wirejs-resources 0.1.7-alpha → 0.1.8-alpha

package/dist/adapters/context.d.ts

@@ -0,0 +1,21 @@
+import { CookieJar } from "./cookie-jar.js";
+type ApiMethod = (...args: any) => any;
+type ApiNamespace = {
+    [K in string]: ApiMethod | ApiNamespace;
+};
+type ContextfulApiMethod<T> = T extends ((...args: infer ARGS) => infer RT) ? ((context: Context | boolean, ...args: ARGS) => RT extends Promise<any> ? RT : Promise<RT>) : never;
+type ContextfulApiNamespace<T> = {
+    [K in keyof T]: T[K] extends ApiMethod ? ContextfulApiMethod<T[K]> : ContextfulApiNamespace<T[K]>;
+};
+type ContextWrapped<T extends ApiNamespace | ApiMethod> = T extends ApiMethod ? ContextfulApiMethod<T> : ContextfulApiNamespace<T>;
+export declare function withContext<T extends ApiMethod | ApiNamespace>(contextWrapper: (context: Context) => T, path?: string[]): ContextWrapped<T>;
+export declare function requiresContext(fnOrNS: Object): fnOrNS is (context: Context) => any;
+export declare class Context {
+    cookies: CookieJar;
+    location: URL;
+    constructor({ cookies, location }: {
+        cookies: CookieJar;
+        location: URL;
+    });
+}
+export {};

package/dist/adapters/context.js

@@ -0,0 +1,32 @@
+const __requiresContext = Symbol('__requiresContext');
+export function withContext(contextWrapper, path = []) {
+    // first param needs to be a function, which enables `Proxy` to implement `apply()`.
+    const fnOrNs = new Proxy(function () { }, {
+        apply(_target, _thisArg, args) {
+            const [context, ...remainingArgs] = args;
+            let functionOrNamespaceObject = contextWrapper(context);
+            console.log({ context, args, functionOrNamespaceObject, path });
+            for (const k of path) {
+                functionOrNamespaceObject = functionOrNamespaceObject[k];
+            }
+            return functionOrNamespaceObject(...remainingArgs);
+        },
+        get(_target, prop) {
+            if (prop === __requiresContext)
+                return true;
+            return withContext(contextWrapper, [...path, prop]);
+        }
+    });
+    return fnOrNs;
+}
+export function requiresContext(fnOrNS) {
+    return fnOrNS[__requiresContext] === true;
+}
+export class Context {
+    cookies;
+    location;
+    constructor({ cookies, location }) {
+        this.cookies = cookies;
+        this.location = location;
+    }
+}

package/dist/adapters/cookie-jar.d.ts

@@ -0,0 +1,30 @@
+export type Cookie = {
+    name: string;
+    value: string;
+    httpOnly?: boolean;
+    secure?: boolean;
+    maxAge?: number;
+};
+export declare class CookieJar {
+    #private;
+    /**
+     * Initialize
+     */
+    constructor(cookie?: string);
+    set(cookie: Cookie): void;
+    get(name: string): {
+        name: string;
+        value: string;
+        httpOnly?: boolean;
+        secure?: boolean;
+        maxAge?: number;
+    } | undefined;
+    delete(name: string): void;
+    /**
+     * Gets a copy of all cookies.
+     *
+     * Changes made to this copy are not reflected
+     */
+    getAll(): Record<string, string>;
+    getSetCookies(): Cookie[];
+}

package/dist/adapters/cookie-jar.js

@@ -0,0 +1,55 @@
+export class CookieJar {
+    #cookies = {};
+    /**
+     * The list of cookies that have been set with `set()` which need to be
+     * sent to the client.
+     */
+    #setCookies = new Set();
+    /**
+     * Initialize
+     */
+    constructor(cookie) {
+        this.#cookies = Object.fromEntries((cookie || '')
+            .split(/;/g)
+            .map(c => {
+            const [k, v] = c.split('=').map(p => decodeURIComponent(p.trim()));
+            return [k, {
+                    name: k,
+                    value: v
+                }];
+        }));
+    }
+    set(cookie) {
+        this.#cookies[cookie.name] = { ...cookie };
+        this.#setCookies.add(cookie.name);
+    }
+    get(name) {
+        return this.#cookies[name] ? { ...this.#cookies[name] } : undefined;
+    }
+    delete(name) {
+        if (this.#cookies[name]) {
+            this.#cookies[name].value = '-- deleted --';
+            this.#cookies[name].maxAge = 0;
+            this.#setCookies.add(name);
+        }
+    }
+    /**
+     * Gets a copy of all cookies.
+     *
+     * Changes made to this copy are not reflected
+     */
+    getAll() {
+        const all = {};
+        for (const cookie of Object.values(this.#cookies)) {
+            all[cookie.name] = cookie.value;
+        }
+        return all;
+    }
+    getSetCookies() {
+        const all = [];
+        for (const name of this.#setCookies) {
+            all.push({ ...this.#cookies[name] });
+        }
+        return all;
+    }
+}

package/dist/index.js

@@ -0,0 +1,6 @@
+export { FileService } from './services/file.js';
+export { AuthenticationService } from './services/authentication.js';
+export { CookieJar } from './adapters/cookie-jar.js';
+export { withContext, requiresContext, Context } from './adapters/context.js';
+export { Resource } from './resource.js';
+export { overrides } from './overrides.js';

package/dist/overrides.d.ts

@@ -0,0 +1,11 @@
+import type { FileService } from "./services/file";
+import type { AuthenticationService } from "./services/authentication";
+import type { Secret } from "./resources/secret";
+/**
+ * Used by hosting providers to provide service overrides.
+ */
+export declare const overrides: {
+    FileService?: typeof FileService;
+    AuthenticationService?: typeof AuthenticationService;
+    Secret?: typeof Secret;
+};

package/{lib → dist}/overrides.js

@@ -1,4 +1,4 @@
 /**
  * Used by hosting providers to provide service overrides.
  */
-export const overrides = {};
+export const overrides = {};

package/dist/resource.d.ts

@@ -0,0 +1,6 @@
+export declare class Resource {
+    scope: Resource | string;
+    id: string;
+    constructor(scope: Resource | string, id: string);
+    get absoluteId(): string;
+}

package/dist/resource.js

@@ -0,0 +1,20 @@
+export class Resource {
+    scope;
+    id;
+    constructor(scope, id) {
+        this.scope = scope;
+        this.id = id;
+    }
+    get absoluteId() {
+        const sanitizedId = encodeURIComponent(this.id);
+        if (typeof this.scope === 'string') {
+            return `${encodeURIComponent(this.scope)}/${sanitizedId}`;
+        }
+        else if (typeof this.scope?.id === 'string') {
+            return `${this.scope.absoluteId}/${sanitizedId}`;
+        }
+        else {
+            throw new Error("Resources must defined within a scope. Provide either a namespace string or parent resource.");
+        }
+    }
+}

package/dist/resources/secret.d.ts

@@ -0,0 +1,7 @@
+import { Resource } from '../resource.js';
+export declare class Secret extends Resource {
+    #private;
+    constructor(scope: Resource | string, id: string);
+    read(): Promise<any>;
+    write(data: any): Promise<void>;
+}

package/dist/resources/secret.js

@@ -0,0 +1,28 @@
+import crypto from 'crypto';
+import { Resource } from '../resource.js';
+import { FileService } from '../services/file.js';
+import { overrides } from '../overrides.js';
+const FILENAME = 'secret';
+export class Secret extends Resource {
+    #fileService;
+    #initPromise;
+    constructor(scope, id) {
+        super(scope, id);
+        this.#fileService = new (overrides.FileService || FileService)(this, 'files');
+    }
+    #initialize() {
+        this.#initPromise = this.#initPromise || this.#fileService.write(FILENAME, JSON.stringify(crypto.randomBytes(64).toString('base64url')), { onlyIfNotExists: true }).catch(error => {
+            if (!this.#fileService.isAlreadyExistsError(error))
+                throw error;
+        });
+        return this.#initPromise;
+    }
+    async read() {
+        await this.#initialize();
+        return JSON.parse(await this.#fileService.read(FILENAME));
+    }
+    async write(data) {
+        await this.#initialize();
+        await this.#fileService.write(FILENAME, JSON.stringify(data));
+    }
+}

package/dist/services/authentication.d.ts

@@ -0,0 +1,67 @@
+import { Resource } from '../resource.js';
+import type { CookieJar } from '../adapters/cookie-jar.js';
+type AuthenticationInput = {
+    label: string;
+    type: 'text' | 'password';
+    isRequired?: boolean;
+};
+type Action = {
+    name: string;
+    title?: string;
+    description?: string;
+    message?: string;
+    inputs?: Record<string, AuthenticationInput>;
+    buttons?: string[];
+};
+type AuthenticationBaseState = {
+    state: 'authenticated' | 'unauthenticated';
+    user: string | undefined;
+};
+type AuthenticationState = {
+    state: AuthenticationBaseState;
+    message?: string;
+    actions: Record<string, Action>;
+};
+type PerformActionParameter = {
+    key: string;
+    inputs: Record<string, string | number | boolean>;
+    verb: string;
+};
+type AuthenticationError = {
+    message: string;
+    field?: string;
+};
+type AuthenticationServiceOptions = {
+    /**
+     * The number of seconds the authentication session stays alive.
+     */
+    duration?: number;
+    /**
+     * Whether to automatically extend (keep alive) an authentication session when used.
+     */
+    keepalive?: boolean;
+    /**
+     * The name of the cookie to use to store the authentication state JWT.
+     */
+    cookie?: string;
+};
+export declare class AuthenticationService extends Resource {
+    #private;
+    constructor(scope: Resource | string, id: string, { duration, keepalive, cookie }?: AuthenticationServiceOptions);
+    getSigningSecret(): Promise<Uint8Array<ArrayBufferLike>>;
+    get signingSecret(): Promise<Uint8Array<ArrayBufferLike>>;
+    getBaseState(cookies: CookieJar): Promise<AuthenticationBaseState>;
+    getState(cookies: CookieJar): Promise<AuthenticationState>;
+    setBaseState(cookies: CookieJar, user?: string): Promise<void>;
+    missingFieldErrors(input: Record<string, string | number | boolean>, fields: string[]): AuthenticationError[] | undefined;
+    setState(cookies: CookieJar, { key, inputs, verb: _verb }: PerformActionParameter): Promise<AuthenticationState | {
+        errors: AuthenticationError[];
+    }>;
+    buildApi(this: AuthenticationService): {
+        getState: (context: import("../adapters/context.js").Context | boolean) => Promise<AuthenticationState>;
+        setState: (context: import("../adapters/context.js").Context | boolean, options: PerformActionParameter) => Promise<AuthenticationState | {
+            errors: AuthenticationError[];
+        }>;
+    };
+}
+export {};

package/dist/services/authentication.js

@@ -0,0 +1,286 @@
+import { scrypt, randomBytes } from 'crypto';
+import * as jose from 'jose';
+import { Resource } from '../resource.js';
+import { FileService } from './file.js';
+import { Secret } from '../resources/secret.js';
+import { withContext } from '../adapters/context.js';
+import { overrides } from '../overrides.js';
+function hash(password, salt) {
+    return new Promise((resolve, reject) => {
+        const finalSalt = salt || randomBytes(16).toString('hex');
+        scrypt(password, finalSalt, 64, (err, key) => {
+            if (err) {
+                reject(err);
+            }
+            else {
+                resolve(`${finalSalt}$${key.toString('hex')}`);
+            }
+        });
+    });
+}
+async function verifyHash(password, passwordHash) {
+    const [saltPart, _hashPart] = passwordHash.split('$');
+    const rehashed = await hash(password, saltPart);
+    return rehashed === passwordHash;
+}
+// #endregion
+const ONE_WEEK = 7 * 24 * 60 * 60; // days * hours/day * minutes/hour * seconds/minute
+export class AuthenticationService extends Resource {
+    #duration;
+    ;
+    #keepalive;
+    #cookieName;
+    #rawSigningSecret;
+    #signingSecret;
+    #users;
+    constructor(scope, id, { duration, keepalive, cookie } = {}) {
+        super(scope, id);
+        this.#duration = duration || ONE_WEEK;
+        this.#keepalive = !!keepalive;
+        this.#cookieName = cookie ?? 'identity';
+        this.#rawSigningSecret = new (overrides.Secret || Secret)(this, 'jwt-signing-secret');
+        const fileService = new (overrides.FileService || FileService)(this, 'files');
+        this.#users = {
+            id,
+            async get(username) {
+                try {
+                    const data = await fileService.read(this.filenameFor(username));
+                    return JSON.parse(data);
+                }
+                catch {
+                    return undefined;
+                }
+            },
+            async set(username, details) {
+                await fileService.write(this.filenameFor(username), JSON.stringify(details));
+            },
+            async has(username) {
+                const user = await this.get(username);
+                return !!user;
+            },
+            filenameFor(username) {
+                return `${username}.json`;
+            }
+        };
+    }
+    async getSigningSecret() {
+        const secretAsString = await this.#rawSigningSecret.read();
+        return new TextEncoder().encode(secretAsString);
+    }
+    get signingSecret() {
+        if (!this.#signingSecret) {
+            this.#signingSecret = this.getSigningSecret();
+        }
+        return this.#signingSecret;
+    }
+    async getBaseState(cookies) {
+        let idCookie;
+        let user;
+        try {
+            idCookie = cookies.get(this.#cookieName)?.value;
+            const idPayload = idCookie ? (await jose.jwtVerify(idCookie, await this.signingSecret)) : undefined;
+            user = idPayload ? idPayload.payload.sub : undefined;
+        }
+        catch (err) {
+            // jose doesn't like our cookie.
+            console.error(err);
+        }
+        if (user) {
+            return {
+                state: 'authenticated',
+                user
+            };
+        }
+        else {
+            return {
+                state: 'unauthenticated',
+                user: undefined,
+            };
+        }
+    }
+    async getState(cookies) {
+        const state = await this.getBaseState(cookies);
+        if (state.state === 'authenticated') {
+            if (this.#keepalive)
+                this.setBaseState(cookies, state.user);
+            return {
+                state,
+                actions: {
+                    changepassword: {
+                        name: "Change Password",
+                        inputs: {
+                            existingPassword: {
+                                label: 'Old Password',
+                                type: 'password',
+                            },
+                            newPassword: {
+                                label: 'New Password',
+                                type: 'password',
+                            }
+                        },
+                        buttons: ['Change Password']
+                    },
+                    signout: {
+                        name: "Sign out"
+                    },
+                }
+            };
+        }
+        else {
+            return {
+                state,
+                actions: {
+                    signin: {
+                        name: "Sign In",
+                        inputs: {
+                            username: {
+                                label: 'Username',
+                                type: 'text',
+                            },
+                            password: {
+                                label: 'Password',
+                                type: 'password',
+                            },
+                        },
+                        buttons: ['Sign In']
+                    },
+                    signup: {
+                        name: "Sign Up",
+                        inputs: {
+                            username: {
+                                label: 'Username',
+                                type: 'text',
+                            },
+                            password: {
+                                label: 'Password',
+                                type: 'password',
+                            },
+                        },
+                        buttons: ['Sign Up']
+                    },
+                }
+            };
+        }
+    }
+    async setBaseState(cookies, user) {
+        if (!user) {
+            cookies.delete(this.#cookieName);
+        }
+        else {
+            const jwt = await new jose.SignJWT({})
+                .setProtectedHeader({ alg: 'HS256' })
+                .setIssuedAt()
+                .setSubject(user)
+                .setExpirationTime(`${this.#duration}s`)
+                .sign(await this.signingSecret);
+            cookies.set({
+                name: this.#cookieName,
+                value: jwt,
+                httpOnly: true,
+                secure: true,
+                maxAge: this.#duration
+            });
+        }
+    }
+    missingFieldErrors(input, fields) {
+        const errors = [];
+        for (const field of fields) {
+            if (!input[field])
+                errors.push({
+                    field,
+                    message: "Field is required."
+                });
+        }
+        return errors.length > 0 ? errors : undefined;
+    }
+    async setState(cookies, { key, inputs, verb: _verb }) {
+        if (key === 'signout') {
+            await this.setBaseState(cookies, undefined);
+            return this.getState(cookies);
+        }
+        else if (key === 'signup') {
+            const errors = this.missingFieldErrors(inputs, ['username', 'password']);
+            if (errors) {
+                return { errors };
+            }
+            else if (await this.#users.has(inputs.username)) {
+                return { errors: [{
+                            field: 'username',
+                            message: 'User already exists.'
+                        }]
+                };
+            }
+            else {
+                await this.#users.set(inputs.username, {
+                    id: inputs.username,
+                    password: await hash(inputs.password)
+                });
+                await this.setBaseState(cookies, inputs.username);
+                return this.getState(cookies);
+            }
+        }
+        else if (key === 'signin') {
+            const user = await this.#users.get(inputs.username);
+            if (!user) {
+                return { errors: [{
+                            field: 'username',
+                            message: `User doesn't exist.`
+                        }]
+                };
+            }
+            else if (await verifyHash(inputs.password, user.password)) {
+                // a real authentication service will use password hashing.
+                // this is an in-memory just-for-testing user pool.
+                await this.setBaseState(cookies, inputs.username);
+                return this.getState(cookies);
+            }
+            else {
+                return { errors: [{
+                            field: 'password',
+                            message: "Incorrect password."
+                        }]
+                };
+            }
+        }
+        else if (key === 'changepassword') {
+            const state = await this.getBaseState(cookies);
+            const user = await this.#users.get(state.user);
+            if (!user) {
+                return { errors: [{
+                            field: 'username',
+                            message: `You're not signed in as a recognized user.`
+                        }]
+                };
+            }
+            else if (await verifyHash(inputs.existingPassword, user.password)) {
+                await this.#users.set(user.id, {
+                    ...user,
+                    password: await hash(inputs.newPassword)
+                });
+                return {
+                    message: "Password updated.",
+                    ...await this.getState(cookies)
+                };
+            }
+            else {
+                return { errors: [{
+                            field: 'existingPassword',
+                            message: "The provided existing password is incorrect."
+                        }]
+                };
+            }
+        }
+        else {
+            return { errors: [{
+                        message: 'Unrecognized authentication action.'
+                    }]
+            };
+        }
+    }
+    buildApi() {
+        return withContext(context => ({
+            getState: () => this.getState(context.cookies),
+            setState: (options) => this.setState(context.cookies, options),
+        }));
+    }
+}

package/dist/services/file.d.ts

@@ -0,0 +1,16 @@
+import { Resource } from '../resource.js';
+export declare class FileService extends Resource {
+    #private;
+    constructor(scope: Resource | string, id: string);
+    read(filename: string, encoding?: BufferEncoding): Promise<string>;
+    write(filename: string, data: string, { onlyIfNotExists }?: {
+        onlyIfNotExists?: boolean | undefined;
+    }): Promise<void>;
+    delete(filename: string): Promise<void>;
+    list({ prefix }?: {
+        prefix?: string | undefined;
+    }): AsyncGenerator<string, void, unknown>;
+    isAlreadyExistsError(error: {
+        code: any;
+    }): boolean;
+}

package/dist/services/file.js

@@ -0,0 +1,38 @@
+import process from 'process';
+import fs from 'fs';
+import path from 'path';
+import { Resource } from '../resource.js';
+const CWD = process.cwd();
+const ALREADY_EXISTS_CODE = 'EEXIST';
+export class FileService extends Resource {
+    constructor(scope, id) {
+        super(scope, id);
+    }
+    #fullNameFor(filename) {
+        const sanitizedId = this.absoluteId.replace('~', '-').replace(/\.+/g, '.');
+        const sanitizedName = filename.replace('~', '-').replace(/\.+/g, '.');
+        return path.join(CWD, 'temp', 'wirejs-services', sanitizedId, sanitizedName);
+    }
+    async read(filename, encoding = 'utf8') {
+        return fs.promises.readFile(this.#fullNameFor(filename), { encoding });
+    }
+    async write(filename, data, { onlyIfNotExists = false } = {}) {
+        const fullname = this.#fullNameFor(filename);
+        const flag = onlyIfNotExists ? 'wx' : 'w';
+        await fs.promises.mkdir(path.dirname(fullname), { recursive: true });
+        return fs.promises.writeFile(fullname, data, { flag });
+    }
+    async delete(filename) {
+        return fs.promises.unlink(this.#fullNameFor(filename));
+    }
+    async *list({ prefix = '' } = {}) {
+        const all = await fs.promises.readdir(CWD, { recursive: true });
+        for (const name of all) {
+            if (prefix === undefined || name.startsWith(prefix))
+                yield name;
+        }
+    }
+    isAlreadyExistsError(error) {
+        return error.code === ALREADY_EXISTS_CODE;
+    }
+}

package/package.json

@@ -1,17 +1,19 @@
 {
 	"name": "wirejs-resources",
-	"version": "0.1.7-alpha",
+	"version": "0.1.8-alpha",
 	"description": "Basic services and server-side resources for wirejs apps",
 	"type": "module",
-	"main": "./lib/index.js",
-	"types": "./lib/types.ts",
+	"main": "./dist/index.js",
+	"types": "./dist/types.d.ts",
 	"exports": {
 		".": {
-			"types": "./lib/types.ts",
-			"default": "./lib/index.js"
+			"types": "./dist/index.d.ts",
+			"default": "./dist/index.js"
 		}
 	},
-	"scripts": {},
+	"scripts": {
+		"build": "tsc"
+	},
 	"repository": {
 		"type": "git",
 		"url": "git+https://github.com/svidgen/create-wirejs-app.git"
@@ -24,5 +26,12 @@
 	"homepage": "https://github.com/svidgen/create-wirejs-app#readme",
 	"dependencies": {
 		"jose": "^5.9.6"
-	}
+	},
+	"devDependencies": {
+		"typescript": "^5.7.3"
+	},
+	"files": [
+		"package.json",
+		"dist/*"
+	]
 }