better_auth-mongodb 0.8.0 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4ed1669dc271afab7b9e15d5abd0fdd7aeb5228ad4b602eeda5438f8f07d5270
-  data.tar.gz: a6efaca422c47a3e24ffc7c6b2bcf0d7633843b76b0db514da8588bee4233090
+  metadata.gz: 7f38f577d0bab0d49bd3fd44384f0869e6323abcbe1ecaf6096e1bfdab3ed45a
+  data.tar.gz: 7b4074915658cc13c7e0ae92f545a8a98fb50764647c153c168ed0bc9675218d
 SHA512:
-  metadata.gz: bb69f0da9105d78d720bdfca09f5c4e2fe99c9ee60a7f0ac392c4eab1f7613da8dc845ab23926499ff00107d455d8aa3a20fe2984fa6737fe603688cfc7bdde1
-  data.tar.gz: de14ab5fb5b7078d3803a5fed75c7415a195276b0dbde522845f5337e3194c0cac75534b49a66e794cf8ffec013d8d07926c3a0077594054848c56f2f79bf94c
+  metadata.gz: 1acce3252242ec0a1470496cb819e6a9e6027ddff9c03df2ecf38a106293c28322cbaeeeb05bcb80e81867e7e75966bb3fc275a821d2c20f9b8a7aab1380d94f
+  data.tar.gz: 1a85cb29c777b43dbf086339e087d2062153de6a945a1f5750abb95130bf826a9734d8206060f04e93cad6c51cce08430704226976e5e1438c3b00a5ae3aa5b0

data/CHANGELOG.md

@@ -2,8 +2,15 @@
 
 ## Unreleased
 
+## 0.10.0 - 2026-05-21
+
 - Rename the canonical Ruby gem to `better_auth-mongodb` while keeping
   `better_auth-mongo-adapter` as a deprecated compatibility package.
+- Fixed `use_plural: true` so configured schema `model_name` values such as
+  `people` and `api_keys` are used directly instead of being pluralized again.
+- Clarified MongoDB filter docs: `in` requires array values, while `not_in`
+  accepts scalar values as a Ruby adapter-family compatibility behavior.
+- Improved MongoDB owner counting, nullable unique indexes, and adapter parity coverage.
 
 ## 0.7.0 - 2026-05-05
 
@@ -12,7 +19,7 @@
 - Consolidated Mongo fake test support and strengthened transaction rollback coverage for staged mutations.
 - Apply `advanced[:database][:default_find_many_limit]` to uncapped `find_many` calls and one-to-many Mongo `$lookup` joins, defaulting to 100 when omitted.
 - Match upstream Mongo where-clause semantics for mixed connectors by bucketing multi-clause filters into `$and` and `$or` arrays instead of left-fold nesting.
-- Allow scalar values for `in` and `not_in` filters as an intentional Ruby adapter-family adaptation.
+- Allow scalar values for `not_in` filters as an intentional Ruby adapter-family adaptation while keeping `in` aligned with the shared adapter array contract.
 
 ## 0.1.1 - 2026-04-30
 

data/README.md

@@ -94,12 +94,26 @@ auth = BetterAuth.auth(
 
 The same default applies to one-to-many join lookups when the join config does not set `limit:`. Passing an explicit `limit:` to `find_many` or to the join config overrides the default.
 
+Explicit `limit:` values must be positive integers. Explicit `offset:` values
+must be zero or positive integers. Invalid configured defaults, including
+non-positive `default_find_many_limit` values, fall back to the built-in cap of
+100 records.
+
 One-to-one joins ignore one-to-many limits. They are returned as a single object or `nil`.
 
-Ruby's adapters accept scalar values for `in` and `not_in` filters and coerce
-them to a one-element list. This is an intentional Ruby adapter-family behavior;
-upstream's TypeScript adapter factory is stricter before the Mongo adapter sees
-the query.
+Ruby's MongoDB adapter matches upstream's adapter factory by requiring array
+values for the `in` filter operator. The Ruby adapter still accepts scalar
+values for `not_in` and coerces them to a one-element list, matching the Ruby
+adapter-family behavior.
+
+Update calls intentionally strip logical `id` / Mongo `_id` from `$set` payloads
+so callers cannot mutate immutable Mongo identifiers. If an update contains no
+caller-supplied schema fields after id and unknown fields are ignored, the
+adapter raises `BAD_REQUEST` before calling MongoDB.
+
+Default storage field names use Ruby's snake_case convention. For example, an
+additional or plugin field named `camelCaseField` is stored as
+`camel_case_field` unless the schema config provides an explicit `fieldName`.
 
 ## Compatibility
 

data/lib/better_auth/mongodb/version.rb

@@ -2,6 +2,6 @@
 
 module BetterAuth
   module MongoDB
-    VERSION = "0.8.0"
+    VERSION = "0.10.0"
   end
 end

data/lib/better_auth/mongodb.rb

@@ -46,12 +46,12 @@ module BetterAuth
       def find_many(model:, where: [], sort_by: nil, limit: nil, offset: nil, select: nil, join: nil)
         model = model.to_s
         pipeline = [{"$match" => mongo_filter(model, where || [])}]
+        pipeline << {"$sort" => {sort_field(model, sort_by) => sort_direction(sort_by)}} if sort_by
+        pipeline << {"$skip" => non_negative_integer!(offset, "offset")} unless offset.nil?
+        effective_limit = limit.nil? ? default_find_many_limit : positive_integer!(limit, "limit")
+        pipeline << {"$limit" => effective_limit}
         pipeline.concat(join_stages(model, join)) if join
         pipeline << {"$project" => projection_for(model, select, join)} if select && !select.empty?
-        pipeline << {"$sort" => {sort_field(model, sort_by) => sort_direction(sort_by)}} if sort_by
-        pipeline << {"$skip" => offset.to_i} if offset
-        effective_limit = limit.nil? ? default_find_many_limit : limit.to_i
-        pipeline << {"$limit" => effective_limit} if effective_limit.positive?
 
         collection_for(model)
           .aggregate(pipeline, session_options)
@@ -61,9 +61,11 @@ module BetterAuth
 
       def update(model:, where:, update:)
         model = model.to_s
+        ensure_update_input_has_fields!(model, update)
         data = transform_input(model, update, "update", true)
         document = to_document(model, data)
         document.delete("_id")
+        ensure_update_document!(document)
         result = collection_for(model).find_one_and_update(
           mongo_filter(model, where || []),
           {"$set" => document},
@@ -75,9 +77,11 @@ module BetterAuth
 
       def update_many(model:, where:, update:)
         model = model.to_s
+        ensure_update_input_has_fields!(model, update)
         data = transform_input(model, update, "update", true)
         document = to_document(model, data)
         document.delete("_id")
+        ensure_update_document!(document)
         result = collection_for(model).update_many(
           mongo_filter(model, where || []),
           {"$set" => document},
@@ -115,8 +119,8 @@ module BetterAuth
 
             collection = collection_for(model)
             key = storage_field(model, field)
-            index_options = attributes[:unique] ? {unique: true} : {}
-            collection.indexes.create_one({key => 1}, index_options)
+            index_options = index_options_for(attributes)
+            create_index!(collection, {key => 1}, index_options)
             {
               collection: collection_name(model),
               field: field,
@@ -147,6 +151,34 @@ module BetterAuth
 
       private
 
+      def index_options_for(attributes)
+        return {} unless attributes[:unique]
+
+        options = {unique: true}
+        options[:sparse] = true unless attributes[:required]
+        options
+      end
+
+      def create_index!(collection, keys, options)
+        collection.indexes.create_one(keys, options)
+      rescue Mongo::Error::OperationFailure => error
+        raise unless index_options_conflict?(error) && collection.indexes.respond_to?(:drop_one)
+
+        collection.indexes.drop_one(default_index_name(keys))
+        collection.indexes.create_one(keys, options)
+      end
+
+      def index_options_conflict?(error)
+        error.message.include?("IndexOptionsConflict") ||
+          error.message.include?("IndexKeySpecsConflict") ||
+          error.message.include?("already exists with different options") ||
+          error.message.include?("same name as the requested index")
+      end
+
+      def default_index_name(keys)
+        keys.map { |field, direction| "#{field}_#{direction}" }.join("_")
+      end
+
       def transform_input(model, data, action, force_allow_id)
         fields = fields_for(model)
         input = stringify_keys(data)
@@ -180,7 +212,7 @@ module BetterAuth
       end
 
       def mongo_filter(model, where)
-        clauses = Array(where)
+        clauses = validate_where!(where)
         return {} if clauses.empty?
 
         conditions = clauses.map do |clause|
@@ -205,7 +237,8 @@ module BetterAuth
         value = options.advanced.dig(:database, :default_find_many_limit)
         return 100 if value.nil?
 
-        Integer(value)
+        parsed = Integer(value)
+        parsed.positive? ? parsed : 100
       rescue ArgumentError, TypeError
         100
       end
@@ -218,7 +251,10 @@ module BetterAuth
         operator = (fetch_key(clause, :operator) || "eq").to_s.downcase
         value = fetch_key(clause, :value)
 
-        field = resolve_field(model, fetch_key(clause, :field))
+        requested_field = fetch_key(clause, :field)
+        bad_request!("where field is required") if requested_field.nil? || requested_field.to_s.empty?
+
+        field = resolve_field(model, requested_field)
         attributes = fields_for(model).fetch(field)
         key = (field == "id") ? "_id" : storage_field(model, field)
         mode = (fetch_key(clause, :mode) || "sensitive").to_s
@@ -230,6 +266,8 @@ module BetterAuth
         when "eq"
           (insensitive && value.is_a?(String)) ? regex_condition(key, value, :eq, insensitive: true) : {key => store_value(field, value, attributes, strict_id: true)}
         when "in"
+          bad_request!("where value must be an array for in operator") unless value.is_a?(Array)
+
           (insensitive && value.is_a?(Array)) ? insensitive_in_condition(key, value) : {key => {"$in" => array_operator_values(value).map { |entry| store_value(field, entry, attributes, strict_id: true) }}}
         when "not_in"
           (insensitive && value.is_a?(Array)) ? insensitive_not_in_condition(key, value) : {key => {"$nin" => array_operator_values(value).map { |entry| store_value(field, entry, attributes, strict_id: true) }}}
@@ -281,9 +319,9 @@ module BetterAuth
           foreign_field = storage_field_for_join(join_model, config.fetch(:to))
           relation = config[:relation]
           limit = config.key?(:limit) ? config[:limit] : nil
-          effective_limit = limit.nil? ? default_find_many_limit : limit.to_i
+          effective_limit = limit.nil? ? default_find_many_limit : positive_integer!(limit, "join limit")
           unique = relation == "one-to-one" || config[:unique]
-          should_limit = !unique && effective_limit.positive?
+          should_limit = !unique
 
           lookup = if should_limit
             {
@@ -313,19 +351,30 @@ module BetterAuth
       end
 
       def normalized_join(model, join)
+        bad_request!("join must be a hash") unless join.is_a?(Hash)
+
         join.each_with_object({}) do |(join_model, config), result|
           join_model = join_model.to_s
+          bad_request!("join model is required") if join_model.empty?
+
           result[join_model] = normalize_join_config(model, join_model, config)
         end
       end
 
       def normalize_join_config(model, join_model, config)
+        bad_request!("join config must be true or a hash") unless config == true || config.is_a?(Hash)
+
         if config.is_a?(Hash) && (config.key?(:on) || config.key?("on"))
           on = config[:on] || config["on"]
+          bad_request!("join on must be a hash") unless on.is_a?(Hash)
+
           relation = config[:relation] || config["relation"]
           limit = config[:limit] || config["limit"]
           from = fetch_key(on, :from)
           to = fetch_key(on, :to)
+          bad_request!("join on.from is required") if from.nil? || from.to_s.empty?
+          bad_request!("join on.to is required") if to.nil? || to.to_s.empty?
+
           return {from: Schema.storage_key(from), to: Schema.storage_key(to), relation: relation, limit: limit, unique: unique_join_field?(join_model, to)}
         end
 
@@ -414,9 +463,8 @@ module BetterAuth
       def collection_name(model)
         model = default_model_name(model)
         configured = configured_model_name(model)
-        return "#{configured}s" if configured && use_plural
-        return configured if configured
         return schema_for(model).fetch(:model_name) if use_plural
+        return configured if configured
 
         model.to_s
       end
@@ -548,7 +596,7 @@ module BetterAuth
 
       def coerce_value(value, attributes)
         return value if value.nil?
-        return Time.parse(value) if attributes[:type] == "date" && value.is_a?(String)
+        return parse_date_value(value) if attributes[:type] == "date" && value.is_a?(String)
 
         value
       end
@@ -611,6 +659,61 @@ module BetterAuth
         nil
       end
 
+      def validate_where!(where)
+        bad_request!("where must be an array") unless where.is_a?(Array)
+
+        where.each do |clause|
+          bad_request!("where entries must be hashes") unless clause.is_a?(Hash)
+        end
+
+        where
+      end
+
+      def positive_integer!(value, name)
+        parsed = Integer(value)
+        bad_request!("#{name} must be a positive integer") unless parsed.positive?
+
+        parsed
+      rescue ArgumentError, TypeError
+        bad_request!("#{name} must be a positive integer")
+      end
+
+      def non_negative_integer!(value, name)
+        parsed = Integer(value)
+        bad_request!("#{name} must be zero or a positive integer") if parsed.negative?
+
+        parsed
+      rescue ArgumentError, TypeError
+        bad_request!("#{name} must be zero or a positive integer")
+      end
+
+      def ensure_update_document!(document)
+        bad_request!("No fields to update") if document.empty?
+      end
+
+      def ensure_update_input_has_fields!(model, update)
+        bad_request!("update must be a hash") unless update.is_a?(Hash)
+
+        fields = fields_for(model)
+        input = stringify_keys(update)
+        has_updatable_field = input.any? do |field_key, _value|
+          next false if field_key == "id" || field_key == "_id"
+
+          fields.key?(field_key) || fields.any? { |_field, attributes| attributes[:field_name].to_s == field_key }
+        end
+        bad_request!("No fields to update") unless has_updatable_field
+      end
+
+      def parse_date_value(value)
+        Time.parse(value)
+      rescue ArgumentError
+        bad_request!("Invalid date value")
+      end
+
+      def bad_request!(message)
+        raise APIError.new("BAD_REQUEST", message: message)
+      end
+
       def schema_for(model)
         Schema.auth_tables(options).fetch(default_model_name(model))
       end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: better_auth-mongodb
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.10.0
 platform: ruby
 authors:
 - Sebastian Sala
@@ -161,14 +161,14 @@ files:
 - lib/better_auth/mongo_adapter.rb
 - lib/better_auth/mongodb.rb
 - lib/better_auth/mongodb/version.rb
-homepage: https://github.com/sebasxsala/better-auth
+homepage: https://github.com/sebasxsala/better-auth-rb
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/sebasxsala/better-auth
-  source_code_uri: https://github.com/sebasxsala/better-auth
-  changelog_uri: https://github.com/sebasxsala/better-auth/blob/main/packages/better_auth-mongodb/CHANGELOG.md
-  bug_tracker_uri: https://github.com/sebasxsala/better-auth/issues
+  homepage_uri: https://github.com/sebasxsala/better-auth-rb
+  source_code_uri: https://github.com/sebasxsala/better-auth-rb
+  changelog_uri: https://github.com/sebasxsala/better-auth-rb/blob/main/packages/better_auth-mongodb/CHANGELOG.md
+  bug_tracker_uri: https://github.com/sebasxsala/better-auth-rb/issues
 rdoc_options: []
 require_paths:
 - lib