@toa.io/extensions.exposition 1.0.0-alpha.7 → 1.0.0-alpha.71

package/source/RTD/Endpoint.ts

@@ -5,6 +5,9 @@ import type * as RTD from './index'
 
 export interface Endpoint {
   call: (context: http.Context, parameters: RTD.Parameter[]) => Promise<http.OutgoingMessage>
+
+  explain: (parameters: RTD.Parameter[]) => Promise<unknown>
+
   close: () => Promise<void>
 }
 

package/source/RTD/Method.ts

@@ -1,15 +1,31 @@
+import type { Parameter } from './Match'
 import type { Endpoint } from './Endpoint'
 import type { Directives } from './Directives'
 
 export class Method {
   public readonly endpoint: Endpoint | null
   public readonly directives: Directives
+  private introspection: unknown | null = null
+  private introspecting: Promise<unknown> | null = null
 
   public constructor (endpoint: Endpoint | null, directives: Directives) {
     this.endpoint = endpoint
     this.directives = directives
   }
 
+  public async explain (parameters: Parameter[]): Promise<unknown> {
+    if (this.introspection !== null)
+      return this.introspection
+
+    if (this.introspecting === null)
+      // eslint-disable-next-line @typescript-eslint/no-non-null-asserted-optional-chain
+      this.introspecting = this.endpoint?.explain(parameters)!
+
+    this.introspection = await this.introspecting
+
+    return this.introspection
+  }
+
   public async close (): Promise<void> {
     await this.endpoint?.close()
   }

package/source/RTD/Node.ts

@@ -4,6 +4,7 @@ import { type Match, type Parameter } from './Match'
 
 export class Node {
   public intermediate: boolean
+  public forward: string | null
   public methods: Methods
   private readonly protected: boolean
   private routes: Route[]
@@ -13,6 +14,7 @@ export class Node {
     this.routes = routes
     this.methods = methods
     this.protected = properties.protected
+    this.forward = properties.forward ?? null
     this.intermediate = this.routes.findIndex((route) => route.root) !== -1
 
     this.sort()
@@ -20,7 +22,8 @@ export class Node {
 
   public match (fragments: string[], parameters: Parameter[] = []): Match | null {
     for (const route of this.routes) {
-      const match = route.match(fragments, parameters)
+      const params = parameters.slice()
+      const match = route.match(fragments, params)
 
       if (match !== null)
         return match
@@ -32,38 +35,46 @@ export class Node {
   public merge (node: Node): void {
     this.intermediate = node.intermediate
 
-    if (!this.protected)
-      this.replace(node)
-    else
+    if (this.protected)
       this.append(node)
+    else
+      this.replace(node)
 
     this.sort()
   }
 
+  public async explain (parameters: Parameter[]): Promise<Record<string, unknown>> {
+    const methods: Record<string, unknown> = {}
+
+    const explained = Object.entries(this.methods)
+      .map(async ([verb, method]) =>
+        (methods[verb] = await method.explain(parameters)))
+
+    await Promise.all(explained)
+
+    return methods
+  }
+
   private replace (node: Node): void {
     const methods = Object.values(this.methods)
 
     this.routes = node.routes
     this.methods = node.methods
 
+    // race condition is really unlikely
     for (const method of methods)
       void method.close()
-
-    // race condition is really unlikely
   }
 
   private append (node: Node): void {
     for (const route of node.routes)
-      this.mergeRoute(route)
+      this.route(route)
 
     for (const [verb, method] of Object.entries(node.methods))
-      if (verb in this.methods)
-        console.warn(`Overriding of the protected method ${verb} is not permitted.`)
-      else
-        this.methods[verb] = method
+      this.methods[verb] = method
   }
 
-  private mergeRoute (candidate: Route): void {
+  private route (candidate: Route): void {
     for (const route of this.routes)
       if (candidate.equals(route)) {
         route.merge(candidate)
@@ -75,10 +86,15 @@ export class Node {
   }
 
   private sort (): void {
-    this.routes.sort((a, b) => a.variables - b.variables)
+    this.routes.sort((a, b) => {
+      return a.variables === b.variables
+        ? b.segments.length - a.segments.length // routes with more segments should be matched first
+        : a.variables - b.variables // routes with more variables should be matched last
+    })
   }
 }
 
 export interface Properties {
   protected: boolean
+  forward?: string
 }

package/source/RTD/Route.ts

@@ -5,7 +5,7 @@ import { type Match, type Parameter } from './Match'
 export class Route {
   public readonly root: boolean
   public readonly variables: number = 0
-  private readonly segments: Segment[]
+  public readonly segments: Segment[]
   private readonly node: Node
 
   public constructor (segments: Segment[], node: Node) {
@@ -31,8 +31,10 @@ export class Route {
 
     const exact = this.segments.length === fragments.length
 
-    if (exact && !this.node.intermediate) return { node: this.node, parameters }
-    else return this.matchNested(fragments, parameters)
+    if (exact && !this.node.intermediate)
+      return { node: this.node, parameters }
+    else
+      return this.matchNested(fragments, parameters)
   }
 
   public equals (route: Route): boolean {
@@ -52,7 +54,6 @@ export class Route {
 
   private matchNested (fragments: string[], parameters: Parameter[]): Match | null {
     fragments = fragments.slice(this.segments.length)
-    parameters = parameters.slice()
 
     return this.node.match(fragments, parameters)
   }

package/source/RTD/factory.ts

@@ -17,7 +17,10 @@ export function createNode (node: syntax.Node, context: Context): Node {
   for (const method of node.methods)
     methods[method.verb] = createMethod(method, context)
 
-  const properties: Properties = { protected: node.protected ?? context.protected }
+  const properties: Properties = {
+    protected: node.protected ?? context.protected,
+    forward: node.forward
+  }
 
   return new Node(routes, methods, properties)
 }
@@ -33,7 +36,7 @@ function createRoute (route: syntax.Route, context: Context): Route {
 }
 
 function createMethod (method: syntax.Method, context: Context): Method {
-  const stack = context.directives.stack.concat(method.directives.reverse())
+  const stack = method.directives.concat(context.directives.stack)
   const directives = context.directives.factory.create(stack)
 
   const endpoint = method.mapping?.endpoint === undefined

package/source/RTD/syntax/parse.ts

@@ -17,42 +17,56 @@ export function parse (input: object, shortcuts?: Shortcuts): Node {
   return node
 }
 
-function parseNode (input: object, shortcuts?: Shortcuts): Node {
+function parseNode (input: object | string, shortcuts?: Shortcuts): Node {
   const node = createNode()
 
-  for (const [key, value] of Object.entries(input)) {
-    if (PROPERTIES.includes(key as keyof Node)) {
-      node[key as keyof Node] = value
+  if (typeof input === 'string') {
+    node.forward = input
 
-      continue
-    }
+    return node
+  }
 
-    if (key[0] === '/') {
-      const route = parseRoute(key, value as Node, shortcuts)
+  for (const [key, value] of Object.entries(input) as Array<[keyof Node, unknown]>)
+    switch (key) {
+      case 'protected':
+      case 'isolated':
+        node[key] = value as boolean
+        break
+      case 'forward':
+        node[key] = value as string
+        break
 
-      node.routes.push(route)
+      default:
+        // eslint-disable-next-line max-depth
+        if (key[0] === '/') {
+          const route = parseRoute(key, value as Node, shortcuts)
 
-      continue
-    }
+          node.routes.push(route)
 
-    if (verbs.has(key)) {
-      const method = parseMethod(key, value as Mapping, shortcuts)
+          continue
+        }
 
-      node.methods.push(method)
+        // eslint-disable-next-line max-depth
+        if (verbs.has(key)) {
+          const method = parseMethod(key, value as Mapping, shortcuts)
 
-      continue
-    }
+          node.methods.push(method)
 
-    const directive = parseDirective(key, value, shortcuts)
+          continue
+        }
 
-    if (directive !== null) {
-      node.directives.push(directive)
+        // eslint-disable-next-line no-case-declarations
+        const directive = parseDirective(key, value, shortcuts)
 
-      continue
-    }
+        // eslint-disable-next-line max-depth
+        if (directive !== null) {
+          node.directives.push(directive)
 
-    throw new Error(`RTD parse error: unknown key '${key}'.`)
-  }
+          continue
+        }
+
+        throw new Error(`RTD parse error: unknown key '${key}'.`)
+    }
 
   return node
 }
@@ -149,6 +163,5 @@ function expandRange (range: number): Range {
 }
 
 const DIRECTIVE_RX = /^(?<family>\w{1,32}):(?<name>\w{1,32})$/
-const PROPERTIES: Array<keyof Node> = ['protected', 'isolated']
 
 export type Shortcuts = Map<string, string>

package/source/RTD/syntax/types.ts

@@ -1,6 +1,7 @@
 export interface Node {
   protected?: boolean
   isolated?: boolean
+  forward?: string
   routes: Route[]
   methods: Method[]
   directives: Directive[]
@@ -27,17 +28,18 @@ export interface Mapping {
   namespace?: string
   component?: string
   endpoint: string
-  query?: Query
+  query?: Query | null
 }
 
 export interface Query {
   id?: string
   criteria?: string
   sort?: string
-  omit: Range
-  limit: Range
+  omit?: Range
+  limit?: Range
   selectors?: string[]
   projection?: string[]
+  parameters?: string[]
 }
 
 export interface Range {
@@ -45,4 +47,4 @@ export interface Range {
   range: [number, number]
 }
 
-export const verbs = new Set<string>(['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'])
+export const verbs = new Set<string>(['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'LOCK', 'UNLOCK'])

package/source/Remotes.ts

@@ -1,24 +1,17 @@
-import { Locator, Connector, type Component } from '@toa.io/core'
+import { Locator, Connector, type Remote } from '@toa.io/core'
 import { type Bootloader } from './Factory'
 
 export class Remotes extends Connector {
   private readonly boot: Bootloader
-  private readonly remotes: Record<string, Promise<Component>> = {}
 
   public constructor (boot: Bootloader) {
     super()
     this.boot = boot
   }
 
-  public async discover (namespace: string, name: string): Promise<Component> {
+  public async discover (namespace: string, name: string): Promise<Remote> {
     const locator = new Locator(name, namespace)
 
-    this.remotes[locator.id] ??= this.create(locator)
-
-    return await this.remotes[locator.id]
-  }
-
-  private async create (locator: Locator): Promise<Component> {
     const remote = await this.boot.remote(locator)
 
     this.depends(remote)

package/source/Tenant.ts

@@ -25,14 +25,6 @@ export class Tenant extends Connector {
   public override async open (): Promise<void> {
     await this.expose()
     await this.broadcast.receive('ping', this.expose.bind(this))
-
-    console.info('Exposition Tenant for ' +
-      `'${this.branch.namespace}.${this.branch.component}' has started.`)
-  }
-
-  public override async dispose (): Promise<void> {
-    console.info('Exposition Tenant for ' +
-      `'${this.branch.namespace}.${this.branch.component}' has been stopped.`)
   }
 
   private async expose (): Promise<void> {

package/source/deployment.ts

@@ -1,3 +1,4 @@
+import assert from 'node:assert'
 import { type Dependency, type Service } from '@toa.io/operations'
 import { encode } from '@toa.io/generic'
 import { type Annotation } from './Annotation'
@@ -5,50 +6,59 @@ import * as schemas from './schemas'
 import { shortcuts } from './Directive'
 import { components } from './Composition'
 import { parse } from './RTD/syntax'
+import { DELAY, PORT } from './HTTP'
+
+export function deployment (_: unknown, annotation?: Annotation): Dependency {
+  assert.ok(annotation !== undefined, 'Exposition context annotation is required')
+  schemas.annotation.validate(annotation)
 
-export function deployment (_: unknown, annotation: Annotation | undefined): Dependency {
   const labels = components().labels
 
   const service: Service = {
     group: 'exposition',
     name: 'gateway',
-    port: 8000,
+    port: PORT,
     // eslint-disable-next-line @typescript-eslint/no-var-requires
     version: require('../package.json').version,
     variables: [],
-    components: labels
-  }
-
-  if (annotation?.host !== undefined)
-    service.ingress = {
-      host: annotation.host,
-      class: annotation.class,
-      annotations: annotation.annotations
+    components: labels,
+    ingress: { hosts: [] },
+    probe: {
+      path: '/.ready',
+      port: PORT,
+      delay: DELAY
     }
+  }
 
   if (annotation?.['/'] !== undefined) {
     const tree = parse(annotation['/'], shortcuts)
 
-    service.variables.push({
+    service.variables!.push({
       name: 'TOA_EXPOSITION',
       value: encode(tree)
     })
   }
 
-  if (annotation?.debug === true)
-    service.variables.push({
-      name: 'TOA_EXPOSITION_DEBUG',
-      value: '1'
-    })
+  const { debug, trace, authorities } = annotation
 
-  if (annotation?.trace === true)
-    service.variables.push({
-      name: 'TOA_EXPOSITION_TRACE',
-      value: '1'
-    })
+  service.ingress!.hosts = Object.values(authorities)
+  service.ingress!.class = annotation.class
+  service.ingress!.annotations = annotation.annotations
+
+  const properties: Properties = { authorities }
+
+  if (debug === true)
+    properties.debug = true
 
-  if (annotation !== undefined)
-    schemas.annotaion.validate(annotation)
+  if (trace === true)
+    properties.trace = true
+
+  service.variables!.push({
+    name: 'TOA_EXPOSITION_PROPERTIES',
+    value: encode(properties)
+  })
 
   return { services: [service] }
 }
+
+type Properties = Pick<Annotation, 'authorities' | 'debug' | 'trace'>

package/source/directives/auth/Authorization.ts

@@ -7,8 +7,10 @@ import { Role } from './Role'
 import { Rule } from './Rule'
 import { Incept } from './Incept'
 import { Echo } from './Echo'
-import { split } from './split'
 import { Scheme } from './Scheme'
+import { Delegate } from './Delegate'
+import { Federation } from './Federation'
+import { split } from './split'
 import { PRIMARY, PROVIDERS } from './schemes'
 import type { Output } from '../../io'
 import type { Component } from '@toa.io/core'
@@ -38,7 +40,7 @@ export class Authorization implements DirectiveFamily<Directive, Extension> {
 
   public create (name: string, value: any, remotes: Remotes): Directive {
     assert.ok(name in constructors,
-      `Directive '${name}' is not provided by the '${this.name}' family.`)
+      `Directive 'auth:${name}' is not implemented.`)
 
     const Class = constructors[name]
 
@@ -49,13 +51,22 @@ export class Authorization implements DirectiveFamily<Directive, Extension> {
       Role, () => new Role(value as string | string[], this.discovery.roles),
       Rule, () => new Rule(value as Record<string, string>, this.create.bind(this)),
       Incept, () => new Incept(value as string, this.discovery),
+      Delegate, () => new Delegate(value as string, this.discovery.roles),
       () => new Class(value))
   }
 
   public async preflight (directives: Directive[],
     input: Input,
     parameters: Parameter[]): Promise<Output> {
-    const identity = await this.resolve(input.request.headers.authorization)
+    /**
+     * Some authentication scheme providers may create identity during authentication;
+     * therefore, we need to skip the authentication process if the Incept directive is present.
+     *
+     * If the provided credentials already exist,
+     * the inception will cause a unique constraint violation on the settle stage.
+     */
+    const inception = directives.reduce((yes, directive) => yes || directive instanceof Incept, false)
+    const identity = inception ? null : await this.resolve(input.authority, input.request.headers.authorization)
 
     input.identity = identity
 
@@ -79,25 +90,31 @@ export class Authorization implements DirectiveFamily<Directive, Extension> {
 
     const identity = request.identity
 
-    if (identity === null) return
+    if (identity === null)
+      return
 
-    if (identity.scheme === PRIMARY && !identity.refresh) return
+    if (identity.scheme === PRIMARY && !identity.refresh)
+      return
 
     // Role directive may have already set the value
-    if (identity.roles === undefined) await Role.set(identity, this.discovery.roles)
+    if (identity.roles === undefined)
+      await Role.set(identity, this.discovery.roles)
 
     this.tokens ??= await this.discovery.tokens
 
-    const token = await this.tokens.invoke<string>('encrypt', { input: { identity } })
-    const authorization = `Token ${token}`
+    const token = await this.tokens.invoke<string>('encrypt', {
+      input: { authority: request.authority, identity }
+    })
 
-    if (response.headers === undefined) response.headers = new Headers()
+    const authorization = `Token ${token}`
 
+    response.headers ??= new Headers()
     response.headers.set('authorization', authorization)
   }
 
-  private async resolve (authorization: string | undefined): Promise<Identity | null> {
-    if (authorization === undefined) return null
+  private async resolve (authority: string, authorization: string | undefined): Promise<Identity | null> {
+    if (authorization === undefined)
+      return null
 
     const [scheme, credentials] = split(authorization)
     const provider = PROVIDERS[scheme]
@@ -108,10 +125,14 @@ export class Authorization implements DirectiveFamily<Directive, Extension> {
     this.schemes[scheme] ??= await this.discovery[provider]
 
     const result = await this.schemes[scheme].invoke<AuthenticationResult>('authenticate', {
-      input: credentials
+      input: {
+        authority,
+        credentials
+      }
     })
 
-    if (result instanceof Error) return null
+    if (result instanceof Error)
+      return null
 
     const identity = result.identity
 
@@ -139,7 +160,9 @@ const constructors: Record<string, new (value: any, argument?: any) => Directive
   rule: Rule,
   incept: Incept,
   scheme: Scheme,
-  echo: Echo
+  echo: Echo,
+  delegate: Delegate,
+  claim: Federation
 }
 
 const REMOTES: Remote[] = ['basic', 'federation', 'tokens', 'roles', 'bans']

package/source/directives/auth/Delegate.ts

@@ -0,0 +1,42 @@
+import { BadRequest } from '../../HTTP'
+import { type Directive, type Identity } from './types'
+import { Role } from './Role'
+import type { Component } from '@toa.io/core'
+import type { Input } from '../../io'
+
+export class Delegate implements Directive {
+  private readonly property: string
+  private readonly discovery: Promise<Component>
+
+  public constructor (property: string, discovery: Promise<Component>) {
+    this.property = property
+    this.discovery = discovery
+  }
+
+  public async authorize (identity: Identity | null, context: Input): Promise<boolean> {
+    if (identity === null)
+      return false
+
+    if (identity.roles === undefined)
+      await Role.set(identity, this.discovery)
+
+    context.pipelines.body.push((body) => this.embed(body, identity))
+
+    return true
+  }
+
+  private embed (body: unknown, identity: Identity): Record<string, unknown> {
+    if (body === undefined)
+      body = {}
+
+    check(body)
+    body[this.property] = structuredClone(identity)
+
+    return body
+  }
+}
+
+function check (body: unknown): asserts body is Record<string, unknown> {
+  if (typeof body !== 'object' || body === null)
+    throw new BadRequest('Invalid request body')
+}