reorg: split dashboard package into frontend and backend

Author: mabels

core/runtime/sts-service/index.ts

@@ -349,7 +349,7 @@ export async function verifyToken<R>(
     parseSchema: (payload: unknown): Result<R> => {
       return Result.Ok(payload as R);
     },
-    fetch: (url, init) => globalThis.fetch(url, init),
+    fetch: (...args: Parameters<typeof globalThis.fetch>) => globalThis.fetch(...args),
     verifyToken: async (token: string, pubKey: JWK): Promise<Result<{ payload: unknown }>> => {
       const rKey = await importJWK(pubKey);
       if (rKey.isErr()) {
@@ -390,6 +390,7 @@ export async function verifyToken<R>(
         case isFetchWellKnownJwksResultOk(pubKey):
           {
             for (const key of pubKey.keys) {
+              console.log("Trying well-known JWKS key from", token, wellKnownUrls, key);
               const rVerify = await internVerifyToken(token, key, opts);
               if (rVerify.isOk()) {
                 return rVerify;

dashboard/.dev.vars.sample

@@ -9,30 +9,60 @@ runs:
   steps:
     - uses: ./actions/runtime
 
-    - name: install
+    - name: FRONTEND install
       shell: bash
-      working-directory: dashboard
+      working-directory: dashboard/frontend
       run: pnpm install
 
-    - name: format-check
-      working-directory: dashboard
+    - name: FRONTEND format-check
+      working-directory: dashboard/frontend
       shell: bash
       run: pnpm run format --check
 
-    - name: lint
+    - name: FRONTEND lint
       shell: bash
-      working-directory: dashboard
+      working-directory: dashboard/frontend
       run: pnpm run lint
 
-    - name: build
+    - name: FRONTEND build
       shell: bash
-      working-directory: dashboard
+      working-directory: dashboard/frontend
       env:
         VITE_CLERK_PUBLISHABLE_KEY: ${{ inputs.CLERK_PUBLISHABLE_KEY }}
       run: pnpm run build
 
-    - name: test
+    - name: FRONTEND test
       shell: bash
-      working-directory: dashboard
+      working-directory: dashboard/frontend
       run: |
         pnpm run test
+
+
+    - name: BACKEND install
+      shell: bash
+      working-directory: dashboard/backend
+      run: pnpm install
+
+    - name: BACKEND format-check
+      working-directory: dashboard/backend
+      shell: bash
+      run: pnpm run format --check
+
+    - name: BACKEND lint
+      shell: bash
+      working-directory: dashboard/backend
+      run: pnpm run lint
+
+    - name: BACKEND build
+      shell: bash
+      working-directory: dashboard/backend
+      env:
+        VITE_CLERK_PUBLISHABLE_KEY: ${{ inputs.CLERK_PUBLISHABLE_KEY }}
+      run: pnpm run build
+
+    - name: BACKEND test
+      shell: bash
+      working-directory: dashboard/backend
+      run: |
+        pnpm run test
+

dashboard/actions/base/action.yaml

@@ -52,7 +52,7 @@ runs:
   using: "composite"
   steps:
     - name: Deploy Dashboard
-      working-directory: dashboard
+      working-directory: dashboard/frontend
       shell: bash
       env:
         # need for drizzle
@@ -77,7 +77,7 @@ runs:
         # need during build
         VITE_CLERK_PUBLISHABLE_KEY: ${{ inputs.CLERK_PUBLISHABLE_KEY }}
       run: |
-        pnpm run drizzle:d1-remote
+        (cd ../backend && pnpm run drizzle:d1-remote)
         pnpm exec core-cli wellKnown --jsons --presetKey "$CLERK_PUB_JWT_KEY" "$CLERK_PUB_JWT_URL" > key
         CLERK_PUB_JWT_KEY="$(cat key)"
         pnpm exec core-cli writeEnv --env ${{inputs.CLOUDFLARE_ENV}} --out /dev/stdout --json \
@@ -93,16 +93,6 @@ runs:
           --fromEnv CLOUD_SESSION_TOKEN_PUBLIC \
           --fromEnv DEVICE_ID_CA_PRIV_KEY \
           --fromEnv DEVICE_ID_CA_CERT | \
-          pnpm exec wrangler -c ./wrangler.toml secret --env ${{inputs.CLOUDFLARE_ENV}} bulk
+          pnpm exec wrangler -c ../backend/wrangler.toml secret --env ${{inputs.CLOUDFLARE_ENV}} bulk
         pnpm run deploy:cf --env ${{inputs.CLOUDFLARE_ENV}}
 
-      # - name: deploy to production
-      #   if: github.ref == 'refs/heads/main'
-      #   env:
-      #     CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
-      #     CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
-      #     CLOUDFLARE_DATABASE_ID: ${{ secrets.CLOUDFLARE_DATABASE_ID }}
-      #   run: |
-      #     pnpm run build
-      #     pnpm run drizzle:d1-remote
-      #     pnpm run deploy:cf --env production

dashboard/actions/deploy/action.yaml

@@ -242,13 +242,12 @@ export class FPApiSQL implements FPApiInterface {
   }
 
   private async _authVerifyAuth(req: { readonly auth: DashAuthType }): Promise<Result<ClerkVerifyAuth>> {
-    // console.log("_authVerify-1", req);
     const tokenApi = this.tokenApi[req.auth.type];
-    // console.log("_authVerify-2", req);
     if (!tokenApi) {
       return Result.Err(`invalid auth type:[${req.auth.type}]`);
     }
     const rAuth = await tokenApi.verify(req.auth.token);
+    // console.log("_authVerify-3", rAuth);
     if (rAuth.isErr()) {
       return Result.Err(rAuth.Err());
     }
@@ -261,7 +260,6 @@ export class FPApiSQL implements FPApiInterface {
 
   // eslint-disable-next-line @typescript-eslint/no-unused-vars
   private async activeUser(req: WithAuth, status: UserStatus[] = ["active"]): Promise<Result<ActiveUser>> {
-    // console.log("activeUser-1", req);
     const rAuth = await this._authVerifyAuth(req);
     if (rAuth.isErr()) {
       return Result.Err(rAuth.Err());
@@ -283,9 +281,7 @@ export class FPApiSQL implements FPApiInterface {
   }
 
   async ensureUser(req: ReqEnsureUser): Promise<Result<ResEnsureUser>> {
-    // console.log("ensureUser-1", req);
     const activeUser = await this.activeUser(req);
-    // console.log("ensureUser-2", req);
     if (activeUser.isErr()) {
       return Result.Err(activeUser.Err());
     }

dashboard/backend/api.ts

@@ -20,13 +20,26 @@ export interface Env {
 }
 
 export default {
-  async fetch(request: Request, env: Env) {
+  async fetch(request: Request, env: Env, ctx: ExecutionContext) {
     const uri = URI.from(request.url);
     let ares: Promise<CFResponse>;
     switch (true) {
       case uri.pathname.startsWith("/api"):
         // console.log("cf-serve", request.url, env);
-        ares = createHandler(drizzle(env.DB), env).then((fn) => fn(request) as unknown as Promise<CFResponse>);
+        ares = createHandler(drizzle(env.DB), env).then((fn) => fn(request, (p) => {
+          ctx.waitUntil(p);
+          return p;
+          // console.log("cf-serve - queued promise for execution context", p);
+          // ctx.waitUntil(p);
+
+          // const { waitUntil } = ctx;
+          // waitUntil.apply(ctx, [p]);
+          // waitUntil.call(ctx, p);
+          // const reboundWaitUntil = waitUntil.bind(ctx);
+          // reboundWaitUntil(p);
+
+          // return p;
+        }) as unknown as Promise<CFResponse>);
         break;
 
       case uri.pathname.startsWith("/.well-known/jwks.json"):
@@ -39,6 +52,8 @@ export default {
       default:
         ares = env.ASSETS.fetch(uri.build().pathname("/").asURL(), request as unknown as CFRequest);
     }
+    console.log("cf-serve - awaiting response for", request.url);
+    ctx.waitUntil(ares);
     const res = await ares;
     return new Response(res.body as ReadableStream<Uint8Array>, {
       status: res.status,

dashboard/backend/cf-serve.ts

@@ -32,11 +32,12 @@ class ClerkApiToken implements FPApiToken {
   constructor(sthis: SuperThis) {
     this.sthis = sthis;
   }
-  async verify(token: string): Promise<Result<VerifiedAuth>> {
+
+  readonly keysAndUrls = Lazy((): Result<{ keys: string[]; urls: string[] }> => {
     const keys: string[] = [];
     const urls: string[] = [];
     // eslint-disable-next-line no-constant-condition
-    for (let idx = 0; true; idx++) {
+     for (let idx = 0; true; idx++) {
       const suffix = !idx ? "" : `_${idx}`;
       const key = `CLERK_PUB_JWT_KEY${suffix}`;
       const url = `CLERK_PUB_JWT_URL${suffix}`;
@@ -64,6 +65,12 @@ class ClerkApiToken implements FPApiToken {
         );
       }
     }
+    return Result.Ok({ keys, urls });
+  })
+
+  async verify(token: string): Promise<Result<VerifiedAuth>> {
+    const { keys, urls } = this.keysAndUrls().Ok();
+   
     const rt = await sts.verifyToken(token, keys, urls, {
       parseSchema: (payload: unknown): Result<FPClerkClaim> => {
         const r = FPClerkClaimSchema.safeParse(payload);
@@ -79,6 +86,7 @@ class ClerkApiToken implements FPApiToken {
           return Result.Err(rPublicKey);
         }
         const pem = await exportSPKI(rPublicKey.Ok().key);
+        console.log("ClerkApiToken-verify", pem);
         const r = await exception2Result(() =>
           ClerkVerifyToken(token, {
             jwtKey: pem,
@@ -212,6 +220,7 @@ const tokenApi = Lazy(async (sthis: SuperThis) => {
   };
 });
 
+export type BindPromise<T> = (promise: Promise<T>) => Promise<T>;
 // BaseSQLiteDatabase<'async', ResultSet, TSchema>
 export async function createHandler<T extends DashSqlite>(db: T, env: Record<string, string> | Env) {
   // const stream = new utils.ConsoleWriterStream();
@@ -269,7 +278,7 @@ export async function createHandler<T extends DashSqlite>(db: T, env: Record<str
     maxLedgers: coerceInt(env.MAX_LEDGERS, 5),
     deviceCA: rDeviceIdCA.Ok(),
   });
-  return async (req: Request): Promise<Response> => {
+  return async (req: Request, bindPromise: BindPromise<Result<unknown>> = (p) => p): Promise<Response> => {
     const startTime = performance.now();
     if (req.method === "OPTIONS") {
       return new Response("ok", {
@@ -359,7 +368,7 @@ export async function createHandler<T extends DashSqlite>(db: T, env: Record<str
         return new Response("Invalid request", { status: 400, headers: DefaultHttpHeaders() });
     }
     try {
-      const rRes = await res;
+      const rRes = await bindPromise(res);
       // console.log("Response", rRes);
       if (rRes.isErr()) {
         logger.Error().Any({ request: jso.type }).Err(rRes).Msg("Result-Error");

dashboard/backend/create-handler.ts

@@ -12,7 +12,7 @@ function getClient() {
 async function main() {
   Deno.serve({
     port: 7370,
-    handler: await createHandler(getClient(), Deno.env.toObject()),
+    handler: (await createHandler(getClient(), Deno.env.toObject())) as (req: Request) => Promise<Response>,
   });
 }
 

dashboard/backend/deno-serve.ts

@@ -17,7 +17,7 @@ function getLocalD1DB(): string {
 
 export default defineConfig({
   dialect: "sqlite",
-  schema: "./backend/db-api-schema.ts",
+  schema: "./db-api-schema.ts",
   out: "./dist",
   dbCredentials: {
     url: getLocalD1DB(),

…board/drizzle.d1-local-backend.config.ts …ckend/drizzle.d1-local-backend.config.tsdashboard/drizzle.d1-local-backend.config.ts renamed to dashboard/backend/drizzle.d1-local-backend.config.ts dashboard/drizzle.d1-local-backend.config.ts renamed to dashboard/backend/drizzle.d1-local-backend.config.ts

@@ -16,7 +16,7 @@ function getLocalD1DB() {
 
 export default defineConfig({
   dialect: "sqlite",
-  schema: "./backend/db-api-schema.ts",
+  schema: "./db-api-schema.ts",
   out: "./dist",
   dbCredentials: {
     url: getLocalD1DB(),