@balena/pinejs 15.0.0-delete-state-default-user-permissions-8b5de27c634f2e7581f0bcf3600066d2fe4bbf40 → 15.0.0-deprecate-node12-8a99d72ae66d7708293afc56c5d7eb19b39081cd

package/src/sbvr-api/hooks.ts

@@ -1,6 +1,6 @@
 import type { OptionalField, Resolvable } from './common-types';
 import type { Tx } from '../database-layer/db';
-import type { ODataRequest } from './uri-parser';
+import type { ODataRequest, ParsedODataRequest } from './uri-parser';
 import type { AnyObject } from 'pinejs-client-core';
 import type { TypedError } from 'typed-error';
 import type { SupportedMethod } from '@balena/odata-to-abstract-sql';
@@ -15,6 +15,7 @@ import {
 	resolveSynonym,
 	getAbstractSqlModel,
 	api,
+	Response,
 } from './sbvr-utils';
 
 export interface HookReq {
@@ -46,6 +47,9 @@ export interface Hooks {
 		options: HookArgs & {
 			tx: Tx;
 			result: any;
+			/** This can be mutated to modify the response sent to the client */
+			response: Response;
+			/** @deprecated Use the response object instead */
 			data?: any;
 		},
 	) => HookResponse;
@@ -127,11 +131,14 @@ export const rollbackRequestHooks = <T extends InstantiatedHooks>(
 	if (hooks == null) {
 		return;
 	}
-	settleMapSeries(_(hooks).flatMap().compact().value(), async (hook) => {
-		if (hook instanceof SideEffectHook) {
-			await hook.rollback();
-		}
-	});
+	settleMapSeries(
+		Object.values(hooks).flatMap((v): Array<Hook<HookFn>> => v),
+		async (hook) => {
+			if (hook instanceof SideEffectHook) {
+				await hook.rollback();
+			}
+		},
+	);
 };
 
 const instantiateHooks = (hooks: HookBlueprints): InstantiatedHooks =>
@@ -187,14 +194,17 @@ const getMethodHooks = memoize(
 );
 export const getHooks = (
 	request: Pick<
-		OptionalField<ODataRequest, 'resourceName'>,
+		OptionalField<ParsedODataRequest, 'resourceName'>,
 		'resourceName' | 'method' | 'vocabulary'
 	>,
 ): InstantiatedHooks => {
 	let { resourceName } = request;
 	if (resourceName != null) {
 		resourceName = resolveSynonym(
-			request as Pick<ODataRequest, 'resourceName' | 'method' | 'vocabulary'>,
+			request as Pick<
+				ParsedODataRequest,
+				'resourceName' | 'method' | 'vocabulary'
+			>,
 		);
 	}
 	return instantiateHooks(

package/src/sbvr-api/odata-response.ts

@@ -148,16 +148,16 @@ export const process = async (
 	);
 
 	const odataIdField = sqlNameToODataName(table.idField);
-	rows.forEach((row) => {
-		processedFields.forEach((fieldName) => {
+	for (const row of rows) {
+		for (const fieldName of processedFields) {
 			row[fieldName] = fetchProcessingFields[fieldName](row[fieldName]);
-		});
+		}
 		if (includeMetadata) {
 			row.__metadata = {
 				uri: resourceURI(vocab, resourceName, row[odataIdField]),
 			};
 		}
-	});
+	}
 
 	if (expandableFields.length > 0) {
 		await Promise.all(

package/src/sbvr-api/permissions.ts

@@ -22,7 +22,7 @@ import type {
 } from '@balena/odata-parser';
 import type { Tx } from '../database-layer/db';
 import type { ApiKey, User } from '../sbvr-api/sbvr-utils';
-import type { AnyObject } from './common-types';
+import type { AnyObject, Dictionary } from './common-types';
 
 import {
 	isBindReference,
@@ -172,7 +172,7 @@ const parsePermissions = (
 // array: Treated as an AND of all elements
 // object: Must have only one key of either `AND` or `OR`, with an array value that will be treated according to the key.
 const isAnd = <T>(x: any): x is NestedCheckAnd<T> =>
-	_.isObject(x) && 'and' in x;
+	typeof x === 'object' && 'and' in x;
 const isOr = <T>(x: any): x is NestedCheckOr<T> =>
 	typeof x === 'object' && 'or' in x;
 export function nestedCheck<I, O>(
@@ -312,7 +312,7 @@ const namespaceRelationships = (
 	});
 };
 
-type PermissionLookup = _.Dictionary<true | string[]>;
+type PermissionLookup = Dictionary<true | string[]>;
 
 const getPermissionsLookup = env.createCache(
 	'permissionsLookup',
@@ -420,9 +420,9 @@ const convertToLambda = (filter: AnyObject, identifier: string) => {
 			return;
 		}
 		if (Array.isArray(object)) {
-			object.forEach((element) => {
+			for (const element of object) {
 				replaceObject(element);
-			});
+			}
 		}
 
 		if (object.hasOwnProperty('name')) {
@@ -445,7 +445,7 @@ const rewriteSubPermissionBindings = (filter: AnyObject, counter: number) => {
 			object.bind = counter + object.bind;
 		}
 
-		if (Array.isArray(object) || _.isObject(object)) {
+		if (Array.isArray(object) || typeof object === 'object') {
 			_.forEach(object, (v) => {
 				rewrite(v);
 			});
@@ -487,7 +487,7 @@ const buildODataPermission = (
 			return {
 				filter: parsePermissions(permissionCheck, odata.binds),
 			};
-		} catch (e) {
+		} catch (e: any) {
 			console.warn(
 				'Failed to parse conditional permissions: ',
 				permissionCheck,
@@ -704,7 +704,7 @@ const onceGetter = <T, U extends keyof T>(
 				// and the delete removes that restriction
 				delete this[propName];
 				return (this[propName] = result);
-			} catch (e) {
+			} catch (e: any) {
 				thrownErr = e;
 				throw thrownErr;
 			} finally {
@@ -717,7 +717,7 @@ const onceGetter = <T, U extends keyof T>(
 const deepFreezeExceptDefinition = (obj: AnyObject) => {
 	Object.freeze(obj);
 
-	Object.getOwnPropertyNames(obj).forEach((prop) => {
+	for (const prop of Object.getOwnPropertyNames(obj)) {
 		// We skip the definition because we know it's a property we've defined that will throw an error in some cases
 		if (
 			prop !== 'definition' &&
@@ -727,7 +727,7 @@ const deepFreezeExceptDefinition = (obj: AnyObject) => {
 		) {
 			deepFreezeExceptDefinition(obj);
 		}
-	});
+	}
 };
 
 const createBypassDefinition = (definition: Definition) =>
@@ -880,7 +880,7 @@ const rewriteRelationship = memoizeWeak(
 									canAccess: canAccessFunction,
 								},
 							);
-						} catch (e) {
+						} catch (e: any) {
 							throw new ODataParser.SyntaxError(e);
 						}
 						if (foundCanAccessLink) {
@@ -908,7 +908,7 @@ const rewriteRelationship = memoizeWeak(
 				}
 			}
 
-			if (Array.isArray(object) || _.isObject(object)) {
+			if (Array.isArray(object) || typeof object === 'object') {
 				_.forEach(object, (v) => {
 					// we want to recurse into the relationship path, but
 					// in case we hit a plain string, we don't need to bother
@@ -963,7 +963,9 @@ const getBoundConstrainedMemoizer = memoizeWeak(
 			(permissionsLookup: PermissionLookup, vocabulary: string) => {
 				const constrainedAbstractSqlModel = _.cloneDeep(abstractSqlModel);
 
-				const origSynonyms = Object.keys(constrainedAbstractSqlModel.synonyms);
+				const origSynonyms = Object.entries(
+					constrainedAbstractSqlModel.synonyms,
+				);
 				constrainedAbstractSqlModel.synonyms = new Proxy(
 					constrainedAbstractSqlModel.synonyms,
 					{
@@ -975,9 +977,9 @@ const getBoundConstrainedMemoizer = memoizeWeak(
 							if (!alias) {
 								return;
 							}
-							origSynonyms.forEach((canonicalForm, synonym) => {
+							for (const [synonym, canonicalForm] of origSynonyms) {
 								synonyms[`${synonym}$${alias}`] = `${canonicalForm}$${alias}`;
-							});
+							}
 							return synonyms[permissionSynonym];
 						},
 					},
@@ -1242,7 +1244,7 @@ export const getUserPermissions = async (
 	}
 	try {
 		return await $getUserPermissions(userId, tx);
-	} catch (err) {
+	} catch (err: any) {
 		sbvrUtils.api.Auth.logger.error('Error loading user permissions', err);
 		throw err;
 	}
@@ -1370,7 +1372,7 @@ export const getApiKeyPermissions = async (
 	}
 	try {
 		return await $getApiKeyPermissions(apiKey, tx);
-	} catch (err) {
+	} catch (err: any) {
 		sbvrUtils.api.Auth.logger.error('Error loading api key permissions', err);
 		throw err;
 	}
@@ -1438,7 +1440,7 @@ const checkApiKey = async (
 	let permissions: string[];
 	try {
 		permissions = await getApiKeyPermissions(apiKey, tx);
-	} catch (err) {
+	} catch (err: any) {
 		console.warn('Error with API key:', err);
 		// Ignore errors getting the api key and just use an empty permissions object.
 		permissions = [];
@@ -1568,7 +1570,7 @@ export const checkPermissionsMiddleware =
 						'checkPermissionsMiddleware returned a conditional permission',
 					);
 			}
-		} catch (err) {
+		} catch (err: any) {
 			sbvrUtils.api.Auth.logger.error(
 				'Error checking permissions',
 				err,
@@ -1578,6 +1580,7 @@ export const checkPermissionsMiddleware =
 		}
 	};
 
+let guestPermissionsInitialized = false;
 const getGuestPermissions = memoize(
 	async () => {
 		// Get guest user
@@ -1601,6 +1604,7 @@ const getGuestPermissions = memoize(
 		if (guestPermissions.some((p) => DEFAULT_ACTOR_BIND_REGEX.test(p))) {
 			throw new Error('Guest permissions cannot reference actors');
 		}
+		guestPermissionsInitialized = true;
 		return guestPermissions;
 	},
 	{ promise: true },
@@ -1611,7 +1615,18 @@ const getReqPermissions = async (
 	odataBinds: ODataBinds = [],
 ) => {
 	const [guestPermissions] = await Promise.all([
-		getGuestPermissions(),
+		(async () => {
+			if (
+				guestPermissionsInitialized === false &&
+				(req.user === root.user || req.user === rootRead.user)
+			) {
+				// In the case that guest permissions are not initialized yet and the query is being made with root permissions
+				// then we need to bypass `getGuestPermissions` as it will cause an infinite loop back to here.
+				// Therefore to break that loop we just ignore guest permissions.
+				return [];
+			}
+			return await getGuestPermissions();
+		})(),
 		(async () => {
 			// TODO: Remove this extra actor ID lookup making actor non-optional and updating open-balena-api.
 			if (
@@ -1666,20 +1681,6 @@ export const addPermissions = async (
 		}
 	}
 
-	// This bypasses in the root cases, needed for fetching guest permissions to work, it can almost certainly be done better though
-	let permissions = req.user?.permissions ?? [];
-	permissions = permissions.concat(req.apiKey?.permissions ?? []);
-	if (
-		permissions.length > 0 &&
-		$checkPermissions(
-			getPermissionsLookup(permissions),
-			permissionType,
-			vocabulary,
-		) === true
-	) {
-		// We have unconditional permission to access the vocab so there's no need to intercept anything
-		return;
-	}
 	const permissionsLookup = await getReqPermissions(req, odataBinds);
 	// Update the request's abstract sql model to use the constrained version
 	request.abstractSqlModel = abstractSqlModel = memoizedGetConstrainedModel(
@@ -1799,8 +1800,13 @@ export const setup = () => {
 			}
 			await addPermissions(req, request);
 		},
-		PRERESPOND: ({ request, data }) => {
-			if (request.custom.isAction === 'canAccess' && _.isEmpty(data)) {
+		PRERESPOND: ({ request, response }) => {
+			if (
+				request.custom.isAction === 'canAccess' &&
+				(response.body == null ||
+					typeof response.body === 'string' ||
+					_.isEmpty(response.body?.d))
+			) {
 				// If the caller does not have any permissions to access the
 				// resource pine will throw a PermissionError. To have the
 				// same behavior for the case that the user has permissions

package/src/sbvr-api/sbvr-utils.ts

@@ -125,8 +125,8 @@ export interface ApiKey extends Actor {
 	actor?: number;
 }
 
-interface Response {
-	status?: number;
+export interface Response {
+	statusCode: number;
 	headers?:
 		| {
 				[headerName: string]: any;
@@ -171,13 +171,12 @@ const memoizedResolveNavigationResource = memoizeWeak(
 		resourceName: string,
 		navigationName: string,
 	): string => {
-		const navigation = _(odataNameToSqlName(navigationName))
+		const navigation = odataNameToSqlName(navigationName)
 			.split('-')
 			.flatMap((namePart) =>
 				memoizedResolvedSynonym(abstractSqlModel, namePart).split('-'),
-			)
-			.concat('$')
-			.value();
+			);
+		navigation.push('$');
 		const resolvedResourceName = memoizedResolvedSynonym(
 			abstractSqlModel,
 			resourceName,
@@ -330,10 +329,49 @@ const prettifyConstraintError = (
 	}
 };
 
+let cachedIsModelNew: Set<string> | undefined;
+
+/**
+ *
+ * @param tx database transaction - Needs to be executed in one contained config-loader transaction
+ * @param modelName name of the model to check the database for existence
+ * @returns true when the model was existing in database before pine config-loader is executed,
+ * 			false when the model was not existing before config-loader was executed.
+ *
+ * ATTENTION: This function needs to be executed in the same transaction as all model manipulating
+ * operations are executed in (as migration table operations). Otherwise it's possible that an INSERT INTO "model"
+ * statement executes and succeeds. Then afterwards execution fails and the isModelNew request would return `false`.
+ * In the case of migrations the table wouldn't have an entry and therefore it would try to run all the historical
+ * migrations on a new model.
+ */
+
+export const isModelNew = async (
+	tx: Db.Tx,
+	modelName: string,
+): Promise<boolean> => {
+	const result = await tx.tableList("name = 'model'");
+	if (result.rows.length === 0) {
+		return true;
+	}
+	if (cachedIsModelNew == null) {
+		const { rows } = await tx.executeSql(
+			`SELECT "is of-vocabulary" FROM "model";`,
+		);
+		cachedIsModelNew = new Set<string>(
+			rows.map((row) => row['is of-vocabulary']),
+		);
+	}
+
+	return !cachedIsModelNew.has(modelName);
+};
+
 export const validateModel = async (
 	tx: Db.Tx,
 	modelName: string,
-	request?: uriParser.ODataRequest,
+	request?: Pick<
+		uriParser.ODataRequest,
+		'abstractSqlQuery' | 'modifiedFields' | 'method' | 'vocabulary'
+	>,
 ): Promise<void> => {
 	await Promise.all(
 		models[modelName].sql.rules.map(async (rule) => {
@@ -550,7 +588,7 @@ export const executeModels = async (
 				);
 			}),
 		);
-	} catch (err) {
+	} catch (err: any) {
 		await Promise.all(
 			execModels.map(async ({ apiRoot }) => {
 				await cleanupModel(apiRoot);
@@ -772,6 +810,7 @@ export type Passthrough = AnyObject & {
 };
 
 export class PinejsClient extends PinejsClientCore<PinejsClient> {
+	// @ts-expect-error This is actually assigned by `super` so it is always declared but that isn't detected here
 	public passthrough: Passthrough;
 	public async _request({
 		method,
@@ -816,7 +855,7 @@ export const runURI = async (
 	let user: User | undefined;
 	let apiKey: ApiKey | undefined;
 
-	if (req != null && _.isObject(req)) {
+	if (req != null && typeof req === 'object') {
 		user = req.user;
 		apiKey = req.apiKey;
 	} else {
@@ -858,15 +897,15 @@ export const runURI = async (
 		throw response;
 	}
 
-	const { body: responseBody, status, headers } = response as Response;
+	const { body: responseBody, statusCode, headers } = response as Response;
 
-	if (status != null && status >= 400) {
+	if (statusCode != null && statusCode >= 400) {
 		const ErrorClass =
-			statusCodeToError[status as keyof typeof statusCodeToError];
+			statusCodeToError[statusCode as keyof typeof statusCodeToError];
 		if (ErrorClass != null) {
 			throw new ErrorClass(undefined, responseBody, headers);
 		}
-		throw new HttpError(status, undefined, responseBody, headers);
+		throw new HttpError(statusCode, undefined, responseBody, headers);
 	}
 
 	return responseBody as AnyObject | undefined;
@@ -925,12 +964,19 @@ const $getAffectedIds = async ({
 	}
 	// We reparse to make sure we get a clean odataQuery, without permissions already added
 	// And we use the request's url rather than the req for things like batch where the req url is ../$batch
-	let affectedRequest = await uriParser.parseOData({
-		method: request.method,
-		url: `/${request.vocabulary}${request.url}`,
-	});
+	const parsedRequest: uriParser.ParsedODataRequest &
+		Partial<Pick<uriParser.ODataRequest, 'engine'>> =
+		await uriParser.parseOData({
+			method: request.method,
+			url: `/${request.vocabulary}${request.url}`,
+		});
 
-	affectedRequest.engine = request.engine;
+	parsedRequest.engine = request.engine;
+	// Mark that the engine is required now that we've set it
+	let affectedRequest: uriParser.ODataRequest = parsedRequest as RequiredField<
+		typeof parsedRequest,
+		'engine'
+	>;
 	const abstractSqlModel = getAbstractSqlModel(affectedRequest);
 	const resourceName = resolveSynonym(affectedRequest);
 	const resourceTable = abstractSqlModel.tables[resourceName];
@@ -1016,8 +1062,16 @@ const runODataRequest = (req: Express.Request, vocabulary: string) => {
 				requests = [{ method, url, data: body }];
 			}
 
-			const prepareRequest = async ($request: uriParser.ODataRequest) => {
-				$request.engine = db.engine;
+			const prepareRequest = async (
+				parsedRequest: uriParser.ParsedODataRequest &
+					Partial<Pick<uriParser.ODataRequest, 'engine'>>,
+			): Promise<uriParser.ODataRequest> => {
+				parsedRequest.engine = db.engine;
+				// Mark that the engine is required now that we've set it
+				const $request: uriParser.ODataRequest = parsedRequest as RequiredField<
+					typeof parsedRequest,
+					'engine'
+				>;
 				// Get the full hooks list now that we can.
 				$request.hooks = getHooks($request);
 				// Add/check the relevant permissions
@@ -1029,7 +1083,7 @@ const runODataRequest = (req: Express.Request, vocabulary: string) => {
 					});
 					const translatedRequest = await uriParser.translateUri($request);
 					return await compileRequest(translatedRequest);
-				} catch (err) {
+				} catch (err: any) {
 					rollbackRequestHooks(reqHooks);
 					rollbackRequestHooks($request.hooks);
 					throw err;
@@ -1038,12 +1092,13 @@ const runODataRequest = (req: Express.Request, vocabulary: string) => {
 
 			// Parse the OData requests
 			const results = await mappingFn(requests, async (requestPart) => {
-				let request = await uriParser.parseOData(requestPart);
+				const parsedRequest = await uriParser.parseOData(requestPart);
 
-				if (Array.isArray(request)) {
-					request = await controlFlow.mapSeries(request, prepareRequest);
+				let request: uriParser.ODataRequest | uriParser.ODataRequest[];
+				if (Array.isArray(parsedRequest)) {
+					request = await controlFlow.mapSeries(parsedRequest, prepareRequest);
 				} else {
-					request = await prepareRequest(request);
+					request = await prepareRequest(parsedRequest);
 				}
 				// Run the request in its own transaction
 				return await runTransaction<Response | Response[]>(
@@ -1054,9 +1109,9 @@ const runODataRequest = (req: Express.Request, vocabulary: string) => {
 						tx.on('rollback', () => {
 							rollbackRequestHooks(reqHooks);
 							if (Array.isArray(request)) {
-								request.forEach(({ hooks }) => {
+								for (const { hooks } of request) {
 									rollbackRequestHooks(hooks);
-								});
+								}
 							} else {
 								rollbackRequestHooks(request.hooks);
 							}
@@ -1083,7 +1138,7 @@ const runODataRequest = (req: Express.Request, vocabulary: string) => {
 						if (
 							!Array.isArray(result) &&
 							result.body == null &&
-							result.status == null
+							result.statusCode == null
 						) {
 							console.error('No status or body set', req.url, responses);
 							return new InternalRequestError();
@@ -1131,7 +1186,7 @@ export const handleODataRequest: Express.Handler = async (req, res, next) => {
 				}),
 			);
 		}
-	} catch (e) {
+	} catch (e: any) {
 		if (handleHttpErrors(req, res, e)) {
 			return;
 		}
@@ -1163,11 +1218,9 @@ export const handleHttpErrors = (
 	return false;
 };
 const handleResponse = (res: Express.Response, response: Response): void => {
-	const { body, headers, status } = response as Response;
+	const { body, headers, statusCode } = response as Response;
 	res.set(headers);
-	if (status != null) {
-		res.status(status);
-	}
+	res.status(statusCode);
 	if (!body) {
 		res.end();
 	} else {
@@ -1177,9 +1230,9 @@ const handleResponse = (res: Express.Response, response: Response): void => {
 
 const httpErrorToResponse = (
 	err: HttpError,
-): RequiredField<Response, 'status'> => {
+): RequiredField<Response, 'statusCode'> => {
 	return {
-		status: err.status,
+		statusCode: err.status,
 		body: err.getResponseBody(),
 		headers: err.headers,
 	};
@@ -1246,7 +1299,7 @@ const runRequest = async (
 					result = await runDelete(req, request, tx);
 					break;
 			}
-		} catch (err) {
+		} catch (err: any) {
 			if (err instanceof db.DatabaseError) {
 				prettifyConstraintError(err, request);
 				logger.error(err);
@@ -1270,7 +1323,7 @@ const runRequest = async (
 		}
 
 		await runHooks('POSTRUN', request.hooks, { req, request, result, tx });
-	} catch (err) {
+	} catch (err: any) {
 		await runHooks('POSTRUN-ERROR', request.hooks, {
 			req,
 			request,
@@ -1294,7 +1347,7 @@ const runChangeSet =
 			throw new Error('No request id');
 		}
 		result.headers ??= {};
-		result.headers['Content-Id'] = request.id;
+		result.headers['content-id'] = request.id;
 		changeSetResults.set(request.id, result);
 	};
 
@@ -1464,24 +1517,31 @@ const respondGet = async (
 			{ includeMetadata: metadata === 'full' },
 		);
 
+		const response = {
+			statusCode: 200,
+			body: { d },
+			headers: { 'content-type': 'application/json' },
+		};
 		await runHooks('PRERESPOND', request.hooks, {
 			req,
 			request,
 			result,
+			response,
 			data: d,
 			tx,
 		});
-		return { body: { d }, headers: { contentType: 'application/json' } };
+		return response;
 	} else {
 		if (request.resourceName === '$metadata') {
 			return {
+				statusCode: 200,
 				body: models[vocab].odataMetadata,
-				headers: { contentType: 'xml' },
+				headers: { 'content-type': 'xml' },
 			};
 		} else {
 			// TODO: request.resourceName can be '$serviceroot' or a resource and we should return an odata xml document based on that
 			return {
-				status: 404,
+				statusCode: 404,
 			};
 		}
 	}
@@ -1532,21 +1592,23 @@ const respondPost = async (
 		}
 	}
 
+	const response = {
+		statusCode: 201,
+		body: result.d[0],
+		headers: {
+			'content-type': 'application/json',
+			location,
+		},
+	};
 	await runHooks('PRERESPOND', request.hooks, {
 		req,
 		request,
 		result,
+		response,
 		tx,
 	});
 
-	return {
-		status: 201,
-		body: result.d[0],
-		headers: {
-			contentType: 'application/json',
-			Location: location,
-		},
-	};
+	return response;
 };
 
 const runPut = async (
@@ -1580,16 +1642,17 @@ const respondPut = async (
 	result: any,
 	tx: Db.Tx,
 ): Promise<Response> => {
+	const response = {
+		statusCode: 200,
+	};
 	await runHooks('PRERESPOND', request.hooks, {
 		req,
 		request,
 		result,
+		response,
 		tx,
 	});
-	return {
-		status: 200,
-		headers: {},
-	};
+	return response;
 };
 const respondDelete = respondPut;
 const respondOptions = respondPut;
@@ -1630,7 +1693,7 @@ export const executeStandardModels = async (tx: Db.Tx): Promise<void> => {
 		});
 		await executeModels(tx, permissions.config.models);
 		console.info('Successfully executed standard models.');
-	} catch (err) {
+	} catch (err: any) {
 		console.error('Failed to execute standard models.', err);
 		throw err;
 	}
@@ -1646,7 +1709,7 @@ export const setup = async (
 			await executeStandardModels(tx);
 			await permissions.setup();
 		});
-	} catch (err) {
+	} catch (err: any) {
 		console.error('Could not execute standard models', err);
 		process.exit(1);
 	}