@balena/pinejs 15.0.0-build-15-x-4681209f5dd8d896491fb5ed64aea47df511c14d-1 → 15.0.0-build-15-x-bf3a44dfe299de8966cf9bc201fa13fdf9d4a747-1

package/src/migrator/utils.ts

@@ -19,11 +19,17 @@ export const migrations: Migrations = {
 				await tx.executeSql(`\
 					ALTER TABLE "migration"
 					MODIFY "executed migrations" JSON NOT NULL;`);
+				await tx.executeSql(`\
+					ALTER TABLE "migration status"
+					MODIFY "is backing off" JSON NOT NULL;`);
 				break;
 			case 'postgres':
 				await tx.executeSql(`\
 					ALTER TABLE "migration"
 					ALTER COLUMN "executed migrations" SET DATA TYPE JSONB USING b::JSONB;`);
+				await tx.executeSql(`\
+					ALTER TABLE "migration status"
+					ALTER COLUMN "is backing off" SET DATA TYPE JSONB USING b::JSONB;`);
 				break;
 			// No need to migrate for websql
 		}
@@ -53,8 +59,7 @@ export type AsyncMigrationFn = (
 ) => Resolvable<Result>;
 
 type AddFn<T extends {}, x extends 'sync' | 'async'> = T & {
-	syncFn: MigrationFn;
-	asyncFn: AsyncMigrationFn;
+	[key in `${x}Fn`]: key extends 'syncFn' ? MigrationFn : AsyncMigrationFn;
 } & {
 	[key in `${x}Sql`]?: undefined;
 };
@@ -79,13 +84,19 @@ export type AsyncMigration =
 	| AddFn<AddSql<BaseAsyncMigration, 'sync'>, 'async'>;
 
 export function isAsyncMigration(
-	migration: AsyncMigration | RunnableMigrations,
+	migration: string | MigrationFn | AsyncMigration | RunnableMigrations,
 ): migration is AsyncMigration {
-	return (migration as AsyncMigration).type === MigrationCategories.async;
+	return (
+		((typeof (migration as AsyncMigration).asyncFn === 'function' ||
+			typeof (migration as AsyncMigration).asyncSql === 'string') &&
+			(typeof (migration as AsyncMigration).syncFn === 'function' ||
+				typeof (migration as AsyncMigration).syncSql === 'string')) ||
+		(migration as AsyncMigration).type === MigrationCategories.async
+	);
 }
 
 export function isSyncMigration(
-	migration: string | MigrationFn | RunnableMigrations,
+	migration: string | MigrationFn | RunnableMigrations | AsyncMigration,
 ): migration is MigrationFn {
 	return typeof migration === 'function' || typeof migration === 'string';
 }

package/src/passport-pinejs/passport-pinejs.ts

@@ -10,7 +10,7 @@ import * as permissions from '../sbvr-api/permissions';
 export let login: (
 	fn: (
 		err: any,
-		user: {} | undefined,
+		user: {} | null | false | undefined,
 		req: Express.Request,
 		res: Express.Response,
 		next: Express.NextFunction,
@@ -54,15 +54,15 @@ const setup: ConfigLoader.SetupFunction = async (app: Express.Application) => {
 		passport.use(new LocalStrategy(checkPassword));
 
 		login = (fn) => (req, res, next) =>
-			passport.authenticate('local', (err, user?) => {
-				if (err || user == null) {
+			passport.authenticate('local', ((err, user) => {
+				if (err || user == null || user === false) {
 					fn(err, user, req, res, next);
 					return;
 				}
 				req.login(user, (error) => {
 					fn(error, user, req, res, next);
 				});
-			})(req, res, next);
+			}) as Passport.AuthenticateCallback)(req, res, next);
 
 		logout = (req, _res, next) => {
 			req.logout((error) => {

package/src/sbvr-api/abstract-sql.ts

@@ -1,6 +1,7 @@
 import * as _ from 'lodash';
 
 import * as AbstractSQLCompiler from '@balena/abstract-sql-compiler';
+import type { BindKey } from '@balena/odata-parser';
 import {
 	ODataBinds,
 	odataNameToSqlName,
@@ -95,7 +96,8 @@ export const getAndCheckBindValues = async (
 
 					const sqlTableName = odataNameToSqlName(tableName);
 					const sqlFieldName = odataNameToSqlName(fieldName);
-					const maybeField = sqlModelTables[sqlTableName].fields.find(
+					const table = sqlModelTables[sqlTableName];
+					const maybeField = (table.modifyFields ?? table.fields).find(
 						(f) => f.fieldName === sqlFieldName,
 					);
 					if (maybeField == null) {
@@ -122,7 +124,7 @@ export const getAndCheckBindValues = async (
 						throw new Error('Invalid binding');
 					}
 					let dataType;
-					[dataType, value] = odataBinds[bindValue];
+					[dataType, value] = odataBinds[bindValue as BindKey];
 					field = { dataType };
 				} else {
 					throw new Error(`Unknown binding: ${binding}`);

package/src/sbvr-api/hooks.ts

@@ -42,7 +42,9 @@ export interface Hooks {
 	PREPARSE?: (options: Omit<HookArgs, 'request' | 'api'>) => HookResponse;
 	POSTPARSE?: (options: HookArgs) => HookResponse;
 	PRERUN?: (options: HookArgs & { tx: Tx }) => HookResponse;
+	/** These are run in reverse translation order from newest to oldest */
 	POSTRUN?: (options: HookArgs & { tx: Tx; result: any }) => HookResponse;
+	/** These are run in reverse translation order from newest to oldest */
 	PRERESPOND?: (
 		options: HookArgs & {
 			tx: Tx;
@@ -53,6 +55,7 @@ export interface Hooks {
 			data?: any;
 		},
 	) => HookResponse;
+	/** These are run in reverse translation order from newest to oldest */
 	'POSTRUN-ERROR'?: (
 		options: HookArgs & { error: TypedError | any },
 	) => HookResponse;
@@ -126,13 +129,13 @@ class SideEffectHook<T extends HookFn> extends Hook<T> {
 
 // The execution order of rollback actions is unspecified
 export const rollbackRequestHooks = <T extends InstantiatedHooks>(
-	hooks: T | undefined,
+	hooksList: Array<[modelName: string, hooks: T]> | undefined,
 ): void => {
-	if (hooks == null) {
+	if (hooksList == null) {
 		return;
 	}
-	const sideEffectHooks = Object.values(hooks)
-		.flatMap((v): Array<Hook<HookFn>> => v)
+	const sideEffectHooks = hooksList
+		.flatMap(([, v]): Array<Hook<HookFn>> => Object.values(v).flat())
 		.filter(
 			(hook): hook is SideEffectHook<HookFn> => hook instanceof SideEffectHook,
 		);
@@ -177,21 +180,37 @@ const getResourceHooks = (vocabHooks: VocabHooks, resourceName?: string) => {
 const getVocabHooks = (
 	methodHooks: MethodHooks,
 	vocabulary: string,
-	resourceName?: string,
+	resourceName: string | undefined,
+	includeAllVocab: boolean,
 ) => {
 	if (methodHooks == null) {
 		return {};
 	}
+	const vocabHooks = getResourceHooks(methodHooks[vocabulary], resourceName);
+	if (!includeAllVocab) {
+		// Do not include `vocabulary='all'` hooks, useful for translated vocabularies
+		return vocabHooks;
+	}
 	return mergeHooks(
-		getResourceHooks(methodHooks[vocabulary], resourceName),
+		vocabHooks,
 		getResourceHooks(methodHooks['all'], resourceName),
 	);
 };
 const getMethodHooks = memoize(
-	(method: SupportedMethod, vocabulary: string, resourceName?: string) =>
+	(
+		method: SupportedMethod,
+		vocabulary: string,
+		resourceName: string | undefined,
+		includeAllVocab: boolean,
+	) =>
 		mergeHooks(
-			getVocabHooks(apiHooks[method], vocabulary, resourceName),
-			getVocabHooks(apiHooks['all'], vocabulary, resourceName),
+			getVocabHooks(
+				apiHooks[method],
+				vocabulary,
+				resourceName,
+				includeAllVocab,
+			),
+			getVocabHooks(apiHooks['all'], vocabulary, resourceName, includeAllVocab),
 		),
 	{ primitive: true },
 );
@@ -200,6 +219,7 @@ export const getHooks = (
 		OptionalField<ParsedODataRequest, 'resourceName'>,
 		'resourceName' | 'method' | 'vocabulary'
 	>,
+	includeAllVocab: boolean,
 ): InstantiatedHooks => {
 	let { resourceName } = request;
 	if (resourceName != null) {
@@ -208,10 +228,17 @@ export const getHooks = (
 				ParsedODataRequest,
 				'resourceName' | 'method' | 'vocabulary'
 			>,
-		);
+		)
+			// Remove version suffixes
+			.replace(/\$.*$/, '');
 	}
 	return instantiateHooks(
-		getMethodHooks(request.method, request.vocabulary, resourceName),
+		getMethodHooks(
+			request.method,
+			request.vocabulary,
+			resourceName,
+			includeAllVocab,
+		),
 	);
 };
 getHooks.clear = () => getMethodHooks.clear();
@@ -343,12 +370,11 @@ export const addPureHook = (
 	});
 };
 
-const defineApi = (args: HookArgs) => {
-	const { request, req, tx } = args;
-	const { vocabulary } = request;
+const defineApi = (modelName: string, args: HookArgs) => {
+	const { req, tx } = args;
 	Object.defineProperty(args, 'api', {
 		get: _.once(() =>
-			api[vocabulary].clone({
+			api[modelName].clone({
 				passthrough: { req, tx },
 			}),
 		),
@@ -360,6 +386,7 @@ type RunHookArgs<T extends keyof Hooks> = Omit<
 	'api'
 >;
 const getReadOnlyArgs = <T extends keyof Hooks>(
+	modelName: string,
 	args: RunHookArgs<T>,
 ): RunHookArgs<T> => {
 	if (args.tx == null || args.tx.isReadOnly()) {
@@ -369,38 +396,58 @@ const getReadOnlyArgs = <T extends keyof Hooks>(
 	let readOnlyArgs: typeof args;
 	readOnlyArgs = { ...args, tx: args.tx.asReadOnly() };
 	if ((args as HookArgs).request != null) {
-		defineApi(readOnlyArgs as HookArgs);
+		defineApi(modelName, readOnlyArgs as HookArgs);
 	}
 	return readOnlyArgs;
 };
 
 export const runHooks = async <T extends keyof Hooks>(
 	hookName: T,
-	hooksList: InstantiatedHooks | undefined,
+	/**
+	 * A list of modelName/hooks to run in order, which will be reversed for hooks after the "RUN" stage,
+	 * ie POSTRUN/PRERESPOND/POSTRUN-ERROR
+	 */
+	hooksList: Array<[modelName: string, hooks: InstantiatedHooks]> | undefined,
 	args: RunHookArgs<T>,
 ) => {
 	if (hooksList == null) {
 		return;
 	}
-	const hooks = hooksList[hookName];
-	if (hooks == null || hooks.length === 0) {
+	const hooks = hooksList
+		.map(([modelName, $hooks]): [string, InstantiatedHooks[T] | undefined] => [
+			modelName,
+			$hooks[hookName],
+		])
+		.filter(
+			(v): v is [string, InstantiatedHooks[T]] =>
+				v[1] != null && v[1].length > 0,
+		);
+	if (hooks.length === 0) {
 		return;
 	}
-
-	if ((args as HookArgs).request != null) {
-		defineApi(args as HookArgs);
+	if (['POSTRUN', 'PRERESPOND', 'POSTRUN-ERROR'].includes(hookName)) {
+		// Any hooks after we "run" the query are executed in reverse order from newest to oldest
+		// as they'll be translating the query results from "latest" backwards to the model that
+		// was actually requested
+		hooks.reverse();
 	}
 
-	let readOnlyArgs: RunHookArgs<T>;
+	for (const [modelName, modelHooks] of hooks) {
+		const modelArgs = { ...args };
+		let modelReadOnlyArgs: typeof modelArgs;
+		if ((args as HookArgs).request != null) {
+			defineApi(modelName, modelArgs as HookArgs);
+		}
 
-	await Promise.all(
-		(hooks as Array<Hook<HookFn>>).map(async (hook) => {
-			if (hook.readOnlyTx) {
-				readOnlyArgs ??= getReadOnlyArgs(args);
-				await hook.run(readOnlyArgs);
-			} else {
-				await hook.run(args);
-			}
-		}),
-	);
+		await Promise.all(
+			(modelHooks as Array<Hook<HookFn>>).map(async (hook) => {
+				if (hook.readOnlyTx) {
+					modelReadOnlyArgs ??= getReadOnlyArgs(modelName, modelArgs);
+					await hook.run(modelReadOnlyArgs);
+				} else {
+					await hook.run(modelArgs);
+				}
+			}),
+		);
+	}
 };

package/src/sbvr-api/permissions.ts

@@ -1,8 +1,8 @@
 import type {
 	AbstractSqlModel,
 	AbstractSqlQuery,
-	AbstractSqlType,
 	AliasNode,
+	AnyTypeNodes,
 	Definition,
 	FieldNode,
 	ReferencedFieldNode,
@@ -140,7 +140,7 @@ const $parsePermissions = env.createCache(
 	},
 );
 
-const rewriteBinds = (
+const rewriteODataBinds = (
 	{ tree, extraBinds }: { tree: ODataQuery; extraBinds: ODataBinds },
 	odataBinds: ODataBinds,
 ): ODataQuery => {
@@ -163,7 +163,7 @@ const parsePermissions = (
 	odataBinds: ODataBinds,
 ): ODataQuery => {
 	const odata = $parsePermissions(filter);
-	return rewriteBinds(odata, odataBinds);
+	return rewriteODataBinds(odata, odataBinds);
 };
 
 // Traverses all values in `check`, actions for the following data types:
@@ -657,7 +657,7 @@ const generateConstrainedAbstractSql = (
 	const select = abstractSqlQuery.find(
 		(v): v is SelectNode => v[0] === 'Select',
 	)!;
-	select[1] = select[1].map((selectField): AbstractSqlType => {
+	select[1] = select[1].map((selectField): AnyTypeNodes => {
 		if (selectField[0] === 'Alias') {
 			const sqlName = odataNameToSqlName((selectField as AliasNode<any>)[2]);
 			const maybeField = (
@@ -1045,9 +1045,12 @@ const getBoundConstrainedMemoizer = memoizeWeak(
 									permissionsLookup,
 									permissions,
 									vocabulary,
-									sqlNameToODataName(permissionsTable.name),
+									sqlNameToODataName(
+										permissionsTable.modifyName ?? permissionsTable.name,
+									),
 								),
 							);
+
 							return permissionsTable;
 						},
 					},
@@ -1602,7 +1605,7 @@ const getGuestPermissions = memoize(
 
 const getReqPermissions = async (
 	req: PermissionReq,
-	odataBinds: ODataBinds = [],
+	odataBinds: ODataBinds = [] as any as ODataBinds,
 ) => {
 	const guestPermissions = await (async () => {
 		if (
@@ -1636,7 +1639,8 @@ export const addPermissions = async (
 	req: PermissionReq,
 	request: ODataRequest & { permissionType?: PermissionCheck },
 ): Promise<void> => {
-	const { vocabulary, resourceName, odataQuery, odataBinds } = request;
+	const { resourceName, odataQuery, odataBinds } = request;
+	const vocabulary = _.last(request.translateVersions)!;
 	let abstractSqlModel = sbvrUtils.getAbstractSqlModel(request);
 
 	let { permissionType } = request;
@@ -1759,6 +1763,10 @@ export const setup = () => {
 					0,
 					-'#canAccess'.length,
 				);
+				request.originalResourceName = request.originalResourceName.slice(
+					0,
+					-'#canAccess'.length,
+				);
 				const resourceName = sbvrUtils.resolveSynonym(request);
 				const resourceTable = abstractSqlModel.tables[resourceName];
 				if (resourceTable == null) {