gorsee 0.2.0 → 0.2.2

package/src/server/route-request.ts

@@ -0,0 +1,72 @@
+import { createContext, runMiddlewareChain, RedirectError, type Context, type MiddlewareFn } from "./middleware.ts"
+import { resolvePageRoute, type ResolvedPageRoute } from "./page-render.ts"
+import type { MatchResult } from "../router/matcher.ts"
+
+type RouteModule = Record<string, unknown>
+
+interface RouteRequestContext {
+  match: MatchResult
+  request: Request
+  mod: RouteModule
+  ctx: Context
+}
+
+interface ResolvedRouteRequestContext extends RouteRequestContext {
+  resolved: ResolvedPageRoute
+}
+
+interface RouteRequestOptions {
+  match: MatchResult
+  request: Request
+  extraMiddlewares?: MiddlewareFn[]
+  onPartialRequest: (ctx: ResolvedRouteRequestContext) => Promise<Response>
+  onPageRequest: (ctx: ResolvedRouteRequestContext) => Promise<Response>
+  onRouteError?: (error: unknown, ctx: ResolvedRouteRequestContext) => Promise<Response>
+}
+
+export async function handleRouteRequest(options: RouteRequestOptions): Promise<Response> {
+  const { match, request, extraMiddlewares = [], onPartialRequest, onPageRequest, onRouteError } = options
+  const mod = await import(match.route.filePath)
+  const ctx = createContext(request, match.params)
+  let routeCtx: ResolvedRouteRequestContext | undefined
+
+  if (typeof mod.GET === "function" && request.method === "GET") return (mod.GET as Function)(ctx)
+  if (typeof mod.POST === "function" && request.method === "POST") return (mod.POST as Function)(ctx)
+
+  try {
+    const resolved = await resolvePageRoute(mod, match, ctx)
+    if (!resolved) return new Response("Route has no default export", { status: 500 })
+
+    routeCtx = { match, request, mod, ctx, resolved }
+    const currentRouteCtx = routeCtx
+    const middlewares = await loadRouteMiddlewares(match, extraMiddlewares)
+
+    return await runMiddlewareChain(middlewares, ctx, async () => {
+      if (request.headers.get("X-Gorsee-Navigate") === "partial") {
+        return onPartialRequest(currentRouteCtx)
+      }
+      return onPageRequest(currentRouteCtx)
+    })
+  } catch (error) {
+    if (error instanceof RedirectError) {
+      return new Response(null, {
+        status: error.status,
+        headers: { Location: error.url },
+      })
+    }
+    if (onRouteError && routeCtx) return onRouteError(error, routeCtx)
+    throw error
+  }
+}
+
+async function loadRouteMiddlewares(
+  match: MatchResult,
+  extraMiddlewares: MiddlewareFn[],
+): Promise<MiddlewareFn[]> {
+  const middlewares = [...extraMiddlewares]
+  for (const mwPath of match.route.middlewarePaths) {
+    const mwMod = await import(mwPath)
+    if (typeof mwMod.default === "function") middlewares.push(mwMod.default)
+  }
+  return middlewares
+}

package/src/server/rpc-utils.ts

@@ -0,0 +1,27 @@
+import type { RPCRegistry } from "./rpc.ts"
+
+export function createScopedRPCRegistry(registry: RPCRegistry, scope: string): RPCRegistry {
+  const prefix = `${scope}:`
+  const fileCounters = new Map<string, number>()
+  const scopedIds = new Set<string>()
+  return {
+    getHandler: (id) => registry.getHandler(prefix + id),
+    setHandler: (id, fn) => {
+      const scopedId = prefix + id
+      scopedIds.add(scopedId)
+      registry.setHandler(scopedId, fn)
+    },
+    deleteHandler: (id) => {
+      const scopedId = prefix + id
+      scopedIds.delete(scopedId)
+      registry.deleteHandler(scopedId)
+    },
+    clear: () => {
+      for (const scopedId of scopedIds) registry.deleteHandler(scopedId)
+      scopedIds.clear()
+      fileCounters.clear()
+    },
+    getFileCallCount: (file) => fileCounters.get(file) ?? 0,
+    setFileCallCount: (file, count) => { fileCounters.set(file, count) },
+  }
+}

package/src/server/rpc.ts

@@ -9,23 +9,45 @@ export interface ServerOptions {
   middleware?: unknown[]
 }
 
-// RPC registry
-const rpcHandlers = new Map<string, (...args: unknown[]) => Promise<unknown>>()
+export type RPCHandler = (...args: unknown[]) => Promise<unknown>
+
+export interface RPCRegistry {
+  getHandler(id: string): RPCHandler | undefined
+  setHandler(id: string, fn: RPCHandler): void
+  deleteHandler(id: string): void
+  clear(): void
+  getFileCallCount(file: string): number
+  setFileCallCount(file: string, count: number): void
+}
+
+export function createMemoryRPCRegistry(): RPCRegistry {
+  const rpcHandlers = new Map<string, RPCHandler>()
+  const fileCallCounters = new Map<string, number>()
+  return {
+    getHandler: (id) => rpcHandlers.get(id),
+    setHandler: (id, fn) => { rpcHandlers.set(id, fn) },
+    deleteHandler: (id) => { rpcHandlers.delete(id) },
+    clear: () => {
+      rpcHandlers.clear()
+      fileCallCounters.clear()
+    },
+    getFileCallCount: (file) => fileCallCounters.get(file) ?? 0,
+    setFileCallCount: (file, count) => { fileCallCounters.set(file, count) },
+  }
+}
 
-// Track per-file call counters for hash synchronization
-const fileCallCounters = new Map<string, number>()
+const defaultRPCRegistry = createMemoryRPCRegistry()
 
-export function __registerRPC(id: string, fn: (...args: unknown[]) => Promise<unknown>): void {
-  rpcHandlers.set(id, fn)
+export function __registerRPC(id: string, fn: RPCHandler): void {
+  defaultRPCRegistry.setHandler(id, fn)
 }
 
 export function __resetRPCState(): void {
-  fileCallCounters.clear()
-  rpcHandlers.clear()
+  defaultRPCRegistry.clear()
 }
 
-export function getRPCHandler(id: string): ((...args: unknown[]) => Promise<unknown>) | undefined {
-  return rpcHandlers.get(id)
+export function getRPCHandler(id: string): RPCHandler | undefined {
+  return defaultRPCRegistry.getHandler(id)
 }
 
 function getCallerFile(): string | null {
@@ -52,22 +74,24 @@ export function server<TArgs extends unknown[], TReturn>(
 ): (...args: TArgs) => Promise<TReturn> {
   const callerFile = getCallerFile()
   if (callerFile) {
-    const counter = fileCallCounters.get(callerFile) ?? 0
-    fileCallCounters.set(callerFile, counter + 1)
+    const counter = defaultRPCRegistry.getFileCallCount(callerFile)
+    defaultRPCRegistry.setFileCallCount(callerFile, counter + 1)
     const id = hashRPC(callerFile, counter)
-    rpcHandlers.set(id, fn as (...args: unknown[]) => Promise<unknown>)
+    defaultRPCRegistry.setHandler(id, fn as (...args: unknown[]) => Promise<unknown>)
   }
   return fn
 }
 
-// RPC HTTP handler
-export async function handleRPCRequest(request: Request): Promise<Response | null> {
+export async function handleRPCRequestWithRegistry(
+  request: Request,
+  registry: Pick<RPCRegistry, "getHandler">,
+): Promise<Response | null> {
   const url = new URL(request.url)
   const match = url.pathname.match(/^\/api\/_rpc\/([a-zA-Z0-9]+)$/)
   if (!match) return null
 
   const id = match[1]!
-  const handler = rpcHandlers.get(id)
+  const handler = registry.getHandler(id)
 
   if (!handler) {
     return new Response(JSON.stringify({ error: `RPC handler not found: ${id}` }), {
@@ -87,7 +111,28 @@ export async function handleRPCRequest(request: Request): Promise<Response | nul
           headers: { "Content-Type": "application/json" },
         })
       }
-      const body = await request.text()
+      // Read body with actual size limit (Content-Length can be spoofed)
+      const reader = request.body?.getReader()
+      let bodyBytes = 0
+      const chunks: Uint8Array[] = []
+      if (reader) {
+        while (true) {
+          const { done, value } = await reader.read()
+          if (done) break
+          bodyBytes += value.byteLength
+          if (bodyBytes > MAX_RPC_BODY) {
+            reader.cancel()
+            return new Response(JSON.stringify({ error: "Request body too large" }), {
+              status: 413,
+              headers: { "Content-Type": "application/json" },
+            })
+          }
+          chunks.push(value)
+        }
+      }
+      const body = new TextDecoder().decode(
+        chunks.length === 1 ? chunks[0] : Buffer.concat(chunks),
+      )
       if (body) {
         let parsed: unknown
         try {
@@ -116,10 +161,17 @@ export async function handleRPCRequest(request: Request): Promise<Response | nul
       headers: { "Content-Type": "application/json" },
     })
   } catch (err) {
-    const message = err instanceof Error ? err.message : String(err)
+    // Don't leak internal error details to the client
+    const isDev = process.env.NODE_ENV !== "production"
+    const message = isDev && err instanceof Error ? err.message : "Internal server error"
     return new Response(JSON.stringify({ error: message }), {
       status: 500,
       headers: { "Content-Type": "application/json" },
     })
   }
 }
+
+// RPC HTTP handler
+export async function handleRPCRequest(request: Request): Promise<Response | null> {
+  return handleRPCRequestWithRegistry(request, defaultRPCRegistry)
+}

package/src/server/sqlite-cache-store.ts

@@ -0,0 +1,109 @@
+import { Database } from "bun:sqlite"
+import type { CacheEntry, CacheStore } from "./cache.ts"
+
+interface SQLiteCacheStoreOptions {
+  maxEntryAgeMs?: number
+  pruneExpiredOnInit?: boolean
+  pruneExpiredOnGet?: boolean
+  pruneExpiredOnSet?: boolean
+  pruneExpiredOnKeys?: boolean
+}
+
+function ensureCacheTable(sqlite: Database): void {
+  sqlite.run(`
+    CREATE TABLE IF NOT EXISTS gorsee_route_cache (
+      cache_key TEXT PRIMARY KEY,
+      body TEXT NOT NULL,
+      headers TEXT NOT NULL,
+      status INTEGER NOT NULL,
+      created_at INTEGER NOT NULL,
+      revalidating INTEGER NOT NULL DEFAULT 0
+    )
+  `)
+}
+
+function pruneExpiredRows(sqlite: Database, maxEntryAgeMs: number, now: number = Date.now()): number {
+  const cutoff = now - maxEntryAgeMs
+  const result = sqlite.prepare("DELETE FROM gorsee_route_cache WHERE created_at <= ?1").run(cutoff)
+  return (result as { changes?: number }).changes ?? 0
+}
+
+export function createSQLiteCacheStore(
+  path = ":memory:",
+  options: SQLiteCacheStoreOptions = {},
+): CacheStore & { close(): void; deleteExpired(now?: number): number } {
+  const sqlite = new Database(path)
+  sqlite.run("PRAGMA journal_mode=WAL;")
+  ensureCacheTable(sqlite)
+  const {
+    maxEntryAgeMs = 24 * 60 * 60 * 1000,
+    pruneExpiredOnInit = true,
+    pruneExpiredOnGet = true,
+    pruneExpiredOnSet = true,
+    pruneExpiredOnKeys = true,
+  } = options
+
+  if (pruneExpiredOnInit) pruneExpiredRows(sqlite, maxEntryAgeMs)
+
+  return {
+    async get(key) {
+      if (pruneExpiredOnGet) pruneExpiredRows(sqlite, maxEntryAgeMs)
+      const row = sqlite.prepare(`
+        SELECT body, headers, status, created_at, revalidating
+        FROM gorsee_route_cache
+        WHERE cache_key = ?1
+      `).get(key) as {
+        body: string
+        headers: string
+        status: number
+        created_at: number
+        revalidating: number
+      } | null
+      if (!row) return undefined
+      return {
+        body: row.body,
+        headers: JSON.parse(row.headers) as Record<string, string>,
+        status: row.status,
+        createdAt: row.created_at,
+        revalidating: row.revalidating === 1,
+      }
+    },
+    async set(key, entry) {
+      if (pruneExpiredOnSet) pruneExpiredRows(sqlite, maxEntryAgeMs)
+      sqlite.prepare(`
+        INSERT INTO gorsee_route_cache (cache_key, body, headers, status, created_at, revalidating)
+        VALUES (?1, ?2, ?3, ?4, ?5, ?6)
+        ON CONFLICT(cache_key) DO UPDATE SET
+          body = excluded.body,
+          headers = excluded.headers,
+          status = excluded.status,
+          created_at = excluded.created_at,
+          revalidating = excluded.revalidating
+      `).run(
+        key,
+        entry.body,
+        JSON.stringify(entry.headers),
+        entry.status,
+        entry.createdAt,
+        entry.revalidating ? 1 : 0,
+      )
+    },
+    async delete(key) {
+      sqlite.prepare("DELETE FROM gorsee_route_cache WHERE cache_key = ?1").run(key)
+    },
+    async clear() {
+      sqlite.prepare("DELETE FROM gorsee_route_cache").run()
+    },
+    async keys() {
+      if (pruneExpiredOnKeys) pruneExpiredRows(sqlite, maxEntryAgeMs)
+      const rows = sqlite.prepare("SELECT cache_key FROM gorsee_route_cache").all() as Array<{ cache_key: string }>
+      return rows.map((row) => row.cache_key)
+    },
+    deleteExpired(now = Date.now()) {
+      return pruneExpiredRows(sqlite, maxEntryAgeMs, now)
+    },
+    close() {
+      sqlite.close()
+    },
+  }
+}

package/src/server/static-file.ts

@@ -0,0 +1,63 @@
+import { getMimeType } from "./mime.ts"
+import { fileETag, isNotModified } from "./etag.ts"
+import { resolve } from "node:path"
+
+export interface StaticFileOptions {
+  contentType?: string
+  cacheControl?: string
+  request?: Request
+  etag?: boolean
+  extraHeaders?: Record<string, string>
+}
+
+export async function serveStaticFile(
+  rootDir: string,
+  relativePath: string,
+  options: StaticFileOptions = {},
+): Promise<Response | null> {
+  const {
+    contentType,
+    cacheControl,
+    request,
+    etag = false,
+    extraHeaders = {},
+  } = options
+
+  try {
+    const filePath = resolve(rootDir, relativePath)
+    if (!filePath.startsWith(rootDir)) return null
+
+    const file = Bun.file(filePath)
+    if (!await file.exists()) return null
+
+    const headers: Record<string, string> = {
+      "Content-Type": contentType ?? getMimeType(filePath),
+      ...extraHeaders,
+    }
+
+    if (cacheControl) headers["Cache-Control"] = cacheControl
+
+    if (etag) {
+      const tag = await fileETag(filePath)
+      if (tag && request && isNotModified(request, tag)) {
+        return new Response(null, { status: 304, headers: extraHeaders })
+      }
+      if (tag) headers["ETag"] = tag
+    }
+
+    return new Response(file, { headers })
+  } catch {
+    return null
+  }
+}
+
+export async function servePrefixedStaticFile(
+  pathname: string,
+  prefix: string,
+  rootDir: string,
+  options: StaticFileOptions = {},
+): Promise<Response | null> {
+  if (!pathname.startsWith(prefix)) return null
+  const relativePath = pathname.slice(prefix.length)
+  return serveStaticFile(rootDir, relativePath, options)
+}

package/src/server-entry.ts

@@ -0,0 +1,36 @@
+// Explicit server-facing public entrypoint.
+// Use this in loaders, middleware, API routes, and server services.
+
+export * from "./server/index.ts"
+export {
+  createAuth,
+  createMemorySessionStore,
+  createNamespacedSessionStore,
+  createRedisSessionStore,
+  createSQLiteSessionStore,
+  type AuthConfig,
+  type Session,
+  type SessionStore,
+} from "./auth/index.ts"
+export { createDB, type DB, runMigrations, createMigration, type MigrationResult } from "./db/index.ts"
+export {
+  securityHeaders,
+  type SecurityConfig,
+  csrfProtection,
+  generateCSRFToken,
+  validateCSRFToken,
+  createRateLimiter,
+  type RateLimiter,
+  cors,
+  type CORSOptions,
+} from "./security/index.ts"
+export { env, getPublicEnv, loadEnv } from "./env/index.ts"
+export { log, setLogLevel } from "./log/index.ts"
+export {
+  createNodeRedisLikeClient,
+  createIORedisLikeClient,
+  deleteExpiredRedisKeys,
+  type RedisLikeClient,
+  type NodeRedisClientLike,
+  type IORedisClientLike,
+} from "./server/redis-client.ts"