houdini 1.2.10 → 1.2.12

package/build/runtime-esm/client/index.js

@@ -1,3 +1,4 @@
+import { getCurrentConfig, localApiEndpoint } from "../lib";
 import { flatten } from "../lib/flatten";
 import { DocumentStore } from "./documentStore";
 import {
@@ -15,13 +16,14 @@ class HoudiniClient {
   url;
   plugins;
   throwOnError_operations;
+  proxies = {};
   constructor({
     url,
     fetchParams,
     plugins,
     pipeline,
     throwOnError
-  }) {
+  } = {}) {
     if (plugins && pipeline) {
       throw new Error(
         "A client cannot be given a pipeline and a list of plugins at the same time."
@@ -43,7 +45,8 @@ class HoudiniClient {
         )
       )
     );
-    this.url = url;
+    let serverPort = globalThis.process?.env?.HOUDINI_PORT ?? "5173";
+    this.url = url ?? (globalThis.window ? "" : `https://localhost:${serverPort}`) + localApiEndpoint(getCurrentConfig());
   }
   observe({
     enableCache = true,
@@ -58,6 +61,9 @@ class HoudiniClient {
       ...rest
     });
   }
+  registerProxy(url, handler) {
+    this.proxies[url] = handler;
+  }
 }
 function createPluginHooks(plugins) {
   return plugins.reduce((hooks, plugin) => {

package/build/runtime-esm/lib/config.d.ts

@@ -5,6 +5,8 @@ export declare function setMockConfig(config: ConfigFile | null): void;
 export declare function defaultConfigValues(file: ConfigFile): ConfigFile;
 export declare function keyFieldsForType(configFile: ConfigFile, type: string): string[];
 export declare function computeID(configFile: ConfigFile, type: string, data: any): string;
+export declare function localApiEndpoint(configFile: ConfigFile): string;
+export declare function localApiSessionKeys(configFile: ConfigFile): string[];
 export declare function getCurrentConfig(): ConfigFile;
 export type ConfigFile = {
     /**
@@ -110,6 +112,23 @@ export type ConfigFile = {
      * you must enable this flag.
      */
     acceptImperativeInstability?: boolean;
+    /**
+     * Configure the router
+     */
+    router?: RouterConfig;
+};
+type RouterConfig = {
+    auth?: AuthStrategy;
+    apiEndpoint?: string;
+};
+type AuthStrategy = {
+    redirect: string;
+    sessionKeys: string[];
+    url: string;
+} | {
+    mutation: string;
+    sessionKeys: string[];
+    url: string;
 };
 type ScalarMap = {
     [typeName: string]: ScalarSpec;

package/build/runtime-esm/lib/config.js

@@ -36,6 +36,12 @@ function computeID(configFile, type, data) {
   return id.slice(0, -2);
 }
 let _configFile = null;
+function localApiEndpoint(configFile) {
+  return configFile.router?.apiEndpoint ?? "/_api";
+}
+function localApiSessionKeys(configFile) {
+  return configFile.router?.auth?.sessionKeys ?? [];
+}
 function getCurrentConfig() {
   const mockConfig2 = getMockConfig();
   if (mockConfig2) {
@@ -57,5 +63,7 @@ export {
   getCurrentConfig,
   getMockConfig,
   keyFieldsForType,
+  localApiEndpoint,
+  localApiSessionKeys,
   setMockConfig
 };

package/build/runtime-esm/lib/types.d.ts

@@ -317,4 +317,43 @@ interface VariableNode {
 export declare const PendingValue: unique symbol;
 export type LoadingType = typeof PendingValue;
 export declare function isPending(value: any): value is LoadingType;
+export type ProjectManifest = {
+    /** All of the pages in the project */
+    pages: Record<string, PageManifest>;
+    /** All of the layouts in the project */
+    layouts: Record<string, PageManifest>;
+    /** All of the page queries in the project */
+    page_queries: Record<string, QueryManifest>;
+    /** All of the layout queries in the project */
+    layout_queries: Record<string, QueryManifest>;
+    /** All of the artifacts in the project */
+    artifacts: string[];
+    /** Whether or not there is a local schema defined */
+    local_schema: boolean;
+    /** Whether or not there is a custom instance of yoga defined */
+    local_yoga: boolean;
+};
+export type PageManifest = {
+    id: string;
+    /** the name of every query that the page depends on */
+    queries: string[];
+    /** the list of queries that this page could potentially ask for */
+    query_options: string[];
+    /** the full url pattern of the page */
+    url: string;
+    /** the ids of layouts that wrap this page */
+    layouts: string[];
+    /** The filepath of the unit */
+    path: string;
+};
+export type QueryManifest = {
+    /** the name of the query */
+    name: string;
+    /** the url tied with the query */
+    url: string;
+    /** wether the query uses the loading directive (ie, wants a fallback) */
+    loading: boolean;
+    /** The filepath of the unit */
+    path: string;
+};
 export {};

package/build/runtime-esm/router/cookies.d.ts

@@ -0,0 +1,41 @@
+/*!
+ * cookie
+ * Copyright(c) 2012-2014 Roman Shtylman
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+/**
+ * Parse a cookie header.
+ *
+ * Parse the given cookie header string into an object
+ * The object has the various cookies as keys(names) => values
+ *
+ * @param {string} str
+ * @param {object} [options]
+ * @return {object}
+ * @public
+ */
+export declare function parse(str: string, options?: {
+    decode?: (val: string) => string;
+}): Record<string, string>;
+/**
+ * Serialize data into a cookie header.
+ *
+ * Serialize the a name value pair into a cookie string suitable for
+ * http headers. An optional options object specified cookie parameters.
+ *
+ * serialize('foo', 'bar', { httpOnly: true })
+ *   => "foo=bar; httpOnly"
+ *
+ */
+export declare function serialize(name: string, val: string, options: {
+    encode: boolean;
+    maxAge: number;
+    domain: string;
+    path: string;
+    expires: Date;
+    httpOnly: boolean;
+    priority: string | number;
+    secure: boolean;
+    sameSite: string | boolean;
+}): string;

package/build/runtime-esm/router/cookies.js

@@ -0,0 +1,143 @@
+/*!
+ * cookie
+ * Copyright(c) 2012-2014 Roman Shtylman
+ * Copyright(c) 2015 Douglas Christopher Wilson
+ * MIT Licensed
+ */
+let __toString = Object.prototype.toString;
+let fieldContentRegExp = /^[\u0009\u0020-\u007e\u0080-\u00ff]+$/;
+function parse(str, options) {
+  if (typeof str !== "string") {
+    throw new TypeError("argument str must be a string");
+  }
+  let obj = {};
+  let opt = options || {};
+  let dec = opt.decode || decode;
+  let index = 0;
+  while (index < str.length) {
+    let eqIdx = str.indexOf("=", index);
+    if (eqIdx === -1) {
+      break;
+    }
+    let endIdx = str.indexOf(";", index);
+    if (endIdx === -1) {
+      endIdx = str.length;
+    } else if (endIdx < eqIdx) {
+      index = str.lastIndexOf(";", eqIdx - 1) + 1;
+      continue;
+    }
+    let key = str.slice(index, eqIdx).trim();
+    if (void 0 === obj[key]) {
+      let val = str.slice(eqIdx + 1, endIdx).trim();
+      if (val.charCodeAt(0) === 34) {
+        val = val.slice(1, -1);
+      }
+      obj[key] = tryDecode(val, dec);
+    }
+    index = endIdx + 1;
+  }
+  return obj;
+}
+function serialize(name, val, options) {
+  let opt = options || {};
+  let enc = opt.encode || encode;
+  if (typeof enc !== "function") {
+    throw new TypeError("option encode is invalid");
+  }
+  if (!fieldContentRegExp.test(name)) {
+    throw new TypeError("argument name is invalid");
+  }
+  let value = enc(val);
+  if (value && !fieldContentRegExp.test(value)) {
+    throw new TypeError("argument val is invalid");
+  }
+  let str = name + "=" + value;
+  if (opt.maxAge !== null) {
+    let maxAge = opt.maxAge - 0;
+    if (Number.isNaN(maxAge) || !isFinite(maxAge)) {
+      throw new TypeError("option maxAge is invalid");
+    }
+    str += "; Max-Age=" + Math.floor(maxAge);
+  }
+  if (opt.domain) {
+    if (!fieldContentRegExp.test(opt.domain)) {
+      throw new TypeError("option domain is invalid");
+    }
+    str += "; Domain=" + opt.domain;
+  }
+  if (opt.path) {
+    if (!fieldContentRegExp.test(opt.path)) {
+      throw new TypeError("option path is invalid");
+    }
+    str += "; Path=" + opt.path;
+  }
+  if (opt.expires) {
+    let expires = opt.expires;
+    if (!isDate(expires) || Number.isNaN(expires.valueOf())) {
+      throw new TypeError("option expires is invalid");
+    }
+    str += "; Expires=" + expires.toUTCString();
+  }
+  if (opt.httpOnly) {
+    str += "; HttpOnly";
+  }
+  if (opt.secure) {
+    str += "; Secure";
+  }
+  if (opt.priority) {
+    let priority = typeof opt.priority === "string" ? opt.priority.toLowerCase() : opt.priority;
+    switch (priority) {
+      case "low":
+        str += "; Priority=Low";
+        break;
+      case "medium":
+        str += "; Priority=Medium";
+        break;
+      case "high":
+        str += "; Priority=High";
+        break;
+      default:
+        throw new TypeError("option priority is invalid");
+    }
+  }
+  if (opt.sameSite) {
+    let sameSite = typeof opt.sameSite === "string" ? opt.sameSite.toLowerCase() : opt.sameSite;
+    switch (sameSite) {
+      case true:
+        str += "; SameSite=Strict";
+        break;
+      case "lax":
+        str += "; SameSite=Lax";
+        break;
+      case "strict":
+        str += "; SameSite=Strict";
+        break;
+      case "none":
+        str += "; SameSite=None";
+        break;
+      default:
+        throw new TypeError("option sameSite is invalid");
+    }
+  }
+  return str;
+}
+function decode(str) {
+  return str.indexOf("%") !== -1 ? decodeURIComponent(str) : str;
+}
+function encode(val) {
+  return encodeURIComponent(val);
+}
+function isDate(val) {
+  return __toString.call(val) === "[object Date]" || val instanceof Date;
+}
+function tryDecode(str, decode2) {
+  try {
+    return decode2(str);
+  } catch (e) {
+    return str;
+  }
+}
+export {
+  parse,
+  serialize
+};

package/build/runtime-esm/router/jwt.d.ts

@@ -0,0 +1,117 @@
+type SubtleCryptoImportKeyAlgorithm = any;
+/**
+ * @typedef JwtAlgorithm
+ * @type {'ES256'|'ES384'|'ES512'|'HS256'|'HS384'|'HS512'|'RS256'|'RS384'|'RS512'}
+ */
+export type JwtAlgorithm = 'ES256' | 'ES384' | 'ES512' | 'HS256' | 'HS384' | 'HS512' | 'RS256' | 'RS384' | 'RS512';
+/**
+ * @typedef JwtAlgorithms
+ */
+export interface JwtAlgorithms {
+    [key: string]: SubtleCryptoImportKeyAlgorithm;
+}
+/**
+ * @typedef JwtHeader
+ * @prop {string} [typ] Type
+ */
+export interface JwtHeader {
+    /**
+     * Type (default: `"JWT"`)
+     *
+     * @default "JWT"
+     */
+    typ?: string;
+    [key: string]: any;
+}
+/**
+ * @typedef JwtPayload
+ * @prop {string} [iss] Issuer
+ * @prop {string} [sub] Subject
+ * @prop {string | string[]} [aud] Audience
+ * @prop {string} [exp] Expiration Time
+ * @prop {string} [nbf] Not Before
+ * @prop {string} [iat] Issued At
+ * @prop {string} [jti] JWT ID
+ */
+export interface JwtPayload {
+    /** Issuer */
+    iss?: string;
+    /** Subject */
+    sub?: string;
+    /** Audience */
+    aud?: string | string[];
+    /** Expiration Time */
+    exp?: number;
+    /** Not Before */
+    nbf?: number;
+    /** Issued At */
+    iat?: number;
+    /** JWT ID */
+    jti?: string;
+    [key: string]: any;
+}
+/**
+ * @typedef JwtOptions
+ * @prop {JwtAlgorithm | string} algorithm
+ */
+export interface JwtOptions {
+    algorithm?: JwtAlgorithm | string;
+}
+/**
+ * @typedef JwtSignOptions
+ * @extends JwtOptions
+ * @prop {JwtHeader} [header]
+ */
+export interface JwtSignOptions extends JwtOptions {
+    header?: JwtHeader;
+}
+/**
+ * @typedef JwtVerifyOptions
+ * @extends JwtOptions
+ * @prop {boolean} [throwError=false] If `true` throw error if checks fail. (default: `false`)
+ */
+export interface JwtVerifyOptions extends JwtOptions {
+    /**
+     * If `true` throw error if checks fail. (default: `false`)
+     *
+     * @default false
+     */
+    throwError?: boolean;
+}
+/**
+ * @typedef JwtData
+ * @prop {JwtHeader} header
+ * @prop {JwtPayload} payload
+ */
+export interface JwtData {
+    header: JwtHeader;
+    payload: JwtPayload;
+}
+/**
+ * Signs a payload and returns the token
+ *
+ * @param {JwtPayload} payload The payload object. To use `nbf` (Not Before) and/or `exp` (Expiration Time) add `nbf` and/or `exp` to the payload.
+ * @param {string | JsonWebKey} secret A string which is used to sign the payload.
+ * @param {JwtSignOptions | JwtAlgorithm | string} [options={ algorithm: 'HS256', header: { typ: 'JWT' } }] The options object or the algorithm.
+ * @throws {Error} If there's a validation issue.
+ * @returns {Promise<string>} Returns token as a `string`.
+ */
+export declare function encode(payload: JwtPayload, secret: string | JsonWebKey, options?: JwtSignOptions | JwtAlgorithm): Promise<string>;
+/**
+ * Verifies the integrity of the token and returns a boolean value.
+ *
+ * @param {string} token The token string generated by `jwt.sign()`.
+ * @param {string | JsonWebKey} secret The string which was used to sign the payload.
+ * @param {JWTVerifyOptions | JWTAlgorithm} options The options object or the algorithm.
+ * @throws {Error | string} Throws an error `string` if the token is invalid or an `Error-Object` if there's a validation issue.
+ * @returns {Promise<boolean>} Returns `true` if signature, `nbf` (if set) and `exp` (if set) are valid, otherwise returns `false`.
+ */
+export declare function verify(token: string, secret: string | JsonWebKey, options?: JwtVerifyOptions | JwtAlgorithm): Promise<boolean>;
+/**
+ * Returns the payload **without** verifying the integrity of the token. Please use `jwt.verify()` first to keep your application secure!
+ *
+ * @param {string} token The token string generated by `jwt.sign()`.
+ * @returns {JwtData} Returns an `object` containing `header` and `payload`.
+ */
+export declare function decode(token: string): JwtData;
+export {};

package/build/runtime-esm/router/jwt.js

@@ -0,0 +1,155 @@
+function base64UrlParse(s) {
+  return new Uint8Array(
+    Array.prototype.map.call(
+      atob(s.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "")),
+      (c) => c.charCodeAt(0)
+    )
+  );
+}
+function base64UrlStringify(a) {
+  return btoa(String.fromCharCode.apply(0, a)).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+const algorithms = {
+  ES256: { name: "ECDSA", namedCurve: "P-256", hash: { name: "SHA-256" } },
+  ES384: { name: "ECDSA", namedCurve: "P-384", hash: { name: "SHA-384" } },
+  ES512: { name: "ECDSA", namedCurve: "P-521", hash: { name: "SHA-512" } },
+  HS256: { name: "HMAC", hash: { name: "SHA-256" } },
+  HS384: { name: "HMAC", hash: { name: "SHA-384" } },
+  HS512: { name: "HMAC", hash: { name: "SHA-512" } },
+  RS256: { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-256" } },
+  RS384: { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-384" } },
+  RS512: { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-512" } }
+};
+function _utf8ToUint8Array(str) {
+  return base64UrlParse(btoa(unescape(encodeURIComponent(str))));
+}
+function _str2ab(str) {
+  str = atob(str);
+  const buf = new ArrayBuffer(str.length);
+  const bufView = new Uint8Array(buf);
+  for (let i = 0, strLen = str.length; i < strLen; i++) {
+    bufView[i] = str.charCodeAt(i);
+  }
+  return buf;
+}
+function _decodePayload(raw) {
+  switch (raw.length % 4) {
+    case 0:
+      break;
+    case 2:
+      raw += "==";
+      break;
+    case 3:
+      raw += "=";
+      break;
+    default:
+      throw new Error("Illegal base64url string!");
+  }
+  try {
+    return JSON.parse(decodeURIComponent(escape(atob(raw))));
+  } catch {
+    return null;
+  }
+}
+async function encode(payload, secret, options = { algorithm: "HS256", header: { typ: "JWT" } }) {
+  if (typeof options === "string")
+    options = { algorithm: options, header: { typ: "JWT" } };
+  options = { algorithm: "HS256", header: { typ: "JWT" }, ...options };
+  if (payload === null || typeof payload !== "object")
+    throw new Error("payload must be an object");
+  if (typeof secret !== "string" && typeof secret !== "object")
+    throw new Error("secret must be a string or a JWK object");
+  if (typeof options.algorithm !== "string")
+    throw new Error("options.algorithm must be a string");
+  const algorithm = algorithms[options.algorithm];
+  if (!algorithm)
+    throw new Error("algorithm not found");
+  if (!payload.iat)
+    payload.iat = Math.floor(Date.now() / 1e3);
+  const payloadAsJSON = JSON.stringify(payload);
+  const partialToken = `${base64UrlStringify(
+    _utf8ToUint8Array(JSON.stringify({ ...options.header, alg: options.algorithm }))
+  )}.${base64UrlStringify(_utf8ToUint8Array(payloadAsJSON))}`;
+  let keyFormat = "raw";
+  let keyData;
+  if (typeof secret === "object") {
+    keyFormat = "jwk";
+    keyData = secret;
+  } else if (typeof secret === "string" && secret.startsWith("-----BEGIN")) {
+    keyFormat = "pkcs8";
+    keyData = _str2ab(
+      secret.replace(/-----BEGIN.*?-----/g, "").replace(/-----END.*?-----/g, "").replace(/\s/g, "")
+    );
+  } else
+    keyData = _utf8ToUint8Array(secret);
+  const key = await crypto.subtle.importKey(keyFormat, keyData, algorithm, false, ["sign"]);
+  const signature = await crypto.subtle.sign(algorithm, key, _utf8ToUint8Array(partialToken));
+  return `${partialToken}.${base64UrlStringify(new Uint8Array(signature))}`;
+}
+async function verify(token, secret, options = { algorithm: "HS256", throwError: false }) {
+  if (typeof options === "string")
+    options = { algorithm: options, throwError: false };
+  options = { algorithm: "HS256", throwError: false, ...options };
+  if (typeof token !== "string")
+    throw new Error("token must be a string");
+  if (typeof secret !== "string" && typeof secret !== "object")
+    throw new Error("secret must be a string or a JWK object");
+  if (typeof options.algorithm !== "string")
+    throw new Error("options.algorithm must be a string");
+  const tokenParts = token.split(".");
+  if (tokenParts.length !== 3)
+    throw new Error("token must consist of 3 parts");
+  const algorithm = algorithms[options.algorithm];
+  if (!algorithm)
+    throw new Error("algorithm not found");
+  const { payload } = decode(token);
+  if (!payload) {
+    if (options.throwError)
+      throw "PARSE_ERROR";
+    return false;
+  }
+  if (payload.nbf && payload.nbf > Math.floor(Date.now() / 1e3)) {
+    if (options.throwError)
+      throw "NOT_YET_VALID";
+    return false;
+  }
+  if (payload.exp && payload.exp <= Math.floor(Date.now() / 1e3)) {
+    if (options.throwError)
+      throw "EXPIRED";
+    return false;
+  }
+  let keyFormat = "raw";
+  let keyData;
+  if (typeof secret === "object") {
+    keyFormat = "jwk";
+    keyData = secret;
+  } else if (typeof secret === "string" && secret.startsWith("-----BEGIN")) {
+    keyFormat = "spki";
+    keyData = _str2ab(
+      secret.replace(/-----BEGIN.*?-----/g, "").replace(/-----END.*?-----/g, "").replace(/\s/g, "")
+    );
+  } else
+    keyData = _utf8ToUint8Array(secret);
+  const key = await crypto.subtle.importKey(keyFormat, keyData, algorithm, false, ["verify"]);
+  return await crypto.subtle.verify(
+    algorithm,
+    key,
+    base64UrlParse(tokenParts[2]),
+    _utf8ToUint8Array(`${tokenParts[0]}.${tokenParts[1]}`)
+  );
+}
+function decode(token) {
+  return {
+    header: _decodePayload(
+      token.split(".")[0].replace(/-/g, "+").replace(/_/g, "/")
+    ),
+    payload: _decodePayload(
+      token.split(".")[1].replace(/-/g, "+").replace(/_/g, "/")
+    )
+  };
+}
+export {
+  decode,
+  encode,
+  verify
+};

package/build/runtime-esm/router/server.d.ts

@@ -0,0 +1,25 @@
+import type { ConfigFile } from '../lib';
+type ServerHandlerArgs = {
+    url: string;
+    config: ConfigFile;
+    session_keys: string[];
+    set_header: (key: string, value: string | number | string[]) => void;
+    get_header: (key: string) => string | number | string[] | undefined;
+    redirect: (code: number, url: string) => void;
+    next: () => void;
+};
+export declare function handle_request(args: ServerHandlerArgs): Promise<void>;
+export type Server = {
+    use(fn: ServerMiddleware): void;
+};
+export type ServerMiddleware = (req: IncomingRequest, res: ServerResponse, next: () => void) => void;
+export type IncomingRequest = {
+    url?: string;
+    headers: Headers;
+};
+export type ServerResponse = {
+    redirect(url: string, status?: number): void;
+    set_header(name: string, value: string): void;
+};
+export declare function get_session(req: Headers, secrets: string[]): Promise<App.Session>;
+export {};

package/build/runtime-esm/router/server.js

@@ -0,0 +1,53 @@
+import { parse } from "./cookies";
+import { decode, encode, verify } from "./jwt";
+async function handle_request(args) {
+  const plugin_config = args.config.router ?? {};
+  if (plugin_config.auth && "redirect" in plugin_config.auth && args.url.startsWith(plugin_config.auth.redirect)) {
+    return await redirect_auth(args);
+  }
+  args.next();
+}
+async function redirect_auth(args) {
+  const { searchParams } = new URL(args.url, `http://${args.get_header("host")}`);
+  const { redirectTo, ...session } = Object.fromEntries(searchParams.entries());
+  await set_session(args, session);
+  if (redirectTo) {
+    return args.redirect(302, redirectTo);
+  }
+  args.next();
+}
+const session_cookie_name = "__houdini__";
+async function set_session(req, value) {
+  const today = new Date();
+  const expires = new Date(today.getTime() + 7 * 24 * 60 * 60 * 1e3);
+  const serialized = await encode(value, req.session_keys[0]);
+  req.set_header(
+    "Set-Cookie",
+    `${session_cookie_name}=${serialized}; Path=/; HttpOnly; Secure; SameSite=Lax; Expires=${expires.toUTCString()} `
+  );
+}
+async function get_session(req, secrets) {
+  const cookies = req.get("cookie");
+  if (!cookies) {
+    return {};
+  }
+  const cookie = parse(cookies)[session_cookie_name];
+  if (!cookie) {
+    return {};
+  }
+  for (const secret of secrets) {
+    if (!await verify(cookie, secret)) {
+      continue;
+    }
+    const parsed = decode(cookie);
+    if (!parsed) {
+      return {};
+    }
+    return parsed.payload;
+  }
+  return {};
+}
+export {
+  get_session,
+  handle_request
+};