feat(app,module): fetch basic module

Makefile

@@ -7,6 +7,8 @@ GOTEST_ARGS ?= -short
 ESBUILD_VERSION ?= v0.17.5
 
 GIT_VERSION := $(shell git describe --always)
+DATE_VERSION := $(shell date +%Y.%-m.%-d)
+FULL_VERSION := v$(DATE_VERSION)-$(GIT_VERSION)$(if $(shell git diff --stat),-dirty,)
 
 build: build-edge-cli
 
@@ -57,20 +59,21 @@ pkg/sdk/client/dist/client.js: tools/esbuild/bin/esbuild node_modules
 node_modules:
 	npm ci
 
-gitea-release: tools/gitea-release/bin/gitea-release.sh build
+gitea-release: tools/yq/bin/yq tools/gitea-release/bin/gitea-release.sh build
 	mkdir -p .gitea-release
 	rm -rf .gitea-release/*
 
 	cp bin/cli .gitea-release/edge_cli_amd64
 
 	# Create client-sdk-testsuite package
+	tools/yq/bin/yq -i '.version = "$(FULL_VERSION)"' ./misc/client-sdk-testsuite/dist/manifest.yml
 	.gitea-release/edge_cli_amd64 app package -d ./misc/client-sdk-testsuite/dist -o .gitea-release
 
 	GITEA_RELEASE_PROJECT="edge" \
 		GITEA_RELEASE_ORG="arcad" \
 		GITEA_RELEASE_BASE_URL="https://forge.cadoles.com" \
-		GITEA_RELEASE_VERSION="$(GIT_VERSION)" \
-		GITEA_RELEASE_NAME="$(GIT_VERSION)" \
+		GITEA_RELEASE_VERSION="$(FULL_VERSION)" \
+		GITEA_RELEASE_NAME="$(FULL_VERSION)" \
 		GITEA_RELEASE_COMMITISH_TARGET="$(GIT_VERSION)" \
 		GITEA_RELEASE_IS_DRAFT="false" \
 		GITEA_RELEASE_IS_PRERELEASE="true" \
@@ -82,3 +85,8 @@ tools/gitea-release/bin/gitea-release.sh:
 	mkdir -p tools/gitea-release/bin
 	curl --output tools/gitea-release/bin/gitea-release.sh https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/gitea/gitea-release.sh
 	chmod +x tools/gitea-release/bin/gitea-release.sh
+
+tools/yq/bin/yq:
+	mkdir -p tools/yq/bin
+	curl -L --output tools/yq/bin/yq https://github.com/mikefarah/yq/releases/download/v4.31.1/yq_linux_amd64
+	chmod +x tools/yq/bin/yq

cmd/cli/command/app/run.go

@@ -1,7 +1,9 @@
 package app
 
 import (
+	"context"
 	"encoding/json"
+	"fmt"
 	"io/ioutil"
 	"net/http"
 	"os"
@@ -13,10 +15,13 @@ import (
 	"forge.cadoles.com/arcad/edge/pkg/bus/memory"
 	appHTTP "forge.cadoles.com/arcad/edge/pkg/http"
 	"forge.cadoles.com/arcad/edge/pkg/module"
+	appModule "forge.cadoles.com/arcad/edge/pkg/module/app"
+	appModuleMemory "forge.cadoles.com/arcad/edge/pkg/module/app/memory"
 	"forge.cadoles.com/arcad/edge/pkg/module/auth"
 	authHTTP "forge.cadoles.com/arcad/edge/pkg/module/auth/http"
 	"forge.cadoles.com/arcad/edge/pkg/module/blob"
 	"forge.cadoles.com/arcad/edge/pkg/module/cast"
+	"forge.cadoles.com/arcad/edge/pkg/module/fetch"
 	"forge.cadoles.com/arcad/edge/pkg/module/net"
 	"forge.cadoles.com/arcad/edge/pkg/storage"
 	"forge.cadoles.com/arcad/edge/pkg/storage/sqlite"
@@ -106,6 +111,10 @@ func RunCommand() *cli.Command {
 
 			storageFile := injectAppID(ctx.String("storage-file"), manifest.ID)
 
+			if err := ensureDir(storageFile); err != nil {
+				return errors.WithStack(err)
+			}
+
 			db, err := sqlite.Open(storageFile)
 			if err != nil {
 				return errors.WithStack(err)
@@ -117,7 +126,7 @@ func RunCommand() *cli.Command {
 
 			handler := appHTTP.NewHandler(
 				appHTTP.WithBus(bus),
-				appHTTP.WithServerModules(getServerModules(bus, ds, bs)...),
+				appHTTP.WithServerModules(getServerModules(bus, ds, bs, manifest, address)...),
 			)
 			if err := handler.Load(bundle); err != nil {
 				return errors.Wrap(err, "could not load app bundle")
@@ -158,7 +167,7 @@ func RunCommand() *cli.Command {
 	}
 }
 
-func getServerModules(bus bus.Bus, ds storage.DocumentStore, bs storage.BlobStore) []app.ServerModuleFactory {
+func getServerModules(bus bus.Bus, ds storage.DocumentStore, bs storage.BlobStore, manifest *app.Manifest, address string) []app.ServerModuleFactory {
 	return []app.ServerModuleFactory{
 		module.ContextModuleFactory(),
 		module.ConsoleModuleFactory(),
@@ -190,6 +199,17 @@ func getServerModules(bus bus.Bus, ds storage.DocumentStore, bs storage.BlobStor
 				}
 			},
 		),
+		appModule.ModuleFactory(appModuleMemory.NewRepository(
+			func(ctx context.Context, i app.ID) (string, error) {
+				if strings.HasPrefix(address, ":") {
+					address = "0.0.0.0" + address
+				}
+
+				return fmt.Sprintf("http://%s", address), nil
+			},
+			manifest,
+		)),
+		fetch.ModuleFactory(bus),
 	}
 }
 

doc/apps/client-api/README.md

@@ -51,6 +51,10 @@ Edge.connect().then(() => {
 
 > `TODO`
 
+### `Edge.externalUrl(url: string): string`
+
+Retourne une URL "locale" permettant d'accéder à une ressource externe, en fonction de règles propres à l'application. Voir module [`fetch`](../server-api/fetch.md).
+
 ## Événements
 
 ### `"message"`

doc/apps/server-api/README.md

@@ -20,11 +20,13 @@ function onInit() {
 
 Listes des modules disponibles côté serveur.
 
+- [`app`](./app.md)
 - [`auth`](./auth.md)
 - [`blob`](./blob.md)
 - [`cast`](./cast.md)
 - [`console`](./console.md)
 - [`context`](./context.md)
+- [`fetch`](./fetch.md)
 - [`net`](./net.md)
 - [`rpc`](./rpc.md)
 - [`store`](./store.md)

doc/apps/server-api/app.md

@@ -0,0 +1,57 @@
+# Module `app`
+
+Ce module permet de récupérer des informations sur les applications actives dans l'environnement Edge courant.
+
+## Méthodes
+
+### `app.list(ctx: Context): []Manifest`
+
+Récupère la liste des applications actives.
+
+#### Arguments
+
+- `ctx` **Context** Le contexte d'exécution. Voir la documentation du module [`context`](./context.md)
+
+#### Valeur de retour
+
+Liste des objets `Manifest` décrivant chaque application active.
+
+### `app.get(ctx: Context, appId: string): Manifest`
+
+Récupère les informations de l'application identifiée par `appId`.
+
+#### Arguments
+
+- `ctx` **Context** Le contexte d'exécution. Voir la documentation du module [`context`](./context.md)
+- `appId` **string** Identifiant de l'application
+
+#### Valeur de retour
+
+Objet `Manifest` associé à l'application, ou `null` si aucune application n'a été trouvée correspondant à l'identifiant.
+
+### `app.getUrl(ctx: Context, appId: string): Manifest`
+
+Retourne l'URL permettant d'accéder à l'application identifiée par `appId`.
+
+#### Arguments
+
+- `ctx` **Context** Le contexte d'exécution. Voir la documentation du module [`context`](./context.md)
+- `appId` **string** Identifiant de l'application
+
+#### Valeur de retour
+
+URL associée à l'application, ou `null` si aucune application n'a été trouvée correspondant à l'identifiant.
+
+## Objets
+
+### `Manifest`
+
+```typescript
+interface Manifest {
+    id: string              // Identifiant de l'application
+    version: string         // Version de l'application
+    title: string           // Titre associé à l'application
+    description: string     // Description associée à l'application
+    tags: string[]          // Mots clés associés à l'application
+}
+```

doc/apps/server-api/fetch.md

@@ -0,0 +1,33 @@
+# Module `fetch`
+
+Ce module permet l'accès à des ressources distantes (sur Internet) depuis votre application.
+
+## Fonctions de rappel
+
+Pour permettre aux utilisateurs d'accéder à des ressources distantes, vous devez déclarer la fonction `onClientFetch(ctx: Context, url: string, remoteAddr: string)` dans le fichier `server/main.js` de votre application.
+
+### `onClientFetch(ctx: Context, url: string, remoteAddr: string)`
+
+#### Usage
+
+**Côté client**
+```js
+// Création d'une URL "locale" permettant d'accéder à la ressource distante
+var url = Edge.externalUrl("http://example.com")
+
+// Vous pouvez utiliser l'URL comme attribut `src` d'une balise <img> par exemple
+// ou effectuer une requête fetch() avec celle ci.
+fetch(url).then(res => res.text()).then(content => console.log(content));
+```
+
+**Côté serveur**
+```js
+function onClientFetch(ctx, url, remoteAddr) {
+    // Autoriser la récupération de l'URL demandée ou non
+    // Dans cet exemple, seule l'URL externe 'http://example.com' est autorisée
+    // Les autres URLs recevront une erreur HTTP 403 - Forbidden
+    var authorized = url === "http://example.com"
+
+    return { allow: authorized };
+}
+```

misc/client-sdk-testsuite/src/public/index.html

@@ -25,6 +25,8 @@
     <script src="/test/net-module.js"></script>
     <script src="/test/rpc-module.js"></script>
     <script src="/test/file-module.js"></script>
+    <script src="/test/app-module.js"></script>
+    <script src="/test/fetch-module.js"></script>
     <script class="mocha-exec">
       mocha.run();
     </script>

misc/client-sdk-testsuite/src/public/test/app-module.js

@@ -0,0 +1,37 @@
+describe('App Module', function() {
+
+    before(() => {
+      return Edge.connect();
+    });
+  
+    after(() => {
+      Edge.disconnect();
+    });
+  
+    it('should list apps', function() {
+      return Edge.rpc("listApps")
+        .then(apps => {
+          console.log("listApps result:", apps);
+          chai.assert.isNotNull(apps);
+          chai.assert.isAtLeast(apps.length, 1);
+        })
+    });
+
+    it('should retrieve requested app', function() {
+      return Edge.rpc("getApp", { appId: "edge.sdk.client.test" })
+        .then(app => {
+          console.log("getApp result:", app);
+          chai.assert.isNotNull(app);
+          chai.assert.equal(app.id, "edge.sdk.client.test");
+        })
+    });
+
+    it('should retrieve requested app url', function() {
+      return Edge.rpc("getAppUrl", { appId: "edge.sdk.client.test" })
+        .then(url => {
+          console.log("getAppUrl result:", url);
+          chai.assert.isNotEmpty(url);
+        })
+    });
+  
+});

misc/client-sdk-testsuite/src/public/test/fetch-module.js

@@ -0,0 +1,33 @@
+describe('Fetch Module', function () {
+
+    before(() => {
+        return Edge.connect();
+    });
+
+    after(() => {
+        Edge.disconnect();
+    });
+
+    it('should fetch an authorized external url', function () {
+        var externalUrl = Edge.externalUrl("http://example.com");
+
+        return fetch(externalUrl)
+            .then(res => {
+                chai.assert.equal(res.status, 200)
+                return res.text()
+            })
+            .then(content => {
+                chai.assert.include(content, '<h1>Example Domain</h1>')
+            })
+    });
+
+    it('should not fetch an unauthorized external url', function () {
+        var externalUrl = Edge.externalUrl("https://google.com");
+
+        return fetch(externalUrl)
+            .then(res => {
+                chai.assert.equal(res.status, 403)
+            })
+    });
+
+});

misc/client-sdk-testsuite/src/server/main.js

@@ -11,6 +11,10 @@ function onInit() {
   rpc.register("reset", reset);
   rpc.register("total", total);
   rpc.register("getUserInfo", getUserInfo);
+
+  rpc.register("listApps");
+  rpc.register("getApp");
+  rpc.register("getAppUrl");
 }
 
 // Called for each client message
@@ -80,3 +84,21 @@ function getUserInfo(ctx, params) {
     preferredUsername: preferredUsername,
   };
 }
+
+function listApps(ctx) {
+  return app.list(ctx);
+}
+
+function getApp(ctx, params) {
+  var appId = params.appId;
+  return app.get(ctx, appId);
+}
+
+function getAppUrl(ctx, params) {
+  var appId = params.appId;
+  return app.getUrl(ctx, appId);
+}
+
+function onClientFetch(ctx, url, remoteAddr) {
+  return { allow: url === 'http://example.com' };
+}

pkg/app/app.go

@@ -9,11 +9,11 @@ import (
 type ID string
 
 type Manifest struct {
-	ID          ID       `yaml:"id"`
-	Version     string   `yaml:"version"`
-	Title       string   `yaml:"title"`
-	Description string   `yaml:"description"`
-	Tags        []string `yaml:"tags"`
+	ID          ID       `yaml:"id" json:"id"`
+	Version     string   `yaml:"version" json:"version"`
+	Title       string   `yaml:"title" json:"title"`
+	Description string   `yaml:"description" json:"description"`
+	Tags        []string `yaml:"tags" json:"tags"`
 }
 
 func LoadManifest(b bundle.Bundle) (*Manifest, error) {

pkg/http/fetch.go

@@ -0,0 +1,112 @@
+package http
+
+import (
+	"io"
+	"net/http"
+	"net/url"
+
+	"forge.cadoles.com/arcad/edge/pkg/module"
+	"forge.cadoles.com/arcad/edge/pkg/module/fetch"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/logger"
+)
+
+func (h *Handler) handleAppFetch(w http.ResponseWriter, r *http.Request) {
+	h.mutex.RLock()
+	defer h.mutex.RUnlock()
+
+	ctx := r.Context()
+
+	ctx = module.WithContext(ctx, map[module.ContextKey]any{
+		ContextKeyOriginRequest: r,
+	})
+
+	rawURL := r.URL.Query().Get("url")
+
+	url, err := url.Parse(rawURL)
+	if err != nil {
+		jsonError(w, http.StatusBadRequest, errorCodeBadRequest)
+
+		return
+	}
+
+	requestMsg := fetch.NewMessageFetchRequest(ctx, r.RemoteAddr, url)
+
+	reply, err := h.bus.Request(ctx, requestMsg)
+	if err != nil {
+		logger.Error(ctx, "could not retrieve fetch request reply", logger.E(errors.WithStack(err)))
+		jsonError(w, http.StatusInternalServerError, errorCodeInternalError)
+
+		return
+	}
+
+	logger.Debug(ctx, "fetch reply", logger.F("reply", reply))
+
+	responseMsg, ok := reply.(*fetch.MessageFetchResponse)
+	if !ok {
+		logger.Error(
+			ctx, "unexpected fetch response message",
+			logger.F("message", reply),
+		)
+		jsonError(w, http.StatusInternalServerError, errorCodeInternalError)
+
+		return
+	}
+
+	if !responseMsg.Allow {
+		jsonError(w, http.StatusForbidden, errorCodeForbidden)
+
+		return
+	}
+
+	proxyReq, err := http.NewRequest(http.MethodGet, url.String(), nil)
+	if err != nil {
+		logger.Error(
+			ctx, "could not create proxy request",
+			logger.E(errors.WithStack(err)),
+		)
+		jsonError(w, http.StatusInternalServerError, errorCodeInternalError)
+
+		return
+	}
+
+	for header, values := range r.Header {
+		for _, value := range values {
+			proxyReq.Header.Add(header, value)
+		}
+	}
+
+	proxyReq.Header.Add("X-Forwarded-From", r.RemoteAddr)
+
+	res, err := h.httpClient.Do(proxyReq)
+	if err != nil {
+		logger.Error(
+			ctx, "could not execute proxy request",
+			logger.E(errors.WithStack(err)),
+		)
+		jsonError(w, http.StatusInternalServerError, errorCodeInternalError)
+
+		return
+	}
+
+	defer func() {
+		if err := res.Body.Close(); err != nil {
+			logger.Error(
+				ctx, "could not close response body",
+				logger.E(errors.WithStack(err)),
+			)
+		}
+	}()
+
+	for header, values := range res.Header {
+		for _, value := range values {
+			w.Header().Add(header, value)
+		}
+	}
+
+	w.WriteHeader(res.StatusCode)
+
+	if _, err := io.Copy(w, res.Body); err != nil {
+		panic(errors.WithStack(err))
+	}
+}

pkg/http/handler.go

@@ -31,6 +31,8 @@ type Handler struct {
 	server                *app.Server
 	serverModuleFactories []app.ServerModuleFactory
 
+	httpClient *http.Client
+
 	mutex sync.RWMutex
 }
 
@@ -91,6 +93,7 @@ func NewHandler(funcs ...HandlerOptionFunc) *Handler {
 		sockjsOpts:            opts.SockJS,
 		router:                router,
 		serverModuleFactories: opts.ServerModuleFactories,
+		httpClient:            opts.HTTPClient,
 		bus:                   opts.Bus,
 	}
 
@@ -103,6 +106,8 @@ func NewHandler(funcs ...HandlerOptionFunc) *Handler {
 		r.Route("/api/v1", func(r chi.Router) {
 			r.Post("/upload", handler.handleAppUpload)
 			r.Get("/download/{bucket}/{blobID}", handler.handleAppDownload)
+
+			r.Get("/fetch", handler.handleAppFetch)
 		})
 
 		r.HandleFunc("/sock/*", handler.handleSockJS)

pkg/http/options.go

@@ -1,6 +1,7 @@
 package http
 
 import (
+	"net/http"
 	"time"
 
 	"forge.cadoles.com/arcad/edge/pkg/app"
@@ -14,6 +15,7 @@ type HandlerOptions struct {
 	SockJS                sockjs.Options
 	ServerModuleFactories []app.ServerModuleFactory
 	UploadMaxFileSize     int64
+	HTTPClient            *http.Client
 }
 
 func defaultHandlerOptions() *HandlerOptions {
@@ -27,6 +29,9 @@ func defaultHandlerOptions() *HandlerOptions {
 		SockJS:                sockjsOptions,
 		ServerModuleFactories: make([]app.ServerModuleFactory, 0),
 		UploadMaxFileSize:     10 << (10 * 2), // 10Mb
+		HTTPClient: &http.Client{
+			Timeout: time.Second * 30,
+		},
 	}
 }
 
@@ -55,3 +60,9 @@ func WithUploadMaxFileSize(size int64) HandlerOptionFunc {
 		opts.UploadMaxFileSize = size
 	}
 }
+
+func WithHTTPClient(client *http.Client) HandlerOptionFunc {
+	return func(opts *HandlerOptions) {
+		opts.HTTPClient = client
+	}
+}

pkg/module/app/error.go

@@ -0,0 +1,5 @@
+package app
+
+import "errors"
+
+var ErrNotFound = errors.New("not found")

pkg/module/app/memory/module_test.go

@@ -0,0 +1,58 @@
+package memory
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"testing"
+
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	"forge.cadoles.com/arcad/edge/pkg/module"
+	appModule "forge.cadoles.com/arcad/edge/pkg/module/app"
+	"github.com/pkg/errors"
+)
+
+func TestAppModuleWithMemoryRepository(t *testing.T) {
+	t.Parallel()
+
+	server := app.NewServer(
+		module.ContextModuleFactory(),
+		module.ConsoleModuleFactory(),
+		appModule.ModuleFactory(NewRepository(
+			func(ctx context.Context, id app.ID) (string, error) {
+				return fmt.Sprintf("http//%s.example.com", id), nil
+			},
+			&app.Manifest{
+				ID:          "dummy1.arcad.app",
+				Version:     "0.0.0",
+				Title:       "Dummy 1",
+				Description: "Dummy App 1",
+				Tags:        []string{"dummy", "first"},
+			},
+			&app.Manifest{
+				ID:          "dummy2.arcad.app",
+				Version:     "0.0.0",
+				Title:       "Dummy 2",
+				Description: "Dummy App 2",
+				Tags:        []string{"dummy", "second"},
+			},
+		)),
+	)
+
+	file := "testdata/app.js"
+
+	data, err := ioutil.ReadFile(file)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := server.Load(file, string(data)); err != nil {
+		t.Fatal(err)
+	}
+
+	defer server.Stop()
+
+	if err := server.Start(); err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+}

pkg/module/app/memory/repository.go

@@ -0,0 +1,50 @@
+package memory
+
+import (
+	"context"
+
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	module "forge.cadoles.com/arcad/edge/pkg/module/app"
+	"github.com/pkg/errors"
+)
+
+type GetURLFunc func(context.Context, app.ID) (string, error)
+
+type Repository struct {
+	getURL GetURLFunc
+	apps   []*app.Manifest
+}
+
+// GetURL implements app.Repository
+func (r *Repository) GetURL(ctx context.Context, id app.ID) (string, error) {
+	url, err := r.getURL(ctx, id)
+	if err != nil {
+		return "", errors.WithStack(err)
+	}
+
+	return url, nil
+}
+
+// Get implements app.Repository
+func (r *Repository) Get(ctx context.Context, id app.ID) (*app.Manifest, error) {
+	for _, app := range r.apps {
+		if app.ID != id {
+			continue
+		}
+
+		return app, nil
+	}
+
+	return nil, module.ErrNotFound
+}
+
+// List implements app.Repository
+func (r *Repository) List(ctx context.Context) ([]*app.Manifest, error) {
+	return r.apps, nil
+}
+
+func NewRepository(getURL GetURLFunc, manifests ...*app.Manifest) *Repository {
+	return &Repository{getURL, manifests}
+}
+
+var _ module.Repository = &Repository{}

pkg/module/app/memory/testdata/app.js

@@ -0,0 +1,17 @@
+var ctx = context.new();
+
+var manifests = app.list(ctx);
+
+if (manifests.length !== 2) {
+    throw new Error("apps.length: expected '2', got '"+manifests.length+"'");
+}
+
+var manifest = app.get(ctx, 'dummy2.arcad.app');
+
+if (!manifest) {
+    throw new Error("manifest should not be null");
+}
+
+if (manifest.id !== "dummy2.arcad.app") {
+    throw new Error("manifest.id: expected 'dummy2.arcad.app', got '"+manifest.id+"'");
+}

pkg/module/app/module.go

@@ -0,0 +1,117 @@
+package app
+
+import (
+	"fmt"
+
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	"forge.cadoles.com/arcad/edge/pkg/module/util"
+	"github.com/dop251/goja"
+	"github.com/pkg/errors"
+)
+
+type Module struct {
+	repository Repository
+}
+
+type gojaManifest struct {
+	ID          string   `goja:"id" json:"id"`
+	Version     string   `goja:"version" json:"version"`
+	Title       string   `goja:"title" json:"title"`
+	Description string   `goja:"description" json:"description"`
+	Tags        []string `goja:"tags" json:"tags"`
+}
+
+func toGojaManifest(manifest *app.Manifest) *gojaManifest {
+	return &gojaManifest{
+		ID:          string(manifest.ID),
+		Version:     manifest.Version,
+		Title:       manifest.Title,
+		Description: manifest.Description,
+		Tags:        manifest.Tags,
+	}
+}
+
+func toGojaManifests(manifests []*app.Manifest) []*gojaManifest {
+	gojaManifests := make([]*gojaManifest, len(manifests))
+
+	for i, m := range manifests {
+		gojaManifests[i] = toGojaManifest(m)
+	}
+
+	return gojaManifests
+}
+
+func (m *Module) Name() string {
+	return "app"
+}
+
+func (m *Module) Export(export *goja.Object) {
+	if err := export.Set("list", m.list); err != nil {
+		panic(errors.Wrap(err, "could not set 'list' function"))
+	}
+
+	if err := export.Set("get", m.get); err != nil {
+		panic(errors.Wrap(err, "could not set 'get' function"))
+	}
+
+	if err := export.Set("getUrl", m.getURL); err != nil {
+		panic(errors.Wrap(err, "could not set 'list' function"))
+	}
+}
+
+func (m *Module) list(call goja.FunctionCall, rt *goja.Runtime) goja.Value {
+	ctx := util.AssertContext(call.Argument(0), rt)
+
+	manifests, err := m.repository.List(ctx)
+	if err != nil {
+		panic(rt.ToValue(errors.WithStack(err)))
+	}
+
+	return rt.ToValue(toGojaManifests(manifests))
+}
+
+func (m *Module) get(call goja.FunctionCall, rt *goja.Runtime) goja.Value {
+	ctx := util.AssertContext(call.Argument(0), rt)
+	appID := assertAppID(call.Argument(1), rt)
+
+	manifest, err := m.repository.Get(ctx, appID)
+	if err != nil {
+		panic(rt.ToValue(errors.WithStack(err)))
+	}
+
+	return rt.ToValue(toGojaManifest(manifest))
+}
+
+func (m *Module) getURL(call goja.FunctionCall, rt *goja.Runtime) goja.Value {
+	ctx := util.AssertContext(call.Argument(0), rt)
+	appID := assertAppID(call.Argument(1), rt)
+
+	url, err := m.repository.GetURL(ctx, appID)
+	if err != nil {
+		panic(rt.ToValue(errors.WithStack(err)))
+	}
+
+	return rt.ToValue(url)
+}
+
+func ModuleFactory(repository Repository) app.ServerModuleFactory {
+	return func(server *app.Server) app.ServerModule {
+		return &Module{
+			repository: repository,
+		}
+	}
+}
+
+func assertAppID(value goja.Value, rt *goja.Runtime) app.ID {
+	appID, ok := value.Export().(app.ID)
+	if !ok {
+		rawAppID, ok := value.Export().(string)
+		if !ok {
+			panic(rt.NewTypeError(fmt.Sprintf("app id  must be an appid or a string, got '%T'", value.Export())))
+		}
+
+		appID = app.ID(rawAppID)
+	}
+
+	return appID
+}

pkg/module/app/repository.go

@@ -0,0 +1,13 @@
+package app
+
+import (
+	"context"
+
+	"forge.cadoles.com/arcad/edge/pkg/app"
+)
+
+type Repository interface {
+	List(context.Context) ([]*app.Manifest, error)
+	Get(context.Context, app.ID) (*app.Manifest, error)
+	GetURL(context.Context, app.ID) (string, error)
+}

pkg/module/auth/http/local_handler.go

@@ -33,6 +33,8 @@ type LocalHandler struct {
 	router         chi.Router
 	algo           jwa.KeyAlgorithm
 	key            jwk.Key
+	cookieDomain   string
+	cookieDuration time.Duration
 	accounts       map[string]LocalAccount
 }
 
@@ -119,7 +121,9 @@ func (h *LocalHandler) handleForm(w http.ResponseWriter, r *http.Request) {
 	cookie := http.Cookie{
 		Name:     auth.CookieName,
 		Value:    string(token),
+		Domain:   h.cookieDomain,
 		HttpOnly: false,
+		Expires:  time.Now().Add(h.cookieDuration),
 		Path:     "/",
 	}
 
@@ -134,6 +138,7 @@ func (h *LocalHandler) handleLogout(w http.ResponseWriter, r *http.Request) {
 		Value:    "",
 		HttpOnly: false,
 		Expires:  time.Unix(0, 0),
+		Domain:   h.cookieDomain,
 		Path:     "/",
 	})
 
@@ -168,6 +173,8 @@ func NewLocalHandler(algo jwa.KeyAlgorithm, key jwk.Key, funcs ...LocalHandlerOp
 		algo:           algo,
 		key:            key,
 		accounts:       toAccountsMap(opts.Accounts),
+		cookieDomain:   opts.CookieDomain,
+		cookieDuration: opts.CookieDuration,
 	}
 
 	handler.initRouter(opts.RoutePrefix)

pkg/module/auth/http/options.go

@@ -1,8 +1,12 @@
 package http
 
+import "time"
+
 type LocalHandlerOptions struct {
 	RoutePrefix    string
 	Accounts       []LocalAccount
+	CookieDomain   string
+	CookieDuration time.Duration
 }
 
 type LocalHandlerOptionFunc func(*LocalHandlerOptions)
@@ -11,6 +15,8 @@ func defaultLocalHandlerOptions() *LocalHandlerOptions {
 	return &LocalHandlerOptions{
 		RoutePrefix:    "",
 		Accounts:       make([]LocalAccount, 0),
+		CookieDomain:   "",
+		CookieDuration: 24 * time.Hour,
 	}
 }
 
@@ -25,3 +31,10 @@ func WithRoutePrefix(prefix string) LocalHandlerOptionFunc {
 		opts.RoutePrefix = prefix
 	}
 }
+
+func WithCookieOptions(domain string, duration time.Duration) LocalHandlerOptionFunc {
+	return func(opts *LocalHandlerOptions) {
+		opts.CookieDomain = domain
+		opts.CookieDuration = duration
+	}
+}

pkg/module/auth/jwt.go

@@ -61,6 +61,10 @@ func FindToken(r *http.Request, getKeySet GetKeySetFunc) (jwt.Token, error) {
 		return nil, errors.WithStack(err)
 	}
 
+	if keySet == nil {
+		return nil, errors.New("no keyset")
+	}
+
 	token, err := jwt.Parse([]byte(rawToken),
 		jwt.WithKeySet(keySet, jws.WithRequireKid(false)),
 		jwt.WithValidate(true),

pkg/module/fetch/fetch_message.go

@@ -0,0 +1,49 @@
+package fetch
+
+import (
+	"context"
+	"net/url"
+
+	"forge.cadoles.com/arcad/edge/pkg/bus"
+	"github.com/oklog/ulid/v2"
+)
+
+const (
+	MessageNamespaceFetchRequest  bus.MessageNamespace = "fetchRequest"
+	MessageNamespaceFetchResponse bus.MessageNamespace = "fetchResponse"
+)
+
+type MessageFetchRequest struct {
+	Context    context.Context
+	RequestID  string
+	URL        *url.URL
+	RemoteAddr string
+}
+
+func (m *MessageFetchRequest) MessageNamespace() bus.MessageNamespace {
+	return MessageNamespaceFetchRequest
+}
+
+func NewMessageFetchRequest(ctx context.Context, remoteAddr string, url *url.URL) *MessageFetchRequest {
+	return &MessageFetchRequest{
+		Context:    ctx,
+		RequestID:  ulid.Make().String(),
+		RemoteAddr: remoteAddr,
+		URL:        url,
+	}
+}
+
+type MessageFetchResponse struct {
+	RequestID string
+	Allow     bool
+}
+
+func (m *MessageFetchResponse) MessageNamespace() bus.MessageNamespace {
+	return MessageNamespaceFetchResponse
+}
+
+func NewMessageFetchResponse(requestID string) *MessageFetchResponse {
+	return &MessageFetchResponse{
+		RequestID: requestID,
+	}
+}

pkg/module/fetch/module.go

@@ -0,0 +1,122 @@
+package fetch
+
+import (
+	"context"
+
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	"forge.cadoles.com/arcad/edge/pkg/bus"
+	"github.com/dop251/goja"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/logger"
+)
+
+type Module struct {
+	server *app.Server
+	bus    bus.Bus
+}
+
+func (m *Module) Name() string {
+	return "fetch"
+}
+
+func (m *Module) Export(export *goja.Object) {
+	funcs := map[string]any{
+		"get": m.get,
+	}
+
+	for name, fn := range funcs {
+		if err := export.Set(name, fn); err != nil {
+			panic(errors.Wrapf(err, "could not set '%s' function", name))
+		}
+	}
+}
+
+func (m *Module) get(call goja.FunctionCall, rt *goja.Runtime) goja.Value {
+	// ctx := util.AssertContext(call.Argument(0), rt)
+
+	return nil
+}
+
+func (m *Module) handleMessages() {
+	ctx := context.Background()
+
+	err := m.bus.Reply(ctx, MessageNamespaceFetchRequest, func(msg bus.Message) (bus.Message, error) {
+		fetchRequest, ok := msg.(*MessageFetchRequest)
+		if !ok {
+			return nil, errors.Wrapf(bus.ErrUnexpectedMessage, "expected message fetch request, got '%T'", msg)
+		}
+
+		res, err := m.handleFetchRequest(fetchRequest)
+		if err != nil {
+			logger.Error(ctx, "could not handle fetch request", logger.E(errors.WithStack(err)))
+
+			return nil, errors.WithStack(err)
+		}
+
+		logger.Debug(ctx, "fetch request response", logger.F("response", res))
+
+		return res, nil
+	})
+	if err != nil {
+		panic(errors.WithStack(err))
+	}
+}
+
+func (m *Module) handleFetchRequest(req *MessageFetchRequest) (*MessageFetchResponse, error) {
+	res := NewMessageFetchResponse(req.RequestID)
+
+	ctx := logger.With(
+		req.Context,
+		logger.F("url", req.URL.String()),
+		logger.F("remoteAddr", req.RemoteAddr),
+		logger.F("requestID", req.RequestID),
+	)
+
+	rawResult, err := m.server.ExecFuncByName(ctx, "onClientFetch", ctx, req.URL.String(), req.RemoteAddr)
+	if err != nil {
+		if errors.Is(err, app.ErrFuncDoesNotExist) {
+			res.Allow = false
+
+			return res, nil
+		}
+
+		return nil, errors.WithStack(err)
+	}
+
+	result, ok := rawResult.Export().(map[string]interface{})
+	if !ok {
+		return nil, errors.Errorf(
+			"unexpected onClientFetch result: expected 'map[string]interface{}', got '%T'",
+			rawResult.Export(),
+		)
+	}
+
+	var allow bool
+
+	rawAllow, exists := result["allow"]
+	if !exists {
+		allow = false
+	} else {
+		allow, ok = rawAllow.(bool)
+		if !ok {
+			return nil, errors.Errorf("invalid 'allow' result property: got type '%T', expected type '%T'", rawAllow, false)
+		}
+	}
+
+	res.Allow = allow
+
+	return res, nil
+}
+
+func ModuleFactory(bus bus.Bus) app.ServerModuleFactory {
+	return func(server *app.Server) app.ServerModule {
+		mod := &Module{
+			bus:    bus,
+			server: server,
+		}
+
+		go mod.handleMessages()
+
+		return mod
+	}
+}

pkg/module/fetch/module_test.go

@@ -0,0 +1,78 @@
+package fetch
+
+import (
+	"context"
+	"io/ioutil"
+	"net/url"
+	"testing"
+
+	"cdr.dev/slog"
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	"forge.cadoles.com/arcad/edge/pkg/bus/memory"
+	"forge.cadoles.com/arcad/edge/pkg/module"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/logger"
+)
+
+func TestFetchModule(t *testing.T) {
+	t.Parallel()
+
+	logger.SetLevel(slog.LevelDebug)
+
+	bus := memory.NewBus()
+
+	server := app.NewServer(
+		module.ContextModuleFactory(),
+		module.ConsoleModuleFactory(),
+		ModuleFactory(bus),
+	)
+
+	data, err := ioutil.ReadFile("testdata/fetch.js")
+	if err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	if err := server.Load("testdata/fetch.js", string(data)); err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	defer server.Stop()
+
+	if err := server.Start(); err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	ctx := context.Background()
+	remoteAddr := "127.0.0.1"
+	url, _ := url.Parse("http://example.com")
+
+	rawReply, err := bus.Request(ctx, NewMessageFetchRequest(ctx, remoteAddr, url))
+	if err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	reply, ok := rawReply.(*MessageFetchResponse)
+	if !ok {
+		t.Fatalf("unexpected reply type '%T'", rawReply)
+	}
+
+	if e, g := true, reply.Allow; e != g {
+		t.Errorf("reply.Allow: expected '%v', got '%v'", e, g)
+	}
+
+	url, _ = url.Parse("https://google.com")
+
+	rawReply, err = bus.Request(ctx, NewMessageFetchRequest(ctx, remoteAddr, url))
+	if err != nil {
+		t.Fatalf("%+v", errors.WithStack(err))
+	}
+
+	reply, ok = rawReply.(*MessageFetchResponse)
+	if !ok {
+		t.Fatalf("unexpected reply type '%T'", rawReply)
+	}
+
+	if e, g := false, reply.Allow; e != g {
+		t.Errorf("reply.Allow: expected '%v', got '%v'", e, g)
+	}
+}

pkg/module/fetch/testdata/fetch.js

@@ -0,0 +1,7 @@
+
+var ctx = context.new();
+
+function onClientFetch(ctx, url, remoteAddr) {
+    if (url === 'http://example.com') return { allow: true };
+    return { allow: false };
+}

pkg/proxy/host_filter.go

@@ -1,29 +0,0 @@
-package proxy
-
-import (
-	"net/http"
-
-	"forge.cadoles.com/arcad/edge/pkg/proxy/wildcard"
-)
-
-func FilterHosts(allowedHostPatterns ...string) Middleware {
-	return func(h http.Handler) http.Handler {
-		fn := func(w http.ResponseWriter, r *http.Request) {
-			if matches := wildcard.MatchAny(r.Host, allowedHostPatterns...); !matches {
-				http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
-
-				return
-			}
-
-			h.ServeHTTP(w, r)
-		}
-
-		return http.HandlerFunc(fn)
-	}
-}
-
-func WithAllowedHosts(allowedHostPatterns ...string) OptionFunc {
-	return func(o *Options) {
-		o.Middlewares = append(o.Middlewares, FilterHosts(allowedHostPatterns...))
-	}
-}

pkg/proxy/host_rewrite.go

@@ -1,65 +0,0 @@
-package proxy
-
-import (
-	"net/http"
-	"net/url"
-	"sort"
-
-	"forge.cadoles.com/arcad/edge/pkg/proxy/wildcard"
-	"gitlab.com/wpetit/goweb/logger"
-)
-
-func RewriteHosts(mappings map[string]*url.URL) Middleware {
-	patterns := make([]string, len(mappings))
-
-	for p := range mappings {
-		patterns = append(patterns, p)
-	}
-
-	sort.Strings(patterns)
-
-	return func(h http.Handler) http.Handler {
-		fn := func(w http.ResponseWriter, r *http.Request) {
-			ctx := r.Context()
-
-			var match *url.URL
-
-			for _, p := range patterns {
-				logger.Debug(ctx, "matching host to pattern", logger.F("host", r.Host), logger.F("pattern", p))
-
-				if matches := wildcard.Match(r.Host, p); !matches {
-					continue
-				}
-
-				match = mappings[p]
-				break
-			}
-
-			if match == nil {
-				h.ServeHTTP(w, r)
-
-				return
-			}
-
-			ctx = logger.With(ctx, logger.F("originalHost", r.Host))
-			r = r.WithContext(ctx)
-
-			originalURL := r.URL.String()
-
-			r.URL.Host = match.Host
-			r.URL.Scheme = match.Scheme
-
-			logger.Debug(ctx, "rewriting url", logger.F("from", originalURL), logger.F("to", r.URL.String()))
-
-			h.ServeHTTP(w, r)
-		}
-
-		return http.HandlerFunc(fn)
-	}
-}
-
-func WithRewriteHosts(mappings map[string]*url.URL) OptionFunc {
-	return func(o *Options) {
-		o.Middlewares = append(o.Middlewares, RewriteHosts(mappings))
-	}
-}

pkg/proxy/middleware.go

@@ -1,33 +0,0 @@
-package proxy
-
-import "net/http"
-
-type Middleware func(h http.Handler) http.Handler
-
-type ProxyResponseTransformer interface {
-	TransformResponse(*http.Response) error
-}
-
-type defaultProxyResponseTransformer struct{}
-
-// TransformResponse implements ProxyResponseTransformer
-func (*defaultProxyResponseTransformer) TransformResponse(*http.Response) error {
-	return nil
-}
-
-var _ ProxyResponseTransformer = &defaultProxyResponseTransformer{}
-
-type ProxyResponseMiddleware func(ProxyResponseTransformer) ProxyResponseTransformer
-
-type ProxyRequestTransformer interface {
-	TransformRequest(*http.Request)
-}
-
-type ProxyRequestMiddleware func(ProxyRequestTransformer) ProxyRequestTransformer
-
-type defaultProxyRequestTransformer struct{}
-
-// TransformRequest implements ProxyRequestTransformer
-func (*defaultProxyRequestTransformer) TransformRequest(*http.Request) {}
-
-var _ ProxyRequestTransformer = &defaultProxyRequestTransformer{}

pkg/proxy/options.go

@@ -1,29 +0,0 @@
-package proxy
-
-type Options struct {
-	Middlewares              []Middleware
-	ProxyRequestMiddlewares  []ProxyRequestMiddleware
-	ProxyResponseMiddlewares []ProxyResponseMiddleware
-}
-
-func defaultOptions() *Options {
-	return &Options{
-		Middlewares:              make([]Middleware, 0),
-		ProxyRequestMiddlewares:  make([]ProxyRequestMiddleware, 0),
-		ProxyResponseMiddlewares: make([]ProxyResponseMiddleware, 0),
-	}
-}
-
-type OptionFunc func(*Options)
-
-func WithProxyRequestMiddlewares(middlewares ...ProxyRequestMiddleware) OptionFunc {
-	return func(o *Options) {
-		o.ProxyRequestMiddlewares = middlewares
-	}
-}
-
-func WithproxyResponseMiddlewares(middlewares ...ProxyResponseMiddleware) OptionFunc {
-	return func(o *Options) {
-		o.ProxyResponseMiddlewares = middlewares
-	}
-}

pkg/proxy/proxy.go

@@ -1,131 +0,0 @@
-package proxy
-
-import (
-	"fmt"
-	"net/http"
-	"net/http/httputil"
-	"net/url"
-	"sync"
-
-	"github.com/pkg/errors"
-	"gitlab.com/wpetit/goweb/logger"
-)
-
-type Proxy struct {
-	reversers                sync.Map
-	handler                  http.Handler
-	proxyResponseTransformer ProxyResponseTransformer
-	proxyRequestTransformer  ProxyRequestTransformer
-}
-
-// ServeHTTP implements http.Handler
-func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	p.handler.ServeHTTP(w, r)
-}
-
-func (p *Proxy) proxyRequest(w http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-
-	var reverser *httputil.ReverseProxy
-
-	key := fmt.Sprintf("%s://%s", r.URL.Scheme, r.URL.Host)
-
-	createAndStore := func() {
-		target := &url.URL{
-			Scheme: r.URL.Scheme,
-			Host:   r.URL.Host,
-		}
-
-		reverser = httputil.NewSingleHostReverseProxy(target)
-
-		originalDirector := reverser.Director
-
-		if p.proxyRequestTransformer != nil {
-			reverser.Director = func(r *http.Request) {
-				originalURL := r.URL.String()
-				originalDirector(r)
-				p.proxyRequestTransformer.TransformRequest(r)
-				logger.Debug(ctx, "proxying request", logger.F("targetURL", r.URL.String()), logger.F("originalURL", originalURL))
-			}
-		}
-
-		if p.proxyResponseTransformer != nil {
-			reverser.ModifyResponse = func(r *http.Response) error {
-				if err := p.proxyResponseTransformer.TransformResponse(r); err != nil {
-					return errors.WithStack(err)
-				}
-
-				return nil
-			}
-		}
-
-		p.reversers.Store(key, reverser)
-	}
-
-	raw, exists := p.reversers.Load(key)
-	if !exists {
-		createAndStore()
-	}
-
-	reverser, ok := raw.(*httputil.ReverseProxy)
-	if !ok {
-		createAndStore()
-	}
-
-	reverser.ServeHTTP(w, r)
-}
-
-func New(funcs ...OptionFunc) *Proxy {
-	opts := defaultOptions()
-	for _, fn := range funcs {
-		fn(opts)
-	}
-
-	proxy := &Proxy{}
-
-	handler := http.HandlerFunc(proxy.proxyRequest)
-	proxy.handler = createMiddlewareChain(handler, opts.Middlewares)
-
-	proxy.proxyRequestTransformer = createProxyRequestChain(&defaultProxyRequestTransformer{}, opts.ProxyRequestMiddlewares)
-	proxy.proxyResponseTransformer = createProxyResponseChain(&defaultProxyResponseTransformer{}, opts.ProxyResponseMiddlewares)
-
-	return proxy
-}
-
-var _ http.Handler = &Proxy{}
-
-func createMiddlewareChain(handler http.Handler, middlewares []Middleware) http.Handler {
-	reverse(middlewares)
-
-	for _, m := range middlewares {
-		handler = m(handler)
-	}
-
-	return handler
-}
-
-func createProxyResponseChain(transformer ProxyResponseTransformer, middlewares []ProxyResponseMiddleware) ProxyResponseTransformer {
-	reverse(middlewares)
-
-	for _, m := range middlewares {
-		transformer = m(transformer)
-	}
-
-	return transformer
-}
-
-func createProxyRequestChain(transformer ProxyRequestTransformer, middlewares []ProxyRequestMiddleware) ProxyRequestTransformer {
-	reverse(middlewares)
-
-	for _, m := range middlewares {
-		transformer = m(transformer)
-	}
-
-	return transformer
-}
-
-func reverse[S ~[]E, E any](s S) {
-	for i, j := 0, len(s)-1; i < j; i, j = i+1, j-1 {
-		s[i], s[j] = s[j], s[i]
-	}
-}

pkg/proxy/wildcard/match.go

@@ -1,44 +0,0 @@
-package wildcard
-
-const wildcard = '*'
-
-func Match(str, pattern string) bool {
-	if pattern == "" {
-		return str == pattern
-	}
-
-	if pattern == string(wildcard) {
-		return true
-	}
-
-	return deepMatchRune([]rune(str), []rune(pattern))
-}
-
-func MatchAny(str string, patterns ...string) bool {
-	for _, p := range patterns {
-		if matches := Match(str, p); matches {
-			return matches
-		}
-	}
-
-	return false
-}
-
-func deepMatchRune(str, pattern []rune) bool {
-	for len(pattern) > 0 {
-		switch pattern[0] {
-		default:
-			if len(str) == 0 || str[0] != pattern[0] {
-				return false
-			}
-		case wildcard:
-			return deepMatchRune(str, pattern[1:]) ||
-				(len(str) > 0 && deepMatchRune(str[1:], pattern))
-		}
-
-		str = str[1:]
-		pattern = pattern[1:]
-	}
-
-	return len(str) == 0 && len(pattern) == 0
-}

pkg/sdk/client/dist/client.js

@@ -4084,6 +4084,9 @@ var Edge = (() => {
     blobUrl(bucket, blobId) {
       return `/edge/api/v1/download/${bucket}/${blobId}`;
     }
+    externalUrl(url) {
+      return `/edge/api/v1/fetch?url=${encodeURIComponent(url)}`;
+    }
   };
 
   // pkg/sdk/client/src/index.ts

pkg/sdk/client/src/client.ts

@@ -264,7 +264,11 @@ export class Client extends EventTarget {
     });
   }
 
-  blobUrl(bucket: string, blobId: string) {
+  blobUrl(bucket: string, blobId: string): string {
     return `/edge/api/v1/download/${bucket}/${blobId}`;
   }
+
+  externalUrl(url: string): string {
+    return `/edge/api/v1/fetch?url=${encodeURIComponent(url)}`
+  }
 }