gorsee 0.2.3 → 0.2.5

package/src/auth/index.ts

@@ -1,178 +0,0 @@
-// Built-in session-based auth with HMAC-signed cookies
-
-import { timingSafeEqual } from "node:crypto"
-import type { Context, MiddlewareFn } from "../server/middleware.ts"
-export { createNamespacedSessionStore } from "./store-utils.ts"
-export { createRedisSessionStore } from "./redis-session-store.ts"
-export { createSQLiteSessionStore } from "./sqlite-session-store.ts"
-
-export interface AuthConfig {
-  secret: string
-  cookieName?: string
-  maxAge?: number
-  loginPath?: string
-  store?: SessionStore
-}
-
-export interface Session {
-  id: string
-  userId: string
-  data: Record<string, unknown>
-  expiresAt: number
-}
-
-type Awaitable<T> = T | Promise<T>
-
-export interface SessionStore {
-  get(id: string): Awaitable<Session | undefined>
-  set(id: string, session: Session): Awaitable<void>
-  delete(id: string): Awaitable<void>
-  entries(): Awaitable<Iterable<[string, Session]> | AsyncIterable<[string, Session]>>
-}
-
-export function createMemorySessionStore(): SessionStore {
-  const sessions = new Map<string, Session>()
-  return {
-    get: (id) => sessions.get(id),
-    set: (id, session) => { sessions.set(id, session) },
-    delete: (id) => { sessions.delete(id) },
-    entries: () => sessions.entries(),
-  }
-}
-
-const defaultSessionStore = createMemorySessionStore()
-
-let cachedKey: CryptoKey | null = null
-let cachedSecret = ""
-
-async function getSigningKey(secret: string): Promise<CryptoKey> {
-  if (cachedKey && cachedSecret === secret) return cachedKey
-  const enc = new TextEncoder()
-  cachedKey = await crypto.subtle.importKey(
-    "raw",
-    enc.encode(secret),
-    { name: "HMAC", hash: "SHA-256" },
-    false,
-    ["sign", "verify"],
-  )
-  cachedSecret = secret
-  return cachedKey
-}
-
-async function sign(value: string, secret: string): Promise<string> {
-  const key = await getSigningKey(secret)
-  const enc = new TextEncoder()
-  const signature = await crypto.subtle.sign("HMAC", key, enc.encode(value))
-  const sigHex = Array.from(new Uint8Array(signature))
-    .map((b) => b.toString(16).padStart(2, "0"))
-    .join("")
-  return `${value}.${sigHex}`
-}
-
-async function verify(
-  signed: string,
-  secret: string,
-): Promise<string | null> {
-  const dotIndex = signed.lastIndexOf(".")
-  if (dotIndex === -1) return null
-  const value = signed.slice(0, dotIndex)
-  const expected = await sign(value, secret)
-  // Constant-time comparison to prevent timing attacks
-  if (expected.length !== signed.length) return null
-  const a = Buffer.from(expected)
-  const b = Buffer.from(signed)
-  if (!timingSafeEqual(a, b)) return null
-  return value
-}
-
-async function pruneExpired(store: SessionStore): Promise<void> {
-  const now = Date.now()
-  const entries = await store.entries()
-  for await (const [id, session] of entries) {
-    if (session.expiresAt <= now) await store.delete(id)
-  }
-}
-
-function resolveConfig(config: AuthConfig) {
-  return {
-    secret: config.secret,
-    cookieName: config.cookieName ?? "gorsee_session",
-    maxAge: config.maxAge ?? 86400,
-    loginPath: config.loginPath ?? "/login",
-    store: config.store ?? defaultSessionStore,
-  }
-}
-
-export function createAuth(config: AuthConfig): {
-  middleware: MiddlewareFn
-  requireAuth: MiddlewareFn
-  login: (ctx: Context, userId: string, data?: Record<string, unknown>) => Promise<void>
-  logout: (ctx: Context) => Promise<void>
-  getSession: (ctx: Context) => Session | null
-} {
-  const cfg = resolveConfig(config)
-
-  const middleware: MiddlewareFn = async (ctx, next) => {
-      const cookie = ctx.cookies.get(cfg.cookieName)
-    if (cookie) {
-        const sessionId = await verify(cookie, cfg.secret)
-        if (sessionId) {
-        const session = await cfg.store.get(sessionId)
-        if (session && session.expiresAt > Date.now()) {
-          ctx.locals.session = session
-        } else if (session) {
-          await cfg.store.delete(sessionId)
-        }
-      }
-    }
-    return next()
-  }
-
-  const requireAuth: MiddlewareFn = async (ctx, next) => {
-    if (!ctx.locals.session) {
-      return ctx.redirect(cfg.loginPath)
-    }
-    return next()
-  }
-
-  async function login(
-    ctx: Context,
-    userId: string,
-    data: Record<string, unknown> = {},
-  ): Promise<void> {
-    await pruneExpired(cfg.store)
-    const id = crypto.randomUUID()
-    const session: Session = {
-      id,
-      userId,
-      data,
-      expiresAt: Date.now() + cfg.maxAge * 1000,
-    }
-    await cfg.store.set(id, session)
-    ctx.locals.session = session
-    const signed = await sign(id, cfg.secret)
-    const isProduction = process.env.NODE_ENV === "production"
-    ctx.setCookie(cfg.cookieName, signed, {
-      maxAge: cfg.maxAge,
-      httpOnly: true,
-      secure: isProduction,
-      sameSite: "Lax",
-      path: "/",
-    })
-  }
-
-  async function logout(ctx: Context): Promise<void> {
-    const session = ctx.locals.session as Session | undefined
-    if (session) {
-      await cfg.store.delete(session.id)
-      ctx.locals.session = undefined
-    }
-    ctx.deleteCookie(cfg.cookieName)
-  }
-
-  function getSession(ctx: Context): Session | null {
-    return (ctx.locals.session as Session) ?? null
-  }
-
-  return { middleware, requireAuth, login, logout, getSession }
-}

package/src/auth/redis-session-store.ts

@@ -1,46 +0,0 @@
-import type { Session, SessionStore } from "./index.ts"
-import { buildRedisKey, stripRedisPrefix, type RedisLikeClient } from "../server/redis-client.ts"
-
-interface RedisSessionStoreOptions {
-  prefix?: string
-}
-
-interface StoredSessionPayload {
-  session: Session
-}
-
-export function createRedisSessionStore(
-  client: RedisLikeClient,
-  options: RedisSessionStoreOptions = {},
-): SessionStore {
-  const prefix = options.prefix ?? "gorsee:session"
-
-  return {
-    async get(id) {
-      const raw = await client.get(buildRedisKey(prefix, id))
-      if (!raw) return undefined
-      const payload = JSON.parse(raw) as StoredSessionPayload
-      return payload.session
-    },
-    async set(id, session) {
-      const key = buildRedisKey(prefix, id)
-      await client.set(key, JSON.stringify({ session } satisfies StoredSessionPayload))
-      const ttlSeconds = Math.max(1, Math.ceil((session.expiresAt - Date.now()) / 1000))
-      if (client.expire) await client.expire(key, ttlSeconds)
-    },
-    async delete(id) {
-      await client.del(buildRedisKey(prefix, id))
-    },
-    async entries() {
-      const keys = await client.keys(`${prefix}:*`)
-      const sessions: Array<[string, Session]> = []
-      for (const key of keys) {
-        const raw = await client.get(key)
-        if (!raw) continue
-        const payload = JSON.parse(raw) as StoredSessionPayload
-        sessions.push([stripRedisPrefix(prefix, key), payload.session])
-      }
-      return sessions
-    },
-  }
-}

package/src/auth/sqlite-session-store.ts

@@ -1,98 +0,0 @@
-import { Database } from "bun:sqlite"
-import type { Session, SessionStore } from "./index.ts"
-
-interface SQLiteSessionStoreOptions {
-  pruneExpiredOnInit?: boolean
-  pruneExpiredOnGet?: boolean
-  pruneExpiredOnSet?: boolean
-  pruneExpiredOnEntries?: boolean
-}
-
-function ensureSessionTable(sqlite: Database): void {
-  sqlite.run(`
-    CREATE TABLE IF NOT EXISTS gorsee_sessions (
-      id TEXT PRIMARY KEY,
-      payload TEXT NOT NULL,
-      expires_at INTEGER NOT NULL
-    )
-  `)
-  sqlite.run("CREATE INDEX IF NOT EXISTS idx_gorsee_sessions_expires_at ON gorsee_sessions (expires_at)")
-}
-
-function pruneExpiredRows(sqlite: Database, now: number = Date.now()): number {
-  const result = sqlite.prepare("DELETE FROM gorsee_sessions WHERE expires_at <= ?1").run(now)
-  return (result as { changes?: number }).changes ?? 0
-}
-
-export function createSQLiteSessionStore(
-  path = ":memory:",
-  options: SQLiteSessionStoreOptions = {},
-): SessionStore & { close(): void; deleteExpired(now?: number): number } {
-  const sqlite = new Database(path)
-  sqlite.run("PRAGMA journal_mode=WAL;")
-  ensureSessionTable(sqlite)
-  const {
-    pruneExpiredOnInit = true,
-    pruneExpiredOnGet = true,
-    pruneExpiredOnSet = true,
-    pruneExpiredOnEntries = true,
-  } = options
-
-  if (pruneExpiredOnInit) pruneExpiredRows(sqlite)
-
-  return {
-    async get(id) {
-      if (pruneExpiredOnGet) pruneExpiredRows(sqlite)
-      const row = sqlite
-        .prepare("SELECT payload, expires_at FROM gorsee_sessions WHERE id = ?1")
-        .get(id) as { payload: string; expires_at: number } | null
-      if (!row) return undefined
-      return {
-        ...(JSON.parse(row.payload) as Omit<Session, "expiresAt">),
-        expiresAt: row.expires_at,
-      }
-    },
-    async set(id, session) {
-      if (pruneExpiredOnSet) pruneExpiredRows(sqlite)
-      sqlite.prepare(`
-        INSERT INTO gorsee_sessions (id, payload, expires_at)
-        VALUES (?1, ?2, ?3)
-        ON CONFLICT(id) DO UPDATE SET
-          payload = excluded.payload,
-          expires_at = excluded.expires_at
-      `).run(
-        id,
-        JSON.stringify({
-          id: session.id,
-          userId: session.userId,
-          data: session.data,
-        }),
-        session.expiresAt,
-      )
-    },
-    async delete(id) {
-      sqlite.prepare("DELETE FROM gorsee_sessions WHERE id = ?1").run(id)
-    },
-    async entries() {
-      if (pruneExpiredOnEntries) pruneExpiredRows(sqlite)
-      const rows = sqlite.prepare("SELECT id, payload, expires_at FROM gorsee_sessions").all() as Array<{
-        id: string
-        payload: string
-        expires_at: number
-      }>
-      return rows.map((row) => [
-        row.id,
-        {
-          ...(JSON.parse(row.payload) as Omit<Session, "expiresAt">),
-          expiresAt: row.expires_at,
-        },
-      ] as [string, Session])
-    },
-    deleteExpired(now = Date.now()) {
-      return pruneExpiredRows(sqlite, now)
-    },
-    close() {
-      sqlite.close()
-    },
-  }
-}

package/src/auth/store-utils.ts

@@ -1,21 +0,0 @@
-import type { Session, SessionStore } from "./index.ts"
-
-export function createNamespacedSessionStore(store: SessionStore, namespace: string): SessionStore {
-  const prefix = `${namespace}:`
-  return {
-    get: (id) => store.get(prefix + id),
-    set: async (id, session) => {
-      await store.set(prefix + id, { ...session, id })
-    },
-    delete: async (id) => {
-      await store.delete(prefix + id)
-    },
-    entries: async function* () {
-      const entries = await store.entries()
-      for await (const [id, session] of entries) {
-        if (!id.startsWith(prefix)) continue
-        yield [id.slice(prefix.length), { ...(session as Session), id: id.slice(prefix.length) }] as [string, Session]
-      }
-    },
-  }
-}

package/src/build/client.ts

@@ -1,139 +0,0 @@
-// Client bundle builder -- uses Bun.build() to create browser-ready JS per route
-
-import { join, resolve, relative, dirname } from "node:path"
-import { mkdir, rm } from "node:fs/promises"
-import { serverStripPlugin } from "./server-strip.ts"
-import { cssModulesPlugin, getCollectedCSS, resetCollectedCSS } from "./css-modules.ts"
-import type { Route } from "../router/scanner.ts"
-
-const FRAMEWORK_ROOT = resolve(import.meta.dir, "..")
-const CLIENT_JSX_RUNTIME = resolve(FRAMEWORK_ROOT, "jsx-runtime-client.ts")
-
-const GORSEE_CLIENT_RESOLVE: Record<string, string> = {
-  "gorsee": resolve(FRAMEWORK_ROOT, "index-client.ts"),
-  "gorsee/client": resolve(FRAMEWORK_ROOT, "client.ts"),
-  "gorsee/reactive": resolve(FRAMEWORK_ROOT, "reactive/index.ts"),
-  "gorsee/types": resolve(FRAMEWORK_ROOT, "types/index.ts"),
-  "gorsee/runtime": resolve(FRAMEWORK_ROOT, "runtime/index.ts"),
-  "gorsee/unsafe": resolve(FRAMEWORK_ROOT, "unsafe/index.ts"),
-  "gorsee/jsx-runtime": CLIENT_JSX_RUNTIME,
-  "gorsee/jsx-dev-runtime": CLIENT_JSX_RUNTIME,
-}
-
-function routeToEntryName(route: Route, cwd: string): string {
-  const rel = relative(join(cwd, "routes"), route.filePath)
-  return rel.replace(/\.(tsx?|jsx?)$/, "").replace(/[\[\]]/g, "_")
-}
-
-function toImportSpecifier(fromFile: string, toFile: string): string {
-  const rel = relative(dirname(fromFile), toFile).replace(/\\/g, "/")
-  return rel.startsWith(".") ? rel : `./${rel}`
-}
-
-function generateEntryCode(routeFile: string, entryPath: string, hydrateImport: string, routerImport: string): string {
-  const hydrateSpecifier = toImportSpecifier(entryPath, hydrateImport)
-  const routerSpecifier = toImportSpecifier(entryPath, routerImport)
-
-  return `
-import Component from "gorsee:route:${routeFile}";
-import { hydrate } from "${hydrateSpecifier}";
-import { initRouter } from "${routerSpecifier}";
-var container = document.getElementById("app");
-var dataEl = document.getElementById("__GORSEE_DATA__");
-var data = dataEl ? JSON.parse(dataEl.textContent) : {};
-var params = window.__GORSEE_PARAMS__ || {};
-hydrate(function() { return Component({ data: data, params: params }); }, container);
-initRouter();
-`
-}
-
-export interface BuildResult {
-  entryMap: Map<string, string>  // routePath → client JS path (relative to outdir)
-  cssModules?: string  // collected CSS from .module.css files
-}
-
-export interface BuildOptions {
-  minify?: boolean
-  sourcemap?: boolean
-}
-
-export async function buildClientBundles(
-  routes: Route[],
-  cwd: string,
-  options?: BuildOptions,
-): Promise<BuildResult> {
-  const outDir = join(cwd, ".gorsee", "client")
-  await rm(outDir, { recursive: true, force: true })
-  await mkdir(outDir, { recursive: true })
-
-  const entryDir = join(cwd, ".gorsee", "entries")
-  await rm(entryDir, { recursive: true, force: true })
-  await mkdir(entryDir, { recursive: true })
-
-  const entryMap = new Map<string, string>()
-  const pageRoutes = routes.filter((r) => !r.filePath.includes("/api/"))
-  if (pageRoutes.length === 0) return { entryMap }
-
-  resetCollectedCSS()
-
-  const entrypoints: string[] = []
-
-  for (const route of pageRoutes) {
-    const name = routeToEntryName(route, cwd)
-    const entryPath = join(entryDir, `${name}.ts`)
-    const clientModule = resolve(FRAMEWORK_ROOT, "runtime/client.ts")
-    const routerModule = resolve(FRAMEWORK_ROOT, "runtime/router.ts")
-    const code = generateEntryCode(route.filePath, entryPath, clientModule, routerModule)
-    await Bun.write(entryPath, code)
-    entrypoints.push(entryPath)
-    entryMap.set(route.path, `${name}.js`)
-  }
-
-  const result = await Bun.build({
-    entrypoints,
-    outdir: outDir,
-    target: "browser",
-    format: "esm",
-    minify: options?.minify ?? false,
-    sourcemap: options?.sourcemap ? "external" : "none",
-    splitting: true,
-    jsx: {
-      runtime: "automatic",
-      importSource: "gorsee",
-      development: true,
-    },
-    plugins: [
-      {
-        name: "gorsee-client-resolve",
-        setup(build) {
-          build.onResolve({ filter: /^gorsee:route:/ }, (args) => ({
-            path: args.path.slice("gorsee:route:".length),
-          }))
-
-          build.onResolve({ filter: /^gorsee(\/.*)?$/ }, (args) => {
-            const mapped = GORSEE_CLIENT_RESOLVE[args.path]
-            if (mapped) return { path: mapped }
-            return undefined
-          })
-        },
-      },
-      serverStripPlugin,
-      cssModulesPlugin,
-    ],
-  })
-
-  if (!result.success) {
-    for (const log of result.logs) {
-      console.error("[build]", log.message)
-    }
-    throw new Error("Client build failed")
-  }
-
-  // Write collected CSS modules output
-  const cssModules = getCollectedCSS()
-  if (cssModules) {
-    await Bun.write(join(outDir, "modules.css"), cssModules)
-  }
-
-  return { entryMap, cssModules }
-}

package/src/build/css-modules.ts

@@ -1,69 +0,0 @@
-// CSS Modules plugin for Bun.build
-// Transforms .module.css imports to scoped class names
-// Input:  import styles from "./button.module.css"
-// Output: styles = { container: "button_container_a1b2c" }
-
-import type { BunPlugin } from "bun"
-import { createHash } from "node:crypto"
-import { readFile } from "node:fs/promises"
-import { basename, join, dirname } from "node:path"
-
-function hashClassName(filePath: string, className: string): string {
-  const hash = createHash("md5")
-    .update(filePath + className)
-    .digest("hex")
-    .slice(0, 5)
-  const base = basename(filePath, ".module.css")
-  return `${base}_${className}_${hash}`
-}
-
-function transformCSS(filePath: string, source: string): { css: string; classMap: Record<string, string> } {
-  const classMap: Record<string, string> = {}
-
-  const css = source.replace(/\.([a-zA-Z_][\w-]*)/g, (match, className) => {
-    // Don't transform pseudo-classes and pseudo-elements
-    if (match.startsWith("::") || match.startsWith(":.")) return match
-    const scoped = hashClassName(filePath, className)
-    classMap[className] = scoped
-    return `.${scoped}`
-  })
-
-  return { css, classMap }
-}
-
-// Collected CSS from all modules (used during build)
-const collectedCSS: string[] = []
-
-export function getCollectedCSS(): string {
-  return collectedCSS.join("\n")
-}
-
-export function resetCollectedCSS(): void {
-  collectedCSS.length = 0
-}
-
-export const cssModulesPlugin: BunPlugin = {
-  name: "gorsee-css-modules",
-  setup(build) {
-    build.onResolve({ filter: /\.module\.css$/ }, (args) => ({
-      path: join(dirname(args.importer), args.path),
-      namespace: "css-module",
-    }))
-
-    build.onLoad({ filter: /.*/, namespace: "css-module" }, async (args) => {
-      const source = await readFile(args.path, "utf-8")
-      const { css, classMap } = transformCSS(args.path, source)
-
-      collectedCSS.push(css)
-
-      const exports = Object.entries(classMap)
-        .map(([k, v]) => `  "${k}": "${v}"`)
-        .join(",\n")
-
-      return {
-        contents: `export default {\n${exports}\n};`,
-        loader: "js",
-      }
-    })
-  },
-}

package/src/build/devalue-parse.ts

@@ -1,2 +0,0 @@
-// Re-export devalue.parse for client bundles (tree-shakeable)
-export { parse } from "devalue"

package/src/build/manifest.ts

@@ -1,34 +0,0 @@
-import type { Route } from "../router/scanner.ts"
-import { inspectRouteBuildMetadata } from "./route-metadata.ts"
-import type { BuildManifest } from "../server/manifest.ts"
-
-export async function createBuildManifest(
-  routes: Route[],
-  entryMap: Map<string, string>,
-  hashMap: Map<string, string>,
-  prerenderedPaths: Iterable<string> = [],
-): Promise<BuildManifest> {
-  const prerendered = new Set(prerenderedPaths)
-  const manifest: BuildManifest = {
-    routes: {},
-    chunks: [],
-    prerendered: [...prerendered],
-    buildTime: new Date().toISOString(),
-  }
-
-  for (const route of routes) {
-    const metadata = await inspectRouteBuildMetadata(route)
-    const jsRel = entryMap.get(route.path)
-    manifest.routes[route.path] = {
-      js: jsRel ? hashMap.get(jsRel) : undefined,
-      hasLoader: metadata.hasLoader,
-      prerendered: prerendered.has(route.path) || undefined,
-    }
-  }
-
-  for (const hashed of hashMap.values()) {
-    if (hashed.includes("chunk-")) manifest.chunks.push(hashed)
-  }
-
-  return manifest
-}

package/src/build/route-metadata.ts

@@ -1,12 +0,0 @@
-import type { Route } from "../router/scanner.ts"
-
-export interface RouteBuildMetadata {
-  hasLoader: boolean
-}
-
-export async function inspectRouteBuildMetadata(route: Route): Promise<RouteBuildMetadata> {
-  const source = await Bun.file(route.filePath).text()
-  return {
-    hasLoader: /export\s+(async\s+)?function\s+loader\b/.test(source),
-  }
-}

package/src/build/rpc-transform.ts

@@ -1,62 +0,0 @@
-// RPC transform plugin for client bundles
-// Replaces server() calls with fetch-based RPC stubs
-// server(async (args) => { ... }) → async (args) => fetch("/_rpc/hash", ...)
-
-import { hashRPC } from "../server/rpc-hash.ts"
-
-const DEVALUE_PARSE_MODULE = new URL("./devalue-parse.ts", import.meta.url).pathname
-
-// Strip TypeScript type annotations from function args: "count: number, name: string" → "count, name"
-function stripTypeAnnotations(args: string): string {
-  return args.split(",").map((arg) => {
-    const trimmed = arg.trim()
-    // Handle destructuring, rest params, defaults — just strip ": Type" suffix
-    return trimmed.replace(/\s*:\s*[^,=]+$/, "").replace(/\s*:\s*[^,=]+(?=\s*=)/, "")
-  }).join(", ")
-}
-
-export function transformServerCalls(source: string, filePath: string): string {
-  // Match server( followed by async/function — not inside strings
-  const matches = [...source.matchAll(/\bserver\s*\(\s*(?=async\s|function\s)/g)]
-  if (matches.length === 0) return source
-
-  // Process in reverse order to preserve indices
-  let result = source
-  for (let i = matches.length - 1; i >= 0; i--) {
-    const match = matches[i]!
-    const start = match.index!
-    const id = hashRPC(filePath, i)
-
-    // Find the matching closing paren for server(...)
-    let depth = 0
-    let end = start
-    for (let j = start; j < source.length; j++) {
-      if (source[j] === "(") depth++
-      else if (source[j] === ")") {
-        depth--
-        if (depth === 0) { end = j + 1; break }
-      }
-    }
-
-    const inner = source.slice(start + match[0].length, end - 1)
-    const argsMatch = inner.match(/^(async\s+)?(?:\(([^)]*)\)|(\w+))\s*=>/)
-    const rawArgs = argsMatch ? (argsMatch[2] ?? argsMatch[3] ?? "") : ""
-    const args = rawArgs ? stripTypeAnnotations(rawArgs) : "...args"
-
-    const stub = `(async (${args}) => {
-  const res = await fetch("/api/_rpc/${id}", {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify([${args}])
-  });
-  if (!res.ok) throw new Error("RPC failed: " + res.status);
-  return __gorseeDevalParse(await res.text());
-})`
-
-    result = result.slice(0, start) + stub + result.slice(end)
-  }
-
-  // Add devalue parse import at top
-  return `import { parse as __gorseeDevalParse } from "${DEVALUE_PARSE_MODULE}";\n` + result
-}
-