walnut.js/lib/package-server-apis.js

'use strict';

var escapeStringRegexp = require('escape-string-regexp');
//var apiHandlers = {};

function getApi(conf, pkgConf, pkgDeps, packagedApi) {
  var PromiseA = pkgDeps.Promise;
  var path = require('path');
  var pkgpath = path.join(pkgConf.apipath, packagedApi.id/*, (packagedApi.api.version || '')*/);

  // TODO needs some version stuff (which would also allow hot-loading of updates)
  // TODO version could be tied to sha256sum

  return new PromiseA(function (resolve, reject) {
    var myApp;
    var ursa;
    var promise;

    // TODO dynamic requires are a no-no
    // can we statically generate a require-er? on each install?
    // module.exports = { {{pkgpath}}: function () { return require({{pkgpath}}) } }
    // requirer[pkgpath]()
    myApp = pkgDeps.express();
    myApp.disable('x-powered-by');
    if (pkgDeps.app.get('trust proxy')) {
      myApp.set('trust proxy', pkgDeps.app.get('trust proxy'));
    }
    if (!pkgConf.pubkey) {
      /*
        return ursa.createPrivateKey(pem, password, encoding);
        var pem = myKey.toPrivatePem();
        return jwt.verifyAsync(token, myKey.toPublicPem(), { ignoreExpiration: false && true }).then(function (decoded) {
        });
      */
      ursa = require('ursa');
      pkgConf.keypair = ursa.createPrivateKey(pkgConf.privkey, 'ascii');
      pkgConf.pubkey = ursa.createPublicKey(pkgConf.pubkey, 'ascii'); //conf.keypair.toPublicKey();
    }

    try {
      packagedApi._apipkg = require(path.join(pkgpath, 'package.json'));
      packagedApi._apiname = packagedApi._apipkg.name;
      if (packagedApi._apipkg.walnut) {
        pkgpath += '/' + packagedApi._apipkg.walnut;
      }
      promise = PromiseA.resolve(require(pkgpath).create(pkgConf, pkgDeps, myApp));
    } catch(e) {
      reject(e);
      return;
    }

    promise.then(function () {
      // TODO give pub/priv pair for app and all public keys
      // packagedApi._api = require(pkgpath).create(pkgConf, pkgDeps, myApp);
      packagedApi._api = require('express-lazy')();
      packagedApi._api_app = myApp;

      //require('./oauth3-auth').inject(conf, packagedApi._api, pkgConf, pkgDeps);
      pkgDeps.getOauth3Controllers =
      packagedApi._getOauth3Controllers = require('oauthcommon/example-oauthmodels').create(conf).getControllers;
      require('oauthcommon').inject(packagedApi._getOauth3Controllers, packagedApi._api, pkgConf, pkgDeps);

      // DEBUG
      //
      /*
      packagedApi._api.use('/', function (req, res, next) {
        console.log('[DEBUG pkgApiApp]', req.method, req.hostname, req.url);
        next();
      });
      //*/

      // TODO fix backwards compat

      // /api/com.example.foo (no change)
      packagedApi._api.use('/', packagedApi._api_app);

      // /api/com.example.foo => /api
      packagedApi._api.use('/', function (req, res, next) {
        var priorUrl = req.url;
        req.url = '/api' + req.url.slice(('/api/' + packagedApi.id).length);
        // console.log('api mangle 3:', req.url);
        packagedApi._api_app(req, res, function (err) {
          req.url = priorUrl;
          next(err);
        });
      });

      // /api/com.example.foo => /
      packagedApi._api.use('/api/' + packagedApi.id, function (req, res, next) {
        // console.log('api mangle 2:', '/api/' + packagedApi.id, req.url);
        // console.log(packagedApi._api_app.toString());
        packagedApi._api_app(req, res, next);
      });

      resolve(packagedApi._api);
    }, reject);
  });
}

function loadApi(conf, pkgConf, pkgDeps, packagedApi) {
  function handlePromise(p) {
    return p.then(function (api) {
      packagedApi._api = api;
      return api;
    });
  }

  if (!packagedApi._promise_api) {
    packagedApi._promise_api = getApi(conf, pkgConf, pkgDeps, packagedApi);
  }

  return handlePromise(packagedApi._promise_api);
}

function runApi(opts, router, req, res, next) {
  var path = require('path');
  var pkgConf = opts.config;
  var pkgDeps = opts.deps;
  //var Services = opts.Services;
  var packagedApi;
  var pathname;

  // TODO compile packagesMap
  // TODO people may want to use the framework in a non-framework way (i.e. to conceal the module name)
  router.packagedApis.some(function (_packagedApi) {
    // console.log('[DEBUG _packagedApi.id]', _packagedApi.id);
    pathname = router.pathname;
    if ('/' === pathname) {
      pathname = '';
    }
    // TODO allow for special apis that do not follow convention (.well_known, webfinger, oauth3.html, etc)
    if (!_packagedApi._api_re) {
      _packagedApi._api_re = new RegExp(escapeStringRegexp(pathname + '/api/' + _packagedApi.id) + '\/([\\w\\.\\-]+)(\\/|\\?|$)');
      //console.log('[api re 2]', _packagedApi._api_re);
    }
    if (_packagedApi._api_re.test(req.url)) {
      packagedApi = _packagedApi;
      return true;
    }
  });

  if (!packagedApi) {
    console.log("[ODD] no api for '" + req.url + "'");
    next();
    return;
  }

  // Reaching this point means that there are APIs for this pathname
  // it is important to identify this host + pathname (example.com/foo) as the app
  Object.defineProperty(req, 'experienceId', {
    enumerable: true
  , configurable: false
  , writable: false
    // TODO this identifier may need to be non-deterministic as to transfer if a domain name changes but is still the "same" app
    // (i.e. a company name change. maybe auto vs manual register - just like oauth3?)
    // NOTE: probably best to alias the name logically
  , value: (path.join(req.hostname, pathname || '')).replace(/\/$/, '')
  });
  Object.defineProperty(req, 'escapedExperienceId', {
    enumerable: true
  , configurable: false
  , writable: false
    // TODO this identifier may need to be non-deterministic as to transfer if a domain name changes but is still the "same" app
    // (i.e. a company name change. maybe auto vs manual register - just like oauth3?)
    // NOTE: probably best to alias the name logically
  , value: req.experienceId.replace(/\//g, ':')
  });
  // packageId should mean hash(api.id + host + path) - also called "api"
  Object.defineProperty(req, 'packageId', {
    enumerable: true
  , configurable: false
  , writable: false
    // TODO this identifier may need to be non-deterministic as to transfer if a domain name changes but is still the "same" app
    // (i.e. a company name change. maybe auto vs manual register - just like oauth3?)
    // NOTE: probably best to alias the name logically
  , value: packagedApi.domain.id
  });
  Object.defineProperty(req, 'appConfig', {
    enumerable: true
  , configurable: false
  , writable: false
  , value: {}       // TODO just the app-scoped config
  });
  Object.defineProperty(req, 'appDeps', {
    enumerable: true
  , configurable: false
  , writable: false
  , value: {}       // TODO app-scoped deps
                    // i.e. when we need to use things such as stripe id
                    // without exposing them to the app
  });

  //
  // TODO user authentication should go right about here
  //

  //
  // TODO freeze objects for passing them into app
  //

  if (packagedApi._api) {
    packagedApi._api(req, res, next);
    return;
  }

  // console.log("[DEBUG pkgpath]", pkgConf.apipath, packagedApi.id);
  loadApi(opts.conf, pkgConf, pkgDeps, packagedApi).then(function (api) {
    api(req, res, next);
  }, function (err) {
    console.error('[App Promise Error]');
    next(err);
  });
}

module.exports.runApi = runApi;