07e2a62d98
Scripts can now answer at user-chosen paths (e.g. /greet, /greet/:name,
/webhooks/*), on user-chosen hosts (strict or *.example.com wildcards),
on user-chosen methods. The internal /api/v1/execute/{id} endpoint
stays as the always-available ID-based bypass.
Routing rules (decided in design with the user; see chat history):
Path kinds:
exact /greet literal
prefix /greet/* strict-subtree; stored as "/greet/";
does NOT match bare /greet (add an
exact route for that case)
param /users/:id :name captures one whole segment;
mid-segment colons are rejected;
{name} is reserved for a future SDK
Host kinds:
any no Host header constraint
strict sub.example.com literal match (case-insensitive)
wildcard *.example.com suffix match; multi-level subdomains OK
Within-kind uniqueness:
two routes of the same kind that could match the same request
conflict at config time. Algorithm (orchestrator_core::routing::
conflict):
exact: literal equality
prefix: literal equality (longer-prefix coexists; longer wins
at request time)
param: same segment count + same literals at every
literal-vs-literal position (the user's example:
:id vs :userId at same shape is a conflict)
Request-time precedence:
exact > param > prefix
among non-exact: more leading-literal segments wins
tie: param > prefix (more constrained)
within prefix: longest matching prefix wins
host bucket: strict > wildcard (longer suffix) > any; fall through
to less specific buckets when path doesn't match
Reserved path prefixes: /api/, /admin/, /healthz, /version
Routes that look invalid at config time return 422 with the precise
parse error; conflicting routes return 409 with the conflicting route
in the body (so the dashboard can render the conflict inline).
What landed:
* 0003_routes.sql — routes table (host_kind, host, host_param_name,
path_kind, path, method, script_id) with UNIQUE index on the
literal binding tuple. Schema 2 → 3.
* shared::Route / HostKind / PathKind — flat storage shape that
crosses wire boundaries cleanly.
* orchestrator_core::routing — four sub-modules, all unit-tested:
pattern.rs (16 tests) parse + validate + display
conflict.rs (12 tests) within-kind overlap predicate
matcher.rs (12 tests) runtime dispatch (specificity-aware)
table.rs Arc<RwLock<Vec<CompiledRoute>>>
shared by manager (writes) and
orchestrator (reads); atomic replace
after each admin write
* manager-core::route_admin — five new admin endpoints under
/api/v1/admin:
POST /scripts/{id}/routes create
GET /scripts/{id}/routes list per script
DELETE /routes/{route_id} delete (refreshes table)
POST /routes:check pre-flight conflict check
(powers the dashboard's
live conflict warning)
POST /routes:match synthetic URL → matched
route + extracted params
(powers the dashboard's
match-preview tool)
Stored path strings stay raw (user-typed); normalization
happens only in the in-memory CompiledRoute so re-parses are
idempotent.
* orchestrator_core::api::user_routes_router — fallback handler
mounted in picloud after the system routes. Reads Host /
method / path / query from the request, dispatches via the
table, builds an ExecRequest with params/query/rest filled,
calls the executor, writes to the log sink. 10 MiB body cap.
* executor-core::ctx (SDK 1.0 → 1.1) — adds
ctx.request.params (map of named-param captures)
ctx.request.query (parsed query string)
ctx.request.rest (suffix for prefix routes; "" otherwise)
All three are always present (empty when not applicable) so
scripts can read them unconditionally.
* picloud::build_app — now async; loads routes at startup,
populates the shared table, mounts route_admin_router under
/api/v1/admin alongside the script CRUD, and the user-routes
fallback at the app root.
* caddy/Caddyfile + Caddyfile.prod widened: anything not
/healthz, /version, /api/v1/admin/*, /api/v1/execute/*,
/api/* (404 sunset), or /admin/* (dashboard) → picloud.
* Dashboard moves to /admin/* via SvelteKit paths.base. Its
internal Caddy strips the prefix and serves with SPA fallback.
All in-app links use $app/paths. The dashboard URL is now
http://localhost:8000/admin/ — one-time break for the new
URL freedom users gained.
* PICLOUD_PUBLIC_BASE_URL env var, exposed via /version so the
dashboard renders full URLs for routes regardless of the
operator's external port / TLS setup.
* memory_limit_mb stays in the schema, still v1.3+ advisory.
Verified live through Caddy:
/version → schema 3, sdk 1.1, public_base_url
GET /admin/ → 200, dashboard HTML containing "PiCloud"
POST /api/v1/admin/scripts → 201
POST .../scripts/{id}/routes (path=/greet/:name) → 201
GET /greet/alice?lang=en → 200 {"name":"alice","q":"en"}
POST conflicting route → 409 with conflicting_route body
POST /admin/foo route → 422 "reserved"
POST /api/v1/admin/routes:match → matched + params extracted
GET /unbound-path → 404 JSON
Tests:
* 40 routing unit tests (pattern + conflict + matcher tables)
* 14 executor-core unit tests (one new for ctx.request.params/
query/rest exposure)
* 32 integration tests (10 new for routing CRUD + dispatch +
conflict + reserved + specificity tie-break + match preview +
delete invalidation + /version returns public_base_url)
* default cargo test --workspace stays green; opt-in via
DATABASE_URL + --include-ignored for the integration suite
Bumps: schema 2 → 3; SDK 1.0 → 1.1; product 0.3.0 → 0.4.0.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
233 lines
7.0 KiB
Rust
233 lines
7.0 KiB
Rust
use std::collections::BTreeMap;
|
|
|
|
use picloud_executor_core::{Engine, ExecError, ExecRequest, InvocationType, Limits, LogLevel};
|
|
use picloud_shared::{ExecutionId, RequestId, ScriptId, ScriptSandbox};
|
|
use serde_json::json;
|
|
|
|
fn req(body: serde_json::Value) -> ExecRequest {
|
|
ExecRequest {
|
|
execution_id: ExecutionId::new(),
|
|
request_id: RequestId::new(),
|
|
script_id: ScriptId::new(),
|
|
script_name: "test".into(),
|
|
invocation_type: InvocationType::Http,
|
|
path: "/test".into(),
|
|
headers: BTreeMap::new(),
|
|
body,
|
|
params: BTreeMap::new(),
|
|
query: BTreeMap::new(),
|
|
rest: String::new(),
|
|
sandbox_overrides: ScriptSandbox::default(),
|
|
}
|
|
}
|
|
|
|
fn engine() -> Engine {
|
|
Engine::new(Limits::default())
|
|
}
|
|
|
|
#[test]
|
|
fn validate_accepts_well_formed_script() {
|
|
engine()
|
|
.validate("let x = 1; #{ statusCode: 200, body: x }")
|
|
.expect("valid script should validate");
|
|
}
|
|
|
|
#[test]
|
|
fn validate_rejects_syntax_errors() {
|
|
let err = engine()
|
|
.validate("this is not rhai @@@")
|
|
.expect_err("invalid script should not validate");
|
|
assert!(matches!(err, ExecError::Parse(_)));
|
|
}
|
|
|
|
#[test]
|
|
fn returns_unwrapped_value_as_200_body() {
|
|
let resp = engine()
|
|
.execute("42", req(json!(null)))
|
|
.expect("should execute");
|
|
assert_eq!(resp.status_code, 200);
|
|
assert_eq!(resp.body, json!(42));
|
|
assert!(resp.headers.is_empty());
|
|
}
|
|
|
|
#[test]
|
|
fn returns_structured_response_when_status_code_present() {
|
|
let src = r#"
|
|
#{ statusCode: 201,
|
|
headers: #{ "x-test": "hello" },
|
|
body: #{ ok: true, msg: "created" } }
|
|
"#;
|
|
let resp = engine().execute(src, req(json!(null))).unwrap();
|
|
assert_eq!(resp.status_code, 201);
|
|
assert_eq!(
|
|
resp.headers.get("x-test").map(String::as_str),
|
|
Some("hello")
|
|
);
|
|
assert_eq!(resp.body, json!({ "ok": true, "msg": "created" }));
|
|
}
|
|
|
|
#[test]
|
|
fn ctx_exposes_request_data() {
|
|
let src = r"
|
|
#{ statusCode: 200,
|
|
body: #{
|
|
path: ctx.request.path,
|
|
name: ctx.script_name,
|
|
amount: ctx.request.body.amount
|
|
} }
|
|
";
|
|
let r = ExecRequest {
|
|
path: "/payments".into(),
|
|
body: json!({ "amount": 1234 }),
|
|
script_name: "payments".into(),
|
|
..req(json!(null))
|
|
};
|
|
let resp = engine().execute(src, r).unwrap();
|
|
assert_eq!(
|
|
resp.body,
|
|
json!({ "path": "/payments", "name": "payments", "amount": 1234 })
|
|
);
|
|
}
|
|
|
|
#[test]
|
|
fn captures_log_calls() {
|
|
let src = r#"
|
|
log::info("starting");
|
|
log::warn("watch out", #{ count: 3 });
|
|
log::error("oops");
|
|
log::trace("deep diagnostic");
|
|
42
|
|
"#;
|
|
let resp = engine().execute(src, req(json!(null))).unwrap();
|
|
assert_eq!(resp.logs.len(), 4);
|
|
|
|
let levels: Vec<_> = resp.logs.iter().map(|l| l.level).collect();
|
|
assert_eq!(
|
|
levels,
|
|
vec![
|
|
LogLevel::Info,
|
|
LogLevel::Warn,
|
|
LogLevel::Error,
|
|
LogLevel::Trace
|
|
]
|
|
);
|
|
assert_eq!(resp.logs[0].message, "starting");
|
|
assert_eq!(resp.logs[1].data, Some(json!({ "count": 3 })));
|
|
}
|
|
|
|
#[test]
|
|
fn enforces_operation_budget() {
|
|
let limits = Limits {
|
|
max_operations: 1_000,
|
|
..Limits::default()
|
|
};
|
|
let engine = Engine::new(limits);
|
|
// 10_000 iterations vastly exceeds 1_000 ops.
|
|
let src = r"let n = 0; for i in 0..10000 { n += 1; } n";
|
|
let err = engine
|
|
.execute(src, req(json!(null)))
|
|
.expect_err("should exceed budget");
|
|
assert!(matches!(err, ExecError::OperationBudgetExceeded));
|
|
}
|
|
|
|
#[test]
|
|
fn per_request_sandbox_override_tightens_budget() {
|
|
// Engine default is 1M ops — the script below would finish.
|
|
// We override down to 500 ops on this single request; should fail.
|
|
let engine = engine();
|
|
let src = r"let n = 0; for i in 0..10000 { n += 1; } n";
|
|
let r = ExecRequest {
|
|
sandbox_overrides: ScriptSandbox {
|
|
max_operations: Some(500),
|
|
..ScriptSandbox::default()
|
|
},
|
|
..req(json!(null))
|
|
};
|
|
let err = engine.execute(src, r).expect_err("override should tighten");
|
|
assert!(matches!(err, ExecError::OperationBudgetExceeded));
|
|
}
|
|
|
|
#[test]
|
|
fn override_only_replaces_specified_field() {
|
|
// Tight string size, default everything else. Strings > 32 chars
|
|
// should fail; loops up to default 1M ops should still pass.
|
|
let engine = engine();
|
|
let small_string_ok = r#"let s = "hello"; #{ statusCode: 200, body: s }"#;
|
|
let r1 = ExecRequest {
|
|
sandbox_overrides: ScriptSandbox {
|
|
max_string_size: Some(32),
|
|
..ScriptSandbox::default()
|
|
},
|
|
..req(json!(null))
|
|
};
|
|
let resp = engine.execute(small_string_ok, r1).unwrap();
|
|
assert_eq!(resp.body, json!("hello"));
|
|
}
|
|
|
|
#[test]
|
|
fn runtime_error_is_mapped_to_runtime_variant() {
|
|
let err = engine()
|
|
.execute("1 / 0", req(json!(null)))
|
|
.expect_err("division by zero should error");
|
|
assert!(matches!(err, ExecError::Runtime(_)));
|
|
}
|
|
|
|
#[test]
|
|
fn module_import_is_blocked() {
|
|
let err = engine()
|
|
.execute(r#"import "evil" as e; 1"#, req(json!(null)))
|
|
.expect_err("imports should be blocked");
|
|
// Module-not-found is reported as a runtime error via DummyModuleResolver.
|
|
assert!(matches!(err, ExecError::Runtime(_) | ExecError::Parse(_)));
|
|
}
|
|
|
|
#[test]
|
|
fn ctx_exposes_params_query_rest() {
|
|
let engine = engine();
|
|
let mut r = req(json!(null));
|
|
r.params.insert("name".into(), "alice".into());
|
|
r.params.insert("post".into(), "42".into());
|
|
r.query.insert("tab".into(), "details".into());
|
|
r.rest = "extra/path".into();
|
|
let src = r"
|
|
#{ statusCode: 200, body: #{
|
|
name: ctx.request.params.name,
|
|
post: ctx.request.params.post,
|
|
tab: ctx.request.query.tab,
|
|
rest: ctx.request.rest
|
|
} }
|
|
";
|
|
let resp = engine.execute(src, r).unwrap();
|
|
assert_eq!(
|
|
resp.body,
|
|
json!({ "name": "alice", "post": "42", "tab": "details", "rest": "extra/path" })
|
|
);
|
|
}
|
|
|
|
#[test]
|
|
fn ctx_exposes_sdk_version() {
|
|
let resp = engine()
|
|
.execute("ctx.sdk_version", req(json!(null)))
|
|
.unwrap();
|
|
// Whatever it is, it must look like "MAJOR.MINOR" — that's the
|
|
// contract scripts feature-detect against.
|
|
let v = resp.body.as_str().expect("sdk_version is a string");
|
|
let parts: Vec<&str> = v.split('.').collect();
|
|
assert_eq!(parts.len(), 2, "expected major.minor, got {v:?}");
|
|
assert!(parts[0].parse::<u32>().is_ok(), "major not numeric: {v:?}");
|
|
assert!(parts[1].parse::<u32>().is_ok(), "minor not numeric: {v:?}");
|
|
}
|
|
|
|
#[test]
|
|
fn body_passes_through_nested_json_round_trip() {
|
|
let src = "#{ statusCode: 200, body: ctx.request.body }";
|
|
let body = json!({
|
|
"deep": {
|
|
"list": [1, "two", 3.5, null, true, { "k": "v" }],
|
|
"count": 6
|
|
}
|
|
});
|
|
let resp = engine().execute(src, req(body.clone())).unwrap();
|
|
assert_eq!(resp.body, body);
|
|
}
|