arcly-http 0.2.1

Enterprise-grade NestJS-inspired web framework on axum: zero-lock DI, declarative controllers, multi-tenant data routing, transactional outbox, ABAC, and a self-documenting OpenAPI surface
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206

//! Request-scoped transactions for `#[Transactional]`.
//!
//! ## Contract
//!
//! - `begin` on entering the handler, against the **primary** of the
//!   request-tenant's pool.
//! - **Commit** when the handler returns `Ok(..)`.
//! - **Rollback** when it returns `Err(..)` — and on panic / `#[Timeout]`
//!   expiry, because dropping an uncommitted driver transaction rolls back
//!   in every supported ecosystem.
//!
//! ## Zero-lock mechanics
//!
//! The live transaction rides a `tokio::task_local!` slot — strictly
//! per-request-task state, no global registry, no mutex. Services reach it
//! through [`with_current_tx`], which *takes* the transaction out of the
//! slot, awaits the closure, and puts it back — so no `RefCell` borrow is
//! ever held across an `.await` (keeping handler futures `Send`).
//!
//! Diesel's sync core cannot hold a transaction across `.await` by design;
//! `#[Transactional]` therefore rejects Diesel-backed pools at runtime with
//! a clear error — use `DieselBlockingPool::transaction` (whole tx inside
//! one blocking closure) instead.

use std::cell::RefCell;

use crate::data::db::ArclyDbPool;
#[cfg(any(feature = "db-sqlx", feature = "db-seaorm", feature = "db-diesel"))]
use crate::data::db::DbDriver;
use crate::data::DataError;
use crate::web::context::RequestContext;
use crate::web::error::{HttpException, Internal};

// ─── Transaction wrapper ──────────────────────────────────────────────────────

/// One live driver transaction. Dropping without commit rolls back.
pub enum ArclyTransaction {
    #[cfg(feature = "db-sqlx")]
    Sqlx(sqlx::Transaction<'static, sqlx::Any>),
    #[cfg(feature = "db-seaorm")]
    SeaOrm(sea_orm::DatabaseTransaction),
}

impl ArclyTransaction {
    pub async fn commit(self) -> Result<(), DataError> {
        match self {
            #[cfg(feature = "db-sqlx")]
            ArclyTransaction::Sqlx(tx) => tx
                .commit()
                .await
                .map_err(|e| DataError::query(e.to_string())),
            #[cfg(feature = "db-seaorm")]
            ArclyTransaction::SeaOrm(tx) => tx
                .commit()
                .await
                .map_err(|e| DataError::query(e.to_string())),
            #[allow(unreachable_patterns)]
            _ => Ok(()),
        }
    }

    pub async fn rollback(self) -> Result<(), DataError> {
        match self {
            #[cfg(feature = "db-sqlx")]
            ArclyTransaction::Sqlx(tx) => tx
                .rollback()
                .await
                .map_err(|e| DataError::query(e.to_string())),
            #[cfg(feature = "db-seaorm")]
            ArclyTransaction::SeaOrm(tx) => tx
                .rollback()
                .await
                .map_err(|e| DataError::query(e.to_string())),
            #[allow(unreachable_patterns)]
            _ => Ok(()),
        }
    }
}

impl ArclyDbPool {
    /// Open a transaction on the **primary** driver of this pool.
    #[allow(unreachable_code)]
    pub async fn begin(&self) -> Result<ArclyTransaction, DataError> {
        match self.primary() {
            #[cfg(feature = "db-sqlx")]
            DbDriver::Sqlx(pool) => Ok(ArclyTransaction::Sqlx(
                pool.begin()
                    .await
                    .map_err(|e| DataError::connection(e.to_string()))?,
            )),
            #[cfg(feature = "db-seaorm")]
            DbDriver::SeaOrm(conn) => {
                use sea_orm::TransactionTrait;
                Ok(ArclyTransaction::SeaOrm(
                    conn.begin()
                        .await
                        .map_err(|e| DataError::connection(e.to_string()))?,
                ))
            }
            #[cfg(feature = "db-diesel")]
            DbDriver::Diesel(_) => Err(DataError::config(
                "#[Transactional] is not supported on sync Diesel pools — \
                 run the whole transaction inside DieselBlockingPool::transaction(…)",
            )),
            #[allow(unreachable_patterns)]
            _ => Err(DataError::config("no database driver feature enabled")),
        }
    }
}

// ─── Task-local slot ──────────────────────────────────────────────────────────

tokio::task_local! {
    /// The current request's transaction. Per-task, never shared, no locks.
    static CURRENT_TX: RefCell<Option<ArclyTransaction>>;
}

/// Run `work` with this request's transaction (if `#[Transactional]` opened
/// one). The transaction is moved out of the slot for the duration of the
/// closure and put back afterwards, so the future stays `Send`.
///
/// Returns `Ok(None)` when called outside a `#[Transactional]` scope —
/// callers fall back to autocommit through the pool.
pub async fn with_current_tx<R, F, Fut>(work: F) -> Result<Option<R>, DataError>
where
    F: FnOnce(ArclyTransaction) -> Fut,
    Fut: std::future::Future<Output = (ArclyTransaction, Result<R, DataError>)>,
{
    // Take (not borrow) — the RefCell guard ends before any await.
    let taken = CURRENT_TX
        .try_with(|slot| slot.borrow_mut().take())
        .ok()
        .flatten();

    let Some(tx) = taken else { return Ok(None) };

    let (tx, result) = work(tx).await;

    // Put back for the rest of the handler (and the final commit/rollback).
    let _ = CURRENT_TX.try_with(|slot| *slot.borrow_mut() = Some(tx));
    result.map(Some)
}

/// `true` when running inside a `#[Transactional]` scope.
pub fn in_transaction() -> bool {
    CURRENT_TX
        .try_with(|slot| slot.borrow().is_some())
        .unwrap_or(false)
}

// ─── Macro entry point ────────────────────────────────────────────────────────

/// Called by the `#[Transactional]` expansion. Not public API.
///
/// Opens a transaction on the request-tenant's pool, scopes it into
/// `CURRENT_TX`, runs the handler body, then commits on `Ok` / rolls back
/// on `Err`. If the body's future is cancelled (`#[Timeout]`, client
/// disconnect), the scoped transaction drops uncommitted → driver rollback.
#[doc(hidden)]
pub async fn run_transactional<T, Fut>(ctx: &RequestContext, body: Fut) -> Result<T, HttpException>
where
    Fut: std::future::Future<Output = Result<T, HttpException>>,
{
    let registry = ctx
        .try_inject::<crate::data::DataSourceRegistry<ArclyDbPool>>()
        .ok_or_else(|| {
            Internal::new(
                "#[Transactional] requires DataSourceRegistry<ArclyDbPool> in the DI container",
            )
        })?;

    let pool = registry.for_tenant(ctx.tenant());
    let tx = pool
        .begin()
        .await
        .map_err(|e| Internal::new(format!("failed to begin transaction: {e}")))?;

    CURRENT_TX
        .scope(RefCell::new(Some(tx)), async move {
            let outcome = body.await;

            let tx = CURRENT_TX
                .try_with(|slot| slot.borrow_mut().take())
                .ok()
                .flatten();

            match (outcome, tx) {
                (Ok(v), Some(tx)) => {
                    tx.commit()
                        .await
                        .map_err(|e| Internal::new(format!("commit failed: {e}")))?;
                    Ok(v)
                }
                // A service legitimately consumed/closed the tx itself.
                (Ok(v), None) => Ok(v),
                (Err(e), Some(tx)) => {
                    if let Err(rb) = tx.rollback().await {
                        tracing::error!(error = %rb, "rollback failed after handler error");
                    }
                    Err(e)
                }
                (Err(e), None) => Err(e),
            }
        })
        .await
}