@toa.io/extensions.exposition 1.0.0-alpha.0 → 1.0.0-alpha.3

package/source/directives/auth/{Family.ts → Authorization.ts}

@@ -1,3 +1,4 @@
+import assert from 'node:assert'
 import { match } from 'matchacho'
 import * as http from '../../HTTP'
 import { Anonymous } from './Anonymous'
@@ -9,9 +10,10 @@ import { Echo } from './Echo'
 import { split } from './split'
 import { Scheme } from './Scheme'
 import { PRIMARY, PROVIDERS } from './schemes'
+import type { Output } from '../../io'
 import type { Component } from '@toa.io/core'
 import type { Remotes } from '../../Remotes'
-import type { Family, Output } from '../../Directive'
+import type { Family } from '../../Directive'
 import type { Parameter } from '../../RTD'
 import type {
   AuthenticationResult,
@@ -25,7 +27,8 @@ import type {
   Schemes
 } from './types'
 
-class Authorization implements Family<Directive, Extension> {
+export class Authorization implements Family<Directive, Extension> {
+  public readonly depends: string[] = ['Vary']
   public readonly name: string = 'auth'
   public readonly mandatory: boolean = true
 
@@ -35,23 +38,24 @@ class Authorization implements Family<Directive, Extension> {
   private bans: Component | null = null
 
   public create (name: string, value: any, remotes: Remotes): Directive {
-    const Class = CLASSES[name]
+    assert.ok(name in CLASSES,
+      `Directive '${name}' is not provided by the '${this.name}' family.`)
 
-    if (Class === undefined)
-      throw new Error(`Directive '${name}' is not provided by the '${this.name}' family.`)
+    const Class = CLASSES[name]
 
     for (const name of REMOTES)
       this.discovery[name] ??= remotes.discover('identity', name)
 
     return match(Class,
-      Role, () => new Role(value, this.discovery.roles),
-      Rule, () => new Rule(value, this.create.bind(this)),
-      Incept, () => new Incept(value, this.discovery),
+      Role, () => new Role(value as string | string[], this.discovery.roles),
+      Rule, () => new Rule(value as Record<string, string>, this.create.bind(this)),
+      Incept, () => new Incept(value as string, this.discovery),
       () => new Class(value))
   }
 
-  public async preflight
-  (directives: Directive[], input: Input, parameters: Parameter[]): Promise<Output> {
+  public async preflight (directives: Directive[],
+    input: Input,
+    parameters: Parameter[]): Promise<Output> {
     const identity = await this.resolve(input.headers.authorization)
 
     input.identity = identity
@@ -67,37 +71,32 @@ class Authorization implements Family<Directive, Extension> {
     else throw new http.Forbidden()
   }
 
-  public async settle
-  (directives: Directive[], request: Input, response: http.OutgoingMessage): Promise<void> {
-    for (const directive of directives)
-      await directive.settle?.(request, response)
+  public async settle (directives: Directive[],
+    request: Input,
+    response: http.OutgoingMessage): Promise<void> {
+    for (const directive of directives) await directive.settle?.(request, response)
 
     const identity = request.identity
 
-    if (identity === null)
-      return
+    if (identity === null) return
 
-    if (identity.scheme === PRIMARY && !identity.refresh)
-      return
+    if (identity.scheme === PRIMARY && !identity.refresh) return
 
     // Role directive may have already set the value
-    if (identity.roles === undefined)
-      await Role.set(identity, this.discovery.roles)
+    if (identity.roles === undefined) await Role.set(identity, this.discovery.roles)
 
     this.tokens ??= await this.discovery.tokens
 
     const token = await this.tokens.invoke<string>('encrypt', { input: { identity } })
     const authorization = `Token ${token}`
 
-    if (response.headers === undefined)
-      response.headers = new Headers()
+    if (response.headers === undefined) response.headers = new Headers()
 
     response.headers.set('authorization', authorization)
   }
 
   private async resolve (authorization: string | undefined): Promise<Identity | null> {
-    if (authorization === undefined)
-      return null
+    if (authorization === undefined) return null
 
     const [scheme, credentials] = split(authorization)
     const provider = PROVIDERS[scheme]
@@ -107,16 +106,15 @@ class Authorization implements Family<Directive, Extension> {
 
     this.schemes[scheme] ??= await this.discovery[provider]
 
-    const result = await this.schemes[scheme]
-      .invoke<AuthenticationResult>('authenticate', { input: credentials })
+    const result = await this.schemes[scheme].invoke<AuthenticationResult>('authenticate', {
+      input: credentials
+    })
 
-    if (result instanceof Error)
-      return null
+    if (result instanceof Error) return null
 
     const identity = result.identity
 
-    if (scheme !== PRIMARY && await this.banned(identity))
-      throw new http.Unauthorized()
+    if (scheme !== PRIMARY && (await this.banned(identity))) throw new http.Unauthorized()
 
     identity.scheme = scheme
     identity.refresh = result.refresh
@@ -143,6 +141,4 @@ const CLASSES: Record<string, new (value: any, argument?: any) => Directive> = {
   echo: Echo
 }
 
-const REMOTES: Remote[] = ['basic', 'tokens', 'roles', 'bans']
-
-export = new Authorization()
+const REMOTES: Remote[] = ['basic', 'federation', 'tokens', 'roles', 'bans']

package/source/directives/auth/Incept.ts

@@ -25,7 +25,7 @@ export class Incept implements Directive {
       throw new http.Conflict('Identity inception has failed as the response body ' +
         ` does not contain the '${this.property}' property.`)
 
-    const [scheme, credentials] = split(request.headers.authorization as string)
+    const [scheme, credentials] = split(request.headers.authorization!)
     const provider = PROVIDERS[scheme]
 
     this.schemes[scheme] ??= await this.discovery[provider]

package/source/directives/auth/Rule.ts

@@ -1,5 +1,5 @@
 import { type Parameter } from '../../RTD'
-import { type Directive, type Identity } from './types'
+import type { Input, Directive, Identity } from './types'
 
 export class Rule implements Directive {
   private readonly directives: Directive[] = []
@@ -13,7 +13,7 @@ export class Rule implements Directive {
   }
 
   public async authorize
-  (identity: Identity | null, input: any, parameters: Parameter[]): Promise<boolean> {
+  (identity: Identity | null, input: Input, parameters: Parameter[]): Promise<boolean> {
     for (const directive of this.directives) {
       const authorized = await directive.authorize(identity, input, parameters)
 

package/source/directives/auth/index.ts

@@ -1,3 +1,3 @@
-import Family from './Family'
+import { Authorization } from './Authorization'
 
-export = Family
+export const authorization = new Authorization()

package/source/directives/auth/schemes.ts

@@ -2,7 +2,8 @@ import { type Remote, type Scheme } from './types'
 
 export const PROVIDERS: Record<Scheme, Remote> = {
   basic: 'basic',
-  token: 'tokens'
+  token: 'tokens',
+  bearer: 'federation'
 }
 
 export const PRIMARY: Scheme = 'token'

package/source/directives/auth/types.ts

@@ -2,11 +2,14 @@ import { type Component } from '@toa.io/core'
 import { type Maybe } from '@toa.io/types'
 import { type Parameter } from '../../RTD'
 import type * as http from '../../HTTP'
-import type * as directive from '../../Directive'
+import type * as io from '../../io'
 
 export interface Directive {
-  authorize: (identity: Identity | null, input: Input, parameters: Parameter[]) =>
-  boolean | Promise<boolean>
+  authorize: (
+    identity: Identity | null,
+    input: Input,
+    parameters: Parameter[],
+  ) => boolean | Promise<boolean>
 
   reply?: (identity: Identity | null) => http.OutgoingMessage
 
@@ -28,10 +31,10 @@ export interface Ban {
   banned: boolean
 }
 
-export type Input = directive.Input & Extension
+export type Input = io.Input & Extension
 export type AuthenticationResult = Maybe<{ identity: Identity, refresh: boolean }>
 
-export type Scheme = 'basic' | 'token'
-export type Remote = 'basic' | 'tokens' | 'roles' | 'bans'
+export type Scheme = 'basic' | 'token' | 'bearer'
+export type Remote = 'basic' | 'federation' | 'tokens' | 'roles' | 'bans'
 export type Discovery = Record<Remote, Promise<Component>>
 export type Schemes = Record<Scheme, Component>

package/source/directives/cache/{Family.ts → Cache.ts}

@@ -1,10 +1,11 @@
-import { type Input, type Output, type Family } from '../../Directive'
 import { Control } from './Control'
-import { type Directive } from './types'
 import { Exact } from './Exact'
+import type { Input, Output } from '../../io'
+import type { Directive } from './types'
+import type { Family } from '../../Directive'
 import type * as http from '../../HTTP'
 
-class Cache implements Family<Directive> {
+export class Cache implements Family<Directive> {
   public readonly name: string = 'cache'
   public readonly mandatory: boolean = false
 
@@ -32,5 +33,3 @@ const constructors: Record<string, new (value: any) => Directive> = {
   control: Control,
   exact: Exact
 }
-
-export = new Cache()

package/source/directives/cache/index.ts

@@ -1,3 +1,3 @@
-import Family from './Family'
+import { Cache } from './Cache'
 
-export = Family
+export const cache = new Cache()

package/source/directives/cache/types.ts

@@ -1,4 +1,4 @@
-import { type Input } from '../../Directive'
+import type { Input } from '../../io'
 
 export interface Directive {
   set: (input: Input, headers: Headers) => void

package/source/directives/cors/CORS.ts

@@ -0,0 +1,54 @@
+import type { Input, Output } from '../../io'
+import type { Interceptor } from '../../Interception'
+
+export class CORS implements Interceptor {
+  public readonly name = 'cors'
+  public readonly mandatory = true
+
+  private readonly allowedHeaders = new Set<string>(['accept', 'authorization', 'content-type'])
+
+  private readonly headers = new Headers({
+    'access-control-allow-methods': 'GET, POST, PUT, PATCH, DELETE',
+    'access-control-allow-credentials': 'true',
+    'access-control-allow-headers': Array.from(this.allowedHeaders).join(', '),
+    'access-control-max-age': '3600',
+    'cache-control': 'public, max-age=3600',
+    vary: 'origin'
+  })
+
+  public intercept (input: Input): Output {
+    const origin = input.headers.origin
+
+    if (origin === undefined)
+      return null
+
+    if (input.method === 'OPTIONS')
+      return this.preflightResponse(origin)
+
+    input.pipelines.response.push((output) => {
+      output.headers ??= new Headers()
+      output.headers.set('access-control-allow-origin', origin)
+      output.headers.set('access-control-expose-headers',
+        'authorization, content-type, content-length, etag')
+
+      if (input.method === 'GET' || input.method === 'HEAD' || input.method === 'OPTIONS')
+        output.headers.append('vary', 'origin')
+    })
+
+    return null
+  }
+
+  public allowHeader (header: string): void {
+    this.allowedHeaders.add(header.toLowerCase())
+    this.headers.set('access-control-allow-headers', Array.from(this.allowedHeaders).join(', '))
+  }
+
+  private preflightResponse (origin: string): Output {
+    this.headers.set('access-control-allow-origin', origin)
+
+    return {
+      status: 204,
+      headers: this.headers
+    }
+  }
+}

package/source/directives/cors/index.ts

@@ -0,0 +1,3 @@
+import { CORS } from './CORS'
+
+export const cors = new CORS()

package/source/directives/dev/{Family.ts → Development.ts}

@@ -1,9 +1,10 @@
-import { type Input, type Output, type Family } from '../../Directive'
 import { Stub } from './Stub'
 import { Throw } from './Throw'
 import { type Directive } from './types'
+import type { Input, Output } from '../../io'
+import type { Family } from '../../Directive'
 
-class Development implements Family<Directive> {
+export class Development implements Family<Directive> {
   public readonly name: string = 'dev'
   public readonly mandatory: boolean = false
 
@@ -32,5 +33,3 @@ const constructors: Record<string, new (value: any) => Directive> = {
   stub: Stub,
   throw: Throw
 }
-
-export = new Development()

package/source/directives/dev/Stub.ts

@@ -1,10 +1,10 @@
-import { type Output } from '../../Directive'
-import { type Directive } from './types'
+import type { Output } from '../../io'
+import type { Directive } from './types'
 
 export class Stub implements Directive {
-  private readonly value: any
+  private readonly value: unknown
 
-  public constructor (value: any) {
+  public constructor (value: unknown) {
     this.value = value
   }
 

package/source/directives/dev/Throw.ts

@@ -1,10 +1,10 @@
-import { type Output } from '../../Directive'
-import { type Directive } from './types'
+import type { Output } from '../../io'
+import type { Directive } from './types'
 
 export class Throw implements Directive {
-  private readonly message: any
+  private readonly message: string
 
-  public constructor (message: any) {
+  public constructor (message: string) {
     this.message = message
   }
 

package/source/directives/dev/index.ts

@@ -1,3 +1,3 @@
-import Family from './Family'
+import { Development } from './Development'
 
-export = Family
+export const dev = new Development()

package/source/directives/dev/types.ts

@@ -1,4 +1,4 @@
-import { type Input, type Output } from '../../Directive'
+import type { Input, Output } from '../../io'
 
 export interface Directive {
   apply: (input: Input) => Output

package/source/directives/index.ts

@@ -1,7 +1,11 @@
-import { type Family } from '../Directive'
-import Dev from './dev'
-import Auth from './auth'
-import Cache from './cache'
-import Octets from './octets'
+import { dev } from './dev'
+import { authorization } from './auth'
+import { cache } from './cache'
+import { octets } from './octets'
+import { cors } from './cors'
+import { vary } from './vary'
+import type { Family } from '../Directive'
+import type { Interceptor } from '../Interception'
 
-export const families: Family[] = [Auth, Octets, Dev, Cache]
+export const families: Family[] = [authorization, cache, octets, vary, dev]
+export const interceptors: Interceptor[] = [cors]

package/source/directives/octets/Context.ts

@@ -1,5 +1,5 @@
 import * as schemas from './schemas'
-import type { Output } from '../../Directive'
+import type { Output } from '../../io'
 import type { Directive } from './types'
 
 export class Context implements Directive {

package/source/directives/octets/Delete.ts

@@ -1,32 +1,73 @@
+import { Readable } from 'stream'
 import { NotFound } from '../../HTTP'
 import * as schemas from './schemas'
+import { Workflow } from './workflows'
+import type { Parameter } from '../../RTD'
+import type { Unit } from './workflows'
 import type { Maybe } from '@toa.io/types'
 import type { Component } from '@toa.io/core'
-import type { Output } from '../../Directive'
-
+import type { Output } from '../../io'
 import type { Directive, Input } from './types'
+import type { Remotes } from '../../Remotes'
+import type { Entry } from '@toa.io/extensions.storages'
 
 export class Delete implements Directive {
   public readonly targeted = true
 
+  private readonly workflow?: Workflow
   private readonly discovery: Promise<Component>
   private storage: Component | null = null
 
-  public constructor (value: null, discovery: Promise<Component>) {
-    schemas.remove.validate(value)
+  public constructor (options: Options | null, discovery: Promise<Component>, remotes: Remotes) {
+    schemas.remove.validate(options)
+
+    if (options?.workflow !== undefined)
+      this.workflow = new Workflow(options.workflow, remotes)
 
     this.discovery = discovery
   }
 
-  public async apply (storage: string, request: Input): Promise<Output> {
+  public async apply (storage: string, request: Input, parameters: Parameter[]): Promise<Output> {
     this.storage ??= await this.discovery
 
-    const input = { storage, path: request.path }
-    const error = await this.storage.invoke<Maybe<unknown>>('delete', { input })
+    const entry = await this.storage.invoke<Maybe<Entry>>('get',
+      { input: { storage, path: request.url } })
 
-    if (error instanceof Error)
+    if (entry instanceof Error)
       throw new NotFound()
 
-    return {}
+    const output: Output = {}
+
+    if (this.workflow !== undefined) {
+      output.status = 202
+      output.body = Readable.from(this.execute(request, storage, entry, parameters))
+    } else
+      await this.delete(storage, request)
+
+    return output
+  }
+
+  private async delete (storage: string, request: Input): Promise<void> {
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+    await this.storage!.invoke('delete',
+      { input: { storage, path: request.url } })
   }
+
+  // eslint-disable-next-line max-params
+  private async * execute
+  (request: Input, storage: string, entry: Entry, parameters: Parameter[]): AsyncGenerator {
+    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+    for await (const chunk of this.workflow!.execute(request, storage, entry, parameters)) {
+      yield chunk
+
+      if (typeof chunk === 'object' && chunk !== null && 'error' in chunk)
+        return
+    }
+
+    await this.delete(storage, request)
+  }
+}
+
+export interface Options {
+  workflow?: Unit[] | Unit
 }

package/source/directives/octets/Fetch.ts

@@ -5,18 +5,18 @@ import type { Maybe } from '@toa.io/types'
 import type { Entry } from '@toa.io/extensions.storages'
 import type { Readable } from 'node:stream'
 import type { Component } from '@toa.io/core'
-import type { Output } from '../../Directive'
+import type { Output } from '../../io'
 
 import type { Directive, Input } from './types'
 
 export class Fetch implements Directive {
   public readonly targeted = true
 
-  private readonly permissions: Permissions = { blob: true, meta: false }
+  private readonly permissions: Required<Permissions> = { blob: true, meta: false }
   private readonly discovery: Promise<Component>
   private storage: Component = null as unknown as Component
 
-  public constructor (permissions: Partial<Permissions> | null, discovery: Promise<Component>) {
+  public constructor (permissions: Permissions | null, discovery: Promise<Component>) {
     schemas.fetch.validate(permissions)
 
     Object.assign(this.permissions, permissions)
@@ -26,19 +26,22 @@ export class Fetch implements Directive {
   public async apply (storage: string, request: Input): Promise<Output> {
     this.storage ??= await this.discovery
 
-    if (request.url.slice(-5) === ':meta')
-      return await this.get(storage, request)
-    else
-      return await this.fetch(storage, request)
-  }
+    const variant = posix.basename(request.url).includes('.')
+    const metadata = request.subtype === 'octets.entry'
 
-  private async fetch (storage: string, request: Input): Promise<Output> {
-    const filename = posix.basename(request.url)
-    const variant = filename.includes('.')
+    if (!variant && metadata)
+      if (this.permissions.meta)
+        return this.get(storage, request)
+      else
+        throw new Forbidden('Metadata is not accessible.')
 
     if (!variant && !this.permissions.blob)
       throw new Forbidden('BLOB variant must be specified.')
 
+    return await this.fetch(storage, request)
+  }
+
+  private async fetch (storage: string, request: Input): Promise<Output> {
     if ('if-none-match' in request.headers)
       return { status: 304 }
 
@@ -58,11 +61,7 @@ export class Fetch implements Directive {
   }
 
   private async get (storage: string, request: Input): Promise<Output> {
-    if (!this.permissions.meta)
-      throw new Forbidden('Metadata is not accessible.')
-
-    const path = request.url.slice(0, -5)
-    const input = { storage, path }
+    const input = { storage, path: request.url }
     const entry = await this.storage.invoke<Maybe<Entry>>('get', { input })
 
     if (entry instanceof Error)
@@ -72,9 +71,9 @@ export class Fetch implements Directive {
   }
 }
 
-interface Permissions {
-  blob: boolean
-  meta: boolean
+export interface Permissions {
+  blob?: boolean
+  meta?: boolean
 }
 
 interface FetchResult {

package/source/directives/octets/List.ts

@@ -1,32 +1,62 @@
-import { NotFound } from '../../HTTP'
+import { posix } from 'node:path'
+import { Forbidden, NotFound } from '../../HTTP'
 import * as schemas from './schemas'
+import type { Entry } from '@toa.io/extensions.storages'
 import type { Maybe } from '@toa.io/types'
 import type { Component } from '@toa.io/core'
-import type { Output } from '../../Directive'
+import type { Output } from '../../io'
 
 import type { Directive, Input } from './types'
 
 export class List implements Directive {
   public readonly targeted = false
 
+  private readonly permissions: Required<Permissions> = { meta: false }
   private readonly discovery: Promise<Component>
   private storage: Component | null = null
 
-  public constructor (value: null, discovery: Promise<Component>) {
-    schemas.remove.validate(value)
+  public constructor (permissions: Permissions | null, discovery: Promise<Component>) {
+    schemas.list.validate(permissions)
 
+    Object.assign(this.permissions, permissions)
     this.discovery = discovery
   }
 
   public async apply (storage: string, request: Input): Promise<Output> {
     this.storage ??= await this.discovery
 
-    const input = { storage, path: request.path }
-    const list = await this.storage.invoke<Maybe<unknown>>('list', { input })
+    const metadata = request.subtype === 'octets.entries'
+
+    if (metadata && !this.permissions.meta)
+      throw new Forbidden('Metadata is not accessible.')
+
+    const input = { storage, path: request.url }
+    const list = await this.storage.invoke<Maybe<string[]>>('list', { input })
 
     if (list instanceof Error)
       throw new NotFound()
 
-    return { body: list }
+    const body = metadata
+      ? await this.expand(storage, request.url, list)
+      : list
+
+    return { body }
   }
+
+  private async expand (storage: string, prefix: string, list: string[]):
+  Promise<Array<Maybe<Entry>>> {
+    const promises = list.map(async (id) => {
+      const path = posix.join(prefix, id)
+      const input = { storage, path }
+
+      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion -- ensured in `apply`
+      return this.storage!.invoke<Maybe<Entry>>('get', { input })
+    })
+
+    return await Promise.all(promises)
+  }
+}
+
+export interface Permissions {
+  meta?: boolean
 }