@travetto/web 6.0.0-rc.2

package/src/interceptor/compress.ts

@@ -0,0 +1,119 @@
+import { buffer } from 'node:stream/consumers';
+import { BrotliOptions, constants, createBrotliCompress, createDeflate, createGzip, ZlibOptions } from 'node:zlib';
+
+// eslint-disable-next-line @typescript-eslint/naming-convention
+import Negotiator from 'negotiator';
+
+import { Injectable, Inject } from '@travetto/di';
+import { Config } from '@travetto/config';
+import { castTo } from '@travetto/runtime';
+
+import { WebInterceptor, WebInterceptorContext } from '../types/interceptor.ts';
+import { WebInterceptorCategory } from '../types/core.ts';
+import { WebChainedContext } from '../types/filter.ts';
+import { WebResponse } from '../types/response.ts';
+import { WebBodyUtil } from '../util/body.ts';
+import { WebError } from '../types/error.ts';
+
+const COMPRESSORS = {
+  gzip: createGzip,
+  deflate: createDeflate,
+  br: createBrotliCompress,
+};
+
+type WebCompressEncoding = keyof typeof COMPRESSORS | 'identity';
+
+@Config('web.compress')
+export class CompressConfig {
+  /**
+   * Attempting to compressing responses
+   */
+  applies: boolean = true;
+  /**
+   * Raw encoding options
+   */
+  raw?: (ZlibOptions & BrotliOptions) | undefined;
+  /**
+   * Preferred encodings
+   */
+  preferredEncodings?: WebCompressEncoding[] = ['br', 'gzip', 'identity'];
+  /**
+   * Supported encodings
+   */
+  supportedEncodings: WebCompressEncoding[] = ['br', 'gzip', 'identity', 'deflate'];
+}
+
+/**
+ * Enables compression support
+ */
+@Injectable()
+export class CompressInterceptor implements WebInterceptor {
+
+  category: WebInterceptorCategory = 'response';
+
+  @Inject()
+  config: CompressConfig;
+
+  async compress(ctx: WebChainedContext, response: WebResponse): Promise<WebResponse> {
+    const { raw = {}, preferredEncodings = [], supportedEncodings } = this.config;
+    const { request } = ctx;
+
+    response.headers.vary('Accept-Encoding');
+
+    if (
+      !response.body ||
+      response.headers.has('Content-Encoding') ||
+      response.headers.get('Cache-Control')?.includes('no-transform')
+    ) {
+      return response;
+    }
+
+    const accepts = request.headers.get('Accept-Encoding');
+    const type: WebCompressEncoding | undefined =
+      castTo(new Negotiator({ headers: { 'accept-encoding': accepts ?? '*' } })
+        .encoding([...supportedEncodings, ...preferredEncodings]));
+
+    if (accepts && (!type || !accepts.includes(type))) {
+      throw WebError.for(`Please accept one of: ${supportedEncodings.join(', ')}. ${accepts} is not supported`, 406);
+    }
+
+    if (type === 'identity' || !type) {
+      return response;
+    }
+
+    const binaryResponse = new WebResponse({ context: response.context, ...WebBodyUtil.toBinaryMessage(response) });
+    const chunkSize = raw.chunkSize ?? constants.Z_DEFAULT_CHUNK;
+    const len = Buffer.isBuffer(binaryResponse.body) ? binaryResponse.body.byteLength : undefined;
+
+    if (len !== undefined && len >= 0 && len < chunkSize || !binaryResponse.body) {
+      return binaryResponse;
+    }
+
+    const opts = type === 'br' ? { params: { [constants.BROTLI_PARAM_QUALITY]: 4, ...raw.params }, ...raw } : { ...raw };
+    const stream = COMPRESSORS[type](opts);
+
+    // If we are compressing
+    binaryResponse.headers.set('Content-Encoding', type);
+
+    if (Buffer.isBuffer(binaryResponse.body)) {
+      stream.end(binaryResponse.body);
+      const out = await buffer(stream);
+      binaryResponse.body = out;
+      binaryResponse.headers.set('Content-Length', `${out.byteLength}`);
+    } else {
+      binaryResponse.body.pipe(stream);
+      binaryResponse.body = stream;
+      binaryResponse.headers.delete('Content-Length');
+    }
+
+    return binaryResponse;
+  }
+
+  applies({ config }: WebInterceptorContext<CompressConfig>): boolean {
+    return config.applies;
+  }
+
+  async filter(ctx: WebChainedContext): Promise<WebResponse> {
+    return this.compress(ctx, await ctx.next());
+  }
+}

package/src/interceptor/context.ts

@@ -0,0 +1,23 @@
+import { Injectable, Inject } from '@travetto/di';
+
+import { WebChainedContext } from '../types/filter.ts';
+import { WebResponse } from '../types/response.ts';
+import { WebInterceptor } from '../types/interceptor.ts';
+import { WebInterceptorCategory } from '../types/core.ts';
+import { WebAsyncContext } from '../context.ts';
+
+/**
+ * Enables access to contextual data when running in a web application
+ */
+@Injectable()
+export class AsyncContextInterceptor implements WebInterceptor {
+
+  category: WebInterceptorCategory = 'global';
+
+  @Inject()
+  context: WebAsyncContext;
+
+  filter({ request, next }: WebChainedContext): Promise<WebResponse> {
+    return this.context.withContext(request, next);
+  }
+}

package/src/interceptor/cookies.ts

@@ -0,0 +1,97 @@
+import { Injectable, Inject } from '@travetto/di';
+import { Config } from '@travetto/config';
+import { Secret } from '@travetto/schema';
+import { AsyncContext, AsyncContextValue } from '@travetto/context';
+
+import { WebChainedContext } from '../types/filter.ts';
+import { WebResponse } from '../types/response.ts';
+import { WebInterceptor, WebInterceptorContext } from '../types/interceptor.ts';
+import { WebInterceptorCategory } from '../types/core.ts';
+
+import { WebConfig } from '../config.ts';
+import { Cookie, CookieSetOptions } from '../types/cookie.ts';
+import { CookieJar } from '../util/cookie.ts';
+import { WebAsyncContext } from '../context.ts';
+
+/**
+ * Web cookie configuration
+ */
+@Config('web.cookie')
+export class CookieConfig implements CookieSetOptions {
+  /**
+   * Support reading/sending cookies
+   */
+  applies = true;
+  /**
+   * Are they signed
+   */
+  signed = true;
+  /**
+   * Supported only via http (not in JS)
+   */
+  httpOnly = true;
+  /**
+   * Enforce same site policy
+   */
+  sameSite: Cookie['sameSite'] = 'lax';
+  /**
+   * The signing keys
+   */
+  @Secret()
+  keys?: string[];
+  /**
+   * Is the cookie only valid for https
+   */
+  secure?: boolean = false;
+  /**
+   * The domain of the cookie
+   */
+  domain?: string;
+}
+
+/**
+ * Loads cookies from the request, verifies, exposes, and then signs and sets
+ */
+@Injectable()
+export class CookiesInterceptor implements WebInterceptor<CookieConfig> {
+
+  #cookieJar = new AsyncContextValue<CookieJar>(this);
+
+  category: WebInterceptorCategory = 'request';
+
+  @Inject()
+  config: CookieConfig;
+
+  @Inject()
+  webConfig: WebConfig;
+
+  @Inject()
+  webAsyncContext: WebAsyncContext;
+
+  @Inject()
+  context: AsyncContext;
+
+  postConstruct(): void {
+    this.webAsyncContext.registerSource(CookieJar, () => this.#cookieJar.get());
+  }
+
+  finalizeConfig({ config }: WebInterceptorContext<CookieConfig>): CookieConfig {
+    const url = new URL(this.webConfig.baseUrl ?? 'x://localhost');
+    config.secure ??= url.protocol === 'https';
+    config.domain ??= url.hostname;
+    return config;
+  }
+
+  applies({ config }: WebInterceptorContext<CookieConfig>): boolean {
+    return config.applies;
+  }
+
+  async filter({ request, config, next }: WebChainedContext<CookieConfig>): Promise<WebResponse> {
+    const jar = new CookieJar(request.headers.get('Cookie'), config);
+    this.#cookieJar.set(jar);
+
+    const response = await next();
+    for (const c of jar.export()) { response.headers.append('Set-Cookie', c); }
+    return response;
+  }
+}

package/src/interceptor/cors.ts

@@ -0,0 +1,94 @@
+import { Config } from '@travetto/config';
+import { Injectable, Inject } from '@travetto/di';
+import { Ignore } from '@travetto/schema';
+
+import { WebChainedContext } from '../types/filter.ts';
+import { HTTP_METHODS, HttpMethod, WebInterceptorCategory } from '../types/core.ts';
+import { WebResponse } from '../types/response.ts';
+import { WebRequest } from '../types/request.ts';
+import { WebInterceptor, WebInterceptorContext } from '../types/interceptor.ts';
+import { WebCommonUtil } from '../util/common.ts';
+
+/**
+ * Web cors support
+ */
+@Config('web.cors')
+export class CorsConfig {
+  /**
+   * Send CORS headers on responses
+   */
+  applies = true;
+  /**
+   * Allowed origins
+   */
+  origins?: string[];
+  /**
+   * Allowed http methods
+   */
+  methods?: HttpMethod[];
+  /**
+   * Allowed http headers
+   */
+  headers?: string[];
+  /**
+   * Support credentials?
+   */
+  credentials?: boolean;
+
+  @Ignore()
+  resolved: {
+    origins: Set<string>;
+    methods: string;
+    headers: string;
+    credentials: boolean;
+  };
+}
+
+/**
+ * Interceptor that will provide cors support across all requests
+ */
+@Injectable()
+export class CorsInterceptor implements WebInterceptor<CorsConfig> {
+
+  category: WebInterceptorCategory = 'response';
+
+  @Inject()
+  config: CorsConfig;
+
+  finalizeConfig({ config }: WebInterceptorContext<CorsConfig>): CorsConfig {
+    config.resolved = {
+      origins: new Set(config.origins ?? []),
+      methods: (config.methods ?? Object.keys(HTTP_METHODS)).join(',').toUpperCase(),
+      headers: (config.headers ?? []).join(','),
+      credentials: !!config.credentials,
+    };
+    return config;
+  }
+
+  applies({ config }: WebInterceptorContext<CorsConfig>): boolean {
+    return config.applies;
+  }
+
+  decorate(request: WebRequest, resolved: CorsConfig['resolved'], response: WebResponse,): WebResponse {
+    const origin = request.headers.get('Origin');
+    if (resolved.origins.size === 0 || resolved.origins.has(origin!)) {
+      for (const [k, v] of [
+        ['Access-Control-Allow-Origin', origin || '*'],
+        ['Access-Control-Allow-Credentials', `${resolved.credentials}`],
+        ['Access-Control-Allow-Methods', resolved.methods],
+        ['Access-Control-Allow-Headers', resolved.headers || request.headers.get('Access-Control-Request-Headers') || '*'],
+      ]) {
+        response.headers.setIfAbsent(k, v);
+      }
+    }
+    return response;
+  }
+
+  async filter({ request, config: { resolved }, next }: WebChainedContext<CorsConfig>): Promise<WebResponse> {
+    try {
+      return this.decorate(request, resolved, await next());
+    } catch (err) {
+      throw this.decorate(request, resolved, WebCommonUtil.catchResponse(err));
+    }
+  }
+}

package/src/interceptor/decompress.ts

@@ -0,0 +1,91 @@
+import { Readable } from 'node:stream';
+import zlib from 'node:zlib';
+import util from 'node:util';
+
+import { Injectable, Inject } from '@travetto/di';
+import { Config } from '@travetto/config';
+import { castTo } from '@travetto/runtime';
+
+import { WebChainedContext } from '../types/filter.ts';
+import { WebResponse } from '../types/response.ts';
+import { WebInterceptorCategory } from '../types/core.ts';
+import { WebInterceptor, WebInterceptorContext } from '../types/interceptor.ts';
+import { WebHeaders } from '../types/headers.ts';
+
+import { WebBodyUtil } from '../util/body.ts';
+import { WebError } from '../types/error.ts';
+
+const STREAM_DECOMPRESSORS = {
+  gzip: zlib.createGunzip,
+  deflate: zlib.createInflate,
+  br: zlib.createBrotliDecompress,
+  identity: (): Readable => null!
+};
+
+const BUFFER_DECOMPRESSORS = {
+  gzip: util.promisify(zlib.gunzip),
+  deflate: util.promisify(zlib.inflate),
+  br: util.promisify(zlib.brotliDecompress),
+  identity: (): Readable => null!
+};
+
+type WebDecompressEncoding = keyof typeof BUFFER_DECOMPRESSORS;
+
+/**
+ * Web body parse configuration
+ */
+@Config('web.decompress')
+export class DecompressConfig {
+  /**
+   * Parse request body
+   */
+  applies: boolean = true;
+  /**
+   * Supported encodings
+   */
+  supportedEncodings: WebDecompressEncoding[] = ['br', 'gzip', 'deflate', 'identity'];
+}
+
+/**
+ * Decompress body
+ */
+@Injectable()
+export class DecompressInterceptor implements WebInterceptor<DecompressConfig> {
+
+
+  static async decompress(headers: WebHeaders, input: Buffer | Readable, config: DecompressConfig): Promise<typeof input> {
+    const encoding: WebDecompressEncoding | 'identity' = castTo(headers.getList('Content-Encoding')?.[0]) ?? 'identity';
+
+    if (!config.supportedEncodings.includes(encoding)) {
+      throw WebError.for(`Unsupported Content-Encoding: ${encoding}`, 415);
+    }
+
+    if (encoding === 'identity') {
+      return input;
+    }
+
+    if (Buffer.isBuffer(input)) {
+      return BUFFER_DECOMPRESSORS[encoding](input);
+    } else {
+      return input.pipe(STREAM_DECOMPRESSORS[encoding]());
+    }
+  }
+
+  dependsOn = [];
+  category: WebInterceptorCategory = 'request';
+
+  @Inject()
+  config: DecompressConfig;
+
+  applies({ config }: WebInterceptorContext<DecompressConfig>): boolean {
+    return config.applies;
+  }
+
+  async filter({ request, config, next }: WebChainedContext<DecompressConfig>): Promise<WebResponse> {
+    if (WebBodyUtil.isRaw(request.body)) {
+      const updatedBody = await DecompressInterceptor.decompress(request.headers, request.body, config);
+      request.body = WebBodyUtil.markRaw(updatedBody);
+    }
+    return next();
+  }
+}

package/src/interceptor/etag.ts

@@ -0,0 +1,99 @@
+import crypto from 'node:crypto';
+import fresh from 'fresh';
+
+import { Injectable, Inject } from '@travetto/di';
+import { Config } from '@travetto/config';
+import { Ignore } from '@travetto/schema';
+
+import { WebChainedContext } from '../types/filter.ts';
+import { WebResponse } from '../types/response.ts';
+import { WebInterceptor, WebInterceptorContext } from '../types/interceptor.ts';
+import { WebInterceptorCategory } from '../types/core.ts';
+import { CompressInterceptor } from './compress.ts';
+import { WebBodyUtil } from '../util/body.ts';
+
+@Config('web.etag')
+export class EtagConfig {
+  /**
+   * Attempt ETag generation
+   */
+  applies = true;
+  /**
+   * Should we generate a weak etag
+   */
+  weak?: boolean;
+
+  @Ignore()
+  cacheable?: boolean;
+}
+
+/**
+ * Enables etag support
+ */
+@Injectable()
+export class EtagInterceptor implements WebInterceptor {
+
+  category: WebInterceptorCategory = 'response';
+  dependsOn = [CompressInterceptor];
+
+  @Inject()
+  config: EtagConfig;
+
+  computeTag(body: Buffer): string {
+    return body.byteLength === 0 ?
+      '2jmj7l5rSw0yVb/vlWAYkK/YBwk' :
+      crypto
+        .createHash('sha1')
+        .update(body.toString('utf8'), 'utf8')
+        .digest('base64')
+        .substring(0, 27);
+  }
+
+  addTag(ctx: WebChainedContext<EtagConfig>, response: WebResponse): WebResponse {
+    const { request } = ctx;
+
+    const statusCode = response.context.httpStatusCode;
+
+    if (statusCode && (statusCode >= 300 && statusCode !== 304)) {
+      return response;
+    }
+
+    const binaryResponse = new WebResponse({ ...response, ...WebBodyUtil.toBinaryMessage(response) });
+    if (!Buffer.isBuffer(binaryResponse.body)) {
+      return binaryResponse;
+    }
+
+    const tag = this.computeTag(binaryResponse.body);
+    binaryResponse.headers.set('ETag', `${ctx.config.weak ? 'W/' : ''}"${tag}"`);
+
+    if (ctx.config.cacheable &&
+      fresh({
+        'if-modified-since': request.headers.get('If-Modified-Since')!,
+        'if-none-match': request.headers.get('If-None-Match')!,
+        'cache-control': request.headers.get('Cache-Control')!,
+      }, {
+        etag: binaryResponse.headers.get('ETag')!,
+        'last-modified': binaryResponse.headers.get('Last-Modified')!
+      })
+    ) {
+      return new WebResponse({ context: { httpStatusCode: 304 } });
+    }
+
+    return binaryResponse;
+  }
+
+  finalizeConfig({ config, endpoint }: WebInterceptorContext<EtagConfig>): EtagConfig {
+    if (endpoint.cacheable) {
+      return { ...config, cacheable: true };
+    }
+    return config;
+  }
+
+  applies({ config }: WebInterceptorContext<EtagConfig>): boolean {
+    return config.applies;
+  }
+
+  async filter(ctx: WebChainedContext<EtagConfig>): Promise<WebResponse> {
+    return this.addTag(ctx, await ctx.next());
+  }
+}

package/src/interceptor/logging.ts

@@ -0,0 +1,71 @@
+import { Injectable, Inject } from '@travetto/di';
+import { Config } from '@travetto/config';
+
+import { WebInterceptor, WebInterceptorContext } from '../types/interceptor.ts';
+import { WebInterceptorCategory } from '../types/core.ts';
+import { WebChainedContext } from '../types/filter.ts';
+import { WebResponse } from '../types/response.ts';
+
+/**
+ * Web logging configuration
+ */
+@Config('web.log')
+export class WebLogConfig {
+  /**
+   * Enable logging of all requests
+   */
+  applies = true;
+  /**
+   * Should errors be dumped as full stack traces
+   */
+  showStackTrace = true;
+}
+
+/**
+ * Logging interceptor, to show activity for all requests
+ */
+@Injectable()
+export class LoggingInterceptor implements WebInterceptor {
+
+  category: WebInterceptorCategory = 'terminal';
+
+  @Inject()
+  config: WebLogConfig;
+
+  applies({ config }: WebInterceptorContext<WebLogConfig>): boolean {
+    return config.applies;
+  }
+
+  async filter({ request, next }: WebChainedContext): Promise<WebResponse> {
+    const createdDate = Date.now();
+    const response = await next();
+    const duration = Date.now() - createdDate;
+
+    const err = response.body instanceof Error ? response.body : undefined;
+    const code = response.context.httpStatusCode ??= (!!err ? 500 : 200);
+
+    const logMessage = {
+      method: request.context.httpMethod,
+      path: request.context.path,
+      query: request.context.httpQuery,
+      params: request.context.pathParams,
+      statusCode: code,
+      duration,
+    };
+
+    if (code < 400) {
+      console.info('Request', logMessage);
+    } else if (code < 500) {
+      console.warn('Request', logMessage);
+    } else {
+      console.error('Request', logMessage);
+    }
+
+    if (this.config.showStackTrace && err) {
+      console.error(err.message, { error: err });
+    }
+
+    return response;
+  }
+}
+

package/src/interceptor/respond.ts

@@ -0,0 +1,26 @@
+import { Injectable } from '@travetto/di';
+
+import { WebInterceptor } from '../types/interceptor.ts';
+import { WebInterceptorCategory } from '../types/core.ts';
+import { WebResponse } from '../types/response.ts';
+
+import { WebChainedContext } from '../types/filter.ts';
+import { LoggingInterceptor } from './logging.ts';
+import { WebCommonUtil } from '../util/common.ts';
+
+@Injectable()
+export class RespondInterceptor implements WebInterceptor {
+
+  category: WebInterceptorCategory = 'terminal';
+  dependsOn = [LoggingInterceptor];
+
+  async filter(ctx: WebChainedContext): Promise<WebResponse> {
+    let res;
+    try {
+      res = await ctx.next();
+    } catch (err) {
+      res = WebCommonUtil.catchResponse(err);
+    }
+    return res;
+  }
+}

package/src/interceptor/response-cache.ts

@@ -0,0 +1,47 @@
+import { Injectable, Inject } from '@travetto/di';
+import { Config } from '@travetto/config';
+
+import { WebChainedContext } from '../types/filter.ts';
+import { WebInterceptor, WebInterceptorContext } from '../types/interceptor.ts';
+import { WebInterceptorCategory } from '../types/core.ts';
+import { WebResponse } from '../types/response.ts';
+
+import { WebCommonUtil } from '../util/common.ts';
+
+import { EtagInterceptor } from './etag.ts';
+
+@Config('web.cache')
+export class ResponseCacheConfig {
+  /**
+   * Generate response cache headers
+   */
+  applies = true;
+
+  /**
+   * Determines how we cache
+   */
+  mode: 'allow' | 'deny' = 'deny';
+}
+
+/**
+ * Determines if we should cache all get requests
+ */
+@Injectable()
+export class ResponseCacheInterceptor implements WebInterceptor {
+
+  category: WebInterceptorCategory = 'response';
+  dependsOn = [EtagInterceptor];
+
+  @Inject()
+  config: ResponseCacheConfig;
+
+  applies({ config, endpoint }: WebInterceptorContext<ResponseCacheConfig>): boolean {
+    return !!endpoint.cacheable && config.applies && config.mode === 'deny';
+  }
+
+  async filter({ next }: WebChainedContext<ResponseCacheConfig>): Promise<WebResponse> {
+    const response = await next();
+    response.headers.setIfAbsent('Cache-Control', WebCommonUtil.getCacheControlValue(0));
+    return response;
+  }
+}