npm - @airoom/nextmin-node - Versions diffs - 0.1.0 - Mend

@airoom/nextmin-node 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

package/LICENSE +49 -0
package/README.md +178 -0
package/dist/api/apiRouter.d.ts +65 -0
package/dist/api/apiRouter.js +1548 -0
package/dist/database/DatabaseAdapter.d.ts +14 -0
package/dist/database/DatabaseAdapter.js +2 -0
package/dist/database/InMemoryAdapter.d.ts +15 -0
package/dist/database/InMemoryAdapter.js +71 -0
package/dist/database/MongoAdapter.d.ts +52 -0
package/dist/database/MongoAdapter.js +409 -0
package/dist/files/FileStorageAdapter.d.ts +35 -0
package/dist/files/FileStorageAdapter.js +2 -0
package/dist/files/S3FileStorageAdapter.d.ts +30 -0
package/dist/files/S3FileStorageAdapter.js +84 -0
package/dist/files/filename.d.ts +5 -0
package/dist/files/filename.js +40 -0
package/dist/index.d.ts +13 -0
package/dist/index.js +87 -0
package/dist/models/BaseModel.d.ts +44 -0
package/dist/models/BaseModel.js +31 -0
package/dist/policy/authorize.d.ts +25 -0
package/dist/policy/authorize.js +305 -0
package/dist/policy/conditions.d.ts +14 -0
package/dist/policy/conditions.js +30 -0
package/dist/policy/types.d.ts +53 -0
package/dist/policy/types.js +2 -0
package/dist/policy/utils.d.ts +9 -0
package/dist/policy/utils.js +118 -0
package/dist/schemas/Roles.json +64 -0
package/dist/schemas/Settings.json +62 -0
package/dist/schemas/Users.json +123 -0
package/dist/services/SchemaService.d.ts +10 -0
package/dist/services/SchemaService.js +46 -0
package/dist/utils/DefaultDataInitializer.d.ts +21 -0
package/dist/utils/DefaultDataInitializer.js +269 -0
package/dist/utils/Logger.d.ts +12 -0
package/dist/utils/Logger.js +79 -0
package/dist/utils/SchemaLoader.d.ts +51 -0
package/dist/utils/SchemaLoader.js +323 -0
package/dist/utils/apiKey.d.ts +5 -0
package/dist/utils/apiKey.js +14 -0
package/dist/utils/fieldCodecs.d.ts +13 -0
package/dist/utils/fieldCodecs.js +133 -0
package/package.json +45 -0
package/tsconfig.json +8 -0

package/dist/policy/conditions.js ADDED Viewed

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildConditionFilter = buildConditionFilter;
+exports.checkRecordCondition = checkRecordCondition;
+function buildConditionFilter(condition, opts) {
+    const by = opts.by || (condition === 'owner' ? 'createdBy' : condition === 'sameTenant' ? 'tenantId' : undefined);
+    if (!by)
+        return {};
+    if (condition === 'owner') {
+        return { [by]: opts.context.userId || null };
+    }
+    if (condition === 'sameTenant') {
+        return { [by]: opts.context.tenantId || null };
+    }
+    return {};
+}
+function checkRecordCondition(condition, record, opts) {
+    const by = opts.by || (condition === 'owner' ? 'createdBy' : condition === 'sameTenant' ? 'tenantId' : undefined);
+    if (!by)
+        return true;
+    if (!record || typeof record !== 'object')
+        return false;
+    if (condition === 'owner') {
+        return String(record[by] ?? '') === String(opts.context.userId ?? '');
+    }
+    if (condition === 'sameTenant') {
+        return String(record[by] ?? '') === String(opts.context.tenantId ?? '');
+    }
+    return true;
+}

package/dist/policy/types.d.ts ADDED Viewed

@@ -0,0 +1,53 @@
+export type Action = 'create' | 'read' | 'update' | 'delete';
+export type Rule = boolean | 'owner';
+export type AccessMatrix = {
+    public?: Partial<Record<Action, Rule>>;
+    authenticated?: Partial<Record<Action, Rule>>;
+    roles?: Record<string, Partial<Record<Action, Rule>>>;
+    conditions?: Record<string, {
+        by: string;
+    }>;
+    filters?: Record<string, any>;
+    readMask?: string[];
+    writeDeny?: string[];
+    restrictions?: Record<string, any>;
+    createDefaults?: Record<string, Record<string, any>>;
+};
+export type SchemaPolicy = {
+    allowedMethods?: Partial<Record<Action, boolean>>;
+    access?: AccessMatrix;
+    modelName?: string;
+};
+export type Context = {
+    isAuthenticated: boolean;
+    role?: string | null;
+    userId?: string | null;
+    tenantId?: string | null;
+    isSuperadmin?: boolean;
+    apiKeyOk?: boolean;
+};
+export type Decision = {
+    allow: boolean;
+    reason?: string;
+    queryFilter?: Record<string, any>;
+    readMask?: string[];
+    writeDeny?: string[];
+    createDefaults?: Record<string, any>;
+    restrictions?: Record<string, any>;
+};
+export type DynamicGrant = {
+    id: string;
+    subject: {
+        userId?: string;
+        role?: string;
+    };
+    resource: {
+        model: string;
+        recordId?: string;
+        query?: any;
+    };
+    actions: Action[];
+    conditions?: string[];
+    expiresAt?: string | Date | null;
+    metadata?: Record<string, any>;
+};

package/dist/policy/types.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/policy/utils.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+export declare function applyReadMaskOne<T extends Record<string, any>>(doc: T, mask?: string[]): T;
+export declare function applyReadMaskMany<T extends Record<string, any>>(docs: T[], mask?: string[]): T[];
+export declare function stripWriteDeny(payload: any, deny?: string[]): any;
+export declare function mergeCreateDefaults(payload: any, defaults?: Record<string, any>): any;
+export declare function enforceRestrictions(payload: any, restrictions: Record<string, any> | undefined, context: {
+    role?: string;
+    isSuperadmin?: boolean;
+}): void;
+export declare function andFilter(a?: Record<string, any>, b?: Record<string, any>): Record<string, any>;

package/dist/policy/utils.js ADDED Viewed

@@ -0,0 +1,118 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.applyReadMaskOne = applyReadMaskOne;
+exports.applyReadMaskMany = applyReadMaskMany;
+exports.stripWriteDeny = stripWriteDeny;
+exports.mergeCreateDefaults = mergeCreateDefaults;
+exports.enforceRestrictions = enforceRestrictions;
+exports.andFilter = andFilter;
+function deleteDeep(obj, path) {
+    let cur = obj;
+    for (let i = 0; i < path.length - 1; i++) {
+        const k = path[i];
+        if (!cur || typeof cur !== 'object')
+            return;
+        cur = cur[k];
+    }
+    const last = path[path.length - 1];
+    if (cur && typeof cur === 'object') {
+        delete cur[last];
+    }
+}
+function matchesWildcardPath(path, pattern) {
+    if (pattern.endsWith(".*")) {
+        const prefix = pattern.slice(0, -2);
+        return path === prefix || path.startsWith(prefix + ".");
+    }
+    return path === pattern || path === "-" + pattern || path === "+" + pattern;
+}
+function applyReadMaskOne(doc, mask) {
+    if (!mask || mask.length === 0)
+        return doc;
+    const clone = JSON.parse(JSON.stringify(doc));
+    const pathsToRemove = [];
+    for (const m of mask) {
+        const clean = m.startsWith('-') ? m.slice(1) : (m.startsWith('+') ? m.slice(1) : m);
+        pathsToRemove.push(clean);
+    }
+    function walk(current, pathPrefix) {
+        if (!current || typeof current !== 'object')
+            return;
+        for (const key of Object.keys(current)) {
+            const path = [...pathPrefix, key].join('.');
+            if (pathsToRemove.some(p => matchesWildcardPath(path, p))) {
+                delete current[key];
+            }
+            else {
+                walk(current[key], [...pathPrefix, key]);
+            }
+        }
+    }
+    walk(clone, []);
+    return clone;
+}
+function applyReadMaskMany(docs, mask) {
+    if (!mask || mask.length === 0)
+        return docs;
+    return docs.map(d => applyReadMaskOne(d, mask));
+}
+function stripWriteDeny(payload, deny) {
+    if (!payload || !deny || deny.length === 0)
+        return payload;
+    const clone = JSON.parse(JSON.stringify(payload));
+    for (const d of deny) {
+        const p = d.startsWith('-') ? d.slice(1) : d;
+        const parts = p.split('.');
+        deleteDeep(clone, parts);
+    }
+    return clone;
+}
+function mergeCreateDefaults(payload, defaults) {
+    if (!defaults)
+        return payload;
+    const clone = { ...payload };
+    for (const [k, v] of Object.entries(defaults)) {
+        if (clone[k] === undefined)
+            clone[k] = v;
+    }
+    return clone;
+}
+function enforceRestrictions(payload, restrictions, context) {
+    if (!restrictions)
+        return;
+    if (context.isSuperadmin)
+        return;
+    const role = context.role || '';
+    const key = `roles.${role}.cannotAssign`;
+    const rule = restrictions[key];
+    if (rule && typeof rule === 'object') {
+        for (const field of Object.keys(rule)) {
+            const forbiddenVals = rule[field] || [];
+            const val = payload[field];
+            if (val != null) {
+                if (Array.isArray(val)) {
+                    const set = new Set(val.map(String));
+                    for (const f of forbiddenVals.map(String)) {
+                        if (set.has(f)) {
+                            const err = new Error(`Forbidden to assign ${field}=${f}`);
+                            err.status = 403;
+                            throw err;
+                        }
+                    }
+                }
+                else if (forbiddenVals.map(String).includes(String(val))) {
+                    const err = new Error(`Forbidden to assign ${field}=${val}`);
+                    err.status = 403;
+                    throw err;
+                }
+            }
+        }
+    }
+}
+function andFilter(a, b) {
+    if (!a)
+        return b || {};
+    if (!b)
+        return a;
+    return { $and: [a, b] };
+}

package/dist/schemas/Roles.json ADDED Viewed

@@ -0,0 +1,64 @@
+{
+  "modelName": "Roles",
+  "attributes": {
+    "name": { "type": "string", "required": true, "unique": true },
+    "description": { "type": "string" },
+    "type": {
+      "type": "string",
+      "enum": ["system", "default", "user"],
+      "default": "user",
+      "required": true
+    }
+  },
+  "allowedMethods": {
+    "create": true,
+    "read": true,
+    "update": true,
+    "delete": true
+  },
+  "access": {
+    "public": {
+      "create": true,
+      "read": false,
+      "update": false,
+      "delete": false
+    },
+    "authenticated": {
+      "create": false,
+      "read": "owner",
+      "update": false,
+      "delete": false
+    },
+    "roles": {
+      "admin": {
+        "create": true,
+        "read": true,
+        "update": true,
+        "delete": false
+      },
+      "superadmin": {
+        "create": true,
+        "read": true,
+        "update": true,
+        "delete": true
+      }
+    },
+    "conditions": { "owner": { "by": "id" } },
+    "readMask": ["-password"],
+    "writeDeny": ["password"],
+    "bypassPrivacy": { "roles": ["admin", "superadmin"] },
+    "createDefaults": {
+      "public": { "role": "user", "status": "pending" },
+      "roles.admin": { "status": "active" },
+      "roles.superadmin": { "status": "active" }
+    },
+    "restrictions": {
+      "roles.admin.cannotAssign": { "role": ["superadmin"] }
+    }
+  }
+}

package/dist/schemas/Settings.json ADDED Viewed

@@ -0,0 +1,62 @@
+{
+  "modelName": "Settings",
+  "attributes": {
+    "apiKey": {
+      "type": "string",
+      "required": true,
+      "readOnly": true
+    },
+    "siteName": {
+      "type": "string",
+      "required": true
+    },
+    "googleMapsKey": {
+      "type": "string"
+    },
+    "siteLogo": [
+      {
+        "type": "string",
+        "fileTypes": "images/*",
+        "maxFilesCount": 1,
+        "maxFileSize": 2097152,
+        "required": true
+      }
+    ]
+  },
+  "allowedMethods": {
+    "read": true,
+    "update": true,
+    "create": false,
+    "delete": false
+  },
+  "access": {
+    "public": {
+      "read": true,
+      "update": false,
+      "create": false,
+      "delete": false
+    },
+    "authenticated": {
+      "read": true,
+      "update": false,
+      "create": false,
+      "delete": false
+    },
+    "roles": {
+      "admin": {
+        "read": true,
+        "update": true,
+        "create": false,
+        "delete": false
+      },
+      "superadmin": {
+        "read": true,
+        "update": true,
+        "create": false,
+        "delete": false
+      }
+    }
+  }
+}

package/dist/schemas/Users.json ADDED Viewed

@@ -0,0 +1,123 @@
+{
+  "modelName": "Users",
+  "attributes": {
+    "username": {
+      "type": "string",
+      "required": true,
+      "unique": true
+    },
+    "email": {
+      "type": "string",
+      "required": true,
+      "unique": true
+    },
+    "firstName": {
+      "type": "string",
+      "required": true
+    },
+    "lastName": {
+      "type": "string",
+      "required": true
+    },
+    "password": {
+      "type": "string",
+      "required": true,
+      "private": true,
+      "writeOnly": true
+    },
+    "profilePicture": [
+      {
+        "type": "string",
+        "fileTypes": "images/*",
+        "multiple": true,
+        "maxFilesCount": 1,
+        "maxFileSize": 1000000,
+        "required": true
+      }
+    ],
+    "role": [
+      {
+        "type": "ObjectId",
+        "ref": "Roles",
+        "default": "user",
+        "show": "name",
+        "required": true
+      }
+    ],
+    "status": {
+      "type": "string",
+      "enum": ["pending", "active", "suspended"],
+      "default": "pending",
+      "required": true
+    },
+    "type": {
+      "type": "string",
+      "enum": ["system", "default", "user"],
+      "default": "user",
+      "required": true
+    }
+  },
+  "allowedMethods": {
+    "create": true,
+    "read": true,
+    "update": true,
+    "delete": false
+  },
+  "access": {
+    "public": {
+      "create": true,
+      "read": false,
+      "update": false,
+      "delete": false
+    },
+    "authenticated": {
+      "create": false,
+      "read": "owner",
+      "update": false,
+      "delete": false
+    },
+    "roles": {
+      "admin": {
+        "create": true,
+        "read": true,
+        "update": true,
+        "delete": false
+      },
+      "superadmin": {
+        "create": true,
+        "read": true,
+        "update": true,
+        "delete": true
+      }
+    },
+    "queryFilter": {
+      "authenticated": { "id": { "ne": "$CTX.userId" } },
+      "roles": {
+        "admin":       { "id": { "ne": "$CTX.userId" } },
+        "superadmin":  {}
+      }
+    },
+    "conditions": { "owner": { "by": "id" } },
+    "readMask": ["-password"],
+    "writeDeny": ["password"],
+    "bypassPrivacy": { "roles": ["admin", "superadmin"] },
+    "createDefaults": {
+      "public": { "role": "user", "status": "pending" },
+      "roles.admin": { "status": "active" },
+      "roles.superadmin": { "status": "active" }
+    },
+    "restrictions": {
+      "roles.admin.cannotAssign": { "role": ["superadmin"] }
+    }
+  }
+}

package/dist/services/SchemaService.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { Server as HTTPServer } from 'http';
+export declare const SOCKET_PATH = "/__nextmin__/schema";
+export declare const NAMESPACE = "/schema";
+export interface SchemaServiceOptions {
+    /** Return the trusted API key used to authorize socket clients */
+    getApiKey?: () => string | undefined;
+    /** Optional CORS origin override (defaults to "*") */
+    corsOrigin?: string | RegExp | (string | RegExp)[];
+}
+export declare function startSchemaService(server: HTTPServer, opts?: SchemaServiceOptions): void;

package/dist/services/SchemaService.js ADDED Viewed

@@ -0,0 +1,46 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NAMESPACE = exports.SOCKET_PATH = void 0;
+exports.startSchemaService = startSchemaService;
+const socket_io_1 = require("socket.io");
+const SchemaLoader_1 = require("../utils/SchemaLoader");
+const Logger_1 = __importDefault(require("../utils/Logger"));
+exports.SOCKET_PATH = '/__nextmin__/schema';
+exports.NAMESPACE = '/schema';
+let started = false;
+let io = null;
+let nsp = null;
+function startSchemaService(server, opts = {}) {
+    if (started)
+        return;
+    started = true;
+    Logger_1.default.info('SchemaService:', `Starting schema service path:${exports.SOCKET_PATH} namespace:${exports.NAMESPACE}`);
+    io = new socket_io_1.Server(server, {
+        path: exports.SOCKET_PATH,
+        cors: { origin: opts.corsOrigin ?? '*' },
+    });
+    nsp = io.of(exports.NAMESPACE);
+    // --- auth gate ---
+    nsp.use((socket, next) => {
+        const provided = socket.handshake.auth?.apiKey;
+        const trusted = opts.getApiKey?.();
+        if (trusted && provided === trusted)
+            return next();
+        next(new Error('unauthorized'));
+    });
+    const loader = SchemaLoader_1.SchemaLoader.getInstance?.() ?? new SchemaLoader_1.SchemaLoader();
+    nsp.on('connection', (socket) => {
+        Logger_1.default.info('SchemaService:', socket.id);
+        // Send full snapshot on connect
+        socket.emit('schemasData', loader.getPublicSchemaList());
+    });
+    // Broadcast updates on hot-reload / schema changes
+    if (typeof loader.on === 'function') {
+        loader.on('schemasChanged', (schemas) => {
+            nsp?.emit('schemasUpdated', schemas);
+        });
+    }
+}

package/dist/utils/DefaultDataInitializer.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import { BaseModel } from '../models/BaseModel';
+import { DatabaseAdapter } from '../database/DatabaseAdapter';
+type Models = Record<string, BaseModel>;
+export declare class DefaultDataInitializer {
+    private dbAdapter;
+    private models;
+    private apiKey;
+    private jwtSecret;
+    constructor(dbAdapter: DatabaseAdapter, models: Models, opts?: {
+        jwtSecret?: string;
+    });
+    getApiKey(): string | null;
+    initialize(): Promise<void>;
+    private getModel;
+    private inferUserRoleStorage;
+    private ensureHash;
+    private ensureRoles;
+    private ensureSuperAdminUser;
+    private ensureSettingsDocument;
+}
+export {};