Data RESTorage

Multiple dataset (web applications) strictly separated each one from the other.
Each dataset can use a different database server
Each dataset definition can be stored in different paths
Each dataset data can be stored on a different paths
Each dataset can be allowed to read/write static files on one or more paths
Each dataset can be restricted to its own database device (by DB user access rights)
Each dataset is restricted to its own paths for read/write access (config, data and static dumps)
Each dataset can require authentication, both user/password and custom API key are supported.
In case of authentication each authenticated user is associated with some fully customizable flags, for the application use.
There isn't any complicated query language to learn, and…
Therefore, there isn't any query optimization process to run: there are several named operations fully programmable in pure EC6 javascript.
Every operation is transactional, unless a drs.commit() is invoked everything (DB, data and static dumps) is reverted in case of error
At any time commit() and rollback() can be invoked
DB and filesystem operations are aware of transactional status: reading, writing, deleting file, reading a directory:
everything looks like changes are effective even if they aren't committed yet.
It's possible to invoke every operation in "dry_run" mode: perform the operation, see the changes, send emails…
but don't perform the actual commit at the end - everything remains untouched.
Operation files updates are seamlessly effective, without server restart.
Dataset configuration changes as well become seamlessly effective, without server restart.
Custom extensions for operations can be added/changed and become seamlessly effective, without server restart.

^ Running the server

Hardware requirements: just know it can run (and actually runs) on a Raspberry Pi.
Software requirements: Node-JS v. 2x
Setup: npm install
Optionally: adjust default values in .env file
Run: npm start

That's it.

To install Node v 23 on a *nix system: curl -fsSL https://deb.nodesource.com/setup_23.x | bash

Windows was never taken in account, a *nix system is required.

If you want to reset everything to factory values:

stop the server
delete the setup/config/data folders
adjust .env file
run the server again

^ Running as a service (systemctl)

Let's say we install the server with user "drs" in path "/home/drs/datarestorage/server".

Install node with curl -fsSL https://deb.nodesource.com/setup_23.x | bash
Create user drs
Create folder /home/drs/datarestorage owned by drs
Create folder /home/drs/datarestorage/server owned by drs
Copy server files to /home/drs/datarestorage/server/, necessary files are:
- package.json
- src/
- assets/
- .env
- *.js
- README.*
Adjust values in .env, or do it in service's environment if you use systemctl.
Go to /home/drs/datarestorage/server/ directory, run: npm install

Create the file /etc/ststemd/system/drs-server.service, with content:

[Unit]
Description=Data RESTorage Server

[Service]
User=drs
Environment="THIS_SERVER_WEB_URI=https://my.external.uri/"
Environment="THIS_SERVER_PORT=3065"
WorkingDirectory=/home/drs/datarestorage/server
ExecStart=/bin/sh -c 'npm start > /home/drs/datarestorage/log.txt'
SuccessExitStatus=143
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

Now run:

systemctl daemon-reload
systemctl enable drs-server
systemctl start drs-server
Verify with: systemctl status drs-server, cat /home/drs/datarestorage/log.txt

Done, service is active.
You can read this page at https://drs.hbay.it/

^ The datasets

One of the most important aspects of Data RESTorage is that it's not designed to support one application or set of applications.
On the contrary, it comes out with the concept of “dataset”.

A dataset is an isolated world, a data-space, a private environment for a web app or a group of web apps.

Actually DRS isn't just a plain backend engine, it's rather a factory of backend engines.
One single DataRESTorage instance can support plenty of independent, isolated web applications (or sets of web applications).

A dataset:

uses its own DB device, with its own credentials and related limitations
uses its own mail delivery parameters (mail server, login, address ecc.)
cannot access other datasets configuration
cannot access other datasets data
cannot access other datasets static files
can have its own security
can be managed by a dataset owner, not only by server admins, through the setup GUI

^ Dataset structure, URI and file system level

There is a hierarchy under dataset, helping to keep order among both config and data files.
For both data and config items (i.e.: both memory cells and operations), the hierarchy is: schema + entity.

Conceptually schema is the equivalent of a realm (database for data, group of operation range for config), while entity is the type (table for data, operation targets for config).
All operations and memory cells (individual data items) must follow the hierarchy.

This hierarchy affects both URIs and file system under dataset's roots. At URI level:

Memory cells: <schema-name>/<entity-name>/<memory-cell-id>
Operations: <schema-name>/<entity-name>/<operation-name>

At file system level:

Dataset's config root
- schema (folders, folder name is schema name)
  - entity (folders, folder name is entity name)
    - operation (op-<operation-name>.mjs files, using their default export)
Dataset's data root
- schema (folders, folder name is schema name)
  - entity (folders, folder name is entity name)
    - memory cells (<memory-cell-id>.json files)
Optional: dataset's static dump root(s)
- whatever

^ Dataset security

Optionally datasets can be provided with their own authentication.
Dataset owners can also manage their own dataset security using the setup GUI.

^ User flags

If/when authentication for X-Header or Username/password is processed, the operation receives authenticated user (if any).

In this case it's also possible to attach some "flags" (key/value) to the user for application purposes (e.g.: group, role, language)

^ Datasets' security chain

No authentication at all: public access, otherwise…
Blocked URLs, otherwise…
Free-access URLs, otherwise…
X-Header authentication, otherwise…
Username/password authentication, otherwise…
No access (403: Forbidden)

^ Blocked URLs

A URI is something like: https://drs.hbay.it/db/<dataset>/<schema>/<entity>/<operation>
The https://drs.hbay.it/db/<dataset>/ portion isolates the dataset, while the following <schema>/<entity>/<operation> is under dataset's control.

We can specify blocked URL(s) using strings like:

<schema>/<entity>/<operation>
<schema>/<entity>/
<schema>/

When requests start with a blocked URL they're rejected, regardless of any other consideration, setting or parameter.

Use this option if you need a few private URLs only accessible by operation files, invoked with drs.sub() (e.g.: maintenance, shared routines).

^ Free-access URLs

Processed right after Blocked URLs, they use the same logic - but inverted.

When requests start with a free-access URL they're accepted without processing authentication.

Use this option if you need a few URLs accessible before authentication occurs, e.g.: for login purposes.

^ X-Header authentication

This authentication provides a custom X-header whose name can be defined by server admin or by dataset owners.

Of course this can be used as a simple plain API key, on the other hand…
It's relevant to say that its definition includes one or more users, identified by their own value of the X-header.
It's not a simple anonymous API key, it can be used to identify users and/or web applications - don't forget users' flags.

^ Username/password

It's the classic "Authorization: Basic" HTTP(S) schema.

A remarkable point: this is the only authentication method supported by setup GUI, if it's running.

^ Setup GUI

A static (react) setup GUI is available.

It can work as soon as the server starts with a valid ADMIN_BACKEND_URI environment variable.
Unless this key (or with an empty value) the backend support for setup GUI isn't loaded at all.

By default, it's accessible at server level by "admin" user, whose password is set with ADMIN_DEFAULT_PASSWORD environment variable.
In case you forget this password access setup JSON, delete the related password value, reset ADMIN_DEFAULT_PASSWORD variable and restart the server.

In addition, datasets owners can access the setup GUI as well:

If a dataset security if configured
If one or more users are defined with Username/password authentications
If such users have the related flag active

In this case their access will be restricted to their own dataset management.

^ Accessing endpoints

Each endpoint follows a URL like: https://drs.hbay.it/db/<dataset>/<schema>/<entity>/<operation>

It could be convenient to ReverseProxy your webapp's /api/ location to http://localhost:3065/db/<dataset>/.

^ GET and POST

Operation REST entry points are accessible using both GET and POST.

Using both GET and POST it's possible to set params.output by adding the appropriate extension, .json or .xml
See:

When POSTing provide in request body (type: application/json) a JSON object:

It can optionally contain params (with dataset, schema, entity, operation and dry_run) as well as a data object of your choice.
By providing coordinates in input param (dataset, schema, entity, operation) you can also skip them from the URI.
It's fine to call https://drs.hbay.it/db/ if you provide them all.
It's also fine to call https://drs.hbay.it/db/<dataset> if you specify only schema, entity and operation, and so on.

^ Request params

Using POST we typically send a JSON object with both params and data keys.

While data contains actual operation data, params is intended to specify the type of request.
It's a javascript object with many optional keys, some directly managed by Data RESTorage.

Even if a params isn't specified in the request, there will always be a params object in the context of the operation script.

Request-specific keys, managed by user:

output: {"xml"|"json} Output format, defaults to "json"
dry_run: {boolean|number|"true"|"false"|"Yes"|"Y"|"No"|"N"} Set to true or deleted after backend analysis.

dry_run can also be detected by a "dry_run" key in data, with a value like {boolean|number|"true"|"false"|"Yes"|"Y"|"No"|"N"}
If you want to avoid dry_run detection in data, simply add it with the appropriate value in params

Mixed, can be in user's request and are also managed by backend:

dataset: {string} dataset name, overwritten if derived from URI
schema: {string} schema name, overwritten if derived from URI
entity: {string} entity name, overwritten if derived from URI
operation: {string} operation name, overwritten if derived from URI

Strictly managed by backend:

auth_type: {string|false} Written/deleted by backend depending on dataset configuration.
auth_user: {string} Written/deleted by backend, reports user authenticated if any.
auth_flags: {Record<string, any>} Written/deleted by backend, reports optional flags associated to an authenticated user.

Other keys are reported and simply ignored, a pure by-pass for operation script.

^ Request env, dataset environment variables

"env" request node is automatically populated by the backend before passing the context to the operation script.

Each dataset can have a set of environment variables reported in "env", following the classic key/value schema.

Such variables are useful to report parametric values that could change from one server to another, e.g.: some service URI.

^ Programming endpoints

Each operation is a file under dataset configRoot folder named <schema>/<entity>/op-<operation>.mjs
This file exports a default method receiving two input parameters:

context: the whole information about the request (params, data, environment)
drs: a helper object allowing the module to interact with the Data Panel application.

Everything is easier if you download https://drs.hbay.it/DrsOperation.d.ts

This provides DrsOperation.d.ts interfaces file, that could be conveniently placed at dataset directory level.

It will be something like this (schema: test, entity: test, operation: echo):

<configRoot>/
    DrsOperation.d.ts
    test/
        test/
            op-echo.mjs

Our echo operation is a typical operation file named op-echo.mjs:

/** @type {import("../../DrsOperation").DrsOperation} */
const myOperation = async (context, drs) => {

    // Perform echo of context input
    return(context);
}

export default myOperation;

The default export is the method that will be invoked.

Here's an example of output of the above operation.

Request: https://drs.crossbow.it/db/test/test/test/echo?foo=bar&dry_run=1

Response:

{
    "params": {
        "dataset": "test",
        "schema": "test",
        "entity": "test",
        "operation": "echo",
        "auth_type": false,
        "dry_run": true
    },
    "data": {
        "foo": "bar",
        "dry_run": "1"
    },
    "env": {
        "dataset": {
            "httpUri": "http://localhost:3065/db/test/",
            "webUri": "https://drs.crossbow.it/db/test/"
        },
        "headers": {
            "host": "drs.crossbow.it",
            "sec-fetch-site": "none",
            "sec-fetch-mode": "navigate",
            "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
            "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Safari/605.1.15",
            "accept-language": "en-GB,en;q=0.9",
            "sec-fetch-dest": "document",
            "accept-encoding": "gzip, deflate, br",
            "via": "1.1 drs.crossbow.it",
            "x-forwarded-for": "pi5.lan.crossbow.it",
            "x-forwarded-host": "drs.crossbow.it",
            "x-forwarded-server": "drs.crossbow.it",
            "connection": "Keep-Alive"
        }
    }
}

This example server is running on a very busy raspberry Pi, its response can require up to 20 mSec.

On a different machine (a VM on a desktop Mac) time decreases, becomes as low as 4 mSec.
In this case if the operation script changes and must be reloaded, time remains always under 15 mSec.

^ drs, the Data RESTorage helper for operation files

This is a javascript object exposing interaction methods.

All interfaces are documented in https://drs.hbay.it/DrsOperation.d.ts

^ [CONFIG] drs.config( path )

Import a script (js or mjs) or fetch a file (JSON or text) from the configuration tree, external to the operation .mjs file

This method can be used to read various file types:
- .json files: are converted into a data object
- .js/.mjs files: are imported, just like a dynamic import()
- any other file type: its content is returned in a string, parsed UTF-8.
param: {string} The path, relative to current .mjs operation script. A path with a leading "/" starts from dataset's config root.
return: Promise<object | string>

Changes in configuration files are automatically detected, like it happens for operation .mjs files.

^ [DATA] drs.list( [ schema [, entity ] ] )

List a dataset, a schema or an entity.

In case of dataset or schema directory names are returned without the trailing "/".
The list is aware of transaction changes not committed yet.

param: {string} optional, the schema
param: {string} optional, the entity
return: {string[]}

^ [DATA] drs.exists( cell )

Returns true if a memory cell file exists and has at least one key, false otherwise.

param: {ItemCoordinates | string} Memory cell coordinates or ID
return: {boolean}

Memory cell coordinates are an Object with keys:

schema (defaults to current schema)
entity (defaults to current entity)
id (the only mandatory key, could be simply a string)

^ [DATA] drs.get( cell )

Read a memory cell JSON file returning its data, returns undefined if file doesn't exist.

param: {ItemCoordinates | string} Memory cell coordinates or ID
return: {object|undefined} object (file content parsed) or undefined (if file doesn't exist)

Just like in drs.exists(), memory cell coordinates are an Object with keys:

schema (defaults to current schema)
entity (defaults to current entity)
id (the only mandatory key, could be simply a string)

^ [DATA] drs.set( cell [, content ] )

Set a memory cell JSON file in data, deletes it if content is undefined

param: {ItemCoordinates | string | undefined } Memory cell coordinates or ID, defaults to current values and auto-generated ID
param: {object|string|undefined} An Object, or its JSON, or undefined (no param) to delete the file
return: {string} The ID

^ [DATA] drs.rm( cell )

Delete a memory cell JSON file in data

param: {ItemCoordinates | string} coordinates or ID, defaults to current values and auto-generated ID
return: {string} The ID

^ [SQL] drs.sql( SQL-statement [, values] )

Execute a MariaDB statement (with or without bind values) and returns result (if any).

param: {string} sql The SQL statement to be executed
param: {Array<number|string>} Optionally an array of values to bind, if any
return: {Promise<any>}

Example:

drs.sql(
    'INSERT INTO myTable (Name,Age) VALUES (?,?),(?,?)',
    ['Bob',6,'John',23]
);

Always prefer to bind params and whatever comes from input, for this prevents SQL injections.

^ [SQL] drs.insert( tableName, data )

Execute a convenient "INSERT / ON DUPLICATE KEY UPDATE" statement.

Automatic values binding, preventing SQL injections.
Can insert a single row or multiple rows, then returns an array of inserted/updated rows.

param: {string} The table name
param: {Record<string, any>|Record<string, any>[]} The data to be inserted
return: {Promise<Record<string,any>[]>} The array of objects of inserted/updated row(s).

Example:

const foo = await drs.insert(
    'myTable',
    [ { Name: "Bob", Age: 6 }, { Name: "John", Age: 23 } ]
);
/*
    Suppose there's an "id" column with AUTO_INCREMENT,
    foo is: [{"id":234,"Name":"Bob","Age":6},{"id":235,"Name":"John","Age":23}]
 */

const bar = await drs.insert(
    'myTable',
    { Name: "Jane", Age: 22 }
);
/*
    bar is: [{"id":236,"Name":"Jane","Age":22}]
    Returned value is always an array.
 */

^ [SQL] drs.checkSqlTable( tableName [, tableCreationSql] )

Check if table exists, otherwise optionally create it using tableCreationSql SQL code (if provided).

param: {string} The table name
param: {string} The SQL code to create table if it doesn't exist
return: {Promise<boolean>} Return true also if a non-existent table has been created.

^ [E-MAIL] drs.mail()

Send an email.

See inline documentation (by interfaces) for an exhaustive and detailed guide.

^ [STATIC] drs.dump( path [, content] )

Set the content of a static file under (some) dumpRoot location, deletes it if content is undefined

param: {string} the path, see below.
param: {any} the actual content, if undefined the file (if any) is deleted.

Some relevant considetations about dump operations:

Each dataset is optionally provided with one or more "dump locations".
If a dataset hasn't dump locations it's not allowed to dump any static file
Dump locations are a key/value set, actually an alias/path set
A dataset can oonly manage (write, read, list) external static files under the alloewd "dump location".

How to express the path of a dump() operation:

If dataset has only one defined dump location, the path is always relative to it: "<path>"
If there are multiple define location, then location alias should prefix the path: "<alias>:<path>""
In case multiple location are defined, it's safer to use always the alias prefix.

Example:

Let's say we've this configuration: dumpRoot = { web: "/var/sites/mysite" }
Here there are various paths expression, and their acual resulting location:

"" => "/var/sites/mysite/"
"/" => "/var/sites/mysite/"
"index.html" => "/var/sites/mysite/index.html"
"/index.html" => "/var/sites/mysite/index.html"
"//index.html" => "/var/sites/mysite/index.html"
"web:" => "/var/sites/mysite/"
"web:index.html" => "/var/sites/mysite/index.html"
"web:/index.html" => "/var/sites/mysite/index.html"

But…

".." => Error 403 (Forbidden)
"./../index.html" => Error 403 (Forbidden)
"web:/../foo" => Error 403 (Forbidden)
"www:/index.html" => Error 500 (wrong alias)

Before using any path, it's exploded into its acual final value.
Should the value fall outside allowed locations, this would result in a 403 Error.

^ [STATIC] drs.dumpList( [path] )

List of files and directories on a static dump location.

See drs.dump() about the path

^ [STATIC] drs.dumpGet( path )

Get the content of a static file under (some) dumpRoot location.

See drs.dump() about the path

^ [TRANSACTION] drs.commit()

Commit changes to sql, data and file-system.

Automatically triggered at the end of a successful operation.

After commit, all data and static directories that became empty (because of file deletion) are automatically deleted.

When in dry_run mode drs.commit() is equivalent to drs.rollback() - all changes are reverted.

^ [TRANSACTION] drs.rollback()

Revert every change to sql, data and file-system (that wasn't committed yet).

Automatically triggered at the end of an operation that run into an error, as well
as at the end of a successful operation with dry_run param.

^ [TRANSACTION] drs.send( what [, ContentType ] )

Send (once) the output for request, while further send action(s) will be ignored.

param: {object|string|Error} The content to be sent
param: {string} The optional content-type (ignored for a javascript object)
return: {void}

drs.send() is automatically performed with the returned result of the operation.
On the other hand, especially in case of time-consuming async processes, or in case of processes
requiring a callback, it's possible to send quickly a response and then keep the operation running.

^ Sending an Error()

Please note that send()-ing an Error() doesn't stop the script, nor perform rollback.

If you want to stop the script and perform a drs.rollback() then throw an Error(), instead.

/*
    Send an error and keep doing stuff, eventually commit() on return.
    This returns a 500: {"status":500, "type": "Error", "error":"You're wrong, I'll do something!"}
*/
    drs.send(new Error("You're wrong, I'll do something!"));
    drs.send(new Error("You're wrong, I'll do something!"), true); // This will debug error on console/log
/*
    Want to send an Exception, instead, stopping execution and performing a rollback?
    Quite easy: throw an Error!
    This returns a 500 as well: {"status":500, "type": "Error", "error":"You're wrong, I exit!"}
    At the same time operation script exits with error, and rollback() is performed.
*/
    throw new Error("You're wrong, I exit!");
/*
    You can also customize exit status, prefixing it with a 4xx or 5xx status. 
    This returns a 403: {"status":403, "type": "Error", "error":"Forbidden"}, stops and rolls back.
 */
    throw new Error("403 Forbidden");

^ [UTIL] drs.sub( params, data )

An internal sub-call to another operation in the same dataset.

params: {object} The sub-operation param node
data: {any} The optional data for the sub-operation
return: {Promise<any>}

Security matches original operation security.

Authorization params (auth_*) are preserved

dry_run param is preserved

In params operation is mandatory, while schema and entity default to current operation values

^ Dealing with sub-operations: caveats

The sub-operation is performed just like every other regular operation, except it doesn't pass through HTTP.
It's a promise returning return value, raising an exception in case of error.
Because it doesn't pass through HTTP, env in sub-operation context contains dataset key and no headers.

It's not HTTP, adding output extension to operation would run into an error.
In addition in sub-operations params' output isn't propagated and is completely ignored. Return is always a string (possibly JSON).

Be aware that a sub-operation is a completely separated task, with its own transactional status.

A sub-operation won't see uncommitted changes, even from the main operation.
If you want a sub-operation that manages the data you changed, don't forget to commit before invoking it.
If a sub-operation is successful and commits, its changes become effective.
This happens also if later on the main operation encounters an error and rolls back.
At the same time if a sub-operation runs into an error it rolls back.
You can catch the error, but changes of sub-operation already rolled back and cannot commit.

^ [UTIL] drs.detach( params, data )

A detached sub-call to another operation in the same dataset.

Acts just like drs.sub(), but instead of promising a return value it keeps the call detached
and executed asynchronously even after the end of the current operation.

params: {object} The sub-operation param node
data: {any} The optional data for the sub-operation
return: {void}

Security matches original operation security.

Authorization params (auth_*) are preserved

dry_run param is preserved

In params operation is mandatory, while schema and entity default to current operation values

^ [UTIL] drs.fetch( URL [, RequestInit] )

Fetch an external resource using node-fetch

param: {string} The URL
param: {RequestInit} The (optional) RequestInit configuration param
return: {Promise<Response>} the node-fetch response

^ [UTIL] drs.import( URL [, RequestInit] )

Import an external javascript

param: {string} The URL
param: {RequestInit} The (optional) RequestInit configuration param
return: {Promise<Object>} the result of import of node-fetched URI

For details, see: npmjs,com website.

^ [UTIL] drs.console( whatever {, whatever} )

Used for development and debug: put one or more values on return console.

If used, and if a JSON object is returned, then a drs-debug property will be added to the return value, with all the debugged stuff in sequence.

^ [UTIL] drs.log( what )

Used for development and debug: send the content to dataset's log.

param: {string|object|Error|number} what is sent to log

Dataset's log log.txt is visible in dataset's dataRoot or in the setup GUI.
It reports the output of operation logs as well as other dataset's errors.

^ [UTIL] drs.generateUid()

Return a UUID (string)

^ [UTIL] drs.clone( any )

Clone a structured object

param: {any} The data or structured data to be cloned
return: {Promise<any>} the clone

^ [UTIL] drs.shelf( [key, [value]] )

A shelf where we can store values, objects, code and library and share them across the drs helper object lifetime.
A kind of session, but limited and isolated to the single request.

Usage:

drs.shelf() => list of stored objects name
drs.shelf('name') => the stored vale of 'name' item, undefined if it's not stored
drs.shelf('name', null) => undefined, but null value removes object 'name' from the shelf
drs.shelf('name', anyvalue) => anyvalue, put object 'name' on the shelf, replacing it if already there

^ [UTIL] drs.btoa(), drs.atob()

Encode and decode Base64, just like btoa() and atob() in browsers.

^ [UTIL] drs.encrypt( clearText )

Async function to hash-encrypt a cleartext password.

param: {string} The clear text value to be encrypted
return: {Promise<string>} The encrypted value

^ [UTIL] drs.cryptVerify( encrypted, clearText )

Async function to verify match of an encrypted value with a cleartext password.

param: {string} The encrypted value
param: {string} The clear text value
return: {Promise<boolean>}

^ [UTIL] drs.exec( command, [options] )

Async function triggering the execution of an external command.

param: {string} command - ensure to sanitize parameters!
param: {Object} options? - child_process.exec options
return: {Promise<Record<string,any>>}

Promise object has the following keys:

stdout: {string}
stderr: {string}
eccorcode: {number} optional
error: {Error} optional

^ [UTIL] drs.zipOut()

Returns a zip Agent that can be used to return a zip file as response.

Example:

/** @type {import("../../DrsOperation").DrsOperation} */
const myOperation = async (context, drs) => {
    const myZip = drs.zipOut();
    let mySize = await myZip.add({schema: "foo", entity: "bar"});
    mySize += await myZip.add({id: "index"});
    return myZip.send("my-archive.zip");
}
export default myOperation;

Notes:

It's possible to add multiple stuff with multiple myZip.add()
When adding stuff, schema and entity -if missing- default to current schema and entity
Individual memory cells (by ID) can be added
An entire entity can be added (with all its memory cell files)
The myZip.send() method returns a NonSharedBuffer, in addition sets the response headers necessary to download the ZIP archive.
myZip.send() can be used only once
When you use myZip.send() you can no longer add anything to the archive.
When you use myZip.send() you can no longer return JSON or XML, a ZIP archive (its buffer) is expected.

^ [UTIL] drs.extension( extensionName )

Import an extension module (Object) with a dynamic import()

param: {string} The extension name
return: {Promise<object|undefined>}

^ drs.extension('string2htmlDom')

The default export of this module parses a string and returns the resulting window object.

Example:

const parseHTML = (await drs.extension('string2htmlDom')).default;
const myWindowObject = parseHTML('<html><body>Hello!</body></html>');
return( myWindowObject.document.body.innerHTML );

To serialize (convert to string) a whole HTMLDom, use: myWindowObject.serialize()

It's also possible of course to retrieve portions, e.g.: myWindowObject.document.body.outerHTML

^ drs.extension('xml2js')

The default export of this module parses a string or XML DOM object and returns the resulting javascript object.
The default export is also exported as xml2js

The string2xml export parses a string and returns its XML DOM.

^ drs.extension('js2xml')

The default export of this module parses a javascript object and returns the resulting XML.
The default export is also exported as js2xml

The xml2string export parses an XML DOM returns its serialization.

Examples:

// By default conversion returns XML serialization string
const j2x = (await drs.extension('js2xml')).default;
const xmlString = j2x( context.params );
await drs.send( xmlString, "text/xml; charset=UTF-8");
return;

// It's also possible to retrieve the XML Document
const j2xModule = (await drs.extension('js2xml'));
const j2x = j2xModule.default;
const x2s = j2xModule.xml2string;
const xmlDocument = j2x( context.params, { getDocument: true } );
await drs.send( x2s(xmlDocument), "text/xml; charset=UTF-8");
return;

Te default js2xml export accepts an optional second options parameter, with keys:

rootName {string}, the name ot the output root node, defaults to "root"
rootArrayName {string}, the name for top element (under root) if data is an array; defaults to "content"
getDocument {boolean}, if true returns the XML Document, otherwise its string serialization

The two XML conversions (xml2js and js2xml) work together.

They preserve:

number type, marked by "@number" attribute in XML

boolean type, marked by "@boolean" attribute in XML

Dates, marked by "@date" attribute in XML, converted to mSec in XML and back to Date in js

Arrays, marked if necessary with "@array" or "@empty-array"

Null values, marked with "@null" in XML and returned as null

Strings, including empty strings

Functions, in XML serialized and marked with "@function", functions again in JS

Example: op-echo-xml.mjs file implementing echo-xml operation

/** @type {import("../../DrsOperation").DrsOperation} */
const myOperation = async (ctx, drs) => {

    const j2x = (await drs.extension('js2xml')).default;
    drs.send( j2x( ctx), 'text/xml; charset=UTF-8' );
    return( ctx );
}

export default myOperation;

Output can be tested here:

<root>
    <params>
        <dataset>test</dataset>
        <schema>test</schema>
        <entity>test</entity>
        <operation>echo-xml</operation>
        <auth_type boolean="true">false</auth_type>
        <dry_run boolean="true">true</dry_run>
    </params>
    <data>
        <foo>bar</foo>
        <dry_run>1</dry_run>
    </data>
    <env>
        <dataset>
            <httpUri>http://localhost:3065/db/test/</httpUri>
            <webUri>https://drs.crossbow.it/db/test/</webUri>
        </dataset>
        <headers>
            <host>drs.crossbow.it</host>
            <sec-fetch-site>same-origin</sec-fetch-site>
            <accept-encoding>gzip, deflate, br</accept-encoding>
            <sec-fetch-mode>navigate</sec-fetch-mode>
            <accept>text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</accept>
            <user-agent>Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Safari/605.1.15</user-agent>
            <referer>https://drs.crossbow.it/</referer>
            <sec-fetch-dest>document</sec-fetch-dest>
            <accept-language>en-GB,en;q=0.9</accept-language>
            <via>1.1 drs.crossbow.it</via>
            <x-forwarded-for>pi5.lan.crossbow.it</x-forwarded-for>
            <x-forwarded-host>drs.crossbow.it</x-forwarded-host>
            <x-forwarded-server>drs.crossbow.it</x-forwarded-server>
            <connection>Keep-Alive</connection>
        </headers>
    </env>
</root>

^ drs.extension('readExcel')

Returns the readXlsxFile object.

Exports:

readXlsxFile from readExcel (also exported as default)
readSheetNames from readExcel
excel2JS, an async facility to parse an Excel with tabular data in one or more sheets

Client-side, uploading an Excel file:

const uploadExcel = () => {
        window.document.body.querySelectorAll(':scope > input.autoInputField').forEach( x => {
            x.remove();
        })
        const input = window.document.createElement('input');
        input.name = 'file';
        input.setAttribute('type', 'file');
        input.setAttribute('accept', '.xlsx, application/vnd.openxmlformats-officedocument.spreadsheetml.sheet');
        input.style.display = 'none';
        input.className = 'autoInputField';
        window.document.body.appendChild(input);
        return new Promise( ( resolve ) => {
            input.addEventListener('change', async () => {
                const selectedFile = input.files[0];
                if ( selectedFile ) {
                    let formData = new FormData();
                    formData.append("file", selectedFile);
                    const reader = new window.FileReader();
                    reader.addEventListener("load", () => {
                        resolve({name: formData.get('file').name, content: reader.result});
                    })
                    reader.readAsDataURL(selectedFile);
                } else {
                    resolve(false );
                }
                input.remove();
            });
            setTimeout( ()=>{ input.click(); } );
        });
    }

This function will return as "content" a data:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet;base64,… URI, that we can upload via POST, e.g.:

uploadExcel().then( result => {
    if (result) {
        const data = result.content.split(',')[1]; // isolates oly the base64 serialization
        myApiFunction('schemaName/entityName/operationName', { data: { name: result.name, excel: data } } );
    }
});

Then in our operation file:

const readExcel = (await drs.extension('readExcel')).default;
const rows = await readExcel( Buffer.from(context.data.excel, 'base64') );

An alternative, using export excel2JS:

/** @type {import("../../DrsOperation").Excel2JS} */
const parser = (await drs.extension('readExcel')).excel2JS;
const content = await parser( Buffer.from(context.data.excel, 'base64') );
return {content: content };

Note: excel2JS is of type Excel2JS, which is fully documented in DrsOperation.d.ts
By using the appropriate JSDoc notation we'll be guided through the syntax of its optional second parameter (conversion options) and response type.

This will return a structure like:

{
    "content": {
        "Sheet1": [
            { "Name": "Mary", "Age": 25 },
            { "Name": "Henry", "Age": 45 },
            { "Name": "Joe", "Age": 89 }
        ],
        "Disney-Characters": [
            { "English name": "Donald", "English surname": "Duck", "Italian name": "Paperino" },
            { "English name": "Mickey", "English surname": "Mouse", "Italian name": "Topolino" },
            { "English name": null, "English surname": null, "Italian name": "Topesio" }
        ]
    }
}

This automatic conversion of an Excel workbook reports every valued worksheet assuming that it's a
table of data with column names in the first row.
Every column with an empty header (empty cell in the first row) is skipped.
Duplicated column names will report only the last column value.

^ drs.extension('writeExcel')

Returns the writeXlsxFile object.

^ Additional custom extensions

To add a custom extensions simply add a .js or .mjs file to the drs-extensions folder.
In this case import extensions with full name, e.g.: await drs.extension('my-extension.js')

If custom extension files are added or modified, changes become seamlessly effective; it's not necessary to restart the server.

^ Hot-pluggable elements

As above mentioned some addition/changes are automatically detected and become seamlessly effective, without server restart.

This is true for:

Operation files
Files in config area imported by operation files
Dataset configurations
Custom extensions

Please note: this doesn't imply that they are always refetched and reparsed.

As soon as source file doesn't change, last parse/import remains valid and doesn't need to be reparsed.
This improves server efficiency.

^ Credits

Design and realization by Marco Balestra