toilscript 0.1.10 → 0.1.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.generated.d.ts +51 -2
- package/dist/cli.js +19 -4
- package/dist/cli.js.map +2 -2
- package/dist/importmap.json +2 -2
- package/dist/toilscript.generated.d.ts +51 -2
- package/dist/toilscript.js +244 -201
- package/dist/toilscript.js.map +3 -3
- package/dist/web.js +3 -3
- package/package.json +1 -1
- package/std/assembly/json.ts +15 -0
- package/std/assembly/rest.ts +25 -0
- package/std/assembly/toilscript.d.ts +29 -0
package/dist/web.js
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
var ASSEMBLYSCRIPT_VERSION = "0.1.
|
|
1
|
+
var ASSEMBLYSCRIPT_VERSION = "0.1.11";
|
|
2
2
|
var ASSEMBLYSCRIPT_IMPORTMAP = {
|
|
3
3
|
"imports": {
|
|
4
|
-
"toilscript": "https://cdn.jsdelivr.net/npm/toilscript@0.1.
|
|
5
|
-
"toilscript/cli": "https://cdn.jsdelivr.net/npm/toilscript@0.1.
|
|
4
|
+
"toilscript": "https://cdn.jsdelivr.net/npm/toilscript@0.1.11/dist/toilscript.js",
|
|
5
|
+
"toilscript/cli": "https://cdn.jsdelivr.net/npm/toilscript@0.1.11/dist/cli.js",
|
|
6
6
|
"binaryen": "https://cdn.jsdelivr.net/npm/binaryen@129.0.0-nightly.20260428/index.js",
|
|
7
7
|
"long": "https://cdn.jsdelivr.net/npm/long@5.3.2/index.js"
|
|
8
8
|
}
|
package/package.json
CHANGED
package/std/assembly/json.ts
CHANGED
|
@@ -320,9 +320,18 @@ export class JSON {
|
|
|
320
320
|
}
|
|
321
321
|
|
|
322
322
|
/** Recursive-descent parser producing a `JSON` value tree. Internal. */
|
|
323
|
+
/**
|
|
324
|
+
* Maximum array/object nesting depth. Recursive descent costs stack per level, so an
|
|
325
|
+
* unbounded depth lets a small hostile input (e.g. `[[[[...`) overflow the stack and trap
|
|
326
|
+
* the instance. 512 is far beyond any real-world JSON yet far below the overflow point, so
|
|
327
|
+
* over-nested input fails as a normal parse error instead of crashing.
|
|
328
|
+
*/
|
|
329
|
+
const JSON_MAX_DEPTH: i32 = 512;
|
|
330
|
+
|
|
323
331
|
class Parser {
|
|
324
332
|
private src: string;
|
|
325
333
|
private pos: i32 = 0;
|
|
334
|
+
private depth: i32 = 0;
|
|
326
335
|
err: string = "";
|
|
327
336
|
|
|
328
337
|
constructor(src: string) {
|
|
@@ -468,11 +477,13 @@ class Parser {
|
|
|
468
477
|
}
|
|
469
478
|
|
|
470
479
|
private parseArray(): JSON {
|
|
480
|
+
if (++this.depth > JSON_MAX_DEPTH) return this.fail("maximum nesting depth exceeded");
|
|
471
481
|
this.pos++; // [
|
|
472
482
|
const j = JSON.arr();
|
|
473
483
|
this.skipWs();
|
|
474
484
|
if (!this.atEnd() && this.peek() == 0x5d) {
|
|
475
485
|
this.pos++;
|
|
486
|
+
this.depth--;
|
|
476
487
|
return j;
|
|
477
488
|
}
|
|
478
489
|
while (true) {
|
|
@@ -484,15 +495,18 @@ class Parser {
|
|
|
484
495
|
if (c == 0x5d) break; // ]
|
|
485
496
|
if (c != 0x2c) return this.fail("expected ',' or ']'"); // ,
|
|
486
497
|
}
|
|
498
|
+
this.depth--;
|
|
487
499
|
return j;
|
|
488
500
|
}
|
|
489
501
|
|
|
490
502
|
private parseObject(): JSON {
|
|
503
|
+
if (++this.depth > JSON_MAX_DEPTH) return this.fail("maximum nesting depth exceeded");
|
|
491
504
|
this.pos++; // {
|
|
492
505
|
const j = JSON.obj();
|
|
493
506
|
this.skipWs();
|
|
494
507
|
if (!this.atEnd() && this.peek() == 0x7d) {
|
|
495
508
|
this.pos++;
|
|
509
|
+
this.depth--;
|
|
496
510
|
return j;
|
|
497
511
|
}
|
|
498
512
|
while (true) {
|
|
@@ -510,6 +524,7 @@ class Parser {
|
|
|
510
524
|
if (c == 0x7d) break; // }
|
|
511
525
|
if (c != 0x2c) return this.fail("expected ',' or '}'"); // ,
|
|
512
526
|
}
|
|
527
|
+
this.depth--;
|
|
513
528
|
return j;
|
|
514
529
|
}
|
|
515
530
|
}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
// Globals for the `@rest` / `@route` HTTP layer (no import). Top-level std exports are
|
|
2
|
+
// globalized like the other natives.
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* HTTP method for `@route({ method: Methods.GET, ... })`. Values mirror the server runtime
|
|
6
|
+
* `Method` enum so `req.method == Methods.GET` compiles to a plain integer comparison.
|
|
7
|
+
*/
|
|
8
|
+
export enum Methods {
|
|
9
|
+
GET = 0,
|
|
10
|
+
POST = 1,
|
|
11
|
+
PUT = 2,
|
|
12
|
+
DELETE = 3,
|
|
13
|
+
PATCH = 4,
|
|
14
|
+
HEAD = 5,
|
|
15
|
+
OPTIONS = 6
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
/**
|
|
19
|
+
* Body/response codec for `@route({ stream: DataStream.JSON, ... })`: `JSON` uses the `@data`
|
|
20
|
+
* class's `toJSON`/`fromJSON`, `Binary` uses its `encode`/`decode`.
|
|
21
|
+
*/
|
|
22
|
+
export enum DataStream {
|
|
23
|
+
JSON = 0,
|
|
24
|
+
Binary = 1
|
|
25
|
+
}
|
|
@@ -38,6 +38,35 @@ declare function remote<T>(target: Object, propertyKey: string | symbol, descrip
|
|
|
38
38
|
*/
|
|
39
39
|
declare function service(target: Function): void;
|
|
40
40
|
|
|
41
|
+
// --- HTTP layer (@rest / @route), handled natively by the compiler; typed here for editors ---
|
|
42
|
+
|
|
43
|
+
/** HTTP method for `@route({ method: Methods.GET, ... })`. */
|
|
44
|
+
declare enum Methods { GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS }
|
|
45
|
+
|
|
46
|
+
/** Body/response codec for `@route({ stream: DataStream.JSON, ... })`. */
|
|
47
|
+
declare enum DataStream { JSON, Binary }
|
|
48
|
+
|
|
49
|
+
interface RestOptions { stream?: DataStream }
|
|
50
|
+
interface RouteOptions { method: Methods; path: string; stream?: DataStream }
|
|
51
|
+
/** A legacy method decorator (the return of a `@route`/`@get`/... factory). */
|
|
52
|
+
type ToilRouteDecorator = <T>(target: Object, propertyKey: string | symbol, descriptor: TypedPropertyDescriptor<T>) => void;
|
|
53
|
+
|
|
54
|
+
/** Marks a class as an HTTP controller mounted at `prefix` (default `/`). */
|
|
55
|
+
declare function rest(target: Function): void;
|
|
56
|
+
declare function rest(prefix?: string): (target: Function) => void;
|
|
57
|
+
declare function rest(options: RestOptions): (target: Function) => void;
|
|
58
|
+
|
|
59
|
+
/** Declares an HTTP route on a `@rest` method (`@route({ method, path, stream })`). */
|
|
60
|
+
declare function route(options: RouteOptions): ToilRouteDecorator;
|
|
61
|
+
/** HTTP verb shortcuts for `@route` (`@del` for DELETE, since `delete` is a reserved word). */
|
|
62
|
+
declare function get(path: string): ToilRouteDecorator;
|
|
63
|
+
declare function post(path: string): ToilRouteDecorator;
|
|
64
|
+
declare function put(path: string): ToilRouteDecorator;
|
|
65
|
+
declare function del(path: string): ToilRouteDecorator;
|
|
66
|
+
declare function patch(path: string): ToilRouteDecorator;
|
|
67
|
+
declare function head(path: string): ToilRouteDecorator;
|
|
68
|
+
declare function options(path: string): ToilRouteDecorator;
|
|
69
|
+
|
|
41
70
|
// Big integers, native globals implemented in std/assembly/bignum. The
|
|
42
71
|
// arithmetic/bitwise/comparison operators
|
|
43
72
|
// (+ - * / % & | ^ << >> == != < > <= >=) are operator overloads resolved by
|