@valbuild/server 0.12.0 → 0.13.3

package/jest.config.js

@@ -0,0 +1,4 @@
+/** @type {import("jest").Config} */
+module.exports = {
+  preset: "../../jest.preset",
+};

package/package.json

@@ -1,5 +1,7 @@
 {
   "name": "@valbuild/server",
+  "private": false,
+  "description": "Val - integrated server",
   "main": "dist/valbuild-server.cjs.js",
   "module": "dist/valbuild-server.esm.js",
   "exports": {
@@ -10,7 +12,7 @@
     "./package.json": "./package.json"
   },
   "types": "dist/valbuild-server.cjs.d.ts",
-  "version": "0.12.0",
+  "version": "0.13.3",
   "scripts": {
     "typecheck": "tsc --noEmit",
     "test": "jest",
@@ -23,8 +25,8 @@
     "concurrently": "^7.6.0"
   },
   "dependencies": {
-    "@valbuild/core": "~0.12.0",
-    "@valbuild/ui": "~0.12.0",
+    "@valbuild/core": "~0.13.3",
+    "@valbuild/ui": "~0.13.3",
     "express": "^4.18.2",
     "quickjs-emscripten": "^0.21.1",
     "ts-morph": "^17.0.1",

package/src/LocalValServer.ts

@@ -0,0 +1,94 @@
+import express from "express";
+import { Service } from "./Service";
+import { PatchJSON } from "./patch/validation";
+import { result } from "@valbuild/core/fp";
+import { parsePatch, PatchError } from "@valbuild/core/patch";
+import { getPathFromParams } from "./expressHelpers";
+import { ValServer } from "./ValServer";
+import { Internal } from "@valbuild/core";
+
+export type LocalValServerOptions = {
+  service: Service;
+};
+
+export class LocalValServer implements ValServer {
+  constructor(readonly options: LocalValServerOptions) {}
+
+  async session(_req: express.Request, res: express.Response): Promise<void> {
+    res.json({
+      mode: "local",
+    });
+  }
+
+  async getIds(
+    req: express.Request<{ 0: string }>,
+    res: express.Response
+  ): Promise<void> {
+    try {
+      console.log(req.params);
+      const path = getPathFromParams(req.params);
+      const [moduleId, modulePath] = Internal.splitModuleIdAndModulePath(path);
+      const valModule = await this.options.service.get(moduleId, modulePath);
+
+      res.json(valModule);
+    } catch (err) {
+      console.error(err);
+      res.sendStatus(500);
+    }
+  }
+
+  async patchIds(
+    req: express.Request<{ 0: string }>,
+    res: express.Response
+  ): Promise<void> {
+    // First validate that the body has the right structure
+    const patchJSON = PatchJSON.safeParse(req.body);
+    if (!patchJSON.success) {
+      res.status(401).json(patchJSON.error.issues);
+      return;
+    }
+    // Then parse/validate
+    const patch = parsePatch(patchJSON.data);
+    if (result.isErr(patch)) {
+      res.status(401).json(patch.error);
+      return;
+    }
+    const id = getPathFromParams(req.params);
+    try {
+      const valModule = await this.options.service.patch(id, patch.value);
+      res.json(valModule);
+    } catch (err) {
+      if (err instanceof PatchError) {
+        res.status(401).send(err.message);
+      } else {
+        console.error(err);
+        res
+          .status(500)
+          .send(err instanceof Error ? err.message : "Unknown error");
+      }
+    }
+  }
+  private async badRequest(
+    req: express.Request,
+    res: express.Response
+  ): Promise<void> {
+    console.debug("Local server does handle this request", req.url);
+    res.sendStatus(400);
+  }
+
+  commit(req: express.Request, res: express.Response): Promise<void> {
+    return this.badRequest(req, res);
+  }
+
+  authorize(req: express.Request, res: express.Response): Promise<void> {
+    return this.badRequest(req, res);
+  }
+
+  callback(req: express.Request, res: express.Response): Promise<void> {
+    return this.badRequest(req, res);
+  }
+
+  logout(req: express.Request, res: express.Response): Promise<void> {
+    return this.badRequest(req, res);
+  }
+}

package/src/ProxyValServer.ts

@@ -0,0 +1,403 @@
+import express from "express";
+import crypto from "crypto";
+import { decodeJwt, encodeJwt, getExpire } from "./jwt";
+import { PatchJSON } from "./patch/validation";
+import { result } from "@valbuild/core/fp";
+import { getPathFromParams } from "./expressHelpers";
+import { ValServer } from "./ValServer";
+import { z } from "zod";
+import { parsePatch } from "@valbuild/core/patch";
+
+const VAL_SESSION_COOKIE = "val_session";
+const VAL_STATE_COOKIE = "val_state";
+
+export type ProxyValServerOptions = {
+  apiKey: string;
+  route: string;
+  valSecret: string;
+  valBuildUrl: string;
+  gitCommit: string;
+  gitBranch: string;
+};
+
+export class ProxyValServer implements ValServer {
+  constructor(readonly options: ProxyValServerOptions) {}
+
+  async authorize(req: express.Request, res: express.Response): Promise<void> {
+    const { redirect_to } = req.query;
+    if (typeof redirect_to !== "string") {
+      res.redirect(
+        this.getAppErrorUrl("Login failed: missing redirect_to param")
+      );
+      return;
+    }
+    const token = crypto.randomUUID();
+    const redirectUrl = new URL(redirect_to);
+    const appAuthorizeUrl = this.getAuthorizeUrl(
+      `${redirectUrl.origin}/${this.options.route}`,
+      token
+    );
+    res
+      .cookie(VAL_STATE_COOKIE, createStateCookie({ redirect_to, token }), {
+        httpOnly: true,
+        sameSite: "lax",
+        expires: new Date(Date.now() + 1000 * 60 * 60), // 1 hour
+      })
+      .redirect(appAuthorizeUrl);
+  }
+
+  async callback(req: express.Request, res: express.Response): Promise<void> {
+    const { success: callbackReqSuccess, error: callbackReqError } =
+      verifyCallbackReq(req.cookies[VAL_STATE_COOKIE], req.query);
+    res.clearCookie(VAL_STATE_COOKIE); // we don't need this anymore
+
+    if (callbackReqError !== null) {
+      res.redirect(
+        this.getAppErrorUrl(
+          `Authorization callback failed. Details: ${callbackReqError}`
+        )
+      );
+      return;
+    }
+
+    const data = await this.consumeCode(callbackReqSuccess.code);
+    if (data === null) {
+      res.redirect(this.getAppErrorUrl("Failed to exchange code for user"));
+      return;
+    }
+    const exp = getExpire();
+    const cookie = encodeJwt(
+      {
+        ...data,
+        exp, // this is the client side exp
+      },
+      this.options.valSecret
+    );
+
+    res
+      .cookie(VAL_SESSION_COOKIE, cookie, {
+        httpOnly: true,
+        sameSite: "strict",
+        secure: true,
+        expires: new Date(exp * 1000), // NOTE: this is not used for authorization, only for authentication
+      })
+      .redirect(callbackReqSuccess.redirect_uri || "/");
+  }
+
+  async logout(_req: express.Request, res: express.Response): Promise<void> {
+    res
+      .clearCookie(VAL_SESSION_COOKIE)
+      .clearCookie(VAL_STATE_COOKIE)
+      .sendStatus(200);
+  }
+
+  async withAuth<T>(
+    req: express.Request,
+    res: express.Response,
+    handler: (data: IntegratedServerJwtPayload) => Promise<T>
+  ): Promise<T | undefined> {
+    const cookie = req.cookies[VAL_SESSION_COOKIE];
+    if (typeof cookie === "string") {
+      const verification = IntegratedServerJwtPayload.safeParse(
+        decodeJwt(cookie, this.options.valSecret)
+      );
+      if (!verification.success) {
+        res.sendStatus(401);
+        return;
+      }
+      return handler(verification.data);
+    } else {
+      res.sendStatus(401);
+    }
+  }
+
+  async session(req: express.Request, res: express.Response): Promise<void> {
+    return this.withAuth(req, res, async (data) => {
+      const url = new URL(
+        "/api/val/auth/user/session",
+        this.options.valBuildUrl
+      );
+      const fetchRes = await fetch(url, {
+        headers: this.getAuthHeaders(data.token, "application/json"),
+      });
+      if (fetchRes.ok) {
+        res
+          .status(fetchRes.status)
+          .json({ mode: "proxy", ...(await fetchRes.json()) });
+      } else {
+        res.sendStatus(fetchRes.status);
+      }
+    });
+  }
+
+  async getIds(
+    req: express.Request<{ 0: string }>,
+    res: express.Response
+  ): Promise<void> {
+    return this.withAuth(req, res, async ({ token }) => {
+      const id = getPathFromParams(req.params);
+      const url = new URL(
+        `/api/val/modules/${encodeURIComponent(this.options.gitCommit)}${id}`,
+        this.options.valBuildUrl
+      );
+      const fetchRes = await fetch(url, {
+        headers: this.getAuthHeaders(token),
+      });
+      if (fetchRes.ok) {
+        res.status(fetchRes.status).json(await fetchRes.json());
+      } else {
+        res.sendStatus(fetchRes.status);
+      }
+    }).catch((e) => {
+      res.status(500).send({ error: { message: e?.message, status: 500 } });
+    });
+  }
+
+  async patchIds(
+    req: express.Request<{ 0: string }>,
+    res: express.Response
+  ): Promise<void> {
+    this.withAuth(req, res, async ({ token }) => {
+      // First validate that the body has the right structure
+      const patchJSON = PatchJSON.safeParse(req.body);
+      if (!patchJSON.success) {
+        res.status(401).json(patchJSON.error.issues);
+        return;
+      }
+      // Then parse/validate
+      const patch = parsePatch(patchJSON.data);
+      if (result.isErr(patch)) {
+        res.status(401).json(patch.error);
+        return;
+      }
+      const id = getPathFromParams(req.params);
+      const url = new URL(
+        `/api/val/modules/${encodeURIComponent(this.options.gitCommit)}${id}`,
+        this.options.valBuildUrl
+      );
+      // Proxy patch to val.build
+      const fetchRes = await fetch(url, {
+        method: "PATCH",
+        headers: this.getAuthHeaders(token, "application/json-patch+json"),
+        body: JSON.stringify(patch),
+      });
+      if (fetchRes.ok) {
+        res.status(fetchRes.status).json(await fetchRes.json());
+      } else {
+        res.sendStatus(fetchRes.status);
+      }
+    }).catch((e) => {
+      res.status(500).send({ error: { message: e?.message, status: 500 } });
+    });
+  }
+
+  async commit(req: express.Request, res: express.Response): Promise<void> {
+    this.withAuth(req, res, async ({ token }) => {
+      const url = new URL(
+        `/api/val/commit/${encodeURIComponent(this.options.gitBranch)}`,
+        this.options.valBuildUrl
+      );
+      const fetchRes = await fetch(url, {
+        method: "POST",
+        headers: this.getAuthHeaders(token),
+      });
+      if (fetchRes.ok) {
+        res.status(fetchRes.status).json(await fetchRes.json());
+      } else {
+        res.sendStatus(fetchRes.status);
+      }
+    });
+  }
+
+  private getAuthHeaders(
+    token: string,
+    type?: "application/json" | "application/json-patch+json"
+  ):
+    | { Authorization: string }
+    | { "Content-Type": string; Authorization: string } {
+    if (!type) {
+      return {
+        Authorization: `Bearer ${token}`,
+      };
+    }
+    return {
+      "Content-Type": type,
+      Authorization: `Bearer ${token}`,
+    };
+  }
+
+  private async consumeCode(code: string): Promise<{
+    sub: string;
+    exp: number;
+    org: string;
+    project: string;
+    token: string;
+  } | null> {
+    const url = new URL("/api/val/auth/user/token", this.options.valBuildUrl);
+    url.searchParams.set("code", encodeURIComponent(code));
+    return fetch(url, {
+      method: "POST",
+      headers: this.getAuthHeaders(this.options.apiKey, "application/json"), // NOTE: we use apiKey as auth on this endpoint (we do not have a token yet)
+    })
+      .then(async (res) => {
+        if (res.status === 200) {
+          const token = await res.text();
+          const verification = ValAppJwtPayload.safeParse(decodeJwt(token));
+          if (!verification.success) {
+            return null;
+          }
+          return {
+            ...verification.data,
+            token,
+          };
+        } else {
+          console.debug("Failed to get data from code: ", res.status);
+          return null;
+        }
+      })
+      .catch((err) => {
+        console.debug("Failed to get user from code: ", err);
+        return null;
+      });
+  }
+
+  private getAuthorizeUrl(publicValApiRoute: string, token: string): string {
+    const url = new URL("/authorize", this.options.valBuildUrl);
+    url.searchParams.set(
+      "redirect_uri",
+      encodeURIComponent(`${publicValApiRoute}/callback`)
+    );
+    url.searchParams.set("state", token);
+    return url.toString();
+  }
+
+  private getAppErrorUrl(error: string): string {
+    const url = new URL("/authorize", this.options.valBuildUrl);
+    url.searchParams.set("error", encodeURIComponent(error));
+    return url.toString();
+  }
+}
+
+function verifyCallbackReq(
+  stateCookie: string,
+  queryParams: Record<string, unknown>
+):
+  | {
+      success: { code: string; redirect_uri?: string };
+      error: null;
+    }
+  | { success: false; error: string } {
+  if (typeof stateCookie !== "string") {
+    return { success: false, error: "No state cookie" };
+  }
+
+  const { code, state: tokenFromQuery } = queryParams;
+
+  if (typeof code !== "string") {
+    return { success: false, error: "No code query param" };
+  }
+  if (typeof tokenFromQuery !== "string") {
+    return { success: false, error: "No state query param" };
+  }
+
+  const { success: cookieStateSuccess, error: cookieStateError } =
+    getStateFromCookie(stateCookie);
+
+  if (cookieStateError !== null) {
+    return { success: false, error: cookieStateError };
+  }
+
+  if (cookieStateSuccess.token !== tokenFromQuery) {
+    return { success: false, error: "Invalid state token" };
+  }
+
+  return {
+    success: { code, redirect_uri: cookieStateSuccess.redirect_to },
+    error: null,
+  };
+}
+
+type StateCookie = {
+  redirect_to: string;
+  token: string;
+};
+
+function getStateFromCookie(stateCookie: string):
+  | {
+      success: StateCookie;
+      error: null;
+    }
+  | { success: false; error: string } {
+  try {
+    const decoded = Buffer.from(stateCookie, "base64").toString("utf8");
+    const parsed = JSON.parse(decoded) as unknown;
+
+    if (!parsed) {
+      return {
+        success: false,
+        error: "Invalid state cookie: could not parse",
+      };
+    }
+    if (typeof parsed !== "object") {
+      return {
+        success: false,
+        error: "Invalid state cookie: parsed object is not an object",
+      };
+    }
+    if ("token" in parsed && "redirect_to" in parsed) {
+      const { token, redirect_to } = parsed;
+      if (typeof token !== "string") {
+        return {
+          success: false,
+          error: "Invalid state cookie: no token in parsed object",
+        };
+      }
+      if (typeof redirect_to !== "string") {
+        return {
+          success: false,
+          error: "Invalid state cookie: no redirect_to in parsed object",
+        };
+      }
+      return {
+        success: {
+          token,
+          redirect_to,
+        },
+        error: null,
+      };
+    } else {
+      return {
+        success: false,
+        error: "Invalid state cookie: no token or redirect_to in parsed object",
+      };
+    }
+  } catch (err) {
+    return {
+      success: false,
+      error: "Invalid state cookie: could not parse",
+    };
+  }
+}
+
+function createStateCookie(state: StateCookie): string {
+  return Buffer.from(JSON.stringify(state), "utf8").toString("base64");
+}
+
+const ValAppJwtPayload = z.object({
+  sub: z.string(),
+  exp: z.number(),
+  project: z.string(),
+  org: z.string(),
+});
+type ValAppJwtPayload = z.infer<typeof ValAppJwtPayload>;
+
+const IntegratedServerJwtPayload = z.object({
+  sub: z.string(),
+  exp: z.number(),
+  token: z.string(),
+  org: z.string(),
+  project: z.string(),
+});
+export type IntegratedServerJwtPayload = z.infer<
+  typeof IntegratedServerJwtPayload
+>;

package/src/SerializedModuleContent.ts

@@ -0,0 +1,8 @@
+import { type Source, type SerializedSchema } from "@valbuild/core";
+import { type SourcePath } from "@valbuild/core/src/val";
+
+export type SerializedModuleContent = {
+  source: Source;
+  schema: SerializedSchema;
+  path: SourcePath;
+};

package/src/Service.ts

@@ -0,0 +1,108 @@
+import { newQuickJSWASMModule, QuickJSRuntime } from "quickjs-emscripten";
+import { patchValFile } from "./patchValFile";
+import { readValFile } from "./readValFile";
+import { Patch } from "@valbuild/core/patch";
+import { ValModuleLoader } from "./ValModuleLoader";
+import { newValQuickJSRuntime } from "./ValQuickJSRuntime";
+import { ValSourceFileHandler } from "./ValSourceFileHandler";
+import ts from "typescript";
+import { getCompilerOptions } from "./getCompilerOptions";
+import { IValFSHost } from "./ValFSHost";
+import fs from "fs";
+import { SerializedModuleContent } from "./SerializedModuleContent";
+import {
+  ModuleId,
+  ModulePath,
+  Internal,
+  SourcePath,
+  Schema,
+  SelectorSource,
+} from "@valbuild/core";
+
+export type ServiceOptions = {
+  /**
+   * Relative path to the val.config.js file from the root directory.
+   *
+   * @example src/val.config
+   */
+  valConfigPath: string;
+};
+
+export async function createService(
+  projectRoot: string,
+  opts: ServiceOptions,
+  host: IValFSHost = {
+    ...ts.sys,
+    writeFile: fs.writeFileSync,
+  }
+): Promise<Service> {
+  const compilerOptions = getCompilerOptions(projectRoot, host);
+  const sourceFileHandler = new ValSourceFileHandler(
+    projectRoot,
+    compilerOptions,
+    host
+  );
+  const loader = new ValModuleLoader(
+    projectRoot,
+    compilerOptions,
+    sourceFileHandler,
+    host
+  );
+  const module = await newQuickJSWASMModule();
+  const runtime = await newValQuickJSRuntime(module, loader);
+  return new Service(opts, sourceFileHandler, runtime);
+}
+
+export class Service {
+  readonly valConfigPath: string;
+
+  constructor(
+    { valConfigPath }: ServiceOptions,
+    private readonly sourceFileHandler: ValSourceFileHandler,
+    private readonly runtime: QuickJSRuntime
+  ) {
+    this.valConfigPath = valConfigPath;
+  }
+
+  async get(
+    moduleId: ModuleId,
+    modulePath: ModulePath
+  ): Promise<SerializedModuleContent> {
+    const valModule = await readValFile(
+      moduleId,
+      this.valConfigPath,
+      this.runtime
+    );
+
+    const resolved = Internal.resolvePath(
+      modulePath,
+      valModule.source,
+      valModule.schema
+    );
+    return {
+      path: [moduleId, resolved.path].join(".") as SourcePath,
+      schema:
+        resolved.schema instanceof Schema<SelectorSource>
+          ? resolved.schema.serialize()
+          : resolved.schema,
+      source: resolved.source,
+    };
+  }
+
+  async patch(
+    moduleId: string,
+    patch: Patch
+  ): Promise<SerializedModuleContent> {
+    return patchValFile(
+      moduleId,
+      this.valConfigPath,
+      patch,
+      this.sourceFileHandler,
+      this.runtime
+    );
+  }
+
+  dispose() {
+    this.runtime.dispose();
+  }
+}

package/src/ValFS.ts

@@ -0,0 +1,22 @@
+/**
+ * A filesystem that can update and read files.
+ * It does not support creating new files or directories.
+ *
+ */
+export interface ValFS {
+  readDirectory(
+    rootDir: string,
+    extensions: readonly string[],
+    excludes: readonly string[] | undefined,
+    includes: readonly string[],
+    depth?: number | undefined
+  ): readonly string[];
+
+  writeFile(filePath: string, data: string, encoding: "binary" | "utf8"): void;
+
+  fileExists(filePath: string): boolean;
+
+  readFile(filePath: string): string | undefined;
+
+  realpath(path: string): string;
+}