import { createServer, type Server, type ServerResponse } from "node:http"; import { dirname, join } from "node:path"; import { fileURLToPath } from "node:url"; import * as ejs from "ejs"; import { buildContext } from "./context.ts"; import { buildDashboardModel } from "./dashboard.ts"; import { PLUGINS_DIR } from "./discovery.ts"; import { runRequestHooks, runResponseHooks } from "./hooks.ts"; import { DEFAULT_MENU, type MenuConfig } from "./menu-config.ts"; import type { Plugin, RouteResult } from "./plugin.ts"; import { allowedMethods, isAuthorized, matchRoute } from "./router.ts"; import { routePublic, serveStatic } from "./static.ts"; import { renderPluginView } from "./view-resolver.ts"; const rootDir = join(dirname(fileURLToPath(import.meta.url)), ".."); export interface AppOptions { // Cache compiled templates; caller decides (server passes config.cacheTemplates). // Off by default so edits show live; the app itself never inspects the environment. cache?: boolean; menu?: MenuConfig; // central override + branding (config/menu.ts); defaults to DEFAULT_MENU plugins?: Plugin[]; // discovered manifests to mount (router); empty until §2 discovery runs pluginsDir?: string; // where plugin views/static live; defaults to the scanned plugins/ publicDir?: string; viewsDir?: string; } export function createApp(options: AppOptions = {}): Server { const cache = options.cache ?? false; const menu = options.menu ?? DEFAULT_MENU; const plugins = options.plugins ?? []; const pluginIds = new Set(plugins.map((p) => p.id)); // Skip the hook pipeline entirely unless a plugin declares the hook (keeps the hot path free). const anyRequestHooks = plugins.some((p) => p.hooks?.onRequest); const anyResponseHooks = plugins.some((p) => p.hooks?.onResponse); const pluginsDir = options.pluginsDir ?? PLUGINS_DIR; const publicDir = options.publicDir ?? join(rootDir, "public"); const viewsDir = options.viewsDir ?? join(rootDir, "views"); const render = (view: string, data: Record): Promise => ejs.renderFile(join(viewsDir, `${view}.ejs`), data, { cache }); // A `view` RouteResult renders plugins//views/.ejs; such views may include() the core // building-block partials (resolved from viewsDir) and their own partials/subfolders. const renderView = renderPluginView({ cache, coreViewsDir: viewsDir, pluginsDir }); const sendHtml = (res: ServerResponse, status: number, html: string): void => { res.writeHead(status, { "content-type": "text/html; charset=utf-8" }); res.end(html); }; return createServer(async (req, res) => { try { const method = req.method ?? "GET"; const ctx = buildContext(req, res); // base context (no route params yet); reused for onRequest const pathname = ctx.url.pathname; if (pathname.startsWith("/public/") && (method === "GET" || method === "HEAD")) { // /public//… serves a plugin's public/; everything else the core public/. const { dir, subPath } = routePublic(pathname.slice("/public/".length), publicDir, pluginsDir, pluginIds); await serveStatic(dir, subPath, res, method === "HEAD"); return; } // Plugin onRequest hooks run before routing and may short-circuit the request. if (anyRequestHooks) { const short = await runRequestHooks(plugins, ctx); if (short) { await sendResult(res, short.result, (view, data) => renderView(short.plugin.id, view, data)); return; } } // Plugin routes (any method): gate on the route's permission, then run the handler. const match = matchRoute(plugins, method, pathname); if (match) { const routeCtx = buildContext(req, res, { params: match.params }); if (!isAuthorized(match.route, routeCtx.roles)) { sendHtml(res, 403, await render("403", { title: "Forbidden" })); return; } const result = (await match.route.handler(routeCtx)) ?? null; if (anyResponseHooks) await runResponseHooks(plugins, routeCtx, result); // observers; a throw → 500 await sendResult(res, result, (view, data) => renderView(match.plugin.id, view, data)); return; } if (pathname === "/" && (method === "GET" || method === "HEAD")) { // Mock data + no roles until auth (§4) lands; branding/override come from config/menu.ts. sendHtml(res, 200, await render("index", { model: buildDashboardModel(ctx.url, [], menu) })); return; } // Known path, wrong method → 405 with Allow; otherwise nothing here → 404. const allow = allowedMethods(plugins, pathname); if (allow.length) { res.writeHead(405, { allow: allow.join(", "), "content-type": "text/plain; charset=utf-8" }).end("Method Not Allowed"); return; } sendHtml(res, 404, await render("404", { title: "Not found" })); } catch (err) { console.error(err); if (res.headersSent) return void res.end(); // a partial body is already on the wire try { // Render before writing: if the 500 page itself throws, headers stay unsent // and we fall back to plain text below instead of a half-written response. sendHtml(res, 500, await render("500", { title: "Server error" })); } catch (renderErr) { console.error(renderErr); res.writeHead(500, { "content-type": "text/plain; charset=utf-8" }).end("Internal Server Error"); } } }); } type ViewRenderer = (view: string, data: Record) => Promise; // Turn a handler's RouteResult into the HTTP response. `null` = the handler took over `ctx.res` // itself (the void escape hatch). Author `headers` override the content-type default. async function sendResult(res: ServerResponse, result: RouteResult | null, renderView: ViewRenderer): Promise { if (result == null || res.writableEnded) return; if ("redirect" in result) { res.writeHead(result.status ?? 303, { location: result.redirect }).end(); return; } if ("json" in result) { res.writeHead(result.status ?? 200, { "content-type": "application/json; charset=utf-8", ...result.headers }); res.end(JSON.stringify(result.json)); return; } const body = "html" in result ? result.html : await renderView(result.view, result.data ?? {}); res.writeHead(result.status ?? 200, { "content-type": "text/html; charset=utf-8", ...result.headers }); res.end(body); // Node suppresses the body for HEAD automatically }