toiljs 0.0.54 → 0.0.55

package/examples/basic/server/routes/Auth.ts

@@ -1,5 +1,6 @@
 import { Response, RouteContext } from 'toiljs/server/runtime';
 import { DataReader, DataWriter } from 'data';
+import { Record } from 'toildb';
 
 import { encodeSessionUser } from './Session';
 
@@ -15,11 +16,11 @@ import { encodeSessionUser } from './Session';
  * auth). See `server/globals/auth.ts` (the `AuthService` global) and the client
  * half in `toiljs/client` (`Auth.register` / `Auth.login`).
  *
- * STORAGE: backed by the DEV-ONLY `kv.*` host imports (see
- * `src/devserver/kv.ts`) so the register -> login chain spans requests under
- * `toiljs dev`. REMOVE LATER: this is a stand-in; once toildb is implemented,
- * the Accounts/Challenges stores move onto it and this goes away. `kv.*` is not
- * on the production edge.
+ * STORAGE: backed by ToilDB (`@database AuthDb`). Accounts are a `record`
+ * collection keyed by username; login challenges are a `record` consumed exactly
+ * once with `getDelete` (atomic fetch-and-delete). The dev server emulates these
+ * `env.data.*` host imports in process (so register -> login spans requests under
+ * `toiljs dev`); the production edge backs the SAME API with ScyllaDB.
  *
  * Wire: every body/response is binary (`DataWriter`/`DataReader`), never JSON.
  */
@@ -36,19 +37,6 @@ const DEMO_PAR: u32 = 1;
 const CHALLENGE_TTL_SECS: u64 = 120;
 const SESSION_TTL_SECS: u64 = 3600;
 
-function utf8(s: string): Uint8Array {
-    return Uint8Array.wrap(String.UTF8.encode(s));
-}
-
-function toHex(b: Uint8Array): string {
-    let s = '';
-    for (let i = 0; i < b.length; i++) {
-        const v = b[i];
-        s += (v < 16 ? '0' : '') + (<u32>v).toString(16);
-    }
-    return s;
-}
-
 function randomBytes(n: i32): Uint8Array {
     const b = new Uint8Array(n);
     crypto.getRandomValues(b);
@@ -77,44 +65,28 @@ function deriveSalt(username: string): Uint8Array {
 }
 
 
-// @ts-ignore: decorator
-@external('env', 'kv.put')
-declare function __kvPut(keyPtr: usize, keyLen: i32, valPtr: usize, valLen: i32): void;
-// @ts-ignore: decorator
-@external('env', 'kv.get')
-declare function __kvGet(keyPtr: usize, keyLen: i32, outPtr: usize, outCap: i32): i32;
-// @ts-ignore: decorator
-@external('env', 'kv.getdel')
-declare function __kvGetDel(keyPtr: usize, keyLen: i32, outPtr: usize, outCap: i32): i32;
+// ToilDB collections (the `kv.*` dev placeholder is gone). The key + value are
+// `@data` types: the binary codec is generated, the host marshals it, and the
+// challenge is consumed exactly once with `getDelete`.
 
-const KV_CAP: i32 = 8192; // bounds account (~1.5 KiB) + challenge (~100 B) records
-
-function kvPut(key: Uint8Array, val: Uint8Array): void {
-    __kvPut(key.dataStart, key.length, val.dataStart, val.length);
-}
-function kvGet(key: Uint8Array): Uint8Array | null {
-    const out = new Uint8Array(KV_CAP);
-    const n = __kvGet(key.dataStart, key.length, out.dataStart, KV_CAP);
-    if (n < 0) return null;
-    return out.slice(0, n);
-}
-/** Atomic fetch-and-delete: consumes a login challenge exactly once. */
-function kvGetDel(key: Uint8Array): Uint8Array | null {
-    const out = new Uint8Array(KV_CAP);
-    const n = __kvGetDel(key.dataStart, key.length, out.dataStart, KV_CAP);
-    if (n < 0) return null;
-    return out.slice(0, n);
+@data
+class Username {
+    name: string = '';
+    constructor(name: string = '') {
+        this.name = name;
+    }
 }
 
-function acctKey(username: string): Uint8Array {
-    return utf8('acct:' + username);
-}
-function chalKey(cid: Uint8Array): Uint8Array {
-    return utf8('chal:' + toHex(cid));
+@data
+class ChallengeId {
+    cid: Uint8Array = new Uint8Array(0);
+    constructor(cid: Uint8Array = new Uint8Array(0)) {
+        this.cid = cid;
+    }
 }
 
-
-class Account {
+@data
+class AuthAccount {
     username: string = '';
     salt: Uint8Array = new Uint8Array(0);
     publicKey: Uint8Array = new Uint8Array(0);
@@ -123,30 +95,7 @@ class Account {
     parallelism: u32 = 0;
 }
 
-function putAccount(a: Account): void {
-    const w = new DataWriter();
-    w.writeString(a.username);
-    w.writeBytes(a.salt);
-    w.writeBytes(a.publicKey);
-    w.writeU32(a.memKiB);
-    w.writeU32(a.iterations);
-    w.writeU32(a.parallelism);
-    kvPut(acctKey(a.username), w.toBytes());
-}
-function getAccount(username: string): Account | null {
-    const raw = kvGet(acctKey(username));
-    if (raw == null) return null;
-    const r = new DataReader(raw);
-    const a = new Account();
-    a.username = r.readString();
-    a.salt = r.readBytes();
-    a.publicKey = r.readBytes();
-    a.memKiB = r.readU32();
-    a.iterations = r.readU32();
-    a.parallelism = r.readU32();
-    return r.ok ? a : null;
-}
-
+@data
 class Challenge {
     cid: Uint8Array = new Uint8Array(0);
     username: string = '';
@@ -155,26 +104,10 @@ class Challenge {
     exp: u64 = 0;
 }
 
-function putChallenge(c: Challenge): void {
-    const w = new DataWriter();
-    w.writeBytes(c.cid);
-    w.writeString(c.username);
-    w.writeBytes(c.nonce);
-    w.writeU64(c.iat);
-    w.writeU64(c.exp);
-    kvPut(chalKey(c.cid), w.toBytes());
-}
-function consumeChallenge(cid: Uint8Array): Challenge | null {
-    const raw = kvGetDel(chalKey(cid));
-    if (raw == null) return null;
-    const r = new DataReader(raw);
-    const c = new Challenge();
-    c.cid = r.readBytes();
-    c.username = r.readString();
-    c.nonce = r.readBytes();
-    c.iat = r.readU64();
-    c.exp = r.readU64();
-    return r.ok ? c : null;
+@database
+class AuthDb {
+    @collection accounts!: Record<AuthAccount, Username>;
+    @collection challenges!: Record<Challenge, ChallengeId>;
 }
 
 @rest('auth')
@@ -214,7 +147,7 @@ class Auth {
         if (pk.length != AuthService.PUBLIC_KEY_LEN) return fail();
         // Already registered: a distinguishable status (not the generic 401) so the
         // client can say "username taken, log in instead" rather than a blank error.
-        if (getAccount(username) != null) {
+        if (AuthDb.accounts.exists(new Username(username))) {
             return Response.bytes(new DataWriter().writeU8(1).toBytes());
         }
 
@@ -223,14 +156,17 @@ class Auth {
         const regMsg = AuthService.buildRegisterMessage(username, pk);
         if (!AuthService.verifyRegister(pk, regMsg, proof)) return fail();
 
-        const a = new Account();
+        const a = new AuthAccount();
         a.username = username;
         a.salt = deriveSalt(username);
         a.publicKey = pk;
         a.memKiB = DEMO_MEM_KIB;
         a.iterations = DEMO_ITERS;
         a.parallelism = DEMO_PAR;
-        putAccount(a);
+        // create-if-absent: a racing duplicate registration loses here, not above.
+        if (!AuthDb.accounts.create(new Username(username), a)) {
+            return Response.bytes(new DataWriter().writeU8(1).toBytes());
+        }
         return Response.bytes(new DataWriter().writeU8(0).toBytes());
     }
 
@@ -249,7 +185,7 @@ class Auth {
         const evaluated = AuthService.oprfEvaluate(username, blinded);
         if (evaluated.length != AuthService.OPRF_ELEMENT_LEN) return fail();
 
-        const acct = getAccount(username);
+        const known = AuthDb.accounts.exists(new Username(username));
         const cid = randomBytes(16);
         const nonce = randomBytes(32);
         const iat = nowSecs();
@@ -257,14 +193,14 @@ class Auth {
 
         // Persist only for a real account; the response is identical either way,
         // and login/finish for an unknown user fails generically at consume.
-        if (acct != null) {
+        if (known) {
             const c = new Challenge();
             c.cid = cid;
             c.username = username;
             c.nonce = nonce;
             c.iat = iat;
             c.exp = exp;
-            putChallenge(c);
+            AuthDb.challenges.create(new ChallengeId(cid), c);
         }
 
         const w = new DataWriter();
@@ -292,13 +228,13 @@ class Auth {
         if (!r.ok) return fail();
 
         // 1. CONSUME FIRST: atomic fetch-and-delete. Unknown/used/expired => fail.
-        const ch = consumeChallenge(cid);
+        const ch = AuthDb.challenges.getDelete(new ChallengeId(cid));
         if (ch == null) return fail();
         if (nowSecs() >= ch.exp) return fail();
 
         // 2. Rebuild the message from OUR stored values + the client's ct (and
         //    the bound params + server key id), load the account key, verify.
-        const acct = getAccount(ch.username);
+        const acct = AuthDb.accounts.get(new Username(ch.username));
         if (acct == null) return fail();
         const message = AuthService.buildLoginMessage(
             ch.username, AUD, cid, ch.nonce, ch.iat, ch.exp,

package/examples/basic/server/routes/Guestbook.ts

@@ -0,0 +1,62 @@
+import { Counter, Events } from 'toildb';
+
+import { GuestEntry } from '../models/GuestEntry';
+import { GuestbookView } from '../models/GuestbookView';
+import { NewMessage } from '../models/NewMessage';
+
+/**
+ * A PERSISTENT guestbook, mounted at `/guestbook`, backed by ToilDB.
+ *
+ * The contrast with `Players` (whose comment notes "memory resets next request")
+ * is the whole point: every signature is appended to an `events` stream and
+ * tallied in a `counter`, so the data SURVIVES across requests under `toiljs dev`
+ * (the in-process ToilDB emulator) and runs on ScyllaDB at the edge - same code,
+ * no connection string. On the client:
+ *
+ *   await Server.REST.guestbook.sign({ body: new NewMessage('Ada', 'hi!') });
+ *   const book = await Server.REST.guestbook.list(); // { total, entries: [...] }
+ */
+
+// The guestbook is one global stream; a single fixed key addresses it.
+@data
+class GuestKey {
+    room: string = 'main';
+    constructor(room: string = 'main') {
+        this.room = room;
+    }
+}
+
+@database
+class GuestbookDb {
+    @collection entries!: Events<GuestEntry, GuestKey>;
+    @collection totals!: Counter<GuestKey>;
+}
+
+/** The current total + the 10 newest entries. */
+function snapshot(): GuestbookView {
+    const key = new GuestKey('main');
+    const view = new GuestbookView();
+    view.total = GuestbookDb.totals.get(key);
+    view.entries = GuestbookDb.entries.latest(key, 10);
+    return view;
+}
+
+@rest('guestbook')
+class Guestbook {
+    /** `GET /guestbook` - the running total + the most recent signatures. */
+    @get('/')
+    public list(): GuestbookView {
+        return snapshot();
+    }
+
+    /** `POST /guestbook` - append a signature (PERSISTED) and return the
+     *  updated book. Sign twice and the total keeps climbing across requests. */
+    @post('/')
+    public sign(input: NewMessage): GuestbookView {
+        const key = new GuestKey('main');
+        const at = <u64>(Date.now() / 1000);
+        GuestbookDb.entries.append(key, new GuestEntry(input.author, input.message, at));
+        GuestbookDb.totals.add(key, 1);
+        return snapshot();
+    }
+}

package/package.json

@@ -1,7 +1,7 @@
 {
     "name": "toiljs",
     "type": "module",
-    "version": "0.0.54",
+    "version": "0.0.55",
     "author": "Dacely",
     "description": "The modern React framework: a file-based React frontend and a ToilScript-compiled WebAssembly backend.",
     "repository": {
@@ -131,7 +131,7 @@
         "nodemailer": "^9.0.0",
         "picocolors": "^1.1.1",
         "sharp": "^0.35.0",
-        "toilscript": "^0.1.27",
+        "toilscript": "^0.1.28",
         "typescript-eslint": "^8.60.0",
         "vite": "^8.0.14",
         "vite-imagetools": "^10.0.0",

package/server/globals/auth.ts

@@ -10,7 +10,7 @@
 // and the toiljs dev-server mock).
 
 import { DataWriter, DataReader } from 'data';
-import { HmacImportParams, HmacParams, ALG_SHA_256, USAGE_SIGN, USAGE_VERIFY } from 'crypto';
+import { HmacImportParams, HmacParams, ALG_SHA_256, FMT_RAW, USAGE_SIGN, USAGE_VERIFY } from 'crypto';
 
 import {
     Server,
@@ -160,7 +160,7 @@ function __resolveServerKemPk(): Uint8Array {
 // both keyed PRFs over the transcript; the client mirrors this with hash-wasm.
 function __hmacSha256(key: Uint8Array, msg: Uint8Array): Uint8Array {
     const k = crypto.subtle.importKey(
-        'raw',
+        FMT_RAW,
         key,
         new HmacImportParams(ALG_SHA_256),
         false,
@@ -511,7 +511,7 @@ export namespace AuthService {
 
     /** SHA-256 over `data` (ambient Web Crypto), for transcript/confirm hashing. */
     export function sha256(data: Uint8Array): Uint8Array {
-        return crypto.subtle.digest('SHA-256', data);
+        return crypto.subtle.digest(ALG_SHA_256, data);
     }
 
     /** `SHA-256(serverKemPublicKey)` -- the key identity bound into the login

package/server/globals/twofactor.ts

@@ -24,6 +24,7 @@ import {
     HmacImportParams,
     HmacParams,
     ALG_SHA_256,
+    FMT_RAW,
     USAGE_SIGN,
     USAGE_VERIFY,
 } from 'crypto';
@@ -45,7 +46,7 @@ const TWOFA_VERSION: u8 = 1;
 
 function importHmac(key: Uint8Array): CryptoKey {
     return crypto.subtle.importKey(
-        'raw',
+        FMT_RAW,
         key,
         new HmacImportParams(ALG_SHA_256),
         false,

package/server/runtime/http/securecookies.ts

@@ -30,6 +30,7 @@ import {
     HmacParams,
     ALG_AES_GCM,
     ALG_SHA_256,
+    FMT_RAW,
     USAGE_SIGN,
     USAGE_VERIFY,
     USAGE_ENCRYPT,
@@ -104,7 +105,7 @@ export class SecureCookies {
 
     private importHmac(key: Uint8Array): CryptoKey {
         return crypto.subtle.importKey(
-            'raw',
+            FMT_RAW,
             key,
             new HmacImportParams(ALG_SHA_256),
             false,
@@ -114,7 +115,7 @@ export class SecureCookies {
 
     private importAes(key: Uint8Array): CryptoKey {
         return crypto.subtle.importKey(
-            'raw',
+            FMT_RAW,
             key,
             new AesKeyParams(),
             false,