wirejs-resources 0.1.7-alpha → 0.1.9-alpha

package/dist/services/authentication.js

@@ -0,0 +1,286 @@
+import { scrypt, randomBytes } from 'crypto';
+import * as jose from 'jose';
+import { Resource } from '../resource.js';
+import { FileService } from './file.js';
+import { Secret } from '../resources/secret.js';
+import { withContext } from '../adapters/context.js';
+import { overrides } from '../overrides.js';
+function hash(password, salt) {
+    return new Promise((resolve, reject) => {
+        const finalSalt = salt || randomBytes(16).toString('hex');
+        scrypt(password, finalSalt, 64, (err, key) => {
+            if (err) {
+                reject(err);
+            }
+            else {
+                resolve(`${finalSalt}$${key.toString('hex')}`);
+            }
+        });
+    });
+}
+async function verifyHash(password, passwordHash) {
+    const [saltPart, _hashPart] = passwordHash.split('$');
+    const rehashed = await hash(password, saltPart);
+    return rehashed === passwordHash;
+}
+// #endregion
+const ONE_WEEK = 7 * 24 * 60 * 60; // days * hours/day * minutes/hour * seconds/minute
+export class AuthenticationService extends Resource {
+    #duration;
+    ;
+    #keepalive;
+    #cookieName;
+    #rawSigningSecret;
+    #signingSecret;
+    #users;
+    constructor(scope, id, { duration, keepalive, cookie } = {}) {
+        super(scope, id);
+        this.#duration = duration || ONE_WEEK;
+        this.#keepalive = !!keepalive;
+        this.#cookieName = cookie ?? 'identity';
+        this.#rawSigningSecret = new (overrides.Secret || Secret)(this, 'jwt-signing-secret');
+        const fileService = new (overrides.FileService || FileService)(this, 'files');
+        this.#users = {
+            id,
+            async get(username) {
+                try {
+                    const data = await fileService.read(this.filenameFor(username));
+                    return JSON.parse(data);
+                }
+                catch {
+                    return undefined;
+                }
+            },
+            async set(username, details) {
+                await fileService.write(this.filenameFor(username), JSON.stringify(details));
+            },
+            async has(username) {
+                const user = await this.get(username);
+                return !!user;
+            },
+            filenameFor(username) {
+                return `${username}.json`;
+            }
+        };
+    }
+    async getSigningSecret() {
+        const secretAsString = await this.#rawSigningSecret.read();
+        return new TextEncoder().encode(secretAsString);
+    }
+    get signingSecret() {
+        if (!this.#signingSecret) {
+            this.#signingSecret = this.getSigningSecret();
+        }
+        return this.#signingSecret;
+    }
+    async getBaseState(cookies) {
+        let idCookie;
+        let user;
+        try {
+            idCookie = cookies.get(this.#cookieName)?.value;
+            const idPayload = idCookie ? (await jose.jwtVerify(idCookie, await this.signingSecret)) : undefined;
+            user = idPayload ? idPayload.payload.sub : undefined;
+        }
+        catch (err) {
+            // jose doesn't like our cookie.
+            console.error(err);
+        }
+        if (user) {
+            return {
+                state: 'authenticated',
+                user
+            };
+        }
+        else {
+            return {
+                state: 'unauthenticated',
+                user: undefined,
+            };
+        }
+    }
+    async getState(cookies) {
+        const state = await this.getBaseState(cookies);
+        if (state.state === 'authenticated') {
+            if (this.#keepalive)
+                this.setBaseState(cookies, state.user);
+            return {
+                state,
+                actions: {
+                    changepassword: {
+                        name: "Change Password",
+                        inputs: {
+                            existingPassword: {
+                                label: 'Old Password',
+                                type: 'password',
+                            },
+                            newPassword: {
+                                label: 'New Password',
+                                type: 'password',
+                            }
+                        },
+                        buttons: ['Change Password']
+                    },
+                    signout: {
+                        name: "Sign out"
+                    },
+                }
+            };
+        }
+        else {
+            return {
+                state,
+                actions: {
+                    signin: {
+                        name: "Sign In",
+                        inputs: {
+                            username: {
+                                label: 'Username',
+                                type: 'text',
+                            },
+                            password: {
+                                label: 'Password',
+                                type: 'password',
+                            },
+                        },
+                        buttons: ['Sign In']
+                    },
+                    signup: {
+                        name: "Sign Up",
+                        inputs: {
+                            username: {
+                                label: 'Username',
+                                type: 'text',
+                            },
+                            password: {
+                                label: 'Password',
+                                type: 'password',
+                            },
+                        },
+                        buttons: ['Sign Up']
+                    },
+                }
+            };
+        }
+    }
+    async setBaseState(cookies, user) {
+        if (!user) {
+            cookies.delete(this.#cookieName);
+        }
+        else {
+            const jwt = await new jose.SignJWT({})
+                .setProtectedHeader({ alg: 'HS256' })
+                .setIssuedAt()
+                .setSubject(user)
+                .setExpirationTime(`${this.#duration}s`)
+                .sign(await this.signingSecret);
+            cookies.set({
+                name: this.#cookieName,
+                value: jwt,
+                httpOnly: true,
+                secure: true,
+                maxAge: this.#duration
+            });
+        }
+    }
+    missingFieldErrors(input, fields) {
+        const errors = [];
+        for (const field of fields) {
+            if (!input[field])
+                errors.push({
+                    field,
+                    message: "Field is required."
+                });
+        }
+        return errors.length > 0 ? errors : undefined;
+    }
+    async setState(cookies, { key, inputs, verb: _verb }) {
+        if (key === 'signout') {
+            await this.setBaseState(cookies, undefined);
+            return this.getState(cookies);
+        }
+        else if (key === 'signup') {
+            const errors = this.missingFieldErrors(inputs, ['username', 'password']);
+            if (errors) {
+                return { errors };
+            }
+            else if (await this.#users.has(inputs.username)) {
+                return { errors: [{
+                            field: 'username',
+                            message: 'User already exists.'
+                        }]
+                };
+            }
+            else {
+                await this.#users.set(inputs.username, {
+                    id: inputs.username,
+                    password: await hash(inputs.password)
+                });
+                await this.setBaseState(cookies, inputs.username);
+                return this.getState(cookies);
+            }
+        }
+        else if (key === 'signin') {
+            const user = await this.#users.get(inputs.username);
+            if (!user) {
+                return { errors: [{
+                            field: 'username',
+                            message: `User doesn't exist.`
+                        }]
+                };
+            }
+            else if (await verifyHash(inputs.password, user.password)) {
+                // a real authentication service will use password hashing.
+                // this is an in-memory just-for-testing user pool.
+                await this.setBaseState(cookies, inputs.username);
+                return this.getState(cookies);
+            }
+            else {
+                return { errors: [{
+                            field: 'password',
+                            message: "Incorrect password."
+                        }]
+                };
+            }
+        }
+        else if (key === 'changepassword') {
+            const state = await this.getBaseState(cookies);
+            const user = await this.#users.get(state.user);
+            if (!user) {
+                return { errors: [{
+                            field: 'username',
+                            message: `You're not signed in as a recognized user.`
+                        }]
+                };
+            }
+            else if (await verifyHash(inputs.existingPassword, user.password)) {
+                await this.#users.set(user.id, {
+                    ...user,
+                    password: await hash(inputs.newPassword)
+                });
+                return {
+                    message: "Password updated.",
+                    ...await this.getState(cookies)
+                };
+            }
+            else {
+                return { errors: [{
+                            field: 'existingPassword',
+                            message: "The provided existing password is incorrect."
+                        }]
+                };
+            }
+        }
+        else {
+            return { errors: [{
+                        message: 'Unrecognized authentication action.'
+                    }]
+            };
+        }
+    }
+    buildApi() {
+        return withContext(context => ({
+            getState: () => this.getState(context.cookies),
+            setState: (options) => this.setState(context.cookies, options),
+        }));
+    }
+}

package/dist/services/file.d.ts

@@ -0,0 +1,16 @@
+import { Resource } from '../resource.js';
+export declare class FileService extends Resource {
+    #private;
+    constructor(scope: Resource | string, id: string);
+    read(filename: string, encoding?: BufferEncoding): Promise<string>;
+    write(filename: string, data: string, { onlyIfNotExists }?: {
+        onlyIfNotExists?: boolean | undefined;
+    }): Promise<void>;
+    delete(filename: string): Promise<void>;
+    list({ prefix }?: {
+        prefix?: string | undefined;
+    }): AsyncGenerator<string, void, unknown>;
+    isAlreadyExistsError(error: {
+        code: any;
+    }): boolean;
+}

package/dist/services/file.js

@@ -0,0 +1,38 @@
+import process from 'process';
+import fs from 'fs';
+import path from 'path';
+import { Resource } from '../resource.js';
+const CWD = process.cwd();
+const ALREADY_EXISTS_CODE = 'EEXIST';
+export class FileService extends Resource {
+    constructor(scope, id) {
+        super(scope, id);
+    }
+    #fullNameFor(filename) {
+        const sanitizedId = this.absoluteId.replace('~', '-').replace(/\.+/g, '.');
+        const sanitizedName = filename.replace('~', '-').replace(/\.+/g, '.');
+        return path.join(CWD, 'temp', 'wirejs-services', sanitizedId, sanitizedName);
+    }
+    async read(filename, encoding = 'utf8') {
+        return fs.promises.readFile(this.#fullNameFor(filename), { encoding });
+    }
+    async write(filename, data, { onlyIfNotExists = false } = {}) {
+        const fullname = this.#fullNameFor(filename);
+        const flag = onlyIfNotExists ? 'wx' : 'w';
+        await fs.promises.mkdir(path.dirname(fullname), { recursive: true });
+        return fs.promises.writeFile(fullname, data, { flag });
+    }
+    async delete(filename) {
+        return fs.promises.unlink(this.#fullNameFor(filename));
+    }
+    async *list({ prefix = '' } = {}) {
+        const all = await fs.promises.readdir(CWD, { recursive: true });
+        for (const name of all) {
+            if (prefix === undefined || name.startsWith(prefix))
+                yield name;
+        }
+    }
+    isAlreadyExistsError(error) {
+        return error.code === ALREADY_EXISTS_CODE;
+    }
+}

package/dist/setup/index.d.ts

@@ -0,0 +1 @@
+export declare function prebuildApi(): Promise<void>;

package/dist/setup/index.js

@@ -0,0 +1,27 @@
+import process from 'process';
+import fs from 'fs';
+import path from 'path';
+export async function prebuildApi() {
+    const CWD = process.cwd();
+    let API_URL = '/api';
+    const indexModule = await import(path.join(CWD, 'index.js'));
+    try {
+        const backendConfigModule = await import(path.join(CWD, 'config.js'));
+        const backendConfig = backendConfigModule.default;
+        console.log("backend config found", backendConfig);
+        if (backendConfig.apiUrl) {
+            API_URL = backendConfig.apiUrl;
+        }
+    }
+    catch {
+        console.log("No backend API config found.");
+    }
+    const apiCode = Object.keys(indexModule)
+        .map(k => `export const ${k} = apiTree(INTERNAL_API_URL, ${JSON.stringify([k])});`)
+        .join('\n');
+    const baseClient = [
+        `import { apiTree } from "wirejs-resources/hosting/client.js";`,
+        `const INTERNAL_API_URL = ${JSON.stringify(API_URL)};`,
+    ].join('\n');
+    await fs.promises.writeFile(path.join(CWD, 'index.client.js'), [baseClient, apiCode].join('\n\n'));
+}

package/package.json

@@ -1,17 +1,27 @@
 {
 	"name": "wirejs-resources",
-	"version": "0.1.7-alpha",
+	"version": "0.1.9-alpha",
 	"description": "Basic services and server-side resources for wirejs apps",
 	"type": "module",
-	"main": "./lib/index.js",
-	"types": "./lib/types.ts",
+	"main": "./dist/index.js",
+	"types": "./dist/index.d.ts",
 	"exports": {
 		".": {
-			"types": "./lib/types.ts",
-			"default": "./lib/index.js"
+			"types": "./dist/index.d.ts",
+			"default": "./dist/index.js"
+		},
+		"./internal": {
+			"types": "./dist/internal/index.d.ts",
+			"default": "./dist/internal/index.js"
+		},
+		"./client": {
+			"types": "./dist/client/index.d.ts",
+			"default": "./dist/client/index.js"
 		}
 	},
-	"scripts": {},
+	"scripts": {
+		"build": "tsc"
+	},
 	"repository": {
 		"type": "git",
 		"url": "git+https://github.com/svidgen/create-wirejs-app.git"
@@ -24,5 +34,12 @@
 	"homepage": "https://github.com/svidgen/create-wirejs-app#readme",
 	"dependencies": {
 		"jose": "^5.9.6"
-	}
+	},
+	"devDependencies": {
+		"typescript": "^5.7.3"
+	},
+	"files": [
+		"package.json",
+		"dist/*"
+	]
 }

package/lib/adapters/context.js

@@ -1,98 +0,0 @@
-import { CookieJar } from "./cookie-jar.js";
-
-const __requiresContext = new Symbol('__requiresContext');
-
-/**
- * @typedef {(...args: any) => any} ApiMethod
- */
-
-/**
- * @typedef {{
- * 	[K in string]: ApiMethod | ApiNamespace
- * }} ApiNamespace
- */
-
-/**
- * @template T
- * @typedef {T extends ((...args: infer ARGS) => infer RT)
- * 	? ((
- * 		context: Context | boolean,
- * 		...args: ARGS
- * 	) => RT extends Promise<any> ? RT : Promise<RT>) : never
- * } ContextfulApiMethod
- */
-
-/**
- * @template T
- * @typedef {{
- * 	[K in keyof T]: T[K] extends ApiMethod
- * 	? ContextfulApiMethod<T[K]>
- * 	: ContextfulApiNamespace<T[K]>
- * }} ContextfulApiNamespace
- */
-
-/**
- * @template {ApiNamespace | ApiMethod} T
- * @typedef {T extends ApiMethod
- * 	? ContextfulApiMethod<T>
- * 	: ContextfulApiNamespace<T>
- * } ContextWrapped
- */
-
-/**
- * @template {ApiMethod | ApiNamespace} T
- * @param {(context: Context) => T} contextWrapper
- * @param {string[]} [path]
- * @returns {ContextWrapped<T>}
- */
-export function withContext(contextWrapper, path = []) {
-	// first param needs to be a function, which enables `Proxy` to implement `apply()`.
-	const fnOrNs = new Proxy(function() {}, {
-		apply(_target, _thisArg, args) {
-			const [context, ...remainingArgs] = args;
-			let functionOrNamespaceObject = contextWrapper(context);
-			console.log({context, args, functionOrNamespaceObject, path});
-			for (const k of path) {
-				functionOrNamespaceObject = functionOrNamespaceObject[k];
-			}
-			return functionOrNamespaceObject(...remainingArgs);
-		},
-		get(_target, prop) {
-			return withContext(contextWrapper, [...path, prop])
-		}
-	});
-	fnOrNs[__requiresContext] = true;
-	return fnOrNs;
-}
-
-/**
- * 
- * @param {Object} fnOrNS
- * @returns {fnOrNS is (context: Context) => T}
- */
-export function requiresContext(fnOrNS) {
-	return fnOrNS[__requiresContext] === true;
-}
-
-export class Context {
-	/**
-	 * @type {CookieJar} cookies
-	 */
-	cookies;
-
-	/**
-	 * @type {URL} location
-	 */
-	location;
-
-	/**
-	 * @param {{
-	 * 	cookies: CookieJar;
-	 * 	location: URL;
-	 * }}
-	 */
-	constructor({ cookies, location }) {
-		this.cookies = cookies;
-		this.location = location;
-	}
-}

package/lib/adapters/cookie-jar.js

@@ -1,94 +0,0 @@
-/**
- * @typedef {Object} Cookie
- * @property {string} name
- * @property {string} value
- * @property {number} [maxAge] - The maximum age (TTL) in seconds
- * @property {boolean} [httpOnly] - Whether the cookie is only accessible to the client (not JS)
- * @property {boolean} [secure] - Whether the cookie should only be sent over HTTPS (or localhost)
- */
-
-export class CookieJar {
-	/**
-	 * @type {Record<string, Cookie>}
-	 */
-	#cookies = {};
-
-	/**
-	 * The list of cookies that have been set with `set()` which need to be
-	 * sent to the client.
-	 * 
-	 * @type {Set<string>}
-	 */
-	#setCookies = new Set();
-
-	/**
-	 * Initialize
-	 * 
-	 * @param {string | undefined} cookie
-	 */
-	constructor(cookie) {
-		this.#cookies = Object.fromEntries(
-			(cookie || '')
-				.split(/;/g)
-				.map(c => {
-					const [k, v] = c.split('=').map(p => decodeURIComponent(p.trim()));
-					return [k, {
-						name: k,
-						value: v
-					}];
-				})
-		);
-	}
-
-	/**
-	 * @param {Cookie} cookie 
-	 */
-	set(cookie) {
-		this.#cookies[cookie.name] = {...cookie};
-		this.#setCookies.add(cookie.name);
-	}
-	
-	/**
-	 * 
-	 * @param {string} name 
-	 * @returns {Cookie | undefined}
-	 */
-	get(name) {
-		return this.#cookies[name] ? { ...this.#cookies[name] } : undefined;
-	}
-
-	/**
-	 * 
-	 * @param {string} name 
-	 */
-	delete(name) {
-		if (this.#cookies[name]) {
-			this.#cookies[name].value = '-- deleted --';
-			this.#cookies[name].maxAge = 0;
-			this.#setCookies.add(name);
-		}
-	}
-
-	/**
-	 * Gets a copy of all cookies.
-	 * 
-	 * Changes made to this copy are not reflected
-	 * 
-	 * @returns {Record<string, string>}
-	 */
-	getAll() {
-		const all = {};
-		for (const cookie of Object.values(this.#cookies)) {
-			all[cookie.name] = cookie.value;
-		}
-		return all;
-	}
-
-	getSetCookies() {
-		const all = [];
-		for (const name of this.#setCookies) {
-			all.push({...this.#cookies[name]});
-		}
-		return all;
-	}
-}

package/lib/resource.js

@@ -1,32 +0,0 @@
-export class Resource {
-	/**
-	 * @type {Resource | string}
-	 */
-	scope;
-
-	/**
-	 * @type {string}
-	 */
-	id;
-
-	/**
-	 * 
-	 * @param {Resource | string} scope
-	 * @param {string} id 
-	 */
-	constructor(scope, id) {
-		this.scope = scope;
-		this.id = id;
-	}
-
-	get absoluteId() {
-		const sanitizedId = encodeURIComponent(this.id);
-		if (typeof this.scope === 'string') {
-			return `${encodeURIComponent(this.scope)}/${sanitizedId}`;
-		} else if (typeof this.scope?.id === 'string') {
-			return `${this.scope.absoluteId}/${sanitizedId}`;
-		} else {
-			throw new Error("Resources must defined within a scope. Provide either a namespace string or parent resource.");
-		}
-	}
-}

package/lib/resources/secret.js

@@ -1,54 +0,0 @@
-import crypto from 'crypto';
-import { Resource } from '../resource.js';
-import { FileService } from '../services/file.js';
-import { overrides } from '../overrides.js';
-
-const FILENAME = 'secret';
-
-export class Secret extends Resource {
-	/**
-	 * @type {FileService}
-	 */
-	#fileService;
-
-	/**
-	 * @type {Promise<any>}
-	 */
-	#initPromise;
-
-	/**
-	 * @param {Resource | string}
-	 * @param {string} id 
-	 */
-	constructor(scope, id) {
-		super(scope, id);
-		this.#fileService = new (overrides.FileService || FileService)(this, 'files');
-	}
-
-	#initialize() {
-		this.#initPromise = this.#initPromise || this.#fileService.write(
-			FILENAME,
-			JSON.stringify(crypto.randomBytes(64).toString('base64url')),
-			{ onlyIfNotExists: true }
-		).catch(error => {
-			if (!this.#fileService.isAlreadyExistsError(error)) throw error;
-		});
-		return this.#initPromise;
-	}
-
-	/**
-	 * @returns {any}
-	 */
-	async read() {
-		await this.#initialize();
-		return JSON.parse(await this.#fileService.read(FILENAME));
-	}
-
-	/**
-	 * @param {any} data 
-	 */
-	async write(data) {
-		await this.#initialize();
-		await this.#fileService.write(FILENAME, JSON.stringify(data));
-	}
-}