appflare 0.0.1 → 0.0.2

package/cli/README.md

@@ -17,10 +17,16 @@ export default {
 	dir: "./app", // Root folder containing your handlers
 	schema: "./schema.ts", // Path to the Zod schema file
 	outDir: "./_generated", // Where generated files are written
+	auth: {
+		// Optional: Better Auth config forwarded to the generated server
+		enabled: false,
+		basePath: "/auth",
+		options: {},
+	},
 };
 ```
 
-The loader in [packages/appflare/cli/core/config.ts](packages/appflare/cli/core/config.ts) validates presence and types of `dir`, `schema`, and `outDir` and resolves paths relative to the config file location.
+The loader in [packages/appflare/cli/core/config.ts](packages/appflare/cli/core/config.ts) validates presence and types of `dir`, `schema`, and `outDir`, lightly checks optional `auth` (base path, enabled flag, options object), and resolves paths relative to the config file location.
 
 ## Build pipeline
 

package/cli/core/build.ts

@@ -36,7 +36,11 @@ export async function buildFromConfig(params: {
 	await fs.mkdir(path.join(outDirAbs, "src"), { recursive: true });
 	await fs.mkdir(path.join(outDirAbs, "server"), { recursive: true });
 
-	const schemaTypesTs = await generateSchemaTypes({ schemaPathAbs });
+	const schemaTypesTs = await generateSchemaTypes({
+		schemaPathAbs,
+		configPathAbs,
+		outDirAbs,
+	});
 	await fs.writeFile(
 		path.join(outDirAbs, "src", "schema-types.ts"),
 		schemaTypesTs
@@ -53,13 +57,22 @@ export async function buildFromConfig(params: {
 		configPathAbs,
 	});
 
-	const apiTs = generateApiClient({ handlers, outDirAbs });
+	const apiTs = generateApiClient({
+		handlers,
+		outDirAbs,
+		authBasePath:
+			config.auth && config.auth.enabled === false
+				? undefined
+				: (config.auth?.basePath ?? "/auth"),
+	});
 	await fs.writeFile(path.join(outDirAbs, "src", "api.ts"), apiTs);
 
 	const serverTs = generateHonoServer({
 		handlers,
 		outDirAbs,
 		schemaPathAbs,
+		configPathAbs,
+		config,
 	});
 	await fs.writeFile(path.join(outDirAbs, "server", "server.ts"), serverTs);
 

package/cli/core/config.ts

@@ -25,5 +25,53 @@ export async function loadConfig(
 	if (typeof config.outDir !== "string" || !config.outDir) {
 		throw new Error(`Invalid config.outDir in ${configPathAbs}`);
 	}
+
+	const auth = (config as AppflareConfig).auth;
+	if (auth !== undefined) {
+		if (!auth || typeof auth !== "object") {
+			throw new Error(`Invalid config.auth in ${configPathAbs}`);
+		}
+		if (auth.basePath !== undefined && typeof auth.basePath !== "string") {
+			throw new Error(`Invalid config.auth.basePath in ${configPathAbs}`);
+		}
+		if (auth.enabled !== undefined && typeof auth.enabled !== "boolean") {
+			throw new Error(`Invalid config.auth.enabled in ${configPathAbs}`);
+		}
+		if (auth.options !== undefined && typeof auth.options !== "object") {
+			throw new Error(`Invalid config.auth.options in ${configPathAbs}`);
+		}
+	}
+
+	const storage = (config as AppflareConfig).storage;
+	if (storage !== undefined) {
+		if (!storage || typeof storage !== "object") {
+			throw new Error(`Invalid config.storage in ${configPathAbs}`);
+		}
+		if (!Array.isArray(storage.rules)) {
+			throw new Error(`Invalid config.storage.rules in ${configPathAbs}`);
+		}
+		if (
+			storage.basePath !== undefined &&
+			typeof storage.basePath !== "string"
+		) {
+			throw new Error(`Invalid config.storage.basePath in ${configPathAbs}`);
+		}
+		if (
+			storage.bucketBinding !== undefined &&
+			typeof storage.bucketBinding !== "string"
+		) {
+			throw new Error(
+				`Invalid config.storage.bucketBinding in ${configPathAbs}`
+			);
+		}
+		if (
+			storage.defaultCacheControl !== undefined &&
+			typeof storage.defaultCacheControl !== "string"
+		) {
+			throw new Error(
+				`Invalid config.storage.defaultCacheControl in ${configPathAbs}`
+			);
+		}
+	}
 	return { config: config as AppflareConfig, configDirAbs };
 }

package/cli/core/index.ts

@@ -105,7 +105,11 @@ async function buildFromConfig(params: {
 	await fs.mkdir(path.join(outDirAbs, "src"), { recursive: true });
 	await fs.mkdir(path.join(outDirAbs, "server"), { recursive: true });
 
-	const schemaTypesTs = await generateSchemaTypes({ schemaPathAbs });
+	const schemaTypesTs = await generateSchemaTypes({
+		schemaPathAbs,
+		configPathAbs,
+		outDirAbs,
+	});
 	await fs.writeFile(
 		path.join(outDirAbs, "src", "schema-types.ts"),
 		schemaTypesTs
@@ -122,13 +126,22 @@ async function buildFromConfig(params: {
 		configPathAbs,
 	});
 
-	const apiTs = generateApiClient({ handlers, outDirAbs });
+	const apiTs = generateApiClient({
+		handlers,
+		outDirAbs,
+		authBasePath:
+			config.auth && config.auth.enabled === false
+				? undefined
+				: (config.auth?.basePath ?? "/auth"),
+	});
 	await fs.writeFile(path.join(outDirAbs, "src", "api.ts"), apiTs);
 
 	const serverTs = generateHonoServer({
 		handlers,
 		outDirAbs,
 		schemaPathAbs,
+		configPathAbs,
+		config,
 	});
 	await fs.writeFile(path.join(outDirAbs, "server", "server.ts"), serverTs);
 

package/cli/generators/generate-api-client/index.ts

@@ -22,6 +22,8 @@ const HEADER_TEMPLATE = `/* eslint-disable */
 
 import fetch from "better-fetch";
 import { z } from "zod";
+import type { BetterAuthClientOptions } from "better-auth/client";
+import { createAuthClient } from "better-auth/client";
 
 import type {
 	AnyValidator,
@@ -128,6 +130,39 @@ export type AppflareHandler<THandler extends AnyHandlerDefinition> = HandlerInvo
 > &
 	HandlerMetadata<THandler>;
 
+export type StoragePutResult = {
+	key: string;
+	size: number;
+	contentType: string;
+	cacheControl: string;
+};
+
+export type StorageDeleteResult = {
+	key: string;
+	deleted: boolean;
+};
+
+export type StorageManagerClient = {
+	url: (path: string) => string;
+	get: (path: string, init?: RequestInit) => Promise<Response>;
+	head: (path: string, init?: RequestInit) => Promise<Response>;
+	put: (
+		path: string,
+		body: BodyInit,
+		init?: RequestInit
+	) => Promise<StoragePutResult>;
+	post: (
+		path: string,
+		body: BodyInit,
+		init?: RequestInit
+	) => Promise<StoragePutResult>;
+	delete: (path: string, init?: RequestInit) => Promise<StorageDeleteResult>;
+};
+
+export type StorageManagerOptions = {
+	basePath?: string;
+};
+
 type RequestExecutor = (
 	input: RequestInfo | URL,
 	init?: RequestInit
@@ -166,12 +201,16 @@ export type MutationsClient = {{mutationsTypeDef}};
 export type AppflareApiClient = {
 	queries: QueriesClient;
 	mutations: MutationsClient;
+	storage: StorageManagerClient;
+	auth?: ReturnType<typeof createAuthClient>;
 };
 
 export type AppflareApiOptions = {
 	baseUrl?: string;
 	fetcher?: RequestExecutor;
 	realtime?: RealtimeConfig;
+	storage?: StorageManagerOptions;
+	auth?: false | (BetterAuthClientOptions & { baseURL?: string });
 };
 
 export function createAppflareApi(options: AppflareApiOptions = {}): AppflareApiClient {
@@ -180,7 +219,17 @@ export function createAppflareApi(options: AppflareApiOptions = {}): AppflareApi
 	const realtime = resolveRealtimeConfig(baseUrl, options.realtime);
 	const queries: QueriesClient = {{queriesInit}};
 	const mutations: MutationsClient = {{mutationsInit}};
-	return { queries, mutations };
+	const storage = createStorageManagerClient(baseUrl, request, options.storage);
+	const authBasePath = normalizeAuthBasePath({{authBasePath}}) ?? "/auth";
+	const auth = options.auth === false
+		? undefined
+		: createAuthClient({
+			...(options.auth ?? {}),
+			baseURL:
+				(options.auth as any)?.baseURL ??
+				buildUrl(baseUrl, authBasePath),
+		});
+	return { queries, mutations, storage, auth };
 }
 
 `;
@@ -281,6 +330,12 @@ function createHandlerWebsocket<TArgs, TResult>(
 `;
 
 const UTILITY_FUNCTIONS_TEMPLATE_PART3 = `
+function normalizeAuthBasePath(basePath?: string | null): string | undefined {
+	if (!basePath) return undefined;
+	const prefixed = basePath.startsWith("/") ? basePath : \`/\${basePath}\`;
+	return prefixed.replace(/\\/+$/, "") || "/auth";
+}
+
 function normalizeBaseUrl(baseUrl?: string): string {
 	if (!baseUrl) {
 		return "";
@@ -359,6 +414,55 @@ function serializeQueryValue(value: unknown): string {
 	return String(value);
 }
 
+function normalizeStorageBasePath(basePath?: string): string {
+	if (!basePath) return "/storage";
+	const prefixed = basePath.startsWith("/") ? basePath : \`/\${basePath}\`;
+	const trimmed = prefixed.replace(/\\/+$/, "");
+	return trimmed || "/storage";
+}
+
+function buildStoragePath(basePath: string, path: string): string {
+	const trimmedBase = basePath.endsWith("/") ? basePath.slice(0, -1) : basePath;
+	const normalizedPath = path.startsWith("/") ? path : \`/\${path}\`;
+	if (
+		normalizedPath === trimmedBase ||
+		normalizedPath.startsWith(\`\${trimmedBase}/\`)
+	) {
+		return normalizedPath;
+	}
+	return \`\${trimmedBase}\${normalizedPath}\`;
+}
+
+function createStorageManagerClient(
+	baseUrl: string,
+	request: RequestExecutor,
+	options?: StorageManagerOptions
+): StorageManagerClient {
+	const basePath = normalizeStorageBasePath(options?.basePath);
+	const toUrl = (path: string) => buildUrl(baseUrl, buildStoragePath(basePath, path));
+
+	const sendJson = async <T>(
+		method: string,
+		path: string,
+		init?: RequestInit
+	): Promise<T> => {
+		const response = await request(toUrl(path), { ...(init ?? {}), method });
+		return parseJson<T>(response);
+	};
+
+	return {
+		url: toUrl,
+		get: (path, init) => request(toUrl(path), { ...(init ?? {}), method: "GET" }),
+		head: (path, init) => request(toUrl(path), { ...(init ?? {}), method: "HEAD" }),
+		put: (path, body, init) =>
+			sendJson<StoragePutResult>("PUT", path, { ...(init ?? {}), body }),
+		post: (path, body, init) =>
+			sendJson<StoragePutResult>("POST", path, { ...(init ?? {}), body }),
+		delete: (path, init) =>
+			sendJson<StorageDeleteResult>("DELETE", path, { ...(init ?? {}) }),
+	};
+}
+
 function isPlainObject(value: unknown): value is Record<string, unknown> {
 	return !!value && typeof value === "object" && !Array.isArray(value);
 }
@@ -498,6 +602,7 @@ function generateClientInits(
 export function generateApiClient(params: {
 	handlers: DiscoveredHandler[];
 	outDirAbs: string;
+	authBasePath?: string;
 }): string {
 	const { importLines, importAliasBySource } = generateImports(params);
 	const { queriesByFile, mutationsByFile } = generateGroupedHandlers(
@@ -513,6 +618,8 @@ export function generateApiClient(params: {
 		importAliasBySource
 	);
 
+	const authBasePathLiteral = JSON.stringify(params.authBasePath ?? "/auth");
+
 	const typeBlocks = generateTypeBlocks(params.handlers, importAliasBySource);
 
 	return (
@@ -523,7 +630,8 @@ export function generateApiClient(params: {
 		CLIENT_TYPES_TEMPLATE.replace("{{queriesTypeDef}}", queriesTypeDef)
 			.replace("{{mutationsTypeDef}}", mutationsTypeDef)
 			.replace("{{queriesInit}}", queriesInit)
-			.replace("{{mutationsInit}}", mutationsInit) +
+			.replace("{{mutationsInit}}", mutationsInit)
+			.replace("{{authBasePath}}", authBasePathLiteral) +
 		UTILITY_FUNCTIONS_TEMPLATE
 	);
 }

package/cli/generators/generate-cloudflare-worker.ts

@@ -0,0 +1,195 @@
+import path from "node:path";
+import type { AppflareConfig } from "../utils/utils";
+
+const DEFAULT_ALLOWED_ORIGINS = ["http://localhost:3000"];
+
+const resolveAllowedOrigins = (origins?: string[]): string[] =>
+	origins && origins.length > 0 ? origins : DEFAULT_ALLOWED_ORIGINS;
+
+const sanitizeWorkerName = (configDirAbs: string): string => {
+	const base = path.basename(configDirAbs);
+	const slug = base.replace(/[^A-Za-z0-9_-]/g, "-").toLowerCase();
+	return slug || "appflare-worker";
+};
+
+const toBucketName = (binding: string): string =>
+	binding.toLowerCase().replace(/_/g, "-") || "appflare-storage";
+
+export function generateCloudflareWorkerIndex(params: {
+	allowedOrigins?: string[];
+}): string {
+	const allowedOrigins = resolveAllowedOrigins(params.allowedOrigins);
+	const allowedOriginsCsv = allowedOrigins.join(",");
+
+	return `/* eslint-disable */
+/**
+ * This file is auto-generated by the Appflare CLI.
+ * Do not edit directly.
+ */
+
+import { createAppflareHonoServer } from "./server";
+import { WebSocketHibernationServer } from "./websocket-hibernation-server";
+import { getDatabase } from "cloudflare-do-mongo";
+import { MONGO_DURABLE_OBJECT } from "cloudflare-do-mongo/do";
+import type { Hono } from "hono";
+import { cors } from "hono/cors";
+import { Db } from "mongodb";
+
+type DurableObjectNamespaceLike = {
+	idFromName(name: string): any;
+	get(id: any): { fetch(input: any, init?: RequestInit): Promise<Response> };
+};
+
+type Env = {
+	MONGO_DB: unknown;
+	MONGO_URI?: string;
+	WEBSOCKET_HIBERNATION_SERVER: DurableObjectNamespaceLike;
+	MONGO_DURABLE_OBJECT: DurableObjectNamespaceLike;
+	APPFLARE_STORAGE?: unknown;
+	ALLOWED_ORIGINS?: string;
+};
+
+type WorkerEnv = { Bindings: Env };
+
+const parseAllowedOrigins = (value?: string | null): string[] =>
+	(value ?? ${JSON.stringify(allowedOriginsCsv)})
+		.split(",")
+		.map((origin) => origin.trim())
+		.filter(Boolean);
+
+const resolveCorsOrigin = (
+	origin: string | null,
+	allowed: string[]
+): string | undefined => {
+	if (!origin) return undefined;
+	if (allowed.includes("*")) return origin;
+	return allowed.includes(origin) ? origin : undefined;
+};
+
+export default {
+	async fetch(request, env, ctx): Promise<Response> {
+		const allowedOrigins = parseAllowedOrigins(env.ALLOWED_ORIGINS);
+		const resolveOrigin = (origin: string | null) =>
+			resolveCorsOrigin(origin, allowedOrigins);
+
+		const app = createAppflareHonoServer({
+			db: getDatabase(env.MONGO_DB) as unknown as Db,
+			corsOrigin: allowedOrigins,
+			realtime: {
+				durableObject: env.WEBSOCKET_HIBERNATION_SERVER,
+				durableObjectName: "primary",
+				notify: async (payload) => {
+					const id = env.WEBSOCKET_HIBERNATION_SERVER.idFromName("primary");
+					const stub = env.WEBSOCKET_HIBERNATION_SERVER.get(id);
+					await stub.fetch("http://appflare-realtime/notify", {
+						method: "POST",
+						headers: { "content-type": "application/json" },
+						body: JSON.stringify(payload),
+					});
+				},
+			},
+		}) as unknown as Hono<WorkerEnv>;
+
+		app.use(
+			"*",
+			cors({
+				origin: resolveOrigin,
+				credentials: true,
+				allowMethods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
+				allowHeaders: ["Content-Type", "Authorization", "Cookie"],
+				exposeHeaders: ["set-cookie"],
+			})
+		);
+
+		const origin = request.headers.get("Origin");
+		const allowedOrigin = resolveOrigin(origin);
+		if (request.method === "OPTIONS") {
+			return new Response(null, {
+				status: 204,
+				headers: {
+					"Access-Control-Allow-Origin": allowedOrigin ?? "",
+					"Access-Control-Allow-Credentials": "true",
+					"Access-Control-Allow-Methods": "GET,POST,PUT,DELETE,OPTIONS",
+					"Access-Control-Allow-Headers":
+						request.headers.get("Access-Control-Request-Headers") ??
+						"Content-Type, Authorization, Cookie",
+					Vary: "Origin",
+				},
+			});
+		}
+
+		const upgradeHeader = request.headers.get("Upgrade");
+		if (upgradeHeader === "websocket") {
+			const url = new URL(request.url);
+			if (url.pathname === "/ws") {
+				const id = env.WEBSOCKET_HIBERNATION_SERVER.idFromName("primary");
+				const stub = env.WEBSOCKET_HIBERNATION_SERVER.get(id);
+				return stub.fetch(request);
+			}
+		}
+
+		const response = await app.fetch(request, env, ctx);
+		if (allowedOrigin) {
+			response.headers.set("Access-Control-Allow-Origin", allowedOrigin);
+			response.headers.set("Access-Control-Allow-Credentials", "true");
+			response.headers.append("Vary", "Origin");
+		}
+		return response;
+	},
+} satisfies ExportedHandler<Env>;
+
+export { MONGO_DURABLE_OBJECT, WebSocketHibernationServer };
+`;
+}
+
+export function generateWranglerJson(params: {
+	config: AppflareConfig;
+	configDirAbs: string;
+	allowedOrigins?: string[];
+}): string {
+	const allowedOrigins = resolveAllowedOrigins(params.allowedOrigins);
+	const bucketBinding =
+		params.config.storage?.bucketBinding ?? "APPFLARE_STORAGE";
+	const r2Buckets = params.config.storage
+		? [
+				{
+					binding: bucketBinding,
+					bucket_name: toBucketName(bucketBinding),
+				},
+			]
+		: undefined;
+
+	const wrangler: Record<string, unknown> = {
+		$schema: "node_modules/wrangler/config-schema.json",
+		name: sanitizeWorkerName(params.configDirAbs),
+		main: "./server/index.ts",
+		compatibility_date: new Date().toISOString().slice(0, 10),
+		compatibility_flags: [
+			"nodejs_compat",
+			"nodejs_compat_populate_process_env",
+		],
+		migrations: [
+			{ new_sqlite_classes: ["WebSocketHibernationServer"], tag: "v1" },
+			{ new_sqlite_classes: ["MONGO_DURABLE_OBJECT"], tag: "v2" },
+		],
+		durable_objects: {
+			bindings: [
+				{
+					class_name: "WebSocketHibernationServer",
+					name: "WEBSOCKET_HIBERNATION_SERVER",
+				},
+				{ class_name: "MONGO_DURABLE_OBJECT", name: "MONGO_DURABLE_OBJECT" },
+			],
+		},
+		observability: { enabled: true },
+		vars: {
+			ALLOWED_ORIGINS: allowedOrigins.join(","),
+		},
+	};
+
+	if (r2Buckets && r2Buckets.length > 0) {
+		wrangler.r2_buckets = r2Buckets;
+	}
+
+	return `${JSON.stringify(wrangler, null, 2)}\n`;
+}