npm - @rpcbase/server - Versions diffs - 0.467.0 → 0.468.0 - Mend

@rpcbase/server 0.467.0 → 0.468.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/dist/handler-DHunTqwt.js +3384 -0
package/dist/{index-BXODFGBH.js → index-BSIupjlE.js} +112 -40
package/dist/index.js +8075 -60
package/dist/render_resend_false-MiC__Smr.js +5 -0
package/dist/rts/api/changes/handler.d.ts +9 -0
package/dist/rts/api/changes/handler.d.ts.map +1 -0
package/dist/rts/api/changes/handler.test.d.ts +2 -0
package/dist/rts/api/changes/handler.test.d.ts.map +1 -0
package/dist/rts/api/changes/index.d.ts +25 -0
package/dist/rts/api/changes/index.d.ts.map +1 -0
package/dist/rts/index.d.ts +5 -1
package/dist/rts/index.d.ts.map +1 -1
package/dist/rts/index.ws.test.d.ts +2 -0
package/dist/rts/index.ws.test.d.ts.map +1 -0
package/dist/rts/routes.d.ts +2 -0
package/dist/rts/routes.d.ts.map +1 -0
package/dist/rts.d.ts +1 -0
package/dist/rts.d.ts.map +1 -1
package/dist/rts.js +9 -2
package/package.json +5 -5

package/dist/{index-BXODFGBH.js → index-BSIupjlE.js} RENAMED Viewed

@@ -5,6 +5,10 @@ const TENANT_ID_QUERY_PARAM = "rb-tenant-id";
 const USER_ID_HEADER = "rb-user-id";
 const QUERY_KEY_MAX_LEN = 4096;
 const QUERY_MAX_LIMIT = 4096;
+const INTERNAL_MODEL_NAMES = /* @__PURE__ */ new Set(["RtsChange", "RtsCounter"]);
+const DEFAULT_MAX_PAYLOAD_BYTES = 1024 * 1024;
+const DEFAULT_MAX_SUBSCRIPTIONS_PER_SOCKET = 256;
+const DEFAULT_DISPATCH_DEBOUNCE_MS = 25;
 const initializedServers = /* @__PURE__ */ new WeakSet();
 const customHandlers = [];
 const sockets = /* @__PURE__ */ new Map();
@@ -14,6 +18,12 @@ const socketCleanup = /* @__PURE__ */ new Map();
 const socketSubscriptions = /* @__PURE__ */ new Map();
 const subscriptions = /* @__PURE__ */ new Map();
 const changeStreams = /* @__PURE__ */ new Map();
+const dispatchTimers = /* @__PURE__ */ new Map();
+const upgradeMeta = /* @__PURE__ */ new WeakMap();
+let maxPayloadBytes = DEFAULT_MAX_PAYLOAD_BYTES;
+let maxSubscriptionsPerSocket = DEFAULT_MAX_SUBSCRIPTIONS_PER_SOCKET;
+let dispatchDebounceMs = DEFAULT_DISPATCH_DEBOUNCE_MS;
+let allowInternalModels = false;
 class RtsSocket {
   id;
   tenantId;
@@ -70,6 +80,13 @@ const sendWs = (ws, message) => {
   if (ws.readyState !== 1) return;
   ws.send(JSON.stringify(message));
 };
+const redactErrorMessage = (err) => {
+  const raw = err instanceof Error ? err.message : "Unknown error";
+  const trimmedModelList = raw.replace(/\.\s+Available models:[\s\S]*$/, "");
+  const maxLen = 256;
+  if (trimmedModelList.length <= maxLen) return trimmedModelList;
+  return trimmedModelList.slice(0, maxLen);
+};
 const unauthorized = (socket, message = "Unauthorized") => {
   try {
     socket.write("HTTP/1.1 401 Unauthorized\r\n\r\n");
@@ -92,10 +109,11 @@ const badRequest = (socket, message = "Bad Request") => {
 };
 const runSessionMiddleware = async (sessionMiddleware, req) => {
   await new Promise((resolve, reject) => {
-    sessionMiddleware(req, {}, (err) => {
+    const next = (err) => {
       if (err) reject(err);
       else resolve();
-    });
+    };
+    sessionMiddleware(req, {}, next);
   });
 };
 const parseUpgradeMeta = async ({
@@ -107,37 +125,39 @@ const parseUpgradeMeta = async ({
   if (!tenantId) {
     throw new Error("Missing rb-tenant-id query parameter");
   }
-  const raw = req.headers[USER_ID_HEADER];
-  const headerUserId = Array.isArray(raw) ? raw[0] : raw;
-  if (headerUserId) return { tenantId, userId: headerUserId };
-  if (!sessionMiddleware) {
-    throw new Error("Missing rb-user-id header (reverse-proxy) and no session middleware configured");
-  }
-  const upgradeReq = req;
-  try {
-    await runSessionMiddleware(sessionMiddleware, upgradeReq);
-  } catch {
-    throw new Error("Failed to load session for RTS");
-  }
-  const sessionUser = upgradeReq.session?.user;
-  const sessionUserId = sessionUser?.id;
-  if (!sessionUserId) {
-    throw new Error("Not signed in (missing session.user.id)");
-  }
-  const signedInTenants = sessionUser?.signed_in_tenants;
-  const currentTenantId = sessionUser?.current_tenant_id;
-  if (Array.isArray(signedInTenants) && signedInTenants.length > 0) {
-    if (!signedInTenants.includes(tenantId)) {
-      throw new Error("Tenant not authorized for this session");
+  if (sessionMiddleware) {
+    const upgradeReq = req;
+    try {
+      await runSessionMiddleware(sessionMiddleware, upgradeReq);
+    } catch {
+      throw new Error("Failed to load session for RTS");
+    }
+    const sessionUser = upgradeReq.session?.user;
+    const sessionUserId = sessionUser?.id;
+    if (!sessionUserId) {
+      throw new Error("Not signed in (missing session.user.id)");
     }
-  } else if (currentTenantId) {
-    if (currentTenantId !== tenantId) {
+    const signedInTenants = sessionUser?.signed_in_tenants;
+    const currentTenantId = sessionUser?.current_tenant_id;
+    if (Array.isArray(signedInTenants) && signedInTenants.length > 0) {
+      if (!signedInTenants.includes(tenantId)) {
+        throw new Error("Tenant not authorized for this session");
+      }
+    } else if (currentTenantId) {
+      if (currentTenantId !== tenantId) {
+        throw new Error("Tenant not authorized for this session");
+      }
+    } else {
       throw new Error("Tenant not authorized for this session");
     }
-  } else {
-    throw new Error("Tenant not authorized for this session");
+    return { tenantId, userId: sessionUserId };
   }
-  return { tenantId, userId: sessionUserId };
+  const raw = req.headers[USER_ID_HEADER];
+  const headerUserId = Array.isArray(raw) ? raw[0] : raw;
+  if (!headerUserId) {
+    throw new Error("Missing rb-user-id header (reverse-proxy) and no session middleware configured");
+  }
+  return { tenantId, userId: headerUserId };
 };
 const getTenantModel = async (tenantId, modelName) => {
   const ctx = {
@@ -159,15 +179,32 @@ const normalizeLimit = (limit) => {
 const normalizeOptions = (options) => {
   if (!options || typeof options !== "object") return {};
   const normalized = {};
-  if (options.projection && typeof options.projection === "object") {
+  if (options.projection && typeof options.projection === "object" && !Array.isArray(options.projection)) {
     normalized.projection = options.projection;
   }
-  if (options.sort && typeof options.sort === "object") {
+  if (options.sort && typeof options.sort === "object" && !Array.isArray(options.sort)) {
     normalized.sort = options.sort;
   }
   normalized.limit = normalizeLimit(options.limit);
   return normalized;
 };
+const makeDispatchKey = (tenantId, modelName) => `${tenantId}:${modelName}`;
+const clearDispatchTimer = (tenantId, modelName) => {
+  const key = makeDispatchKey(tenantId, modelName);
+  const timer = dispatchTimers.get(key);
+  if (!timer) return;
+  clearTimeout(timer);
+  dispatchTimers.delete(key);
+};
+const scheduleDispatchSubscriptionsForModel = (tenantId, modelName) => {
+  const key = makeDispatchKey(tenantId, modelName);
+  if (dispatchTimers.has(key)) return;
+  const delay = Math.max(0, Math.min(1e3, Math.floor(dispatchDebounceMs)));
+  dispatchTimers.set(key, setTimeout(() => {
+    dispatchTimers.delete(key);
+    void dispatchSubscriptionsForModel(tenantId, modelName);
+  }, delay));
+};
 const runAndSendQuery = async ({
   tenantId,
   targetSocketIds,
@@ -210,7 +247,7 @@ const dispatchSubscriptionsForModel = async (tenantId, modelName) => {
         options: sub.options
       });
     } catch (err) {
-      const error = err instanceof Error ? err.message : "Unknown error";
+      const error = redactErrorMessage(err);
       const payload = { type: "query_payload", modelName, queryKey, error };
       for (const socketId of targetSocketIds) {
         const ws = sockets.get(socketId);
@@ -229,15 +266,17 @@ const ensureChangeStream = async (tenantId, modelName) => {
     fullDocument: "updateLookup"
   });
   stream.on("change", () => {
-    void dispatchSubscriptionsForModel(tenantId, modelName);
+    scheduleDispatchSubscriptionsForModel(tenantId, modelName);
   });
   stream.on("close", () => {
+    clearDispatchTimer(tenantId, modelName);
     const map = changeStreams.get(tenantId);
     map?.delete(modelName);
     if (map && map.size === 0) changeStreams.delete(tenantId);
   });
   stream.on("error", () => {
     try {
+      clearDispatchTimer(tenantId, modelName);
       stream.close();
     } catch {
     }
@@ -304,6 +343,7 @@ const removeSocketSubscription = ({
         stream.close();
       } catch {
       }
+      clearDispatchTimer(tenantId, modelName);
       tenantStreams?.delete(modelName);
       if (tenantStreams && tenantStreams.size === 0) changeStreams.delete(tenantId);
     }
@@ -354,6 +394,10 @@ const handleClientMessage = async ({
     return;
   }
   if (!message.modelName || typeof message.modelName !== "string") return;
+  if (!allowInternalModels && INTERNAL_MODEL_NAMES.has(message.modelName)) {
+    sendWs(ws, { type: "query_payload", modelName: message.modelName, queryKey: message.queryKey ?? "", error: "Model not allowed" });
+    return;
+  }
   if (!message.queryKey || typeof message.queryKey !== "string") return;
   if (message.queryKey.length > QUERY_KEY_MAX_LEN) return;
   if (message.type === "remove_query") {
@@ -368,6 +412,18 @@ const handleClientMessage = async ({
   if (!message.query || typeof message.query !== "object") return;
   const options = normalizeOptions(message.options);
   if (message.type === "registerQuery") {
+    const existing = socketSubscriptions.get(socketId)?.get(message.modelName)?.has(message.queryKey) ?? false;
+    if (!existing) {
+      let count = 0;
+      const byModel = socketSubscriptions.get(socketId);
+      if (byModel) {
+        for (const set of byModel.values()) count += set.size;
+      }
+      if (count >= maxSubscriptionsPerSocket) {
+        sendWs(ws, { type: "query_payload", modelName: message.modelName, queryKey: message.queryKey, error: "Too many subscriptions" });
+        return;
+      }
+    }
     addSocketSubscription({
       socketId,
       tenantId: meta.tenantId,
@@ -379,7 +435,7 @@ const handleClientMessage = async ({
     try {
       await ensureChangeStream(meta.tenantId, message.modelName);
     } catch (err) {
-      const error = err instanceof Error ? err.message : "Unable to initialize change stream";
+      const error = redactErrorMessage(err);
       sendWs(ws, { type: "query_payload", modelName: message.modelName, queryKey: message.queryKey, error });
       return;
     }
@@ -394,19 +450,34 @@ const handleClientMessage = async ({
       options
     });
   } catch (err) {
-    const error = err instanceof Error ? err.message : "Unknown error";
+    const error = redactErrorMessage(err);
     sendWs(ws, { type: "query_payload", modelName: message.modelName, queryKey: message.queryKey, error });
   }
 };
 const initRts = ({
   server,
   path = "/rts",
-  sessionMiddleware
+  sessionMiddleware,
+  maxPayloadBytes: maxPayloadBytesArg,
+  maxSubscriptionsPerSocket: maxSubscriptionsPerSocketArg,
+  dispatchDebounceMs: dispatchDebounceMsArg,
+  allowInternalModels: allowInternalModelsArg
 }) => {
   if (initializedServers.has(server)) return;
   initializedServers.add(server);
-  const wss = new WebSocketServer({ noServer: true });
+  if (typeof maxPayloadBytesArg === "number" && Number.isFinite(maxPayloadBytesArg) && maxPayloadBytesArg > 0) {
+    maxPayloadBytes = Math.floor(maxPayloadBytesArg);
+  }
+  if (typeof maxSubscriptionsPerSocketArg === "number" && Number.isFinite(maxSubscriptionsPerSocketArg) && maxSubscriptionsPerSocketArg > 0) {
+    maxSubscriptionsPerSocket = Math.floor(maxSubscriptionsPerSocketArg);
+  }
+  if (typeof dispatchDebounceMsArg === "number" && Number.isFinite(dispatchDebounceMsArg) && dispatchDebounceMsArg >= 0) {
+    dispatchDebounceMs = Math.floor(dispatchDebounceMsArg);
+  }
+  allowInternalModels = Boolean(allowInternalModelsArg);
+  const wss = new WebSocketServer({ noServer: true, maxPayload: maxPayloadBytes });
   server.on("upgrade", (req, socket, head) => {
+    upgradeMeta.delete(req);
     let url;
     try {
       url = new URL(req.url ?? "", `http://${req.headers.host ?? "localhost"}`);
@@ -418,7 +489,7 @@ const initRts = ({
     void (async () => {
       try {
         const meta = await parseUpgradeMeta({ req, url, sessionMiddleware });
-        req.__rb_rts_meta = meta;
+        upgradeMeta.set(req, meta);
         wss.handleUpgrade(req, socket, head, (ws) => {
           wss.emit("connection", ws, req);
         });
@@ -436,7 +507,8 @@ const initRts = ({
     });
   });
   wss.on("connection", (ws, req) => {
-    const meta = req.__rb_rts_meta;
+    const meta = upgradeMeta.get(req);
+    upgradeMeta.delete(req);
     if (!meta) {
       try {
         ws.close();
@@ -481,7 +553,7 @@ const registerRtsHandler = (handler) => {
   customHandlers.push(handler);
 };
 const notifyRtsModelChanged = (tenantId, modelName) => {
-  void dispatchSubscriptionsForModel(tenantId, modelName);
+  scheduleDispatchSubscriptionsForModel(tenantId, modelName);
 };
 export {
   initRts as i,