@rvoh/psychic 2.3.8 → 3.0.0-alpha.1

package/dist/cjs/src/openapi-renderer/helpers/{dreamAttributeOpenapiShape.js → dreamColumnOpenapiShape.js}

@@ -1,7 +1,13 @@
 import { SerializingPlainPropertyWithoutOpenapiShape } from '../../error/openapi/SerializingPlainPropertyWithoutOpenapiShape.js';
+import UnrecognizedDbTypeFoundWhileComputingOpenapiAttribute from '../../error/openapi/UnrecognizedDbTypeFoundWhileComputingOpenapiAttribute.js';
 import OpenapiSegmentExpander from '../body-segment.js';
 import openapiShorthandToOpenapi from './openapiShorthandToOpenapi.js';
-export function dreamColumnOpenapiShape(dreamClass, column, openapi = undefined, { suppressResponseEnums = false, allowGenericJson = false, } = {}) {
+export function dreamColumnOpenapiShape(
+// this is the global name of the serializer or controller calling down
+// to get this information. If an unrecognized db type is provided, the
+// source will be rendered in the exception that is returned, enabling
+// the dev to identify the source of the issue and fix it
+source, dreamClass, column, openapi = undefined, { suppressResponseEnums = false, allowGenericJson = false, } = {}) {
     if (dreamClass.isVirtualColumn(column)) {
         // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-explicit-any
         const openapiObject = openapiShorthandToOpenapi((openapi ?? {}));
@@ -46,7 +52,7 @@ export function dreamColumnOpenapiShape(dreamClass, column, openapi = undefined,
     }
     // eslint-disable-next-line @typescript-eslint/no-unsafe-argument, @typescript-eslint/no-explicit-any
     const openapiObject = openapiShorthandToOpenapi((openapi ?? {}));
-    const singleType = singularAttributeOpenapiShape(dreamColumnInfo, suppressResponseEnums, openapiObject);
+    const singleType = singularAttributeOpenapiShape(source, column, dreamColumnInfo, suppressResponseEnums, openapiObject);
     if (dreamColumnInfo.isArray) {
         return {
             type: dreamColumnInfo.allowNull ? ['array', 'null'] : 'array',
@@ -71,7 +77,12 @@ export function dreamColumnOpenapiShape(dreamClass, column, openapi = undefined,
 function baseDbType(dreamColumnInfo) {
     return dreamColumnInfo.dbType.replace('[]', '');
 }
-function singularAttributeOpenapiShape(dreamColumnInfo, suppressResponseEnums, openapiSchema) {
+function singularAttributeOpenapiShape(
+// this is the global name of the serializer or controller calling down
+// to get this information. If an unrecognized db type is provided, the
+// source will be rendered in the exception that is returned, enabling
+// the dev to identify the source of the issue and fix it
+source, column, dreamColumnInfo, suppressResponseEnums, openapiSchema) {
     if (dreamColumnInfo.enumValues) {
         const enumOverrides = openapiSchema.enum || dreamColumnInfo.enumValues;
         if (suppressResponseEnums) {
@@ -102,6 +113,10 @@ function singularAttributeOpenapiShape(dreamColumnInfo, suppressResponseEnums, o
         case 'money':
         case 'path':
         case 'text':
+        case 'time':
+        case 'time without time zone':
+        case 'timetz':
+        case 'time with time zone':
         case 'uuid':
         case 'varbit':
         case 'varchar':
@@ -121,8 +136,6 @@ function singularAttributeOpenapiShape(dreamColumnInfo, suppressResponseEnums, o
         case 'real':
             return { type: 'number' };
         case 'datetime':
-        case 'time':
-        case 'time with time zone':
         case 'timestamp':
         case 'timestamp with time zone':
         case 'timestamp without time zone':
@@ -133,7 +146,7 @@ function singularAttributeOpenapiShape(dreamColumnInfo, suppressResponseEnums, o
         case 'jsonb':
             return { type: 'object' };
         default:
-            throw new Error(`Unrecognized dbType used in serializer OpenAPI type declaration: ${dreamColumnInfo.dbType}`);
+            throw new UnrecognizedDbTypeFoundWhileComputingOpenapiAttribute(source, column, dreamColumnInfo.dbType);
     }
 }
 export class UseCustomOpenapiForJson extends Error {

package/dist/cjs/src/openapi-renderer/helpers/stringify-cache.js

@@ -0,0 +1,55 @@
+/**
+ * @internal
+ *
+ * Cache for compiled fast-json-stringify functions.
+ * Eliminates redundant schema compilation on every request by storing
+ * stringify functions keyed by controller, action, openapiName, and status code.
+ */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+const _stringifyCache = {};
+/**
+ * @internal
+ *
+ * Retrieves a cached stringify function if it exists.
+ *
+ * @param cacheKey - The cache key identifying the stringify function
+ * @returns The cached stringify function, or undefined if not found
+ */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export function getCachedStringify(cacheKey) {
+    return _stringifyCache[cacheKey];
+}
+/**
+ * @internal
+ *
+ * Stores a compiled stringify function in the cache.
+ *
+ * @param cacheKey - The cache key identifying the stringify function
+ * @param stringifyFn - The compiled fast-json-stringify function to cache
+ */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+export function cacheStringify(cacheKey, stringifyFn) {
+    _stringifyCache[cacheKey] = stringifyFn;
+}
+/**
+ * @internal
+ *
+ * Clears a specific stringify function from the cache.
+ * Used in test environments to ensure test isolation.
+ *
+ * @param cacheKey - The cache key identifying the stringify function to clear
+ */
+export function _testOnlyClearStringify(cacheKey) {
+    delete _stringifyCache[cacheKey];
+}
+/**
+ * @internal
+ *
+ * Clears all stringify functions from the cache.
+ * Used in test environments to ensure test isolation.
+ */
+export function _testOnlyClearStringifyCache() {
+    Object.keys(_stringifyCache).forEach(key => {
+        delete _stringifyCache[key];
+    });
+}

package/dist/cjs/src/openapi-renderer/helpers/validator-cache.js

@@ -0,0 +1,52 @@
+/**
+ * @internal
+ *
+ * Cache for compiled AJV validator functions.
+ * Eliminates redundant schema compilation on every request by storing
+ * validators keyed by controller, action, openapiName, and validation target.
+ */
+const _validatorCache = {};
+/**
+ * @internal
+ *
+ * Retrieves a cached validator function if it exists.
+ *
+ * @param cacheKey - The cache key identifying the validator
+ * @returns The cached validator function, or undefined if not found
+ */
+export function getCachedValidator(cacheKey) {
+    return _validatorCache[cacheKey];
+}
+/**
+ * @internal
+ *
+ * Stores a compiled validator function in the cache.
+ *
+ * @param cacheKey - The cache key identifying the validator
+ * @param validator - The compiled AJV validator function to cache
+ */
+export function cacheValidator(cacheKey, validator) {
+    _validatorCache[cacheKey] = validator;
+}
+/**
+ * @internal
+ *
+ * Clears a specific validator from the cache.
+ * Used in test environments to ensure test isolation.
+ *
+ * @param cacheKey - The cache key identifying the validator to clear
+ */
+export function _testOnlyClearValidator(cacheKey) {
+    delete _validatorCache[cacheKey];
+}
+/**
+ * @internal
+ *
+ * Clears all validators from the cache.
+ * Used in test environments to ensure test isolation.
+ */
+export function _testOnlyClearValidatorCache() {
+    Object.keys(_validatorCache).forEach(key => {
+        delete _validatorCache[key];
+    });
+}

package/dist/cjs/src/psychic-app/helpers/import/importControllers.js

@@ -32,7 +32,7 @@ importCb) {
              * at decoration time such that the class of a property being decorated is only avilable during instance instantiation. In order
              * to only apply static values once, on boot, `globallyInitializingDecorators` is set to true on Dream, and all Dream models are instantiated.
              */
-            new controllerClass({}, {}, { action: 'a' });
+            new controllerClass({}, { action: 'a' });
         }
     }
     PsychicController['globallyInitializingDecorators'] = false;

package/dist/cjs/src/psychic-app/index.js

@@ -250,7 +250,7 @@ Try setting it to something valid, like:
     get httpServerOptions() {
         return this._httpServerOptions;
     }
-    _corsOptions = {};
+    _corsOptions;
     get corsOptions() {
         return this._corsOptions;
     }
@@ -274,10 +274,6 @@ Try setting it to something valid, like:
     get saltRounds() {
         return this._saltRounds;
     }
-    _sanitizeResponseJson = false;
-    get sanitizeResponseJson() {
-        return this._sanitizeResponseJson;
-    }
     _packageManager;
     get packageManager() {
         return this._packageManager;
@@ -427,7 +423,7 @@ Try setting it to something valid, like:
             const eventType = pathOrOnOrHandler;
             const handler = maybeHandler;
             const wrappedHandler = (server) => {
-                server.expressApp.use(handler);
+                server.koaApp.use(handler);
             };
             switch (eventType) {
                 case 'before-middleware':
@@ -446,7 +442,7 @@ Try setting it to something valid, like:
         }
         else {
             const wrappedHandler = (server) => {
-                server.expressApp.use(pathOrOnOrHandler);
+                server.koaApp.use(pathOrOnOrHandler);
             };
             this.on('server:init:after-middleware', wrappedHandler);
         }
@@ -541,9 +537,6 @@ Try setting it to something valid, like:
             case 'saltRounds':
                 this._saltRounds = value;
                 break;
-            case 'sanitizeResponseJson':
-                this._sanitizeResponseJson = value;
-                break;
             case 'openapi':
                 this._openapi = {
                     ...this.openapi,

package/dist/cjs/src/router/index.js

@@ -1,12 +1,12 @@
 import { DataIncompatibleWithDatabaseField, RecordNotFound, ValidationError } from '@rvoh/dream/errors';
 import { camelize } from '@rvoh/dream/utils';
-import { Router } from 'express';
+import KoaRouter from '@koa/router';
 import util, { debuglog } from 'node:util';
 import pluralize from 'pluralize-esm';
 import ParamValidationError from '../error/controller/ParamValidationError.js';
 import ParamValidationErrors from '../error/controller/ParamValidationErrors.js';
 import OpenapiRequestValidationFailure from '../error/openapi/OpenapiRequestValidationFailure.js';
-import CannotCommitRoutesWithoutExpressApp from '../error/router/cannot-commit-routes-without-express-app.js';
+import CannotCommitRoutesWithoutKoaApp from '../error/router/cannot-commit-routes-without-koa-app.js';
 import EnvInternal from '../helpers/EnvInternal.js';
 import errorIsRescuableHttpError from '../helpers/error/errorIsRescuableHttpError.js';
 import PsychicApp from '../psychic-app/index.js';
@@ -31,19 +31,25 @@ export default class PsychicRouter {
     commit() {
         const app = this.app;
         if (!app)
-            throw new CannotCommitRoutesWithoutExpressApp();
+            throw new CannotCommitRoutesWithoutKoaApp();
+        const router = new KoaRouter();
         this.routes.forEach(route => {
             if (route.middleware) {
                 const routeConf = route;
-                app[routeConf.httpMethod](routePath(routeConf.path), ...(Array.isArray(routeConf.middleware) ? routeConf.middleware : [routeConf.middleware]));
+                const middlewares = Array.isArray(routeConf.middleware)
+                    ? routeConf.middleware
+                    : [routeConf.middleware];
+                router[routeConf.httpMethod](routePath(routeConf.path), ...middlewares);
             }
             else {
                 const routeConf = route;
-                app[routeConf.httpMethod](routePath(routeConf.path), (req, res) => {
-                    this.handle(routeConf.controller, routeConf.action, { req, res }).catch(() => { });
+                router[routeConf.httpMethod](routePath(routeConf.path), async (ctx) => {
+                    await this.handle(routeConf.controller, routeConf.action, { ctx });
                 });
             }
         });
+        app.use(router.routes());
+        app.use(router.allowedMethods());
     }
     get(path, controller, action) {
         this.crud('get', path, controller, action);
@@ -72,7 +78,7 @@ export default class PsychicRouter {
         this.checkPathForInvalidChars(path);
         const isMiddleware = (typeof controllerOrMiddleware === 'function' || Array.isArray(controllerOrMiddleware)) &&
             !controllerOrMiddleware?.isPsychicController;
-        // devs can provide custom express middleware which bypasses
+        // devs can provide custom Koa middleware which bypasses
         // the normal Controller#action paradigm.
         if (isMiddleware) {
             this.routeManager.addMiddleware({
@@ -98,7 +104,7 @@ export default class PsychicRouter {
         if (path.includes('{'))
             throw new Error(`
 The provided route "${path}" contains characters that are not supported.
-If you are trying to write a uri param, you will need to use expressjs
+If you are trying to write a uri param, you will need to use the
 param syntax, which is a prefixing colon, rather than using brackets
 to surround the param.
 
@@ -236,10 +242,10 @@ suggested fix:  "${convertRouteParams(path)}"
      * By default, do not provide an attacker with any visibility into which layer
      * of the application rejected their request.
      */
-    async handle(controller, action, { req, res, }) {
-        const controllerInstance = this._initializeController(controller, req, res, action);
+    async handle(controller, action, { ctx, }) {
+        const controllerInstance = this._initializeController(controller, ctx, action);
         if (typeof controllerInstance[action] !== 'function') {
-            controllerInstance['expressSendStatus'](404);
+            controllerInstance['koaSendStatus'](404);
             return;
         }
         try {
@@ -250,20 +256,20 @@ suggested fix:  "${convertRouteParams(path)}"
             if (errorIsRescuableHttpError(err)) {
                 const httpErr = err;
                 if (httpErr.data) {
-                    controllerInstance['expressSendJson'](httpErr.data, httpErr.status);
+                    controllerInstance['koaSendJson'](httpErr.data, httpErr.status);
                 }
                 else {
-                    controllerInstance['expressSendStatus'](httpErr.status);
+                    controllerInstance['koaSendStatus'](httpErr.status);
                 }
             }
             else if (err instanceof RecordNotFound) {
-                controllerInstance['expressSendStatus'](404);
+                controllerInstance['koaSendStatus'](404);
             }
             else if (err instanceof DataIncompatibleWithDatabaseField) {
                 /**
                  * See comment at top of this method for philosophy of 400
                  */
-                controllerInstance['expressSendStatus'](400);
+                controllerInstance['koaSendStatus'](400);
             }
             else if (err instanceof ValidationError) {
                 if (this.validationErrorLoggingEnabled) {
@@ -275,7 +281,7 @@ suggested fix:  "${convertRouteParams(path)}"
                 /**
                  * See comment at top of this method for philosophy of 400
                  */
-                controllerInstance['expressSendStatus'](400);
+                controllerInstance['koaSendStatus'](400);
             }
             else if (err instanceof OpenapiRequestValidationFailure) {
                 if (this.validationErrorLoggingEnabled) {
@@ -288,7 +294,7 @@ suggested fix:  "${convertRouteParams(path)}"
                 /**
                  * See comment at top of this method for philosophy of 400
                  */
-                controllerInstance['expressSendStatus'](400);
+                controllerInstance['koaSendStatus'](400);
             }
             else if (err instanceof ParamValidationError) {
                 if (this.validationErrorLoggingEnabled) {
@@ -302,7 +308,7 @@ suggested fix:  "${convertRouteParams(path)}"
                 /**
                  * See comment at top of this method for philosophy of 400
                  */
-                controllerInstance['expressSendStatus'](400);
+                controllerInstance['koaSendStatus'](400);
             }
             else if (err instanceof ParamValidationErrors) {
                 if (this.validationErrorLoggingEnabled) {
@@ -314,14 +320,14 @@ suggested fix:  "${convertRouteParams(path)}"
                 /**
                  * See comment at top of this method for philosophy of 400
                  */
-                controllerInstance['expressSendStatus'](400);
+                controllerInstance['koaSendStatus'](400);
             }
             else {
                 PsychicApp.logWithLevel('error', util.inspect(err, { depth: ERROR_LOGGING_DEPTH }));
                 if (PsychicApp.getOrFail().specialHooks.serverError.length) {
                     try {
                         for (const hook of PsychicApp.getOrFail().specialHooks.serverError) {
-                            await hook(err, req, res);
+                            await hook(err, ctx);
                         }
                     }
                     catch (error) {
@@ -348,17 +354,17 @@ suggested fix:  "${convertRouteParams(path)}"
             }
         }
     }
-    _initializeController(ControllerClass, req, res, action) {
-        return new ControllerClass(req, res, {
+    _initializeController(ControllerClass, ctx, action) {
+        return new ControllerClass(ctx, {
             action,
         });
     }
 }
 export class PsychicNestedRouter extends PsychicRouter {
     router;
-    constructor(expressApp, routeManager, { namespaces = [], } = {}) {
-        super(expressApp);
-        this.router = Router();
+    constructor(koaApp, routeManager, { namespaces = [], } = {}) {
+        super(koaApp);
+        this.router = new KoaRouter();
         this.currentNamespaces = namespaces;
         this.routeManager = routeManager;
     }

package/dist/cjs/src/server/helpers/startPsychicServer.js

@@ -17,6 +17,7 @@ export default async function startPsychicServer({ app, port, sslCredentials, })
 }
 export function createPsychicHttpInstance(app, sslCredentials) {
     const psychicApp = PsychicApp.getOrFail();
+    const callback = app.callback();
     if (sslCredentials?.key && sslCredentials?.cert) {
         return https.createServer({
             key: fs.readFileSync(sslCredentials.key),
@@ -24,10 +25,13 @@ export function createPsychicHttpInstance(app, sslCredentials) {
             ca: sslCredentials.ca?.map(filePath => fs.readFileSync(filePath)),
             rejectUnauthorized: sslCredentials?.rejectUnauthorized,
             ...psychicApp.httpServerOptions,
-        }, app);
+        }, 
+        // eslint-disable-next-line @typescript-eslint/no-misused-promises
+        callback);
     }
     else {
-        return http.createServer(psychicApp.httpServerOptions, app);
+        // eslint-disable-next-line @typescript-eslint/no-misused-promises
+        return http.createServer(psychicApp.httpServerOptions, callback);
     }
 }
 function welcomeMessage({ port }) {

package/dist/cjs/src/server/index.js

@@ -1,7 +1,9 @@
 import { closeAllDbConnections } from '@rvoh/dream/db';
-import * as cookieParser from 'cookie-parser';
-import * as cors from 'cors';
-import * as express from 'express';
+import cors from '@koa/cors';
+import Koa from 'koa';
+import koaBodyparser from 'koa-bodyparser';
+import conditional from 'koa-conditional-get';
+import etag from 'koa-etag';
 import logIfDevelopment from '../controller/helpers/logIfDevelopment.js';
 import EnvInternal from '../helpers/EnvInternal.js';
 import PsychicApp from '../psychic-app/index.js';
@@ -15,14 +17,14 @@ export default class PsychicServer {
     static createPsychicHttpInstance(app, sslCredentials) {
         return createPsychicHttpInstance(app, sslCredentials);
     }
-    expressApp;
+    koaApp;
     httpServer;
     booted = false;
     constructor() {
         this.buildApp();
     }
     async routes() {
-        const r = new PsychicRouter(this.expressApp);
+        const r = new PsychicRouter(this.koaApp);
         await PsychicApp.getOrFail().routesCb(r);
         return r.routes;
     }
@@ -31,16 +33,19 @@ export default class PsychicServer {
             return;
         const psychicApp = PsychicApp.getOrFail();
         this.setSecureDefaultHeaders();
-        this.expressApp.use((_, res, next) => {
+        this.koaApp.use(async (ctx, next) => {
             Object.keys(psychicApp.defaultResponseHeaders).forEach(key => {
-                res.setHeader(key, psychicApp.defaultResponseHeaders[key]);
+                ctx.set(key, psychicApp.defaultResponseHeaders[key]);
             });
-            next();
+            await next();
         });
         for (const serverInitBeforeMiddlewareHook of PsychicApp.getOrFail().specialHooks
             .serverInitBeforeMiddleware) {
             await serverInitBeforeMiddlewareHook(this);
         }
+        // ETag support (Express has this built-in, Koa needs middleware)
+        this.koaApp.use(conditional());
+        this.koaApp.use(etag());
         this.initializeCors();
         this.initializeJSON();
         try {
@@ -69,29 +74,23 @@ export default class PsychicServer {
     applyNotFoundMiddleware() {
         if (!EnvInternal.isDevelopment)
             return;
-        this.expressApp.use((req, res, next) => {
-            // express by default will set the 200 status code. If a user explicitly
-            // provides anything other than 200, we should assume that a prior middleware
-            // would have have sent headers, which would prevent any of this from happening.
-            // this means that if we are here, we should not be sending a 200. Future middleware
-            // by express will automatically pick this up and turn it into a 404, so we are
-            // going to automatically set the status to 404 now, so that our logger can
-            // pick up the correct status code.
-            if (res.statusCode === 200)
-                res.status(404);
-            logIfDevelopment({ req, res, startTime: Date.now(), fallbackStatusCode: 404 });
-            // call next to let express handle sending the 404
-            next();
+        this.koaApp.use(async (ctx, next) => {
+            await next();
+            // Koa defaults to 404 for unmatched routes. If nothing set the body,
+            // log the 404 in development.
+            if (ctx.status === 404 && !ctx.body) {
+                logIfDevelopment({ ctx, startTime: Date.now(), fallbackStatusCode: 404 });
+            }
         });
     }
     setSecureDefaultHeaders() {
-        this.expressApp.disable('x-powered-by');
-        this.expressApp.use((_, res, next) => {
-            res.setHeader('X-Content-Type-Options', 'nosniff');
+        // Koa doesn't send x-powered-by by default, no need to disable it.
+        this.koaApp.use(async (ctx, next) => {
+            ctx.set('X-Content-Type-Options', 'nosniff');
             if (EnvInternal.isProduction) {
-                res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
+                ctx.set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
             }
-            next();
+            await next();
         });
     }
     // TODO: use config helper for fetching default port
@@ -104,7 +103,7 @@ export default class PsychicServer {
         }
         else {
             const httpServer = await startPsychicServer({
-                app: this.expressApp,
+                app: this.koaApp,
                 port: port || psychicApp.port,
                 sslCredentials: PsychicApp.getOrFail().sslCredentials,
             });
@@ -146,26 +145,24 @@ export default class PsychicServer {
         await this.boot();
         let server;
         await new Promise(accept => {
-            server = this.expressApp.listen(port, () => accept({}));
+            server = this.koaApp.listen(port, () => accept({}));
         });
         await block();
         server.close();
         return true;
     }
     buildApp() {
-        this.expressApp = express.default();
-        this.expressApp.use(cookieParser.default());
+        this.koaApp = new Koa();
     }
     initializeCors() {
-        this.expressApp.use(
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        cors.default(PsychicApp.getOrFail().corsOptions));
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-argument
+        this.koaApp.use(cors(PsychicApp.getOrFail().corsOptions));
     }
     initializeJSON() {
-        this.expressApp.use(express.json(PsychicApp.getOrFail().jsonOptions));
+        this.koaApp.use(koaBodyparser(PsychicApp.getOrFail().jsonOptions));
     }
     async buildRoutes() {
-        const r = new PsychicRouter(this.expressApp);
+        const r = new PsychicRouter(this.koaApp);
         await PsychicApp.getOrFail().routesCb(r);
         r.commit();
     }