@axium/server 0.16.3 → 0.17.1

package/dist/database.js

@@ -77,11 +77,12 @@ export function connect() {
     return database;
 }
 // Helpers
-export async function count(table) {
-    const db = connect();
-    return (await db.selectFrom(table)
-        .select(db.fn.countAll().as('count'))
-        .executeTakeFirstOrThrow()).count;
+export async function count(...tables) {
+    return await database
+        .selectFrom(tables)
+        .select(() => tables.map(t => database.fn.countAll(t).as(t)))
+        .$castTo()
+        .executeTakeFirstOrThrow();
 }
 /**
  * Select the user with the id from the userId column of a table, placing it in the `user` property.
@@ -92,16 +93,9 @@ export function userFromId(eb) {
         .$castTo()
         .as('user');
 }
-export async function status() {
-    return {
-        users: await count('users'),
-        passkeys: await count('passkeys'),
-        sessions: await count('sessions'),
-    };
-}
-export async function statusText() {
+export async function statText() {
     try {
-        const stats = await status();
+        const stats = await count('users', 'passkeys', 'sessions');
         return `${stats.users} users, ${stats.passkeys} passkeys, ${stats.sessions} sessions`;
     }
     catch (error) {
@@ -152,6 +146,13 @@ const throwUnlessRows = (text) => {
         throw 'missing.';
     return text;
 };
+export async function createIndex(table, column, mod) {
+    io.start(`Creating index for ${table}.${column}`);
+    let query = database.schema.createIndex(`${table}_${column}_index`).on(table).column(column);
+    if (mod)
+        query = mod(query);
+    await query.execute().then(io.done).catch(warnExists);
+}
 export async function init(opt) {
     const env_1 = { stack: [], error: void 0, hasError: false };
     try {
@@ -195,7 +196,16 @@ export async function init(opt) {
         })
             .catch(io.warn);
         await _sql('SELECT pg_reload_conf()', 'Reloading configuration');
+        io.start('Connecting to database');
         const db = __addDisposableResource(env_1, connect(), true);
+        io.done();
+        function maybeCheck(table) {
+            return (e) => {
+                warnExists(e);
+                if (opt.check)
+                    return checkTableTypes(table, expectedTypes[table], opt);
+            };
+        }
         io.start('Creating table users');
         await db.schema
             .createTable('users')
@@ -211,7 +221,7 @@ export async function init(opt) {
             .addColumn('registeredAt', 'timestamptz', col => col.notNull().defaultTo(sql `now()`))
             .execute()
             .then(io.done)
-            .catch(warnExists);
+            .catch(maybeCheck('users'));
         io.start('Creating table sessions');
         await db.schema
             .createTable('sessions')
@@ -223,9 +233,8 @@ export async function init(opt) {
             .addColumn('elevated', 'boolean', col => col.notNull())
             .execute()
             .then(io.done)
-            .catch(warnExists);
-        io.start('Creating index for sessions.userId');
-        await db.schema.createIndex('sessions_userId_index').on('sessions').column('userId').execute().then(io.done).catch(warnExists);
+            .catch(maybeCheck('sessions'));
+        await createIndex('sessions', 'id');
         io.start('Creating table verifications');
         await db.schema
             .createTable('verifications')
@@ -235,14 +244,14 @@ export async function init(opt) {
             .addColumn('role', 'text', col => col.notNull())
             .execute()
             .then(io.done)
-            .catch(warnExists);
+            .catch(maybeCheck('verifications'));
         io.start('Creating table passkeys');
         await db.schema
             .createTable('passkeys')
             .addColumn('id', 'text', col => col.primaryKey().notNull())
             .addColumn('name', 'text')
             .addColumn('createdAt', 'timestamptz', col => col.notNull().defaultTo(sql `now()`))
-            .addColumn('userId', 'uuid', col => col.notNull().references('users.id').onDelete('cascade').onUpdate('cascade'))
+            .addColumn('userId', 'uuid', col => col.notNull().references('users.id').onDelete('cascade').notNull())
             .addColumn('publicKey', 'bytea', col => col.notNull())
             .addColumn('counter', 'integer', col => col.notNull())
             .addColumn('deviceType', 'text', col => col.notNull())
@@ -250,14 +259,15 @@ export async function init(opt) {
             .addColumn('transports', sql `text[]`)
             .execute()
             .then(io.done)
-            .catch(warnExists);
-        io.start('Creating index for passkeys.id');
-        await db.schema.createIndex('passkeys_id_key').on('passkeys').column('id').execute().then(io.done).catch(warnExists);
+            .catch(maybeCheck('passkeys'));
+        await createIndex('passkeys', 'userId');
+        io.start('Creating schema acl');
+        await db.schema.createSchema('acl').execute().then(io.done).catch(warnExists);
         for (const plugin of plugins) {
             if (!plugin.hooks.db_init)
                 continue;
             io.plugin(plugin.name);
-            await plugin.hooks.db_init(opt, db);
+            await plugin.hooks.db_init(opt);
         }
     }
     catch (e_1) {
@@ -270,6 +280,90 @@ export async function init(opt) {
             await result_1;
     }
 }
+export const expectedTypes = {
+    users: {
+        email: { type: 'text', required: true },
+        emailVerified: { type: 'timestamptz' },
+        id: { type: 'uuid', required: true, hasDefault: true },
+        image: { type: 'text' },
+        isAdmin: { type: 'bool', required: true, hasDefault: true },
+        name: { type: 'text' },
+        preferences: { type: 'jsonb', required: true, hasDefault: true },
+        registeredAt: { type: 'timestamptz', required: true, hasDefault: true },
+        roles: { type: '_text', required: true, hasDefault: true },
+        tags: { type: '_text', required: true, hasDefault: true },
+    },
+    verifications: {
+        userId: { type: 'uuid', required: true },
+        token: { type: 'text', required: true },
+        expires: { type: 'timestamptz', required: true },
+        role: { type: 'text', required: true },
+    },
+    passkeys: {
+        id: { type: 'text', required: true },
+        name: { type: 'text' },
+        createdAt: { type: 'timestamptz', required: true, hasDefault: true },
+        userId: { type: 'uuid', required: true },
+        publicKey: { type: 'bytea', required: true },
+        counter: { type: 'int4', required: true },
+        deviceType: { type: 'text', required: true },
+        backedUp: { type: 'bool', required: true },
+        transports: { type: '_text' },
+    },
+    sessions: {
+        id: { type: 'uuid', required: true, hasDefault: true },
+        userId: { type: 'uuid', required: true },
+        created: { type: 'timestamptz', required: true },
+        token: { type: 'text', required: true },
+        expires: { type: 'timestamptz', required: true },
+        elevated: { type: 'bool', required: true },
+    },
+};
+/**
+ * Checks that a table has the expected column types, nullability, and default values.
+ */
+export async function checkTableTypes(tableName, types, opt) {
+    io.start(`Checking for table ${tableName}`);
+    const dbTables = opt._metadata || (await database.introspection.getTables());
+    const table = dbTables.find(t => t.name === tableName);
+    if (!table)
+        throw 'missing.';
+    io.done();
+    const columns = Object.fromEntries(table.columns.map(c => [c.name, c]));
+    for (const [key, { type, required = false, hasDefault = false }] of Object.entries(types)) {
+        io.start(`Checking column ${tableName}.${key}`);
+        const col = columns[key];
+        if (!col)
+            throw 'missing.';
+        try {
+            if (col.dataType != type)
+                throw `incorrect type "${col.dataType}", expected ${type}`;
+            if (col.isNullable != !required)
+                throw required ? 'nullable' : 'not nullable';
+            if (col.hasDefaultValue != hasDefault)
+                throw hasDefault ? 'missing default' : 'has default';
+            io.done();
+        }
+        catch (e) {
+            if (opt.strict)
+                throw e;
+            io.warn(e);
+        }
+        delete columns[key];
+    }
+    if (!opt.extra)
+        return;
+    io.start('Checking for extra columns in ' + tableName);
+    const unchecked = Object.keys(columns)
+        .map(c => `${tableName}.${c}`)
+        .join(', ');
+    if (!unchecked.length)
+        io.done();
+    else if (opt.strict)
+        throw unchecked;
+    else
+        io.warn(unchecked);
+}
 export async function check(opt) {
     const env_2 = { stack: [], error: void 0, hasError: false };
     try {
@@ -280,18 +374,22 @@ export async function check(opt) {
         io.start('Connecting to database');
         const db = __addDisposableResource(env_2, connect(), true);
         io.done();
-        io.start('Checking users table');
-        await db.selectFrom('users').select(['id', 'email', 'emailVerified', 'image', 'name', 'preferences']).execute().then(io.done);
-        io.start('Checking sessions table');
-        await db.selectFrom('sessions').select(['id', 'userId', 'token', 'created', 'expires', 'elevated']).execute().then(io.done);
-        io.start('Checking verifications table');
-        await db.selectFrom('verifications').select(['userId', 'token', 'expires', 'role']).execute().then(io.done);
-        io.start('Checking passkeys table');
-        await db
-            .selectFrom('passkeys')
-            .select(['id', 'name', 'createdAt', 'userId', 'publicKey', 'counter', 'deviceType', 'backedUp', 'transports'])
-            .execute()
-            .then(io.done);
+        io.start('Getting table metadata');
+        opt._metadata = await db.introspection.getTables();
+        const tables = Object.fromEntries(opt._metadata.map(t => [t.name, t]));
+        io.done();
+        for (const table of Object.keys(expectedTypes)) {
+            await checkTableTypes(table, expectedTypes[table], opt);
+            delete tables[table];
+        }
+        io.start('Checking for extra tables');
+        const unchecked = Object.keys(tables).join(', ');
+        if (!unchecked.length)
+            io.done();
+        else if (opt.strict)
+            throw unchecked;
+        else
+            io.warn(unchecked);
     }
     catch (e_2) {
         env_2.error = e_2;
@@ -314,7 +412,7 @@ export async function clean(opt) {
         if (!plugin.hooks.clean)
             continue;
         io.plugin(plugin.name);
-        await plugin.hooks.clean(opt, db);
+        await plugin.hooks.clean(opt);
     }
 }
 /**
@@ -323,12 +421,12 @@ export async function clean(opt) {
 export async function uninstall(opt) {
     const env_3 = { stack: [], error: void 0, hasError: false };
     try {
-        const db = __addDisposableResource(env_3, connect(), true);
+        const _ = __addDisposableResource(env_3, connect(), true);
         for (const plugin of plugins) {
             if (!plugin.hooks.remove)
                 continue;
             io.plugin(plugin.name);
-            await plugin.hooks.remove(opt, db);
+            await plugin.hooks.remove(opt);
         }
         await _sql('DROP DATABASE axium', 'Dropping database');
         await _sql('REVOKE ALL PRIVILEGES ON SCHEMA public FROM axium', 'Revoking schema privileges');
@@ -365,13 +463,20 @@ export async function wipe(opt) {
         if (!plugin.hooks.db_wipe)
             continue;
         io.plugin(plugin.name);
-        await plugin.hooks.db_wipe(opt, db);
+        await plugin.hooks.db_wipe(opt);
     }
     for (const table of ['users', 'passkeys', 'sessions', 'verifications']) {
-        io.start(`Removing data from ${table}`);
+        io.start(`Wiping ${table}`);
         await db.deleteFrom(table).execute();
         io.done();
     }
+    for (const table of await database.introspection.getTables()) {
+        if (!table.name.startsWith('acl.'))
+            continue;
+        const name = table.name;
+        io.debug(`Wiping ${name}`);
+        await db.deleteFrom(name).execute();
+    }
 }
 export async function rotatePassword() {
     io.start('Generating new password');

package/dist/plugins.d.ts

@@ -1,5 +1,5 @@
 import * as z from 'zod';
-import type { Database, InitOptions, OpOptions } from './database.js';
+import type { InitOptions, OpOptions } from './database.js';
 export declare const PluginMetadata: z.ZodObject<{
     name: z.ZodString;
     version: z.ZodString;
@@ -21,12 +21,12 @@ interface PluginInternal extends Plugin {
     hooks: Hooks;
 }
 export interface Hooks {
-    db_init?: (opt: InitOptions, db: Database) => void | Promise<void>;
+    db_init?: (opt: InitOptions) => void | Promise<void>;
     remove?: (opt: {
         force?: boolean;
-    }, db: Database) => void | Promise<void>;
-    db_wipe?: (opt: OpOptions, db: Database) => void | Promise<void>;
-    clean?: (opt: Partial<OpOptions>, db: Database) => void | Promise<void>;
+    }) => void | Promise<void>;
+    db_wipe?: (opt: OpOptions) => void | Promise<void>;
+    clean?: (opt: Partial<OpOptions>) => void | Promise<void>;
 }
 export declare const plugins: Set<PluginInternal>;
 export declare function resolvePlugin(search: string): PluginInternal | undefined;

package/dist/routes.d.ts

@@ -42,6 +42,9 @@ export type Route = ServerRoute | WebRoute;
  * @internal
  */
 export declare const routes: Map<string, Route>;
+/**
+ * @category Plugin API
+ */
 export declare function addRoute(opt: RouteOptions): void;
 /**
  * Resolve a request URL into a route.

package/dist/routes.js

@@ -6,6 +6,9 @@ import { _unique } from './state.js';
  * @internal
  */
 export const routes = _unique('routes', new Map());
+/**
+ * @category Plugin API
+ */
 export function addRoute(opt) {
     const route = { ...opt, server: !('page' in opt) };
     if (!route.path.startsWith('/')) {

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@axium/server",
-	"version": "0.16.3",
+	"version": "0.17.1",
 	"author": "James Prevett <axium@jamespre.dev> (https://jamespre.dev)",
 	"funding": {
 		"type": "individual",

package/web/lib/AccessControl.svelte

@@ -0,0 +1,37 @@
+<script lang="ts">
+	import UserCard from './UserCard.svelte';
+	import type { Permission, AccessControl } from '@axium/core/access';
+	import { permissionNames } from '@axium/core/access';
+	import type { Entries } from 'utilium';
+
+	const { control, editable }: { control: AccessControl; editable: boolean } = $props();
+
+	const perm = $derived(permissionNames[control.permission as Permission]);
+
+	const permEntries = Object.entries(permissionNames) as any as Entries<typeof permissionNames>;
+</script>
+
+<div class="AccessControl">
+	{#if !control.user}<i>Unknown</i>
+	{:else}
+		<UserCard user={control.user} />
+		{#if editable}
+			<input type="hidden" name="userId" value={control.user.id} />
+			<select name="permission">
+				{#each permEntries as [key, name]}
+					<option value={key} selected={key == control.permission}>{name}</option>
+				{/each}
+			</select>
+		{:else}
+			<span>{perm}</span>
+		{/if}
+	{/if}
+</div>
+
+<style>
+	.AccessControl {
+		display: flex;
+		gap: 1em;
+		padding: 1em 2em;
+	}
+</style>

package/web/lib/AccessControlDialog.svelte

@@ -0,0 +1,12 @@
+<script lang="ts">
+	import FormDialog from './FormDialog.svelte';
+	import AccessControl from './AccessControl.svelte';
+
+	let { item, editable } = $props();
+</script>
+
+<FormDialog submitText="Save">
+	{#each item.acl as control}
+		<AccessControl {control} {editable} />
+	{/each}
+</FormDialog>