npm - @sylphx/lens-server - Versions diffs - 2.14.1 → 2.14.3 - Mend

@sylphx/lens-server 2.14.1 → 2.14.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/index.d.ts +50 -88
package/dist/index.js +141 -131
package/package.json +2 -2
package/src/handlers/index.ts +2 -0
package/src/handlers/ws-types.ts +27 -0
package/src/handlers/ws.ts +210 -70
package/src/index.ts +2 -0
package/src/server/create.test.ts +0 -201
package/src/server/create.ts +2 -180
package/src/server/types.ts +16 -101
package/src/sse/handler.ts +7 -0

package/src/server/create.ts CHANGED Viewed

@@ -43,19 +43,10 @@ import {
 	valuesEqual,
 } from "@sylphx/lens-core";
 import { createContext, runWithContext } from "../context/index.js";
-import {
-	createPluginManager,
-	type PluginManager,
-	type ReconnectContext,
-	type ReconnectHookResult,
-	type SubscribeContext,
-	type UnsubscribeContext,
-	type UpdateFieldsContext,
-} from "../plugin/types.js";
+import { createPluginManager, type PluginManager } from "../plugin/types.js";
 import { DataLoader } from "./dataloader.js";
 import { applySelection, extractNestedInputs } from "./selection.js";
 import type {
-	ClientSendFn,
 	EntitiesMap,
 	EntitiesMetadata,
 	EntityFieldMetadata,
@@ -272,113 +263,6 @@ class LensServerImpl<
 		return resolverMap.size > 0 ? resolverMap : undefined;
 	}
-	// =========================================================================
-	// Subscription Detection (Deprecated - Use client-side with entities metadata)
-	// =========================================================================
-	/**
-	 * Check if any selected field (recursively) is a subscription.
-	 *
-	 * @deprecated Use client-side subscription detection with `getMetadata().entities` instead.
-	 * The client should use the entities metadata to determine transport routing.
-	 * This method remains for backwards compatibility but will be removed in a future version.
-	 *
-	 * @param entityName - The entity type name
-	 * @param select - Selection object (if undefined, checks ALL fields)
-	 * @param visited - Set of visited entity names (prevents infinite recursion)
-	 * @returns true if any selected field is a subscription
-	 */
-	hasAnySubscription(
-		entityName: string,
-		select?: SelectionObject,
-		visited: Set<string> = new Set(),
-	): boolean {
-		// Prevent infinite recursion on circular references
-		if (visited.has(entityName)) return false;
-		visited.add(entityName);
-		const resolver = this.resolverMap?.get(entityName);
-		if (!resolver) return false;
-		// Determine which fields to check
-		const fieldsToCheck = select ? Object.keys(select) : (resolver.getFieldNames() as string[]);
-		for (const fieldName of fieldsToCheck) {
-			// Skip if field doesn't exist in resolver
-			if (!resolver.hasField(fieldName)) continue;
-			// Check if this field is a subscription
-			if (resolver.isSubscription(fieldName)) {
-				return true;
-			}
-			// Get nested selection for this field
-			const fieldSelect = select?.[fieldName];
-			const nestedSelect =
-				typeof fieldSelect === "object" && fieldSelect !== null && "select" in fieldSelect
-					? (fieldSelect as { select?: SelectionObject }).select
-					: undefined;
-			// For relation fields, recursively check the target entity
-			// We need to determine the target entity from the resolver's field definition
-			// For now, we use the selection to guide us - if there's nested selection,
-			// we try to find a matching entity resolver
-			if (nestedSelect || (typeof fieldSelect === "object" && fieldSelect !== null)) {
-				// Try to find target entity by checking all resolvers
-				// In a real scenario, we'd have field metadata linking to target entity
-				for (const [targetEntityName] of this.resolverMap ?? []) {
-					if (targetEntityName === entityName) continue; // Skip self
-					if (this.hasAnySubscription(targetEntityName, nestedSelect, visited)) {
-						return true;
-					}
-				}
-			}
-		}
-		return false;
-	}
-	/**
-	 * Check if an operation (and its return type's fields) requires streaming transport.
-	 *
-	 * @deprecated Use client-side transport detection with `getMetadata().entities` instead.
-	 * The client should determine transport based on operation type from metadata
-	 * and entity field modes. This method remains for backwards compatibility.
-	 *
-	 * Returns true if:
-	 * 1. Operation resolver is async generator (yields values)
-	 * 2. Operation resolver uses emit pattern
-	 * 3. Any selected field in the return type is a subscription
-	 *
-	 * @param path - Operation path
-	 * @param select - Selection object for return type fields
-	 */
-	requiresStreamingTransport(path: string, select?: SelectionObject): boolean {
-		const def = this.queries[path] ?? this.mutations[path];
-		if (!def) return false;
-		// Check 1: Operation-level subscription (async generator)
-		const resolverFn = def._resolve;
-		if (resolverFn) {
-			const fnName = resolverFn.constructor?.name;
-			if (fnName === "AsyncGeneratorFunction" || fnName === "GeneratorFunction") {
-				return true;
-			}
-		}
-		// Check 2 & 3: Field-level subscriptions
-		// Get the return entity type from operation metadata
-		const returnType = def._output;
-		if (returnType && typeof returnType === "object" && "_name" in returnType) {
-			const entityName = (returnType as { _name: string })._name;
-			if (this.hasAnySubscription(entityName, select)) {
-				return true;
-			}
-		}
-		return false;
-	}
 	// =========================================================================
 	// Core Methods
 	// =========================================================================
@@ -1125,71 +1009,9 @@ class LensServerImpl<
 	}
 	// =========================================================================
-	// Subscription Support (Plugin Passthrough)
+	// Plugin Access
 	// =========================================================================
-	async addClient(clientId: string, send: ClientSendFn): Promise<boolean> {
-		const allowed = await this.pluginManager.runOnConnect({
-			clientId,
-			send: (msg) => send(msg as { type: string; id?: string; data?: unknown }),
-		});
-		return allowed;
-	}
-	removeClient(clientId: string, subscriptionCount: number): void {
-		this.pluginManager.runOnDisconnect({ clientId, subscriptionCount });
-	}
-	async subscribe(ctx: SubscribeContext): Promise<boolean> {
-		return this.pluginManager.runOnSubscribe(ctx);
-	}
-	unsubscribe(ctx: UnsubscribeContext): void {
-		this.pluginManager.runOnUnsubscribe(ctx);
-	}
-	async broadcast(entity: string, entityId: string, data: Record<string, unknown>): Promise<void> {
-		await this.pluginManager.runOnBroadcast({ entity, entityId, data });
-	}
-	async send(
-		clientId: string,
-		subscriptionId: string,
-		entity: string,
-		entityId: string,
-		data: Record<string, unknown>,
-		isInitial: boolean,
-	): Promise<void> {
-		const transformedData = await this.pluginManager.runBeforeSend({
-			clientId,
-			subscriptionId,
-			entity,
-			entityId,
-			data,
-			isInitial,
-			fields: "*",
-		});
-		await this.pluginManager.runAfterSend({
-			clientId,
-			subscriptionId,
-			entity,
-			entityId,
-			data: transformedData,
-			isInitial,
-			fields: "*",
-			timestamp: Date.now(),
-		});
-	}
-	async handleReconnect(ctx: ReconnectContext): Promise<ReconnectHookResult[] | null> {
-		return this.pluginManager.runOnReconnect(ctx);
-	}
-	async updateFields(ctx: UpdateFieldsContext): Promise<void> {
-		await this.pluginManager.runOnUpdateFields(ctx);
-	}
 	getPluginManager(): PluginManager {
 		return this.pluginManager;
 	}

package/src/server/types.ts CHANGED Viewed

@@ -187,21 +187,17 @@ export interface WebSocketLike {
 // =============================================================================
 /**
- * Lens server interface
+ * Lens server interface - Pure Executor
+ *
+ * The server is a pure operation executor. It receives operations and returns results.
+ * Runtime concerns (connections, transport, protocol) are handled by adapters/handlers.
  *
  * Core methods:
  * - getMetadata() - Server metadata for transport handshake
- * - execute() - Execute any operation
- *
- * Subscription support (used by adapters):
- * - addClient() / removeClient() - Client connection management
- * - subscribe() / unsubscribe() - Subscription lifecycle
- * - send() - Send data to client (runs through plugin hooks)
- * - broadcast() - Broadcast to all entity subscribers
- * - handleReconnect() - Handle client reconnection
+ * - execute() - Execute any operation (returns Observable)
  *
- * The server handles all business logic including state management (via plugins).
- * Handlers are pure protocol translators that call these methods.
+ * For handlers that need plugin integration (WS, SSE with state management),
+ * use getPluginManager() to access plugin hooks directly.
  */
 export interface LensServer {
 	/** Get server metadata for transport handshake */
@@ -221,99 +217,18 @@ export interface LensServer {
 	 */
 	execute(op: LensOperation): Observable<LensResult>;
-	// =========================================================================
-	// Subscription Support (Optional - used by WS/SSE handlers)
-	// =========================================================================
-	/**
-	 * Register a client connection.
-	 * Call when a client connects via WebSocket/SSE.
-	 */
-	addClient(clientId: string, send: ClientSendFn): Promise<boolean>;
-	/**
-	 * Remove a client connection.
-	 * Call when a client disconnects.
-	 */
-	removeClient(clientId: string, subscriptionCount: number): void;
-	/**
-	 * Subscribe a client to an entity.
-	 * Runs plugin hooks and sets up state tracking (if clientState is enabled).
-	 */
-	subscribe(ctx: import("../plugin/types.js").SubscribeContext): Promise<boolean>;
-	/**
-	 * Unsubscribe a client from an entity.
-	 * Runs plugin hooks and cleans up state tracking.
-	 */
-	unsubscribe(ctx: import("../plugin/types.js").UnsubscribeContext): void;
 	/**
-	 * Send data to a client for a specific subscription.
-	 * Runs through plugin hooks (beforeSend/afterSend) for optimization.
-	 */
-	send(
-		clientId: string,
-		subscriptionId: string,
-		entity: string,
-		entityId: string,
-		data: Record<string, unknown>,
-		isInitial: boolean,
-	): Promise<void>;
-	/**
-	 * Broadcast data to all subscribers of an entity.
-	 * Runs through plugin hooks for each subscriber.
-	 */
-	broadcast(entity: string, entityId: string, data: Record<string, unknown>): Promise<void>;
-	/**
-	 * Handle a reconnection request from a client.
-	 * Uses plugin hooks (onReconnect) for reconnection logic.
-	 */
-	handleReconnect(
-		ctx: import("../plugin/types.js").ReconnectContext,
-	): Promise<import("../plugin/types.js").ReconnectHookResult[] | null>;
-	/**
-	 * Update subscribed fields for a client's subscription.
-	 * Runs plugin hooks (onUpdateFields) to sync state.
-	 */
-	updateFields(ctx: import("../plugin/types.js").UpdateFieldsContext): Promise<void>;
-	/**
-	 * Get the plugin manager for direct hook access.
-	 */
-	getPluginManager(): PluginManager;
-	// =========================================================================
-	// Subscription Detection (Deprecated - Use client-side with entities metadata)
-	// =========================================================================
-	/**
-	 * Check if any selected field (recursively) is a subscription.
-	 *
-	 * @deprecated Use client-side subscription detection with `getMetadata().entities` instead.
-	 * The client should use the entities metadata to determine transport routing.
+	 * Get the plugin manager for handlers that need plugin integration.
 	 *
-	 * @param entityName - The entity type name
-	 * @param select - Selection object (if undefined, checks ALL fields)
-	 * @returns true if any selected field is a subscription
+	 * Handlers should use this to call plugin hooks directly:
+	 * - pluginManager.runOnConnect() - When client connects
+	 * - pluginManager.runOnDisconnect() - When client disconnects
+	 * - pluginManager.runOnSubscribe() - When client subscribes
+	 * - pluginManager.runOnUnsubscribe() - When client unsubscribes
+	 * - pluginManager.runOnReconnect() - For reconnection handling
+	 * - etc.
 	 */
-	hasAnySubscription(entityName: string, select?: SelectionObject): boolean;
-	/**
-	 * Check if an operation requires streaming transport.
-	 *
-	 * @deprecated Use client-side transport detection with `getMetadata().entities` instead.
-	 * The client should determine transport based on operation type from metadata
-	 * and entity field modes.
-	 *
-	 * @param path - Operation path
-	 * @param select - Selection object for return type fields
-	 */
-	requiresStreamingTransport(path: string, select?: SelectionObject): boolean;
+	getPluginManager(): PluginManager;
 }
 // =============================================================================

package/src/sse/handler.ts CHANGED Viewed

@@ -158,11 +158,18 @@ export class SSEHandler {
 	/**
 	 * Send a named event to a specific client.
+	 * Event names are validated to prevent header injection attacks.
 	 */
 	sendEvent(clientId: string, event: string, data: unknown): boolean {
 		const client = this.clients.get(clientId);
 		if (!client) return false;
+		// Validate event name to prevent SSE header injection
+		// Event names must not contain newlines, carriage returns, or colons
+		if (/[\r\n:]/.test(event)) {
+			return false;
+		}
 		try {
 			const message = `event: ${event}\ndata: ${JSON.stringify(data)}\n\n`;
 			client.controller.enqueue(client.encoder.encode(message));