vite-plugin-server-actions 1.0.1 → 1.2.0

package/src/validation-runtime.js

@@ -0,0 +1,100 @@
+/**
+ * Runtime validation code that gets bundled with the production server
+ * This avoids the need for relative imports from src/
+ */
+
+/**
+ * Simple schema discovery for production
+ */
+export class SchemaDiscovery {
+	constructor() {
+		this.schemas = new Map();
+	}
+
+	registerSchema(moduleName, functionName, schema) {
+		const key = `${moduleName}.${functionName}`;
+		this.schemas.set(key, schema);
+	}
+
+	getSchema(moduleName, functionName) {
+		const key = `${moduleName}.${functionName}`;
+		return this.schemas.get(key) || null;
+	}
+
+	getAllSchemas() {
+		return new Map(this.schemas);
+	}
+}
+
+/**
+ * Validation middleware for production
+ */
+export function createValidationMiddleware(options = {}) {
+	const schemaDiscovery = options.schemaDiscovery || new SchemaDiscovery();
+
+	return async function validationMiddleware(req, res, next) {
+		let moduleName, functionName, schema;
+
+		// Check for context from route setup
+		if (req.validationContext) {
+			moduleName = req.validationContext.moduleName;
+			functionName = req.validationContext.functionName;
+			schema = req.validationContext.schema;
+		}
+
+		if (!schema) {
+			// No schema defined, skip validation
+			return next();
+		}
+
+		try {
+			// Request body should be an array of arguments for server functions
+			if (!Array.isArray(req.body) || req.body.length === 0) {
+				return res.status(400).json({
+					error: "Validation failed",
+					message: "Request body must be a non-empty array of function arguments",
+				});
+			}
+
+			// Validate based on schema type
+			let validationData;
+			if (schema._def?.typeName === "ZodTuple") {
+				// Schema expects multiple arguments (tuple)
+				validationData = req.body;
+			} else {
+				// Schema expects single argument (first element of array)
+				validationData = req.body[0];
+			}
+
+			// Validate request body using Zod
+			if (schema.parse) {
+				// It's a Zod schema
+				const validatedData = await schema.parseAsync(validationData);
+
+				// Replace request body with validated data
+				if (schema._def?.typeName === "ZodTuple") {
+					req.body = validatedData;
+				} else {
+					req.body = [validatedData];
+				}
+			}
+			next();
+		} catch (error) {
+			// Validation failed
+			if (error.errors) {
+				// Zod validation error
+				return res.status(400).json({
+					error: "Validation failed",
+					details: error.errors,
+					message: error.message,
+				});
+			}
+
+			// Other validation error
+			return res.status(400).json({
+				error: "Validation failed",
+				message: error.message,
+			});
+		}
+	};
+}

package/src/validation.js

@@ -1,4 +1,5 @@
 import { z } from "zod";
+import { createErrorResponse } from "./security.js";
 import { extendZodWithOpenApi, OpenAPIRegistry, OpenApiGeneratorV3 } from "@asteasolutions/zod-to-openapi";
 
 // Extend Zod with OpenAPI support
@@ -79,10 +80,18 @@ export class ZodAdapter extends ValidationAdapter {
 			const registry = new OpenAPIRegistry();
 			const schemaName = "_TempSchema";
 
-			// The library requires schemas to be registered with openapi metadata
-			// For simple conversion, we'll create a temporary registry
-			const extendedSchema = schema.openapi ? schema : schema;
-			registry.register(schemaName, extendedSchema);
+			// The library requires schemas to have .openapi() metadata
+			// If the schema doesn't have it, add it dynamically
+			let schemaToRegister = schema;
+			if (typeof schema.openapi === "function") {
+				// Add openapi metadata with the temp schema name
+				schemaToRegister = schema.openapi(schemaName);
+			} else {
+				// Schema wasn't created with extendZodWithOpenApi - use basic fallback
+				return this._basicZodToOpenAPI(schema);
+			}
+
+			registry.register(schemaName, schemaToRegister);
 
 			// Generate the OpenAPI components
 			const generator = new OpenApiGeneratorV3(registry.definitions);
@@ -93,13 +102,79 @@ export class ZodAdapter extends ValidationAdapter {
 
 			if (!openAPISchema) {
 				// Fallback for schemas that couldn't be converted
-				return { type: "object", description: "Schema conversion not supported" };
+				return this._basicZodToOpenAPI(schema);
 			}
 
 			return openAPISchema;
 		} catch (error) {
-			console.warn(`Failed to convert Zod schema to OpenAPI: ${error.message}`);
-			return { type: "object", description: "Schema conversion failed" };
+			// Only log warning for unexpected errors
+			if (process.env.NODE_ENV === "development") {
+				console.warn(`Failed to convert Zod schema to OpenAPI: ${error.message}`);
+			}
+			return this._basicZodToOpenAPI(schema);
+		}
+	}
+
+	/**
+	 * Basic Zod to OpenAPI conversion for schemas without .openapi() extension
+	 * @param {any} schema - Zod schema
+	 * @returns {object} OpenAPI schema
+	 */
+	_basicZodToOpenAPI(schema) {
+		if (!schema || !schema._def) {
+			return { type: "object", description: "Unknown schema" };
+		}
+
+		const typeName = schema._def.typeName;
+
+		switch (typeName) {
+			case "ZodString":
+				return { type: "string" };
+			case "ZodNumber":
+				return { type: "number" };
+			case "ZodBoolean":
+				return { type: "boolean" };
+			case "ZodArray":
+				return {
+					type: "array",
+					items: this._basicZodToOpenAPI(schema._def.type),
+				};
+			case "ZodObject": {
+				const shape = schema._def.shape ? schema._def.shape() : {};
+				const properties = {};
+				const required = [];
+				for (const [key, value] of Object.entries(shape)) {
+					properties[key] = this._basicZodToOpenAPI(value);
+					if (!value.isOptional?.()) {
+						required.push(key);
+					}
+				}
+				return {
+					type: "object",
+					properties,
+					...(required.length > 0 ? { required } : {}),
+				};
+			}
+			case "ZodOptional":
+				return this._basicZodToOpenAPI(schema._def.innerType);
+			case "ZodDefault":
+				return this._basicZodToOpenAPI(schema._def.innerType);
+			case "ZodEnum":
+				return {
+					type: "string",
+					enum: schema._def.values,
+				};
+			case "ZodTuple": {
+				const items = schema._def.items.map((item) => this._basicZodToOpenAPI(item));
+				return {
+					type: "array",
+					items: items.length === 1 ? items[0] : { oneOf: items },
+					minItems: items.length,
+					maxItems: items.length,
+				};
+			}
+			default:
+				return { type: "object", description: `Zod type: ${typeName}` };
 		}
 	}
 
@@ -188,6 +263,17 @@ export class SchemaDiscovery {
 		return this.schemas.get(key) || null;
 	}
 
+	/**
+	 * Check if schema exists for a function
+	 * @param {string} moduleName - Module name
+	 * @param {string} functionName - Function name
+	 * @returns {boolean} True if schema exists
+	 */
+	hasSchema(moduleName, functionName) {
+		const key = `${moduleName}.${functionName}`;
+		return this.schemas.has(key);
+	}
+
 	/**
 	 * Get all schemas
 	 * @returns {Map} All registered schemas
@@ -227,7 +313,17 @@ export class SchemaDiscovery {
  * Validation middleware factory
  */
 export function createValidationMiddleware(options = {}) {
-	const adapter = options.adapter || new ZodAdapter();
+	// Handle adapter as string key (e.g., "zod") or instance
+	let adapter;
+	if (typeof options.adapter === "string") {
+		const AdapterClass = adapters[options.adapter];
+		if (!AdapterClass) {
+			throw new Error(`Unknown validation adapter: ${options.adapter}. Available: ${Object.keys(adapters).join(", ")}`);
+		}
+		adapter = new AdapterClass();
+	} else {
+		adapter = options.adapter || new ZodAdapter();
+	}
 	const schemaDiscovery = options.schemaDiscovery || new SchemaDiscovery(adapter);
 
 	return async function validationMiddleware(req, res, next) {
@@ -254,10 +350,15 @@ export function createValidationMiddleware(options = {}) {
 		try {
 			// Request body should be an array of arguments for server functions
 			if (!Array.isArray(req.body) || req.body.length === 0) {
-				return res.status(400).json({
-					error: "Validation failed",
-					details: "Request body must be a non-empty array of function arguments",
-				});
+				return res
+					.status(400)
+					.json(
+						createErrorResponse(
+							400,
+							"Request body must be a non-empty array of function arguments",
+							"INVALID_REQUEST_BODY",
+						),
+					);
 			}
 
 			// Validate based on schema type
@@ -273,11 +374,9 @@ export function createValidationMiddleware(options = {}) {
 			const result = await adapter.validate(schema, validationData);
 
 			if (!result.success) {
-				return res.status(400).json({
-					error: "Validation failed",
-					details: result.errors,
-					validationErrors: result.errors,
-				});
+				return res
+					.status(400)
+					.json(createErrorResponse(400, "Validation failed", "VALIDATION_ERROR", { validationErrors: result.errors }));
 			}
 
 			// Replace request body with validated data
@@ -290,10 +389,16 @@ export function createValidationMiddleware(options = {}) {
 			next();
 		} catch (error) {
 			console.error("Validation middleware error:", error);
-			res.status(500).json({
-				error: "Internal validation error",
-				details: error.message,
-			});
+			res
+				.status(500)
+				.json(
+					createErrorResponse(
+						500,
+						"Internal validation error",
+						"VALIDATION_INTERNAL_ERROR",
+						process.env.NODE_ENV !== "production" ? { message: error.message, stack: error.stack } : null,
+					),
+				);
 		}
 	};
 }