feat: tighten controller security, error handling

- rewrite scan.xql to generate.xqm
- adhere to naming conventions
- explicitly allow routes and deny evertying else
- route modules/reindex.xql moved to /regenerate
- add routes fro markdown and static resources
- call to /regenerate is a GET request

Author: line-o

src/main/xar-resources/controller.xql renamed to src/main/xar-resources/controller.xq

@@ -10,17 +10,36 @@ declare variable $exist:controller external;
 declare variable $exist:path external;
 declare variable $exist:resource external;
 
-if ($exist:path eq '') then
+if ($exist:path eq '') then (
     <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
         <redirect url="{concat(request:get-uri(), '/')}"/>
     </dispatch>
-else if ($exist:path eq "/") then
+) else if ($exist:path eq "/") then (
     (: forward root path to index.xql :)
     <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
         <redirect url="index.html"/>
     </dispatch>
-
-else if ($exist:resource eq "login") then
+) else if (ends-with($exist:resource, ".html")) then (
+    let $loggedIn := login:set-user("org.exist.login", (), true())
+    return
+        (: the html page is run through view.xql to expand templates :)
+        <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
+            <view>
+                <forward url="{$exist:controller}/modules/view.xq">
+                    <set-attribute name="$exist:prefix" value="{$exist:prefix}"/>
+                    <set-attribute name="$exist:controller" value="{$exist:controller}"/>
+                </forward>
+            </view>
+        </dispatch>
+) else if (ends-with($exist:resource, ".md")) then (
+    <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
+        <forward url="{$exist:controller}{$exist:path}" />
+    </dispatch>
+) else if (matches($exist:path, "/resources/(css|fonts|images|scripts|svg|css)/.+")) then (
+    <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
+        <forward url="{$exist:controller}{$exist:path}" />
+    </dispatch>
+) else if ($exist:resource eq "login") then (
     let $loggedIn := login:set-user("org.exist.login", (), true())
     return
         try {
@@ -33,27 +52,13 @@ else if ($exist:resource eq "login") then
             response:set-status-code(401),
             <status>{$err:description}</status>
         }
-        
-else if (ends-with($exist:resource, ".html")) then
-    let $loggedIn := login:set-user("org.exist.login", (), true())
+) else if ($exist:path = "/regenerate") then (
+    let $loggedIn := login:set-user("org.exist.login", (), false())
     return
-        (: the html page is run through view.xql to expand templates :)
         <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
-            <view>
-                <forward url="{$exist:controller}/modules/view.xql">
-                    <set-attribute name="$exist:prefix" value="{$exist:prefix}"/>
-                    <set-attribute name="$exist:controller" value="{$exist:controller}"/>
-                </forward>
-            </view>
+            <forward url="{$exist:controller}/modules/regenerate.xq" />
         </dispatch>
-
-else if ($exist:resource = "reindex.xql") then
-    <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
-        {login:set-user("org.exist.login", (), false())}
-    </dispatch>
-    
-else
-    (: everything else is passed through :)
-    <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
-        <cache-control cache="yes"/>
-    </dispatch>
+) else (
+    response:set-status-code(404),
+    <data>Not Found</data>
+)

src/main/xar-resources/modules/app.xql renamed to src/main/xar-resources/modules/app.xqm

@@ -0,0 +1,160 @@
+xquery version "3.1";
+
+
+(:~
+ : This module scans the database instance for library modules and
+ : generates XQDoc for each one that is found.
+ : This collection of XQDoc definitions is then used to render
+ : the function documentation.
+ :)
+module namespace generate="http://exist-db.org/apps/fundocs/generate";
+
+
+import module namespace xmldb="http://exist-db.org/xquery/xmldb";
+import module namespace inspect="http://exist-db.org/xquery/inspection" at "java:org.exist.xquery.functions.inspect.InspectionModule";
+import module namespace config="http://exist-db.org/xquery/apps/config" at "config.xqm";
+import module namespace dbutil="http://exist-db.org/xquery/dbutil" at "dbutil.xqm";
+
+
+declare namespace xqdoc="http://www.xqdoc.org/1.0";
+
+
+declare variable $generate:doc-collection := $config:app-root || "/data";
+
+
+declare function generate:fundocs() {
+    (
+        generate:load-mapped-modules(),
+        generate:load-internal-modules(),
+        generate:load-stored-modules()
+    )
+        => filter(generate:has-definition#1)
+        => for-each(generate:generate-and-store-xqdoc#1)
+};
+
+declare %private function generate:load-mapped-modules() as array(*)* {
+    for $path in util:mapped-modules()
+    let $uri := xs:anyURI($path)
+    return generate:safe-inspect($uri, inspect:inspect-module-uri#1)
+};
+
+declare %private function generate:load-internal-modules() as array(*)* {
+    for $path in util:registered-modules()
+    let $uri := xs:anyURI($path)
+    return generate:safe-inspect($uri, inspect:inspect-module-uri#1)
+};
+
+declare %private function generate:load-stored-modules() as array(*)* {
+    for $uri in dbutil:find-by-mimetype(xs:anyURI("/db"), "application/xquery")
+    return generate:safe-inspect($uri, inspect:inspect-module#1)
+};
+
+declare %private function generate:safe-inspect ($moduleUri as xs:anyURI, $inspect as function(xs:anyURI) as element(module)?) as array(*)? {
+    try {
+        [$moduleUri, $inspect($moduleUri)]
+    } catch * {
+        (:
+         : Expected to fail if XQuery file is not a library module
+         : Will also guard against malformed and missing modules
+         :)
+        util:log("WARN", (
+            "Could not compile function documentation for: ",
+            $moduleUri, " (", $err:code, ")", $err:description
+        ))
+    }
+};
+
+declare %private function generate:has-definition($module-info as array(*)) as xs:boolean {
+    exists($module-info?2)
+};
+
+declare %private function generate:generate-and-store-xqdoc ($module-info as array(*)) {
+    let $filename := concat(util:hash($module-info?1, "md5"), ".xml"),
+        $xqdoc := generate:module-to-xqdoc($module-info?2)
+    return
+        xmldb:store($generate:doc-collection, $filename, $xqdoc)
+            => xs:anyURI()
+            => sm:chmod("rw-rw-r--")
+};
+
+declare %private function generate:module-to-xqdoc($module as element(module)) as element(xqdoc:xqdoc) {
+    <xqdoc:xqdoc xmlns:xqdoc="http://www.xqdoc.org/1.0">
+        <xqdoc:control>
+            <xqdoc:date>{current-dateTime()}</xqdoc:date>
+            <xqdoc:location>{$module/@location/string()}</xqdoc:location>
+        </xqdoc:control>
+        <xqdoc:module type="library">
+            <xqdoc:uri>{$module/@uri/string()}</xqdoc:uri>
+            <xqdoc:name>{$module/@prefix/string()}</xqdoc:name>
+            <xqdoc:comment>
+                <xqdoc:description>{$module/description/string()}</xqdoc:description>
+                {
+                    if (empty($module/version)) then ()
+                    else
+                        <xqdoc:version>{$module/version/string()}</xqdoc:version>
+                }
+                {
+                    if (empty($module/author)) then ()
+                    else
+                        <xqdoc:author>{$module/author/string()}</xqdoc:author>
+                }
+            </xqdoc:comment>
+        </xqdoc:module>
+        <xqdoc:functions>
+        {
+            for $function in $module/function
+            return generate:function-to-xqdoc($function)
+        }
+        </xqdoc:functions>
+    </xqdoc:xqdoc>
+};
+
+declare %private function generate:function-to-xqdoc($function as element(function)) as element(xqdoc:function) {
+    <xqdoc:function>
+        <xqdoc:name>{$function/@name/string()}</xqdoc:name>
+        <xqdoc:signature>{generate:signature($function)}</xqdoc:signature>
+        <xqdoc:comment>
+            <xqdoc:description>{$function/description/string()}</xqdoc:description>
+            {
+                for $argument in $function/argument
+                return
+                    <xqdoc:param>{
+                        "$" || $argument/@var || generate:cardinality($argument/@cardinality) ||
+                            " " || $argument/text()
+                    }</xqdoc:param>
+            }
+            <xqdoc:return>
+            {
+                $function/returns/@type/string() || generate:cardinality($function/returns/@cardinality)
+            }{
+                if (empty($function/returns/text())) then ()
+                else " : " || $function/returns/text()
+            }
+            </xqdoc:return>
+            {
+                if (empty($function/deprecated)) then ()
+                else
+                    <xqdoc:deprecated>{$function/deprecated/string()}</xqdoc:deprecated>
+            }  
+        </xqdoc:comment>
+    </xqdoc:function>
+};
+
+declare %private function generate:cardinality($cardinality as xs:string) as xs:string? {
+    switch ($cardinality)
+        case "zero or one" return "?"
+        case "zero or more" return "*"
+        case "one or more" return "+"
+        default return ()
+};
+
+declare %private function generate:signature($function as element(function)) as xs:string {
+    let $arguments :=
+        for $argument in $function/argument
+        return
+            "$" || $argument/@var || " as " || $argument/@type || generate:cardinality($argument/@cardinality)
+
+    return
+        $function/@name/string() || "(" || string-join($arguments, ", ") || ")" ||
+            " as " || $function/returns/@type || generate:cardinality($function/returns/@cardinality)
+};

src/main/xar-resources/modules/generate.xqm

@@ -0,0 +1,30 @@
+xquery version "3.1";
+
+import module namespace sm="http://exist-db.org/xquery/securitymanager";
+import module namespace generate="http://exist-db.org/apps/fundocs/generate" at "generate.xqm";
+
+declare namespace output="http://www.w3.org/2010/xslt-xquery-serialization";
+
+declare option output:method "json";
+declare option output:media-type "application/json";
+
+try {
+    let $user := sm:id()/sm:id/(sm:effective|sm:real)[1]/sm:username
+    return if (sm:is-dba($user)) then (
+        let $result := generate:fundocs()
+        return
+            <response status="ok">
+                <message>Scan completed! {$result}</message>
+            </response>
+    ) else (
+        response:set-status-code(403),
+        <response status="failed">
+            <message>You have to be a member of the dba group. Please log in using the dashboard and retry.</message>
+        </response>
+    )
+} catch * {
+    response:set-status-code(500),
+    <response status="failed">
+        <message>{$err:description}</message>
+    </response>
+}