zylaris 1.0.2

package/packages/server/package.json

@@ -0,0 +1,41 @@
+{
+  "name": "@zylaris/server",
+  "version": "1.0.0",
+  "description": "Server-side utilities for Zylaris",
+  "type": "module",
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "test": "vitest run --passWithNoTests",
+    "typecheck": "tsc --noEmit",
+    "clean": "rm -rf dist"
+  },
+  "dependencies": {
+    "@zylaris/reactivity": "workspace:*",
+    "zod": "^3.22.4"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "typescript": "^5.3.3",
+    "vitest": "^1.2.0"
+  },
+  "keywords": [
+    "server",
+    "actions",
+    "api",
+    "zylaris"
+  ],
+  "license": "MIT"
+}

package/packages/server/src/action.test.ts

@@ -0,0 +1,102 @@
+import { describe, it, expect } from 'vitest';
+import { action, ActionBuilder, Action, requireAuth, requireRole } from './action.js';
+import type { ActionContext } from './types.js';
+
+describe('ActionBuilder', () => {
+  it('should create action builder', () => {
+    const builder = action();
+    expect(builder).toBeInstanceOf(ActionBuilder);
+  });
+
+  it('should build action with run', async () => {
+    const myAction = action().run(async (input) => {
+      const { name } = input as { name: string };
+      return { message: `Hello ${name}` };
+    });
+    
+    expect(myAction).toBeInstanceOf(Action);
+  });
+});
+
+describe('Action', () => {
+  it('should execute action successfully', async () => {
+    const myAction = action().run(async (input) => {
+      const { value } = input as { value: number };
+      return { result: value * 2 };
+    });
+    
+    const result = await myAction.execute({ value: 5 }, {
+      request: new Request('http://localhost'),
+      headers: new Headers(),
+      cookies: new Map(),
+      ip: '127.0.0.1',
+      userAgent: 'test'
+    });
+    
+    expect(result.success).toBe(true);
+    expect(result.data).toEqual({ result: 10 });
+  });
+
+  it('should execute with null input', async () => {
+    const myAction = action().run(async () => {
+      return { success: true };
+    });
+    
+    const result = await myAction.execute(null, {
+      request: new Request('http://localhost'),
+      headers: new Headers(),
+      cookies: new Map(),
+      ip: '127.0.0.1',
+      userAgent: 'test'
+    });
+    
+    // Action without input validation should succeed
+    expect(result.success).toBe(true);
+  });
+});
+
+describe('requireAuth', () => {
+  it('should return error when no user', async () => {
+    const middleware = requireAuth();
+    const result = await middleware({
+      request: new Request('http://localhost'),
+      headers: new Headers(),
+      cookies: new Map(),
+      ip: '127.0.0.1',
+      userAgent: 'test'
+    } as ActionContext);
+    
+    expect(result).not.toBeNull();
+    expect(result && result.code).toBe('UNAUTHORIZED');
+  });
+
+  it('should return null when user exists', async () => {
+    const middleware = requireAuth();
+    const result = await middleware({
+      request: new Request('http://localhost'),
+      headers: new Headers(),
+      cookies: new Map(),
+      ip: '127.0.0.1',
+      userAgent: 'test',
+      user: { id: '1', email: 'test@test.com' }
+    } as ActionContext);
+    
+    expect(result).toBeNull();
+  });
+});
+
+describe('requireRole', () => {
+  it('should return error when no user', async () => {
+    const middleware = requireRole(['admin']);
+    const result = await middleware({
+      request: new Request('http://localhost'),
+      headers: new Headers(),
+      cookies: new Map(),
+      ip: '127.0.0.1',
+      userAgent: 'test'
+    } as ActionContext);
+    
+    expect(result).not.toBeNull();
+    expect(result && result.code).toBe('UNAUTHORIZED');
+  });
+});

package/packages/server/src/action.ts

@@ -0,0 +1,201 @@
+import type { ZodType } from 'zod';
+import type {
+  ActionConfig,
+  ActionContext,
+  ActionResult,
+  ActionError,
+  Middleware,
+  RateLimitConfig,
+  ActionHandler,
+} from './types.js';
+
+// Rate limiting store (in production, use Redis)
+const rateLimitStore = new Map<string, { count: number; resetAt: number }>();
+
+export class ActionBuilder<I, O> {
+  private config: ActionConfig<I, O>;
+
+  constructor(config: ActionConfig<I, O> = {}) {
+    this.config = config;
+  }
+
+  input<T extends ZodType>(schema: T): ActionBuilder<ReturnType<T['parse']>, O> {
+    return new ActionBuilder({ ...this.config, input: schema });
+  }
+
+  output<T extends ZodType>(schema: T): ActionBuilder<I, ReturnType<T['parse']>> {
+    return new ActionBuilder({ ...this.config, output: schema });
+  }
+
+  use(middleware: Middleware): this {
+    this.config.middleware = [...(this.config.middleware || []), middleware];
+    return this;
+  }
+
+  rateLimit(config: RateLimitConfig): this {
+    this.config.rateLimit = config;
+    return this;
+  }
+
+  run(handler: ActionHandler<I, O>): Action<I, O> {
+    return new Action(this.config, handler);
+  }
+}
+
+export class Action<I, O> {
+  id: string;
+
+  constructor(
+    private config: ActionConfig<I, O>,
+    private handler: ActionHandler<I, O>
+  ) {
+    this.id = generateActionId();
+  }
+
+  async execute(input: unknown, ctx: ActionContext): Promise<ActionResult<O>> {
+    try {
+      // Check rate limit
+      if (this.config.rateLimit) {
+        const rateLimitError = await checkRateLimit(this.config.rateLimit, ctx);
+        if (rateLimitError) {
+          return { success: false, error: rateLimitError };
+        }
+      }
+
+      // Run middleware
+      if (this.config.middleware) {
+        for (const middleware of this.config.middleware) {
+          const result = await middleware(ctx);
+          if (result) {
+            return { success: false, error: result };
+          }
+        }
+      }
+
+      // Validate input
+      let validatedInput: I;
+      if (this.config.input) {
+        const result = this.config.input.safeParse(input);
+        if (!result.success) {
+          return {
+            success: false,
+            error: {
+              code: 'VALIDATION_ERROR',
+              message: 'Input validation failed',
+              fieldErrors: result.error.flatten().fieldErrors as Record<string, string[]>,
+            },
+          };
+        }
+        validatedInput = result.data as I;
+      } else {
+        validatedInput = input as I;
+      }
+
+      // Execute handler
+      const output = await this.handler(validatedInput, ctx);
+
+      // Validate output
+      if (this.config.output) {
+        const result = this.config.output.safeParse(output);
+        if (!result.success) {
+          return {
+            success: false,
+            error: {
+              code: 'OUTPUT_VALIDATION_ERROR',
+              message: 'Output validation failed',
+            },
+          };
+        }
+      }
+
+      return { success: true, data: output };
+    } catch (error) {
+      return {
+        success: false,
+        error: {
+          code: 'INTERNAL_ERROR',
+          message: error instanceof Error ? error.message : 'Unknown error',
+        },
+      };
+    }
+  }
+}
+
+function generateActionId(): string {
+  return `action_${Math.random().toString(36).substring(2, 11)}`;
+}
+
+async function checkRateLimit(
+  config: RateLimitConfig,
+  ctx: ActionContext
+): Promise<ActionError | null> {
+  const key = config.key ? config.key(ctx) : ctx.ip;
+  const windowMs = parseTimeWindow(config.window);
+  const now = Date.now();
+
+  const record = rateLimitStore.get(key);
+
+  if (!record || now > record.resetAt) {
+    rateLimitStore.set(key, {
+      count: 1,
+      resetAt: now + windowMs,
+    });
+    return null;
+  }
+
+  if (record.count >= config.max) {
+    return {
+      code: 'RATE_LIMIT_EXCEEDED',
+      message: `Rate limit exceeded. Try again in ${Math.ceil((record.resetAt - now) / 1000)}s`,
+    };
+  }
+
+  record.count++;
+  return null;
+}
+
+function parseTimeWindow(window: string): number {
+  const match = window.match(/^(\d+)([smhd])$/);
+  if (!match) return 60000; // Default 1 minute
+
+  const [, num, unit] = match;
+  const multiplier = {
+    s: 1000,
+    m: 60000,
+    h: 3600000,
+    d: 86400000,
+  }[unit] || 60000;
+
+  return parseInt(num) * multiplier;
+}
+
+// Factory function
+export function action(): ActionBuilder<unknown, unknown> {
+  return new ActionBuilder();
+}
+
+// Built-in middleware
+export function requireAuth(): Middleware {
+  return (ctx) => {
+    if (!ctx.user) {
+      return {
+        code: 'UNAUTHORIZED',
+        message: 'Authentication required',
+      };
+    }
+    return null;
+  };
+}
+
+export function requireRole(_roles: string[]): Middleware {
+  return (ctx) => {
+    if (!ctx.user) {
+      return {
+        code: 'UNAUTHORIZED',
+        message: 'Authentication required',
+      };
+    }
+    // In real implementation, check user roles
+    return null;
+  };
+}

package/packages/server/src/api.ts

@@ -0,0 +1,143 @@
+import type { ZodType } from 'zod';
+import type {
+  APIConfig,
+  APIHandler,
+  ActionContext,
+  Middleware,
+} from './types.js';
+
+export class APIBuilder<I, O> {
+  private config: APIConfig<I, O>;
+  
+  constructor(config: APIConfig<I, O> = {}) {
+    this.config = config;
+  }
+
+  query<T extends ZodType>(schema: T): APIBuilder<ReturnType<T['parse']>, O> {
+    return new APIBuilder({ ...this.config, query: schema });
+  }
+
+  body<T extends ZodType>(schema: T): APIBuilder<ReturnType<T['parse']>, O> {
+    return new APIBuilder({ ...this.config, body: schema });
+  }
+
+  output<T extends ZodType>(schema: T): APIBuilder<I, ReturnType<T['parse']>> {
+    return new APIBuilder({ ...this.config, output: schema });
+  }
+
+  use(middleware: Middleware): this {
+    this.config.middleware = [...(this.config.middleware || []), middleware];
+    return this;
+  }
+
+  handler(fn: APIHandler<I, O>): (request: Request) => Promise<Response> {
+    return async (request: Request) => {
+      try {
+        const ctx = await createContext(request);
+
+        // Run middleware
+        if (this.config.middleware) {
+          for (const middleware of this.config.middleware) {
+            const result = await middleware(ctx);
+            if (result) {
+              return Response.json(
+                { success: false, error: result },
+                { status: 400 }
+              );
+            }
+          }
+        }
+
+        // Parse input
+        let input: I = {} as I;
+
+        if (this.config.query) {
+          const url = new URL(request.url);
+          const query = Object.fromEntries(url.searchParams);
+          const result = this.config.query.safeParse(query);
+          if (!result.success) {
+            return Response.json(
+              {
+                success: false,
+                error: {
+                  code: 'VALIDATION_ERROR',
+                  message: 'Query validation failed',
+                  fieldErrors: result.error.flatten().fieldErrors,
+                },
+              },
+              { status: 400 }
+            );
+          }
+          input = { ...input, ...result.data };
+        }
+
+        if (this.config.body && request.body) {
+          const body = await request.json();
+          const result = this.config.body.safeParse(body);
+          if (!result.success) {
+            return Response.json(
+              {
+                success: false,
+                error: {
+                  code: 'VALIDATION_ERROR',
+                  message: 'Body validation failed',
+                  fieldErrors: result.error.flatten().fieldErrors,
+                },
+              },
+              { status: 400 }
+            );
+          }
+          input = { ...input, ...result.data };
+        }
+
+        // Execute handler
+        const response = await fn(input, ctx);
+        return response;
+      } catch (error) {
+        console.error('API Error:', error);
+        return Response.json(
+          {
+            success: false,
+            error: {
+              code: 'INTERNAL_ERROR',
+              message: error instanceof Error ? error.message : 'Unknown error',
+            },
+          },
+          { status: 500 }
+        );
+      }
+    };
+  }
+}
+
+async function createContext(request: Request): Promise<ActionContext> {
+  const headers = request.headers;
+  const cookies = parseCookies(headers.get('cookie') || '');
+
+  return {
+    request,
+    headers,
+    cookies,
+    ip: headers.get('x-forwarded-for') || 'unknown',
+    userAgent: headers.get('user-agent') || 'unknown',
+  };
+}
+
+function parseCookies(cookieHeader: string): Map<string, string> {
+  const cookies = new Map<string, string>();
+  if (!cookieHeader) return cookies;
+
+  cookieHeader.split(';').forEach((cookie) => {
+    const [name, value] = cookie.trim().split('=');
+    if (name && value) {
+      cookies.set(name, decodeURIComponent(value));
+    }
+  });
+
+  return cookies;
+}
+
+// Factory function
+export function api(): APIBuilder<unknown, unknown> {
+  return new APIBuilder();
+}

package/packages/server/src/index.ts

@@ -0,0 +1,18 @@
+// Zylaris Server - Server-side utilities
+
+export { Action, ActionBuilder, action, requireAuth, requireRole } from './action.js';
+export { APIBuilder, api } from './api.js';
+
+export type {
+  ActionContext,
+  User,
+  Session,
+  ActionConfig,
+  ActionResult,
+  ActionError,
+  Middleware,
+  RateLimitConfig,
+  ActionHandler,
+  APIConfig,
+  APIHandler,
+} from './types.js';

package/packages/server/src/types.ts

@@ -0,0 +1,72 @@
+import type { ZodType } from 'zod';
+
+export interface ActionContext {
+  request: Request;
+  headers: Headers;
+  cookies: Map<string, string>;
+  user?: User;
+  session?: Session;
+  ip: string;
+  userAgent: string;
+}
+
+export interface User {
+  id: string;
+  email: string;
+  name?: string;
+  [key: string]: unknown;
+}
+
+export interface Session {
+  id: string;
+  userId: string;
+  expiresAt: Date;
+  [key: string]: unknown;
+}
+
+export interface ActionConfig<I, O> {
+  input?: ZodType<I>;
+  output?: ZodType<O>;
+  middleware?: Middleware[];
+  rateLimit?: RateLimitConfig;
+}
+
+export interface ActionResult<O> {
+  success: boolean;
+  data?: O;
+  error?: ActionError;
+}
+
+export interface ActionError {
+  code: string;
+  message: string;
+  fieldErrors?: Record<string, string[]>;
+}
+
+export type Middleware = (
+  ctx: ActionContext
+) => Promise<ActionError | null | undefined> | ActionError | null | undefined;
+
+export interface RateLimitConfig {
+  max: number;
+  window: string; // e.g., '1m', '1h'
+  key?: (ctx: ActionContext) => string;
+}
+
+export type ActionHandler<I, O> = (
+  input: I,
+  ctx: ActionContext
+) => Promise<O> | O;
+
+// API Route types
+export interface APIConfig<I, O> {
+  query?: ZodType<I>;
+  body?: ZodType<I>;
+  output?: ZodType<O>;
+  middleware?: Middleware[];
+}
+
+export type APIHandler<_I, _O> = (
+  input: _I,
+  ctx: ActionContext
+) => Promise<Response> | Response;

package/packages/server/tsconfig.json

@@ -0,0 +1,9 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "outDir": "./dist",
+    "rootDir": "./src"
+  },
+  "include": ["src/**/*"],
+  "exclude": ["dist", "node_modules"]
+}

package/pnpm-workspace.yaml

@@ -0,0 +1,4 @@
+packages:
+  - 'packages/*'
+  - 'templates/*'
+  - 'examples/*'