Plugins support beforeQuery and afterQuery hooks

Author: Brayden

plugins/studio/index.ts

@@ -6,23 +6,29 @@ export class StudioPlugin extends StarbasePlugin {
     private username: string
     private password: string
     private apiKey: string
-    private prefix: string
 
     constructor(options: {
-        username: string
-        password: string
+        username?: string
+        password?: string
         apiKey: string
         prefix?: string
     }) {
-        super('starbasedb:studio')
-        this.username = options.username
-        this.password = options.password
+        super(
+            'starbasedb:studio',
+            {
+                requiresAuth: false,
+            },
+            options.prefix ?? '/studio'
+        )
+        this.username = options.username || ''
+        this.password = options.password || ''
         this.apiKey = options.apiKey
-        this.prefix = options.prefix || '/studio'
     }
 
     override async register(app: StarbaseApp) {
-        app.get(this.prefix, async (c) => {
+        if (!this.pathPrefix) return
+
+        app.get(this.pathPrefix, async (c) => {
             return handleStudioRequest(c.req.raw, {
                 username: this.username,
                 password: this.password,

plugins/websocket/index.ts

@@ -5,7 +5,9 @@ export class WebSocketPlugin extends StarbasePlugin {
     private prefix = '/socket'
 
     constructor(opts?: { prefix?: string }) {
-        super('starbasedb:websocket')
+        super('starbasedb:websocket', {
+            requiresAuth: true,
+        })
         this.prefix = opts?.prefix ?? this.prefix
     }
 

src/allowlist/index.ts

@@ -16,7 +16,7 @@ function normalizeSQL(sql: string) {
 
 async function loadAllowlist(dataSource: DataSource): Promise<string[]> {
     try {
-        const statement = 'SELECT sql_statement FROM tmp_allowlist_queries'
+        const statement = `SELECT sql_statement FROM tmp_allowlist_queries WHERE source="${dataSource.source}"`
         const result = (await dataSource.rpc.executeQuery({
             sql: statement,
         })) as QueryResult[]

src/cors.ts

@@ -1,6 +1,6 @@
 export const corsHeaders = {
     'Access-Control-Allow-Origin': '*',
-    'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
+    'Access-Control-Allow-Methods': 'GET, POST, PATCH, PUT, DELETE, OPTIONS',
     'Access-Control-Allow-Headers':
         'Authorization, Content-Type, X-Starbase-Source, X-Data-Source',
     'Access-Control-Max-Age': '86400',

src/handler.ts

@@ -40,16 +40,13 @@ type HonoContext = {
     }
 }
 
-const app = new Hono<HonoContext>()
-
-export type StarbaseApp = typeof app
-export type StarbaseContext = Context<HonoContext>
-
 export class StarbaseDB {
     private dataSource: DataSource
     private config: StarbaseDBConfiguration
     private liteREST: LiteREST
     private plugins: StarbasePlugin[]
+    private initialized: boolean = false
+    private app: StarbaseApp
 
     constructor(options: {
         dataSource: DataSource
@@ -60,6 +57,7 @@ export class StarbaseDB {
         this.config = options.config
         this.liteREST = new LiteREST(this.dataSource, this.config)
         this.plugins = options.plugins || []
+        this.app = new Hono<HonoContext>()
 
         if (
             this.dataSource.source === 'external' &&
@@ -69,62 +67,11 @@ export class StarbaseDB {
         }
     }
 
-    /**
-     * Middleware to check if the request is coming from an internal source.
-     */
-    private get isInternalSource() {
-        return createMiddleware(async (_, next) => {
-            if (this.dataSource.source !== 'internal') {
-                return createResponse(
-                    undefined,
-                    'Function is only available for internal data source.',
-                    400
-                )
-            }
-
-            return next()
-        })
-    }
-
-    /**
-     * Validator middleware to check if the request path has a valid :tableName parameter.
-     */
-    private get hasTableName() {
-        return validator('param', (params) => {
-            const tableName = params['tableName'].trim()
-
-            if (!tableName) {
-                return createResponse(undefined, 'Table name is required', 400)
-            }
-
-            return { tableName }
-        })
-    }
-
-    /**
-     * Helper function to get a feature flag from the configuration.
-     * @param key The feature key to get.
-     * @param defaultValue The default value to return if the feature is not defined.
-     * @returns
-     */
-    private getFeature(
-        key: keyof NonNullable<StarbaseDBConfiguration['features']>,
-        defaultValue = true
-    ): boolean {
-        return this.config.features?.[key] ?? !!defaultValue
-    }
+    private async initialize() {
+        if (this.initialized) return
 
-    /**
-     * Main handler function for the StarbaseDB.
-     * @param request Request instance from the fetch event.
-     * @returns Promise<Response>
-     */
-    public async handle(
-        request: Request,
-        ctx: ExecutionContext
-    ): Promise<Response> {
-        // Add context to the request
-        app.use('*', async (c, next) => {
+        // Set up middleware first
+        this.app.use('*', async (c, next) => {
             c.set('config', this.config)
             c.set('dataSource', this.dataSource)
             c.set('operations', {
@@ -134,48 +81,30 @@ export class StarbaseDB {
             return next()
         })
 
-        // Non-blocking operation to remove expired cache entries from our DO
-        ctx.waitUntil(this.expireCache())
-
-        // General 404 not found handler
-        app.notFound(() => {
-            return createResponse(undefined, 'Not found', 404)
-        })
-
-        // Thrown error handler
-        app.onError((error) => {
-            return createResponse(
-                undefined,
-                error?.message || 'An unexpected error occurred.',
-                500
-            )
-        })
-
+        // Initialize plugins
         const registry = new StarbasePluginRegistry({
-            app,
+            app: this.app,
             plugins: this.plugins,
         })
-
         await registry.init()
 
-        // CORS preflight handler.
-        app.options('*', () => corsPreflight())
-
-        app.post('/query/raw', async (c) => this.queryRoute(c.req.raw, true))
-        app.post('/query', async (c) => this.queryRoute(c.req.raw, false))
+        this.app.post('/query/raw', async (c) =>
+            this.queryRoute(c.req.raw, true)
+        )
+        this.app.post('/query', async (c) => this.queryRoute(c.req.raw, false))
 
         if (this.getFeature('rest')) {
-            app.all('/rest/*', async (c) => {
+            this.app.all('/rest/*', async (c) => {
                 return this.liteREST.handleRequest(c.req.raw)
             })
         }
 
         if (this.getFeature('export')) {
-            app.get('/export/dump', this.isInternalSource, async () => {
+            this.app.get('/export/dump', this.isInternalSource, async () => {
                 return dumpDatabaseRoute(this.dataSource, this.config)
             })
 
-            app.get(
+            this.app.get(
                 '/export/json/:tableName',
                 this.isInternalSource,
                 this.hasTableName,
@@ -189,7 +118,7 @@ export class StarbaseDB {
                 }
             )
 
-            app.get(
+            this.app.get(
                 '/export/csv/:tableName',
                 this.isInternalSource,
                 this.hasTableName,
@@ -205,44 +134,151 @@ export class StarbaseDB {
         }
 
         if (this.getFeature('import')) {
-            app.post('/import/dump', this.isInternalSource, async (c) => {
+            this.app.post('/import/dump', this.isInternalSource, async (c) => {
                 return importDumpRoute(c.req.raw, this.dataSource, this.config)
             })
 
-            app.post(
+            this.app.post(
                 '/import/json/:tableName',
                 this.isInternalSource,
                 this.hasTableName,
                 async (c) => {
                     const tableName = c.req.valid('param').tableName
                     return importTableFromJsonRoute(
                         tableName,
-                        request,
+                        c.req.raw,
                         this.dataSource,
                         this.config
                     )
                 }
             )
 
-            app.post(
+            this.app.post(
                 '/import/csv/:tableName',
                 this.isInternalSource,
                 this.hasTableName,
                 async (c) => {
                     const tableName = c.req.valid('param').tableName
                     return importTableFromCsvRoute(
                         tableName,
-                        request,
+                        c.req.raw,
                         this.dataSource,
                         this.config
                     )
                 }
             )
         }
 
-        app.all('/api/*', async (c) => handleApiRequest(c.req.raw))
+        this.app.all('/api/*', async (c) => handleApiRequest(c.req.raw))
 
-        return app.fetch(request)
+        // Set up error handlers
+        this.app.notFound(() => {
+            return createResponse(undefined, 'Not found', 404)
+        })
+
+        this.app.onError((error) => {
+            return createResponse(
+                undefined,
+                error?.message || 'An unexpected error occurred.',
+                500
+            )
+        })
+
+        this.initialized = true
+    }
+
+    public async handlePreAuth(
+        request: Request,
+        ctx: ExecutionContext
+    ): Promise<Response | undefined> {
+        // Initialize everything once
+        await this.initialize()
+
+        const authlessPlugin = this.plugins.find((plugin: StarbasePlugin) => {
+            if (!plugin.opts.requiresAuth && request.url && plugin.pathPrefix) {
+                // Extract the path from the full URL
+                const urlPath = new URL(request.url).pathname
+
+                // Convert plugin path pattern to regex
+                const pathPattern = plugin.pathPrefix
+                    .replace(/:[^/]+/g, '[^/]+') // Replace :param with regex pattern
+                    .replace(/\*/g, '.*') // Replace * with wildcard pattern
+
+                const regex = new RegExp(`^${pathPattern}$`)
+                return regex.test(urlPath)
+            }
+
+            return false
+        })
+
+        if (authlessPlugin) {
+            return this.app.fetch(request)
+        }
+
+        return undefined
+    }
+
+    public async handle(
+        request: Request,
+        ctx: ExecutionContext
+    ): Promise<Response> {
+        // Initialize everything once
+        await this.initialize()
+
+        // Non-blocking operation to remove expired cache entries from our DO
+        ctx.waitUntil(this.expireCache())
+
+        // CORS preflight handler
+        if (request.method === 'OPTIONS') {
+            return corsPreflight()
+        }
+
+        return this.app.fetch(request)
+    }
+
+    /**
+     * Middleware to check if the request is coming from an internal source.
+     */
+    private get isInternalSource() {
+        return createMiddleware(async (_, next) => {
+            if (this.dataSource.source !== 'internal') {
+                return createResponse(
+                    undefined,
+                    'Function is only available for internal data source.',
+                    400
+                )
+            }
+
+            return next()
+        })
+    }
+
+    /**
+     * Validator middleware to check if the request path has a valid :tableName parameter.
+     */
+    private get hasTableName() {
+        return validator('param', (params) => {
+            const tableName = params['tableName'].trim()
+
+            if (!tableName) {
+                return createResponse(undefined, 'Table name is required', 400)
+            }
+
+            return { tableName }
+        })
+    }
+
+    /**
+     * Helper function to get a feature flag from the configuration.
+     * @param key The feature key to get.
+     * @param defaultValue The default value to return if the feature is not defined.
+     * @returns
+     */
+    private getFeature(
+        key: keyof NonNullable<StarbaseDBConfiguration['features']>,
+        defaultValue = true
+    ): boolean {
+        return this.config.features?.[key] ?? !!defaultValue
     }
 
     async queryRoute(request: Request, isRaw: boolean): Promise<Response> {
@@ -339,3 +375,6 @@ export class StarbaseDB {
         }
     }
 }
+
+export type StarbaseApp = Hono<HonoContext>
+export type StarbaseContext = Context<HonoContext>