@teamkeel/functions-runtime 0.0.1

package/src/tracing.js

@@ -0,0 +1,135 @@
+const opentelemetry = require("@opentelemetry/api");
+const { BatchSpanProcessor } = require("@opentelemetry/sdk-trace-base");
+const {
+  OTLPTraceExporter,
+} = require("@opentelemetry/exporter-trace-otlp-proto");
+const { NodeTracerProvider } = require("@opentelemetry/sdk-trace-node");
+const { envDetectorSync } = require("@opentelemetry/resources");
+
+function withSpan(name, fn) {
+  return getTracer().startActiveSpan(name, async (span) => {
+    try {
+      // await the thing (this means we can use try/catch)
+      return await fn(span);
+    } catch (err) {
+      // record any errors
+      span.recordException(err);
+      span.setStatus({
+        code: opentelemetry.SpanStatusCode.ERROR,
+        message: err.message,
+      });
+      // re-throw the error
+      throw err;
+    } finally {
+      // make sure the span is ended
+      span.end();
+    }
+  });
+}
+
+function patchFetch() {
+  if (!globalThis.fetch.patched) {
+    const originalFetch = globalThis.fetch;
+
+    globalThis.fetch = async (...args) => {
+      return withSpan("fetch", async (span) => {
+        const url = new URL(
+          args[0] instanceof Request ? args[0].url : String(args[0])
+        );
+        span.setAttribute("http.url", url.toString());
+        const scheme = url.protocol.replace(":", "");
+        span.setAttribute("http.scheme", scheme);
+
+        const options = args[0] instanceof Request ? args[0] : args[1] || {};
+        const method = (options.method || "GET").toUpperCase();
+        span.setAttribute("http.method", method);
+
+        const res = await originalFetch(...args);
+        span.setAttribute("http.status", res.status);
+        span.setAttribute("http.status_text", res.statusText);
+        return res;
+      });
+    };
+    globalThis.fetch.patched = true;
+  }
+}
+
+function patchConsoleLog() {
+  if (!console.log.patched) {
+    const originalConsoleLog = console.log;
+
+    console.log = (...args) => {
+      const span = opentelemetry.trace.getActiveSpan();
+      if (span) {
+        const output = args
+          .map((arg) => {
+            if (arg instanceof Error) {
+              return arg.stack;
+            }
+            if (typeof arg === "object") {
+              try {
+                return JSON.stringify(arg, getCircularReplacer());
+              } catch (error) {
+                return "[Object with circular references]";
+              }
+            }
+            if (typeof arg === "function") {
+              return arg() || arg.name || arg.toString();
+            }
+            return String(arg);
+          })
+          .join(" ");
+
+        span.addEvent(output);
+      }
+      originalConsoleLog(...args);
+    };
+
+    console.log.patched = true;
+  }
+}
+
+// Utility to handle circular references in objects
+function getCircularReplacer() {
+  const seen = new WeakSet();
+  return (key, value) => {
+    if (typeof value === "object" && value !== null) {
+      if (seen.has(value)) {
+        return "[Circular]";
+      }
+      seen.add(value);
+    }
+    return value;
+  };
+}
+
+function init() {
+  if (process.env.KEEL_TRACING_ENABLED == "true") {
+    const provider = new NodeTracerProvider({
+      resource: envDetectorSync.detect(),
+    });
+    const exporter = new OTLPTraceExporter();
+    const processor = new BatchSpanProcessor(exporter);
+
+    provider.addSpanProcessor(processor);
+    provider.register();
+  }
+
+  patchFetch();
+  patchConsoleLog();
+}
+
+function getTracer() {
+  return opentelemetry.trace.getTracer("functions");
+}
+
+function spanNameForModelAPI(modelName, action) {
+  return `Database ${modelName}.${action}`;
+}
+
+module.exports = {
+  getTracer,
+  withSpan,
+  init,
+  spanNameForModelAPI,
+};

package/src/tracing.test.js

@@ -0,0 +1,119 @@
+import { expect, test, beforeEach } from "vitest";
+import tracing from "./tracing";
+import { NodeTracerProvider, Span } from "@opentelemetry/sdk-trace-node";
+
+let spanEvents = [];
+const provider = new NodeTracerProvider({});
+provider.addSpanProcessor({
+  forceFlush() {
+    return Promise.resolve();
+  },
+  onStart(span, parentContext) {
+    spanEvents.push({ event: "onStart", span, parentContext });
+  },
+  onEnd(span) {
+    spanEvents.push({ event: "onEnd", span });
+  },
+  shutdown() {
+    return Promise.resolve();
+  },
+});
+provider.register();
+
+beforeEach(() => {
+  tracing.init();
+  spanEvents = [];
+});
+
+test("withSpan span time", async () => {
+  const waitTimeMillis = 100;
+  await tracing.withSpan("name", async () => {
+    await new Promise((resolve) => setTimeout(resolve, waitTimeMillis));
+  });
+
+  expect(spanEvents.map((e) => e.event)).toEqual(["onStart", "onEnd"]);
+  const spanDuration = spanEvents.pop().span._duration.pop();
+  const waitTimeNanos = waitTimeMillis * 1000 * 1000;
+  expect(spanDuration).toBeGreaterThan(waitTimeNanos);
+});
+
+test("withSpan on error", async () => {
+  try {
+    await tracing.withSpan("name", async () => {
+      throw "err";
+    });
+    // previous line should have an error thrown
+    expect(true).toEqual(false);
+  } catch (e) {
+    expect(e).toEqual("err");
+    expect(spanEvents.map((e) => e.event)).toEqual(["onStart", "onEnd"]);
+    const lastSpanEvents = spanEvents.pop().span.events;
+    expect(lastSpanEvents).length(1);
+    expect(lastSpanEvents[0].name).toEqual("exception");
+    expect(lastSpanEvents[0].attributes).toEqual({
+      "exception.message": "err",
+    });
+  }
+});
+
+test("fetch - 200", async () => {
+  const res = await fetch("http://example.com");
+  expect(res.status).toEqual(200);
+
+  expect(spanEvents.map((e) => e.event)).toEqual(["onStart", "onEnd"]);
+  expect(spanEvents.pop().span.attributes).toEqual({
+    "http.url": "http://example.com/",
+    "http.scheme": "http",
+    "http.method": "GET",
+    "http.status": 200,
+    "http.status_text": "OK",
+  });
+});
+
+test("fetch - 404", async () => {
+  await fetch("http://example.com/movies.json");
+
+  expect(spanEvents.map((e) => e.event)).toEqual(["onStart", "onEnd"]);
+  expect(spanEvents.pop().span.attributes).toEqual({
+    "http.url": "http://example.com/movies.json",
+    "http.scheme": "http",
+    "http.method": "GET",
+    "http.status": 404,
+    "http.status_text": "Not Found",
+  });
+});
+
+test("fetch - invalid URL", async () => {
+  try {
+    await fetch({});
+  } catch (err) {
+    expect(err.message).toEqual("Invalid URL");
+  }
+
+  expect(spanEvents.map((e) => e.event)).toEqual(["onStart", "onEnd"]);
+
+  const span = spanEvents.pop().span;
+  expect(spanEvents.pop().span.attributes).toEqual({});
+  expect(span.events[0].name).toEqual("exception");
+  expect.assertions(4);
+});
+
+test("fetch - ENOTFOUND", async () => {
+  try {
+    await fetch("http://qpwoeuthnvksnvnsanrurvnc.com");
+  } catch (err) {
+    expect(err.message).toEqual("fetch failed");
+    expect(err.cause.code).toEqual("ENOTFOUND");
+  }
+
+  expect(spanEvents.map((e) => e.event)).toEqual(["onStart", "onEnd"]);
+
+  const span = spanEvents.pop().span;
+  expect(span.attributes).toEqual({
+    "http.method": "GET",
+    "http.scheme": "http",
+    "http.url": "http://qpwoeuthnvksnvnsanrurvnc.com/",
+  });
+  expect(span.events[0].name).toEqual("exception");
+  expect.assertions(5);
+});

package/src/tryExecuteFunction.js

@@ -0,0 +1,74 @@
+const { withDatabase } = require("./database");
+const {
+  withPermissions,
+  PERMISSION_STATE,
+  PermissionError,
+  checkBuiltInPermissions,
+} = require("./permissions");
+const { PROTO_ACTION_TYPES } = require("./consts");
+
+// tryExecuteFunction will create a new database transaction around a function call
+// and handle any permissions checks. If a permission check fails, then an Error will be thrown and the catch block will be hit.
+function tryExecuteFunction(
+  { db, permitted, permissionFns, actionType, request, ctx },
+  cb
+) {
+  return withPermissions(permitted, async ({ getPermissionState }) => {
+    return withDatabase(db, actionType, async ({ transaction }) => {
+      const fnResult = await cb();
+      // api.permissions maintains an internal state of whether the current operation has been *explicitly* permitted/denied by the user in the course of their custom function, or if execution has already been permitted by a role based permission (evaluated in the main runtime).
+      // we need to check that the final state is permitted or unpermitted. if it's not, then it means that the user has taken no explicit action to permit/deny
+      // and therefore we default to checking the permissions defined in the schema automatically.
+      switch (getPermissionState()) {
+        case PERMISSION_STATE.PERMITTED:
+          return fnResult;
+        case PERMISSION_STATE.UNPERMITTED:
+          throw new PermissionError(
+            `Not permitted to access ${request.method}`
+          );
+        default:
+          // unknown state, proceed with checking against the built in permissions in the schema
+          const relevantPermissions = permissionFns[request.method];
+
+          const peakInsideTransaction =
+            actionType === PROTO_ACTION_TYPES.CREATE;
+
+          let rowsForPermissions = [];
+          if (fnResult != null) {
+            switch (actionType) {
+              case PROTO_ACTION_TYPES.LIST:
+                rowsForPermissions = fnResult;
+                break;
+              case PROTO_ACTION_TYPES.DELETE:
+                rowsForPermissions = [{ id: fnResult }];
+                break;
+              case (PROTO_ACTION_TYPES.GET, PROTO_ACTION_TYPES.CREATE):
+                rowsForPermissions = [fnResult];
+                break;
+              default:
+                rowsForPermissions = [fnResult];
+                break;
+            }
+          }
+
+          // check will throw a PermissionError if a permission rule is invalid
+          await checkBuiltInPermissions({
+            rows: rowsForPermissions,
+            permissionFns: relevantPermissions,
+            // it is important that we pass db here as db represents the connection to the database
+            // *outside* of the current transaction. Given that any changes inside of a transaction
+            // are opaque to the outside, we can utilize this when running permission rules and then deciding to
+            // rollback any changes if they do not pass. However, for creates we need to be able to 'peak' inside the transaction to read the created record, as this won't exist outside of the transaction.
+            db: peakInsideTransaction ? transaction : db,
+            ctx,
+            functionName: request.method,
+          });
+
+          // If the built in permission check above doesn't throw, then it means that the request is permitted and we can continue returning the return value from the custom function out of the transaction
+          return fnResult;
+      }
+    });
+  });
+}
+
+module.exports.tryExecuteFunction = tryExecuteFunction;

package/vite.config.js

@@ -0,0 +1,7 @@
+import { defineConfig, loadEnv } from "vite";
+
+export default ({ mode }) => {
+  process.env = { ...process.env, ...loadEnv(mode, process.cwd(), "") };
+
+  return defineConfig({});
+};