lakebed 0.0.7 → 0.0.9

package/src/source-runtime-worker.js

@@ -0,0 +1,454 @@
+import { Buffer as NodeBuffer } from "node:buffer";
+import { randomUUID } from "node:crypto";
+
+const nodeProcess = process;
+const nodeBuffer = NodeBuffer;
+const sendToParent = typeof nodeProcess.send === "function" ? nodeProcess.send.bind(nodeProcess) : null;
+
+const DEFAULT_LIMITS = {
+  instructionBudget: 50000,
+  maxValueBytes: 65536,
+  rowsReturned: 1000
+};
+
+let nextFetchId = 1;
+const pendingFetches = new Map();
+
+function stableStringify(value) {
+  if (value === undefined) {
+    return undefined;
+  }
+
+  if (value === null || typeof value !== "object") {
+    return JSON.stringify(value);
+  }
+
+  if (Array.isArray(value)) {
+    return `[${value.map((item) => stableStringify(item) ?? "null").join(",")}]`;
+  }
+
+  const entries = Object.entries(value)
+    .filter(([, entryValue]) => entryValue !== undefined)
+    .sort(([left], [right]) => left.localeCompare(right));
+
+  return `{${entries
+    .map(([key, entryValue]) => `${JSON.stringify(key)}:${stableStringify(entryValue) ?? "null"}`)
+    .join(",")}}`;
+}
+
+function byteLength(value) {
+  return nodeBuffer.byteLength(typeof value === "string" ? value : stableStringify(value), "utf8");
+}
+
+function isPlainObject(value) {
+  return Boolean(value) && typeof value === "object" && Object.getPrototypeOf(value) === Object.prototype;
+}
+
+function cloneJson(value) {
+  return JSON.parse(JSON.stringify(value));
+}
+
+function assertFieldValue(tableName, fieldName, field, value, limits = DEFAULT_LIMITS) {
+  if (value === undefined) {
+    throw new Error(`Missing value for ${tableName}.${fieldName}`);
+  }
+
+  if (field.kind === "string" && typeof value !== "string") {
+    throw new Error(`Expected ${tableName}.${fieldName} to be a string.`);
+  }
+
+  if (field.kind === "boolean" && typeof value !== "boolean") {
+    throw new Error(`Expected ${tableName}.${fieldName} to be a boolean.`);
+  }
+
+  const maxValueBytes = limits.maxValueBytes ?? DEFAULT_LIMITS.maxValueBytes;
+  if (byteLength(value) > maxValueBytes) {
+    throw new Error(`Value for ${tableName}.${fieldName} exceeds ${maxValueBytes} bytes.`);
+  }
+}
+
+function metadataFields() {
+  return new Set(["id", "createdAt", "updatedAt"]);
+}
+
+function prepareInsert(schema, tableName, value, limits = DEFAULT_LIMITS) {
+  const table = schema[tableName];
+  if (!table) {
+    throw new Error(`Unknown table: ${tableName}`);
+  }
+
+  const fields = table.fields ?? {};
+  const metadata = metadataFields();
+  for (const key of Object.keys(value)) {
+    if (!fields[key] && !metadata.has(key)) {
+      throw new Error(`Unknown field for ${tableName}: ${key}`);
+    }
+    if (metadata.has(key)) {
+      throw new Error(`Lakebed manages ${tableName}.${key}; app code cannot set it directly.`);
+    }
+  }
+
+  const timestamp = new Date().toISOString();
+  const row = {
+    id: randomUUID(),
+    createdAt: timestamp,
+    updatedAt: timestamp
+  };
+
+  for (const [fieldName, field] of Object.entries(fields)) {
+    const valueOrDefault = value[fieldName] ?? field.defaultValue;
+    assertFieldValue(tableName, fieldName, field, valueOrDefault, limits);
+    row[fieldName] = valueOrDefault;
+  }
+
+  return row;
+}
+
+function preparePatch(schema, tableName, patch, limits = DEFAULT_LIMITS) {
+  const table = schema[tableName];
+  if (!table) {
+    throw new Error(`Unknown table: ${tableName}`);
+  }
+
+  const cleanPatch = {};
+  const fields = table.fields ?? {};
+  const metadata = metadataFields();
+  for (const [key, value] of Object.entries(patch)) {
+    if (!fields[key] && !metadata.has(key)) {
+      throw new Error(`Unknown field for ${tableName}: ${key}`);
+    }
+    if (metadata.has(key)) {
+      throw new Error(`Lakebed manages ${tableName}.${key}; app code cannot update it directly.`);
+    }
+
+    assertFieldValue(tableName, key, fields[key], value, limits);
+    cleanPatch[key] = value;
+  }
+
+  cleanPatch.updatedAt = new Date().toISOString();
+  return cleanPatch;
+}
+
+function compareValues(left, right) {
+  if (left === right) {
+    return 0;
+  }
+  return left > right ? 1 : -1;
+}
+
+function createSourceQuery(rows, tableName, artifact) {
+  return {
+    filters: [],
+    limitValue: null,
+    orderByValue: null,
+    tableName,
+    where(field, value) {
+      return { ...this, filters: [...this.filters, { field, value }] };
+    },
+    orderBy(field, direction = "asc") {
+      return { ...this, orderByValue: { field, direction: direction === "desc" ? "desc" : "asc" } };
+    },
+    limit(count) {
+      const parsed = Number(count);
+      const safe = Number.isFinite(parsed) ? Math.max(0, Math.trunc(parsed)) : null;
+      return { ...this, limitValue: safe };
+    },
+    all() {
+      let results = [...rows[this.tableName]].map((row) => ({ ...row }));
+      for (const filter of this.filters) {
+        results = results.filter((row) => row[filter.field] === filter.value);
+      }
+      if (this.orderByValue) {
+        const direction = this.orderByValue.direction === "desc" ? -1 : 1;
+        results.sort((left, right) => compareValues(left[this.orderByValue.field], right[this.orderByValue.field]) * direction);
+      }
+      const maxRows = artifact.limits?.maxRowsReturned ?? DEFAULT_LIMITS.rowsReturned;
+      const requested = this.limitValue ?? maxRows;
+      const bounded = Math.max(0, Math.min(requested, maxRows));
+      return results.slice(0, bounded);
+    }
+  };
+}
+
+function createSourceContext({ artifact, auth, env, rows }) {
+  const workingRows = {};
+  const operations = [];
+  for (const tableName of Object.keys(artifact.server.schema ?? {})) {
+    workingRows[tableName] = Array.isArray(rows?.[tableName]) ? rows[tableName].map((row) => ({ ...row })) : [];
+  }
+
+  const db = {};
+  for (const tableName of Object.keys(artifact.server.schema ?? {})) {
+    db[tableName] = {
+      ...createSourceQuery(workingRows, tableName, artifact),
+      get(id) {
+        const row = workingRows[tableName].find((candidate) => candidate.id === id);
+        return row ? { ...row } : null;
+      },
+      insert(value) {
+        const row = prepareInsert(artifact.server.schema, tableName, value, artifact.limits);
+        workingRows[tableName].push(row);
+        operations.push({ op: "insert", row: { ...row }, table: tableName });
+        return { ...row };
+      },
+      update(id, patch) {
+        const index = workingRows[tableName].findIndex((row) => row.id === id);
+        if (index === -1) {
+          return;
+        }
+        const cleanPatch = preparePatch(artifact.server.schema, tableName, patch, artifact.limits);
+        workingRows[tableName][index] = { ...workingRows[tableName][index], ...cleanPatch };
+        operations.push({ id, op: "update", patch: cleanPatch, table: tableName });
+      },
+      delete(id) {
+        const index = workingRows[tableName].findIndex((row) => row.id === id);
+        if (index === -1) {
+          return;
+        }
+        workingRows[tableName].splice(index, 1);
+        operations.push({ id, op: "delete", table: tableName });
+      }
+    };
+  }
+
+  return {
+    ctx: {
+      auth,
+      db,
+      env,
+      log: {
+        error() {},
+        info() {},
+        warn() {}
+      }
+    },
+    operations
+  };
+}
+
+function headersToObject(headers) {
+  if (!headers) {
+    return {};
+  }
+
+  if (Array.isArray(headers)) {
+    return Object.fromEntries(headers.map(([key, value]) => [String(key), String(value)]));
+  }
+
+  if (typeof headers.entries === "function") {
+    return Object.fromEntries(Array.from(headers.entries()).map(([key, value]) => [String(key), String(value)]));
+  }
+
+  if (isPlainObject(headers)) {
+    return Object.fromEntries(Object.entries(headers).map(([key, value]) => [key, String(value)]));
+  }
+
+  return {};
+}
+
+function bodyToBase64(body) {
+  if (body === undefined || body === null) {
+    return undefined;
+  }
+  if (typeof body === "string") {
+    return nodeBuffer.from(body, "utf8").toString("base64");
+  }
+  if (body instanceof URLSearchParams) {
+    return nodeBuffer.from(body.toString(), "utf8").toString("base64");
+  }
+  if (body instanceof ArrayBuffer) {
+    return nodeBuffer.from(body).toString("base64");
+  }
+  if (ArrayBuffer.isView(body)) {
+    return nodeBuffer.from(body.buffer, body.byteOffset, body.byteLength).toString("base64");
+  }
+  throw new Error("Unsupported source fetch request body.");
+}
+
+function normalizeFetchInput(input, init = {}) {
+  const url = typeof input === "string" || input instanceof URL ? String(input) : input?.url;
+  if (!url) {
+    throw new Error("Source fetch requires a URL.");
+  }
+
+  return {
+    bodyBase64: bodyToBase64(init.body),
+    headers: headersToObject(init.headers ?? input?.headers),
+    method: init.method ?? input?.method ?? "GET",
+    url
+  };
+}
+
+function createBrokeredResponse(response) {
+  const body = nodeBuffer.from(response.bodyBase64 ?? "", "base64");
+  const headers = new Map(Object.entries(response.headers ?? {}).map(([key, value]) => [key.toLowerCase(), String(value)]));
+  return {
+    headers: {
+      entries() {
+        return headers.entries();
+      },
+      get(name) {
+        return headers.get(String(name).toLowerCase()) ?? null;
+      },
+      has(name) {
+        return headers.has(String(name).toLowerCase());
+      }
+    },
+    ok: Boolean(response.ok),
+    redirected: false,
+    status: response.status,
+    statusText: response.statusText ?? "",
+    url: response.url ?? "",
+    async arrayBuffer() {
+      return body.buffer.slice(body.byteOffset, body.byteOffset + body.byteLength);
+    },
+    async json() {
+      return JSON.parse(body.toString("utf8"));
+    },
+    async text() {
+      return body.toString("utf8");
+    }
+  };
+}
+
+function brokeredFetch(input, init = {}) {
+  if (!sendToParent) {
+    return Promise.reject(new Error("Source fetch broker is not available."));
+  }
+
+  const id = nextFetchId;
+  nextFetchId += 1;
+  const request = normalizeFetchInput(input, init);
+  return new Promise((resolve, reject) => {
+    pendingFetches.set(id, { reject, resolve });
+    sendToParent({ id, request, type: "source-runtime.fetch" });
+  }).then(createBrokeredResponse);
+}
+
+function installRestrictedGlobals() {
+  for (const key of Object.keys(nodeProcess.env)) {
+    delete nodeProcess.env[key];
+  }
+
+  const restrictedProcess = Object.freeze({
+    argv: [],
+    env: Object.freeze({}),
+    platform: nodeProcess.platform,
+    versions: Object.freeze({ node: nodeProcess.versions.node })
+  });
+  const globals = {
+    Buffer: undefined,
+    Function: undefined,
+    clearImmediate: undefined,
+    clearInterval: undefined,
+    clearTimeout: undefined,
+    eval: undefined,
+    fetch: brokeredFetch,
+    process: restrictedProcess,
+    setImmediate: undefined,
+    setInterval: undefined,
+    setTimeout: undefined
+  };
+
+  for (const [key, value] of Object.entries(globals)) {
+    try {
+      Object.defineProperty(globalThis, key, {
+        configurable: false,
+        value,
+        writable: false
+      });
+    } catch (error) {
+      throw new Error(`Failed to harden global "${key}": ${error instanceof Error ? error.message : String(error)}`);
+    }
+  }
+}
+
+async function loadSourceApp(artifact) {
+  const source = artifact.server?.source;
+  if (!source) {
+    throw new Error("Artifact does not include a source bundle.");
+  }
+
+  const module = await import(`data:text/javascript;base64,${source.bundle}`);
+  return module.default;
+}
+
+function jsonSafe(value) {
+  return cloneJson(value ?? null);
+}
+
+function sendResult(payload) {
+  sendToParent?.({ ok: true, type: "source-runtime.result", ...payload });
+}
+
+function sendError(error) {
+  sendToParent?.({
+    error: {
+      message: error instanceof Error ? error.message : String(error),
+      name: error instanceof Error ? error.name : "Error"
+    },
+    ok: false,
+    type: "source-runtime.result"
+  });
+}
+
+async function runSource(request) {
+  const app = await loadSourceApp(request.artifact);
+  const source = createSourceContext({
+    artifact: request.artifact,
+    auth: request.auth,
+    env: request.env ?? {},
+    rows: request.rows ?? {}
+  });
+
+  if (request.op === "query") {
+    const handler = app.queries?.[request.name];
+    if (!handler) {
+      throw new Error(`Unknown query: ${request.name}`);
+    }
+    const result = await handler(source.ctx, ...(request.args ?? []));
+    sendResult({ result: jsonSafe(result) });
+    return;
+  }
+
+  if (request.op === "mutation") {
+    const handler = app.mutations?.[request.name];
+    if (!handler) {
+      throw new Error(`Unknown mutation: ${request.name}`);
+    }
+    const result = await handler(source.ctx, ...(request.args ?? []));
+    sendResult({
+      operations: jsonSafe(source.operations),
+      result: jsonSafe(result)
+    });
+    return;
+  }
+
+  throw new Error(`Unsupported source operation: ${request.op}`);
+}
+
+installRestrictedGlobals();
+
+nodeProcess.on("message", (message) => {
+  if (!isPlainObject(message)) {
+    return;
+  }
+
+  if (message.type === "source-runtime.fetch.result") {
+    const pending = pendingFetches.get(message.id);
+    if (!pending) {
+      return;
+    }
+    pendingFetches.delete(message.id);
+    if (message.ok) {
+      pending.resolve(message.response);
+    } else {
+      pending.reject(new Error(message.error?.message ?? "Source fetch failed."));
+    }
+    return;
+  }
+
+  if (message.type === "source-runtime.run") {
+    runSource(message.request).catch(sendError);
+  }
+});