npm - @agjs/tsforge - Versions diffs - 0.1.19 → 0.2.1 - Mend

@agjs/tsforge 0.1.19 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (122) hide show

package/src/rule-packs/authorization/utils.ts ADDED Viewed

@@ -0,0 +1,285 @@
+import { AST_NODE_TYPES, type TSESTree } from "@typescript-eslint/utils";
+import type { JSONSchema4 } from "@typescript-eslint/utils/json-schema";
+import { walkSome } from "../utils";
+export const DEFAULT_AUTHZ_FUNCTIONS = [
+  "requireUser",
+  "authorize",
+  "requireAuth",
+  "assertAuthorized",
+] as const;
+export interface IAuthzOptions {
+  readonly authzFunctions?: readonly string[];
+}
+export type AuthzRuleOptions = [IAuthzOptions];
+export const authzOptionSchema: JSONSchema4 = {
+  type: "object",
+  additionalProperties: false,
+  properties: {
+    authzFunctions: {
+      type: "array",
+      items: { type: "string" },
+      uniqueItems: true,
+      minItems: 1,
+    },
+  },
+};
+export const MUTATING_HTTP_METHODS = new Set([
+  "POST",
+  "PUT",
+  "PATCH",
+  "DELETE",
+]);
+const DB_MUTATION_METHODS = new Set(["update", "insert", "delete"]);
+const DB_QUERY_METHODS = new Set([
+  "select",
+  "query",
+  "findFirst",
+  "findMany",
+  "findUnique",
+  "get",
+  "execute",
+]);
+export function defaultAuthzOptions(): IAuthzOptions {
+  return { authzFunctions: [...DEFAULT_AUTHZ_FUNCTIONS] };
+}
+export function resolveAuthzFunctions(options: IAuthzOptions): Set<string> {
+  return new Set(options.authzFunctions ?? DEFAULT_AUTHZ_FUNCTIONS);
+}
+export function calleeName(callee: TSESTree.Node): string | null {
+  if (callee.type === AST_NODE_TYPES.Identifier) {
+    return callee.name;
+  }
+  if (
+    callee.type === AST_NODE_TYPES.MemberExpression &&
+    !callee.computed &&
+    callee.property.type === AST_NODE_TYPES.Identifier
+  ) {
+    return callee.property.name;
+  }
+  return null;
+}
+export function isAuthzCall(
+  node: TSESTree.CallExpression,
+  authzNames: Set<string>
+): boolean {
+  const name = calleeName(node.callee);
+  return name !== null && authzNames.has(name);
+}
+export function containsAuthzCall(
+  root: TSESTree.Node,
+  authzNames: Set<string>
+): boolean {
+  return walkSome(
+    root,
+    (node) =>
+      node.type === AST_NODE_TYPES.CallExpression &&
+      isAuthzCall(node, authzNames)
+  );
+}
+export function isRouteHandlerFile(filename: string): boolean {
+  const base = filename.split(/[\\/]/).pop() ?? "";
+  return /^route\.(?:tsx|ts|jsx|js)$/.test(base);
+}
+export function hasUseServerDirective(program: TSESTree.Program): boolean {
+  for (const stmt of program.body) {
+    if (
+      stmt.type !== AST_NODE_TYPES.ExpressionStatement ||
+      stmt.expression.type !== AST_NODE_TYPES.Literal ||
+      typeof stmt.expression.value !== "string"
+    ) {
+      return false;
+    }
+    if (stmt.expression.value === "use server") {
+      return true;
+    }
+  }
+  return false;
+}
+function dbReceiverName(callee: TSESTree.MemberExpression): string | null {
+  const object = callee.object;
+  if (object.type === AST_NODE_TYPES.Identifier) {
+    return object.name;
+  }
+  if (
+    object.type === AST_NODE_TYPES.MemberExpression &&
+    !object.computed &&
+    object.property.type === AST_NODE_TYPES.Identifier
+  ) {
+    return object.property.name;
+  }
+  return null;
+}
+function looksLikeDbReceiver(name: string | null): boolean {
+  if (name === null) {
+    return false;
+  }
+  return name === "db" || name === "tx" || name.endsWith("Db");
+}
+export function isDbMutationCall(node: TSESTree.CallExpression): boolean {
+  const callee = node.callee;
+  if (callee.type !== AST_NODE_TYPES.MemberExpression || callee.computed) {
+    return false;
+  }
+  const method = calleeName(callee);
+  if (method === null || !DB_MUTATION_METHODS.has(method)) {
+    return false;
+  }
+  return looksLikeDbReceiver(dbReceiverName(callee));
+}
+export function isDbQueryCall(node: TSESTree.CallExpression): boolean {
+  const callee = node.callee;
+  if (callee.type !== AST_NODE_TYPES.MemberExpression || callee.computed) {
+    return false;
+  }
+  const method = calleeName(callee);
+  if (method === null || !DB_QUERY_METHODS.has(method)) {
+    return false;
+  }
+  return looksLikeDbReceiver(dbReceiverName(callee));
+}
+export function isParamsIdRead(node: TSESTree.Node): boolean {
+  if (node.type !== AST_NODE_TYPES.MemberExpression || node.computed) {
+    return false;
+  }
+  const object = node.object;
+  const property = node.property;
+  if (
+    object.type !== AST_NODE_TYPES.Identifier ||
+    object.name !== "params" ||
+    property.type !== AST_NODE_TYPES.Identifier ||
+    property.name !== "id"
+  ) {
+    return false;
+  }
+  return true;
+}
+export type FunctionLike =
+  | TSESTree.FunctionDeclaration
+  | TSESTree.FunctionExpression
+  | TSESTree.ArrowFunctionExpression;
+export function getExportedMutatingHandlerName(
+  node: TSESTree.Node
+): string | null {
+  if (node.type === AST_NODE_TYPES.ExportNamedDeclaration) {
+    const declaration = node.declaration;
+    if (declaration === null) {
+      return null;
+    }
+    if (declaration.type === AST_NODE_TYPES.FunctionDeclaration) {
+      return getMutatingHandlerNameFromFunction(declaration);
+    }
+    if (declaration.type === AST_NODE_TYPES.VariableDeclaration) {
+      for (const declarator of declaration.declarations) {
+        const name = getMutatingHandlerNameFromVariableDeclarator(declarator);
+        if (name !== null) {
+          return name;
+        }
+      }
+    }
+    return null;
+  }
+  if (
+    node.type === AST_NODE_TYPES.FunctionDeclaration &&
+    node.parent?.type === AST_NODE_TYPES.ExportNamedDeclaration
+  ) {
+    return getMutatingHandlerNameFromFunction(node);
+  }
+  return null;
+}
+function getMutatingHandlerNameFromFunction(
+  node: TSESTree.FunctionDeclaration
+): string | null {
+  if (node.id === null) {
+    return null;
+  }
+  if (!MUTATING_HTTP_METHODS.has(node.id.name)) {
+    return null;
+  }
+  return node.id.name;
+}
+function getMutatingHandlerNameFromVariableDeclarator(
+  node: TSESTree.VariableDeclarator
+): string | null {
+  if (node.id.type !== AST_NODE_TYPES.Identifier) {
+    return null;
+  }
+  if (!MUTATING_HTTP_METHODS.has(node.id.name)) {
+    return null;
+  }
+  const init = node.init;
+  if (
+    init === null ||
+    (init.type !== AST_NODE_TYPES.FunctionExpression &&
+      init.type !== AST_NODE_TYPES.ArrowFunctionExpression)
+  ) {
+    return null;
+  }
+  return node.id.name;
+}
+export function getFunctionLikeBody(
+  node: FunctionLike
+): TSESTree.BlockStatement | TSESTree.Expression | null {
+  if (node.type === AST_NODE_TYPES.ArrowFunctionExpression) {
+    return node.body;
+  }
+  return node.body;
+}

package/src/rule-packs/boundary-utils.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import { AST_NODE_TYPES, type TSESTree } from "@typescript-eslint/utils";
+export function isExpression(node: TSESTree.Node): node is TSESTree.Expression {
+  return node.type !== AST_NODE_TYPES.SpreadElement;
+}
+export function isStringLiteral(node: TSESTree.Expression): boolean {
+  return node.type === AST_NODE_TYPES.Literal && typeof node.value === "string";
+}
+export function isIdentifierNamed(node: TSESTree.Node, name: string): boolean {
+  return node.type === AST_NODE_TYPES.Identifier && node.name === name;
+}

package/src/rule-packs/code-flow/index.ts CHANGED Viewed

@@ -2,12 +2,14 @@ import type { TSESLint } from "@typescript-eslint/utils";
 import { noBareDateNowRule } from "./rules/no-bare-date-now";
 import { noTemplateTrimEmptyTernaryRule } from "./rules/no-template-trim-empty-ternary";
+import { noThrowLiteralRule } from "./rules/no-throw-literal";
 import { preferEarlyReturnRule } from "./rules/prefer-early-return";
 import type { IRulePack } from "../rule-packs.types";
 const rules: Record<string, TSESLint.RuleModule<string, readonly unknown[]>> = {
   "no-bare-date-now": noBareDateNowRule,
   "no-template-trim-empty-ternary": noTemplateTrimEmptyTernaryRule,
+  "no-throw-literal": noThrowLiteralRule,
   "prefer-early-return": preferEarlyReturnRule,
 };
@@ -18,7 +20,8 @@ export const codeFlowPack: IRulePack = {
   rulesConfig: {
     "no-bare-date-now": "error",
     "no-template-trim-empty-ternary": "error",
-    "prefer-early-return": "error",
+    "no-throw-literal": "error",
+    "prefer-early-return": "warn",
   },
 };

package/src/rule-packs/code-flow/rules/no-throw-literal.ts ADDED Viewed

@@ -0,0 +1,67 @@
+import { AST_NODE_TYPES, type TSESTree } from "@typescript-eslint/utils";
+import { createRule } from "../../create-rule";
+export const RULE_NAME = "no-throw-literal";
+type MessageIds = "throwLiteral";
+function isErrorConstruction(node: TSESTree.Expression): boolean {
+  if (node.type === AST_NODE_TYPES.NewExpression) {
+    const callee = node.callee;
+    if (callee.type === AST_NODE_TYPES.Identifier && callee.name === "Error") {
+      return true;
+    }
+    if (
+      callee.type === AST_NODE_TYPES.MemberExpression &&
+      !callee.computed &&
+      callee.property.type === AST_NODE_TYPES.Identifier &&
+      callee.property.name === "Error"
+    ) {
+      return true;
+    }
+  }
+  return false;
+}
+export const noThrowLiteralRule = createRule<[], MessageIds>({
+  name: RULE_NAME,
+  meta: {
+    type: "problem",
+    docs: {
+      description:
+        "Disallow throwing primitive literals (strings, numbers) — throw Error instances so error handlers can propagate status and stack traces correctly.",
+    },
+    schema: [],
+    messages: {
+      throwLiteral:
+        "Do not throw a literal value — throw an `Error` instance (e.g. `throw new Error('...')`) so framework error handlers can propagate it correctly.",
+    },
+  },
+  defaultOptions: [],
+  create(context) {
+    return {
+      ThrowStatement(node: TSESTree.ThrowStatement) {
+        const argument = node.argument;
+        if (argument === null) {
+          return;
+        }
+        if (isErrorConstruction(argument)) {
+          return;
+        }
+        if (
+          argument.type === AST_NODE_TYPES.Literal ||
+          argument.type === AST_NODE_TYPES.TemplateLiteral
+        ) {
+          context.report({ node, messageId: "throwLiteral" });
+        }
+      },
+    };
+  },
+});

package/src/rule-packs/drizzle/index.ts CHANGED Viewed

@@ -8,6 +8,8 @@ import { schemaFilesMustNotImportDriverRule } from "./rules/schema-files-must-no
 import { schemaFilesMustOnlyExportSchemaRule } from "./rules/schema-files-must-only-export-schema";
 import { tablesMustHaveTimestampsRule } from "./rules/tables-must-have-timestamps";
 import { timestampMustSpecifyModeRule } from "./rules/timestamp-must-specify-mode";
+import { updateDeleteAccountScopedMustFilterScopeRule } from "./rules/update-delete-account-scoped-must-filter-scope";
+import { updateDeleteMustHaveWhereRule } from "./rules/update-delete-must-have-where";
 import type { IRulePack } from "../rule-packs.types";
 const rules: Record<string, TSESLint.RuleModule<string, readonly unknown[]>> = {
@@ -19,6 +21,9 @@ const rules: Record<string, TSESLint.RuleModule<string, readonly unknown[]>> = {
   "schema-files-must-only-export-schema": schemaFilesMustOnlyExportSchemaRule,
   "tables-must-have-timestamps": tablesMustHaveTimestampsRule,
   "timestamp-must-specify-mode": timestampMustSpecifyModeRule,
+  "update-delete-account-scoped-must-filter-scope":
+    updateDeleteAccountScopedMustFilterScopeRule,
+  "update-delete-must-have-where": updateDeleteMustHaveWhereRule,
 };
 export const drizzlePack: IRulePack = {
@@ -35,6 +40,8 @@ export const drizzlePack: IRulePack = {
     "schema-files-must-only-export-schema": "warn",
     "tables-must-have-timestamps": "warn",
     "timestamp-must-specify-mode": "error",
+    "update-delete-account-scoped-must-filter-scope": "error",
+    "update-delete-must-have-where": "error",
   },
 };

package/src/rule-packs/drizzle/rules/update-delete-account-scoped-must-filter-scope.ts ADDED Viewed

@@ -0,0 +1,106 @@
+import type { JSONSchema4 } from "@typescript-eslint/utils/json-schema";
+import { createRule } from "../../create-rule";
+import { matchesAnyGlobPattern } from "../../utils";
+import {
+  chainContainsWhereWithScope,
+  identifyUpdateDeleteQuery,
+} from "../utils";
+export const RULE_NAME = "update-delete-account-scoped-must-filter-scope";
+export interface IUpdateDeleteAccountScopedMustFilterScopeOptions {
+  readonly tables?: readonly string[];
+  readonly scopeColumn?: string;
+  readonly alternateScopeColumns?: readonly string[];
+  readonly allowFiles?: readonly string[];
+}
+type RuleOptions = [IUpdateDeleteAccountScopedMustFilterScopeOptions];
+type MessageIds = "missingScopeFilter";
+const DEFAULT_SCOPE_COLUMN = "accountId";
+const optionSchema: JSONSchema4 = {
+  type: "object",
+  additionalProperties: false,
+  properties: {
+    tables: {
+      type: "array",
+      items: { type: "string" },
+      uniqueItems: true,
+      minItems: 1,
+    },
+    scopeColumn: { type: "string", minLength: 1 },
+    alternateScopeColumns: {
+      type: "array",
+      items: { type: "string", minLength: 1 },
+      uniqueItems: true,
+    },
+    allowFiles: {
+      type: "array",
+      items: { type: "string", minLength: 1 },
+      uniqueItems: true,
+    },
+  },
+};
+export const updateDeleteAccountScopedMustFilterScopeRule = createRule<
+  RuleOptions,
+  MessageIds
+>({
+  name: RULE_NAME,
+  meta: {
+    type: "problem",
+    docs: {
+      description:
+        "Require Drizzle `.update()` / `.delete()` against account-scoped tables to filter by a scope column in `.where()`.",
+    },
+    schema: [optionSchema],
+    messages: {
+      missingScopeFilter:
+        "Drizzle `.{{kind}}()` on account-scoped table `{{table}}` is missing a `{{scopeColumn}}` filter in `.where()` — tenant data can leak across accounts.",
+    },
+  },
+  defaultOptions: [{}],
+  create(context, [options]) {
+    const tables = new Set(options.tables ?? []);
+    const scopeColumn = options.scopeColumn ?? DEFAULT_SCOPE_COLUMN;
+    const alternateScopeColumns = options.alternateScopeColumns ?? [];
+    const allowFiles = options.allowFiles ?? [];
+    if (tables.size === 0) {
+      return {};
+    }
+    if (matchesAnyGlobPattern(context.filename, allowFiles)) {
+      return {};
+    }
+    const scopeColumns = [scopeColumn, ...alternateScopeColumns];
+    return {
+      CallExpression(node) {
+        const query = identifyUpdateDeleteQuery(node);
+        if (query === null || !tables.has(query.table)) {
+          return;
+        }
+        if (chainContainsWhereWithScope(node, scopeColumns)) {
+          return;
+        }
+        context.report({
+          node,
+          messageId: "missingScopeFilter",
+          data: {
+            kind: query.kind,
+            table: query.table,
+            scopeColumn,
+          },
+        });
+      },
+    };
+  },
+});

package/src/rule-packs/drizzle/rules/update-delete-must-have-where.ts ADDED Viewed

@@ -0,0 +1,73 @@
+import type { JSONSchema4 } from "@typescript-eslint/utils/json-schema";
+import { createRule } from "../../create-rule";
+import { matchesAnyGlobPattern } from "../../utils";
+import { chainContainsWhere, identifyUpdateDeleteQuery } from "../utils";
+export const RULE_NAME = "update-delete-must-have-where";
+export interface IUpdateDeleteMustHaveWhereOptions {
+  readonly allowFiles?: readonly string[];
+}
+type RuleOptions = [IUpdateDeleteMustHaveWhereOptions];
+type MessageIds = "missingWhere";
+const optionSchema: JSONSchema4 = {
+  type: "object",
+  additionalProperties: false,
+  properties: {
+    allowFiles: {
+      type: "array",
+      items: { type: "string", minLength: 1 },
+      uniqueItems: true,
+    },
+  },
+};
+export const updateDeleteMustHaveWhereRule = createRule<
+  RuleOptions,
+  MessageIds
+>({
+  name: RULE_NAME,
+  meta: {
+    type: "problem",
+    docs: {
+      description:
+        "Require every Drizzle `.update()` and `.delete()` call to include a `.where()` clause — unscoped writes affect every row.",
+    },
+    schema: [optionSchema],
+    messages: {
+      missingWhere:
+        "Drizzle `.{{kind}}()` on `{{table}}` is missing `.where()` — unscoped writes can mutate every row in the table.",
+    },
+  },
+  defaultOptions: [{}],
+  create(context, [options]) {
+    const allowFiles = options.allowFiles ?? [];
+    if (matchesAnyGlobPattern(context.filename, allowFiles)) {
+      return {};
+    }
+    return {
+      CallExpression(node) {
+        const query = identifyUpdateDeleteQuery(node);
+        if (query === null) {
+          return;
+        }
+        if (chainContainsWhere(node)) {
+          return;
+        }
+        context.report({
+          node,
+          messageId: "missingWhere",
+          data: { kind: query.kind, table: query.table },
+        });
+      },
+    };
+  },
+});