fix(client,sdk): accept empty token from parent frame

Jenkinsfile

@@ -0,0 +1,49 @@
+@Library('cadoles') _
+
+pipeline {
+    agent {
+        dockerfile {
+            label 'docker'
+            filename 'Dockerfile'
+            dir 'misc/jenkins'
+        }
+    }
+
+    stages {
+        stage('Run unit tests') {
+            steps {
+                script {
+                    sh 'make GOTEST_ARGS="-timeout 10m -count=1 -v" test'
+                }
+            }
+        }
+
+        stage('Release') {
+            when {
+                anyOf {
+                    branch 'master'
+                    branch 'develop'
+                }
+            }
+            steps {
+                script {
+                    withCredentials([
+                        usernamePassword([
+                            credentialsId: 'forge-jenkins',
+                            usernameVariable: 'GITEA_RELEASE_USERNAME',
+                            passwordVariable: 'GITEA_RELEASE_PASSWORD'
+                        ])
+                    ]) {
+                        sh 'make gitea-release'
+                    }
+                }
+            }
+        }
+    }
+
+    post {
+        always {
+            cleanWs()
+        }
+    }
+}

Makefile

@@ -2,7 +2,7 @@ LINT_ARGS ?= --timeout 5m
 GITCHLOG_ARGS ?=
 SHELL := /bin/bash
 
-GOTEST_ARGS ?= -short
+GOTEST_ARGS ?= -short -timeout 60s
 
 ESBUILD_VERSION ?= v0.17.5
 
@@ -10,7 +10,7 @@ GIT_VERSION := $(shell git describe --always)
 DATE_VERSION := $(shell date +%Y.%-m.%-d)
 FULL_VERSION := v$(DATE_VERSION)-$(GIT_VERSION)$(if $(shell git diff --stat),-dirty,)
 
-build: build-edge-cli
+build: build-edge-cli build-client-sdk-test-app
 
 watch:
 	go run -mod=readonly github.com/cortesi/modd/cmd/modd@latest
@@ -30,10 +30,12 @@ build-edge-cli: build-sdk
 		-o ./bin/cli \
 		./cmd/cli
 
+build-client-sdk-test-app:
+	cd misc/client-sdk-testsuite && $(MAKE) dist
+
 install-git-hooks:
 	git config core.hooksPath .githooks
 
-
 tools/esbuild/bin/esbuild:
 	mkdir -p tools/esbuild/bin
 	curl -fsSL https://esbuild.github.io/dl/$(ESBUILD_VERSION) | sh
@@ -53,7 +55,7 @@ pkg/sdk/client/dist/client.js: tools/esbuild/bin/esbuild node_modules
 		--global-name=Edge \
 		--define:global=window \
 		--platform=browser \
-		--footer:js="Edge=Edge.default;" \
+		--footer:js="EdgeFrame=Edge.crossFrameMessenger;Edge=Edge.client" \
 		--outfile=pkg/sdk/client/dist/client.js
 
 node_modules:

cmd/cli/command/app/common.go

@@ -0,0 +1,11 @@
+package app
+
+import (
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	"forge.cadoles.com/arcad/edge/pkg/app/metadata"
+)
+
+var manifestMetadataValidators = []app.MetadataValidator{
+	metadata.WithMinimumRoleValidator("visitor", "user", "superuser", "admin", "superadmin"),
+	metadata.WithNamedPathsValidator(metadata.NamedPathAdmin, metadata.NamedPathIcon),
+}

cmd/cli/command/app/package.go

@@ -52,6 +52,10 @@ func PackageCommand() *cli.Command {
 				return errors.Wrap(err, "could not load app manifest")
 			}
 
+			if valid, err := manifest.Validate(manifestMetadataValidators...); !valid {
+				return errors.Wrap(err, "invalid app manifest")
+			}
+
 			if err := os.MkdirAll(outputDir, 0o755); err != nil {
 				return errors.Wrapf(err, "could not create directory ''%s'", outputDir)
 			}

cmd/cli/command/app/run.go

@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
+	"net"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -22,7 +23,7 @@ import (
 	"forge.cadoles.com/arcad/edge/pkg/module/blob"
 	"forge.cadoles.com/arcad/edge/pkg/module/cast"
 	"forge.cadoles.com/arcad/edge/pkg/module/fetch"
-	"forge.cadoles.com/arcad/edge/pkg/module/net"
+	netModule "forge.cadoles.com/arcad/edge/pkg/module/net"
 	"forge.cadoles.com/arcad/edge/pkg/storage"
 	"forge.cadoles.com/arcad/edge/pkg/storage/sqlite"
 	"gitlab.com/wpetit/goweb/logger"
@@ -72,7 +73,7 @@ func RunCommand() *cli.Command {
 			&cli.StringFlag{
 				Name:  "storage-file",
 				Usage: "use `FILE` for SQLite storage database",
-				Value: ".edge/%APPID%/data.sqlite",
+				Value: ".edge/%APPID%/data.sqlite?_pragma=foreign_keys(1)&_pragma=busy_timeout=60000",
 			},
 			&cli.StringFlag{
 				Name:  "accounts-file",
@@ -109,6 +110,10 @@ func RunCommand() *cli.Command {
 				return errors.Wrap(err, "could not load manifest from app bundle")
 			}
 
+			if valid, err := manifest.Validate(manifestMetadataValidators...); !valid {
+				return errors.Wrap(err, "invalid app manifest")
+			}
+
 			storageFile := injectAppID(ctx.String("storage-file"), manifest.ID)
 
 			if err := ensureDir(storageFile); err != nil {
@@ -173,7 +178,7 @@ func getServerModules(bus bus.Bus, ds storage.DocumentStore, bs storage.BlobStor
 		module.ConsoleModuleFactory(),
 		cast.CastModuleFactory(),
 		module.LifecycleModuleFactory(),
-		net.ModuleFactory(bus),
+		netModule.ModuleFactory(bus),
 		module.RPCModuleFactory(bus),
 		module.StoreModuleFactory(ds),
 		blob.ModuleFactory(bus, bs),
@@ -201,11 +206,22 @@ func getServerModules(bus bus.Bus, ds storage.DocumentStore, bs storage.BlobStor
 		),
 		appModule.ModuleFactory(appModuleMemory.NewRepository(
 			func(ctx context.Context, id app.ID, from string) (string, error) {
-				if strings.HasPrefix(address, ":") {
+				addr := address
-					address = "0.0.0.0" + address
+				if strings.HasPrefix(addr, ":") {
+					addr = "0.0.0.0" + addr
 				}
 
-				return fmt.Sprintf("http://%s", address), nil
+				host, port, err := net.SplitHostPort(addr)
+				if err != nil {
+					return "", errors.WithStack(err)
+				}
+
+				addr, err = findMatchingDeviceAddress(ctx, from, host)
+				if err != nil {
+					return "", errors.WithStack(err)
+				}
+
+				return fmt.Sprintf("http://%s:%s", addr, port), nil
 			},
 			manifest,
 		)),
@@ -284,3 +300,52 @@ func loadLocalAccounts(path string) ([]authHTTP.LocalAccount, error) {
 
 	return accounts, nil
 }
+
+func findMatchingDeviceAddress(ctx context.Context, from string, defaultAddr string) (string, error) {
+	if from == "" {
+		return defaultAddr, nil
+	}
+
+	fromIP := net.ParseIP(from)
+
+	if fromIP == nil {
+		return defaultAddr, nil
+	}
+
+	ifaces, err := net.Interfaces()
+	if err != nil {
+		return "", errors.WithStack(err)
+	}
+
+	for _, ifa := range ifaces {
+		addrs, err := ifa.Addrs()
+		if err != nil {
+			logger.Error(
+				ctx, "could not retrieve iface adresses",
+				logger.E(errors.WithStack(err)), logger.F("iface", ifa.Name),
+			)
+
+			continue
+		}
+
+		for _, addr := range addrs {
+			ip, network, err := net.ParseCIDR(addr.String())
+			if err != nil {
+				logger.Error(
+					ctx, "could not parse address",
+					logger.E(errors.WithStack(err)), logger.F("address", addr.String()),
+				)
+
+				continue
+			}
+
+			if !network.Contains(fromIP) {
+				continue
+			}
+
+			return ip.String(), nil
+		}
+	}
+
+	return defaultAddr, nil
+}

doc/README.md

@@ -6,6 +6,7 @@ Une **Edge App** est une application capable de s'exécuter dans un environnemen
 
 ### Référence
 
+- [Fichier `manifest.yml`](./apps/manifest.md)
 - [API Client](./apps/client-api/README.md)
 - [API Serveur](./apps/server-api/README.md)
 

doc/apps/client-api/README.md

@@ -1,68 +1,14 @@
 # API Client
 
-## Méthodes
+## Usage
 
-### `Edge.connect(): Promise`
+Afin de pouvoir utiliser le SDK "client", vous devez inclure dans la page HTML de votre application la balise `<script>` suivante:
 
-> `TODO`
+```html
-
+<script src="/edge/sdk/client.js"></script>
-### `Edge.disconnect(): void`
-
-> `TODO`
-
-
-### `Edge.send(message: Object): void`
-
-> `TODO`
-
-
-### `Edge.rpc(method: string, params: Object): Promise`
-
-> `TODO`
-#### Exemple
-
-**Côté serveur**
-
-```js
-function onInit() {
-    rpc.register(echo);
-}
-
-function echo(ctx, params) {
-    return params;
-}
 ```
 
-**Côté client**
+Vous pourrez ensuite accéder aux variables globales suivantes:
 
-```js
+- [`Edge`](./edge.md) - Client principal d'échange avec le serveur 
-Edge.connect().then(() => {
+- [`EdgeFrame`](./edge-frame.md)
-    Edge.rpc("echo", { hello: "world!" })
-        .then(result => console.log(result))
-        .catch(err => console.error(err));
-});
-```
-
-### `Edge.upload(blob: Blob, metadata: Object): Promise`
-
-> `TODO`
-
-### `Edge.blobUrl(bucketName: string, blobId: string): string`
-
-> `TODO`
-
-### `Edge.externalUrl(url: string): string`
-
-Retourne une URL "locale" permettant d'accéder à une ressource externe, en fonction de règles propres à l'application. Voir module [`fetch`](../server-api/fetch.md).
-
-## Événements
-
-### `"message"`
-
-> `TODO`
-
-#### Exemple
-
-```js
-Edge.addEventListener("message", evt => console.log(evt.detail));
-```

doc/apps/client-api/edge-frame.md

@@ -0,0 +1,30 @@
+# `EdgeFrame`
+
+## Méthodes
+
+### `EdgeFrame.addEventListener(name: string, listener: (event) => void)`
+
+> `TODO`
+
+## Événements
+
+### `"title_changed"`
+
+```typescript
+interface TitleChangedEvent {
+    detail: {
+        title: string
+    }
+}
+```
+
+### `"size_changed"`
+
+```typescript
+interface SizeChangedEvent {
+    detail: {
+        width: number
+        height: number
+    }
+}
+```

doc/apps/client-api/edge.md

@@ -0,0 +1,68 @@
+# `Edge`
+
+## Méthodes
+
+### `Edge.connect(): Promise`
+
+> `TODO`
+
+### `Edge.disconnect(): void`
+
+> `TODO`
+
+
+### `Edge.send(message: Object): void`
+
+> `TODO`
+
+
+### `Edge.rpc(method: string, params: Object): Promise`
+
+> `TODO`
+#### Exemple
+
+**Côté serveur**
+
+```js
+function onInit() {
+    rpc.register(echo);
+}
+
+function echo(ctx, params) {
+    return params;
+}
+```
+
+**Côté client**
+
+```js
+Edge.connect().then(() => {
+    Edge.rpc("echo", { hello: "world!" })
+        .then(result => console.log(result))
+        .catch(err => console.error(err));
+});
+```
+
+### `Edge.upload(blob: Blob, metadata: Object): Promise`
+
+> `TODO`
+
+### `Edge.blobUrl(bucketName: string, blobId: string): string`
+
+> `TODO`
+
+### `Edge.externalUrl(url: string): string`
+
+Retourne une URL "locale" permettant d'accéder à une ressource externe, en fonction de règles propres à l'application. Voir module [`fetch`](../server-api/fetch.md).
+
+## Événements
+
+### `"message"`
+
+> `TODO`
+
+#### Exemple
+
+```js
+Edge.addEventListener("message", evt => console.log(evt.detail));
+```

doc/apps/manifest.md

@@ -0,0 +1,36 @@
+# Le fichier `manifest.yml`
+
+Le fichier `manifest.yml` à la racine du bundle de votre application contient des informations décrivant celles ci. Vous trouverez ci dessous un exemple commenté.
+
+```yaml
+# REQUIS - L'identifiant de votre application. Il doit être globalement unique. 
+# Un identifiant du type nom de domaine inversé est en général conseillé (ex: tld.mycompany.myapp)
+id: tld.mycompany.myapp
+
+# REQUIS - Le numéro de version de votre application
+# Celui ci devrait respecter le format "semver 2" (voir https://semver.org/)
+version: 0.0.0
+
+# REQUIS - Le titre de votre application.
+title: My App
+
+# OPTIONNEL - Les mots-clés associés à votre applications.
+tags: ["chat"]
+
+# OPTIONNEL - La description de votre application.
+# Vous pouvez utiliser la syntaxe Markdown pour la mettre en forme.
+description: |>
+    A simple demo application
+
+# OPTIONNEL - Métadonnées associées à l'application
+metadata:
+    # OPTIONNEL - Liste des chemins permettant d'accéder à certains URLs identifiées (page d'administration, icône si existante, etc)
+    paths:
+        # Si défini, chemin vers la page d'administration de l'application
+        admin: /admin
+        # Si défini, chemin vers l'icône associée à l'application
+        icon: /my-app-icon.png
+
+    # OPTIONNEL - Role minimum requis pour pouvoir accéder à l'application 
+    minimumRole: visitor
+```

doc/apps/my-first-app.md

@@ -22,23 +22,7 @@ my-app
 
 Ce fichier est le manifeste de votre application. Il permet au serveur d'identifier celle ci et de récupérer des informations la concernant.
 
-```yaml
+[Voir le fichier `manifest.yml` d'exemple](./manifest.md)
----
-# L'identifiant de votre application. Il doit être globalement unique. 
-# Un identifiant du type nom de domaine inversé est en général conseillé (ex: tld.mycompany.myapp)
-id: tld.mycompany.myapp
-
-# Le titre de votre application.
-title: My App
-
-# Les mots-clés associés à votre applications.
-tags: ["chat"]
-
-# La description de votre application.
-# Vous pouvez utiliser la syntaxe Markdown pour la mettre en forme.
-description: |>
-    A simple demo application
-```
 
 ## 4. Créer la page d'accueil
 

doc/apps/server-api/app.md

@@ -29,7 +29,7 @@ Récupère les informations de l'application identifiée par `appId`.
 
 Objet `Manifest` associé à l'application, ou `null` si aucune application n'a été trouvée correspondant à l'identifiant.
 
-### `app.getUrl(ctx: Context, appId: string): Manifest`
+### `app.getUrl(ctx: Context, appId: string, from: string = ''): Manifest`
 
 Retourne l'URL permettant d'accéder à l'application identifiée par `appId`.
 
@@ -37,6 +37,7 @@ Retourne l'URL permettant d'accéder à l'application identifiée par `appId`.
 
 - `ctx` **Context** Le contexte d'exécution. Voir la documentation du module [`context`](./context.md)
 - `appId` **string** Identifiant de l'application
+- `from` **string** Adresse IP qui accédera à l'application (permet de générer la bonne URL vis à vis du réseau d'origine)
 
 #### Valeur de retour
 
@@ -53,5 +54,6 @@ interface Manifest {
     title: string                       // Titre associé à l'application
     description: string                 // Description associée à l'application
     tags: string[]                      // Mots clés associés à l'application
+    metadata: { [key: string]: any }    // Métadonnées associées à l'application. Voir ../manifest.md
 }
 ```

misc/client-sdk-testsuite/src/manifest.yml

@@ -5,3 +5,8 @@ version: 0.0.0
 description: |
   Suite de tests pour le SDK client
 tags: ["test"]
+
+metadata:
+  paths:
+    icon: /icon.png
+  minimumRole: visitor

misc/client-sdk-testsuite/src/public/index.html

@@ -4,6 +4,7 @@
     <meta charset="utf-8" />
     <title>Client SDK Test suite</title>
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <link rel="icon" type="image/png" href="/icon.png">
     <link rel="stylesheet" href="/vendor/mocha.css" />
     <style>
       body {

misc/client-sdk-testsuite/src/public/test/app-module.js

@@ -26,7 +26,7 @@ describe('App Module', function() {
         })
     });
 
-    it('should retrieve requested app url', function() {
+    it('should retrieve requested app url without from address', function() {
       return Edge.rpc("getAppUrl", { appId: "edge.sdk.client.test" })
         .then(url => {
           console.log("getAppUrl result:", url);
@@ -34,4 +34,12 @@ describe('App Module', function() {
         })
     });
 
+    it('should retrieve requested app url with from address', function() {
+      return Edge.rpc("getAppUrl", { appId: "edge.sdk.client.test", from: "127.0.0.2" })
+        .then(url => {
+          console.log("getAppUrl result:", url);
+          chai.assert.isNotEmpty(url);
+        })
+    });
+  
 });

misc/client-sdk-testsuite/src/public/test/client-sdk.js

@@ -1,4 +1,5 @@
 Edge.debug = true;
+EdgeFrame.debug = true;
 
 describe('Edge', function() {
 

misc/client-sdk-testsuite/src/public/test/rpc-module.js

@@ -38,7 +38,7 @@ describe('Remote Procedure Call', function () {
 
 
     it('should call the add() method repetitively and keep count of the sent values', function () {
-        this.timeout(10000);
+        this.timeout(30000);
 
         const values = [];
         for (let i = 0; i <= 1000; i++) {

misc/client-sdk-testsuite/src/server/main.js

@@ -96,7 +96,9 @@ function getApp(ctx, params) {
 
 function getAppUrl(ctx, params) {
   var appId = params.appId;
-  return app.getUrl(ctx, appId);
+  var from = params.from;
+
+  return app.getUrl(ctx, appId, from ? from : '');
 }
 
 function onClientFetch(ctx, url, remoteAddr) {

misc/jenkins/Dockerfile

@@ -0,0 +1,28 @@
+FROM reg.cadoles.com/proxy_cache/library/ubuntu:22.04
+
+ARG HTTP_PROXY=
+ARG HTTPS_PROXY=
+ARG http_proxy=
+ARG https_proxy=
+ARG GO_VERSION=1.19.2
+
+# Install dev environment dependencies
+RUN export DEBIAN_FRONTEND=noninteractive &&\
+    apt-get update -y &&\
+    apt-get install -y --no-install-recommends curl ca-certificates build-essential wget unzip tar git jq
+
+# Install Go
+RUN mkdir -p /tmp \
+    && wget -O /tmp/go${GO_VERSION}.linux-amd64.tar.gz https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz \
+    && rm -rf /usr/local/go \
+    && mkdir -p /usr/local \
+    && tar -C /usr/local -xzf /tmp/go${GO_VERSION}.linux-amd64.tar.gz
+
+ENV PATH="${PATH}:/usr/local/go/bin"
+
+# Add LetsEncrypt certificates
+RUN curl -k https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash
+
+# Install NodeJS
+RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash - \
+    && apt-get install -y nodejs

modd.conf

@@ -8,6 +8,6 @@ modd.conf
     prep: make build-sdk
     prep: cd misc/client-sdk-testsuite && make dist
     prep: make build
-    # prep: make GOTEST_ARGS="-short" test
+    prep: make GOTEST_ARGS="-short" test
     daemon: bin/cli app run -p misc/client-sdk-testsuite/dist
 }

pkg/app/app.go

@@ -1,39 +0,0 @@
-package app
-
-import (
-	"forge.cadoles.com/arcad/edge/pkg/bundle"
-	"github.com/pkg/errors"
-	"gopkg.in/yaml.v2"
-)
-
-type ID string
-
-type Manifest struct {
-	ID          ID       `yaml:"id" json:"id"`
-	Version     string   `yaml:"version" json:"version"`
-	Title       string   `yaml:"title" json:"title"`
-	Description string   `yaml:"description" json:"description"`
-	Tags        []string `yaml:"tags" json:"tags"`
-}
-
-func LoadManifest(b bundle.Bundle) (*Manifest, error) {
-	reader, _, err := b.File("manifest.yml")
-	if err != nil {
-		return nil, errors.Wrap(err, "could not read manifest.yml")
-	}
-
-	defer func() {
-		if err := reader.Close(); err != nil {
-			panic(errors.WithStack(err))
-		}
-	}()
-
-	manifest := &Manifest{}
-
-	decoder := yaml.NewDecoder(reader)
-	if err := decoder.Decode(manifest); err != nil {
-		return nil, errors.Wrap(err, "could not decode manifest.yml")
-	}
-
-	return manifest, nil
-}

pkg/app/manifest.go

@@ -0,0 +1,85 @@
+package app
+
+import (
+	"strings"
+
+	"forge.cadoles.com/arcad/edge/pkg/bundle"
+	"github.com/pkg/errors"
+	"golang.org/x/mod/semver"
+	"gopkg.in/yaml.v2"
+)
+
+type ID string
+
+type Manifest struct {
+	ID          ID       `yaml:"id" json:"id"`
+	Version     string   `yaml:"version" json:"version"`
+	Title       string   `yaml:"title" json:"title"`
+	Description string   `yaml:"description" json:"description"`
+	Tags        []string `yaml:"tags" json:"tags"`
+	Metadata    MapStr   `yaml:"metadata" json:"metadata"`
+}
+
+type MetadataValidator func(map[string]any) (bool, error)
+
+func (m *Manifest) Validate(validators ...MetadataValidator) (bool, error) {
+	if m.ID == "" {
+		return false, errors.New("'id' property should not be empty")
+	}
+
+	if m.Version == "" {
+		return false, errors.New("'version' property should not be empty")
+	}
+
+	version := m.Version
+	if !strings.HasPrefix(version, "v") {
+		version = "v" + version
+	}
+
+	if !semver.IsValid(version) {
+		return false, errors.Errorf("version '%s' does not respect semver format", m.Version)
+	}
+
+	if m.Title == "" {
+		return false, errors.New("'title' property should not be empty")
+	}
+
+	if m.Tags != nil {
+		for _, t := range m.Tags {
+			if strings.ContainsAny(t, " \t\n\r") {
+				return false, errors.Errorf("tag '%s' should not contain any space or new line", t)
+			}
+		}
+	}
+
+	for _, v := range validators {
+		valid, err := v(m.Metadata)
+		if !valid || err != nil {
+			return valid, errors.WithStack(err)
+		}
+	}
+
+	return true, nil
+}
+
+func LoadManifest(b bundle.Bundle) (*Manifest, error) {
+	reader, _, err := b.File("manifest.yml")
+	if err != nil {
+		return nil, errors.Wrap(err, "could not read manifest.yml")
+	}
+
+	defer func() {
+		if err := reader.Close(); err != nil {
+			panic(errors.WithStack(err))
+		}
+	}()
+
+	manifest := &Manifest{}
+
+	decoder := yaml.NewDecoder(reader)
+	if err := decoder.Decode(manifest); err != nil {
+		return nil, errors.Wrap(err, "could not decode manifest.yml")
+	}
+
+	return manifest, nil
+}

pkg/app/map_str.go

@@ -0,0 +1,61 @@
+package app
+
+import (
+	"fmt"
+
+	"github.com/pkg/errors"
+)
+
+type MapStr map[string]interface{}
+
+func MapStrUnion(dict1 MapStr, dict2 MapStr) MapStr {
+	dict := MapStr{}
+
+	for k, v := range dict1 {
+		dict[k] = v
+	}
+
+	for k, v := range dict2 {
+		dict[k] = v
+	}
+	return dict
+}
+
+func (ms *MapStr) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	var result map[interface{}]interface{}
+	err := unmarshal(&result)
+	if err != nil {
+		return errors.WithStack(err)
+	}
+	*ms = cleanUpInterfaceMap(result)
+	return nil
+}
+
+func cleanUpInterfaceArray(in []interface{}) []interface{} {
+	result := make([]interface{}, len(in))
+	for i, v := range in {
+		result[i] = cleanUpMapValue(v)
+	}
+	return result
+}
+
+func cleanUpInterfaceMap(in map[interface{}]interface{}) MapStr {
+	result := make(MapStr)
+	for k, v := range in {
+		result[fmt.Sprintf("%v", k)] = cleanUpMapValue(v)
+	}
+	return result
+}
+
+func cleanUpMapValue(v interface{}) interface{} {
+	switch v := v.(type) {
+	case []interface{}:
+		return cleanUpInterfaceArray(v)
+	case map[interface{}]interface{}:
+		return cleanUpInterfaceMap(v)
+	case string:
+		return v
+	default:
+		return fmt.Sprintf("%v", v)
+	}
+}

pkg/app/metadata/minimum_role.go

@@ -0,0 +1,28 @@
+package metadata
+
+import (
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	"github.com/pkg/errors"
+)
+
+func WithMinimumRoleValidator(roles ...string) app.MetadataValidator {
+	return func(metadata map[string]any) (bool, error) {
+		rawMinimumRole, exists := metadata["minimumRole"]
+		if !exists {
+			return true, nil
+		}
+
+		minimumRole, ok := rawMinimumRole.(string)
+		if !ok {
+			return false, errors.Errorf("metadata['minimumRole']: unexpected value type '%T'", rawMinimumRole)
+		}
+
+		for _, r := range roles {
+			if minimumRole == r {
+				return true, nil
+			}
+		}
+
+		return false, errors.Errorf("metadata['minimumRole']: unexpected role '%s'", minimumRole)
+	}
+}

pkg/app/metadata/named_path.go

@@ -0,0 +1,51 @@
+package metadata
+
+import (
+	"strings"
+
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	"github.com/pkg/errors"
+)
+
+type NamedPath string
+
+const (
+	NamedPathAdmin NamedPath = "admin"
+	NamedPathIcon  NamedPath = "icon"
+)
+
+func WithNamedPathsValidator(names ...NamedPath) app.MetadataValidator {
+	set := map[NamedPath]struct{}{}
+	for _, n := range names {
+		set[n] = struct{}{}
+	}
+
+	return func(metadata map[string]any) (bool, error) {
+		rawPaths, exists := metadata["paths"]
+		if !exists {
+			return true, nil
+		}
+
+		paths, ok := rawPaths.(app.MapStr)
+		if !ok {
+			return false, errors.Errorf("metadata['paths']: unexpected named path value type '%T'", rawPaths)
+		}
+
+		for n, p := range paths {
+			if _, exists := set[NamedPath(n)]; !exists {
+				return false, errors.Errorf("metadata['paths']: unexpected named path '%s'", n)
+			}
+
+			path, ok := p.(string)
+			if !ok {
+				return false, errors.Errorf("metadata['paths']['%s']: unexpected named path value type '%T'", n, path)
+			}
+
+			if !strings.HasPrefix(path, "/") {
+				return false, errors.Errorf("metadata['paths']['%s']: named path value should start with a '/'", n)
+			}
+		}
+
+		return true, nil
+	}
+}

pkg/app/metadata/testdata/manifests/invalid-minimum-role.yml

@@ -0,0 +1,7 @@
+id: foo.arcad.app
+version: v0.0.0
+title: Foo
+description: A test app
+tags: ["test"]
+metadata:
+  minimumRole: foo

pkg/app/metadata/testdata/manifests/invalid-paths.yml

@@ -0,0 +1,10 @@
+id: foo.arcad.app
+version: v0.0.0
+title: Foo
+description: A test app
+tags: ["test"]
+metadata:
+  paths:
+    invalid: /admin
+    icon: /my-app-icon.png
+  minimumRole: visitor

pkg/app/metadata/testdata/manifests/valid.yml

@@ -0,0 +1,10 @@
+id: foo.arcad.app
+version: v0.0.0
+title: Foo
+description: A test app
+tags: ["test"]
+metadata:
+  paths:
+    admin: /admin
+    icon: /my-app-icon.png
+  minimumRole: visitor

pkg/app/metadata/validator_test.go

@@ -0,0 +1,74 @@
+package metadata
+
+import (
+	"io/ioutil"
+	"path/filepath"
+	"testing"
+
+	"forge.cadoles.com/arcad/edge/pkg/app"
+	"github.com/pkg/errors"
+	"gopkg.in/yaml.v2"
+)
+
+type validatorTestCase struct {
+	File        string
+	ExpectValid bool
+	ExpectError bool
+}
+
+var validatorTestCases = []validatorTestCase{
+	{
+		File:        "valid.yml",
+		ExpectValid: true,
+	},
+	{
+		File:        "invalid-paths.yml",
+		ExpectValid: false,
+		ExpectError: true,
+	},
+	{
+		File:        "invalid-minimum-role.yml",
+		ExpectValid: false,
+		ExpectError: true,
+	},
+}
+
+var validators = []app.MetadataValidator{
+	WithMinimumRoleValidator("visitor", "user", "superuser", "admin", "superadmin"),
+	WithNamedPathsValidator(NamedPathAdmin, NamedPathIcon),
+}
+
+func TestManifestValidate(t *testing.T) {
+	for _, tc := range validatorTestCases {
+		func(tc *validatorTestCase) {
+			t.Run(tc.File, func(t *testing.T) {
+				data, err := ioutil.ReadFile(filepath.Join("testdata/manifests", tc.File))
+				if err != nil {
+					t.Fatalf("%+v", errors.WithStack(err))
+				}
+
+				var manifest app.Manifest
+
+				if err := yaml.Unmarshal(data, &manifest); err != nil {
+					t.Fatalf("%+v", errors.WithStack(err))
+				}
+
+				valid, err := manifest.Validate(validators...)
+
+				t.Logf("[RESULT] valid:%v, err:%v", valid, err)
+
+				if e, g := tc.ExpectValid, valid; e != g {
+					t.Errorf("valid: expected '%v', got '%v'", e, g)
+				}
+
+				if tc.ExpectError && err == nil {
+					t.Error("err should not be nil")
+				}
+
+				if !tc.ExpectError && err != nil {
+					t.Errorf("err: expected nil, got '%+v'", err)
+				}
+			})
+		}(&tc)
+	}
+}

pkg/module/app/module.go

@@ -19,6 +19,7 @@ type gojaManifest struct {
 	Title       string         `goja:"title" json:"title"`
 	Description string         `goja:"description" json:"description"`
 	Tags        []string       `goja:"tags" json:"tags"`
+	Metadata    map[string]any `goja:"metadata" json:"metadata"`
 }
 
 func toGojaManifest(manifest *app.Manifest) *gojaManifest {
@@ -28,6 +29,7 @@ func toGojaManifest(manifest *app.Manifest) *gojaManifest {
 		Title:       manifest.Title,
 		Description: manifest.Description,
 		Tags:        manifest.Tags,
+		Metadata:    manifest.Metadata,
 	}
 }
 

pkg/module/blob/module_test.go

@@ -19,7 +19,7 @@ func TestBlobModule(t *testing.T) {
 	logger.SetLevel(slog.LevelDebug)
 
 	bus := memory.NewBus()
-	store := sqlite.NewBlobStore(":memory:")
+	store := sqlite.NewBlobStore(":memory:?_pragma=foreign_keys(1)&_pragma=busy_timeout=60000")
 
 	server := app.NewServer(
 		module.ContextModuleFactory(),

pkg/module/fetch/module_test.go

@@ -5,6 +5,7 @@ import (
 	"io/ioutil"
 	"net/url"
 	"testing"
+	"time"
 
 	"cdr.dev/slog"
 	"forge.cadoles.com/arcad/edge/pkg/app"
@@ -42,7 +43,12 @@ func TestFetchModule(t *testing.T) {
 		t.Fatalf("%+v", errors.WithStack(err))
 	}
 
-	ctx := context.Background()
+	// Wait for module to startup
+	time.Sleep(1 * time.Second)
+
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+
 	remoteAddr := "127.0.0.1"
 	url, _ := url.Parse("http://example.com")
 

pkg/module/store/module_test.go

@@ -15,7 +15,7 @@ import (
 func TestStoreModule(t *testing.T) {
 	logger.SetLevel(logger.LevelDebug)
 
-	store := sqlite.NewDocumentStore(":memory:")
+	store := sqlite.NewDocumentStore(":memory:?_pragma=foreign_keys(1)&_pragma=busy_timeout=60000")
 	server := app.NewServer(
 		module.ContextModuleFactory(),
 		module.ConsoleModuleFactory(),

pkg/sdk/client/dist/client.js

@@ -3785,7 +3785,8 @@ var Edge = (() => {
   // pkg/sdk/client/src/index.ts
   var src_exports = {};
   __export(src_exports, {
-    default: () => src_default
+    client: () => client,
+    crossFrameMessenger: () => crossFrameMessenger
   });
 
   // pkg/sdk/client/src/event-target.ts
@@ -3864,6 +3865,8 @@ var Edge = (() => {
   var import_sockjs_client = __toESM(require_entry());
   var EventTypeMessage = "message";
   var EdgeAuth = "edge-auth";
+  var EdgeAuthTokenRequest = "edge_auth_token_request";
+  var EdgeAuthTokenResponse = "edge_auth_token_reponse";
   var Client = class extends EventTarget {
     constructor(autoReconnect = true) {
       super();
@@ -3871,6 +3874,7 @@ var Edge = (() => {
       this._onConnectionClose = this._onConnectionClose.bind(this);
       this._onConnectionMessage = this._onConnectionMessage.bind(this);
       this._handleRPCResponse = this._handleRPCResponse.bind(this);
+      this._handleEdgeAuthTokenRequest = this._handleEdgeAuthTokenRequest.bind(this);
       this._rpcID = 0;
       this._pendingRPC = {};
       this._queue = [];
@@ -3883,12 +3887,22 @@ var Edge = (() => {
       this.send = this.send.bind(this);
       this.upload = this.upload.bind(this);
       this.addEventListener(EventTypeMessage, this._handleRPCResponse);
+      window.addEventListener("message", this._handleEdgeAuthTokenRequest);
     }
     connect(token = "") {
-      return new Promise((resolve, reject) => {
+      let getToken;
-        if (token == "") {
+      if (token) {
-          token = this._getAuthCookieToken();
+        getToken = Promise.resolve(token);
+      } else {
+        getToken = this._retrieveToken();
       }
+      return getToken.then((token2) => this._connect(token2));
+    }
+    disconnect() {
+      this._cleanupConnection();
+    }
+    _connect(token) {
+      return new Promise((resolve, reject) => {
         const url = `//${document.location.host}/edge/sock?${EdgeAuth}=${token}`;
         this._log("opening connection to", url);
         const conn = new import_sockjs_client.default(url);
@@ -3919,15 +3933,65 @@ var Edge = (() => {
         conn.addEventListener("close", onError);
       });
     }
-    disconnect() {
+    _retrieveToken() {
-      this._cleanupConnection();
+      let token = this._getAuthCookieToken();
+      if (token) {
+        return Promise.resolve(token);
+      }
+      return this._getParentFrameToken();
+      ;
     }
     _getAuthCookieToken() {
       const cookie = document.cookie.split("; ").find((row) => row.startsWith(EdgeAuth));
+      let token = "";
       if (cookie) {
-        return cookie.split("=")[1];
+        token = cookie.split("=")[1];
       }
-      return "";
+      return token;
+    }
+    _getParentFrameToken(timeout = 5e3) {
+      if (!window.parent || window.parent === window) {
+        return Promise.resolve("");
+      }
+      return new Promise((resolve, reject) => {
+        let timedOut = false;
+        const timeoutId = setTimeout(() => {
+          timedOut = true;
+          reject(new Error("Edge auth token request timed out !"));
+        }, timeout);
+        const listener = (evt) => {
+          const message2 = evt.data;
+          if (!message2 || !message2.type || !message2.data) {
+            return;
+          }
+          if (message2.type !== EdgeAuthTokenResponse) {
+            return;
+          }
+          window.removeEventListener("message", listener);
+          clearTimeout(timeoutId);
+          if (timedOut)
+            return;
+          if (!message2.data) {
+            reject("Unexpected auth token request response !");
+            return;
+          }
+          resolve(message2.data?.token || "");
+        };
+        window.addEventListener("message", listener);
+        const message = { type: EdgeAuthTokenRequest };
+        window.parent.postMessage(message, "*");
+      });
+    }
+    _handleEdgeAuthTokenRequest(evt) {
+      const message = evt.data;
+      if (!message || !message.type || message.type !== EdgeAuthTokenRequest) {
+        return;
+      }
+      if (!evt.source) {
+        return;
+      }
+      const token = this._getAuthCookieToken();
+      evt.source.postMessage({ type: EdgeAuthTokenResponse, data: { token } }, evt.origin);
     }
     _onConnectionMessage(evt) {
       const rawMessage = JSON.parse(evt.data);
@@ -4089,9 +4153,71 @@ var Edge = (() => {
     }
   };
 
+  // pkg/sdk/client/src/crossframe-messenger.ts
+  var CrossFrameMessenger = class extends EventTarget {
+    constructor() {
+      super();
+      this.debug = false;
+      this._handleWindowMessage = this._handleWindowMessage.bind(this);
+      this._initObservers = this._initObservers.bind(this);
+      window.addEventListener("load", this._initObservers);
+      window.addEventListener("message", this._handleWindowMessage);
+    }
+    post(message, target = window.parent) {
+      if (!target)
+        return;
+      this._log("sending crossframe message", message);
+      target.postMessage(message, "*");
+    }
+    _log(...args) {
+      if (!this.debug)
+        return;
+      console.log(...args);
+    }
+    _handleWindowMessage(evt) {
+      const message = evt.data;
+      if (!message || !message.type || !message.data) {
+        return;
+      }
+      const event = new CustomEvent(message.type, {
+        cancelable: true,
+        detail: message.data
+      });
+      this.dispatchEvent(event);
+    }
+    _initObservers() {
+      this._initResizeObserver();
+      this._initTitleMutationObserver();
+    }
+    _initTitleMutationObserver() {
+      const titleObserver = new MutationObserver((mutations) => {
+        const title2 = mutations[0].target.textContent;
+        this.post({ type: "title_changed" /* TITLE_CHANGED */, data: { title: title2 } });
+      });
+      const title = document.querySelector("title");
+      if (!title)
+        return;
+      this.post({ type: "title_changed" /* TITLE_CHANGED */, data: { title: title.textContent } });
+      titleObserver.observe(title, { subtree: true, characterData: true, childList: true });
+    }
+    _initResizeObserver() {
+      const resizeObserver = new ResizeObserver(() => {
+        const rect = document.documentElement.getBoundingClientRect();
+        const height = rect.height;
+        const width = rect.width;
+        this.post({ type: "size_changed" /* SIZE_CHANGED */, data: { height, width } });
+      });
+      const body = document.body;
+      if (!body)
+        return;
+      resizeObserver.observe(document.documentElement);
+    }
+  };
+
   // pkg/sdk/client/src/index.ts
-  var src_default = new Client();
+  var client = new Client();
+  var crossFrameMessenger = new CrossFrameMessenger();
   return __toCommonJS(src_exports);
 })();
-Edge=Edge.default;
+EdgeFrame=Edge.crossFrameMessenger;Edge=Edge.client
 //# sourceMappingURL=client.js.map

pkg/sdk/client/src/client.ts

@@ -5,6 +5,8 @@ import SockJS from 'sockjs-client';
 
 const EventTypeMessage = "message";
 const EdgeAuth = "edge-auth"
+const EdgeAuthTokenRequest = "edge_auth_token_request"
+const EdgeAuthTokenResponse = "edge_auth_token_reponse"
 
 export class Client extends EventTarget {
 
@@ -19,15 +21,17 @@ export class Client extends EventTarget {
   constructor(autoReconnect = true) {
     super();
     this._conn = null;
+
     this._onConnectionClose = this._onConnectionClose.bind(this);
     this._onConnectionMessage = this._onConnectionMessage.bind(this);
     this._handleRPCResponse = this._handleRPCResponse.bind(this);
+    this._handleEdgeAuthTokenRequest = this._handleEdgeAuthTokenRequest.bind(this);
+
     this._rpcID = 0;
     this._pendingRPC = {};
     this._queue = [];
     this._reconnectionDelay = 250;
     this._autoReconnect = autoReconnect;
-
     this.debug = false;
 
     this.connect = this.connect.bind(this);
@@ -36,15 +40,29 @@ export class Client extends EventTarget {
     this.send = this.send.bind(this);
     this.upload = this.upload.bind(this);
     
+
     this.addEventListener(EventTypeMessage, this._handleRPCResponse);
+    window.addEventListener('message', this._handleEdgeAuthTokenRequest);
   }
 
-  connect(token = "") {
+  connect(token = ""): Promise<Client> {
+    let getToken: Promise<string>
+
+    if (token) {
+      getToken = Promise.resolve(token)
+    } else {
+      getToken = this._retrieveToken()
+    }
+
+    return getToken.then(token => this._connect(token))
+  }
+
+  disconnect() {
+    this._cleanupConnection();
+  }
+
+  _connect(token: string): Promise<Client> {
     return new Promise((resolve, reject) => {
-      if (token == "") {
-        token = this._getAuthCookieToken()
-      }
-
       const url = `//${document.location.host}/edge/sock?${EdgeAuth}=${token}`;
         this._log("opening connection to", url);
         const conn: any = new SockJS(url);
@@ -77,22 +95,87 @@ export class Client extends EventTarget {
         conn.addEventListener('open', onOpen);
         conn.addEventListener('error', onError);
         conn.addEventListener('close', onError);
-    });
+    })
   }
 
-  disconnect() {
+  _retrieveToken(): Promise<string> {
-    this._cleanupConnection();
+    let token = this._getAuthCookieToken();
+    if (token) {
+      return Promise.resolve(token);
     }
 
-  _getAuthCookieToken() {
+    return this._getParentFrameToken();;
+  }
+
+  _getAuthCookieToken(): string {
     const cookie = document.cookie.split("; ")
       .find((row) => row.startsWith(EdgeAuth));
 
+    let token = "";
+
     if (cookie) {
-      return cookie.split("=")[1];
+      token = cookie.split("=")[1];
     }
 
-    return "";
+    return token;
+  }
+
+  _getParentFrameToken(timeout = 5000): Promise<string> {
+    if (!window.parent || window.parent === window) {
+      return Promise.resolve("");
+    }
+
+    return new Promise((resolve, reject) => {
+      let timedOut = false;
+      const timeoutId = setTimeout(() => {
+        timedOut = true;
+        reject(new Error("Edge auth token request timed out !"));
+      }, timeout);
+
+      const listener = (evt) => {
+        const message = evt.data;
+
+        if (!message || !message.type || !message.data) {
+          return
+        }
+
+        if (message.type !== EdgeAuthTokenResponse) {
+          return;
+        }
+
+        window.removeEventListener('message', listener);
+        clearTimeout(timeoutId);
+
+        if (timedOut) return;
+
+        if (!message.data) {
+          reject("Unexpected auth token request response !");
+          return;
+        }
+
+        resolve(message.data?.token || "");
+      }
+
+      window.addEventListener('message', listener);
+      
+      const message = { type: EdgeAuthTokenRequest };
+      window.parent.postMessage(message, '*');
+    })
+  }
+
+  _handleEdgeAuthTokenRequest(evt: MessageEvent) {
+    const message = evt.data;
+    if (!message || !message.type || message.type !== EdgeAuthTokenRequest) {
+      return;
+    }
+
+    if (!evt.source) {
+      return;
+    }
+
+    const token = this._getAuthCookieToken();
+    // @ts-ignore
+    evt.source.postMessage({ type: EdgeAuthTokenResponse, data: { token }}, evt.origin);
   }
 
   _onConnectionMessage(evt) {

pkg/sdk/client/src/crossframe-messenger.ts

@@ -0,0 +1,87 @@
+import { EventTarget } from "./event-target";
+
+enum CrossFrameMessageType {
+    SIZE_CHANGED = "size_changed",
+    TITLE_CHANGED = "title_changed"
+}
+
+interface CrossFrameMessage {
+    type: CrossFrameMessageType
+    data: { [key: string]: any }
+}
+
+export class CrossFrameMessenger extends EventTarget {
+    debug: boolean;
+
+    constructor() {
+        super()
+        this.debug = false;
+
+        this._handleWindowMessage = this._handleWindowMessage.bind(this);
+        this._initObservers = this._initObservers.bind(this);
+
+        window.addEventListener('load', this._initObservers);
+        window.addEventListener('message', this._handleWindowMessage)
+    }
+
+    post(message: CrossFrameMessage, target: Window = window.parent) {
+        if (!target) return;
+        this._log("sending crossframe message", message);
+        target.postMessage(message, '*');
+    }
+
+    _log(...args) {
+        if (!this.debug) return;
+        console.log(...args);
+    }
+
+    _handleWindowMessage(evt: MessageEvent) {
+        const message = evt.data;
+        if (!message || !message.type || !message.data) {
+            return;
+        }
+        
+        const event = new CustomEvent(message.type, {
+            cancelable: true,
+            detail: message.data
+        });
+        
+        this.dispatchEvent(event);
+    }
+
+    _initObservers() {
+        this._initResizeObserver();
+        this._initTitleMutationObserver();
+    }
+
+    _initTitleMutationObserver() {
+        const titleObserver = new MutationObserver((mutations) => {
+            const title = mutations[0].target.textContent;
+            this.post({ type: CrossFrameMessageType.TITLE_CHANGED, data: { title }});
+        });
+
+        const title = document.querySelector('title');
+
+        if (!title) return;
+
+        this.post({ type: CrossFrameMessageType.TITLE_CHANGED, data: { title: title.textContent }});
+        
+        titleObserver.observe(title, { subtree: true, characterData: true, childList: true });
+    }
+
+    _initResizeObserver() {
+        const resizeObserver = new ResizeObserver(() => {
+            const rect = document.documentElement.getBoundingClientRect();
+            const height = rect.height;
+            const width = rect.width;
+
+            this.post({ type: CrossFrameMessageType.SIZE_CHANGED, data: { height, width }});
+        });
+
+        const body = document.body;
+
+        if (!body) return;
+
+        resizeObserver.observe(document.documentElement);
+    }
+}

pkg/sdk/client/src/index.ts

@@ -1,3 +1,5 @@
 import { Client } from './client.js';
+import { CrossFrameMessenger } from './crossframe-messenger.js';
 
-export default new Client();
+export const client = new Client();
+export const crossFrameMessenger = new CrossFrameMessenger();

pkg/storage/sqlite/blob_bucket.go

@@ -35,6 +35,10 @@ func (b *BlobBucket) Size(ctx context.Context) (int64, error) {
 			return errors.WithStack(err)
 		}
 
+		if err := row.Err(); err != nil {
+			return errors.WithStack(err)
+		}
+
 		size = nullSize.Int64
 
 		return nil
@@ -111,6 +115,10 @@ func (b *BlobBucket) Get(ctx context.Context, id storage.BlobID) (storage.BlobIn
 			return errors.WithStack(err)
 		}
 
+		if err := row.Err(); err != nil {
+			return errors.WithStack(err)
+		}
+
 		blobInfo = &BlobInfo{
 			id:          id,
 			bucket:      b.name,
@@ -143,6 +151,12 @@ func (b *BlobBucket) List(ctx context.Context) ([]storage.BlobInfo, error) {
 			return errors.WithStack(err)
 		}
 
+		defer func() {
+			if err := rows.Close(); err != nil {
+				logger.Error(ctx, "could not close rows", logger.E(errors.WithStack(err)))
+			}
+		}()
+
 		blobs = make([]storage.BlobInfo, 0)
 
 		for rows.Next() {

pkg/storage/sqlite/blob_store_test.go

@@ -1,8 +1,10 @@
 package sqlite
 
 import (
+	"fmt"
 	"os"
 	"testing"
+	"time"
 
 	"forge.cadoles.com/arcad/edge/pkg/storage/testsuite"
 	"github.com/pkg/errors"
@@ -19,7 +21,8 @@ func TestBlobStore(t *testing.T) {
 		t.Fatalf("%+v", errors.WithStack(err))
 	}
 
-	store := NewBlobStore(file)
+	dsn := fmt.Sprintf("%s?_pragma=foreign_keys(1)&_pragma=busy_timeout=%d", file, (60 * time.Second).Milliseconds())
+	store := NewBlobStore(dsn)
 
 	testsuite.TestBlobStore(t, store)
 }

pkg/storage/sqlite/document_store.go

@@ -5,7 +5,6 @@ import (
 	"database/sql"
 	"fmt"
 	"math"
-	"sync"
 	"time"
 
 	"forge.cadoles.com/arcad/edge/pkg/storage"
@@ -18,10 +17,7 @@ import (
 )
 
 type DocumentStore struct {
-	db       *sql.DB
+	getDB getDBFunc
-	path     string
-	openOnce sync.Once
-	mutex    sync.RWMutex
 }
 
 // Delete implements storage.DocumentStore
@@ -74,6 +70,10 @@ func (s *DocumentStore) Get(ctx context.Context, collection string, id storage.D
 			return errors.WithStack(err)
 		}
 
+		if err := row.Err(); err != nil {
+			return errors.WithStack(err)
+		}
+
 		document = storage.Document(data)
 
 		document[storage.DocumentAttrID] = id
@@ -160,7 +160,11 @@ func (s *DocumentStore) Query(ctx context.Context, collection string, filter *fi
 			return errors.WithStack(err)
 		}
 
-		defer rows.Close()
+		defer func() {
+			if err := rows.Close(); err != nil {
+				logger.Error(ctx, "could not close rows", logger.E(errors.WithStack(err)))
+			}
+		}()
 
 		documents = make([]storage.Document, 0)
 
@@ -238,6 +242,10 @@ func (s *DocumentStore) Upsert(ctx context.Context, collection string, document
 			return errors.WithStack(err)
 		}
 
+		if err := row.Err(); err != nil {
+			return errors.WithStack(err)
+		}
+
 		upsertedDocument = storage.Document(data)
 
 		upsertedDocument[storage.DocumentAttrID] = id
@@ -256,7 +264,7 @@ func (s *DocumentStore) Upsert(ctx context.Context, collection string, document
 func (s *DocumentStore) withTx(ctx context.Context, fn func(tx *sql.Tx) error) error {
 	var db *sql.DB
 
-	db, err := s.getDatabase(ctx)
+	db, err := s.getDB(ctx)
 	if err != nil {
 		return errors.WithStack(err)
 	}
@@ -268,67 +276,7 @@ func (s *DocumentStore) withTx(ctx context.Context, fn func(tx *sql.Tx) error) e
 	return nil
 }
 
-func (s *DocumentStore) getDatabase(ctx context.Context) (*sql.DB, error) {
+func ensureTables(ctx context.Context, db *sql.DB) error {
-	s.mutex.RLock()
-	if s.db != nil {
-		defer s.mutex.RUnlock()
-
-		var err error
-
-		s.openOnce.Do(func() {
-			if err = s.ensureTables(ctx, s.db); err != nil {
-				err = errors.WithStack(err)
-
-				return
-			}
-		})
-
-		if err != nil {
-			return nil, errors.WithStack(err)
-		}
-
-		return s.db, nil
-	}
-
-	s.mutex.RUnlock()
-
-	var (
-		db  *sql.DB
-		err error
-	)
-
-	s.openOnce.Do(func() {
-		db, err = sql.Open("sqlite", s.path)
-		if err != nil {
-			err = errors.WithStack(err)
-
-			return
-		}
-
-		if err = s.ensureTables(ctx, db); err != nil {
-			err = errors.WithStack(err)
-
-			return
-		}
-	})
-
-	if err != nil {
-		return nil, errors.WithStack(err)
-	}
-
-	if db != nil {
-		s.mutex.Lock()
-		s.db = db
-		s.mutex.Unlock()
-	}
-
-	s.mutex.RLock()
-	defer s.mutex.RUnlock()
-
-	return s.db, nil
-}
-
-func (s *DocumentStore) ensureTables(ctx context.Context, db *sql.DB) error {
 	err := withTx(ctx, db, func(tx *sql.Tx) error {
 		query := `
 			CREATE TABLE IF NOT EXISTS documents (
@@ -396,18 +344,18 @@ func withLimitOffsetClause(query string, args []any, limit int, offset int) (str
 }
 
 func NewDocumentStore(path string) *DocumentStore {
+	getDB := newGetDBFunc(path, ensureTables)
+
 	return &DocumentStore{
-		db:       nil,
+		getDB: getDB,
-		path:     path,
-		openOnce: sync.Once{},
 	}
 }
 
 func NewDocumentStoreWithDB(db *sql.DB) *DocumentStore {
+	getDB := newGetDBFuncFromDB(db, ensureTables)
+
 	return &DocumentStore{
-		db:       db,
+		getDB: getDB,
-		path:     "",
-		openOnce: sync.Once{},
 	}
 }
 

pkg/storage/sqlite/document_store_test.go

@@ -1,8 +1,10 @@
 package sqlite
 
 import (
+	"fmt"
 	"os"
 	"testing"
+	"time"
 
 	"forge.cadoles.com/arcad/edge/pkg/storage/testsuite"
 	"github.com/pkg/errors"
@@ -10,7 +12,7 @@ import (
 )
 
 func TestDocumentStore(t *testing.T) {
-	// t.Parallel()
+	t.Parallel()
 	logger.SetLevel(logger.LevelDebug)
 
 	file := "./testdata/documentstore_test.sqlite"
@@ -19,7 +21,8 @@ func TestDocumentStore(t *testing.T) {
 		t.Fatalf("%+v", errors.WithStack(err))
 	}
 
-	store := NewDocumentStore(file)
+	dsn := fmt.Sprintf("%s?_pragma=foreign_keys(1)&_pragma=busy_timeout=%d", file, (60 * time.Second).Milliseconds())
+	store := NewDocumentStore(dsn)
 
 	testsuite.TestDocumentStore(t, store)
 }

pkg/storage/sqlite/sql.go

@@ -8,7 +8,9 @@ import (
 	"github.com/pkg/errors"
 	"gitlab.com/wpetit/goweb/logger"
 
+	"modernc.org/sqlite"
 	_ "modernc.org/sqlite"
+	sqlite3 "modernc.org/sqlite/lib"
 )
 
 func Open(path string) (*sql.DB, error) {
@@ -23,7 +25,7 @@ func Open(path string) (*sql.DB, error) {
 func withTx(ctx context.Context, db *sql.DB, fn func(tx *sql.Tx) error) error {
 	var tx *sql.Tx
 
-	tx, err := db.Begin()
+	tx, err := db.BeginTx(ctx, nil)
 	if err != nil {
 		return errors.WithStack(err)
 	}
@@ -38,10 +40,29 @@ func withTx(ctx context.Context, db *sql.DB, fn func(tx *sql.Tx) error) error {
 		}
 	}()
 
+	for {
 		if err = fn(tx); err != nil {
+			var sqlErr *sqlite.Error
+			if errors.As(err, &sqlErr) {
+				if sqlErr.Code() == sqlite3.SQLITE_BUSY {
+					logger.Warn(ctx, "database busy, retrying transaction")
+
+					if err := ctx.Err(); err != nil {
+						logger.Error(ctx, "could not execute transaction", logger.E(errors.WithStack(err)))
+
 						return errors.WithStack(err)
 					}
 
+					continue
+				}
+			}
+
+			return errors.WithStack(err)
+		}
+
+		break
+	}
+
 	if err = tx.Commit(); err != nil {
 		return errors.WithStack(err)
 	}

pkg/storage/sqlite/testdata/.gitignore

@@ -1 +1 @@
-/*.sqlite
+/*.sqlite*

pkg/storage/testsuite/blob_store.go

@@ -8,7 +8,7 @@ import (
 
 func TestBlobStore(t *testing.T, store storage.BlobStore) {
 	t.Run("Ops", func(t *testing.T) {
-		// t.Parallel()
+		t.Parallel()
 		testBlobStoreOps(t, store)
 	})
 }

pkg/storage/testsuite/document_store.go

@@ -8,7 +8,7 @@ import (
 
 func TestDocumentStore(t *testing.T, store storage.DocumentStore) {
 	t.Run("Ops", func(t *testing.T) {
-		// t.Parallel()
+		t.Parallel()
 		testDocumentStoreOps(t, store)
 	})
 }

pkg/storage/testsuite/document_store_ops.go

@@ -437,6 +437,7 @@ func testDocumentStoreOps(t *testing.T, store storage.DocumentStore) {
 	for _, tc := range documentStoreOpsTestCases {
 		func(tc documentStoreOpsTestCase) {
 			t.Run(tc.Name, func(t *testing.T) {
+				t.Parallel()
 				if err := tc.Run(context.Background(), store); err != nil {
 					t.Errorf("%+v", errors.WithStack(err))
 				}