171,32 +171,32 @@ export class DdlManager {
       // Only manage wavelet-prefixed subscriptions
       if (!existingSubName.startsWith('wavelet_sub_')) continue
 
-      const viewName = existingSubName.slice('wavelet_sub_'.length)
-      if (!desiredViewNames.has(viewName)) {
-        // Already handled in step 5 if the view existed, but handle dangling subs too
-        if (!existingViews.has(viewName)) {
+      const queryName = existingSubName.slice('wavelet_sub_'.length)
+      if (!desiredQueryNames.has(queryName)) {
+        // Already handled in step 5 if the MV existed, but handle dangling subs too
+        if (!existingMVs.has(queryName)) {
           await this.dropSubscription(existingSubName)
           actions.push({ type: 'delete', resource: 'subscription', name: existingSubName, detail: 'orphaned subscription' })
         }
       }
     }
 
-    // 7. Remove streams (tables) that are no longer in the config
+    // 7. Remove events (tables) that are no longer in the config
     for (const existingTableName of existingTables) {
-      if (!desiredStreamNames.has(existingTableName)) {
+      if (!desiredEventNames.has(existingTableName)) {
         // Only drop if no MV depends on it
-        const hasDependents = await this.tableHasDependentViews(existingTableName)
+        const hasDependents = await this.tableHasDependentMVs(existingTableName)
         if (hasDependents) {
           console.log(`[ddl-manager] Skipping drop of table "${existingTableName}" - materialized views depend on it`)
           actions.push({
             type: 'unchanged',
-            resource: 'stream',
+            resource: 'event',
             name: existingTableName,
-            detail: 'kept because dependent views exist',
+            detail: 'kept because dependent materialized views exist',
           })
         } else {
           await this.dropTable(existingTableName)
-          actions.push({ type: 'delete', resource: 'stream', name: existingTableName, detail: 'removed from config' })
+          actions.push({ type: 'delete', resource: 'event', name: existingTableName, detail: 'removed from config' })
         }
       }
     }
@@ -213,7 +213,7 @@ export class DdlManager {
     return new Set(result.rows.map((r: any) => r.table_name))
   }
 
-  private async getExistingViews(): Promise<Map<string, string>> {
+  private async getExistingMaterializedViews(): Promise<Map<string, string>> {
     const result = await this.client!.query(
       `SELECT name, definition FROM rw_catalog.rw_materialized_views WHERE schema_id = (SELECT id FROM rw_catalog.rw_schemas WHERE name = 'public')`
     )
@@ -243,7 +243,7 @@ export class DdlManager {
     return new Set(result.rows.map((r: any) => r.name))
   }
 
-  private async tableHasDependentViews(tableName: string): Promise<boolean> {
+  private async tableHasDependentMVs(tableName: string): Promise<boolean> {
     const result = await this.client!.query(
       `SELECT name FROM rw_catalog.rw_materialized_views WHERE schema_id = (SELECT id FROM rw_catalog.rw_schemas WHERE name = 'public') AND definition ILIKE $1`,
       [`%${tableName}%`]
@@ -253,8 +253,8 @@ export class DdlManager {
 
   // ── DDL operations ────────────────────────────────────────────────────
 
-  private async createTable(name: string, streamDef: StreamDef): Promise<void> {
-    const sql = buildCreateTableSql(name, streamDef)
+  private async createTable(name: string, eventDef: EventDef): Promise<void> {
+    const sql = buildCreateTableSql(name, eventDef)
     try {
       await this.client!.query(sql)
       console.log(`[ddl-manager] Created table: ${name}`)
@@ -359,20 +359,21 @@ export class DdlManager {
 
     const parsed = parsePostgresUrl(source.connection)
 
+    const esc = (s: string) => s.replace(/'/g, "''")
     try {
       await this.client!.query(`
         CREATE TABLE IF NOT EXISTS ${cdcTableName} (*)
         WITH (
           connector = 'postgres-cdc',
-          hostname = '${parsed.host}',
-          port = '${parsed.port}',
-          username = '${parsed.user}',
-          password = '${parsed.password}',
-          database.name = '${parsed.database}',
-          schema.name = '${parsed.schema}',
-          table.name = '${tableName}',
-          slot.name = '${slotName}',
-          publication.name = '${pubName}'
+          hostname = '${esc(parsed.host)}',
+          port = '${esc(parsed.port)}',
+          username = '${esc(parsed.user)}',
+          password = '${esc(parsed.password)}',
+          database.name = '${esc(parsed.database)}',
+          schema.name = '${esc(parsed.schema)}',
+          table.name = '${esc(tableName)}',
+          slot.name = '${esc(slotName)}',
+          publication.name = '${esc(pubName)}'
         )
       `)
       console.log(`[ddl-manager] Created CDC source: ${cdcTableName} (from ${parsed.host}/${parsed.database}.${tableName})`)

package/src/http-api.ts

@@ -1,16 +1,20 @@
 import type { IncomingMessage, ServerResponse } from 'node:http'
 import pg from 'pg'
-import type { StreamDef, ViewDef, SqlFragment } from '@risingwave/wavelet'
+import type { EventDef, QueryDef, SqlFragment } from '@risingwave/wavelet'
+import type { JwtVerifier, JwtClaims } from './jwt.js'
 
-const { Client } = pg
+const { Pool } = pg
+
+const MAX_BODY_SIZE = 10 * 1024 * 1024 // 10MB
 
 export class HttpApi {
-  private client: InstanceType<typeof Client> | null = null
+  private pool: InstanceType<typeof Pool> | null = null
 
   constructor(
     private connectionString: string,
-    private streams: Record<string, StreamDef>,
-    private views: Record<string, ViewDef | SqlFragment>
+    private events: Record<string, EventDef>,
+    private queries: Record<string, QueryDef | SqlFragment>,
+    private jwt?: JwtVerifier
   ) {}
 
   async handle(req: IncomingMessage, res: ServerResponse): Promise<void> {
@@ -28,24 +32,24 @@ export class HttpApi {
     const url = new URL(req.url ?? '/', `http://${req.headers.host}`)
 
     try {
-      // POST /v1/streams/{name}
-      const streamMatch = url.pathname.match(/^\/v1\/streams\/([^/]+)$/)
-      if (streamMatch && req.method === 'POST') {
-        await this.handleWrite(streamMatch[1], req, res)
+      // POST /v1/events/{name}
+      const eventMatch = url.pathname.match(/^\/v1\/events\/([^/]+)$/)
+      if (eventMatch && req.method === 'POST') {
+        await this.handleWrite(eventMatch[1], req, res)
         return
       }
 
-      // POST /v1/streams/{name}/batch
-      const batchMatch = url.pathname.match(/^\/v1\/streams\/([^/]+)\/batch$/)
+      // POST /v1/events/{name}/batch
+      const batchMatch = url.pathname.match(/^\/v1\/events\/([^/]+)\/batch$/)
       if (batchMatch && req.method === 'POST') {
         await this.handleBatchWrite(batchMatch[1], req, res)
         return
       }
 
-      // GET /v1/views/{name}
-      const viewMatch = url.pathname.match(/^\/v1\/views\/([^/]+)$/)
-      if (viewMatch && req.method === 'GET') {
-        await this.handleRead(viewMatch[1], url, res)
+      // GET /v1/queries/{name}
+      const queryMatch = url.pathname.match(/^\/v1\/queries\/([^/]+)$/)
+      if (queryMatch && req.method === 'GET') {
+        await this.handleRead(queryMatch[1], url, req, res)
         return
       }
 
@@ -55,15 +59,15 @@ export class HttpApi {
         return
       }
 
-      // GET /v1/views - list available views
-      if (url.pathname === '/v1/views' && req.method === 'GET') {
-        this.json(res, 200, { views: Object.keys(this.views) })
+      // GET /v1/queries - list available queries
+      if (url.pathname === '/v1/queries' && req.method === 'GET') {
+        this.json(res, 200, { queries: Object.keys(this.queries) })
         return
       }
 
-      // GET /v1/streams - list available streams
-      if (url.pathname === '/v1/streams' && req.method === 'GET') {
-        this.json(res, 200, { streams: Object.keys(this.streams) })
+      // GET /v1/events - list available events
+      if (url.pathname === '/v1/events' && req.method === 'GET') {
+        this.json(res, 200, { events: Object.keys(this.events) })
         return
       }
 
@@ -72,11 +76,11 @@ export class HttpApi {
         message: `${req.method} ${url.pathname} does not match any route.`,
         routes: [
           'GET  /v1/health',
-          'GET  /v1/views',
-          'GET  /v1/views/{name}',
-          'GET  /v1/streams',
-          'POST /v1/streams/{name}',
-          'POST /v1/streams/{name}/batch',
+          'GET  /v1/queries',
+          'GET  /v1/queries/{name}',
+          'GET  /v1/events',
+          'POST /v1/events/{name}',
+          'POST /v1/events/{name}/batch',
         ],
       })
     } catch (err: any) {
@@ -85,21 +89,20 @@ export class HttpApi {
     }
   }
 
-  private async ensureClient(): Promise<InstanceType<typeof Client>> {
-    if (!this.client) {
-      this.client = new Client({ connectionString: this.connectionString })
-      await this.client.connect()
+  private ensurePool(): InstanceType<typeof Pool> {
+    if (!this.pool) {
+      this.pool = new Pool({ connectionString: this.connectionString, max: 10 })
     }
-    return this.client
+    return this.pool
   }
 
-  private async handleWrite(streamName: string, req: IncomingMessage, res: ServerResponse): Promise<void> {
-    const stream = this.streams[streamName]
-    if (!stream) {
-      const available = Object.keys(this.streams)
+  private async handleWrite(eventName: string, req: IncomingMessage, res: ServerResponse): Promise<void> {
+    const eventDef = this.events[eventName]
+    if (!eventDef) {
+      const available = Object.keys(this.events)
       this.json(res, 404, {
-        error: `Stream '${streamName}' not found.`,
-        available_streams: available,
+        error: `Event '${eventName}' not found.`,
+        available_events: available,
       })
       return
     }
@@ -107,80 +110,147 @@ export class HttpApi {
     const body = await this.readBody(req)
     const data = JSON.parse(body)
 
-    const client = await this.ensureClient()
-    const columns = Object.keys(stream.columns)
+    const pool = this.ensurePool()
+    const columns = Object.keys(eventDef.columns)
     const values = columns.map((col) => data[col])
     const placeholders = columns.map((_, i) => `$${i + 1}`)
 
-    await client.query(
-      `INSERT INTO ${streamName} (${columns.join(', ')}) VALUES (${placeholders.join(', ')})`,
+    await pool.query(
+      `INSERT INTO ${eventName} (${columns.join(', ')}) VALUES (${placeholders.join(', ')})`,
       values
     )
 
     this.json(res, 200, { ok: true })
   }
 
-  private async handleBatchWrite(streamName: string, req: IncomingMessage, res: ServerResponse): Promise<void> {
-    const stream = this.streams[streamName]
-    if (!stream) {
-      const available = Object.keys(this.streams)
+  private async handleBatchWrite(eventName: string, req: IncomingMessage, res: ServerResponse): Promise<void> {
+    const eventDef = this.events[eventName]
+    if (!eventDef) {
+      const available = Object.keys(this.events)
       this.json(res, 404, {
-        error: `Stream '${streamName}' not found.`,
-        available_streams: available,
+        error: `Event '${eventName}' not found.`,
+        available_events: available,
       })
       return
     }
 
     const body = await this.readBody(req)
-    const events: any[] = JSON.parse(body)
+    const items: any[] = JSON.parse(body)
 
-    if (!Array.isArray(events)) {
+    if (!Array.isArray(items)) {
       this.json(res, 400, { error: 'Batch endpoint expects a JSON array.' })
       return
     }
 
-    const client = await this.ensureClient()
-    const columns = Object.keys(stream.columns)
+    if (items.length === 0) {
+      this.json(res, 200, { ok: true, count: 0 })
+      return
+    }
+
+    const pool = this.ensurePool()
+    const columns = Object.keys(eventDef.columns)
 
-    for (const data of events) {
-      const values = columns.map((col) => data[col])
-      const placeholders = columns.map((_, i) => `$${i + 1}`)
-      await client.query(
-        `INSERT INTO ${streamName} (${columns.join(', ')}) VALUES (${placeholders.join(', ')})`,
-        values
-      )
+    // Build a single INSERT with multiple VALUE rows
+    const allValues: unknown[] = []
+    const rowPlaceholders: string[] = []
+
+    for (let i = 0; i < items.length; i++) {
+      const row = items[i]
+      const offset = i * columns.length
+      const ph = columns.map((_, j) => `$${offset + j + 1}`)
+      rowPlaceholders.push(`(${ph.join(', ')})`)
+      for (const col of columns) {
+        allValues.push(row[col])
+      }
     }
 
-    this.json(res, 200, { ok: true, count: events.length })
+    await pool.query(
+      `INSERT INTO ${eventName} (${columns.join(', ')}) VALUES ${rowPlaceholders.join(', ')}`,
+      allValues
+    )
+
+    this.json(res, 200, { ok: true, count: items.length })
   }
 
-  private async handleRead(viewName: string, url: URL, res: ServerResponse): Promise<void> {
-    if (!this.views[viewName]) {
-      const available = Object.keys(this.views)
+  private async handleRead(queryName: string, url: URL, req: IncomingMessage, res: ServerResponse): Promise<void> {
+    if (!this.queries[queryName]) {
+      const available = Object.keys(this.queries)
       this.json(res, 404, {
-        error: `View '${viewName}' not found.`,
-        available_views: available,
+        error: `Query '${queryName}' not found.`,
+        available_queries: available,
       })
       return
     }
 
-    const client = await this.ensureClient()
+    // JWT verification for queries with filterBy
+    const queryDef = this.queries[queryName]
+    const filterBy = this.getFilterBy(queryDef)
+
+    let claims: JwtClaims | null = null
+    if (filterBy && this.jwt?.isConfigured()) {
+      const token = url.searchParams.get('token')
+        ?? req.headers.authorization?.replace('Bearer ', '')
+
+      if (!token) {
+        this.json(res, 401, { error: 'Authentication required for filtered queries.' })
+        return
+      }
+
+      claims = await this.jwt.verify(token)
+    }
+
+    const pool = this.ensurePool()
 
-    // Build WHERE clause from query params
+    // Build WHERE clause: start with filterBy if applicable
     const params: string[] = []
     const values: unknown[] = []
+
+    if (filterBy && claims) {
+      const claimValue = claims[filterBy]
+      if (claimValue === undefined) {
+        // No matching claim -- return empty result, not all data
+        this.json(res, 200, { query: queryName, rows: [] })
+        return
+      }
+      values.push(String(claimValue))
+      params.push(`${filterBy} = $${values.length}`)
+    }
+
+    // Add query params as additional filters, validating column names
+    const knownColumns = this.getQueryColumns(queryDef)
     for (const [key, value] of url.searchParams.entries()) {
-      params.push(`${key} = $${params.length + 1}`)
+      if (key === 'token') continue // skip JWT token param
+      if (knownColumns && !knownColumns.includes(key)) {
+        this.json(res, 400, { error: `Unknown column '${key}'. Known columns: ${knownColumns.join(', ')}` })
+        return
+      }
+      if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(key)) {
+        this.json(res, 400, { error: `Invalid column name: '${key}'` })
+        return
+      }
       values.push(value)
+      params.push(`${key} = $${values.length}`)
     }
 
-    let sql = `SELECT * FROM ${viewName}`
+    let sql = `SELECT * FROM ${queryName}`
     if (params.length > 0) {
       sql += ` WHERE ${params.join(' AND ')}`
     }
 
-    const result = await client.query(sql, values)
-    this.json(res, 200, { view: viewName, rows: result.rows })
+    const result = await pool.query(sql, values)
+    this.json(res, 200, { query: queryName, rows: result.rows })
+  }
+
+  private getFilterBy(queryDef: QueryDef | SqlFragment): string | undefined {
+    if ('_tag' in queryDef && queryDef._tag === 'sql') return undefined
+    return (queryDef as QueryDef).filterBy
+  }
+
+  private getQueryColumns(queryDef: QueryDef | SqlFragment): string[] | null {
+    if ('_tag' in queryDef && queryDef._tag === 'sql') return null
+    const qd = queryDef as QueryDef
+    if (qd.columns) return Object.keys(qd.columns)
+    return null
   }
 
   private json(res: ServerResponse, status: number, data: unknown): void {
@@ -191,7 +261,16 @@ export class HttpApi {
   private readBody(req: IncomingMessage): Promise<string> {
     return new Promise((resolve, reject) => {
       let body = ''
-      req.on('data', (chunk) => { body += chunk })
+      let size = 0
+      req.on('data', (chunk) => {
+        size += chunk.length
+        if (size > MAX_BODY_SIZE) {
+          req.destroy()
+          reject(new Error(`Request body exceeds ${MAX_BODY_SIZE / 1024 / 1024}MB limit`))
+          return
+        }
+        body += chunk
+      })
       req.on('end', () => resolve(body))
       req.on('error', reject)
     })

package/src/server.ts

@@ -2,6 +2,7 @@ import { createServer, type IncomingMessage, type ServerResponse, type Server }
 import type { WaveletConfig } from '@risingwave/wavelet'
 import { CursorManager } from './cursor-manager.js'
 import { WebSocketFanout } from './ws-fanout.js'
+import { WebhookFanout } from './webhook.js'
 import { HttpApi } from './http-api.js'
 import { JwtVerifier } from './jwt.js'
 
@@ -9,14 +10,18 @@ export class WaveletServer {
   private httpServer: ReturnType<typeof createServer> | null = null
   private cursorManager: CursorManager
   private fanout: WebSocketFanout
+  private webhooks: WebhookFanout
   private httpApi: HttpApi
   private jwt: JwtVerifier
 
   constructor(private config: WaveletConfig) {
     this.jwt = new JwtVerifier(config.jwt)
-    this.cursorManager = new CursorManager(config.database, config.views ?? {})
-    this.fanout = new WebSocketFanout(this.cursorManager, this.jwt, config.views ?? {})
-    this.httpApi = new HttpApi(config.database, config.streams ?? {}, config.views ?? {})
+    const queries = config.queries ?? config.views ?? {}
+    const events = config.events ?? config.streams ?? {}
+    this.cursorManager = new CursorManager(config.database, queries)
+    this.fanout = new WebSocketFanout(this.cursorManager, this.jwt, queries)
+    this.webhooks = new WebhookFanout(queries, config.jwt?.secret)
+    this.httpApi = new HttpApi(config.database, events, queries, this.jwt)
   }
 
   async start(): Promise<void> {
@@ -27,14 +32,15 @@ export class WaveletServer {
     this.fanout.attach(this.httpServer)
 
     await this.cursorManager.initialize()
-    this.cursorManager.startPolling((viewName, diffs) => {
-      this.fanout.broadcast(viewName, diffs)
+    this.cursorManager.startPolling((queryName, diffs) => {
+      this.fanout.broadcast(queryName, diffs)
+      this.webhooks.broadcast(queryName, diffs)
     })
 
     await new Promise<void>((resolve) => {
       this.httpServer!.listen(port, host, () => {
         console.log(`Wavelet server listening on ${host}:${port}`)
-        console.log(`WebSocket: ws://${host}:${port}/subscribe/{view}`)
+        console.log(`WebSocket: ws://${host}:${port}/subscribe/{query}`)
         console.log(`HTTP API:  http://${host}:${port}/v1/`)
         resolve()
       })
@@ -53,8 +59,9 @@ export class WaveletServer {
     this.fanout.attach(server, prefix)
 
     await this.cursorManager.initialize()
-    this.cursorManager.startPolling((viewName, diffs) => {
-      this.fanout.broadcast(viewName, diffs)
+    this.cursorManager.startPolling((queryName, diffs) => {
+      this.fanout.broadcast(queryName, diffs)
+      this.webhooks.broadcast(queryName, diffs)
     })
 
     const handleHttp = (req: IncomingMessage, res: ServerResponse) => {