tileserver-gl-light 5.5.0-pre.1 → 5.5.0-pre.12

package/src/serve_style.js

@@ -35,7 +35,7 @@ export const serve_style = {
      */
     app.get('/:id/style.json', (req, res, next) => {
       const { id } = req.params;
-      if (verbose) {
+      if (verbose >= 1) {
         console.log(
           'Handling style request for: /styles/%s/style.json',
           String(id).replace(/\n|\r/g, ''),
@@ -95,7 +95,7 @@ export const serve_style = {
         const sanitizedFormat = format
           ? '.' + String(format).replace(/\n|\r/g, '')
           : '';
-        if (verbose) {
+        if (verbose >= 1) {
           console.log(
             `Handling sprite request for: /styles/%s/sprite/%s%s%s`,
             sanitizedId,
@@ -108,7 +108,7 @@ export const serve_style = {
         const item = repo[id];
         const validatedFormat = allowedSpriteFormats(format);
         if (!item || !validatedFormat) {
-          if (verbose)
+          if (verbose >= 1)
             console.error(
               `Sprite item or format not found for: /styles/%s/sprite/%s%s%s`,
               sanitizedId,
@@ -123,7 +123,7 @@ export const serve_style = {
         );
         const spriteScale = allowedSpriteScales(scale);
         if (!sprite || spriteScale === null) {
-          if (verbose)
+          if (verbose >= 1)
             console.error(
               `Bad Sprite ID or Scale for: /styles/%s/sprite/%s%s%s`,
               sanitizedId,
@@ -147,7 +147,7 @@ export const serve_style = {
 
         const sanitizedSpritePath = sprite.path.replace(/^(\.\.\/)+/, '');
         const filename = `${sanitizedSpritePath}${spriteScale}.${validatedFormat}`;
-        if (verbose) console.log(`Loading sprite from: %s`, filename);
+        if (verbose >= 1) console.log(`Loading sprite from: %s`, filename);
         try {
           const data = await readFile(filename);
 
@@ -156,7 +156,7 @@ export const serve_style = {
           } else if (validatedFormat === 'png') {
             res.header('Content-type', 'image/png');
           }
-          if (verbose)
+          if (verbose >= 1)
             console.log(
               `Responding with sprite data for /styles/%s/sprite/%s%s%s`,
               sanitizedId,
@@ -167,7 +167,7 @@ export const serve_style = {
           res.set({ 'Last-Modified': item.lastModified });
           return res.send(data);
         } catch (err) {
-          if (verbose) {
+          if (verbose >= 1) {
             console.error(
               'Sprite load error: %s, Error: %s',
               filename,
@@ -217,7 +217,28 @@ export const serve_style = {
     const styleFile = path.resolve(options.paths.styles, params.style);
     const styleJSON = clone(style);
 
-    const validationErrors = validateStyleMin(styleJSON);
+    // Sanitize style for validation: remove non-spec properties (e.g., 'sparse')
+    // so that validateStyleMin doesn't reject valid styles containing our custom flags.
+    const styleForValidation = clone(styleJSON);
+    if (styleForValidation.sources) {
+      for (const name of Object.keys(styleForValidation.sources)) {
+        if (
+          // eslint-disable-next-line security/detect-object-injection -- name is from Object.keys of styleForValidation.sources
+          styleForValidation.sources[name] &&
+          // eslint-disable-next-line security/detect-object-injection -- name is from Object.keys of styleForValidation.sources
+          'sparse' in styleForValidation.sources[name]
+        ) {
+          try {
+            // eslint-disable-next-line security/detect-object-injection -- name is from Object.keys of styleForValidation.sources
+            delete styleForValidation.sources[name].sparse;
+          } catch (_err) {
+            // ignore any deletion errors and continue validation
+          }
+        }
+      }
+    }
+
+    const validationErrors = validateStyleMin(styleForValidation);
     if (validationErrors.length > 0) {
       console.log(`The file "${params.style}" is not a valid style file:`);
       for (const err of validationErrors) {

package/src/server.js

@@ -31,9 +31,9 @@ const packageJson = JSON.parse(
 );
 const isLight = packageJson.name.slice(-6) === '-light';
 
-const serve_rendered = (
-  await import(`${!isLight ? `./serve_rendered.js` : `./serve_light.js`}`)
-).serve_rendered;
+const { serve_rendered } = await import(
+  `${!isLight ? `./serve_rendered.js` : `./serve_light.js`}`
+);
 
 /**
  *  Starts the server.
@@ -60,8 +60,7 @@ async function start(opts) {
     app.use(
       morgan(logFormat, {
         stream: opts.logFile
-          ? // eslint-disable-next-line security/detect-non-literal-fs-filename -- logFile is from CLI/config, admin-controlled
-            fs.createWriteStream(opts.logFile, { flags: 'a' })
+          ? fs.createWriteStream(opts.logFile, { flags: 'a' })
           : process.stdout,
         skip: (req, res) =>
           opts.silent && (res.statusCode === 200 || res.statusCode === 304),
@@ -74,9 +73,8 @@ async function start(opts) {
   if (opts.configPath) {
     configPath = path.resolve(opts.configPath);
     try {
-      // eslint-disable-next-line security/detect-non-literal-fs-filename -- configPath is from CLI argument, expected behavior
       config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
-    } catch (e) {
+    } catch {
       console.log('ERROR: Config file not found or invalid!');
       console.log('   See README.md for instructions and sample data.');
       process.exit(1);
@@ -109,8 +107,7 @@ async function start(opts) {
   const startupPromises = [];
 
   for (const type of Object.keys(paths)) {
-    // eslint-disable-next-line security/detect-object-injection -- type is from Object.keys of paths config
-    // eslint-disable-next-line security/detect-non-literal-fs-filename, security/detect-object-injection -- paths[type] constructed from validated config paths
+    // eslint-disable-next-line security/detect-object-injection -- paths[type] constructed from validated config paths
     if (!fs.existsSync(paths[type])) {
       console.error(
         // eslint-disable-next-line security/detect-object-injection -- type is from Object.keys of paths config
@@ -128,7 +125,7 @@ async function start(opts) {
    */
   async function getFiles(directory) {
     // Fetch all entries of the directory and attach type information
-    // eslint-disable-next-line security/detect-non-literal-fs-filename -- directory is constructed from validated config paths
+
     const dirEntries = await fs.promises.readdir(directory, {
       withFileTypes: true,
     });
@@ -157,12 +154,13 @@ async function start(opts) {
 
   if (options.dataDecorator) {
     try {
-      // eslint-disable-next-line security/detect-non-literal-require -- dataDecorator path is from config file, admin-controlled
-      options.dataDecoratorFunc = require(
-        path.resolve(paths.root, options.dataDecorator),
-      );
+      const dataDecoratorPath = path.resolve(paths.root, options.dataDecorator);
+
+      const module = await import(dataDecoratorPath);
+      options.dataDecoratorFunc = module.default;
     } catch (e) {
-      // Silently fail if dataDecorator cannot be loaded
+      console.error(`Error loading data decorator: ${e}`);
+      // Intentionally don't set options.dataDecoratorFunc - let it remain undefined
     }
   }
 
@@ -204,12 +202,13 @@ async function start(opts) {
         styleJSON = await res.json();
       } else {
         const styleFile = path.resolve(options.paths.styles, item.style);
-        // eslint-disable-next-line security/detect-non-literal-fs-filename -- styleFile constructed from config base path and style name
+
         const styleFileData = await fs.promises.readFile(styleFile);
         styleJSON = JSON.parse(styleFileData);
       }
-    } catch (e) {
+    } catch (err) {
       console.log(`Error getting style file "${item.style}"`);
+      console.error(err && err.stack ? err.stack : err);
       return false;
     }
 
@@ -224,17 +223,20 @@ async function start(opts) {
         (styleSourceId, protocol) => {
           let dataItemId;
           for (const id of Object.keys(data)) {
-            // eslint-disable-next-line security/detect-object-injection -- id is from Object.keys of data config
             if (id === styleSourceId) {
               // Style id was found in data ids, return that id
               dataItemId = id;
+              break;
             } else {
               // eslint-disable-next-line security/detect-object-injection -- id is from Object.keys of data config
-              const fileType = Object.keys(data[id])[0];
-              // eslint-disable-next-line security/detect-object-injection -- id is from Object.keys of data config, fileType is from Object.keys
-              if (data[id][fileType] === styleSourceId) {
-                // Style id was found in data filename, return the id that filename belong to
+              const sourceData = data[id];
+
+              if (
+                (sourceData.pmtiles && sourceData.pmtiles === styleSourceId) ||
+                (sourceData.mbtiles && sourceData.mbtiles === styleSourceId)
+              ) {
                 dataItemId = id;
+                break;
               }
             }
           }
@@ -289,10 +291,21 @@ async function start(opts) {
             function dataResolver(styleSourceId) {
               let resolvedFileType;
               let resolvedInputFile;
-              let resolvedSparse = false;
               let resolvedS3Profile;
               let resolvedRequestPayer;
               let resolvedS3Region;
+              let resolvedS3UrlFormat;
+              let resolvedSparse;
+
+              // Debug logging to see what we're trying to match
+              if (opts.verbose >= 3) {
+                console.log(
+                  `[dataResolver] Looking for styleSourceId: ${styleSourceId}`,
+                );
+                console.log(
+                  `[dataResolver] Available data keys: ${Object.keys(data).join(', ')}`,
+                );
+              }
 
               for (const id of Object.keys(data)) {
                 // eslint-disable-next-line security/detect-object-injection -- id is from Object.keys of data config
@@ -301,45 +314,64 @@ async function start(opts) {
                 let currentInputFileValue;
 
                 // Check for recognized file type keys
-                if (sourceData.hasOwnProperty('pmtiles')) {
+                if (Object.hasOwn(sourceData, 'pmtiles')) {
                   currentFileType = 'pmtiles';
                   currentInputFileValue = sourceData.pmtiles;
-                } else if (sourceData.hasOwnProperty('mbtiles')) {
+                } else if (Object.hasOwn(sourceData, 'mbtiles')) {
                   currentFileType = 'mbtiles';
                   currentInputFileValue = sourceData.mbtiles;
                 }
 
                 if (currentFileType && currentInputFileValue) {
+                  // Debug logging
+                  if (opts.verbose >= 3) {
+                    console.log(
+                      `[dataResolver] Checking id="${id}", file="${currentInputFileValue}"`,
+                    );
+                  }
+
                   // Check if this source matches the styleSourceId
-                  if (
-                    styleSourceId === id ||
-                    styleSourceId === currentInputFileValue
-                  ) {
+                  // Match by ID, by file path, or by base filename
+                  const matchById = styleSourceId === id;
+                  const matchByFile = styleSourceId === currentInputFileValue;
+                  const matchByBasename =
+                    styleSourceId.includes(currentInputFileValue) ||
+                    currentInputFileValue.includes(styleSourceId);
+
+                  if (matchById || matchByFile || matchByBasename) {
+                    if (opts.verbose >= 2) {
+                      console.log(
+                        `[dataResolver] Match found for styleSourceId: ${styleSourceId}. (byId=${matchById}, byFile=${matchByFile}, byBasename=${matchByBasename})`,
+                      );
+                    }
+
                     resolvedFileType = currentFileType;
                     resolvedInputFile = currentInputFileValue;
 
-                    // Get sparse if present
-                    if (sourceData.hasOwnProperty('sparse')) {
-                      resolvedSparse = !!sourceData.sparse;
-                    } else {
-                      resolvedSparse = false;
-                    }
-
                     // Get s3Profile if present
-                    if (sourceData.hasOwnProperty('s3Profile')) {
+                    if (Object.hasOwn(sourceData, 's3Profile')) {
                       resolvedS3Profile = sourceData.s3Profile;
                     }
 
+                    // Get s3UrlFormat if present
+                    if (Object.hasOwn(sourceData, 's3UrlFormat')) {
+                      resolvedS3UrlFormat = sourceData.s3UrlFormat;
+                    }
+
                     // Get requestPayer if present
-                    if (sourceData.hasOwnProperty('requestPayer')) {
+                    if (Object.hasOwn(sourceData, 'requestPayer')) {
                       resolvedRequestPayer = !!sourceData.requestPayer;
                     }
 
                     // Get s3Region if present
-                    if (sourceData.hasOwnProperty('s3Region')) {
+                    if (Object.hasOwn(sourceData, 's3Region')) {
                       resolvedS3Region = sourceData.s3Region;
                     }
 
+                    // Get sparse: per-source overrides global, default to true
+                    resolvedSparse =
+                      sourceData.sparse ?? options.sparse ?? true;
+
                     break; // Found our match, exit the outer loop
                   }
                 }
@@ -350,13 +382,23 @@ async function start(opts) {
                 console.warn(
                   `Data source not found for styleSourceId: ${styleSourceId}`,
                 );
+                console.warn(
+                  `Available data sources: ${Object.keys(data)
+                    .map((id) => {
+                      // eslint-disable-next-line security/detect-object-injection
+                      const src = data[id];
+                      return `${id} -> ${src.pmtiles || src.mbtiles || 'unknown'}`;
+                    })
+                    .join(', ')}`,
+                );
                 return {
                   inputFile: undefined,
                   fileType: undefined,
-                  sparse: false,
                   s3Profile: undefined,
                   requestPayer: false,
                   s3Region: undefined,
+                  s3UrlFormat: undefined,
+                  sparse: true,
                 };
               }
 
@@ -384,10 +426,11 @@ async function start(opts) {
               return {
                 inputFile: resolvedInputFile,
                 fileType: resolvedFileType,
-                sparse: resolvedSparse,
                 s3Profile: resolvedS3Profile,
                 requestPayer: resolvedRequestPayer,
                 s3Region: resolvedS3Region,
+                s3UrlFormat: resolvedS3UrlFormat,
+                sparse: resolvedSparse,
               };
             },
           ),
@@ -399,6 +442,8 @@ async function start(opts) {
     return success;
   }
 
+  // Collect style loading promises separately
+  const stylePromises = [];
   for (const id of Object.keys(config.styles || {})) {
     // eslint-disable-next-line security/detect-object-injection -- id is from Object.keys of config.styles
     const item = config.styles[id];
@@ -406,28 +451,39 @@ async function start(opts) {
       console.log(`Missing "style" property for ${id}`);
       continue;
     }
-    startupPromises.push(addStyle(id, item, true, true));
+    stylePromises.push(addStyle(id, item, true, true));
   }
+
+  // Wait for styles to finish loading, then load data sources
+  // This ensures data sources added by styles are included
+  startupPromises.push(
+    Promise.all(stylePromises).then(() => {
+      const dataLoadPromises = [];
+      for (const id of Object.keys(data)) {
+        // eslint-disable-next-line security/detect-object-injection -- id is from Object.keys of data config
+        const item = data[id];
+
+        if (!item.pmtiles && !item.mbtiles) {
+          console.log(
+            `Missing "pmtiles" or "mbtiles" property for ${id} data source`,
+          );
+          continue;
+        }
+
+        dataLoadPromises.push(
+          serve_data.add(options, serving.data, item, id, opts),
+        );
+      }
+      return Promise.all(dataLoadPromises);
+    }),
+  );
+
   startupPromises.push(
     serve_font(options, serving.fonts, opts).then((sub) => {
       app.use('/', sub);
     }),
   );
-  for (const id of Object.keys(data)) {
-    // eslint-disable-next-line security/detect-object-injection -- id is from Object.keys of data config
-    const item = data[id];
-    // eslint-disable-next-line security/detect-object-injection -- id is from Object.keys of data config
-    const fileType = Object.keys(data[id])[0];
-    if (!fileType || !(fileType === 'pmtiles' || fileType === 'mbtiles')) {
-      console.log(
-        `Missing "pmtiles" or "mbtiles" property for ${id} data source`,
-      );
-      continue;
-    }
-    startupPromises.push(serve_data.add(options, serving.data, item, id, opts));
-  }
   if (options.serveAllStyles) {
-    // eslint-disable-next-line security/detect-non-literal-fs-filename -- options.paths.styles is from validated config
     fs.readdir(options.paths.styles, { withFileTypes: true }, (err, files) => {
       if (err) {
         return;
@@ -599,11 +655,10 @@ async function start(opts) {
       }
     }
     try {
-      // eslint-disable-next-line security/detect-non-literal-fs-filename -- templateFile is from internal templates or config-specified path
       const content = fs.readFileSync(templateFile, 'utf-8');
       const compiled = handlebars.compile(content.toString());
       app.get(urlPath, (req, res, next) => {
-        if (opts.verbose) {
+        if (opts.verbose >= 1) {
           console.log(`Serving template at path: ${urlPath}`);
         }
         let data = {};
@@ -623,7 +678,7 @@ async function start(opts) {
             if (template === 'wmts') res.set('Content-Type', 'text/xml');
             return res.status(200).send(compiled(data));
           } else {
-            if (opts.verbose) {
+            if (opts.verbose >= 1) {
               console.log(`Forwarding request for: ${urlPath} to next route`);
             }
             next('route');
@@ -793,7 +848,7 @@ async function start(opts) {
       return null;
     }
 
-    if (wmts.hasOwnProperty('serve_rendered') && !wmts.serve_rendered) {
+    if (Object.hasOwn(wmts, 'serve_rendered') && !wmts.serve_rendered) {
       return null;
     }
 

package/src/utils.js

@@ -40,7 +40,6 @@ export function allowedScales(scale, maxScale = 9) {
     return 1;
   }
 
-  // eslint-disable-next-line security/detect-non-literal-regexp -- maxScale is a number parameter, not user input
   const regex = new RegExp(`^[2-${maxScale}]x$`);
   if (!regex.test(scale)) {
     return null;
@@ -161,14 +160,13 @@ export function getTileUrls(
     const hostParts = urlObject.host.split('.');
     const relativeSubdomainsUsable =
       hostParts.length > 1 &&
-      // eslint-disable-next-line security/detect-unsafe-regex -- Simple IPv4 validation, no nested quantifiers
-      !/^([0-9]{1,3}\.){3}[0-9]{1,3}(\:[0-9]+)?$/.test(urlObject.host);
+      !/^([0-9]{1,3}\.){3}[0-9]{1,3}(:[0-9]+)?$/.test(urlObject.host);
     const newDomains = [];
     for (const domain of domains) {
       if (domain.indexOf('*') !== -1) {
         if (relativeSubdomainsUsable) {
           const newParts = hostParts.slice(1);
-          newParts.unshift(domain.replace('*', hostParts[0]));
+          newParts.unshift(domain.replace(/\*/g, hostParts[0]));
           newDomains.push(newParts.join('.'));
         }
       } else {
@@ -253,7 +251,7 @@ export function fixTileJSONCenter(tileJSON) {
 export function readFile(filename) {
   return new Promise((resolve, reject) => {
     const sanitizedFilename = path.normalize(filename); // Normalize path, remove ..
-    // eslint-disable-next-line security/detect-non-literal-fs-filename -- filename is normalized and validated by caller
+
     fs.readFile(String(sanitizedFilename), (err, data) => {
       if (err) {
         reject(err);
@@ -276,7 +274,7 @@ export function readFile(filename) {
 async function getFontPbf(allowedFonts, fontPath, name, range, fallbacks) {
   // eslint-disable-next-line security/detect-object-injection -- name is validated font name from sanitizedName check
   if (!allowedFonts || (allowedFonts[name] && fallbacks)) {
-    const fontMatch = name?.match(/^[\p{L}\p{N} \-\.~!*'()@&=+,#$\[\]]+$/u);
+    const fontMatch = name?.match(/^[\p{L}\p{N} \-.~!*'()@&=+,#$[\]]+$/u);
     const sanitizedName = fontMatch?.[0] || 'invalid';
     if (!name || typeof name !== 'string' || name.trim() === '' || !fontMatch) {
       console.error(
@@ -390,16 +388,13 @@ export async function getFontsPbf(
 export async function listFonts(fontPath) {
   const existingFonts = {};
 
-  // eslint-disable-next-line security/detect-non-literal-fs-filename -- fontPath is from validated config
   const files = await fsPromises.readdir(fontPath);
   for (const file of files) {
-    // eslint-disable-next-line security/detect-non-literal-fs-filename -- file is from readdir of validated fontPath
     const stats = await fsPromises.stat(path.join(fontPath, file));
     if (
       stats.isDirectory() &&
       (await existsP(path.join(fontPath, file, '0-255.pbf')))
     ) {
-      // eslint-disable-next-line security/detect-object-injection -- file is from readdir, used as font name key
       existingFonts[path.basename(file)] = true;
     }
   }
@@ -415,7 +410,7 @@ export async function listFonts(fontPath) {
 export function isValidHttpUrl(string) {
   try {
     return httpTester.test(string);
-  } catch (e) {
+  } catch {
     return false;
   }
 }
@@ -428,7 +423,7 @@ export function isValidHttpUrl(string) {
 export function isS3Url(string) {
   try {
     return s3Tester.test(string) || s3HttpTester.test(string);
-  } catch (e) {
+  } catch {
     return false;
   }
 }
@@ -445,7 +440,7 @@ export function isValidRemoteUrl(string) {
       s3Tester.test(string) ||
       s3HttpTester.test(string)
     );
-  } catch (e) {
+  } catch {
     return false;
   }
 }
@@ -458,7 +453,7 @@ export function isValidRemoteUrl(string) {
 export function isPMTilesProtocol(string) {
   try {
     return pmtilesTester.test(string);
-  } catch (e) {
+  } catch {
     return false;
   }
 }
@@ -471,11 +466,40 @@ export function isPMTilesProtocol(string) {
 export function isMBTilesProtocol(string) {
   try {
     return mbtilesTester.test(string);
-  } catch (e) {
+  } catch {
     return false;
   }
 }
 
+/**
+ * Converts a longitude/latitude point to tile and pixel coordinates at a given zoom level.
+ * @param {number} lon - Longitude in degrees.
+ * @param {number} lat - Latitude in degrees.
+ * @param {number} zoom - Zoom level.
+ * @param {number} tileSize - Size of the tile in pixels (e.g., 256 or 512).
+ * @returns {{tileX: number, tileY: number, pixelX: number, pixelY: number}} - Tile and pixel coordinates.
+ */
+export function lonLatToTilePixel(lon, lat, zoom, tileSize) {
+  let siny = Math.sin((lat * Math.PI) / 180);
+  // Truncating to 0.9999 effectively limits latitude to 89.189. This is
+  // about a third of a tile past the edge of the world tile.
+  siny = Math.min(Math.max(siny, -0.9999), 0.9999);
+
+  const xWorld = tileSize * (0.5 + lon / 360);
+  const yWorld =
+    tileSize * (0.5 - Math.log((1 + siny) / (1 - siny)) / (4 * Math.PI));
+
+  const scale = 1 << zoom;
+
+  const tileX = Math.floor((xWorld * scale) / tileSize);
+  const tileY = Math.floor((yWorld * scale) / tileSize);
+
+  const pixelX = Math.floor(xWorld * scale) - tileX * tileSize;
+  const pixelY = Math.floor(yWorld * scale) - tileY * tileSize;
+
+  return { tileX, tileY, pixelX, pixelY };
+}
+
 /**
  * Fetches tile data from either PMTiles or MBTiles source.
  * @param {object} source - The source object, which may contain a mbtiles object, or pmtiles object.
@@ -487,15 +511,18 @@ export function isMBTilesProtocol(string) {
  */
 export async function fetchTileData(source, sourceType, z, x, y) {
   if (sourceType === 'pmtiles') {
-    return await new Promise(async (resolve) => {
+    try {
       const tileinfo = await getPMtilesTile(source, z, x, y);
-      if (!tileinfo?.data) return resolve(null);
-      resolve({ data: tileinfo.data, headers: tileinfo.header });
-    });
+      if (!tileinfo?.data) return null;
+      return { data: tileinfo.data, headers: tileinfo.header };
+    } catch (error) {
+      console.error('Error fetching PMTiles tile:', error);
+      return null;
+    }
   } else if (sourceType === 'mbtiles') {
-    return await new Promise((resolve) => {
+    return new Promise((resolve) => {
       source.getTile(z, x, y, (err, tileData, tileHeader) => {
-        if (err) {
+        if (err || tileData == null) {
           return resolve(null);
         }
         resolve({ data: tileData, headers: tileHeader });