@taujs/server 0.3.3 → 0.3.5

package/dist/{SSRServer-C9yjcgke.d.ts → SSRServer-DPZped7n.d.ts}

@@ -1,5 +1,5 @@
 import { ServerResponse } from 'node:http';
-import { FastifyRequest, FastifyReply, HookHandlerDoneFunction, FastifyPluginAsync, FastifyInstance } from 'fastify';
+import { FastifyRequest, FastifyReply, HookHandlerDoneFunction, FastifyPluginAsync, FastifyPluginCallback } from 'fastify';
 import { PluginOption } from 'vite';
 
 type CSPDirectives = Record<string, string[]>;
@@ -69,7 +69,10 @@ type SSRServerOptions = {
             generateCSP?: (directives: CSPDirectives, nonce: string) => string;
         };
     };
-    registerStaticAssets?: false | ((app: FastifyInstance) => Promise<void> | void);
+    registerStaticAssets?: false | {
+        plugin: FastifyPluginCallback<any> | FastifyPluginAsync<any>;
+        options?: Record<string, unknown>;
+    };
     isDebug?: boolean;
 };
 type ServiceMethod = (params: Record<string, unknown>) => Promise<Record<string, unknown>>;
@@ -103,6 +106,7 @@ type RenderModule = {
     renderSSR: RenderSSR;
     renderStream: RenderStream;
 };
+type GenericPlugin = FastifyPluginCallback<Record<string, unknown>> | FastifyPluginAsync<Record<string, unknown>>;
 type BaseMiddleware = {
     auth?: {
         required: boolean;
@@ -146,4 +150,4 @@ interface InitialRouteParams extends Record<string, unknown> {
 type RouteParams = InitialRouteParams & Record<string, unknown>;
 type RoutePathsAndAttributes<Params = {}> = Omit<Route<Params>, 'element'>;
 
-export { type BaseMiddleware as B, type Config as C, type DataResult as D, type InitialRouteParams as I, type ManifestEntry as M, type NamedService as N, type ProcessedConfig as P, type Route as R, SSRServer as S, TEMPLATE as T, type RouteParams as a, type RouteAttributes as b, createMaps as c, type SSRServerOptions as d, type ServiceMethod as e, type ServiceRegistry as f, type RenderCallbacks as g, type SSRManifest as h, type Manifest as i, type RenderSSR as j, type RenderStream as k, type RenderModule as l, type ServiceCall as m, type DataHandler as n, type RoutePathsAndAttributes as o, processConfigs as p, type CSPDirectives as q, type CSPOptions as r, defaultGenerateCSP as s, generateNonce as t, createCSPHook as u, getRequestNonce as v, applyCSP as w };
+export { type BaseMiddleware as B, type Config as C, type DataResult as D, type GenericPlugin as G, type InitialRouteParams as I, type ManifestEntry as M, type NamedService as N, type ProcessedConfig as P, type Route as R, SSRServer as S, TEMPLATE as T, type RouteParams as a, type RouteAttributes as b, createMaps as c, type SSRServerOptions as d, type ServiceMethod as e, type ServiceRegistry as f, type RenderCallbacks as g, type SSRManifest as h, type Manifest as i, type RenderSSR as j, type RenderStream as k, type RenderModule as l, type ServiceCall as m, type DataHandler as n, type RoutePathsAndAttributes as o, processConfigs as p, type CSPDirectives as q, type CSPOptions as r, defaultGenerateCSP as s, generateNonce as t, createCSPHook as u, getRequestNonce as v, applyCSP as w };

package/dist/build.d.ts

@@ -1,6 +1,6 @@
 import { AppConfig } from './config.js';
 import 'vite';
-import './SSRServer-C9yjcgke.js';
+import './SSRServer-DPZped7n.js';
 import 'node:http';
 import 'fastify';
 

package/dist/build.js

@@ -267,64 +267,6 @@ function createAuthHook(routes, isDebug) {
 
 // src/security/csp.ts
 import crypto from "crypto";
-var defaultGenerateCSP = (directives, nonce) => {
-  const merged = { ...directives };
-  merged["script-src"] = merged["script-src"] || ["'self'"];
-  if (!merged["script-src"].some((v) => v.startsWith("'nonce-"))) merged["script-src"].push(`'nonce-${nonce}'`);
-  if (process.env.NODE_ENV !== "production") {
-    const connect = merged["connect-src"] || ["'self'"];
-    if (!connect.includes("ws:")) connect.push("ws:");
-    if (!connect.includes("http:")) connect.push("http:");
-    merged["connect-src"] = connect;
-    const style = merged["style-src"] || ["'self'"];
-    if (!style.includes("'unsafe-inline'")) style.push("'unsafe-inline'");
-    merged["style-src"] = style;
-  }
-  return Object.entries(merged).map(([key, values]) => `${key} ${values.join(" ")}`).join("; ");
-};
-var generateNonce = () => crypto.randomBytes(16).toString("base64");
-var createCSPHook = (options = {}) => (req, reply, done) => {
-  const nonce = generateNonce();
-  const directives = options.directives ?? DEV_CSP_DIRECTIVES;
-  const generate = options.generateCSP ?? defaultGenerateCSP;
-  const cspHeader = generate(directives, nonce);
-  reply.header("Content-Security-Policy", cspHeader);
-  if (typeof options.exposeNonce === "function") {
-    options.exposeNonce(req, nonce);
-  } else {
-    req.nonce = nonce;
-  }
-  done();
-};
-var applyCSP = (security, reply) => {
-  const nonce = generateNonce();
-  const directives = security?.csp?.directives ?? DEV_CSP_DIRECTIVES;
-  const generate = security?.csp?.generateCSP ?? defaultGenerateCSP;
-  const header = generate(directives, nonce);
-  reply.header("Content-Security-Policy", header);
-  reply.request.nonce = nonce;
-  return nonce;
-};
-
-// src/security/verifyMiddleware.ts
-var isAuthRequired = (r) => r.attr?.middleware?.auth?.required === true;
-var hasAuthenticate = (app) => typeof app.authenticate === "function";
-var verifyContracts = (app, routes, contracts, isDebug) => {
-  const logger = createLogger(Boolean(isDebug));
-  for (const contract of contracts) {
-    const isUsed = routes.some(contract.required);
-    if (!isUsed) {
-      debugLog(logger, `Middleware "${contract.key}" not used in any routes`);
-      continue;
-    }
-    if (!contract.verify(app)) {
-      const error = new Error(`[\u03C4js] ${contract.errorMessage}`);
-      logger.error(error.message);
-      throw error;
-    }
-    debugLog(logger, `Middleware "${contract.key}" verified \u2713`);
-  }
-};
 
 // src/utils/Utils.ts
 import { dirname, join } from "path";
@@ -412,19 +354,17 @@ var isServiceDescriptor = (obj) => {
   return typeof maybe.serviceName === "string" && typeof maybe.serviceMethod === "string";
 };
 var fetchInitialData = async (attr, params, serviceRegistry, ctx = { headers: {} }, callServiceMethodImpl = callServiceMethod) => {
-  if (!attr?.data || typeof attr.data !== "function") return {};
-  const result = await attr.data(params, ctx);
-  if (isServiceDescriptor(result)) {
-    const { serviceName, serviceMethod, args } = result;
-    if (serviceRegistry[serviceName]?.[serviceMethod]) {
-      return await callServiceMethodImpl(serviceRegistry, serviceName, serviceMethod, args ?? {});
+  const dataHandler = attr?.data;
+  if (!dataHandler || typeof dataHandler !== "function") return Promise.resolve({});
+  return dataHandler(params, ctx).then(async (result) => {
+    if (isServiceDescriptor(result)) {
+      const { serviceName, serviceMethod, args } = result;
+      if (serviceRegistry[serviceName]?.[serviceMethod]) return callServiceMethodImpl(serviceRegistry, serviceName, serviceMethod, args ?? {});
+      throw new Error(`Invalid service: serviceName=${String(serviceName)}, method=${String(serviceMethod)}`);
     }
-    throw new Error(`Invalid service: serviceName=${String(serviceName)}, method=${String(serviceMethod)}`);
-  }
-  if (typeof result === "object" && result !== null) {
-    return result;
-  }
-  throw new Error("Invalid result from attr.data");
+    if (typeof result === "object" && result !== null) return result;
+    throw new Error("Invalid result from attr.data");
+  });
 };
 var matchRoute = (url, renderRoutes) => {
   for (const route of renderRoutes) {
@@ -464,6 +404,66 @@ var ensureNonNull = (value, errorMessage) => {
   return value;
 };
 
+// src/security/csp.ts
+var defaultGenerateCSP = (directives, nonce) => {
+  const merged = { ...directives };
+  merged["script-src"] = merged["script-src"] || ["'self'"];
+  if (!merged["script-src"].some((v) => v.startsWith("'nonce-"))) merged["script-src"].push(`'nonce-${nonce}'`);
+  if (isDevelopment) {
+    const connect = merged["connect-src"] || ["'self'"];
+    if (!connect.includes("ws:")) connect.push("ws:");
+    if (!connect.includes("http:")) connect.push("http:");
+    merged["connect-src"] = connect;
+    const style = merged["style-src"] || ["'self'"];
+    if (!style.includes("'unsafe-inline'")) style.push("'unsafe-inline'");
+    merged["style-src"] = style;
+  }
+  return Object.entries(merged).map(([key, values]) => `${key} ${values.join(" ")}`).join("; ");
+};
+var generateNonce = () => crypto.randomBytes(16).toString("base64");
+var createCSPHook = (options = {}) => (req, reply, done) => {
+  const nonce = generateNonce();
+  const directives = options.directives ?? DEV_CSP_DIRECTIVES;
+  const generate = options.generateCSP ?? defaultGenerateCSP;
+  const cspHeader = generate(directives, nonce);
+  reply.header("Content-Security-Policy", cspHeader);
+  if (typeof options.exposeNonce === "function") {
+    options.exposeNonce(req, nonce);
+  } else {
+    req.nonce = nonce;
+  }
+  done();
+};
+var applyCSP = (security, reply) => {
+  const nonce = generateNonce();
+  const directives = security?.csp?.directives ?? DEV_CSP_DIRECTIVES;
+  const generate = security?.csp?.generateCSP ?? defaultGenerateCSP;
+  const header = generate(directives, nonce);
+  reply.header("Content-Security-Policy", header);
+  reply.request.nonce = nonce;
+  return nonce;
+};
+
+// src/security/verifyMiddleware.ts
+var isAuthRequired = (r) => r.attr?.middleware?.auth?.required === true;
+var hasAuthenticate = (app) => typeof app.authenticate === "function";
+var verifyContracts = (app, routes, contracts, isDebug) => {
+  const logger = createLogger(Boolean(isDebug));
+  for (const contract of contracts) {
+    const isUsed = routes.some(contract.required);
+    if (!isUsed) {
+      debugLog(logger, `Middleware "${contract.key}" not used in any routes`);
+      continue;
+    }
+    if (!contract.verify(app)) {
+      const error = new Error(`[\u03C4js] ${contract.errorMessage}`);
+      logger.error(error.message);
+      throw error;
+    }
+    debugLog(logger, `Middleware "${contract.key}" verified \u2713`);
+  }
+};
+
 // src/SSRServer.ts
 var createMaps = () => {
   return {
@@ -538,24 +538,15 @@ var SSRServer = (0, import_fastify_plugin.default)(
       ],
       opts.isDebug
     );
-    if (opts.registerStaticAssets !== false) {
-      if (typeof opts.registerStaticAssets === "function") {
-        await opts.registerStaticAssets(app);
-      } else {
-        try {
-          const fastifyStatic = await import("@fastify/static");
-          await app.register(fastifyStatic.default, {
-            index: false,
-            prefix: "/",
-            root: baseClientRoot,
-            wildcard: false
-          });
-        } catch (err) {
-          throw new Error(
-            "Static asset handling requires @fastify/static to be installed. Either install it or provide your own static asset handler using `registerStaticAssets`."
-          );
-        }
-      }
+    if (opts.registerStaticAssets && typeof opts.registerStaticAssets === "object") {
+      const { plugin, options } = opts.registerStaticAssets;
+      await app.register(plugin, {
+        root: baseClientRoot,
+        prefix: "/",
+        index: false,
+        wildcard: false,
+        ...options ?? {}
+      });
     }
     app.addHook(
       "onRequest",

package/dist/config.d.ts

@@ -1,5 +1,5 @@
 import { PluginOption } from 'vite';
-import { R as Route, a as RouteParams, b as RouteAttributes } from './SSRServer-C9yjcgke.js';
+import { R as Route, a as RouteParams, b as RouteAttributes } from './SSRServer-DPZped7n.js';
 import 'node:http';
 import 'fastify';
 

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 import { FastifyReply } from 'fastify';
-export { B as BaseMiddleware, C as Config, n as DataHandler, D as DataResult, I as InitialRouteParams, i as Manifest, M as ManifestEntry, N as NamedService, P as ProcessedConfig, g as RenderCallbacks, l as RenderModule, j as RenderSSR, k as RenderStream, R as Route, b as RouteAttributes, a as RouteParams, o as RoutePathsAndAttributes, h as SSRManifest, S as SSRServer, d as SSRServerOptions, m as ServiceCall, e as ServiceMethod, f as ServiceRegistry, T as TEMPLATE, c as createMaps, p as processConfigs } from './SSRServer-C9yjcgke.js';
+export { B as BaseMiddleware, C as Config, n as DataHandler, D as DataResult, G as GenericPlugin, I as InitialRouteParams, i as Manifest, M as ManifestEntry, N as NamedService, P as ProcessedConfig, g as RenderCallbacks, l as RenderModule, j as RenderSSR, k as RenderStream, R as Route, b as RouteAttributes, a as RouteParams, o as RoutePathsAndAttributes, h as SSRManifest, S as SSRServer, d as SSRServerOptions, m as ServiceCall, e as ServiceMethod, f as ServiceRegistry, T as TEMPLATE, c as createMaps, p as processConfigs } from './SSRServer-DPZped7n.js';
 import 'node:http';
 import 'vite';
 

package/dist/index.js

@@ -265,64 +265,6 @@ function createAuthHook(routes, isDebug) {
 
 // src/security/csp.ts
 import crypto from "crypto";
-var defaultGenerateCSP = (directives, nonce) => {
-  const merged = { ...directives };
-  merged["script-src"] = merged["script-src"] || ["'self'"];
-  if (!merged["script-src"].some((v) => v.startsWith("'nonce-"))) merged["script-src"].push(`'nonce-${nonce}'`);
-  if (process.env.NODE_ENV !== "production") {
-    const connect = merged["connect-src"] || ["'self'"];
-    if (!connect.includes("ws:")) connect.push("ws:");
-    if (!connect.includes("http:")) connect.push("http:");
-    merged["connect-src"] = connect;
-    const style = merged["style-src"] || ["'self'"];
-    if (!style.includes("'unsafe-inline'")) style.push("'unsafe-inline'");
-    merged["style-src"] = style;
-  }
-  return Object.entries(merged).map(([key, values]) => `${key} ${values.join(" ")}`).join("; ");
-};
-var generateNonce = () => crypto.randomBytes(16).toString("base64");
-var createCSPHook = (options = {}) => (req, reply, done) => {
-  const nonce = generateNonce();
-  const directives = options.directives ?? DEV_CSP_DIRECTIVES;
-  const generate = options.generateCSP ?? defaultGenerateCSP;
-  const cspHeader = generate(directives, nonce);
-  reply.header("Content-Security-Policy", cspHeader);
-  if (typeof options.exposeNonce === "function") {
-    options.exposeNonce(req, nonce);
-  } else {
-    req.nonce = nonce;
-  }
-  done();
-};
-var applyCSP = (security, reply) => {
-  const nonce = generateNonce();
-  const directives = security?.csp?.directives ?? DEV_CSP_DIRECTIVES;
-  const generate = security?.csp?.generateCSP ?? defaultGenerateCSP;
-  const header = generate(directives, nonce);
-  reply.header("Content-Security-Policy", header);
-  reply.request.nonce = nonce;
-  return nonce;
-};
-
-// src/security/verifyMiddleware.ts
-var isAuthRequired = (r) => r.attr?.middleware?.auth?.required === true;
-var hasAuthenticate = (app) => typeof app.authenticate === "function";
-var verifyContracts = (app, routes, contracts, isDebug) => {
-  const logger = createLogger(Boolean(isDebug));
-  for (const contract of contracts) {
-    const isUsed = routes.some(contract.required);
-    if (!isUsed) {
-      debugLog(logger, `Middleware "${contract.key}" not used in any routes`);
-      continue;
-    }
-    if (!contract.verify(app)) {
-      const error = new Error(`[\u03C4js] ${contract.errorMessage}`);
-      logger.error(error.message);
-      throw error;
-    }
-    debugLog(logger, `Middleware "${contract.key}" verified \u2713`);
-  }
-};
 
 // src/utils/Utils.ts
 import { dirname, join } from "path";
@@ -410,19 +352,17 @@ var isServiceDescriptor = (obj) => {
   return typeof maybe.serviceName === "string" && typeof maybe.serviceMethod === "string";
 };
 var fetchInitialData = async (attr, params, serviceRegistry, ctx = { headers: {} }, callServiceMethodImpl = callServiceMethod) => {
-  if (!attr?.data || typeof attr.data !== "function") return {};
-  const result = await attr.data(params, ctx);
-  if (isServiceDescriptor(result)) {
-    const { serviceName, serviceMethod, args } = result;
-    if (serviceRegistry[serviceName]?.[serviceMethod]) {
-      return await callServiceMethodImpl(serviceRegistry, serviceName, serviceMethod, args ?? {});
+  const dataHandler = attr?.data;
+  if (!dataHandler || typeof dataHandler !== "function") return Promise.resolve({});
+  return dataHandler(params, ctx).then(async (result) => {
+    if (isServiceDescriptor(result)) {
+      const { serviceName, serviceMethod, args } = result;
+      if (serviceRegistry[serviceName]?.[serviceMethod]) return callServiceMethodImpl(serviceRegistry, serviceName, serviceMethod, args ?? {});
+      throw new Error(`Invalid service: serviceName=${String(serviceName)}, method=${String(serviceMethod)}`);
     }
-    throw new Error(`Invalid service: serviceName=${String(serviceName)}, method=${String(serviceMethod)}`);
-  }
-  if (typeof result === "object" && result !== null) {
-    return result;
-  }
-  throw new Error("Invalid result from attr.data");
+    if (typeof result === "object" && result !== null) return result;
+    throw new Error("Invalid result from attr.data");
+  });
 };
 var matchRoute = (url, renderRoutes) => {
   for (const route of renderRoutes) {
@@ -462,6 +402,66 @@ var ensureNonNull = (value, errorMessage) => {
   return value;
 };
 
+// src/security/csp.ts
+var defaultGenerateCSP = (directives, nonce) => {
+  const merged = { ...directives };
+  merged["script-src"] = merged["script-src"] || ["'self'"];
+  if (!merged["script-src"].some((v) => v.startsWith("'nonce-"))) merged["script-src"].push(`'nonce-${nonce}'`);
+  if (isDevelopment) {
+    const connect = merged["connect-src"] || ["'self'"];
+    if (!connect.includes("ws:")) connect.push("ws:");
+    if (!connect.includes("http:")) connect.push("http:");
+    merged["connect-src"] = connect;
+    const style = merged["style-src"] || ["'self'"];
+    if (!style.includes("'unsafe-inline'")) style.push("'unsafe-inline'");
+    merged["style-src"] = style;
+  }
+  return Object.entries(merged).map(([key, values]) => `${key} ${values.join(" ")}`).join("; ");
+};
+var generateNonce = () => crypto.randomBytes(16).toString("base64");
+var createCSPHook = (options = {}) => (req, reply, done) => {
+  const nonce = generateNonce();
+  const directives = options.directives ?? DEV_CSP_DIRECTIVES;
+  const generate = options.generateCSP ?? defaultGenerateCSP;
+  const cspHeader = generate(directives, nonce);
+  reply.header("Content-Security-Policy", cspHeader);
+  if (typeof options.exposeNonce === "function") {
+    options.exposeNonce(req, nonce);
+  } else {
+    req.nonce = nonce;
+  }
+  done();
+};
+var applyCSP = (security, reply) => {
+  const nonce = generateNonce();
+  const directives = security?.csp?.directives ?? DEV_CSP_DIRECTIVES;
+  const generate = security?.csp?.generateCSP ?? defaultGenerateCSP;
+  const header = generate(directives, nonce);
+  reply.header("Content-Security-Policy", header);
+  reply.request.nonce = nonce;
+  return nonce;
+};
+
+// src/security/verifyMiddleware.ts
+var isAuthRequired = (r) => r.attr?.middleware?.auth?.required === true;
+var hasAuthenticate = (app) => typeof app.authenticate === "function";
+var verifyContracts = (app, routes, contracts, isDebug) => {
+  const logger = createLogger(Boolean(isDebug));
+  for (const contract of contracts) {
+    const isUsed = routes.some(contract.required);
+    if (!isUsed) {
+      debugLog(logger, `Middleware "${contract.key}" not used in any routes`);
+      continue;
+    }
+    if (!contract.verify(app)) {
+      const error = new Error(`[\u03C4js] ${contract.errorMessage}`);
+      logger.error(error.message);
+      throw error;
+    }
+    debugLog(logger, `Middleware "${contract.key}" verified \u2713`);
+  }
+};
+
 // src/SSRServer.ts
 var createMaps = () => {
   return {
@@ -536,24 +536,15 @@ var SSRServer = (0, import_fastify_plugin.default)(
       ],
       opts.isDebug
     );
-    if (opts.registerStaticAssets !== false) {
-      if (typeof opts.registerStaticAssets === "function") {
-        await opts.registerStaticAssets(app);
-      } else {
-        try {
-          const fastifyStatic = await import("@fastify/static");
-          await app.register(fastifyStatic.default, {
-            index: false,
-            prefix: "/",
-            root: baseClientRoot,
-            wildcard: false
-          });
-        } catch (err) {
-          throw new Error(
-            "Static asset handling requires @fastify/static to be installed. Either install it or provide your own static asset handler using `registerStaticAssets`."
-          );
-        }
-      }
+    if (opts.registerStaticAssets && typeof opts.registerStaticAssets === "object") {
+      const { plugin, options } = opts.registerStaticAssets;
+      await app.register(plugin, {
+        root: baseClientRoot,
+        prefix: "/",
+        index: false,
+        wildcard: false,
+        ...options ?? {}
+      });
     }
     app.addHook(
       "onRequest",

package/dist/security/csp.d.ts

@@ -1,4 +1,4 @@
 import 'fastify';
-export { q as CSPDirectives, r as CSPOptions, w as applyCSP, u as createCSPHook, s as defaultGenerateCSP, t as generateNonce, v as getRequestNonce } from '../SSRServer-C9yjcgke.js';
+export { q as CSPDirectives, r as CSPOptions, w as applyCSP, u as createCSPHook, s as defaultGenerateCSP, t as generateNonce, v as getRequestNonce } from '../SSRServer-DPZped7n.js';
 import 'node:http';
 import 'vite';

package/dist/security/csp.js

@@ -9,12 +9,21 @@ var DEV_CSP_DIRECTIVES = {
   "img-src": ["'self'", "data:"]
 };
 
+// src/utils/Utils.ts
+import { dirname, join } from "path";
+import "path";
+import { fileURLToPath } from "url";
+import { match } from "path-to-regexp";
+var isDevelopment = process.env.NODE_ENV === "development";
+var __filename = fileURLToPath(import.meta.url);
+var __dirname = join(dirname(__filename), !isDevelopment ? "./" : "..");
+
 // src/security/csp.ts
 var defaultGenerateCSP = (directives, nonce) => {
   const merged = { ...directives };
   merged["script-src"] = merged["script-src"] || ["'self'"];
   if (!merged["script-src"].some((v) => v.startsWith("'nonce-"))) merged["script-src"].push(`'nonce-${nonce}'`);
-  if (process.env.NODE_ENV !== "production") {
+  if (isDevelopment) {
     const connect = merged["connect-src"] || ["'self'"];
     if (!connect.includes("ws:")) connect.push("ws:");
     if (!connect.includes("http:")) connect.push("http:");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@taujs/server",
-  "version": "0.3.3",
+  "version": "0.3.5",
   "description": "taujs [ τjs ]",
   "author": "John Smith | Aoede <taujs@aoede.uk.net> (https://www.aoede.uk.net)",
   "license": "MIT",