Merge branch 'main' of https://github.com/cubap/TinyNode

Author: cubap

.github/workflows/cd_dev.yaml

@@ -7,6 +7,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master
+      - name: Fetch all branches
+        run: git fetch --all
       - name: Merge with main
         uses: devmasx/merge-branch@master
         with:
@@ -34,7 +36,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@master
         with:
-          node-version: "22"
+          node-version: "24"
       - name: Cache node modules
         uses: actions/cache@master
         env:
@@ -59,7 +61,7 @@ jobs:
     strategy:
       matrix:
         node-version:
-          - 22
+          - 24
         machines:
           - vlcdhp02
     runs-on: ${{ matrix.machines }}
@@ -74,8 +76,8 @@ jobs:
           cd /srv/node/tiny-node/
           pm2 stop tinyNode
           git stash
-          git pull
-          git checkout ${{ github.head_ref }}
-          git pull
+          git fetch --prune origin
+          git checkout -B ${{ github.head_ref }} origin/${{ github.head_ref }}
+          git reset --hard origin/${{ github.head_ref }}
           npm install
           pm2 start -i max bin/tinyNode.js

.github/workflows/cd_prod.yaml

@@ -25,7 +25,7 @@ jobs:
     strategy:
       matrix:
         node-version:
-          - 22
+          - 24
         machines:
           - vlcdhprdp02
     runs-on: ${{ matrix.machines }}

UPSTREAM_CANDIDATES.md

@@ -0,0 +1,44 @@
+# TinyPen to TinyNode Upstream Candidates
+
+This document tracks candidate updates identified from TinyPen that may be upstreamed into TinyNode.
+
+## Summary
+
+- Inclusion policy: high-confidence candidates plus uncertainty items.
+- Evidence policy: each candidate must include TinyPen evidence references.
+- Delivery policy: multiple focused PRs by theme.
+
+## Candidate Matrix
+
+| ID | Candidate | Status | TinyPen Evidence | TinyNode Targets | Notes |
+| --- | --- | --- | --- | --- | --- |
+| C-001 | Content-Type validation middleware for JSON endpoints | upstream-now | PR #39 | `routes/query.js`, `routes/create.js`, `routes/update.js`, `routes/delete.js`, `routes/overwrite.js` | Detect malformed or unsupported media types and return 415. |
+| C-002 | Query body validation for empty object/array | upstream-now | PR #33 | `routes/query.js`, `routes/__tests__/query.test.js` | Reject empty query payloads with 400. |
+| C-003 | Query pagination validation for `limit` and `skip` | upstream-now | PR #33 | `routes/query.js`, `routes/__tests__/query.test.js` | Require non-negative integers when provided. |
+| C-004 | Route-level error semantic consistency | investigate-first | PR #39 and related | `routes/*.js`, `error-messenger.js` | Normalize error objects/status handling before broad refactor. |
+| C-005 | Dependency cleanup after Node upgrade | investigate-first | TinyPen dependency diffs | `package.json` | Verify runtime paths before removing deps (`morgan`, `dotenv-expand`, `jsonld`). |
+| C-006 | Optimistic locking parity improvements | investigate-first | PR #20 | `routes/overwrite.js`, `routes/__tests__/overwrite.test.js` | Keep current behavior, evaluate if more parity is needed. |
+| C-007 | Temporary test alignment imports from TinyPen | upstream-now | PR #35 context | `routes/__tests__/*` | Include useful generated coverage temporarily while test strategy evolves. |
+
+## Excluded or Deferred
+
+| ID | Item | Reason |
+| --- | --- | --- |
+| X-001 | `.claude` and Claude-specific workflow changes | TPEN-internal tooling. |
+| X-002 | TinyPen naming substitutions in API messages | TinyNode and TinyPen naming is intentionally distinct for disambiguation. |
+| X-003 | Test framework architecture migration | Out of current scope. |
+
+## PR Grouping Proposal
+
+1. PR-A: request/content validation guards (`C-001`, `C-002`, `C-003`)
+2. PR-B: error semantic consistency (`C-004`)
+3. PR-C: cleanup and dependency simplification (`C-005`)
+4. PR-D: temporary test alignment updates (`C-007`)
+
+## Verification Gates
+
+1. Each merged candidate row includes evidence reference and touched file list.
+2. Targeted route tests pass for touched modules.
+3. Full test suite passes before merge.
+4. Dependency changes include runtime verification notes.
+5. Uncertain candidates remain blocked until evidence is upgraded from investigate-first to upstream-now.

app.js

@@ -1,5 +1,4 @@
 #!/usr/bin/env node
-import createError from "http-errors"
 import express from "express"
 import path from "path"
 import { fileURLToPath } from "url"
@@ -12,12 +11,14 @@ import createRouter from "./routes/create.js"
 import updateRouter from "./routes/update.js"
 import deleteRouter from "./routes/delete.js"
 import overwriteRouter from "./routes/overwrite.js"
+import { messenger } from './error-messenger.js'
 import cors from "cors"
 
 let app = express()
 
 app.use(logger('dev'))
 app.use(express.json())
+app.use(express.text())
 if(process.env.OPEN_API_CORS !== "false") { 
   // This enables CORS for all requests. We may want to update this in the future and only apply to some routes.
   app.use(
@@ -39,7 +40,8 @@ if(process.env.OPEN_API_CORS !== "false") {
         'X-HTTP-Method-Override',
         'Origin',
         'Referrer',
-        'User-Agent'
+        'User-Agent',
+        'If-Overwritten-Version'
       ],
       "exposedHeaders" : "*",
       "origin" : "*",
@@ -67,20 +69,7 @@ app.use('/app/update', updateRouter)
 app.use('/app/delete', deleteRouter)
 app.use('/app/overwrite', overwriteRouter)
 
-// catch 404 and forward to error handler
-app.use(function(req, res, next) {
-  next(createError(404))
-})
-
-// error handler
-app.use(function(err, req, res, next) {
-  // set locals, only providing error in development
-  res.locals.message = err.message
-  res.locals.error = req.app.get('env') === 'development' ? err : {}
-
-  // render the error page
-  res.status(err.status || 500)
-  res.send(err.message)
-})
+// RERUM error response handler, as well as unhandled generic app error handler
+app.use(messenger)
 
 export default app

bin/tinyNode.js

@@ -5,9 +5,7 @@
  */
 
 import dotenv from "dotenv"
-import dotenvExpand from "dotenv-expand"
-const storedEnv = dotenv.config()
-dotenvExpand.expand(storedEnv)
+dotenv.config()
 import app from "../app.js"
 import debug from 'debug'
 debug('tinynode:server')

error-messenger.js

@@ -0,0 +1,34 @@
+/**
+ * Errors from RERUM are a response code with a text body (except those handled specifically upstream)
+ * We want to send the same error code and message through.  It is assumed to be RESTful and useful.
+ * This will also handle generic (500) app level errors, as well as app level 404 errors.
+ *
+ * @param rerum_error_res A Fetch API Response object from a fetch() to RERUM that encountered an error.  Explanatory text is in .text().  In some cases it is a unhandled generic (500) app level Error.
+ * @param req The Express Request object from the request into TinyNode
+ * @param res The Express Response object to send out of TinyNode
+ * @param next The Express next() operator, unused here but required to support the middleware chain.
+ */
+export async function messenger(rerum_error_res, req, res, next) {
+        if (res.headersSent) {
+                return
+        }
+        let error = {}
+        let rerum_err_text
+        try {
+                // Unless already handled upstream the rerum_error_res is an error Response with details as a textual body.
+                rerum_err_text = await rerum_error_res.text()
+        }
+        catch (err) {
+                // It is some 500
+                rerum_err_text = undefined
+        }
+        if (rerum_err_text) error.message = rerum_err_text
+        else { 
+                // Perhaps this is a more generic 500 from the app, perhaps involving RERUM, and there is no good rerum_error_res
+                error.message = rerum_error_res.statusMessage ?? rerum_error_res.message ?? `A server error has occurred` 
+        }
+        error.status = rerum_error_res.statusCode ?? rerum_error_res.status ?? 500
+        console.error(error)
+        res.set("Content-Type", "text/plain; charset=utf-8")
+        res.status(error.status).send(error.message)
+}

jest.config.js

@@ -24,6 +24,8 @@ const config = {
     name: 'TinyNode',
     color: 'cyan'
   },
+  // extensionsToTreatAsEsm: [".js"],
+  testEnvironment: "node",
 
   // Indicates whether the coverage information should be collected while executing the test
   collectCoverage: true,
@@ -206,4 +208,4 @@ const config = {
   // watchman: true,
 }
 
-export default config
+export default config