@tymber/common 0.0.1-alpha.0 → 0.1.0

package/src/TemplateService.ts

@@ -0,0 +1,97 @@
+import { compileTemplate } from "./contrib/template.js";
+import { ModuleDefinitions } from "./Module.js";
+import { createDebug } from "./utils/createDebug.js";
+import { Component, INJECT } from "./Component.js";
+import { FS } from "./utils/fs.js";
+import { isProduction } from "./utils/isProduction.js";
+
+const debug = createDebug("TemplateService");
+
+export abstract class TemplateService extends Component {
+  public abstract canRender(templateName: string): boolean;
+
+  public abstract render(
+    templateName: string,
+    data: Record<string, any>,
+  ): Promise<string>;
+}
+
+export abstract class FileBasedTemplateService extends TemplateService {
+  static [INJECT] = [ModuleDefinitions];
+
+  abstract readonly fileExtension: string;
+  protected templates = new Map<string, string>();
+
+  constructor(private readonly modules: ModuleDefinitions) {
+    super();
+    this.modules = modules;
+  }
+
+  override init() {
+    return this.loadTemplates();
+  }
+
+  private async loadTemplates() {
+    for (const module of this.modules.modules) {
+      if (!module.assetsDir) {
+        return;
+      }
+      try {
+        for (const filename of await FS.readDirRecursively(
+          FS.join(module.assetsDir, "templates"),
+        )) {
+          const fileExtension = filename.slice(filename.lastIndexOf("."));
+
+          if (fileExtension === this.fileExtension) {
+            const viewName = filename.slice(0, filename.lastIndexOf("."));
+
+            debug("adding template %s", viewName);
+
+            if (this.templates.has(viewName)) {
+              debug("overriding existing template %s", viewName);
+            }
+
+            this.templates.set(
+              viewName,
+              FS.join(module.assetsDir, "templates", filename),
+            );
+          }
+        }
+      } catch (e) {}
+    }
+  }
+
+  override canRender(templateName: string) {
+    return this.templates.has(templateName);
+  }
+}
+
+export class BaseTemplateService extends FileBasedTemplateService {
+  override fileExtension = ".html";
+
+  // TODO use a LRU cache
+  private compiledTemplates = new Map<
+    string,
+    (data: Record<string, any>) => string
+  >();
+
+  override render(templateName: string, data: Record<string, any>) {
+    return this.getTemplate(templateName).then((template) => template(data));
+  }
+
+  private async getTemplate(templateName: string) {
+    if (isProduction && this.compiledTemplates.has(templateName)) {
+      return this.compiledTemplates.get(templateName)!;
+    }
+
+    const absolutePath = this.templates.get(templateName)!;
+    const content = await FS.readFile(absolutePath);
+    const compiledTemplate = compileTemplate(content);
+
+    if (isProduction) {
+      this.compiledTemplates.set(templateName, compiledTemplate);
+    }
+
+    return compiledTemplate;
+  }
+}

package/src/View.ts

@@ -0,0 +1,60 @@
+import { type ValidateFunction } from "ajv";
+import { type HttpContext } from "./HttpContext.js";
+import { Handler } from "./Handler.js";
+import { AJV_INSTANCE } from "./utils/ajv.js";
+
+export abstract class BaseView extends Handler {
+  protected pathParamsSchema: unknown; // JSONSchemaType<Params>;
+  protected querySchema: unknown; // JSONSchemaType<Query>;
+
+  private validatePathParams?: ValidateFunction;
+  private validateQuery?: ValidateFunction;
+
+  override doHandle(ctx: HttpContext) {
+    const { pathParams, query } = ctx;
+
+    if (this.pathParamsSchema && !this.validatePathParams) {
+      this.validatePathParams = AJV_INSTANCE.compile(this.pathParamsSchema);
+    }
+
+    if (this.validatePathParams) {
+      this.validatePathParams(pathParams);
+    }
+
+    if (this.querySchema && !this.validateQuery) {
+      this.validateQuery = AJV_INSTANCE.compile(this.querySchema);
+    }
+
+    if (this.validateQuery) {
+      this.validateQuery(query);
+    }
+
+    return this.handle(ctx);
+  }
+}
+
+export abstract class View extends BaseView {
+  private _viewBrand!: void; // nominal typing
+
+  override doHandle(ctx: HttpContext) {
+    if (!this.allowAnonymous && !ctx.user) {
+      return ctx.redirect("/login");
+    }
+    if (!this.hasPermission(ctx)) {
+      return ctx.redirect("/forbidden");
+    }
+    return super.doHandle(ctx);
+  }
+}
+
+export abstract class AdminView extends BaseView {
+  private _adminViewBrand!: void; // nominal typing
+
+  override doHandle(ctx: HttpContext) {
+    if (!this.allowAnonymous && !ctx.admin) {
+      return ctx.redirect("/admin/login");
+    }
+    // note: no hasPermission() check for admins
+    return super.doHandle(ctx);
+  }
+}

package/src/ViewRenderer.ts

@@ -0,0 +1,71 @@
+import { Component, INJECT } from "./Component.js";
+import { BaseTemplateService, TemplateService } from "./TemplateService.js";
+import { I18nService } from "./I18nService.js";
+import { pick } from "./contrib/accept-language-parser.js";
+import { ModuleDefinitions } from "./Module.js";
+import type { HttpContext } from "./HttpContext.js";
+import { isProduction } from "./utils/isProduction.js";
+
+export class ViewRenderer extends Component {
+  static [INJECT] = [
+    I18nService,
+    BaseTemplateService,
+    TemplateService,
+    ModuleDefinitions,
+  ];
+
+  constructor(
+    private readonly i18nService: I18nService,
+    private readonly templateService: BaseTemplateService,
+    private readonly customTemplateService: TemplateService,
+    private readonly modules: ModuleDefinitions,
+  ) {
+    super();
+  }
+
+  public computeLocale(req: Request) {
+    return pick(
+      this.i18nService.availableLocales(),
+      req.headers.get("accept-language") || "",
+    );
+  }
+
+  public async render(
+    ctx: HttpContext,
+    view: string | string[],
+    data: Record<string, any> = {},
+  ) {
+    const templates = Array.isArray(view) ? view.reverse() : [view];
+
+    data.TITLE = "Tymber";
+    data.CTX = ctx;
+    data.CTX.app = data.CTX.app || {};
+    data.CTX.app.isProduction = isProduction;
+    data.CTX.app.modules = this.modules.modules;
+
+    data.$t = (key: string, ...args: any[]) => {
+      return this.i18nService.translate(ctx, ctx.locale, key, ...args);
+    };
+
+    for (const template of templates) {
+      data.VIEW = await this.renderTemplate(template, data);
+    }
+
+    return new Response(data.VIEW, {
+      headers: {
+        "content-type": "text/html",
+        "cache-control": "no-cache",
+      },
+    });
+  }
+
+  private renderTemplate(templateName: string, data: Record<string, any>) {
+    if (this.customTemplateService.canRender(templateName)) {
+      return this.customTemplateService.render(templateName, data);
+    } else if (this.templateService.canRender(templateName)) {
+      return this.templateService.render(templateName, data);
+    } else {
+      throw new Error(`template ${templateName} not found`);
+    }
+  }
+}

package/src/contrib/accept-language-parser.ts

@@ -0,0 +1,94 @@
+// from https://github.com/opentable/accept-language-parser
+import { type Brand } from "../utils/types.js";
+
+var regex = /((([a-zA-Z]+(-[a-zA-Z0-9]+){0,2})|\*)(;q=[0-1](\.[0-9]+)?)?)*/g;
+
+var isString = function (s: any) {
+  return typeof s === "string";
+};
+
+export type Locale = Brand<string, "Locale">;
+
+export function parse(al: string) {
+  var strings = (al || "").match(regex);
+  return strings!
+    .map(function (m) {
+      if (!m) {
+        return;
+      }
+
+      var bits = m.split(";");
+      var ietf = bits[0].split("-");
+      var hasScript = ietf.length === 3;
+
+      return {
+        code: ietf[0],
+        script: hasScript ? ietf[1] : null,
+        region: hasScript ? ietf[2] : ietf[1],
+        quality: bits[1] ? parseFloat(bits[1].split("=")[1]) : 1.0,
+      };
+    })
+    .filter(function (r) {
+      return r;
+    })
+    .sort(function (a: any, b: any) {
+      return b.quality - a.quality;
+    });
+}
+
+export function pick(
+  supportedLanguages: string[],
+  acceptLanguage: any,
+  options?: any,
+) {
+  options = options || {};
+
+  // if (!supportedLanguages || !supportedLanguages.length || !acceptLanguage) {
+  //   return null;
+  // }
+
+  if (!acceptLanguage) {
+    return supportedLanguages[0] as Locale; // pick first as default
+  }
+
+  if (isString(acceptLanguage)) {
+    acceptLanguage = parse(acceptLanguage);
+  }
+
+  var supported = supportedLanguages.map(function (support) {
+    var bits = support.split("-");
+    var hasScript = bits.length === 3;
+
+    return {
+      code: bits[0],
+      script: hasScript ? bits[1] : null,
+      region: hasScript ? bits[2] : bits[1],
+    };
+  });
+
+  for (var i = 0; i < acceptLanguage.length; i++) {
+    var lang = acceptLanguage[i];
+    var langCode = lang.code.toLowerCase();
+    var langRegion = lang.region ? lang.region.toLowerCase() : lang.region;
+    var langScript = lang.script ? lang.script.toLowerCase() : lang.script;
+    for (var j = 0; j < supported.length; j++) {
+      var supportedCode = supported[j].code.toLowerCase();
+      var supportedScript = supported[j].script
+        ? supported[j].script!.toLowerCase()
+        : supported[j].script;
+      var supportedRegion = supported[j].region
+        ? supported[j].region.toLowerCase()
+        : supported[j].region;
+      if (
+        langCode === supportedCode &&
+        (options.loose || !langScript || langScript === supportedScript) &&
+        (options.loose || !langRegion || langRegion === supportedRegion)
+      ) {
+        return supportedLanguages[j] as Locale;
+      }
+    }
+  }
+
+  // return null;
+  return supportedLanguages[0] as Locale; // pick first as default
+}

package/src/contrib/cookie.ts

@@ -0,0 +1,256 @@
+// from https://www.npmjs.com/package/cookie
+/**
+ * Module variables.
+ * @private
+ */
+
+var __toString = Object.prototype.toString;
+
+/**
+ * RegExp to match field-content in RFC 7230 sec 3.2
+ *
+ * field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ]
+ * field-vchar   = VCHAR / obs-text
+ * obs-text      = %x80-FF
+ */
+
+var fieldContentRegExp = /^[\u0009\u0020-\u007e\u0080-\u00ff]+$/;
+
+/**
+ * Parse a cookie header.
+ *
+ * Parse the given cookie header string into an object
+ * The object has the various cookies as keys(names) => values
+ *
+ * @param {string} str
+ * @param {object} [options]
+ * @return {object}
+ * @public
+ */
+
+function parse(str: string, options?: any) {
+  if (typeof str !== "string") {
+    throw new TypeError("argument str must be a string");
+  }
+
+  var obj = {} as Record<string, string>;
+  var opt = options || {};
+  var dec = opt.decode || decode;
+
+  var index = 0;
+  while (index < str.length) {
+    var eqIdx = str.indexOf("=", index);
+
+    // no more cookie pairs
+    if (eqIdx === -1) {
+      break;
+    }
+
+    var endIdx = str.indexOf(";", index);
+
+    if (endIdx === -1) {
+      endIdx = str.length;
+    } else if (endIdx < eqIdx) {
+      // backtrack on prior semicolon
+      index = str.lastIndexOf(";", eqIdx - 1) + 1;
+      continue;
+    }
+
+    var key = str.slice(index, eqIdx).trim();
+
+    // only assign once
+    if (undefined === obj[key]) {
+      var val = str.slice(eqIdx + 1, endIdx).trim();
+
+      // quoted values
+      if (val.charCodeAt(0) === 0x22) {
+        val = val.slice(1, -1);
+      }
+
+      obj[key] = tryDecode(val, dec);
+    }
+
+    index = endIdx + 1;
+  }
+
+  return obj;
+}
+
+/**
+ * Serialize data into a cookie header.
+ *
+ * Serialize the a name value pair into a cookie string suitable for
+ * http headers. An optional options object specified cookie parameters.
+ *
+ * serialize('foo', 'bar', { httpOnly: true })
+ *   => "foo=bar; httpOnly"
+ *
+ * @param {string} name
+ * @param {string} val
+ * @param {object} [options]
+ * @return {string}
+ * @public
+ */
+
+function serialize(name: string, val: string, options: any) {
+  var opt = options || {};
+  var enc = opt.encode || encode;
+
+  if (typeof enc !== "function") {
+    throw new TypeError("option encode is invalid");
+  }
+
+  if (!fieldContentRegExp.test(name)) {
+    throw new TypeError("argument name is invalid");
+  }
+
+  var value = enc(val);
+
+  if (value && !fieldContentRegExp.test(value)) {
+    throw new TypeError("argument val is invalid");
+  }
+
+  var str = name + "=" + value;
+
+  if (null != opt.maxAge) {
+    var maxAge = opt.maxAge - 0;
+
+    if (isNaN(maxAge) || !isFinite(maxAge)) {
+      throw new TypeError("option maxAge is invalid");
+    }
+
+    str += "; Max-Age=" + Math.floor(maxAge);
+  }
+
+  if (opt.domain) {
+    if (!fieldContentRegExp.test(opt.domain)) {
+      throw new TypeError("option domain is invalid");
+    }
+
+    str += "; Domain=" + opt.domain;
+  }
+
+  if (opt.path) {
+    if (!fieldContentRegExp.test(opt.path)) {
+      throw new TypeError("option path is invalid");
+    }
+
+    str += "; Path=" + opt.path;
+  }
+
+  if (opt.expires) {
+    var expires = opt.expires;
+
+    if (!isDate(expires) || isNaN(expires.valueOf())) {
+      throw new TypeError("option expires is invalid");
+    }
+
+    str += "; Expires=" + expires.toUTCString();
+  }
+
+  if (opt.httpOnly) {
+    str += "; HttpOnly";
+  }
+
+  if (opt.secure) {
+    str += "; Secure";
+  }
+
+  if (opt.priority) {
+    var priority =
+      typeof opt.priority === "string"
+        ? opt.priority.toLowerCase()
+        : opt.priority;
+
+    switch (priority) {
+      case "low":
+        str += "; Priority=Low";
+        break;
+      case "medium":
+        str += "; Priority=Medium";
+        break;
+      case "high":
+        str += "; Priority=High";
+        break;
+      default:
+        throw new TypeError("option priority is invalid");
+    }
+  }
+
+  if (opt.sameSite) {
+    var sameSite =
+      typeof opt.sameSite === "string"
+        ? opt.sameSite.toLowerCase()
+        : opt.sameSite;
+
+    switch (sameSite) {
+      case true:
+        str += "; SameSite=Strict";
+        break;
+      case "lax":
+        str += "; SameSite=Lax";
+        break;
+      case "strict":
+        str += "; SameSite=Strict";
+        break;
+      case "none":
+        str += "; SameSite=None";
+        break;
+      default:
+        throw new TypeError("option sameSite is invalid");
+    }
+  }
+
+  return str;
+}
+
+/**
+ * URL-decode string value. Optimized to skip native call when no %.
+ *
+ * @param {string} str
+ * @returns {string}
+ */
+
+function decode(str: string) {
+  return str.indexOf("%") !== -1 ? decodeURIComponent(str) : str;
+}
+
+/**
+ * URL-encode value.
+ *
+ * @param {string} str
+ * @returns {string}
+ */
+
+function encode(val: string) {
+  return encodeURIComponent(val);
+}
+
+/**
+ * Determine if value is a Date.
+ *
+ * @param {*} val
+ * @private
+ */
+
+function isDate(val: any) {
+  return __toString.call(val) === "[object Date]" || val instanceof Date;
+}
+
+/**
+ * Try decoding a string using a decoding function.
+ *
+ * @param {string} str
+ * @param {function} decode
+ * @private
+ */
+
+function tryDecode(str: string, decode: any) {
+  try {
+    return decode(str);
+  } catch (e) {
+    return str;
+  }
+}
+
+export { parse as parseCookieHeader, serialize as createCookie };

package/src/contrib/template.ts

@@ -0,0 +1,134 @@
+// from https://github.com/jashkenas/underscore/blob/master/modules/template.js
+
+const escapeMap: Record<string, string> = {
+  "&": "&amp;",
+  "<": "&lt;",
+  ">": "&gt;",
+  '"': "&quot;",
+};
+
+const ESCAPE_REGEX = /[&<>"]/g;
+
+const _ = {
+  escape(s: string) {
+    return s.replace(ESCAPE_REGEX, (match) => escapeMap[match]);
+  },
+};
+
+// When customizing `_.templateSettings`, if you don't want to define an
+// interpolation, evaluation or escaping regex, we need one that is
+// guaranteed not to match.
+var noMatch = /(.)^/;
+
+// Certain characters need to be escaped so that they can be put into a
+// string literal.
+var escapes: Record<string, string> = {
+  "'": "'",
+  "\\": "\\",
+  "\r": "r",
+  "\n": "n",
+  "\u2028": "u2028",
+  "\u2029": "u2029",
+};
+
+var escapeRegExp = /\\|'|\r|\n|\u2028|\u2029/g;
+
+function escapeChar(match: string) {
+  return "\\" + escapes[match];
+}
+
+// In order to prevent third-party code injection through
+// `_.templateSettings.variable`, we test it against the following regular
+// expression. It is intentionally a bit more liberal than just matching valid
+// identifiers, but still prevents possible loopholes through defaults or
+// destructuring assignment.
+var bareIdentifier = /^\s*(\w|\$)+\s*$/;
+
+// JavaScript micro-templating, similar to John Resig's implementation.
+// Underscore templating handles arbitrary delimiters, preserves whitespace,
+// and correctly escapes quotes within interpolated code.
+// NB: `oldSettings` only exists for backwards compatibility.
+export function compileTemplate(text: string): (data: any) => string {
+  const settings = {
+    evaluate: /<%([\s\S]+?)%>/g,
+    interpolate: /<%=([\s\S]+?)%>/g,
+    escape: /<%-([\s\S]+?)%>/g,
+  };
+
+  // Combine delimiters into one regular expression via alternation.
+  var matcher = RegExp(
+    [
+      (settings.escape || noMatch).source,
+      (settings.interpolate || noMatch).source,
+      (settings.evaluate || noMatch).source,
+    ].join("|") + "|$",
+    "g",
+  );
+
+  // Compile the template source, escaping string literals appropriately.
+  var index = 0;
+  var source = "__p+='";
+  text.replace(
+    matcher,
+    function (
+      match: string,
+      escape: string,
+      interpolate: string,
+      evaluate: string,
+      offset: number,
+    ) {
+      source += text.slice(index, offset).replace(escapeRegExp, escapeChar);
+      index = offset + match.length;
+
+      if (escape) {
+        source += "'+\n((__t=(" + escape + "))==null?'':_.escape(__t))+\n'";
+      } else if (interpolate) {
+        source += "'+\n((__t=(" + interpolate + "))==null?'':__t)+\n'";
+      } else if (evaluate) {
+        source += "';\n" + evaluate + "\n__p+='";
+      }
+
+      // Adobe VMs need the match returned to produce the correct offset.
+      return match;
+    },
+  );
+  source += "';\n";
+
+  // @ts-expect-error unknown property
+  var argument = settings.variable;
+  if (argument) {
+    // Insure against third-party code injection. (CVE-2021-23358)
+    if (!bareIdentifier.test(argument))
+      throw new Error("variable is not a bare identifier: " + argument);
+  } else {
+    // If a variable is not specified, place data values in local scope.
+    source = "with(obj||{}){\n" + source + "}\n";
+    argument = "obj";
+  }
+
+  source =
+    "var __t,__p='',__j=Array.prototype.join," +
+    "print=function(){__p+=__j.call(arguments,'');};\n" +
+    source +
+    "return __p;\n";
+
+  var render: Function;
+  try {
+    render = new Function(argument, "_", source);
+  } catch (e) {
+    // @ts-expect-error unknown property
+    (e as Error).source = source;
+    throw e;
+  }
+
+  var template = function (data: any) {
+    // @ts-expect-error unknown this
+    return render.call(this, data, _);
+  };
+
+  // Provide the compiled source as a convenience for precompilation.
+  // @ts-expect-error unknown property
+  template.source = "function(" + argument + "){\n" + source + "}";
+
+  return template;
+}