@axium/server 0.16.2 → 0.17.0

package/dist/database.js

@@ -58,6 +58,7 @@ import pg from 'pg';
 import config from './config.js';
 import * as io from './io.js';
 import { plugins } from './plugins.js';
+import * as acl from './acl.js';
 const sym = Symbol.for('Axium:database');
 export let database;
 export function connect() {
@@ -77,11 +78,12 @@ export function connect() {
     return database;
 }
 // Helpers
-export async function count(table) {
-    const db = connect();
-    return (await db.selectFrom(table)
-        .select(db.fn.countAll().as('count'))
-        .executeTakeFirstOrThrow()).count;
+export async function count(...tables) {
+    return await database
+        .selectFrom(tables)
+        .select(() => tables.map(t => database.fn.countAll(t).as(t)))
+        .$castTo()
+        .executeTakeFirstOrThrow();
 }
 /**
  * Select the user with the id from the userId column of a table, placing it in the `user` property.
@@ -92,16 +94,9 @@ export function userFromId(eb) {
         .$castTo()
         .as('user');
 }
-export async function status() {
-    return {
-        users: await count('users'),
-        passkeys: await count('passkeys'),
-        sessions: await count('sessions'),
-    };
-}
-export async function statusText() {
+export async function statText() {
     try {
-        const stats = await status();
+        const stats = await count('users', 'passkeys', 'sessions');
         return `${stats.users} users, ${stats.passkeys} passkeys, ${stats.sessions} sessions`;
     }
     catch (error) {
@@ -152,6 +147,13 @@ const throwUnlessRows = (text) => {
         throw 'missing.';
     return text;
 };
+export async function createIndex(table, column, mod) {
+    io.start(`Creating index for ${table}.${column}`);
+    let query = database.schema.createIndex(`${table}_${column}_index`).on(table).column(column);
+    if (mod)
+        query = mod(query);
+    await query.execute().then(io.done).catch(warnExists);
+}
 export async function init(opt) {
     const env_1 = { stack: [], error: void 0, hasError: false };
     try {
@@ -195,7 +197,16 @@ export async function init(opt) {
         })
             .catch(io.warn);
         await _sql('SELECT pg_reload_conf()', 'Reloading configuration');
+        io.start('Connecting to database');
         const db = __addDisposableResource(env_1, connect(), true);
+        io.done();
+        function maybeCheck(table) {
+            return (e) => {
+                warnExists(e);
+                if (opt.check)
+                    return checkTableTypes(table, expectedTypes[table], opt);
+            };
+        }
         io.start('Creating table users');
         await db.schema
             .createTable('users')
@@ -211,7 +222,7 @@ export async function init(opt) {
             .addColumn('registeredAt', 'timestamptz', col => col.notNull().defaultTo(sql `now()`))
             .execute()
             .then(io.done)
-            .catch(warnExists);
+            .catch(maybeCheck('users'));
         io.start('Creating table sessions');
         await db.schema
             .createTable('sessions')
@@ -223,9 +234,8 @@ export async function init(opt) {
             .addColumn('elevated', 'boolean', col => col.notNull())
             .execute()
             .then(io.done)
-            .catch(warnExists);
-        io.start('Creating index for sessions.userId');
-        await db.schema.createIndex('sessions_userId_index').on('sessions').column('userId').execute().then(io.done).catch(warnExists);
+            .catch(maybeCheck('sessions'));
+        await createIndex('sessions', 'id');
         io.start('Creating table verifications');
         await db.schema
             .createTable('verifications')
@@ -235,14 +245,14 @@ export async function init(opt) {
             .addColumn('role', 'text', col => col.notNull())
             .execute()
             .then(io.done)
-            .catch(warnExists);
+            .catch(maybeCheck('verifications'));
         io.start('Creating table passkeys');
         await db.schema
             .createTable('passkeys')
             .addColumn('id', 'text', col => col.primaryKey().notNull())
             .addColumn('name', 'text')
             .addColumn('createdAt', 'timestamptz', col => col.notNull().defaultTo(sql `now()`))
-            .addColumn('userId', 'uuid', col => col.notNull().references('users.id').onDelete('cascade').onUpdate('cascade'))
+            .addColumn('userId', 'uuid', col => col.notNull().references('users.id').onDelete('cascade').notNull())
             .addColumn('publicKey', 'bytea', col => col.notNull())
             .addColumn('counter', 'integer', col => col.notNull())
             .addColumn('deviceType', 'text', col => col.notNull())
@@ -250,14 +260,15 @@ export async function init(opt) {
             .addColumn('transports', sql `text[]`)
             .execute()
             .then(io.done)
-            .catch(warnExists);
-        io.start('Creating index for passkeys.id');
-        await db.schema.createIndex('passkeys_id_key').on('passkeys').column('id').execute().then(io.done).catch(warnExists);
+            .catch(maybeCheck('passkeys'));
+        await createIndex('passkeys', 'userId');
+        io.start('Creating schema acl');
+        await db.schema.createSchema('acl').execute().then(io.done).catch(warnExists);
         for (const plugin of plugins) {
             if (!plugin.hooks.db_init)
                 continue;
             io.plugin(plugin.name);
-            await plugin.hooks.db_init(opt, db);
+            await plugin.hooks.db_init(opt);
         }
     }
     catch (e_1) {
@@ -270,6 +281,90 @@ export async function init(opt) {
             await result_1;
     }
 }
+export const expectedTypes = {
+    users: {
+        email: { type: 'text', required: true },
+        emailVerified: { type: 'timestamptz' },
+        id: { type: 'uuid', required: true, hasDefault: true },
+        image: { type: 'text' },
+        isAdmin: { type: 'bool', required: true, hasDefault: true },
+        name: { type: 'text' },
+        preferences: { type: 'jsonb', required: true, hasDefault: true },
+        registeredAt: { type: 'timestamptz', required: true, hasDefault: true },
+        roles: { type: '_text', required: true, hasDefault: true },
+        tags: { type: '_text', required: true, hasDefault: true },
+    },
+    verifications: {
+        userId: { type: 'uuid', required: true },
+        token: { type: 'text', required: true },
+        expires: { type: 'timestamptz', required: true },
+        role: { type: 'text', required: true },
+    },
+    passkeys: {
+        id: { type: 'text', required: true },
+        name: { type: 'text' },
+        createdAt: { type: 'timestamptz', required: true, hasDefault: true },
+        userId: { type: 'uuid', required: true },
+        publicKey: { type: 'bytea', required: true },
+        counter: { type: 'int4', required: true },
+        deviceType: { type: 'text', required: true },
+        backedUp: { type: 'bool', required: true },
+        transports: { type: '_text' },
+    },
+    sessions: {
+        id: { type: 'uuid', required: true, hasDefault: true },
+        userId: { type: 'uuid', required: true },
+        created: { type: 'timestamptz', required: true },
+        token: { type: 'text', required: true },
+        expires: { type: 'timestamptz', required: true },
+        elevated: { type: 'bool', required: true },
+    },
+};
+/**
+ * Checks that a table has the expected column types, nullability, and default values.
+ */
+export async function checkTableTypes(tableName, types, opt) {
+    io.start(`Checking for table ${tableName}`);
+    const dbTables = opt._metadata || (await database.introspection.getTables());
+    const table = dbTables.find(t => t.name === tableName);
+    if (!table)
+        throw 'missing.';
+    io.done();
+    const columns = Object.fromEntries(table.columns.map(c => [c.name, c]));
+    for (const [key, { type, required = false, hasDefault = false }] of Object.entries(types)) {
+        io.start(`Checking column ${tableName}.${key}`);
+        const col = columns[key];
+        if (!col)
+            throw 'missing.';
+        try {
+            if (col.dataType != type)
+                throw `incorrect type "${col.dataType}", expected ${type}`;
+            if (col.isNullable != !required)
+                throw required ? 'nullable' : 'not nullable';
+            if (col.hasDefaultValue != hasDefault)
+                throw hasDefault ? 'missing default' : 'has default';
+            io.done();
+        }
+        catch (e) {
+            if (opt.strict)
+                throw e;
+            io.warn(e);
+        }
+        delete columns[key];
+    }
+    if (!opt.extra)
+        return;
+    io.start('Checking for extra columns in ' + tableName);
+    const unchecked = Object.keys(columns)
+        .map(c => `${tableName}.${c}`)
+        .join(', ');
+    if (!unchecked.length)
+        io.done();
+    else if (opt.strict)
+        throw unchecked;
+    else
+        io.warn(unchecked);
+}
 export async function check(opt) {
     const env_2 = { stack: [], error: void 0, hasError: false };
     try {
@@ -280,18 +375,22 @@ export async function check(opt) {
         io.start('Connecting to database');
         const db = __addDisposableResource(env_2, connect(), true);
         io.done();
-        io.start('Checking users table');
-        await db.selectFrom('users').select(['id', 'email', 'emailVerified', 'image', 'name', 'preferences']).execute().then(io.done);
-        io.start('Checking sessions table');
-        await db.selectFrom('sessions').select(['id', 'userId', 'token', 'created', 'expires', 'elevated']).execute().then(io.done);
-        io.start('Checking verifications table');
-        await db.selectFrom('verifications').select(['userId', 'token', 'expires', 'role']).execute().then(io.done);
-        io.start('Checking passkeys table');
-        await db
-            .selectFrom('passkeys')
-            .select(['id', 'name', 'createdAt', 'userId', 'publicKey', 'counter', 'deviceType', 'backedUp', 'transports'])
-            .execute()
-            .then(io.done);
+        io.start('Getting table metadata');
+        opt._metadata = await db.introspection.getTables();
+        const tables = Object.fromEntries(opt._metadata.map(t => [t.name, t]));
+        io.done();
+        for (const table of Object.keys(expectedTypes)) {
+            await checkTableTypes(table, expectedTypes[table], opt);
+            delete tables[table];
+        }
+        io.start('Checking for extra tables');
+        const unchecked = Object.keys(tables).join(', ');
+        if (!unchecked.length)
+            io.done();
+        else if (opt.strict)
+            throw unchecked;
+        else
+            io.warn(unchecked);
     }
     catch (e_2) {
         env_2.error = e_2;
@@ -314,7 +413,7 @@ export async function clean(opt) {
         if (!plugin.hooks.clean)
             continue;
         io.plugin(plugin.name);
-        await plugin.hooks.clean(opt, db);
+        await plugin.hooks.clean(opt);
     }
 }
 /**
@@ -323,12 +422,12 @@ export async function clean(opt) {
 export async function uninstall(opt) {
     const env_3 = { stack: [], error: void 0, hasError: false };
     try {
-        const db = __addDisposableResource(env_3, connect(), true);
+        const _ = __addDisposableResource(env_3, connect(), true);
         for (const plugin of plugins) {
             if (!plugin.hooks.remove)
                 continue;
             io.plugin(plugin.name);
-            await plugin.hooks.remove(opt, db);
+            await plugin.hooks.remove(opt);
         }
         await _sql('DROP DATABASE axium', 'Dropping database');
         await _sql('REVOKE ALL PRIVILEGES ON SCHEMA public FROM axium', 'Revoking schema privileges');
@@ -365,13 +464,20 @@ export async function wipe(opt) {
         if (!plugin.hooks.db_wipe)
             continue;
         io.plugin(plugin.name);
-        await plugin.hooks.db_wipe(opt, db);
+        await plugin.hooks.db_wipe(opt);
     }
     for (const table of ['users', 'passkeys', 'sessions', 'verifications']) {
-        io.start(`Removing data from ${table}`);
+        io.start(`Wiping ${table}`);
         await db.deleteFrom(table).execute();
         io.done();
     }
+    for (const table of await database.introspection.getTables()) {
+        if (!table.name.startsWith('acl.'))
+            continue;
+        const name = table.name;
+        io.debug(`Wiping ${name}`);
+        await db.deleteFrom(name).execute();
+    }
 }
 export async function rotatePassword() {
     io.start('Generating new password');

package/dist/plugins.d.ts

@@ -1,19 +1,19 @@
-import z from 'zod';
-import type { Database, InitOptions, OpOptions } from './database.js';
+import * as z from 'zod';
+import type { InitOptions, OpOptions } from './database.js';
 export declare const PluginMetadata: z.ZodObject<{
     name: z.ZodString;
     version: z.ZodString;
     description: z.ZodOptional<z.ZodString>;
     routes: z.ZodOptional<z.ZodString>;
-}, z.z.core.$loose>;
+}, z.core.$loose>;
 export declare const Plugin: z.ZodObject<{
     name: z.ZodString;
     version: z.ZodString;
     description: z.ZodOptional<z.ZodString>;
     routes: z.ZodOptional<z.ZodString>;
-    statusText: z.ZodCustom<z.z.core.$InferInnerFunctionTypeAsync<z.z.core.$ZodTuple<[], null>, z.ZodString>, z.z.core.$InferInnerFunctionTypeAsync<z.z.core.$ZodTuple<[], null>, z.ZodString>>;
-    hooks: z.ZodOptional<z.ZodRecord<z.ZodLiteral<"remove" | "db_init" | "db_wipe" | "clean"> & z.z.core.$partial, z.ZodCustom<(...args: any[]) => any, (...args: any[]) => any>>>;
-}, z.z.core.$loose>;
+    statusText: z.ZodCustom<z.core.$InferInnerFunctionTypeAsync<z.core.$ZodTuple<[], null>, z.ZodString>, z.core.$InferInnerFunctionTypeAsync<z.core.$ZodTuple<[], null>, z.ZodString>>;
+    hooks: z.ZodOptional<z.ZodRecord<z.ZodLiteral<"remove" | "db_init" | "db_wipe" | "clean"> & z.core.$partial, z.ZodCustom<(...args: any[]) => any, (...args: any[]) => any>>>;
+}, z.core.$loose>;
 declare const kSpecifier: unique symbol;
 export type Plugin = z.infer<typeof Plugin>;
 interface PluginInternal extends Plugin {
@@ -21,12 +21,12 @@ interface PluginInternal extends Plugin {
     hooks: Hooks;
 }
 export interface Hooks {
-    db_init?: (opt: InitOptions, db: Database) => void | Promise<void>;
+    db_init?: (opt: InitOptions) => void | Promise<void>;
     remove?: (opt: {
         force?: boolean;
-    }, db: Database) => void | Promise<void>;
-    db_wipe?: (opt: OpOptions, db: Database) => void | Promise<void>;
-    clean?: (opt: Partial<OpOptions>, db: Database) => void | Promise<void>;
+    }) => void | Promise<void>;
+    db_wipe?: (opt: OpOptions) => void | Promise<void>;
+    clean?: (opt: Partial<OpOptions>) => void | Promise<void>;
 }
 export declare const plugins: Set<PluginInternal>;
 export declare function resolvePlugin(search: string): PluginInternal | undefined;

package/dist/plugins.js

@@ -2,7 +2,7 @@ import { zAsyncFunction } from '@axium/core/schemas';
 import * as fs from 'node:fs';
 import { resolve } from 'node:path/posix';
 import { styleText } from 'node:util';
-import z from 'zod';
+import * as z from 'zod';
 import { output } from './io.js';
 import { _unique } from './state.js';
 export const PluginMetadata = z.looseObject({

package/dist/requests.d.ts

@@ -1,6 +1,6 @@
 import { type User } from '@axium/core/user';
 import { type HttpError, type RequestEvent } from '@sveltejs/kit';
-import z from 'zod';
+import * as z from 'zod';
 import { type SessionAndUser, type UserInternal } from './auth.js';
 export declare function parseBody<const Schema extends z.ZodType, const Result extends z.infer<Schema> = z.infer<Schema>>(event: RequestEvent, schema: Schema): Promise<Result>;
 export declare function getToken(event: RequestEvent, sensitive?: boolean): string | undefined;

package/dist/requests.js

@@ -2,7 +2,7 @@ import { userProtectedFields, userPublicFields } from '@axium/core/user';
 import { error, json } from '@sveltejs/kit';
 import { serialize as serializeCookie } from 'cookie';
 import { pick } from 'utilium';
-import z from 'zod';
+import * as z from 'zod';
 import { createSession, getSessionAndUser, getUser } from './auth.js';
 import { config } from './config.js';
 export async function parseBody(event, schema) {

package/dist/routes.d.ts

@@ -42,6 +42,9 @@ export type Route = ServerRoute | WebRoute;
  * @internal
  */
 export declare const routes: Map<string, Route>;
+/**
+ * @category Plugin API
+ */
 export declare function addRoute(opt: RouteOptions): void;
 /**
  * Resolve a request URL into a route.

package/dist/routes.js

@@ -6,6 +6,9 @@ import { _unique } from './state.js';
  * @internal
  */
 export const routes = _unique('routes', new Map());
+/**
+ * @category Plugin API
+ */
 export function addRoute(opt) {
     const route = { ...opt, server: !('page' in opt) };
     if (!route.path.startsWith('/')) {

package/dist/sveltekit.js

@@ -2,7 +2,7 @@ import { error, json } from '@sveltejs/kit';
 import { readFileSync } from 'node:fs';
 import { styleText } from 'node:util';
 import { render } from 'svelte/server';
-import z from 'zod';
+import * as z from 'zod';
 import { config } from './config.js';
 import { resolveRoute } from './routes.js';
 async function handleAPIRequest(event, route) {

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@axium/server",
-	"version": "0.16.2",
+	"version": "0.17.0",
 	"author": "James Prevett <axium@jamespre.dev> (https://jamespre.dev)",
 	"funding": {
 		"type": "individual",
@@ -21,6 +21,7 @@
 	"exports": {
 		".": "./dist/index.js",
 		"./*": "./dist/*.js",
+		"./lib": "./web/lib/index.js",
 		"./lib/*": "./web/lib/*",
 		"./$hooks": "./web/hooks.server.ts",
 		"./$routes": "./routes",
@@ -32,7 +33,6 @@
 		"build",
 		"dist",
 		"routes",
-		"schema.json",
 		"svelte.config.js",
 		"web"
 	],

package/svelte.config.js

@@ -13,6 +13,9 @@ const fixed = p => join(import.meta.dirname, p);
 export default {
 	compilerOptions: {
 		runes: true,
+		warningFilter(w) {
+			if (w.code.startsWith('a11y')) return false;
+		},
 	},
 	preprocess: vitePreprocess({ script: true }),
 	vitePlugin: {

package/web/lib/AccessControl.svelte

@@ -0,0 +1,37 @@
+<script lang="ts">
+	import UserCard from './UserCard.svelte';
+	import type { Permission, AccessControl } from '@axium/core/access';
+	import { permissionNames } from '@axium/core/access';
+	import type { Entries } from 'utilium';
+
+	const { control, editable }: { control: AccessControl; editable: boolean } = $props();
+
+	const perm = $derived(permissionNames[control.permission as Permission]);
+
+	const permEntries = Object.entries(permissionNames) as any as Entries<typeof permissionNames>;
+</script>
+
+<div class="AccessControl">
+	{#if !control.user}<i>Unknown</i>
+	{:else}
+		<UserCard user={control.user} />
+		{#if editable}
+			<input type="hidden" name="userId" value={control.user.id} />
+			<select name="permission">
+				{#each permEntries as [key, name]}
+					<option value={key} selected={key == control.permission}>{name}</option>
+				{/each}
+			</select>
+		{:else}
+			<span>{perm}</span>
+		{/if}
+	{/if}
+</div>
+
+<style>
+	.AccessControl {
+		display: flex;
+		gap: 1em;
+		padding: 1em 2em;
+	}
+</style>

package/web/lib/AccessControlDialog.svelte

@@ -0,0 +1,12 @@
+<script lang="ts">
+	import FormDialog from './FormDialog.svelte';
+	import AccessControl from './AccessControl.svelte';
+
+	let { item, editable } = $props();
+</script>
+
+<FormDialog submitText="Save">
+	{#each item.acl as control}
+		<AccessControl {control} {editable} />
+	{/each}
+</FormDialog>

package/web/lib/Popover.svelte

@@ -7,8 +7,6 @@
 	}: { children(): any; toggle?(): any; id?: string } = $props();
 </script>
 
-<!-- svelte-ignore a11y_click_events_have_key_events -->
-<!-- svelte-ignore a11y_no_static_element_interactions -->
 <div onclick={e => e.stopPropagation()}>
 	<button style:display="contents" popovertarget={id}>
 		{#if toggle}

package/web/lib/Upload.svelte

@@ -10,27 +10,25 @@
 </script>
 
 <div>
-	{#if files?.length}
-		<label for={id} class="file">
-			{#each files as file}
-				<Icon i={forMime(file.type)} />
-				<span>{file.name}</span>
-				<button
-					onclick={e => {
-						e.preventDefault();
-						const dt = new DataTransfer();
-						for (let f of files) if (file !== f) dt.items.add(f);
-						input.files = files = dt.files;
-					}}
-					style:display="contents"
-				>
-					<Icon i="trash" />
-				</button>
-			{/each}
-		</label>
-	{:else}
-		<label for={id}><Icon i="upload" />Upload</label>
-	{/if}
+	<label for={id} class={[files?.length && 'file']}>
+		{#each files as file}
+			<Icon i={forMime(file.type)} />
+			<span>{file.name}</span>
+			<button
+				onclick={e => {
+					e.preventDefault();
+					const dt = new DataTransfer();
+					for (let f of files) if (file !== f) dt.items.add(f);
+					input.files = files = dt.files;
+				}}
+				style:display="contents"
+			>
+				<Icon i="trash" />
+			</button>
+		{:else}
+			<Icon i="upload" /> Upload
+		{/each}
+	</label>
 
 	<input bind:this={input} {name} {id} type="file" bind:files {...rest} />
 </div>

package/web/lib/WithContextMenu.svelte

@@ -13,7 +13,6 @@
 	}
 </script>
 
-<!-- svelte-ignore a11y_no_static_element_interactions -->
 <div class="WithContextMenu" {oncontextmenu} tabindex="-1">
 	{@render children()}