Database subsystem

.dockerignore

@@ -1,11 +1,11 @@
 *
 
 # Project files
-!/bun.lock
-!/bunfig.toml
+!/deno.json
+!/deno.lock
 !/LICENSE
 !/package.json
-!/tsconfig.json
+!/rolldown.config.ts
 
 # SRC
 !/src/**

.env.example

@@ -1,40 +1,76 @@
-#? Rename or copy this file to ".env" and set the variables there.
+#?
+#? Rename this file to ".env" and set the variables there.
 #?
 #?####################
 #? VARIABLE STRUCTURE:
 #?####################
 #? [ default ] : type < min - max >
 #?      ^         ^         ^
 #?      |         |         |
-#?      |         |         +---- RANGE between two values (these included)
+#?      |         |         +---- RANGE between two values (inclusive)
 #?      |         +-------------- TYPE of the variable
-#?      +------------------------ DEFAULT value applied if not set
+#?      +------------------------ DEFAULT value if not set
 #?
 #?###################
 #? COMMENT STRUCTURE:
 #?###################
-#? "#?#..." or "###..." are used to comment a section line.
-#? "#?" is used to comment a help line.
-#? "##" is used to comment a description line.
-#? "#" is used to comment a variable line.
+#? "#?#...", "###..." for section headers
+#? "#?" for help
+#? "##" for description
+#? "#" for variable definitions
 #?
-#? You should remove the comment on variable lines only if you want to set the variable.
 
 ##########
 ## SERVER:
 ##########
-## Set log verbosity [3]:integer
-#? (0=none <- 1=error <- 2=warn <- 3=info <- 4=debug)
-#LOGLEVEL=3
+## Set log verbosity: [3]:integer<0-4>
+#? 0=none, 1=error, 2=warn, 3=info, 4=debug
+#JSPB_LOGLEVEL=3
+
+## Hostname binding: [::]:string
+#JSPB_HOSTNAME=::
+
+## Port binding: [4000]:integer<0-65535>
+#JSPB_PORT=4000
 
-## Port for the server [4000]:integer
-#PORT=4000
+## Enable "SO_REUSEPORT": [false]:boolean
+#? Only available on POSIX systems.
+#JSPB_SOCKET_REUSEPORT=false
 
-## Is website served over HTTPS? [true]:boolean
-#TLS=true
+## Serve over HTTPS: [false]:boolean
+#? Hint JSPaste to set "https://" on responses containing the instance URL.
+#JSPB_TLS=false
+
+## Root user token: []:string
+#? Leaving empty sets a random token on first run.
+#JSPB_ROOT_TOKEN=
 
 ############
 ## DOCUMENT:
 ############
-## Maximum document size in kilobytes [1024]:integer
-#DOCUMENT_MAXSIZE=1024
+## Max total storage size: [0]:string
+#? Suffixes: b, k(i)b, m(i)b, g(i)b, t(i)b.
+#? If set to 0, no limit is applied.
+#JSPB_DOCUMENT_STORAGE_SIZE=0
+
+## Max upload size per document: [1mb]:string
+#? Suffixes: b, k(i)b, m(i)b, g(i)b, t(i)b.
+#? If set to 0, no limit is applied.
+#JSPB_DOCUMENT_SIZE=1mb
+
+## Document compression level: [1]:integer<0-9>
+#JSPB_DOCUMENT_COMPRESSION_LEVEL=1
+
+## Document cleanup task: [0 1 * * *]:string
+#? https://crontab.guru/#0_1_*_*_*
+#JSPB_DOCUMENT_SWEEP=0 1 * * *
+
+## Remove documents older than..: [0]:string
+#? Suffixes: s=second, m=minute, h=hour, d=day.
+#? If set to 0, no limit is applied.
+#JSPB_DOCUMENT_SWEEP_AGE=0
+
+## Remove anonymous docs older than..: [7d]:string
+#? Suffixes: s=second, m=minute, h=hour, d=day.
+#? If set to 0, no limit is applied.
+#JSPB_DOCUMENT_SWEEP_ANONYMOUS_AGE=7d

.github/renovate.json

@@ -1,6 +1,6 @@
 {
 	"$schema": "https://docs.renovatebot.com/renovate-schema.json",
-	"extends": ["config:recommended"],
+	"extends": ["config:recommended", "customManagers:biomeVersions"],
 	"lockFileMaintenance": {
 		"enabled": true,
 		"automerge": true

.github/workflows/cd.yml

@@ -23,7 +23,7 @@ on:
           - build-release
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
+  group: ${{ github.workflow }}
   cancel-in-progress: false
 
 permissions:
@@ -43,16 +43,20 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
         with:
-          egress-policy: audit
+          egress-policy: "audit"
 
-      - name: Setup Bun
-        uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2
+      - name: Setup Deno
+        uses: denoland/setup-deno@e95548e56dfa95d4e1a28d6f422fafe75c4c26fb # v2.0.3
+        with:
+          deno-version: "vx.x.x"
+          cache: "true"
+          cache-hash: "deno-${{ runner.arch }}-${{ hashFiles('./deno.lock') }}"
 
       - name: Save context
         id: ctx
         env:
-          CTX_BRANCH: ${{ github.head_ref || github.ref_name }}
-          CTX_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
+          CTX_BRANCH: "${{ github.head_ref || github.ref_name }}"
+          CTX_SHA: "${{ github.event.pull_request.head.sha || github.sha }}"
         run: |
           echo "branch=${CTX_BRANCH}" >>"$GITHUB_OUTPUT"
           echo "sha=${CTX_SHA}" >>"$GITHUB_OUTPUT"
@@ -61,8 +65,8 @@ jobs:
       - name: Save tags
         id: tags
         env:
-          BRANCH: ${{ steps.ctx.outputs.branch }}
-          SHA_SHORT: ${{ steps.ctx.outputs.sha_short }}
+          BRANCH: "${{ steps.ctx.outputs.branch }}"
+          SHA_SHORT: "${{ steps.ctx.outputs.sha_short }}"
         run: |
           TIMESTAMP="$(date +%Y.%m.%d)"
 
@@ -78,55 +82,51 @@ jobs:
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-          persist-credentials: false
+          persist-credentials: "false"
 
       - name: Install deps
-        run: bun install --frozen-lockfile
+        run: deno install --frozen
+
+      - name: Build server
+        run: deno task build:server
 
       - name: Build artifact
         run: |
-          bun run build:server
-
-          bun run build:standalone:darwin-arm64
-          chmod 755 ./dist/server
-          tar -c --owner=0 --group=0 --mtime='now' --utc .env.example LICENSE README.md -C ./dist/ server | xz -z -6 >./dist/backend_${{ steps.tags.outputs.tag }}_darwin-arm64.tar.xz
-          tar -tJf ./dist/backend_${{ steps.tags.outputs.tag }}_darwin-arm64.tar.xz >/dev/null
-
-          bun run build:standalone:linux-amd64-glibc
-          chmod 755 ./dist/server
-          tar -c --owner=0 --group=0 --mtime='now' --utc .env.example LICENSE README.md -C ./dist/ server | xz -z -6 >./dist/backend_${{ steps.tags.outputs.tag }}_linux-amd64-glibc.tar.xz
-          tar -tJf ./dist/backend_${{ steps.tags.outputs.tag }}_linux-amd64-glibc.tar.xz >/dev/null
-
-          bun run build:standalone:linux-amd64-musl
-          chmod 755 ./dist/server
-          tar -c --owner=0 --group=0 --mtime='now' --utc .env.example LICENSE README.md -C ./dist/ server | xz -z -6 >./dist/backend_${{ steps.tags.outputs.tag }}_linux-amd64-musl.tar.xz
-          tar -tJf ./dist/backend_${{ steps.tags.outputs.tag }}_linux-amd64-musl.tar.xz >/dev/null
-
-          bun run build:standalone:linux-arm64-glibc
-          chmod 755 ./dist/server
-          tar -c --owner=0 --group=0 --mtime='now' --utc .env.example LICENSE README.md -C ./dist/ server | xz -z -6 >./dist/backend_${{ steps.tags.outputs.tag }}_linux-arm64-glibc.tar.xz
-          tar -tJf ./dist/backend_${{ steps.tags.outputs.tag }}_linux-arm64-glibc.tar.xz >/dev/null
-
-          bun run build:standalone:linux-arm64-musl
-          chmod 755 ./dist/server
-          tar -c --owner=0 --group=0 --mtime='now' --utc .env.example LICENSE README.md -C ./dist/ server | xz -z -6 >./dist/backend_${{ steps.tags.outputs.tag }}_linux-arm64-musl.tar.xz
-          tar -tJf ./dist/backend_${{ steps.tags.outputs.tag }}_linux-arm64-musl.tar.xz >/dev/null
-
-          bun run build:standalone:windows-amd64
-          chmod 755 ./dist/server.exe
-          zip -j -X -9 -l -o ./dist/backend_${{ steps.tags.outputs.tag }}_windows-amd64.zip .env.example LICENSE README.md ./dist/server.exe
-          zip -T ./dist/backend_${{ steps.tags.outputs.tag }}_windows-amd64.zip
+          deno task build:standalone:darwin-amd64
+          chmod 755 ./dist/backend.darwin-amd64
+          tar -c --owner=0 --group=0 --mtime='now' --utc .env.example LICENSE README.md -C ./dist/ backend.darwin-amd64 | xz -z -6 >./dist/backend-${{ steps.tags.outputs.tag }}_darwin-amd64.tar.xz
+          tar -tJf ./dist/backend-${{ steps.tags.outputs.tag }}_darwin-amd64.tar.xz >/dev/null
+
+          deno task build:standalone:darwin-arm64
+          chmod 755 ./dist/backend.darwin-arm64
+          tar -c --owner=0 --group=0 --mtime='now' --utc .env.example LICENSE README.md -C ./dist/ backend.darwin-arm64 | xz -z -6 >./dist/backend-${{ steps.tags.outputs.tag }}_darwin-arm64.tar.xz
+          tar -tJf ./dist/backend-${{ steps.tags.outputs.tag }}_darwin-arm64.tar.xz >/dev/null
+
+          deno task build:standalone:linux-amd64
+          chmod 755 ./dist/backend.linux-amd64
+          tar -c --owner=0 --group=0 --mtime='now' --utc .env.example LICENSE README.md -C ./dist/ backend.linux-amd64 | xz -z -6 >./dist/backend-${{ steps.tags.outputs.tag }}_linux-amd64.tar.xz
+          tar -tJf ./dist/backend-${{ steps.tags.outputs.tag }}_linux-amd64.tar.xz >/dev/null
+
+          deno task build:standalone:linux-arm64
+          chmod 755 ./dist/backend.linux-arm64
+          tar -c --owner=0 --group=0 --mtime='now' --utc .env.example LICENSE README.md -C ./dist/ backend.linux-arm64 | xz -z -6 >./dist/backend-${{ steps.tags.outputs.tag }}_linux-arm64.tar.xz
+          tar -tJf ./dist/backend-${{ steps.tags.outputs.tag }}_linux-arm64.tar.xz >/dev/null
+
+          deno task build:standalone:windows-amd64
+          chmod 755 ./dist/backend.windows-amd64.exe
+          zip -j -X -9 -l -o ./dist/backend-${{ steps.tags.outputs.tag }}_windows-amd64.zip .env.example LICENSE README.md ./dist/backend.windows-amd64.exe
+          zip -T ./dist/backend-${{ steps.tags.outputs.tag }}_windows-amd64.zip
 
       - if: inputs.artifact-action == 'build-release'
         name: Release artifact
         uses: ncipollo/release-action@bcfe5470707e8832e12347755757cec0eb3c22af # v1.18.0
         with:
-          name: ${{ steps.tags.outputs.extended }}
-          tag: ${{ steps.tags.outputs.extended }}
-          artifacts: dist/*.tar.xz,dist/*.zip
-          makeLatest: true
-          prerelease: ${{ steps.ctx.outputs.branch != 'stable' }}
-          generateReleaseNotes: ${{ steps.ctx.outputs.branch == 'stable' }}
+          name: "${{ steps.tags.outputs.extended }}"
+          tag: "${{ steps.tags.outputs.extended }}"
+          artifacts: "dist/*.tar.xz,dist/*.zip"
+          makeLatest: "true"
+          prerelease: "${{ steps.ctx.outputs.branch != 'stable' }}"
+          generateReleaseNotes: "${{ steps.ctx.outputs.branch == 'stable' }}"
 
       - if: inputs.artifact-action == 'build-release'
         name: Attest artifact
@@ -152,13 +152,13 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
         with:
-          egress-policy: audit
+          egress-policy: "audit"
 
       - name: Save context
         id: ctx
         env:
-          CTX_BRANCH: ${{ github.head_ref || github.ref_name }}
-          CTX_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
+          CTX_BRANCH: "${{ github.head_ref || github.ref_name }}"
+          CTX_SHA: "${{ github.event.pull_request.head.sha || github.sha }}"
         run: |
           echo "branch=${CTX_BRANCH}" >>"$GITHUB_OUTPUT"
           echo "sha=${CTX_SHA}" >>"$GITHUB_OUTPUT"
@@ -167,9 +167,9 @@ jobs:
       - name: Save tags
         id: tags
         env:
-          BRANCH: ${{ steps.ctx.outputs.branch }}
-          SHA: ${{ steps.ctx.outputs.sha }}
-          SHA_SHORT: ${{ steps.ctx.outputs.sha_short }}
+          BRANCH: "${{ steps.ctx.outputs.branch }}"
+          SHA: "${{ steps.ctx.outputs.sha }}"
+          SHA_SHORT: "${{ steps.ctx.outputs.sha_short }}"
         run: |
           TIMESTAMP="$(date +%Y.%m.%d)"
           TIMESTAMP_ISO="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
@@ -191,18 +191,18 @@ jobs:
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
-          persist-credentials: false
+          persist-credentials: "false"
 
       - name: Build image
         id: build-image
         uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2.13
         with:
-          containerfiles: Dockerfile
-          platforms: linux/amd64,linux/arm64
-          image: ${{ github.repository }}
-          layers: true
-          oci: true
-          tags: ${{ steps.tags.outputs.list }}
+          containerfiles: "Dockerfile"
+          platforms: "linux/amd64,linux/arm64"
+          image: "${{ github.repository }}"
+          layers: "true"
+          oci: "true"
+          tags: "${{ steps.tags.outputs.list }}"
           extra-args: |
             --squash
             --identity-label=false
@@ -214,23 +214,23 @@ jobs:
         name: Login to GHCR
         uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7
         with:
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-          registry: ${{ env.REGISTRY }}
+          username: "${{ github.repository_owner }}"
+          password: "${{ secrets.GITHUB_TOKEN }}"
+          registry: "${{ env.REGISTRY }}"
 
       - if: inputs.image-action == 'build-release'
         name: Push to GHCR
         id: push-image
         uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8
         with:
-          image: ${{ steps.build-image.outputs.image }}
-          tags: ${{ steps.build-image.outputs.tags }}
-          registry: ${{ env.REGISTRY }}
+          image: "${{ steps.build-image.outputs.image }}"
+          tags: "${{ steps.build-image.outputs.tags }}"
+          registry: "${{ env.REGISTRY }}"
 
       - if: inputs.image-action == 'build-release'
         name: Attest image
         uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0
         with:
           subject-name: "${{ env.REGISTRY }}/${{ steps.build-image.outputs.image }}"
-          subject-digest: ${{ steps.push-image.outputs.digest }}
-          push-to-registry: false
+          subject-digest: "${{ steps.push-image.outputs.digest }}"
+          push-to-registry: "false"