npm - @aws-amplify/data-schema - Versions diffs - 0.15.0 → 0.16.0 - Mend

@aws-amplify/data-schema 0.15.0 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (375) hide show

package/dist/esm/SchemaProcessor.mjs ADDED Viewed

@@ -0,0 +1,926 @@
+import { string } from './ModelField.mjs';
+import { accessData, accessSchemaData } from './Authorization.mjs';
+import { CustomOperationNames } from './CustomOperation.mjs';
+import { getBrand } from './util/Brand.mjs';
+import { getHandlerData } from './Handler.mjs';
+import * as os from 'os';
+import * as path from 'path';
+function isInternalModel(model) {
+    if (model.data &&
+        !isCustomType(model) &&
+        !isCustomOperation(model)) {
+        return true;
+    }
+    return false;
+}
+function isEnumType(data) {
+    if (data?.type === 'enum') {
+        return true;
+    }
+    return false;
+}
+function isCustomType(data) {
+    if (data?.data?.type === 'customType') {
+        return true;
+    }
+    return false;
+}
+function isCustomOperation(type) {
+    if (CustomOperationNames.includes(type?.data?.typeName)) {
+        return true;
+    }
+    return false;
+}
+function isModelFieldDef(data) {
+    return data?.fieldType === 'model';
+}
+function isScalarFieldDef(data) {
+    return data?.fieldType !== 'model';
+}
+function isRefFieldDef(data) {
+    return data?.type === 'ref';
+}
+function isModelField(field) {
+    return isModelFieldDef(field?.data);
+}
+function dataSourceIsRef(dataSource) {
+    return (typeof dataSource !== 'string' &&
+        dataSource?.data &&
+        dataSource.data.type === 'ref');
+}
+function isScalarField(field) {
+    return isScalarFieldDef(field?.data);
+}
+function isRefField(field) {
+    return isRefFieldDef(field?.data);
+}
+function scalarFieldToGql(fieldDef, identifier, secondaryIndexes = []) {
+    const { fieldType, required, array, arrayRequired, default: _default, } = fieldDef;
+    let field = fieldType;
+    if (identifier !== undefined) {
+        field += '!';
+        if (identifier.length > 1) {
+            const [_pk, ...sk] = identifier;
+            field += ` @primaryKey(sortKeyFields: [${sk
+                .map((sk) => `"${sk}"`)
+                .join(', ')}])`;
+        }
+        else {
+            field += ' @primaryKey';
+        }
+        for (const index of secondaryIndexes) {
+            field += ` ${index}`;
+        }
+        return field;
+    }
+    if (required === true) {
+        field += '!';
+    }
+    if (array) {
+        field = `[${field}]`;
+        if (arrayRequired === true) {
+            field += '!';
+        }
+    }
+    if (_default !== undefined) {
+        field += ` @default(value: "${_default?.toString()}")`;
+    }
+    for (const index of secondaryIndexes) {
+        field += ` ${index}`;
+    }
+    return field;
+}
+function modelFieldToGql(fieldDef) {
+    const { type, relatedModel, array, valueRequired, arrayRequired, references, } = fieldDef;
+    let field = relatedModel;
+    if (valueRequired === true) {
+        field += '!';
+    }
+    if (array) {
+        field = `[${field}]`;
+    }
+    if (arrayRequired === true) {
+        field += '!';
+    }
+    if (references && Array.isArray(references) && references.length > 0) {
+        field += ` @${type}(references: [${references.map((s) => `"${String(s)}"`)}])`;
+    }
+    else {
+        field += ` @${type}`;
+    }
+    return field;
+}
+function refFieldToGql(fieldDef) {
+    const { link, valueRequired, array, arrayRequired } = fieldDef;
+    let field = link;
+    if (valueRequired === true) {
+        field += '!';
+    }
+    if (array === true) {
+        field = `[${field}]`;
+    }
+    if (arrayRequired === true) {
+        field += '!';
+    }
+    return field;
+}
+function transformFunctionHandler(handlers, functionFieldName) {
+    let gqlHandlerContent = '';
+    const lambdaFunctionDefinition = {};
+    handlers.forEach((handler, idx) => {
+        const handlerData = getHandlerData(handler);
+        if (typeof handlerData === 'string') {
+            gqlHandlerContent += `@function(name: "${handlerData}") `;
+        }
+        else if (typeof handlerData.getInstance === 'function') {
+            const fnName = `Fn${capitalize(functionFieldName)}${idx === 0 ? '' : `${idx + 1}`}`;
+            lambdaFunctionDefinition[fnName] = handlerData;
+            gqlHandlerContent += `@function(name: "${fnName}") `;
+        }
+        else {
+            throw new Error(`Invalid value specified for ${functionFieldName} handler.function(). Expected: defineFunction or string.`);
+        }
+    });
+    return { gqlHandlerContent, lambdaFunctionDefinition };
+}
+function customOperationToGql(typeName, typeDef, authorization, isCustom = false, databaseType, getRefType) {
+    const { arguments: fieldArgs, typeName: opType, returnType, functionRef, handlers, subscriptionSource, } = typeDef.data;
+    let callSignature = typeName;
+    const implicitModels = [];
+    const { authString } = isCustom
+        ? calculateCustomAuth(authorization)
+        : calculateAuth(authorization);
+    /**
+     *
+     * @param returnType The return type from the `data` field of a customer operation.
+     * @param refererTypeName The type the refers {@link returnType} by `a.ref()`.
+     * @param shouldAddCustomTypeToImplicitModels A flag indicates wether it should push
+     * the return type resolved CustomType to the `implicitModels` list.
+     * @returns
+     */
+    const resolveReturnTypeNameFromReturnType = (returnType, { refererTypeName, shouldAddCustomTypeToImplicitModels = true, }) => {
+        if (isRefField(returnType)) {
+            return refFieldToGql(returnType?.data);
+        }
+        else if (isCustomType(returnType)) {
+            const returnTypeName = `${capitalize(refererTypeName)}ReturnType`;
+            if (shouldAddCustomTypeToImplicitModels) {
+                implicitModels.push([returnTypeName, returnType]);
+            }
+            return returnTypeName;
+        }
+        else if (isScalarField(returnType)) {
+            return scalarFieldToGql(returnType?.data);
+        }
+        else {
+            throw new Error(`Unrecognized return type on ${typeName}`);
+        }
+    };
+    let returnTypeName;
+    if (opType === 'Subscription' && returnType === null) {
+        // up to this point, we've validated that each subscription resource resolves
+        // the same return type, so it's safe to use subscriptionSource[0] here.
+        const { type, def } = getRefType(subscriptionSource[0].data.link, typeName);
+        if (type === 'CustomOperation') {
+            returnTypeName = resolveReturnTypeNameFromReturnType(def.data.returnType, {
+                refererTypeName: subscriptionSource[0].data.link,
+                shouldAddCustomTypeToImplicitModels: false,
+            });
+        }
+        else {
+            returnTypeName = refFieldToGql(subscriptionSource[0].data);
+        }
+    }
+    else {
+        returnTypeName = resolveReturnTypeNameFromReturnType(returnType, {
+            refererTypeName: typeName,
+        });
+    }
+    if (Object.keys(fieldArgs).length > 0) {
+        const { gqlFields, models } = processFields(typeName, fieldArgs, {}, {});
+        callSignature += `(${gqlFields.join(', ')})`;
+        implicitModels.push(...models);
+    }
+    const handler = handlers && handlers[0];
+    const brand = handler && getBrand(handler);
+    let gqlHandlerContent = '';
+    let lambdaFunctionDefinition = {};
+    let customSqlDataSourceStrategy;
+    if (isFunctionHandler(handlers)) {
+        ({ gqlHandlerContent, lambdaFunctionDefinition } = transformFunctionHandler(handlers, typeName));
+    }
+    else if (functionRef) {
+        gqlHandlerContent = `@function(name: "${functionRef}") `;
+    }
+    else if (databaseType === 'sql' && handler && brand === 'inlineSql') {
+        gqlHandlerContent = `@sql(statement: ${escapeGraphQlString(String(getHandlerData(handler)))}) `;
+        customSqlDataSourceStrategy = {
+            typeName: opType,
+            fieldName: typeName,
+        };
+    }
+    else if (isSqlReferenceHandler(handlers)) {
+        const handlerData = getHandlerData(handlers[0]);
+        const entry = resolveEntryPath(handlerData, 'Could not determine import path to construct absolute code path for sql reference handler. Consider using an absolute path instead.');
+        const reference = typeof entry === 'string' ? entry : entry.relativePath;
+        customSqlDataSourceStrategy = {
+            typeName: opType,
+            fieldName: typeName,
+            entry,
+        };
+        gqlHandlerContent = `@sql(reference: "${reference}") `;
+    }
+    if (opType === 'Subscription') {
+        const subscriptionSources = subscriptionSource
+            .flatMap((source) => {
+            const refTarget = source.data.link;
+            const { type } = getRefType(refTarget, typeName);
+            if (type === 'CustomOperation') {
+                return refTarget;
+            }
+            if (type === 'Model') {
+                return source.data.mutationOperations.map(
+                // capitalize explicitly in case customer used lowercase model name
+                (op) => `${op}${capitalize(refTarget)}`);
+            }
+        })
+            .join('", "');
+        gqlHandlerContent += `@aws_subscribe(mutations: ["${subscriptionSources}"]) `;
+    }
+    const gqlField = `${callSignature}: ${returnTypeName} ${gqlHandlerContent}${authString}`;
+    return {
+        gqlField,
+        models: implicitModels,
+        lambdaFunctionDefinition,
+        customSqlDataSourceStrategy,
+    };
+}
+/**
+ * Escape a string that will be used inside of a graphql string.
+ * @param str The input string to be escaped
+ * @returns The string with special charactars escaped
+ */
+function escapeGraphQlString(str) {
+    return JSON.stringify(str);
+}
+/**
+ * Tests whether two ModelField definitions are in conflict.
+ *
+ * This is a shallow check intended to catch conflicts between defined fields
+ * and fields implied by authorization rules. Hence, it only compares type
+ * and plurality.
+ *
+ * @param left
+ * @param right
+ * @returns
+ */
+function areConflicting(left, right) {
+    // These are the only props we care about for this comparison, because the others
+    // (required, arrayRequired, etc) are not specified on auth or FK directives.
+    const relevantProps = ['array', 'fieldType'];
+    for (const prop of relevantProps) {
+        if (left.data[prop] !== right.data[prop]) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Merges one field defition object onto an existing one, performing
+ * validation (conflict detection) along the way.
+ *
+ * @param existing An existing field map
+ * @param additions A field map to merge in
+ */
+function addFields(existing, additions) {
+    for (const [k, addition] of Object.entries(additions)) {
+        if (!existing[k]) {
+            existing[k] = addition;
+        }
+        else if (areConflicting(existing[k], addition)) {
+            throw new Error(`Field ${k} defined twice with conflicting definitions.`);
+        }
+        else ;
+    }
+}
+/**
+ * Validate that no implicit fields are used by the model definition
+ *
+ * @param existing An existing field map
+ * @param implicitFields A field map inferred from other schema usage
+ *
+ * @throws An error when an undefined field is used or when a field is used in a way that conflicts with its generated definition
+ */
+function validateStaticFields(existing, implicitFields) {
+    if (implicitFields === undefined) {
+        return;
+    }
+    for (const [k, field] of Object.entries(implicitFields)) {
+        if (!existing[k]) {
+            throw new Error(`Field ${k} isn't defined.`);
+        }
+        else if (areConflicting(existing[k], field)) {
+            throw new Error(`Field ${k} defined twice with conflicting definitions.`);
+        }
+    }
+}
+/**
+ * Validate that no implicit fields conflict with explicitly defined fields.
+ *
+ * @param existing An existing field map
+ * @param implicitFields A field map inferred from other schema usage
+ *
+ * @throws An error when an undefined field is used or when a field is used in a way that conflicts with its generated definition
+ */
+function validateImpliedFields(existing, implicitFields) {
+    if (implicitFields === undefined) {
+        return;
+    }
+    for (const [k, field] of Object.entries(implicitFields)) {
+        if (existing[k] && areConflicting(existing[k], field)) {
+            throw new Error(`Implicit field ${k} conflicts with the explicit field definition.`);
+        }
+    }
+}
+/**
+ * Given a list of authorization rules, produces a set of the implied owner and/or
+ * group fields, along with the associated graphql `@auth` string directive.
+ *
+ * This is intended to be called for each model and field to collect the implied
+ * fields and directives from that individual "item's" auth rules.
+ *
+ * The computed directives are intended to be appended to the graphql field definition.
+ *
+ * The computed fields will be used to confirm no conflicts between explicit field definitions
+ * and implicit auth fields.
+ *
+ * @param authorization A list of authorization rules.
+ * @returns
+ */
+function calculateAuth(authorization) {
+    const authFields = {};
+    const rules = [];
+    for (const entry of authorization) {
+        const rule = accessData(entry);
+        const ruleParts = [];
+        if (rule.strategy) {
+            ruleParts.push([`allow: ${rule.strategy}`]);
+        }
+        else {
+            return {
+                authFields,
+                authString: '',
+            };
+        }
+        if (rule.provider) {
+            ruleParts.push(`provider: ${rule.provider}`);
+        }
+        if (rule.operations) {
+            ruleParts.push(`operations: [${rule.operations.join(', ')}]`);
+        }
+        if (rule.groupOrOwnerField) {
+            // directive attribute, depending whether it's owner or group auth
+            if (rule.strategy === 'groups') {
+                // does this need to be escaped?
+                ruleParts.push(`groupsField: "${rule.groupOrOwnerField}"`);
+            }
+            else {
+                // does this need to be escaped?
+                ruleParts.push(`ownerField: "${rule.groupOrOwnerField}"`);
+            }
+            // model field dep, type of which depends on whether multiple owner/group
+            // is required.
+            if (rule.multiOwner) {
+                addFields(authFields, { [rule.groupOrOwnerField]: string().array() });
+            }
+            else {
+                addFields(authFields, { [rule.groupOrOwnerField]: string() });
+            }
+        }
+        if (rule.groups) {
+            // does `group` need to be escaped?
+            ruleParts.push(`groups: [${rule.groups.map((group) => `"${group}"`).join(', ')}]`);
+        }
+        // identityClaim
+        if (rule.identityClaim) {
+            // does this need to be escaped?
+            ruleParts.push(`identityClaim: "${rule.identityClaim}"`);
+        }
+        // groupClaim
+        if (rule.groupClaim) {
+            // does this need to be escaped?
+            ruleParts.push(`groupClaim: "${rule.groupClaim}"`);
+        }
+        rules.push(`{${ruleParts.join(', ')}}`);
+    }
+    const authString = rules.length > 0 ? `@auth(rules: [${rules.join(',\n  ')}])` : '';
+    return { authString, authFields };
+}
+function validateCustomAuthRule(rule) {
+    if (rule.groups && rule.provider === 'oidc') {
+        throw new Error('OIDC group auth is not supported with a.handler.custom');
+    }
+}
+function getCustomAuthProvider(rule) {
+    const strategyDict = {
+        public: {
+            default: '@aws_api_key',
+            apiKey: '@aws_api_key',
+            iam: '@aws_iam',
+        },
+        private: {
+            default: '@aws_cognito_user_pools',
+            userPools: '@aws_cognito_user_pools',
+            oidc: '@aws_oidc',
+            iam: '@aws_iam',
+        },
+        groups: {
+            default: '@aws_cognito_user_pools',
+            userPools: '@aws_cognito_user_pools',
+        },
+        custom: {
+            default: '@aws_lambda',
+            function: '@aws_lambda',
+        },
+    };
+    const stratProviders = strategyDict[rule.strategy];
+    if (stratProviders === undefined) {
+        throw new Error(`Unsupported auth strategy for custom handlers: ${rule.strategy}`);
+    }
+    const provider = rule.provider || 'default';
+    const stratProvider = stratProviders[provider];
+    if (stratProvider === undefined) {
+        throw new Error(`Unsupported provider for custom handlers: ${rule.provider}`);
+    }
+    return stratProvider;
+}
+function calculateCustomAuth(authorization) {
+    const rules = [];
+    for (const entry of authorization) {
+        const rule = accessData(entry);
+        validateCustomAuthRule(rule);
+        const provider = getCustomAuthProvider(rule);
+        if (rule.groups) {
+            // example: (cognito_groups: ["Bloggers", "Readers"])
+            rules.push(`${provider}(cognito_groups: [${rule.groups
+                .map((group) => `"${group}"`)
+                .join(', ')}])`);
+        }
+        else {
+            rules.push(provider);
+        }
+    }
+    const authString = rules.join(' ');
+    return { authString };
+}
+function capitalize(s) {
+    return `${s[0].toUpperCase()}${s.slice(1)}`;
+}
+function processFieldLevelAuthRules(fields, authFields) {
+    const fieldLevelAuthRules = {};
+    for (const [fieldName, fieldDef] of Object.entries(fields)) {
+        const fieldAuth = fieldDef?.data?.authorization || [];
+        const { authString, authFields: fieldAuthField } = calculateAuth(fieldAuth);
+        if (authString)
+            fieldLevelAuthRules[fieldName] = authString;
+        if (fieldAuthField) {
+            addFields(authFields, fieldAuthField);
+        }
+    }
+    return fieldLevelAuthRules;
+}
+function processFields(typeName, fields, impliedFields, fieldLevelAuthRules, identifier, partitionKey, secondaryIndexes = {}) {
+    const gqlFields = [];
+    const models = [];
+    validateImpliedFields(fields, impliedFields);
+    for (const [fieldName, fieldDef] of Object.entries(fields)) {
+        const fieldAuth = fieldLevelAuthRules[fieldName]
+            ? ` ${fieldLevelAuthRules[fieldName]}`
+            : '';
+        if (isModelField(fieldDef)) {
+            gqlFields.push(`${fieldName}: ${modelFieldToGql(fieldDef.data)}${fieldAuth}`);
+        }
+        else if (isScalarField(fieldDef)) {
+            if (fieldName === partitionKey) {
+                gqlFields.push(`${fieldName}: ${scalarFieldToGql(fieldDef.data, identifier, secondaryIndexes[fieldName])}${fieldAuth}`);
+            }
+            else if (isRefField(fieldDef)) {
+                gqlFields.push(`${fieldName}: ${refFieldToGql(fieldDef.data)}${fieldAuth}`);
+            }
+            else if (isEnumType(fieldDef)) {
+                // The inline enum type name should be `<TypeName><FieldName>` to avoid
+                // enum type name conflicts
+                const enumName = `${capitalize(typeName)}${capitalize(fieldName)}`;
+                models.push([enumName, fieldDef]);
+                gqlFields.push(`${fieldName}: ${enumName}`);
+            }
+            else if (isCustomType(fieldDef)) {
+                // The inline CustomType name should be `<TypeName><FieldName>` to avoid
+                // CustomType name conflicts
+                const customTypeName = `${capitalize(typeName)}${capitalize(fieldName)}`;
+                models.push([customTypeName, fieldDef]);
+                gqlFields.push(`${fieldName}: ${customTypeName}`);
+            }
+            else {
+                gqlFields.push(`${fieldName}: ${scalarFieldToGql(fieldDef.data, undefined, secondaryIndexes[fieldName])}${fieldAuth}`);
+            }
+        }
+        else {
+            throw new Error(`Unexpected field definition: ${fieldDef}`);
+        }
+    }
+    return { gqlFields, models };
+}
+/**
+ *
+ * @param pk - partition key field name
+ * @param sk - (optional) array of sort key field names
+ * @returns default query field name
+ */
+const secondaryIndexDefaultQueryField = (pk, sk) => {
+    const skName = sk?.length ? 'And' + sk?.map(capitalize).join('And') : '';
+    const queryField = `listBy${capitalize(pk)}${skName}`;
+    return queryField;
+};
+/**
+ * Given InternalModelIndexType[] returns a map where the key is the model field to be annotated with an @index directive
+ * and the value is an array of transformed Amplify @index directives with all supplied attributes
+ */
+const transformedSecondaryIndexesForModel = (secondaryIndexes) => {
+    const indexDirectiveWithAttributes = (partitionKey, sortKeys, indexName, queryField) => {
+        if (!sortKeys.length && !indexName && !queryField) {
+            return `@index(queryField: "${secondaryIndexDefaultQueryField(partitionKey)}")`;
+        }
+        const attributes = [];
+        if (indexName) {
+            attributes.push(`name: "${indexName}"`);
+        }
+        if (sortKeys.length) {
+            attributes.push(`sortKeyFields: [${sortKeys.map((sk) => `"${sk}"`).join(', ')}]`);
+        }
+        if (queryField) {
+            attributes.push(`queryField: "${queryField}"`);
+        }
+        else {
+            attributes.push(`queryField: "${secondaryIndexDefaultQueryField(partitionKey, sortKeys)}"`);
+        }
+        return `@index(${attributes.join(', ')})`;
+    };
+    return secondaryIndexes.reduce((acc, { data: { partitionKey, sortKeys, indexName, queryField } }) => {
+        acc[partitionKey] = acc[partitionKey] || [];
+        acc[partitionKey].push(indexDirectiveWithAttributes(partitionKey, sortKeys, indexName, queryField));
+        return acc;
+    }, {});
+};
+const ruleIsResourceAuth = (authRule) => {
+    const data = accessSchemaData(authRule);
+    return data.strategy === 'resource';
+};
+/**
+ * Separates out lambda resource auth rules from remaining schema rules.
+ *
+ * @param authRules schema auth rules
+ */
+const extractFunctionSchemaAccess = (authRules) => {
+    const schemaAuth = [];
+    const functionSchemaAccess = [];
+    const defaultActions = [
+        'query',
+        'mutate',
+        'listen',
+    ];
+    for (const rule of authRules) {
+        if (ruleIsResourceAuth(rule)) {
+            const ruleData = accessSchemaData(rule);
+            const fnAccess = {
+                resourceProvider: ruleData.resource,
+                actions: ruleData.operations || defaultActions,
+            };
+            functionSchemaAccess.push(fnAccess);
+        }
+        else {
+            schemaAuth.push(rule);
+        }
+    }
+    return { schemaAuth, functionSchemaAccess };
+};
+/**
+ * Returns a closure for retrieving reference type and definition from schema
+ */
+const getRefTypeForSchema = (schema) => {
+    const getRefType = (source, target) => {
+        const typeDef = schema.data.types[source];
+        if (typeDef === undefined) {
+            throw new Error(`Invalid ref. ${target} is referencing ${source} which is not defined in the schema`);
+        }
+        if (isInternalModel(typeDef)) {
+            return { type: 'Model', def: typeDef };
+        }
+        if (isCustomOperation(typeDef)) {
+            return { type: 'CustomOperation', def: typeDef };
+        }
+        if (isCustomType(typeDef)) {
+            return { type: 'CustomType', def: typeDef };
+        }
+        if (isEnumType(typeDef)) {
+            return { type: 'Enum', def: typeDef };
+        }
+        throw new Error(`Invalid ref. ${target} is referencing ${source} which is neither a Model, Custom Operation, Custom Type, or Enum`);
+    };
+    return getRefType;
+};
+const schemaPreprocessor = (schema) => {
+    const gqlModels = [];
+    const customQueries = [];
+    const customMutations = [];
+    const customSubscriptions = [];
+    const jsFunctions = [];
+    const lambdaFunctions = {};
+    const customSqlDataSourceStrategies = [];
+    const databaseType = schema.data.configuration.database.engine === 'dynamodb'
+        ? 'dynamodb'
+        : 'sql';
+    const staticSchema = schema.data.configuration.database.engine === 'dynamodb' ? false : true;
+    const topLevelTypes = Object.entries(schema.data.types);
+    const { schemaAuth, functionSchemaAccess } = extractFunctionSchemaAccess(schema.data.authorization);
+    const getRefType = getRefTypeForSchema(schema);
+    for (const [typeName, typeDef] of topLevelTypes) {
+        const mostRelevantAuthRules = typeDef.data?.authorization?.length > 0
+            ? typeDef.data.authorization
+            : schemaAuth;
+        if (!isInternalModel(typeDef)) {
+            if (isEnumType(typeDef)) {
+                if (typeDef.values.some((value) => /\s/.test(value))) {
+                    throw new Error(`Values of the enum type ${typeName} should not contain any whitespace.`);
+                }
+                const enumType = `enum ${typeName} {\n  ${typeDef.values.join('\n  ')}\n}`;
+                gqlModels.push(enumType);
+            }
+            else if (isCustomType(typeDef)) {
+                const fields = typeDef.data.fields;
+                const fieldAuthApplicableFields = Object.fromEntries(Object.entries(fields).filter((pair) => isModelField(pair[1])));
+                const authString = '';
+                const authFields = {};
+                const fieldLevelAuthRules = processFieldLevelAuthRules(fieldAuthApplicableFields, authFields);
+                const { gqlFields, models } = processFields(typeName, fields, authFields, fieldLevelAuthRules);
+                topLevelTypes.push(...models);
+                const joined = gqlFields.join('\n  ');
+                const model = `type ${typeName} ${authString}\n{\n  ${joined}\n}`;
+                gqlModels.push(model);
+            }
+            else if (isCustomOperation(typeDef)) {
+                const { typeName: opType } = typeDef.data;
+                const { gqlField, models, jsFunctionForField, lambdaFunctionDefinition, customSqlDataSourceStrategy, } = transformCustomOperations(typeDef, typeName, mostRelevantAuthRules, databaseType, getRefType);
+                Object.assign(lambdaFunctions, lambdaFunctionDefinition);
+                topLevelTypes.push(...models);
+                if (jsFunctionForField) {
+                    jsFunctions.push(jsFunctionForField);
+                }
+                if (customSqlDataSourceStrategy) {
+                    customSqlDataSourceStrategies.push(customSqlDataSourceStrategy);
+                }
+                switch (opType) {
+                    case 'Query':
+                        customQueries.push(gqlField);
+                        break;
+                    case 'Mutation':
+                        customMutations.push(gqlField);
+                        break;
+                    case 'Subscription':
+                        customSubscriptions.push(gqlField);
+                        break;
+                }
+            }
+        }
+        else if (staticSchema) {
+            const fields = { ...typeDef.data.fields };
+            const identifier = typeDef.data.identifier;
+            const [partitionKey] = identifier;
+            const { authString, authFields } = calculateAuth(mostRelevantAuthRules);
+            if (authString == '') {
+                throw new Error(`Model \`${typeName}\` is missing authorization rules. Add global rules to the schema or ensure every model has its own rules.`);
+            }
+            const fieldLevelAuthRules = processFieldLevelAuthRules(fields, authFields);
+            validateStaticFields(fields, authFields);
+            const { gqlFields, models } = processFields(typeName, fields, authFields, fieldLevelAuthRules, identifier, partitionKey);
+            topLevelTypes.push(...models);
+            const joined = gqlFields.join('\n  ');
+            // TODO: update @model(timestamps: null) once a longer term solution gets
+            // determined.
+            //
+            // Context: SQL schema should not be automatically inserted with timestamp fields,
+            // passing (timestamps: null) to @model to suppress this behavior as a short
+            // term solution.
+            const model = `type ${typeName} @model(timestamps: null) ${authString}\n{\n  ${joined}\n}`;
+            gqlModels.push(model);
+        }
+        else {
+            const fields = typeDef.data.fields;
+            const identifier = typeDef.data.identifier;
+            const [partitionKey] = identifier;
+            const transformedSecondaryIndexes = transformedSecondaryIndexesForModel(typeDef.data.secondaryIndexes);
+            const { authString, authFields } = calculateAuth(mostRelevantAuthRules);
+            if (authString == '') {
+                throw new Error(`Model \`${typeName}\` is missing authorization rules. Add global rules to the schema or ensure every model has its own rules.`);
+            }
+            const fieldLevelAuthRules = processFieldLevelAuthRules(fields, authFields);
+            const { gqlFields, models } = processFields(typeName, fields, authFields, fieldLevelAuthRules, identifier, partitionKey, transformedSecondaryIndexes);
+            topLevelTypes.push(...models);
+            const joined = gqlFields.join('\n  ');
+            const model = `type ${typeName} @model ${authString}\n{\n  ${joined}\n}`;
+            gqlModels.push(model);
+        }
+    }
+    const customOperations = {
+        queries: customQueries,
+        mutations: customMutations,
+        subscriptions: customSubscriptions,
+    };
+    gqlModels.push(...generateCustomOperationTypes(customOperations));
+    const processedSchema = gqlModels.join('\n\n');
+    return {
+        schema: processedSchema,
+        jsFunctions,
+        functionSchemaAccess,
+        lambdaFunctions,
+        customSqlDataSourceStrategies,
+    };
+};
+function validateCustomOperations(typeDef, typeName, authRules, getRefType) {
+    const { functionRef, handlers, typeName: opType, subscriptionSource, } = typeDef.data;
+    // TODO: remove `functionRef` after deprecating
+    const handlerConfigured = functionRef !== null || handlers?.length;
+    const authConfigured = authRules.length > 0;
+    if ((authConfigured && !handlerConfigured) ||
+        (handlerConfigured && !authConfigured)) {
+        // Deploying a custom operation with auth and no handler reference OR
+        // with a handler reference but no auth
+        // causes the CFN stack to reach an unrecoverable state. Ideally, this should be fixed
+        // in the CDK construct, but we're catching it early here as a stopgap
+        throw new Error(`Custom operation ${typeName} requires both an authorization rule and a handler reference`);
+    }
+    // Handlers must all be of the same type
+    if (handlers?.length) {
+        const configuredHandlers = new Set();
+        for (const handler of handlers) {
+            configuredHandlers.add(getBrand(handler));
+        }
+        if (configuredHandlers.size > 1) {
+            const configuredHandlersStr = JSON.stringify(Array.from(configuredHandlers));
+            throw new Error(`Field handlers must be of the same type. ${typeName} has been configured with ${configuredHandlersStr}`);
+        }
+    }
+    if (opType === 'Subscription') {
+        if (subscriptionSource.length < 1) {
+            throw new Error(`${typeName} is missing a mutation source. Custom subscriptions must reference a mutation source via subscription().for(a.ref('ModelOrOperationName')) `);
+        }
+        let expectedReturnType;
+        for (const source of subscriptionSource) {
+            const sourceName = source.data.link;
+            const { type, def } = getRefType(sourceName, typeName);
+            if (type !== 'Model' && source.data.mutationOperations.length > 0) {
+                throw new Error(`Invalid subscription definition. .mutations() modifier can only be used with a Model ref. ${typeName} is referencing ${type}`);
+            }
+            let resolvedReturnType;
+            if (type === 'Model') {
+                if (source.data.mutationOperations.length === 0) {
+                    throw new Error(`Invalid subscription definition. .mutations() modifier must be used with a Model ref subscription source. ${typeName} is referencing ${sourceName} without specifying a mutation`);
+                }
+                else {
+                    resolvedReturnType = def;
+                }
+            }
+            if (type === 'CustomOperation') {
+                if (def.data.typeName !== 'Mutation') {
+                    throw new Error(`Invalid subscription definition. .for() can only reference a mutation. ${typeName} is referencing ${sourceName} which is a ${def.data.typeName}`);
+                }
+                else {
+                    const returnType = def.data.returnType;
+                    if (isRefField(returnType)) {
+                        ({ def: resolvedReturnType } = getRefType(returnType.data.link, typeName));
+                    }
+                    else {
+                        resolvedReturnType = returnType;
+                    }
+                }
+            }
+            expectedReturnType = expectedReturnType ?? resolvedReturnType;
+            // As the return types are resolved from the root `schema` object and they should
+            // not be mutated, we compare by references here.
+            if (expectedReturnType !== resolvedReturnType) {
+                throw new Error(`Invalid subscription definition. .for() can only reference resources that have the same return type. ${typeName} is referencing resources that have different return types.`);
+            }
+        }
+    }
+}
+const isSqlReferenceHandler = (handler) => {
+    return Array.isArray(handler) && getBrand(handler[0]) === 'sqlReference';
+};
+const isCustomHandler = (handler) => {
+    return Array.isArray(handler) && getBrand(handler[0]) === 'customHandler';
+};
+const isFunctionHandler = (handler) => {
+    return Array.isArray(handler) && getBrand(handler[0]) === 'functionHandler';
+};
+const normalizeDataSourceName = (dataSource) => {
+    // default data source
+    const noneDataSourceName = 'NONE_DS';
+    if (dataSource === undefined) {
+        return noneDataSourceName;
+    }
+    if (dataSourceIsRef(dataSource)) {
+        return `${dataSource.data.link}Table`;
+    }
+    return dataSource;
+};
+const sanitizeStackTrace = (stackTrace) => {
+    // normalize EOL to \n so that parsing is consistent across platforms
+    const normalizedStackTrace = stackTrace.replace(new RegExp(os.EOL), '\n');
+    return (normalizedStackTrace
+        .split('\n')
+        .map((line) => line.trim())
+        // filters out noise not relevant to the stack trace. All stack trace lines begin with 'at'
+        .filter((line) => line.startsWith('at')) || []);
+};
+// copied from the defineFunction path resolution impl:
+// https://github.com/aws-amplify/amplify-backend/blob/main/packages/backend-function/src/get_caller_directory.ts
+const resolveEntryPath = (data, errorMessage) => {
+    if (path.isAbsolute(data.entry)) {
+        return data.entry;
+    }
+    if (!data.stack) {
+        throw new Error(errorMessage);
+    }
+    const stackTraceLines = sanitizeStackTrace(data.stack);
+    if (stackTraceLines.length < 2) {
+        throw new Error(errorMessage);
+    }
+    const stackTraceImportLine = stackTraceLines[1]; // the first entry is the file where the error was initialized (our code). The second entry is where the customer called our code which is what we are interested in
+    // if entry is relative, compute with respect to the caller directory
+    return { relativePath: data.entry, importLine: stackTraceImportLine };
+};
+const handleCustom = (handlers, opType, typeName) => {
+    const transformedHandlers = handlers.map((handler) => {
+        const handlerData = getHandlerData(handler);
+        return {
+            dataSource: normalizeDataSourceName(handlerData.dataSource),
+            entry: resolveEntryPath(handlerData, 'Could not determine import path to construct absolute code path for custom handler. Consider using an absolute path instead.'),
+        };
+    });
+    const jsFn = {
+        typeName: opType,
+        fieldName: typeName,
+        handlers: transformedHandlers,
+    };
+    return jsFn;
+};
+function transformCustomOperations(typeDef, typeName, authRules, databaseType, getRefType) {
+    const { typeName: opType, handlers } = typeDef.data;
+    let jsFunctionForField = undefined;
+    validateCustomOperations(typeDef, typeName, authRules, getRefType);
+    if (isCustomHandler(handlers)) {
+        jsFunctionForField = handleCustom(handlers, opType, typeName);
+    }
+    const isCustom = Boolean(jsFunctionForField);
+    const { gqlField, models, lambdaFunctionDefinition, customSqlDataSourceStrategy, } = customOperationToGql(typeName, typeDef, authRules, isCustom, databaseType, getRefType);
+    return {
+        gqlField,
+        models,
+        jsFunctionForField,
+        lambdaFunctionDefinition,
+        customSqlDataSourceStrategy,
+    };
+}
+function generateCustomOperationTypes({ queries, mutations, subscriptions, }) {
+    const types = [];
+    if (mutations.length > 0) {
+        types.push(`type Mutation {\n  ${mutations.join('\n  ')}\n}`);
+    }
+    if (queries.length > 0) {
+        types.push(`type Query {\n  ${queries.join('\n  ')}\n}`);
+    }
+    if (subscriptions.length > 0) {
+        types.push(`type Subscription {\n  ${subscriptions.join('\n  ')}\n}`);
+    }
+    return types;
+}
+/**
+ * Returns API definition from ModelSchema or string schema
+ * @param arg - { schema }
+ * @returns DerivedApiDefinition that conforms to IAmplifyGraphqlDefinition
+ */
+function processSchema(arg) {
+    const { schema, jsFunctions, functionSchemaAccess, lambdaFunctions, customSqlDataSourceStrategies, } = schemaPreprocessor(arg.schema);
+    return {
+        schema,
+        functionSlots: [],
+        jsFunctions,
+        functionSchemaAccess,
+        lambdaFunctions,
+        customSqlDataSourceStrategies,
+    };
+}
+export { processSchema };
+//# sourceMappingURL=SchemaProcessor.mjs.map