feat: create server only access control for loaders and actions

blocks/action.ts

@@ -1,14 +1,19 @@
 // deno-lint-ignore-file no-explicit-any
-import { applyProps, type FnProps } from "../blocks/utils.tsx";
+import {
+  applyProps,
+  type FnProps,
+  GateKeeperAccess,
+} from "../blocks/utils.tsx";
 import JsonViewer from "../components/JsonViewer.tsx";
 import type { Block, BlockModule, InstanceOf } from "../engine/block.ts";
+import { gateKeeper } from "./utils.tsx";
 
 export type Action = InstanceOf<typeof actionBlock, "#/root/actions">;
 
-export type ActionModule<
+export interface ActionModule<
   TProps = any,
   TResp = any,
-> = BlockModule<FnProps<TProps, TResp>>;
+> extends BlockModule<FnProps<TProps, TResp>>, GateKeeperAccess {}
 
 const actionBlock: Block<ActionModule> = {
   type: "actions",
@@ -17,7 +22,7 @@ const actionBlock: Block<ActionModule> = {
   >(
     mod: ActionModule<TProps>,
   ) => [
-    applyProps(mod),
+    applyProps(gateKeeper(mod)),
   ],
   defaultPreview: (result) => {
     return {

blocks/loader.ts

@@ -19,6 +19,8 @@ import {
   applyProps,
   type FnContext,
   type FnProps,
+  gateKeeper,
+  type GateKeeperAccess,
   type RequestState,
   type SingleFlightKeyFunc,
 } from "./utils.tsx";
@@ -28,7 +30,7 @@ export type Loader = InstanceOf<typeof loaderBlock, "#/root/loaders">;
 export interface LoaderModule<
   TProps = any,
   TState = any,
-> extends BlockModule<FnProps<TProps>> {
+> extends BlockModule<FnProps<TProps>>, GateKeeperAccess {
   /**
    * Specifies caching behavior for the loader and its dependencies.
    *
@@ -335,7 +337,11 @@ const loaderBlock: Block<LoaderModule> = {
   adapt: <TProps = any>(mod: LoaderModule<TProps>) => [
     wrapCaughtErrors,
     (props: TProps, ctx: HttpContext<{ global: any } & RequestState>) =>
-      applyProps(wrapLoader(mod, ctx.resolveChain, ctx.context.state.release))(
+      applyProps(
+        gateKeeper(
+          wrapLoader(mod, ctx.resolveChain, ctx.context.state.release),
+        ),
+      )(
         props,
         ctx,
       ),

blocks/utils.tsx

@@ -5,7 +5,7 @@
 import type { StatusCode as Status } from "@std/http/status";
 import type { JSX } from "preact";
 import type { AppManifest, ImportMap } from "../blocks/app.ts";
-import { isInvokeCtx } from "../blocks/loader.ts";
+import { isInvokeCtx, LoaderModule } from "../blocks/loader.ts";
 import type { InvocationFunc } from "../clients/withManifest.ts";
 import { withSection } from "../components/section.tsx";
 import type {
@@ -27,6 +27,11 @@ import type { InvocationProxy } from "../utils/invoke.types.ts";
 import { type Device, deviceOf, isBot as isUABot } from "../utils/userAgent.ts";
 import type { HttpContext } from "./handler.ts";
 import type { Vary } from "../utils/vary.ts";
+import { ActionModule } from "./action.ts";
+
+export interface GateKeeperAccess {
+  visibility?: "server" | "public";
+}
 
 export type SingleFlightKeyFunc<TConfig = any, TCtx = any> = (
   args: TConfig,
@@ -138,6 +143,7 @@ export const fnContextFromHttpContext = <TState = {}>(
     },
   };
 };
+
 /**
  *  Applies the given props to the target block function.
  *
@@ -248,3 +254,27 @@ export const buildImportMap = (manifest: AppManifest): ImportMap => {
     );
   return buildImportMapWith(manifest, builder);
 };
+
+export const gateKeeper = (
+  {
+    default: handler,
+    visibility = "public",
+    ...rest
+  }: BlockModule & GateKeeperAccess,
+) => {
+  return {
+    ...rest,
+    default: async (
+      props: Parameters<typeof handler>[0],
+      req: Request,
+      ctx: FnContext<unknown, any>,
+    ): Promise<ReturnType<typeof handler>> => {
+      if (visibility === "server" && !ctx.isInvoke) {
+        return new Response(null, {
+          status: 403,
+        });
+      }
+      return await handler(props, req, ctx);
+    },
+  };
+};