nextly 0.0.1 → 0.0.2-alpha.1

package/dist/chunk-YZZCTONM.mjs

@@ -0,0 +1,263 @@
+// src/schemas/api-keys.ts
+import { z } from "zod";
+var ApiKeyTokenTypeSchema = z.enum(
+  ["read-only", "full-access", "role-based"],
+  { message: "Token type must be one of: read-only, full-access, role-based" }
+);
+var ExpiresInSchema = z.enum(["7d", "30d", "90d", "unlimited"], {
+  message: "Expires in must be one of: 7d, 30d, 90d, unlimited"
+});
+var CreateApiKeySchema = z.object({
+  /** Human-readable label, e.g. "Frontend App Key". */
+  name: z.string().min(1, "Name is required").max(255, "Name must be 255 characters or less"),
+  /** Optional documentation string for the key. */
+  description: z.string().optional(),
+  /** Determines how permissions are resolved on each request. */
+  tokenType: ApiKeyTokenTypeSchema,
+  /**
+   * ID of the role whose permissions this key will use.
+   * Required when tokenType is "role-based"; must be absent otherwise.
+   */
+  roleId: z.string().min(1, "Role ID is required").optional(),
+  /** How long the key is valid for. "unlimited" = no expiry. */
+  expiresIn: ExpiresInSchema
+}).superRefine((data, ctx) => {
+  if (data.tokenType === "role-based" && !data.roleId) {
+    ctx.addIssue({
+      code: z.ZodIssueCode.custom,
+      message: "A role must be selected for role-based token type",
+      path: ["roleId"]
+    });
+  }
+  if (data.tokenType !== "role-based" && data.roleId !== void 0) {
+    ctx.addIssue({
+      code: z.ZodIssueCode.custom,
+      message: "roleId must not be provided for non-role-based token types",
+      path: ["roleId"]
+    });
+  }
+});
+var UpdateApiKeySchema = z.object({
+  /** Updated human-readable label. Omit to leave unchanged. */
+  name: z.string().min(1, "Name cannot be empty").max(255, "Name must be 255 characters or less").optional(),
+  /**
+   * Updated documentation string.
+   * - Omit (undefined) to leave unchanged.
+   * - Pass null to explicitly clear the description.
+   */
+  description: z.string().nullable().optional()
+});
+
+// src/middleware/cors.ts
+var DEFAULT_METHODS = ["GET", "POST", "PATCH", "DELETE", "OPTIONS"];
+var DEFAULT_ALLOWED_HEADERS = ["Content-Type", "Authorization"];
+var DEFAULT_EXPOSED_HEADERS = [
+  "X-RateLimit-Limit",
+  "X-RateLimit-Remaining",
+  "X-RateLimit-Reset"
+];
+var DEFAULT_MAX_AGE = 86400;
+function resolveOriginMode(origins) {
+  if (origins.length === 0) return "none";
+  if (origins.length === 1 && origins[0] === "*") return "wildcard";
+  return "allowlist";
+}
+function isOriginAllowed(requestOrigin, allowlist) {
+  return allowlist.includes(requestOrigin);
+}
+function createCorsMiddleware(config) {
+  const origins = config?.origin ?? [];
+  const methods = config?.methods ?? DEFAULT_METHODS;
+  const allowedHeaders = config?.allowedHeaders ?? DEFAULT_ALLOWED_HEADERS;
+  const exposedHeaders = config?.exposedHeaders ?? DEFAULT_EXPOSED_HEADERS;
+  const credentials = config?.credentials ?? true;
+  const maxAge = config?.maxAge ?? DEFAULT_MAX_AGE;
+  const mode = resolveOriginMode(origins);
+  const methodsString = methods.join(", ");
+  const allowedHeadersString = allowedHeaders.join(", ");
+  const exposedHeadersString = exposedHeaders.join(", ");
+  const maxAgeString = String(maxAge);
+  if (mode === "wildcard" && process.env.NODE_ENV === "production") {
+    console.warn(
+      "[nextly] CORS origin is set to '*' (wildcard) in production. This allows any website to make cross-origin requests to your API. Consider restricting to specific origins for production use."
+    );
+  }
+  if (mode === "none") {
+    return {
+      handlePreflight(_request) {
+        if (_request.method === "OPTIONS") {
+          return new Response(null, {
+            status: 204,
+            headers: { "Content-Length": "0" }
+          });
+        }
+        return null;
+      },
+      applyHeaders(_request, response) {
+        return response;
+      }
+    };
+  }
+  if (mode === "wildcard") {
+    return {
+      handlePreflight(request) {
+        if (request.method !== "OPTIONS") return null;
+        return new Response(null, {
+          status: 204,
+          headers: {
+            "Access-Control-Allow-Origin": "*",
+            "Access-Control-Allow-Methods": methodsString,
+            "Access-Control-Allow-Headers": allowedHeadersString,
+            "Access-Control-Max-Age": maxAgeString,
+            "Content-Length": "0"
+          }
+        });
+      },
+      applyHeaders(_request, response) {
+        const newHeaders = new Headers(response.headers);
+        newHeaders.set("Access-Control-Allow-Origin", "*");
+        if (exposedHeadersString) {
+          newHeaders.set("Access-Control-Expose-Headers", exposedHeadersString);
+        }
+        return new Response(response.body, {
+          status: response.status,
+          statusText: response.statusText,
+          headers: newHeaders
+        });
+      }
+    };
+  }
+  const originSet = new Set(origins);
+  return {
+    handlePreflight(request) {
+      if (request.method !== "OPTIONS") return null;
+      const requestOrigin = request.headers.get("Origin");
+      const headers = {
+        "Access-Control-Allow-Methods": methodsString,
+        "Access-Control-Allow-Headers": allowedHeadersString,
+        "Access-Control-Max-Age": maxAgeString,
+        Vary: "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
+        "Content-Length": "0"
+      };
+      if (requestOrigin && isOriginAllowed(requestOrigin, [...originSet])) {
+        headers["Access-Control-Allow-Origin"] = requestOrigin;
+        if (credentials) {
+          headers["Access-Control-Allow-Credentials"] = "true";
+        }
+      }
+      return new Response(null, { status: 204, headers });
+    },
+    applyHeaders(request, response) {
+      const requestOrigin = request.headers.get("Origin");
+      if (!requestOrigin) return response;
+      if (!isOriginAllowed(requestOrigin, [...originSet])) {
+        const newHeaders2 = new Headers(response.headers);
+        newHeaders2.append("Vary", "Origin");
+        return new Response(response.body, {
+          status: response.status,
+          statusText: response.statusText,
+          headers: newHeaders2
+        });
+      }
+      const newHeaders = new Headers(response.headers);
+      newHeaders.set("Access-Control-Allow-Origin", requestOrigin);
+      newHeaders.append("Vary", "Origin");
+      if (credentials) {
+        newHeaders.set("Access-Control-Allow-Credentials", "true");
+      }
+      if (exposedHeadersString) {
+        newHeaders.set("Access-Control-Expose-Headers", exposedHeadersString);
+      }
+      return new Response(response.body, {
+        status: response.status,
+        statusText: response.statusText,
+        headers: newHeaders
+      });
+    }
+  };
+}
+
+// src/middleware/security-headers.ts
+var DEFAULT_CSP = [
+  "default-src 'self'",
+  "script-src 'self'",
+  "style-src 'self' 'unsafe-inline'",
+  "img-src 'self' data: blob:",
+  "font-src 'self' data:",
+  "connect-src 'self'",
+  "frame-ancestors 'none'",
+  "base-uri 'self'",
+  "form-action 'self'",
+  "object-src 'none'"
+].join("; ");
+var DEFAULT_HEADERS = {
+  contentSecurityPolicy: {
+    header: "Content-Security-Policy",
+    value: DEFAULT_CSP
+  },
+  xContentTypeOptions: {
+    header: "X-Content-Type-Options",
+    value: "nosniff"
+  },
+  xFrameOptions: {
+    header: "X-Frame-Options",
+    value: "DENY"
+  },
+  strictTransportSecurity: {
+    header: "Strict-Transport-Security",
+    value: "max-age=31536000; includeSubDomains"
+  },
+  referrerPolicy: {
+    header: "Referrer-Policy",
+    value: "strict-origin-when-cross-origin"
+  },
+  permissionsPolicy: {
+    header: "Permissions-Policy",
+    value: "camera=(), microphone=(), geolocation=()"
+  }
+};
+function buildHeaderMap(config) {
+  const isProduction = process.env.NODE_ENV === "production";
+  const entries = [];
+  for (const [key, def] of Object.entries(DEFAULT_HEADERS)) {
+    const configKey = key;
+    const userValue = config?.[configKey];
+    if (userValue === false) {
+      continue;
+    }
+    if (configKey === "strictTransportSecurity") {
+      if (userValue === void 0 && !isProduction) {
+        continue;
+      }
+    }
+    const value = typeof userValue === "string" ? userValue : def.value;
+    entries.push([def.header, value]);
+  }
+  return entries;
+}
+function createSecurityHeadersMiddleware(config) {
+  const headerEntries = buildHeaderMap(config);
+  if (headerEntries.length === 0) {
+    return (response) => response;
+  }
+  return function applySecurityHeaders(response) {
+    const newHeaders = new Headers(response.headers);
+    for (const [name, value] of headerEntries) {
+      newHeaders.set(name, value);
+    }
+    return new Response(response.body, {
+      status: response.status,
+      statusText: response.statusText,
+      headers: newHeaders
+    });
+  };
+}
+
+export {
+  ApiKeyTokenTypeSchema,
+  ExpiresInSchema,
+  CreateApiKeySchema,
+  UpdateApiKeySchema,
+  createCorsMiddleware,
+  createSecurityHeadersMiddleware
+};

package/dist/chunk-ZE6A3FYH.mjs

@@ -0,0 +1,289 @@
+import {
+  defineConfig
+} from "./chunk-GDBJ5JCU.mjs";
+import {
+  NextlyError
+} from "./chunk-NRUWQ5Z7.mjs";
+
+// src/cli/utils/config-loader.ts
+import { existsSync, watch } from "fs";
+import { resolve, dirname as dirname2 } from "path";
+
+// src/cli/utils/config-bundler.ts
+import { randomUUID } from "crypto";
+import { mkdir, rm } from "fs/promises";
+import { dirname, join, basename, extname } from "path";
+import { pathToFileURL } from "url";
+import { build } from "esbuild";
+var opaqueImport = new Function(
+  "path",
+  "return import(path)"
+);
+async function bundleAndRequire(options) {
+  const { filepath } = options;
+  const projectRoot = options.cwd ?? dirname(filepath);
+  const cacheRoot = join(projectRoot, "node_modules", ".cache", "nextly");
+  await mkdir(cacheRoot, { recursive: true });
+  const ext = extname(filepath);
+  const baseNoExt = basename(filepath, ext);
+  const outFile = join(cacheRoot, `${baseNoExt}.${randomUUID()}.mjs`);
+  const nodeModulesExternalPlugin = {
+    name: "external-node-modules",
+    setup(b) {
+      b.onResolve({ filter: /.*/ }, (args) => {
+        if (args.kind === "entry-point" || args.path.startsWith(".") || args.path.startsWith("/")) {
+          return void 0;
+        }
+        return { path: args.path, external: true };
+      });
+    }
+  };
+  try {
+    const result = await build({
+      entryPoints: [filepath],
+      bundle: true,
+      platform: "node",
+      target: "node20",
+      format: "esm",
+      outfile: outFile,
+      external: options.external,
+      sourcemap: false,
+      metafile: true,
+      logLevel: "silent",
+      plugins: [nodeModulesExternalPlugin],
+      // absWorkingDir lets esbuild resolve relative imports from
+      // the user's project, not nextly's package directory.
+      absWorkingDir: options.cwd
+    });
+    const mod = await opaqueImport(pathToFileURL(outFile).toString());
+    const dependencies = result.metafile ? Object.keys(result.metafile.inputs) : [];
+    return { mod, dependencies };
+  } finally {
+    try {
+      await rm(outFile, { force: true });
+    } catch {
+    }
+  }
+}
+
+// src/cli/utils/config-loader.ts
+var CONFIG_FILE_NAMES = [
+  "nextly.config.ts",
+  "nextly.config.mts",
+  "nextly.config.js",
+  "nextly.config.mjs"
+];
+var CONFIG_SEARCH_DIRS = [".", "./src", "./config"];
+var cachedConfig = null;
+var fileWatcher = null;
+var changeCallbacks = /* @__PURE__ */ new Set();
+function findConfigFile(cwd) {
+  for (const dir of CONFIG_SEARCH_DIRS) {
+    for (const fileName of CONFIG_FILE_NAMES) {
+      const filePath = resolve(cwd, dir, fileName);
+      if (existsSync(filePath)) {
+        return filePath;
+      }
+    }
+  }
+  return void 0;
+}
+function debugLog(options, ...args) {
+  if (options.debug) {
+    console.log("[config-loader]", ...args);
+  }
+}
+function startWatching(configPath, options) {
+  stopWatching();
+  debugLog(options, "Starting file watcher for:", configPath);
+  fileWatcher = watch(configPath, (eventType) => {
+    void (async () => {
+      if (eventType === "change") {
+        debugLog(options, "Config file changed, reloading...");
+        cachedConfig = null;
+        try {
+          const result = await loadConfigInternal(options);
+          for (const callback of changeCallbacks) {
+            try {
+              callback(result);
+            } catch (error) {
+              console.error("[config-loader] Error in change callback:", error);
+            }
+          }
+        } catch (error) {
+          console.error("[config-loader] Error reloading config:", error);
+        }
+      }
+    })();
+  });
+  fileWatcher.on("error", (error) => {
+    console.error("[config-loader] File watcher error:", error);
+  });
+}
+function stopWatching() {
+  if (fileWatcher) {
+    fileWatcher.close();
+    fileWatcher = null;
+  }
+}
+async function loadConfigInternal(options) {
+  const cwd = options.cwd ?? process.cwd();
+  const configPath = options.configPath ? resolve(cwd, options.configPath) : findConfigFile(cwd);
+  if (!configPath) {
+    debugLog(options, "No config file found, using default config");
+    return {
+      config: defineConfig({}),
+      configPath: void 0,
+      dependencies: []
+    };
+  }
+  if (!existsSync(configPath)) {
+    throw new NextlyError({
+      code: "INVALID_INPUT",
+      publicMessage: "Failed to load Nextly configuration.",
+      statusCode: 400,
+      logMessage: "Config loader error",
+      logContext: { configPath, reason: "config-not-found" }
+    });
+  }
+  debugLog(options, "Loading config from:", configPath);
+  try {
+    const { mod, dependencies } = await bundleAndRequire({
+      filepath: configPath,
+      cwd: dirname2(configPath),
+      external: [
+        "nextly",
+        "@nextly/*",
+        "drizzle-orm",
+        "drizzle-orm/*",
+        "better-sqlite3",
+        "pg",
+        "mysql2",
+        "next",
+        "next/*",
+        "react",
+        "react-dom",
+        "dotenv",
+        "crypto",
+        "fs",
+        "path",
+        "node:*"
+      ]
+    });
+    const rawConfig = mod.default ?? mod;
+    if (!rawConfig || typeof rawConfig !== "object") {
+      throw new NextlyError({
+        code: "INVALID_INPUT",
+        publicMessage: "Failed to load Nextly configuration.",
+        statusCode: 400,
+        logMessage: "Config loader error",
+        logContext: {
+          configPath,
+          reason: "invalid-config-export",
+          exportType: typeof rawConfig
+        }
+      });
+    }
+    let config = defineConfig(rawConfig);
+    const plugins = config.plugins ?? [];
+    if (plugins.length > 0) {
+      let transformedConfig = { ...config };
+      for (const plugin of plugins) {
+        if (plugin.config) {
+          try {
+            transformedConfig = plugin.config(transformedConfig);
+          } catch (error) {
+            throw new NextlyError({
+              code: "INVALID_INPUT",
+              publicMessage: "Failed to load Nextly configuration.",
+              statusCode: 400,
+              logMessage: "Config loader error",
+              logContext: {
+                configPath,
+                reason: "plugin-config-transformer-failed",
+                pluginName: plugin.name,
+                cause: error instanceof Error ? error.message : String(error)
+              },
+              cause: error instanceof Error ? error : void 0
+            });
+          }
+        }
+      }
+      config = {
+        ...config,
+        collections: transformedConfig.collections ?? config.collections,
+        singles: transformedConfig.singles ?? config.singles,
+        plugins: transformedConfig.plugins ?? config.plugins,
+        storage: transformedConfig.storage ?? config.storage
+      };
+      debugLog(
+        options,
+        `Applied config transformers from ${plugins.length} plugin(s)`
+      );
+    }
+    debugLog(options, "Config loaded successfully");
+    debugLog(options, "Dependencies:", dependencies);
+    return {
+      config,
+      configPath,
+      dependencies
+    };
+  } catch (error) {
+    if (NextlyError.is(error)) {
+      throw error;
+    }
+    throw new NextlyError({
+      code: "INVALID_INPUT",
+      publicMessage: "Failed to load Nextly configuration.",
+      statusCode: 400,
+      logMessage: "Config loader error",
+      logContext: {
+        configPath,
+        reason: "load-error",
+        cause: error instanceof Error ? error.message : String(error)
+      },
+      cause: error instanceof Error ? error : void 0
+    });
+  }
+}
+async function loadConfig(options = {}) {
+  if (cachedConfig && !options.watch) {
+    debugLog(options, "Returning cached config");
+    return cachedConfig;
+  }
+  const result = await loadConfigInternal(options);
+  cachedConfig = result;
+  if (options.watch && result.configPath) {
+    startWatching(result.configPath, options);
+  }
+  return result;
+}
+function watchConfig(callback) {
+  changeCallbacks.add(callback);
+  return () => {
+    changeCallbacks.delete(callback);
+  };
+}
+function clearConfigCache() {
+  cachedConfig = null;
+  stopWatching();
+  changeCallbacks.clear();
+}
+function getCachedConfig() {
+  return cachedConfig;
+}
+function findNextlyConfig(cwd = process.cwd()) {
+  return findConfigFile(cwd);
+}
+var SUPPORTED_EXTENSIONS = CONFIG_FILE_NAMES;
+var SEARCH_DIRECTORIES = CONFIG_SEARCH_DIRS;
+
+export {
+  loadConfig,
+  watchConfig,
+  clearConfigCache,
+  getCachedConfig,
+  findNextlyConfig,
+  SUPPORTED_EXTENSIONS,
+  SEARCH_DIRECTORIES
+};

package/dist/cli/nextly.mjs

@@ -0,0 +1,68 @@
+#!/usr/bin/env node
+
+// src/cli/nextly.ts
+import { existsSync } from "fs";
+import { join } from "path";
+import { config } from "dotenv";
+var envPath = join(process.cwd(), ".env");
+if (existsSync(envPath)) {
+  config({ path: envPath });
+}
+async function main() {
+  const { createProgram } = await import("../program-PW6UB2ZC.mjs");
+  const { createLogger } = await import("../logger-NU46DXNY.mjs");
+  const { NextlyError } = await import("../errors/index.mjs");
+  const telemetry = await import("../dist-M2NOU37V.mjs");
+  const program = createProgram();
+  try {
+    await program.parseAsync(process.argv);
+  } catch (error) {
+    const logger = createLogger();
+    try {
+      telemetry.capture("command_failed", {
+        command: process.argv[2] ?? "unknown",
+        duration_ms: 0,
+        error_code: telemetry.classifyError(error, "other")
+      });
+      await telemetry.shutdown();
+    } catch {
+    }
+    const debugMode = process.env.DEBUG === "true" || process.env.DEBUG === "1";
+    if (NextlyError.is(error)) {
+      logger.error(error.publicMessage);
+      const ctxParts = [`[${String(error.code)}]`];
+      if (error.logContext) {
+        for (const [k, v] of Object.entries(error.logContext)) {
+          if (v === void 0) continue;
+          ctxParts.push(
+            `${k}=${typeof v === "string" ? v : JSON.stringify(v)}`
+          );
+        }
+      }
+      if (ctxParts.length > 1) {
+        console.error(ctxParts.join(" "));
+      }
+      if (debugMode && error.cause?.stack) {
+        logger.newline();
+        console.error(error.cause.stack);
+      }
+    } else if (error instanceof Error) {
+      if ("code" in error) {
+        process.exit(1);
+      }
+      logger.error(error.message);
+      if (debugMode) {
+        logger.newline();
+        console.error(error.stack);
+      }
+    } else {
+      logger.error("An unexpected error occurred");
+      console.error(error);
+    }
+    process.exit(1);
+  }
+}
+main().catch((error) => {
+  console.error("Fatal error:", error);
+  process.exit(1);
+});