@aeriajs/core 0.0.137 → 0.0.139

package/dist/collection/reference.d.ts

@@ -2,6 +2,7 @@ import type { FixedObjectProperty, Description } from '@aeriajs/types';
 export type GetReferenceOptions = {
     memoize?: string;
     depth?: number;
+    maxDepth?: number;
 };
 export type Reference = {
     isArray?: boolean;

package/dist/collection/reference.js

@@ -67,7 +67,7 @@ const buildArrayCleanupStages = (referenceMap) => {
         : null;
 };
 const getReferences = async (properties, options) => {
-    const { depth = 0, memoize, } = options || {};
+    const { depth = 0, maxDepth = 3, memoize, } = options || {};
     if (memoize) {
         if (referenceMemo[memoize]) {
             return referenceMemo[memoize];
@@ -77,10 +77,25 @@ const getReferences = async (properties, options) => {
     for (const [propName, property] of Object.entries(properties)) {
         const refProperty = (0, common_1.getReferenceProperty)(property);
         const reference = {};
-        if (depth === 2 || (refProperty && refProperty.populate && refProperty.populate.length === 0)) {
+        if (depth === maxDepth || (refProperty && refProperty.populate && refProperty.populate.length === 0)) {
             continue;
         }
-        if (!refProperty) {
+        if (refProperty) {
+            const description = (0, common_1.throwIfError)(await (0, assets_js_1.getCollectionAsset)(refProperty.$ref, 'description'));
+            const deepReferences = await (0, exports.getReferences)(description.properties, {
+                depth: depth + 1,
+                maxDepth: refProperty.populateDepth || maxDepth,
+                memoize: `${memoize}.${propName}`,
+            });
+            if (Object.keys(deepReferences).length > 0) {
+                reference.deepReferences = deepReferences;
+            }
+            const indexes = refProperty.indexes
+                ? refProperty.indexes
+                : description.indexes || [];
+            reference.populatedProperties = (refProperty.populate || []).concat(indexes.filter((index) => typeof index === 'string'));
+        }
+        else {
             const entrypoint = 'items' in property
                 ? property.items
                 : property;
@@ -91,7 +106,6 @@ const getReferences = async (properties, options) => {
             // }
             if ('properties' in entrypoint) {
                 const deepReferences = await (0, exports.getReferences)(entrypoint.properties, {
-                    depth: depth + 1,
                     memoize: `${memoize}.${propName}`,
                 });
                 if (Object.keys(deepReferences).length > 0) {
@@ -100,20 +114,6 @@ const getReferences = async (properties, options) => {
                 }
             }
         }
-        else {
-            const description = (0, common_1.throwIfError)(await (0, assets_js_1.getCollectionAsset)(refProperty.$ref, 'description'));
-            const deepReferences = await (0, exports.getReferences)(description.properties, {
-                depth: depth + 1,
-                memoize: `${memoize}.${propName}`,
-            });
-            if (Object.keys(deepReferences).length > 0) {
-                reference.deepReferences = deepReferences;
-            }
-            const indexes = refProperty.indexes
-                ? refProperty.indexes
-                : description.indexes || [];
-            reference.populatedProperties = (refProperty.populate || []).concat(indexes.filter((index) => typeof index === 'string'));
-        }
         if (!refProperty?.$ref && !reference.deepReferences) {
             continue;
         }
@@ -216,12 +216,14 @@ const buildLookupStages = async (reference, propName, options) => {
     }
     else if (reference.deepReferences && depth <= maxDepth) {
         refHasDeepReferences = true;
-        stages.push({
-            $unwind: {
-                path: `$${withParent(propName)}`,
-                preserveNullAndEmptyArrays: true,
-            },
-        });
+        if (reference.isArray) {
+            stages.push({
+                $unwind: {
+                    path: `$${withParent(propName)}`,
+                    preserveNullAndEmptyArrays: true,
+                },
+            });
+        }
         for (const [refName, refMap] of Object.entries(reference.deepReferences)) {
             if (!refMap) {
                 continue;
@@ -237,15 +239,28 @@ const buildLookupStages = async (reference, propName, options) => {
                 continue;
             }
             const refProperties = properties[propName];
-            if (!('properties' in refProperties)) {
+            if ('properties' in refProperties) {
+                const { stages: refStages } = await buildLookupStages(refMap, refName, {
+                    depth: depth + 1,
+                    parent: withParent(propName),
+                    properties: refProperties.properties,
+                });
+                stages.push(...refStages);
+            }
+            else if ('items' in refProperties) {
+                if (!('properties' in refProperties.items)) {
+                    throw new Error();
+                }
+                const { stages: refStages } = await buildLookupStages(refMap, refName, {
+                    depth: depth + 1,
+                    parent: withParent(propName),
+                    properties: refProperties.items.properties,
+                });
+                stages.push(...refStages);
+            }
+            else {
                 throw new Error();
             }
-            const { stages: result } = await buildLookupStages(refMap, refName, {
-                depth: depth + 1,
-                parent: withParent(propName),
-                properties: refProperties.properties,
-            });
-            stages.push(...result);
         }
     }
     return {

package/dist/collection/reference.mjs

@@ -63,6 +63,7 @@ const buildArrayCleanupStages = (referenceMap) => {
 export const getReferences = async (properties, options) => {
   const {
     depth = 0,
+    maxDepth = 3,
     memoize
   } = options || {};
   if (memoize) {
@@ -74,25 +75,14 @@ export const getReferences = async (properties, options) => {
   for (const [propName, property] of Object.entries(properties)) {
     const refProperty = getReferenceProperty(property);
     const reference = {};
-    if (depth === 2 || refProperty && refProperty.populate && refProperty.populate.length === 0) {
+    if (depth === maxDepth || refProperty && refProperty.populate && refProperty.populate.length === 0) {
       continue;
     }
-    if (!refProperty) {
-      const entrypoint = "items" in property ? property.items : property;
-      if ("properties" in entrypoint) {
-        const deepReferences = await getReferences(entrypoint.properties, {
-          depth: depth + 1,
-          memoize: `${memoize}.${propName}`
-        });
-        if (Object.keys(deepReferences).length > 0) {
-          reference.deepReferences ??= {};
-          reference.deepReferences = deepReferences;
-        }
-      }
-    } else {
+    if (refProperty) {
       const description = throwIfError(await getCollectionAsset(refProperty.$ref, "description"));
       const deepReferences = await getReferences(description.properties, {
         depth: depth + 1,
+        maxDepth: refProperty.populateDepth || maxDepth,
         memoize: `${memoize}.${propName}`
       });
       if (Object.keys(deepReferences).length > 0) {
@@ -100,6 +90,17 @@ export const getReferences = async (properties, options) => {
       }
       const indexes = refProperty.indexes ? refProperty.indexes : description.indexes || [];
       reference.populatedProperties = (refProperty.populate || []).concat(indexes.filter((index) => typeof index === "string"));
+    } else {
+      const entrypoint = "items" in property ? property.items : property;
+      if ("properties" in entrypoint) {
+        const deepReferences = await getReferences(entrypoint.properties, {
+          memoize: `${memoize}.${propName}`
+        });
+        if (Object.keys(deepReferences).length > 0) {
+          reference.deepReferences ??= {};
+          reference.deepReferences = deepReferences;
+        }
+      }
     }
     if (!refProperty?.$ref && !reference.deepReferences) {
       continue;
@@ -199,36 +200,49 @@ const buildLookupStages = async (reference, propName, options) => {
     }
   } else if (reference.deepReferences && depth <= maxDepth) {
     refHasDeepReferences = true;
-    stages.push({
-      $unwind: {
-        path: `$${withParent(propName)}`,
-        preserveNullAndEmptyArrays: true
-      }
-    });
+    if (reference.isArray) {
+      stages.push({
+        $unwind: {
+          path: `$${withParent(propName)}`,
+          preserveNullAndEmptyArrays: true
+        }
+      });
+    }
     for (const [refName, refMap] of Object.entries(reference.deepReferences)) {
       if (!refMap) {
         continue;
       }
       if (refMap.referencedCollection) {
         const description = throwIfError(await getCollectionAsset(refMap.referencedCollection, "description"));
-        const { stages: result2 } = await buildLookupStages(refMap, refName, {
+        const { stages: result } = await buildLookupStages(refMap, refName, {
           depth: depth + 1,
           parent: withParent(propName),
           properties: description.properties
         });
-        stages.push(...result2);
+        stages.push(...result);
         continue;
       }
       const refProperties = properties[propName];
-      if (!("properties" in refProperties)) {
+      if ("properties" in refProperties) {
+        const { stages: refStages } = await buildLookupStages(refMap, refName, {
+          depth: depth + 1,
+          parent: withParent(propName),
+          properties: refProperties.properties
+        });
+        stages.push(...refStages);
+      } else if ("items" in refProperties) {
+        if (!("properties" in refProperties.items)) {
+          throw new Error();
+        }
+        const { stages: refStages } = await buildLookupStages(refMap, refName, {
+          depth: depth + 1,
+          parent: withParent(propName),
+          properties: refProperties.items.properties
+        });
+        stages.push(...refStages);
+      } else {
         throw new Error();
       }
-      const { stages: result } = await buildLookupStages(refMap, refName, {
-        depth: depth + 1,
-        parent: withParent(propName),
-        properties: refProperties.properties
-      });
-      stages.push(...result);
     }
   }
   return {

package/dist/collection/traverseDocument.js

@@ -40,7 +40,7 @@ const getProperty = (propertyName, parentProperty) => {
     if ('items' in parentProperty && 'properties' in parentProperty.items && propertyName in parentProperty.items.properties) {
         return parentProperty.items.properties[propertyName];
     }
-    if ('additionalProperties' in parentProperty) {
+    if ('additionalProperties' in parentProperty && typeof parentProperty.additionalProperties === 'object') {
         return parentProperty.additionalProperties;
     }
     if ('properties' in parentProperty) {

package/dist/collection/traverseDocument.mjs

@@ -15,7 +15,7 @@ const getProperty = (propertyName, parentProperty) => {
   if ("items" in parentProperty && "properties" in parentProperty.items && propertyName in parentProperty.items.properties) {
     return parentProperty.items.properties[propertyName];
   }
-  if ("additionalProperties" in parentProperty) {
+  if ("additionalProperties" in parentProperty && typeof parentProperty.additionalProperties === "object") {
     return parentProperty.additionalProperties;
   }
   if ("properties" in parentProperty) {

package/dist/functions/{builtin/count.d.ts → count.d.ts}

@@ -1,6 +1,13 @@
 import type { Context, SchemaWithId, CountPayload } from '@aeriajs/types';
-export declare const count: <TContext extends Context>(payload: CountPayload<SchemaWithId<TContext["description"]>>, context: TContext extends Context<any> ? TContext : never) => Promise<{
+export type CountOptions = {
+    bypassSecurity?: boolean;
+};
+export declare const count: <TContext extends Context>(payload: CountPayload<SchemaWithId<TContext["description"]>>, context: TContext extends Context<any> ? TContext : never, options?: CountOptions) => Promise<{
     readonly _tag: "Result";
     readonly error: undefined;
     readonly result: any;
+} | {
+    readonly _tag: "Error";
+    readonly error: import("@aeriajs/types").ACError.InvalidLimit;
+    readonly result: undefined;
 }>;

package/dist/functions/{builtin/count.js → count.js}

@@ -4,13 +4,11 @@ exports.count = void 0;
 const security_1 = require("@aeriajs/security");
 const types_1 = require("@aeriajs/types");
 const common_1 = require("@aeriajs/common");
-const index_js_1 = require("../../collection/index.js");
-const count = async (payload, context) => {
-    const security = (0, security_1.useSecurity)(context);
-    const sanitizedPayload = (0, common_1.throwIfError)(await security.beforeRead(payload));
-    const filters = sanitizedPayload.filters;
-    const $text = '$text' in sanitizedPayload.filters
-        ? sanitizedPayload.filters.$text
+const index_js_1 = require("../collection/index.js");
+const internalCount = async (payload, context) => {
+    const { filters = {} } = payload;
+    const $text = '$text' in filters
+        ? filters.$text
         : undefined;
     if ('$text' in filters) {
         delete filters.$text;
@@ -39,4 +37,15 @@ const count = async (payload, context) => {
     }
     return types_1.Result.result(await context.collection.model.countDocuments(traversedFilters));
 };
+const count = async (payload, context, options = {}) => {
+    if (options.bypassSecurity) {
+        return internalCount(payload, context);
+    }
+    const security = (0, security_1.useSecurity)(context);
+    const { error, result: securedPayload } = await security.secureReadPayload(payload);
+    if (error) {
+        return types_1.Result.error(error);
+    }
+    return internalCount(securedPayload, context);
+};
 exports.count = count;

package/dist/functions/{builtin/count.mjs → count.mjs}

@@ -2,12 +2,10 @@
 import { useSecurity } from "@aeriajs/security";
 import { Result } from "@aeriajs/types";
 import { throwIfError } from "@aeriajs/common";
-import { traverseDocument } from "../../collection/index.mjs";
-export const count = async (payload, context) => {
-  const security = useSecurity(context);
-  const sanitizedPayload = throwIfError(await security.beforeRead(payload));
-  const filters = sanitizedPayload.filters;
-  const $text = "$text" in sanitizedPayload.filters ? sanitizedPayload.filters.$text : void 0;
+import { traverseDocument } from "../collection/index.mjs";
+const internalCount = async (payload, context) => {
+  const { filters = {} } = payload;
+  const $text = "$text" in filters ? filters.$text : void 0;
   if ("$text" in filters) {
     delete filters.$text;
   }
@@ -33,3 +31,14 @@ export const count = async (payload, context) => {
   }
   return Result.result(await context.collection.model.countDocuments(traversedFilters));
 };
+export const count = async (payload, context, options = {}) => {
+  if (options.bypassSecurity) {
+    return internalCount(payload, context);
+  }
+  const security = useSecurity(context);
+  const { error, result: securedPayload } = await security.secureReadPayload(payload);
+  if (error) {
+    return Result.error(error);
+  }
+  return internalCount(securedPayload, context);
+};

package/dist/functions/{builtin/get.js → get.js}

@@ -4,13 +4,9 @@ exports.get = void 0;
 const security_1 = require("@aeriajs/security");
 const types_1 = require("@aeriajs/types");
 const common_1 = require("@aeriajs/common");
-const index_js_1 = require("../../collection/index.js");
-const get = async (payload, context, options) => {
-    const security = (0, security_1.useSecurity)(context);
-    const sanitizedPayload = !options?.bypassSecurity
-        ? (0, common_1.throwIfError)(await security.beforeRead(payload))
-        : payload;
-    const { filters = {}, project = [], } = sanitizedPayload;
+const index_js_1 = require("../collection/index.js");
+const internalGet = async (payload, context) => {
+    const { filters = {}, project = [], } = payload;
     if (Object.keys(filters).length === 0) {
         return context.error(types_1.HTTPStatus.BadRequest, {
             code: types_1.ACError.MalformedInput,
@@ -34,8 +30,8 @@ const get = async (payload, context, options) => {
     }
     pipeline.push(...await (0, index_js_1.buildLookupPipeline)(references, {
         memoize: context.description.$id,
-        project: sanitizedPayload.populate
-            ? sanitizedPayload.populate
+        project: payload.populate
+            ? payload.populate
             : project,
         properties: context.description.properties,
     }));
@@ -53,4 +49,17 @@ const get = async (payload, context, options) => {
     })), context.description);
     return types_1.Result.result(result);
 };
+const get = async (payload, context, options = {}) => {
+    if (options.bypassSecurity) {
+        return internalGet(payload, context);
+    }
+    const security = (0, security_1.useSecurity)(context);
+    const { error, result: securedPayload } = await security.secureReadPayload(payload);
+    if (error) {
+        switch (error) {
+            case types_1.ACError.InvalidLimit: throw new Error;
+        }
+    }
+    return internalGet(securedPayload, context);
+};
 exports.get = get;

package/dist/functions/{builtin/get.mjs → get.mjs}

@@ -8,14 +8,12 @@ import {
   getReferences,
   buildLookupPipeline,
   fill
-} from "../../collection/index.mjs";
-export const get = async (payload, context, options) => {
-  const security = useSecurity(context);
-  const sanitizedPayload = !options?.bypassSecurity ? throwIfError(await security.beforeRead(payload)) : payload;
+} from "../collection/index.mjs";
+const internalGet = async (payload, context) => {
   const {
     filters = {},
     project = []
-  } = sanitizedPayload;
+  } = payload;
   if (Object.keys(filters).length === 0) {
     return context.error(HTTPStatus.BadRequest, {
       code: ACError.MalformedInput
@@ -39,7 +37,7 @@ export const get = async (payload, context, options) => {
   }
   pipeline.push(...await buildLookupPipeline(references, {
     memoize: context.description.$id,
-    project: sanitizedPayload.populate ? sanitizedPayload.populate : project,
+    project: payload.populate ? payload.populate : project,
     properties: context.description.properties
   }));
   const doc = await context.collection.model.aggregate(pipeline).next();
@@ -56,3 +54,17 @@ export const get = async (payload, context, options) => {
   })), context.description);
   return Result.result(result);
 };
+export const get = async (payload, context, options = {}) => {
+  if (options.bypassSecurity) {
+    return internalGet(payload, context);
+  }
+  const security = useSecurity(context);
+  const { error, result: securedPayload } = await security.secureReadPayload(payload);
+  if (error) {
+    switch (error) {
+      case ACError.InvalidLimit:
+        throw new Error();
+    }
+  }
+  return internalGet(securedPayload, context);
+};

package/dist/functions/getAll.d.ts

@@ -0,0 +1,13 @@
+import type { Context, SchemaWithId, GetAllPayload } from '@aeriajs/types';
+export type GetAllOptions = {
+    bypassSecurity?: boolean;
+};
+export declare const getAll: <TContext extends Context>(payload: GetAllPayload<SchemaWithId<TContext["description"]>> | undefined, context: TContext, options?: GetAllOptions) => Promise<{
+    readonly _tag: "Error";
+    readonly error: import("@aeriajs/types").ACError.InvalidLimit;
+    readonly result: undefined;
+} | {
+    readonly _tag: "Result";
+    readonly error: undefined;
+    readonly result: SchemaWithId<TContext["description"]>[];
+}>;

package/dist/functions/{builtin/getAll.js → getAll.js}

@@ -4,17 +4,12 @@ exports.getAll = void 0;
 const security_1 = require("@aeriajs/security");
 const types_1 = require("@aeriajs/types");
 const common_1 = require("@aeriajs/common");
-const index_js_1 = require("../../collection/index.js");
-const getAll = async (_payload, context, options = {}) => {
-    const security = (0, security_1.useSecurity)(context);
-    const payload = _payload || {};
-    const sanitizedPayload = !options.bypassSecurity
-        ? (0, common_1.throwIfError)(await security.beforeRead(payload))
-        : payload;
-    const { limit = context.config.paginationLimit, sort, project = [], offset = 0, } = sanitizedPayload;
-    const filters = sanitizedPayload.filters || {};
-    const $text = sanitizedPayload.filters && '$text' in sanitizedPayload.filters
-        ? sanitizedPayload.filters.$text
+const index_js_1 = require("../collection/index.js");
+const internalGetAll = async (payload, context) => {
+    const { limit = context.config.paginationLimit, sort, project = [], offset = 0, } = payload;
+    const filters = payload.filters || {};
+    const $text = payload.filters && '$text' in payload.filters
+        ? payload.filters.$text
         : undefined;
     if ('$text' in filters) {
         delete filters.$text;
@@ -66,8 +61,8 @@ const getAll = async (_payload, context, options = {}) => {
     }
     pipeline.push(...await (0, index_js_1.buildLookupPipeline)(references, {
         memoize: context.description.$id,
-        project: sanitizedPayload.populate
-            ? sanitizedPayload.populate
+        project: payload.populate
+            ? payload.populate
             : project,
         properties: context.description.properties,
     }));
@@ -88,4 +83,18 @@ const getAll = async (_payload, context, options = {}) => {
     }
     return types_1.Result.result(documents);
 };
+const getAll = async (payload, context, options = {}) => {
+    if (!payload) {
+        return internalGetAll({}, context);
+    }
+    if (options.bypassSecurity) {
+        return internalGetAll(payload, context);
+    }
+    const security = (0, security_1.useSecurity)(context);
+    const { error, result: securedPayload } = await security.secureReadPayload(payload);
+    if (error) {
+        return types_1.Result.error(error);
+    }
+    return internalGetAll(securedPayload, context);
+};
 exports.getAll = getAll;

package/dist/functions/{builtin/getAll.mjs → getAll.mjs}

@@ -8,19 +8,16 @@ import {
   getReferences,
   buildLookupPipeline,
   fill
-} from "../../collection/index.mjs";
-export const getAll = async (_payload, context, options = {}) => {
-  const security = useSecurity(context);
-  const payload = _payload || {};
-  const sanitizedPayload = !options.bypassSecurity ? throwIfError(await security.beforeRead(payload)) : payload;
+} from "../collection/index.mjs";
+const internalGetAll = async (payload, context) => {
   const {
     limit = context.config.paginationLimit,
     sort,
     project = [],
     offset = 0
-  } = sanitizedPayload;
-  const filters = sanitizedPayload.filters || {};
-  const $text = sanitizedPayload.filters && "$text" in sanitizedPayload.filters ? sanitizedPayload.filters.$text : void 0;
+  } = payload;
+  const filters = payload.filters || {};
+  const $text = payload.filters && "$text" in payload.filters ? payload.filters.$text : void 0;
   if ("$text" in filters) {
     delete filters.$text;
   }
@@ -67,7 +64,7 @@ export const getAll = async (_payload, context, options = {}) => {
   }
   pipeline.push(...await buildLookupPipeline(references, {
     memoize: context.description.$id,
-    project: sanitizedPayload.populate ? sanitizedPayload.populate : project,
+    project: payload.populate ? payload.populate : project,
     properties: context.description.properties
   }));
   if (Object.keys(references).length > 0 && preferredSort) {
@@ -87,3 +84,17 @@ export const getAll = async (_payload, context, options = {}) => {
   }
   return Result.result(documents);
 };
+export const getAll = async (payload, context, options = {}) => {
+  if (!payload) {
+    return internalGetAll({}, context);
+  }
+  if (options.bypassSecurity) {
+    return internalGetAll(payload, context);
+  }
+  const security = useSecurity(context);
+  const { error, result: securedPayload } = await security.secureReadPayload(payload);
+  if (error) {
+    return Result.error(error);
+  }
+  return internalGetAll(securedPayload, context);
+};

package/dist/functions/index.d.ts

@@ -1 +1,8 @@
-export * from './builtin/index.js';
+export * from './count.js';
+export * from './get.js';
+export * from './getAll.js';
+export * from './insert.js';
+export * from './remove.js';
+export * from './removeAll.js';
+export * from './removeFile.js';
+export * from './upload.js';

package/dist/functions/index.js

@@ -14,4 +14,11 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./builtin/index.js"), exports);
+__exportStar(require("./count.js"), exports);
+__exportStar(require("./get.js"), exports);
+__exportStar(require("./getAll.js"), exports);
+__exportStar(require("./insert.js"), exports);
+__exportStar(require("./remove.js"), exports);
+__exportStar(require("./removeAll.js"), exports);
+__exportStar(require("./removeFile.js"), exports);
+__exportStar(require("./upload.js"), exports);

package/dist/functions/index.mjs

@@ -1,2 +1,9 @@
 "use strict";
-export * from "./builtin/index.mjs";
+export * from "./count.mjs";
+export * from "./get.mjs";
+export * from "./getAll.mjs";
+export * from "./insert.mjs";
+export * from "./remove.mjs";
+export * from "./removeAll.mjs";
+export * from "./removeFile.mjs";
+export * from "./upload.mjs";

package/dist/functions/{builtin/insert.d.ts → insert.d.ts}

@@ -33,4 +33,8 @@ export declare const insertErrorSchema: () => {
         };
     };
 };
-export declare const insert: <TContext extends Context>(payload: InsertPayload<SchemaWithId<TContext["description"]>>, context: TContext, options?: InsertOptions) => Promise<InsertReturnType<SchemaWithId<TContext["description"]>>>;
+export declare const insert: <TContext extends Context>(payload: InsertPayload<SchemaWithId<TContext["description"]>>, context: TContext extends Context<any> ? TContext : never, options?: InsertOptions) => Promise<InsertReturnType<SchemaWithId<TContext["description"]>> | {
+    readonly _tag: "Error";
+    readonly error: ACError;
+    readonly result: undefined;
+}>;

package/dist/functions/{builtin/insert.js → insert.js}

@@ -4,7 +4,7 @@ exports.insert = exports.insertErrorSchema = void 0;
 const types_1 = require("@aeriajs/types");
 const security_1 = require("@aeriajs/security");
 const common_1 = require("@aeriajs/common");
-const index_js_1 = require("../../collection/index.js");
+const index_js_1 = require("../collection/index.js");
 const insertErrorSchema = () => (0, common_1.endpointErrorSchema)({
     httpStatus: [
         types_1.HTTPStatus.UnprocessableContent,
@@ -23,12 +23,8 @@ const insertErrorSchema = () => (0, common_1.endpointErrorSchema)({
     ],
 });
 exports.insertErrorSchema = insertErrorSchema;
-const insert = async (payload, context, options) => {
-    const security = (0, security_1.useSecurity)(context);
-    const query = !options?.bypassSecurity
-        ? (0, common_1.throwIfError)(await security.beforeWrite(payload))
-        : payload;
-    const { error, result: what } = await (0, index_js_1.traverseDocument)(query.what, context.description, {
+const internalInsert = async (payload, context) => {
+    const { error, result: what } = await (0, index_js_1.traverseDocument)(payload.what, context.description, {
         recurseDeep: true,
         autoCast: true,
         validate: true,
@@ -104,4 +100,15 @@ const insert = async (payload, context, options) => {
     })), context.description);
     return types_1.Result.result(result);
 };
+const insert = async (payload, context, options = {}) => {
+    if (options.bypassSecurity) {
+        return internalInsert(payload, context);
+    }
+    const security = (0, security_1.useSecurity)(context);
+    const { error, result: securedPayload } = await security.secureWritePayload(payload);
+    if (error) {
+        return types_1.Result.error(error);
+    }
+    return internalInsert(securedPayload, context);
+};
 exports.insert = insert;

package/dist/functions/{builtin/insert.mjs → insert.mjs}

@@ -2,7 +2,7 @@
 import { Result, HTTPStatus, ACError, ValidationErrorCode, TraverseError } from "@aeriajs/types";
 import { useSecurity } from "@aeriajs/security";
 import { throwIfError, endpointErrorSchema } from "@aeriajs/common";
-import { traverseDocument, normalizeProjection, prepareInsert, fill } from "../../collection/index.mjs";
+import { traverseDocument, normalizeProjection, prepareInsert, fill } from "../collection/index.mjs";
 export const insertErrorSchema = () => endpointErrorSchema({
   httpStatus: [
     HTTPStatus.UnprocessableContent,
@@ -20,10 +20,8 @@ export const insertErrorSchema = () => endpointErrorSchema({
     TraverseError.InvalidTempfile
   ]
 });
-export const insert = async (payload, context, options) => {
-  const security = useSecurity(context);
-  const query = !options?.bypassSecurity ? throwIfError(await security.beforeWrite(payload)) : payload;
-  const { error, result: what } = await traverseDocument(query.what, context.description, {
+const internalInsert = async (payload, context) => {
+  const { error, result: what } = await traverseDocument(payload.what, context.description, {
     recurseDeep: true,
     autoCast: true,
     validate: true,
@@ -91,3 +89,14 @@ export const insert = async (payload, context, options) => {
   })), context.description);
   return Result.result(result);
 };
+export const insert = async (payload, context, options = {}) => {
+  if (options.bypassSecurity) {
+    return internalInsert(payload, context);
+  }
+  const security = useSecurity(context);
+  const { error, result: securedPayload } = await security.secureWritePayload(payload);
+  if (error) {
+    return Result.error(error);
+  }
+  return internalInsert(securedPayload, context);
+};

package/dist/functions/{builtin/remove.d.ts → remove.d.ts}

@@ -1,11 +1,14 @@
 import type { Context, SchemaWithId, RemovePayload } from '@aeriajs/types';
 import { Result, HTTPStatus, ACError } from '@aeriajs/types';
-export declare const remove: <TContext extends Context>(payload: RemovePayload<SchemaWithId<TContext["description"]>>, context: TContext) => Promise<Result.Error<{
-    readonly code: ACError.ResourceNotFound;
-} & {
-    httpStatus: HTTPStatus.NotFound;
-}> | {
+export type RemoveOptions = {
+    bypassSecurity?: boolean;
+};
+export declare const remove: <TContext extends Context>(payload: RemovePayload<SchemaWithId<TContext["description"]>>, context: TContext, options?: RemoveOptions) => Promise<{
     readonly _tag: "Result";
     readonly error: undefined;
     readonly result: import("mongodb").WithId<Omit<import("@aeriajs/types").PackReferences<SchemaWithId<import("@aeriajs/types").Description>>, "_id">> | null;
-}>;
+} | Result.Error<{
+    readonly code: ACError.ResourceNotFound;
+} & {
+    httpStatus: HTTPStatus.NotFound;
+}>>;

package/dist/functions/{builtin/remove.js → remove.js}

@@ -3,8 +3,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.remove = void 0;
 const types_1 = require("@aeriajs/types");
 const common_1 = require("@aeriajs/common");
-const index_js_1 = require("../../collection/index.js");
-const remove = async (payload, context) => {
+const security_1 = require("@aeriajs/security");
+const index_js_1 = require("../collection/index.js");
+const internalRemove = async (payload, context) => {
     if (!payload.filters._id) {
         return context.error(types_1.HTTPStatus.NotFound, {
             code: types_1.ACError.ResourceNotFound,
@@ -22,4 +23,17 @@ const remove = async (payload, context) => {
     await (0, index_js_1.cascadingRemove)(target, context);
     return types_1.Result.result(await context.collection.model.findOneAndDelete(filters));
 };
+const remove = async (payload, context, options = {}) => {
+    if (options.bypassSecurity) {
+        return internalRemove(payload, context);
+    }
+    const security = (0, security_1.useSecurity)(context);
+    const { error, result: securedPayload } = await security.secureReadPayload(payload);
+    if (error) {
+        switch (error) {
+            case types_1.ACError.InvalidLimit: throw new Error;
+        }
+    }
+    return internalRemove(securedPayload, context);
+};
 exports.remove = remove;

package/dist/functions/{builtin/remove.mjs → remove.mjs}

@@ -1,8 +1,9 @@
 "use strict";
 import { Result, HTTPStatus, ACError } from "@aeriajs/types";
 import { throwIfError } from "@aeriajs/common";
-import { traverseDocument, cascadingRemove } from "../../collection/index.mjs";
-export const remove = async (payload, context) => {
+import { useSecurity } from "@aeriajs/security";
+import { traverseDocument, cascadingRemove } from "../collection/index.mjs";
+const internalRemove = async (payload, context) => {
   if (!payload.filters._id) {
     return context.error(HTTPStatus.NotFound, {
       code: ACError.ResourceNotFound
@@ -20,3 +21,17 @@ export const remove = async (payload, context) => {
   await cascadingRemove(target, context);
   return Result.result(await context.collection.model.findOneAndDelete(filters));
 };
+export const remove = async (payload, context, options = {}) => {
+  if (options.bypassSecurity) {
+    return internalRemove(payload, context);
+  }
+  const security = useSecurity(context);
+  const { error, result: securedPayload } = await security.secureReadPayload(payload);
+  if (error) {
+    switch (error) {
+      case ACError.InvalidLimit:
+        throw new Error();
+    }
+  }
+  return internalRemove(securedPayload, context);
+};

package/dist/functions/{builtin/removeAll.d.ts → removeAll.d.ts}

@@ -1,5 +1,8 @@
 import type { Context, RemoveAllPayload } from '@aeriajs/types';
-export declare const removeAll: <TContext extends Context>(payload: RemoveAllPayload, context: TContext) => Promise<{
+export type RemoveAllOptions = {
+    bypassSecurity?: boolean;
+};
+export declare const removeAll: <TContext extends Context>(payload: RemoveAllPayload, context: TContext, options?: RemoveAllOptions) => Promise<{
     readonly _tag: "Result";
     readonly error: undefined;
     readonly result: import("mongodb").DeleteResult;

package/dist/functions/{builtin/removeAll.js → removeAll.js}

@@ -3,8 +3,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.removeAll = void 0;
 const types_1 = require("@aeriajs/types");
 const common_1 = require("@aeriajs/common");
-const index_js_1 = require("../../collection/index.js");
-const removeAll = async (payload, context) => {
+const security_1 = require("@aeriajs/security");
+const index_js_1 = require("../collection/index.js");
+const internalRemoveAll = async (payload, context) => {
     const filtersWithId = {
         ...payload.filters,
         _id: {
@@ -21,4 +22,17 @@ const removeAll = async (payload, context) => {
     }
     return types_1.Result.result(await context.collection.model.deleteMany(filters));
 };
+const removeAll = async (payload, context, options = {}) => {
+    if (options.bypassSecurity) {
+        return internalRemoveAll(payload, context);
+    }
+    const security = (0, security_1.useSecurity)(context);
+    const { error, result: securedPayload } = await security.secureReadPayload(payload);
+    if (error) {
+        switch (error) {
+            case types_1.ACError.InvalidLimit: throw new Error;
+        }
+    }
+    return internalRemoveAll(securedPayload, context);
+};
 exports.removeAll = removeAll;

package/dist/functions/removeAll.mjs

@@ -0,0 +1,36 @@
+"use strict";
+import { Result, ACError } from "@aeriajs/types";
+import { throwIfError } from "@aeriajs/common";
+import { useSecurity } from "@aeriajs/security";
+import { traverseDocument, cascadingRemove } from "../collection/index.mjs";
+const internalRemoveAll = async (payload, context) => {
+  const filtersWithId = {
+    ...payload.filters,
+    _id: {
+      $in: payload.filters
+    }
+  };
+  const filters = throwIfError(await traverseDocument(filtersWithId, context.description, {
+    autoCast: true
+  }));
+  const it = context.collection.model.find(filters);
+  let doc;
+  while (doc = await it.next()) {
+    await cascadingRemove(doc, context);
+  }
+  return Result.result(await context.collection.model.deleteMany(filters));
+};
+export const removeAll = async (payload, context, options = {}) => {
+  if (options.bypassSecurity) {
+    return internalRemoveAll(payload, context);
+  }
+  const security = useSecurity(context);
+  const { error, result: securedPayload } = await security.secureReadPayload(payload);
+  if (error) {
+    switch (error) {
+      case ACError.InvalidLimit:
+        throw new Error();
+    }
+  }
+  return internalRemoveAll(securedPayload, context);
+};

package/dist/functions/{builtin/removeFile.d.ts → removeFile.d.ts}

@@ -1,5 +1,8 @@
 import type { Context, RemoveFilePayload } from '@aeriajs/types';
-export declare const removeFile: <TContext extends Context>(payload: RemoveFilePayload, context: TContext) => Promise<{
+export type RemoveFileOptions = {
+    bypassSecurity?: boolean;
+};
+export declare const removeFile: <TContext extends Context>(payload: RemoveFilePayload, context: TContext, options?: RemoveFileOptions) => Promise<{
     readonly _tag: "Result";
     readonly error: undefined;
     readonly result: any;

package/dist/functions/removeFile.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.removeFile = void 0;
+const types_1 = require("@aeriajs/types");
+const security_1 = require("@aeriajs/security");
+const internalRemoveFile = async (payload, context) => {
+    const { propertyName, parentId, ...props } = payload;
+    const doc = await context.collections.file.functions.remove(props);
+    return types_1.Result.result(doc);
+};
+const removeFile = async (payload, context, options = {}) => {
+    if (options.bypassSecurity) {
+        return internalRemoveFile(payload, context);
+    }
+    const security = (0, security_1.useSecurity)(context);
+    const { error, result: securedPayload } = await security.secureReadPayload(payload);
+    if (error) {
+        switch (error) {
+            case types_1.ACError.InvalidLimit: throw new Error;
+        }
+    }
+    return internalRemoveFile(securedPayload, context);
+};
+exports.removeFile = removeFile;

package/dist/functions/removeFile.mjs

@@ -0,0 +1,26 @@
+"use strict";
+import { Result, ACError } from "@aeriajs/types";
+import { useSecurity } from "@aeriajs/security";
+const internalRemoveFile = async (payload, context) => {
+  const {
+    propertyName,
+    parentId,
+    ...props
+  } = payload;
+  const doc = await context.collections.file.functions.remove(props);
+  return Result.result(doc);
+};
+export const removeFile = async (payload, context, options = {}) => {
+  if (options.bypassSecurity) {
+    return internalRemoveFile(payload, context);
+  }
+  const security = useSecurity(context);
+  const { error, result: securedPayload } = await security.secureReadPayload(payload);
+  if (error) {
+    switch (error) {
+      case ACError.InvalidLimit:
+        throw new Error();
+    }
+  }
+  return internalRemoveFile(securedPayload, context);
+};

package/dist/functions/{builtin/upload.js → upload.js}

@@ -66,6 +66,7 @@ const upload = async (_props, context) => {
     }
     const { error: headersError } = (0, validation_1.validate)(context.request.headers, {
         type: 'object',
+        additionalProperties: true,
         properties: {
             'x-stream-request': {
                 const: '1',
@@ -74,8 +75,6 @@ const upload = async (_props, context) => {
                 type: 'string',
             },
         },
-    }, {
-        extraneous: true,
     });
     if (headersError) {
         return context.error(types_1.HTTPStatus.BadRequest, {

package/dist/functions/{builtin/upload.mjs → upload.mjs}

@@ -35,6 +35,7 @@ export const upload = async (_props, context) => {
   }
   const { error: headersError } = validate(context.request.headers, {
     type: "object",
+    additionalProperties: true,
     properties: {
       "x-stream-request": {
         const: "1"
@@ -43,8 +44,6 @@ export const upload = async (_props, context) => {
         type: "string"
       }
     }
-  }, {
-    extraneous: true
   });
   if (headersError) {
     return context.error(HTTPStatus.BadRequest, {

package/dist/index.d.ts

@@ -8,6 +8,5 @@ export * from './endpoints.js';
 export * from './token.js';
 export * from './use.js';
 export * from './functions/index.js';
-export * from './functions/builtin/index.js';
-export * as functions from './functions/builtin/index.js';
+export * as functions from './functions/index.js';
 export { ObjectId, } from 'mongodb';

package/dist/index.js

@@ -37,7 +37,6 @@ __exportStar(require("./endpoints.js"), exports);
 __exportStar(require("./token.js"), exports);
 __exportStar(require("./use.js"), exports);
 __exportStar(require("./functions/index.js"), exports);
-__exportStar(require("./functions/builtin/index.js"), exports);
-exports.functions = __importStar(require("./functions/builtin/index.js"));
+exports.functions = __importStar(require("./functions/index.js"));
 var mongodb_1 = require("mongodb");
 Object.defineProperty(exports, "ObjectId", { enumerable: true, get: function () { return mongodb_1.ObjectId; } });

package/dist/index.mjs

@@ -9,8 +9,7 @@ export * from "./endpoints.mjs";
 export * from "./token.mjs";
 export * from "./use.mjs";
 export * from "./functions/index.mjs";
-export * from "./functions/builtin/index.mjs";
-export * as functions from "./functions/builtin/index.mjs";
+export * as functions from "./functions/index.mjs";
 export {
   ObjectId
 } from "mongodb";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aeriajs/core",
-  "version": "0.0.137",
+  "version": "0.0.139",
   "description": "",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -41,13 +41,13 @@
     "mongodb-memory-server": "^9.2.0"
   },
   "peerDependencies": {
-    "@aeriajs/builtins": "^0.0.137",
-    "@aeriajs/common": "^0.0.86",
-    "@aeriajs/entrypoint": "^0.0.88",
-    "@aeriajs/http": "^0.0.97",
-    "@aeriajs/security": "^0.0.137",
-    "@aeriajs/types": "^0.0.74",
-    "@aeriajs/validation": "^0.0.89"
+    "@aeriajs/builtins": "^0.0.139",
+    "@aeriajs/common": "^0.0.88",
+    "@aeriajs/entrypoint": "^0.0.90",
+    "@aeriajs/http": "^0.0.99",
+    "@aeriajs/security": "^0.0.139",
+    "@aeriajs/types": "^0.0.76",
+    "@aeriajs/validation": "^0.0.91"
   },
   "dependencies": {
     "mongodb": "^6.5.0",

package/dist/functions/builtin/getAll.d.ts

@@ -1,9 +0,0 @@
-import type { Context, SchemaWithId, GetAllPayload } from '@aeriajs/types';
-export type GetAllOptions = {
-    bypassSecurity?: boolean;
-};
-export declare const getAll: <TContext extends Context>(_payload: GetAllPayload<SchemaWithId<TContext["description"]>> | undefined, context: TContext, options?: GetAllOptions) => Promise<{
-    readonly _tag: "Result";
-    readonly error: undefined;
-    readonly result: SchemaWithId<TContext["description"]>[];
-}>;

package/dist/functions/builtin/index.d.ts

@@ -1,8 +0,0 @@
-export * from './count.js';
-export * from './get.js';
-export * from './getAll.js';
-export * from './insert.js';
-export * from './remove.js';
-export * from './removeAll.js';
-export * from './removeFile.js';
-export * from './upload.js';

package/dist/functions/builtin/index.js

@@ -1,24 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./count.js"), exports);
-__exportStar(require("./get.js"), exports);
-__exportStar(require("./getAll.js"), exports);
-__exportStar(require("./insert.js"), exports);
-__exportStar(require("./remove.js"), exports);
-__exportStar(require("./removeAll.js"), exports);
-__exportStar(require("./removeFile.js"), exports);
-__exportStar(require("./upload.js"), exports);

package/dist/functions/builtin/index.mjs

@@ -1,9 +0,0 @@
-"use strict";
-export * from "./count.mjs";
-export * from "./get.mjs";
-export * from "./getAll.mjs";
-export * from "./insert.mjs";
-export * from "./remove.mjs";
-export * from "./removeAll.mjs";
-export * from "./removeFile.mjs";
-export * from "./upload.mjs";

package/dist/functions/builtin/removeAll.mjs

@@ -1,21 +0,0 @@
-"use strict";
-import { Result } from "@aeriajs/types";
-import { throwIfError } from "@aeriajs/common";
-import { traverseDocument, cascadingRemove } from "../../collection/index.mjs";
-export const removeAll = async (payload, context) => {
-  const filtersWithId = {
-    ...payload.filters,
-    _id: {
-      $in: payload.filters
-    }
-  };
-  const filters = throwIfError(await traverseDocument(filtersWithId, context.description, {
-    autoCast: true
-  }));
-  const it = context.collection.model.find(filters);
-  let doc;
-  while (doc = await it.next()) {
-    await cascadingRemove(doc, context);
-  }
-  return Result.result(await context.collection.model.deleteMany(filters));
-};

package/dist/functions/builtin/removeFile.js

@@ -1,17 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.removeFile = void 0;
-const security_1 = require("@aeriajs/security");
-const types_1 = require("@aeriajs/types");
-const removeFile = async (payload, context) => {
-    const { propertyName, parentId, ...props } = payload;
-    await (0, security_1.checkImmutabilityRead)({
-        propertyName,
-        parentId,
-        childId: props.filters._id,
-        payload: props,
-    }, context);
-    const doc = await context.collections.file.functions.remove(props);
-    return types_1.Result.result(doc);
-};
-exports.removeFile = removeFile;

package/dist/functions/builtin/removeFile.mjs

@@ -1,18 +0,0 @@
-"use strict";
-import { checkImmutabilityRead } from "@aeriajs/security";
-import { Result } from "@aeriajs/types";
-export const removeFile = async (payload, context) => {
-  const {
-    propertyName,
-    parentId,
-    ...props
-  } = payload;
-  await checkImmutabilityRead({
-    propertyName,
-    parentId,
-    childId: props.filters._id,
-    payload: props
-  }, context);
-  const doc = await context.collections.file.functions.remove(props);
-  return Result.result(doc);
-};