@aws-amplify/data-schema 0.13.6 → 0.13.8

package/lib-esm/src/SchemaProcessor.js

@@ -1,10 +1,37 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.processSchema = void 0;
 const ModelField_1 = require("./ModelField");
 const ModelRelationalField_1 = require("./ModelRelationalField");
 const Authorization_1 = require("./Authorization");
 const CustomOperation_1 = require("./CustomOperation");
+const util_1 = require("./util");
+const Handler_1 = require("./Handler");
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
 function isInternalModel(model) {
     if (model.data &&
         !isCustomType(model) &&
@@ -41,13 +68,18 @@ function isRefFieldDef(data) {
     return data?.type === 'ref';
 }
 function isModelField(field) {
-    return isModelFieldDef(field.data);
+    return isModelFieldDef(field?.data);
+}
+function dataSourceIsRef(dataSource) {
+    return (typeof dataSource !== 'string' &&
+        dataSource?.data &&
+        dataSource.data.type === 'ref');
 }
 function isScalarField(field) {
-    return isScalarFieldDef(field.data);
+    return isScalarFieldDef(field?.data);
 }
 function isRefField(field) {
-    return isRefFieldDef(field.data);
+    return isRefFieldDef(field?.data);
 }
 function scalarFieldToGql(fieldDef, identifier, secondaryIndexes = []) {
     const { fieldType, required, array, arrayRequired, default: _default, } = fieldDef;
@@ -123,21 +155,23 @@ function refFieldToGql(fieldDef) {
     // }
     return field;
 }
-function customOperationToGql(typeName, typeDef, authorization) {
+function customOperationToGql(typeName, typeDef, authorization, isCustom = false) {
     const { arguments: fieldArgs, returnType, functionRef } = typeDef.data;
     let callSignature = typeName;
     const implicitModels = [];
-    const { authString } = calculateAuth(authorization);
+    const { authString } = isCustom
+        ? calculateCustomAuth(authorization)
+        : calculateAuth(authorization);
     let returnTypeName;
     if (isRefField(returnType)) {
-        returnTypeName = refFieldToGql(returnType.data);
+        returnTypeName = refFieldToGql(returnType?.data);
     }
     else if (isCustomType(returnType)) {
         returnTypeName = `${capitalize(typeName)}ReturnType`;
         implicitModels.push([returnTypeName, returnType]);
     }
     else if (isScalarField(returnType)) {
-        returnTypeName = scalarFieldToGql(returnType.data);
+        returnTypeName = scalarFieldToGql(returnType?.data);
     }
     else {
         throw new Error(`Unrecognized return type on ${typeName}`);
@@ -282,6 +316,77 @@ function calculateAuth(authorization) {
     const authString = rules.length > 0 ? `@auth(rules: [${rules.join(',\n  ')}])` : '';
     return { authString, authFields };
 }
+function validateCustomAuthRule(rule) {
+    if (rule.operations) {
+        throw new Error('.to() modifier is not supported for custom queries/mutations');
+    }
+    if (rule.groupOrOwnerField) {
+        throw new Error('Dynamic auth (owner or dynamic groups) is not supported for custom queries/mutations');
+    }
+    // identityClaim
+    if (rule.identityClaim) {
+        throw new Error('identityClaim attr is not supported with a.handler.custom');
+    }
+    // groupClaim
+    if (rule.groupClaim) {
+        throw new Error('groupClaim attr is not supported with a.handler.custom');
+    }
+    if (rule.groups && rule.provider === 'oidc') {
+        throw new Error('OIDC group auth is not supported with a.handler.custom');
+    }
+}
+function getCustomAuthProvider(rule) {
+    const strategyDict = {
+        public: {
+            default: '@aws_api_key',
+            apiKey: '@aws_api_key',
+            iam: '@aws_iam',
+        },
+        private: {
+            default: '@aws_cognito_user_pools',
+            userPools: '@aws_cognito_user_pools',
+            oidc: '@aws_oidc',
+            iam: '@aws_iam',
+        },
+        groups: {
+            default: '@aws_cognito_user_pools',
+            userPools: '@aws_cognito_user_pools',
+        },
+        custom: {
+            default: '@aws_lambda',
+            function: '@aws_lambda',
+        },
+    };
+    const stratProviders = strategyDict[rule.strategy];
+    if (stratProviders === undefined) {
+        throw new Error(`Unsupported auth strategy for custom handlers: ${rule.strategy}`);
+    }
+    const provider = rule.provider || 'default';
+    const stratProvider = stratProviders[provider];
+    if (stratProvider === undefined) {
+        throw new Error(`Unsupported provider for custom handlers: ${rule.provider}`);
+    }
+    return stratProvider;
+}
+function calculateCustomAuth(authorization) {
+    const rules = [];
+    for (const entry of authorization) {
+        const rule = (0, Authorization_1.accessData)(entry);
+        validateCustomAuthRule(rule);
+        const provider = getCustomAuthProvider(rule);
+        if (rule.groups) {
+            // example: (cognito_groups: ["Bloggers", "Readers"])
+            rules.push(`${provider}(cognito_groups: [${rule.groups
+                .map((group) => `"${group}"`)
+                .join(', ')}])`);
+        }
+        else {
+            rules.push(provider);
+        }
+    }
+    const authString = rules.join(' ');
+    return { authString };
+}
 function capitalize(s) {
     return `${s[0].toUpperCase()}${s.slice(1)}`;
 }
@@ -521,6 +626,7 @@ const schemaPreprocessor = (schema) => {
     const customQueries = [];
     const customMutations = [];
     const customSubscriptions = [];
+    const jsFunctions = [];
     const fkFields = allImpliedFKs(schema);
     const topLevelTypes = Object.entries(schema.data.types);
     for (const [typeName, typeDef] of topLevelTypes) {
@@ -537,9 +643,10 @@ const schemaPreprocessor = (schema) => {
             }
             else if (isCustomType(typeDef)) {
                 const fields = typeDef.data.fields;
+                const fieldAuthApplicableFields = Object.fromEntries(Object.entries(fields).filter((pair) => isModelField(pair[1])));
                 const authString = '';
                 const authFields = {};
-                const fieldLevelAuthRules = processFieldLevelAuthRules(fields, authFields);
+                const fieldLevelAuthRules = processFieldLevelAuthRules(fieldAuthApplicableFields, authFields);
                 const { gqlFields, models } = processFields(typeName, fields, fieldLevelAuthRules);
                 topLevelTypes.push(...models);
                 const joined = gqlFields.join('\n  ');
@@ -548,16 +655,11 @@ const schemaPreprocessor = (schema) => {
             }
             else if (isCustomOperation(typeDef)) {
                 const { typeName: opType } = typeDef.data;
-                if ((mostRelevantAuthRules.length > 0 && !typeDef.data.functionRef) ||
-                    (typeDef.data.functionRef && mostRelevantAuthRules.length < 1)) {
-                    // Deploying a custom operation with auth and no handler reference OR
-                    // with a handler reference but not auth
-                    // causes the CFN stack to reach an unrecoverable state. Ideally, this should be fixed
-                    // in the CDK construct, but we're catching it early here as a stopgap
-                    throw new Error(`Custom operation ${typeName} requires both an authorization rule and a handler reference`);
-                }
-                const { gqlField, models } = customOperationToGql(typeName, typeDef, mostRelevantAuthRules);
+                const { gqlField, models, jsFunctionForField } = transformCustomOperations(typeDef, typeName, mostRelevantAuthRules);
                 topLevelTypes.push(...models);
+                if (jsFunctionForField) {
+                    jsFunctions.push(jsFunctionForField);
+                }
                 switch (opType) {
                     case 'Query':
                         customQueries.push(gqlField);
@@ -604,8 +706,100 @@ const schemaPreprocessor = (schema) => {
     };
     gqlModels.push(...generateCustomOperationTypes(customOperations));
     const processedSchema = gqlModels.join('\n\n');
-    return processedSchema;
+    return { schema: processedSchema, jsFunctions };
+};
+function validateCustomOperations(typeDef, typeName, authRules) {
+    const { functionRef, handlers } = typeDef.data;
+    // TODO: remove `functionRef` after deprecating
+    const handlerConfigured = functionRef !== null || handlers?.length;
+    const authConfigured = authRules.length > 0;
+    if ((authConfigured && !handlerConfigured) ||
+        (handlerConfigured && !authConfigured)) {
+        // Deploying a custom operation with auth and no handler reference OR
+        // with a handler reference but no auth
+        // causes the CFN stack to reach an unrecoverable state. Ideally, this should be fixed
+        // in the CDK construct, but we're catching it early here as a stopgap
+        throw new Error(`Custom operation ${typeName} requires both an authorization rule and a handler reference`);
+    }
+    // Handlers must all be of the same type
+    if (handlers?.length) {
+        const configuredHandlers = new Set();
+        for (const handler of handlers) {
+            configuredHandlers.add((0, util_1.getBrand)(handler));
+        }
+        if (configuredHandlers.size > 1) {
+            const configuredHandlersStr = JSON.stringify(Array.from(configuredHandlers));
+            throw new Error(`Field handlers must be of the same type. ${typeName} has been configured with ${configuredHandlersStr}`);
+        }
+    }
+}
+const isCustomHandler = (handler) => {
+    return Array.isArray(handler) && (0, util_1.getBrand)(handler[0]) === 'customHandler';
+};
+const normalizeDataSourceName = (dataSource) => {
+    // default data source
+    const noneDataSourceName = 'NONE_DS';
+    if (dataSource === undefined) {
+        return noneDataSourceName;
+    }
+    if (dataSourceIsRef(dataSource)) {
+        return `${dataSource.data.link}Table`;
+    }
+    return dataSource;
+};
+const sanitizeStackTrace = (stackTrace) => {
+    // normalize EOL to \n so that parsing is consistent across platforms
+    const normalizedStackTrace = stackTrace.replaceAll(os.EOL, '\n');
+    return (normalizedStackTrace
+        .split('\n')
+        .map((line) => line.trim())
+        // filters out noise not relevant to the stack trace. All stack trace lines begin with 'at'
+        .filter((line) => line.startsWith('at')) || []);
 };
+// copied from the defineFunction path resolution impl:
+// https://github.com/aws-amplify/amplify-backend/blob/main/packages/backend-function/src/get_caller_directory.ts
+const resolveCustomHandlerEntryPath = (data) => {
+    if (path.isAbsolute(data.entry)) {
+        return data.entry;
+    }
+    const unresolvedImportLocationError = new Error('Could not determine import path to construct absolute code path for custom handler. Consider using an absolute path instead.');
+    if (!data.stack) {
+        throw unresolvedImportLocationError;
+    }
+    const stackTraceLines = sanitizeStackTrace(data.stack);
+    if (stackTraceLines.length < 2) {
+        throw unresolvedImportLocationError;
+    }
+    const stackTraceImportLine = stackTraceLines[1]; // the first entry is the file where the error was initialized (our code). The second entry is where the customer called our code which is what we are interested in
+    // if entry is relative, compute with respect to the caller directory
+    return { relativePath: data.entry, importLine: stackTraceImportLine };
+};
+const handleCustom = (handlers, opType, typeName) => {
+    const transformedHandlers = handlers.map((handler) => {
+        const handlerData = (0, Handler_1.getHandlerData)(handler);
+        return {
+            dataSource: normalizeDataSourceName(handlerData.dataSource),
+            entry: resolveCustomHandlerEntryPath(handlerData),
+        };
+    });
+    const jsFn = {
+        typeName: opType,
+        fieldName: typeName,
+        handlers: transformedHandlers,
+    };
+    return jsFn;
+};
+function transformCustomOperations(typeDef, typeName, authRules) {
+    const { typeName: opType, handlers } = typeDef.data;
+    let jsFunctionForField = undefined;
+    validateCustomOperations(typeDef, typeName, authRules);
+    if (isCustomHandler(handlers)) {
+        jsFunctionForField = handleCustom(handlers, opType, typeName);
+    }
+    const isCustom = Boolean(jsFunctionForField);
+    const { gqlField, models } = customOperationToGql(typeName, typeDef, authRules, isCustom);
+    return { gqlField, models, jsFunctionForField };
+}
 function generateCustomOperationTypes({ queries, mutations, subscriptions, }) {
     const types = [];
     if (mutations.length > 0) {
@@ -625,7 +819,7 @@ function generateCustomOperationTypes({ queries, mutations, subscriptions, }) {
  * @returns DerivedApiDefinition that conforms to IAmplifyGraphqlDefinition
  */
 function processSchema(arg) {
-    const schema = schemaPreprocessor(arg.schema);
-    return { schema, functionSlots: [] };
+    const { schema, jsFunctions } = schemaPreprocessor(arg.schema);
+    return { schema, functionSlots: [], jsFunctions };
 }
 exports.processSchema = processSchema;

package/lib-esm/src/util/Brand.d.ts

@@ -26,4 +26,10 @@ export type Brand<BrandStr extends string> = {
  * const myType = {content: "default content", ...brand<'example'>}
  */
 export declare function brand<BrandStr extends string>(brand: BrandStr): Brand<BrandStr>;
+/**
+ *
+ * @param branded: Branded object
+ * @returns The string brand value
+ */
+export declare function getBrand(branded: Brand<string>): string;
 export {};

package/lib-esm/src/util/Brand.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.brand = void 0;
+exports.getBrand = exports.brand = void 0;
 const brandSymbol = Symbol('brand');
 /**
  * Create an object of a specific type Brand
@@ -21,3 +21,12 @@ function brand(brand) {
     };
 }
 exports.brand = brand;
+/**
+ *
+ * @param branded: Branded object
+ * @returns The string brand value
+ */
+function getBrand(branded) {
+    return branded[brandSymbol];
+}
+exports.getBrand = getBrand;

package/lib-esm/src/util/index.d.ts

@@ -1 +1 @@
-export { Brand, brand } from './Brand';
+export { Brand, brand, getBrand } from './Brand';

package/lib-esm/src/util/index.js

@@ -1,5 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.brand = void 0;
+exports.getBrand = exports.brand = void 0;
 var Brand_1 = require("./Brand");
 Object.defineProperty(exports, "brand", { enumerable: true, get: function () { return Brand_1.brand; } });
+Object.defineProperty(exports, "getBrand", { enumerable: true, get: function () { return Brand_1.getBrand; } });