@baseplate-dev/project-builder-lib 0.5.0 → 0.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +464 -0
- package/dist/compiler/admin-crud-action-compiler.d.ts +18 -0
- package/dist/compiler/admin-crud-action-compiler.d.ts.map +1 -0
- package/dist/compiler/admin-crud-action-compiler.js +6 -0
- package/dist/compiler/admin-crud-action-compiler.js.map +1 -0
- package/dist/compiler/admin-crud-column-compiler-spec.d.ts +6 -12
- package/dist/compiler/admin-crud-column-compiler-spec.d.ts.map +1 -1
- package/dist/compiler/admin-crud-column-compiler-spec.js +6 -29
- package/dist/compiler/admin-crud-column-compiler-spec.js.map +1 -1
- package/dist/compiler/admin-crud-input-spec.d.ts +6 -11
- package/dist/compiler/admin-crud-input-spec.d.ts.map +1 -1
- package/dist/compiler/admin-crud-input-spec.js +6 -26
- package/dist/compiler/admin-crud-input-spec.js.map +1 -1
- package/dist/compiler/app-compiler-spec.d.ts +8 -12
- package/dist/compiler/app-compiler-spec.d.ts.map +1 -1
- package/dist/compiler/app-compiler-spec.js +11 -18
- package/dist/compiler/app-compiler-spec.js.map +1 -1
- package/dist/compiler/index.d.ts +1 -1
- package/dist/compiler/index.d.ts.map +1 -1
- package/dist/compiler/index.js +1 -1
- package/dist/compiler/index.js.map +1 -1
- package/dist/compiler/model-transformer-compiler-spec.d.ts +6 -11
- package/dist/compiler/model-transformer-compiler-spec.d.ts.map +1 -1
- package/dist/compiler/model-transformer-compiler-spec.js +6 -26
- package/dist/compiler/model-transformer-compiler-spec.js.map +1 -1
- package/dist/definition/model/model-field-utils.js +4 -4
- package/dist/definition/model/model-field-utils.js.map +1 -1
- package/dist/definition/model/model-transformer-utils.d.ts +4 -6
- package/dist/definition/model/model-transformer-utils.d.ts.map +1 -1
- package/dist/definition/model/model-transformer-utils.js +8 -10
- package/dist/definition/model/model-transformer-utils.js.map +1 -1
- package/dist/definition/model/model-utils.js +3 -3
- package/dist/definition/model/model-utils.js.map +1 -1
- package/dist/definition/packages/package-utils.d.ts +11 -9
- package/dist/definition/packages/package-utils.d.ts.map +1 -1
- package/dist/definition/packages/package-utils.js +22 -11
- package/dist/definition/packages/package-utils.js.map +1 -1
- package/dist/definition/plugins/plugin-utils.d.ts.map +1 -1
- package/dist/definition/plugins/plugin-utils.js +2 -2
- package/dist/definition/plugins/plugin-utils.js.map +1 -1
- package/dist/definition/project-definition-container.d.ts +3 -3
- package/dist/definition/project-definition-container.d.ts.map +1 -1
- package/dist/definition/project-definition-container.js +2 -2
- package/dist/definition/project-definition-container.js.map +1 -1
- package/dist/definition/project-definition-container.test-utils.d.ts.map +1 -1
- package/dist/definition/project-definition-container.test-utils.js +8 -5
- package/dist/definition/project-definition-container.test-utils.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.js +1 -0
- package/dist/migrations/index.d.ts.map +1 -1
- package/dist/migrations/index.js +5 -1
- package/dist/migrations/index.js.map +1 -1
- package/dist/migrations/migration-007-model-graphql.js +1 -1
- package/dist/migrations/migration-007-model-graphql.js.map +1 -1
- package/dist/migrations/migration-020-move-redis-to-infrastructure.js +1 -1
- package/dist/migrations/migration-020-move-redis-to-infrastructure.js.map +1 -1
- package/dist/migrations/migration-021-migrate-bullmq-to-plugin.js +1 -1
- package/dist/migrations/migration-021-migrate-bullmq-to-plugin.js.map +1 -1
- package/dist/migrations/migration-022-rename-packages-to-libraries.d.ts +37 -0
- package/dist/migrations/migration-022-rename-packages-to-libraries.d.ts.map +1 -0
- package/dist/migrations/migration-022-rename-packages-to-libraries.js +45 -0
- package/dist/migrations/migration-022-rename-packages-to-libraries.js.map +1 -0
- package/dist/migrations/migration-023-assign-app-ports.d.ts +34 -0
- package/dist/migrations/migration-023-assign-app-ports.d.ts.map +1 -0
- package/dist/migrations/migration-023-assign-app-ports.js +49 -0
- package/dist/migrations/migration-023-assign-app-ports.js.map +1 -0
- package/dist/parser/parser.d.ts +4 -4
- package/dist/parser/parser.d.ts.map +1 -1
- package/dist/parser/parser.js +17 -42
- package/dist/parser/parser.js.map +1 -1
- package/dist/plugins/context/index.d.ts +2 -0
- package/dist/plugins/context/index.d.ts.map +1 -0
- package/dist/plugins/context/index.js +2 -0
- package/dist/plugins/context/index.js.map +1 -0
- package/dist/plugins/context/plugin-context.d.ts +30 -0
- package/dist/plugins/context/plugin-context.d.ts.map +1 -0
- package/dist/plugins/context/plugin-context.js +38 -0
- package/dist/plugins/context/plugin-context.js.map +1 -0
- package/dist/plugins/imports/loader.d.ts +11 -20
- package/dist/plugins/imports/loader.d.ts.map +1 -1
- package/dist/plugins/imports/loader.js +28 -69
- package/dist/plugins/imports/loader.js.map +1 -1
- package/dist/plugins/imports/types.d.ts +72 -13
- package/dist/plugins/imports/types.d.ts.map +1 -1
- package/dist/plugins/imports/types.js +17 -1
- package/dist/plugins/imports/types.js.map +1 -1
- package/dist/plugins/index.d.ts +3 -1
- package/dist/plugins/index.d.ts.map +1 -1
- package/dist/plugins/index.js +3 -1
- package/dist/plugins/index.js.map +1 -1
- package/dist/plugins/migrations/run-migrations.d.ts +2 -2
- package/dist/plugins/migrations/run-migrations.d.ts.map +1 -1
- package/dist/plugins/migrations/run-migrations.js +2 -2
- package/dist/plugins/migrations/run-migrations.js.map +1 -1
- package/dist/plugins/spec/auth-config-spec.d.ts +13 -9
- package/dist/plugins/spec/auth-config-spec.d.ts.map +1 -1
- package/dist/plugins/spec/auth-config-spec.js +16 -3
- package/dist/plugins/spec/auth-config-spec.js.map +1 -1
- package/dist/plugins/spec/auth-models-spec.d.ts +16 -0
- package/dist/plugins/spec/auth-models-spec.d.ts.map +1 -0
- package/dist/plugins/spec/auth-models-spec.js +16 -0
- package/dist/plugins/spec/auth-models-spec.js.map +1 -0
- package/dist/plugins/spec/config-spec.d.ts +8 -13
- package/dist/plugins/spec/config-spec.d.ts.map +1 -1
- package/dist/plugins/spec/config-spec.js +21 -36
- package/dist/plugins/spec/config-spec.js.map +1 -1
- package/dist/plugins/spec/index.d.ts +1 -1
- package/dist/plugins/spec/index.d.ts.map +1 -1
- package/dist/plugins/spec/index.js +1 -1
- package/dist/plugins/spec/index.js.map +1 -1
- package/dist/plugins/spec/types.d.ts +66 -25
- package/dist/plugins/spec/types.d.ts.map +1 -1
- package/dist/plugins/spec/types.js +27 -10
- package/dist/plugins/spec/types.js.map +1 -1
- package/dist/plugins/spec/web-config-spec.d.ts +7 -10
- package/dist/plugins/spec/web-config-spec.d.ts.map +1 -1
- package/dist/plugins/spec/web-config-spec.js +6 -19
- package/dist/plugins/spec/web-config-spec.js.map +1 -1
- package/dist/plugins/store/index.d.ts.map +1 -0
- package/dist/plugins/store/index.js.map +1 -0
- package/dist/plugins/store/store.d.ts +23 -0
- package/dist/plugins/store/store.d.ts.map +1 -0
- package/dist/plugins/store/store.js +36 -0
- package/dist/plugins/store/store.js.map +1 -0
- package/dist/plugins/utils/create-field-map-spec.d.ts +17 -0
- package/dist/plugins/utils/create-field-map-spec.d.ts.map +1 -0
- package/dist/plugins/utils/create-field-map-spec.js +27 -0
- package/dist/plugins/utils/create-field-map-spec.js.map +1 -0
- package/dist/plugins/utils/create-plugin-field-map.d.ts +24 -0
- package/dist/plugins/utils/create-plugin-field-map.d.ts.map +1 -0
- package/dist/plugins/utils/create-plugin-field-map.js +29 -0
- package/dist/plugins/utils/create-plugin-field-map.js.map +1 -0
- package/dist/plugins/utils/index.d.ts +3 -0
- package/dist/plugins/utils/index.d.ts.map +1 -0
- package/dist/plugins/utils/index.js +3 -0
- package/dist/plugins/utils/index.js.map +1 -0
- package/dist/references/collect-refs.d.ts +5 -1
- package/dist/references/collect-refs.d.ts.map +1 -1
- package/dist/references/collect-refs.js +20 -1
- package/dist/references/collect-refs.js.map +1 -1
- package/dist/references/definition-ref-builder.d.ts.map +1 -1
- package/dist/references/expression-types.d.ts +152 -0
- package/dist/references/expression-types.d.ts.map +1 -0
- package/dist/references/expression-types.js +46 -0
- package/dist/references/expression-types.js.map +1 -0
- package/dist/references/extend-parser-context-with-refs.d.ts +13 -0
- package/dist/references/extend-parser-context-with-refs.d.ts.map +1 -1
- package/dist/references/extend-parser-context-with-refs.js +39 -1
- package/dist/references/extend-parser-context-with-refs.js.map +1 -1
- package/dist/references/extract-definition-refs.d.ts +6 -3
- package/dist/references/extract-definition-refs.d.ts.map +1 -1
- package/dist/references/extract-definition-refs.js +25 -4
- package/dist/references/extract-definition-refs.js.map +1 -1
- package/dist/references/index.d.ts +1 -0
- package/dist/references/index.d.ts.map +1 -1
- package/dist/references/index.js +1 -0
- package/dist/references/index.js.map +1 -1
- package/dist/references/markers.d.ts +23 -0
- package/dist/references/markers.d.ts.map +1 -1
- package/dist/references/markers.js +16 -0
- package/dist/references/markers.js.map +1 -1
- package/dist/references/resolve-zod-ref-payload-names.d.ts.map +1 -1
- package/dist/references/resolve-zod-ref-payload-names.js +1 -0
- package/dist/references/resolve-zod-ref-payload-names.js.map +1 -1
- package/dist/references/strip-ref-markers.d.ts +3 -3
- package/dist/references/strip-ref-markers.d.ts.map +1 -1
- package/dist/references/strip-ref-markers.js +7 -4
- package/dist/references/strip-ref-markers.js.map +1 -1
- package/dist/references/types.d.ts +5 -0
- package/dist/references/types.d.ts.map +1 -1
- package/dist/references/types.js.map +1 -1
- package/dist/schema/apps/backend/index.d.ts +2 -2
- package/dist/schema/apps/backend/index.js +1 -1
- package/dist/schema/apps/backend/index.js.map +1 -1
- package/dist/schema/apps/base.d.ts +2 -0
- package/dist/schema/apps/base.d.ts.map +1 -1
- package/dist/schema/apps/base.js +1 -0
- package/dist/schema/apps/base.js.map +1 -1
- package/dist/schema/apps/web/admin/sections/crud-actions/admin-action-spec.d.ts +6 -13
- package/dist/schema/apps/web/admin/sections/crud-actions/admin-action-spec.d.ts.map +1 -1
- package/dist/schema/apps/web/admin/sections/crud-actions/admin-action-spec.js +5 -26
- package/dist/schema/apps/web/admin/sections/crud-actions/admin-action-spec.js.map +1 -1
- package/dist/schema/apps/web/admin/sections/crud-actions/admin-crud-action.d.ts.map +1 -1
- package/dist/schema/apps/web/admin/sections/crud-actions/admin-crud-action.js +1 -3
- package/dist/schema/apps/web/admin/sections/crud-actions/admin-crud-action.js.map +1 -1
- package/dist/schema/apps/web/admin/sections/crud-actions/types.d.ts.map +1 -1
- package/dist/schema/apps/web/admin/sections/crud-columns/admin-column-spec.d.ts +6 -12
- package/dist/schema/apps/web/admin/sections/crud-columns/admin-column-spec.d.ts.map +1 -1
- package/dist/schema/apps/web/admin/sections/crud-columns/admin-column-spec.js +5 -26
- package/dist/schema/apps/web/admin/sections/crud-columns/admin-column-spec.js.map +1 -1
- package/dist/schema/apps/web/admin/sections/crud-columns/admin-crud-column.d.ts.map +1 -1
- package/dist/schema/apps/web/admin/sections/crud-columns/admin-crud-column.js +1 -3
- package/dist/schema/apps/web/admin/sections/crud-columns/admin-crud-column.js.map +1 -1
- package/dist/schema/apps/web/admin/sections/crud-form/admin-crud-input.d.ts.map +1 -1
- package/dist/schema/apps/web/admin/sections/crud-form/admin-crud-input.js +1 -3
- package/dist/schema/apps/web/admin/sections/crud-form/admin-crud-input.js.map +1 -1
- package/dist/schema/apps/web/admin/sections/crud-form/admin-input-spec.d.ts +7 -13
- package/dist/schema/apps/web/admin/sections/crud-form/admin-input-spec.d.ts.map +1 -1
- package/dist/schema/apps/web/admin/sections/crud-form/admin-input-spec.js +5 -26
- package/dist/schema/apps/web/admin/sections/crud-form/admin-input-spec.js.map +1 -1
- package/dist/schema/apps/web/web-app.d.ts +2 -0
- package/dist/schema/apps/web/web-app.d.ts.map +1 -1
- package/dist/schema/apps/web/web-app.js +1 -0
- package/dist/schema/apps/web/web-app.js.map +1 -1
- package/dist/schema/creator/types.d.ts +9 -4
- package/dist/schema/creator/types.d.ts.map +1 -1
- package/dist/schema/index.d.ts +1 -1
- package/dist/schema/index.d.ts.map +1 -1
- package/dist/schema/index.js +1 -1
- package/dist/schema/index.js.map +1 -1
- package/dist/schema/{packages → libraries}/base.d.ts +3 -3
- package/dist/schema/libraries/base.d.ts.map +1 -0
- package/dist/schema/libraries/base.js +10 -0
- package/dist/schema/libraries/base.js.map +1 -0
- package/dist/schema/libraries/index.d.ts +3 -0
- package/dist/schema/libraries/index.d.ts.map +1 -0
- package/dist/schema/libraries/index.js +3 -0
- package/dist/schema/libraries/index.js.map +1 -0
- package/dist/schema/libraries/library.d.ts +19 -0
- package/dist/schema/libraries/library.d.ts.map +1 -0
- package/dist/schema/libraries/library.js +13 -0
- package/dist/schema/libraries/library.js.map +1 -0
- package/dist/schema/libraries/types.d.ts +2 -0
- package/dist/schema/libraries/types.d.ts.map +1 -0
- package/dist/schema/libraries/types.js +3 -0
- package/dist/schema/libraries/types.js.map +1 -0
- package/dist/schema/models/authorizer/authorizer-expression-acorn-parser.d.ts +30 -0
- package/dist/schema/models/authorizer/authorizer-expression-acorn-parser.d.ts.map +1 -0
- package/dist/schema/models/authorizer/authorizer-expression-acorn-parser.js +291 -0
- package/dist/schema/models/authorizer/authorizer-expression-acorn-parser.js.map +1 -0
- package/dist/schema/models/authorizer/authorizer-expression-ast.d.ts +159 -0
- package/dist/schema/models/authorizer/authorizer-expression-ast.d.ts.map +1 -0
- package/dist/schema/models/authorizer/authorizer-expression-ast.js +31 -0
- package/dist/schema/models/authorizer/authorizer-expression-ast.js.map +1 -0
- package/dist/schema/models/authorizer/authorizer-expression-parser.d.ts +77 -0
- package/dist/schema/models/authorizer/authorizer-expression-parser.d.ts.map +1 -0
- package/dist/schema/models/authorizer/authorizer-expression-parser.js +147 -0
- package/dist/schema/models/authorizer/authorizer-expression-parser.js.map +1 -0
- package/dist/schema/models/authorizer/authorizer-expression-validator.d.ts +51 -0
- package/dist/schema/models/authorizer/authorizer-expression-validator.d.ts.map +1 -0
- package/dist/schema/models/authorizer/authorizer-expression-validator.js +125 -0
- package/dist/schema/models/authorizer/authorizer-expression-validator.js.map +1 -0
- package/dist/schema/models/authorizer/authorizer.d.ts +59 -0
- package/dist/schema/models/authorizer/authorizer.d.ts.map +1 -0
- package/dist/schema/models/authorizer/authorizer.js +56 -0
- package/dist/schema/models/authorizer/authorizer.js.map +1 -0
- package/dist/schema/models/authorizer/index.d.ts +7 -0
- package/dist/schema/models/authorizer/index.d.ts.map +1 -0
- package/dist/schema/models/authorizer/index.js +7 -0
- package/dist/schema/models/authorizer/index.js.map +1 -0
- package/dist/schema/models/authorizer/types.d.ts +6 -0
- package/dist/schema/models/authorizer/types.d.ts.map +1 -0
- package/dist/schema/models/authorizer/types.js +8 -0
- package/dist/schema/models/authorizer/types.js.map +1 -0
- package/dist/schema/models/index.d.ts +2 -860
- package/dist/schema/models/index.d.ts.map +1 -1
- package/dist/schema/models/index.js +2 -222
- package/dist/schema/models/index.js.map +1 -1
- package/dist/schema/models/models.d.ts +914 -0
- package/dist/schema/models/models.d.ts.map +1 -0
- package/dist/schema/models/models.js +225 -0
- package/dist/schema/models/models.js.map +1 -0
- package/dist/schema/models/transformers/model-transformer-spec.d.ts +5 -11
- package/dist/schema/models/transformers/model-transformer-spec.d.ts.map +1 -1
- package/dist/schema/models/transformers/model-transformer-spec.js +5 -30
- package/dist/schema/models/transformers/model-transformer-spec.js.map +1 -1
- package/dist/schema/models/transformers/transformers.d.ts.map +1 -1
- package/dist/schema/models/transformers/transformers.js +2 -4
- package/dist/schema/models/transformers/transformers.js.map +1 -1
- package/dist/schema/plugins/definition.js +1 -1
- package/dist/schema/plugins/definition.js.map +1 -1
- package/dist/schema/project-definition.d.ts +52 -34
- package/dist/schema/project-definition.d.ts.map +1 -1
- package/dist/schema/project-definition.js +2 -10
- package/dist/schema/project-definition.js.map +1 -1
- package/dist/schema/settings/monorepo.d.ts +2 -2
- package/dist/schema/settings/monorepo.js +8 -8
- package/dist/schema/settings/monorepo.js.map +1 -1
- package/dist/schema/settings/settings.d.ts +3 -3
- package/dist/schema/settings/theme.d.ts +3 -3
- package/dist/specs/index.d.ts +2 -0
- package/dist/specs/index.d.ts.map +1 -0
- package/dist/specs/index.js +2 -0
- package/dist/specs/index.js.map +1 -0
- package/dist/specs/packages/index.d.ts +3 -0
- package/dist/specs/packages/index.d.ts.map +1 -0
- package/dist/specs/packages/index.js +3 -0
- package/dist/specs/packages/index.js.map +1 -0
- package/dist/specs/packages/library-type-spec.d.ts +76 -0
- package/dist/specs/packages/library-type-spec.d.ts.map +1 -0
- package/dist/specs/packages/library-type-spec.js +31 -0
- package/dist/specs/packages/library-type-spec.js.map +1 -0
- package/dist/specs/packages/package-compiler-types.d.ts +111 -0
- package/dist/specs/packages/package-compiler-types.d.ts.map +1 -0
- package/dist/specs/packages/package-compiler-types.js +85 -0
- package/dist/specs/packages/package-compiler-types.js.map +1 -0
- package/dist/tools/model-merger/model-merger.js +1 -1
- package/dist/tools/model-merger/model-merger.js.map +1 -1
- package/dist/utils/color-conversions.js +1 -1
- package/dist/utils/color-conversions.js.map +1 -1
- package/dist/web/components/feature-combobox-field.d.ts.map +1 -1
- package/dist/web/components/feature-combobox-field.js +1 -1
- package/dist/web/components/feature-combobox-field.js.map +1 -1
- package/dist/web/components/model-combobox-field.d.ts.map +1 -1
- package/dist/web/components/model-combobox-field.js +1 -1
- package/dist/web/components/model-combobox-field.js.map +1 -1
- package/dist/web/hooks/use-project-definition.d.ts +2 -2
- package/dist/web/hooks/use-project-definition.d.ts.map +1 -1
- package/dist/web/specs/admin-crud-action-web-spec.d.ts +6 -12
- package/dist/web/specs/admin-crud-action-web-spec.d.ts.map +1 -1
- package/dist/web/specs/admin-crud-action-web-spec.js +6 -29
- package/dist/web/specs/admin-crud-action-web-spec.js.map +1 -1
- package/dist/web/specs/admin-crud-column-web-spec.d.ts +6 -12
- package/dist/web/specs/admin-crud-column-web-spec.d.ts.map +1 -1
- package/dist/web/specs/admin-crud-column-web-spec.js +6 -29
- package/dist/web/specs/admin-crud-column-web-spec.js.map +1 -1
- package/dist/web/specs/admin-crud-input-web-spec.d.ts +6 -12
- package/dist/web/specs/admin-crud-input-web-spec.d.ts.map +1 -1
- package/dist/web/specs/admin-crud-input-web-spec.js +6 -29
- package/dist/web/specs/admin-crud-input-web-spec.js.map +1 -1
- package/dist/web/specs/model-transformer-web-spec.d.ts +8 -13
- package/dist/web/specs/model-transformer-web-spec.d.ts.map +1 -1
- package/dist/web/specs/model-transformer-web-spec.js +16 -28
- package/dist/web/specs/model-transformer-web-spec.js.map +1 -1
- package/package.json +10 -9
- package/dist/compiler/admin-crud-action-spec.d.ts +0 -26
- package/dist/compiler/admin-crud-action-spec.d.ts.map +0 -1
- package/dist/compiler/admin-crud-action-spec.js +0 -29
- package/dist/compiler/admin-crud-action-spec.js.map +0 -1
- package/dist/plugins/schema/index.d.ts.map +0 -1
- package/dist/plugins/schema/index.js.map +0 -1
- package/dist/plugins/schema/store.d.ts +0 -8
- package/dist/plugins/schema/store.d.ts.map +0 -1
- package/dist/plugins/schema/store.js +0 -17
- package/dist/plugins/schema/store.js.map +0 -1
- package/dist/plugins/spec/auth-model-config-spec.d.ts +0 -14
- package/dist/plugins/spec/auth-model-config-spec.d.ts.map +0 -1
- package/dist/plugins/spec/auth-model-config-spec.js +0 -6
- package/dist/plugins/spec/auth-model-config-spec.js.map +0 -1
- package/dist/schema/packages/base.d.ts.map +0 -1
- package/dist/schema/packages/base.js +0 -10
- package/dist/schema/packages/base.js.map +0 -1
- package/dist/schema/packages/index.d.ts +0 -4
- package/dist/schema/packages/index.d.ts.map +0 -1
- package/dist/schema/packages/index.js +0 -4
- package/dist/schema/packages/index.js.map +0 -1
- package/dist/schema/packages/node-library/index.d.ts +0 -16
- package/dist/schema/packages/node-library/index.d.ts.map +0 -1
- package/dist/schema/packages/node-library/index.js +0 -10
- package/dist/schema/packages/node-library/index.js.map +0 -1
- package/dist/schema/packages/types.d.ts +0 -6
- package/dist/schema/packages/types.d.ts.map +0 -1
- package/dist/schema/packages/types.js +0 -6
- package/dist/schema/packages/types.js.map +0 -1
- /package/dist/plugins/{schema → store}/index.d.ts +0 -0
- /package/dist/plugins/{schema → store}/index.js +0 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authorizer-expression-ast.d.ts","sourceRoot":"","sources":["../../../../src/schema/models/authorizer/authorizer-expression-ast.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH;;GAEG;AACH,MAAM,MAAM,wBAAwB,GAChC,mBAAmB,GACnB,WAAW,GACX,eAAe,GACf,iBAAiB,CAAC;AAEtB;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,iBAAiB,CAAC;IACxB,QAAQ,EAAE,KAAK,CAAC;IAChB,IAAI,EAAE,YAAY,CAAC;IACnB,KAAK,EAAE,YAAY,CAAC;CACrB;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,SAAS,CAAC;IAChB,kCAAkC;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,4EAA4E;IAC5E,SAAS,EAAE,MAAM,CAAC;IAClB,0EAA0E;IAC1E,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,aAAa,CAAC;IACpB,mCAAmC;IACnC,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,8EAA8E;IAC9E,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,4EAA4E;IAC5E,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,eAAe,CAAC;IACtB,QAAQ,EAAE,IAAI,GAAG,IAAI,CAAC;IACtB,IAAI,EAAE,wBAAwB,CAAC;IAC/B,KAAK,EAAE,wBAAwB,CAAC;CACjC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,UAAU,CAAC;IACjB,mDAAmD;IACnD,MAAM,EAAE,OAAO,GAAG,MAAM,CAAC;IACzB,oCAAoC;IACpC,KAAK,EAAE,MAAM,CAAC;IACd,yDAAyD;IACzD,KAAK,EAAE,MAAM,CAAC;IACd,uDAAuD;IACvD,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,qBAAqB;IACrB,GAAG,EAAE,wBAAwB,CAAC;IAC9B,8DAA8D;IAC9D,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,qDAAqD;IACrD,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,sDAAsD;IACtD,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,yDAAyD;IACzD,aAAa,EAAE,OAAO,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;GAEG;AACH,qBAAa,8BAA+B,SAAQ,KAAK;IACvD,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;gBAElB,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,YAAY;gBACxC,OAAO,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM;CAiB1E"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AST node types for authorizer expressions.
|
|
3
|
+
*
|
|
4
|
+
* These represent the semantic structure of expressions like:
|
|
5
|
+
* - `model.id === userId`
|
|
6
|
+
* - `hasRole('admin')`
|
|
7
|
+
* - `hasSomeRole(['admin', 'moderator'])`
|
|
8
|
+
* - `model.id === userId || hasRole('admin')`
|
|
9
|
+
*
|
|
10
|
+
* The AST is produced by parsing with Acorn and converting from ESTree.
|
|
11
|
+
*/
|
|
12
|
+
/**
|
|
13
|
+
* Error thrown when parsing an authorizer expression fails.
|
|
14
|
+
*/
|
|
15
|
+
export class AuthorizerExpressionParseError extends Error {
|
|
16
|
+
startPosition;
|
|
17
|
+
endPosition;
|
|
18
|
+
constructor(message, positionOrStart, endPosition) {
|
|
19
|
+
super(message);
|
|
20
|
+
this.name = 'AuthorizerExpressionParseError';
|
|
21
|
+
if (typeof positionOrStart === 'object') {
|
|
22
|
+
this.startPosition = positionOrStart.start;
|
|
23
|
+
this.endPosition = positionOrStart.end;
|
|
24
|
+
}
|
|
25
|
+
else {
|
|
26
|
+
this.startPosition = positionOrStart;
|
|
27
|
+
this.endPosition = endPosition;
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
//# sourceMappingURL=authorizer-expression-ast.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authorizer-expression-ast.js","sourceRoot":"","sources":["../../../../src/schema/models/authorizer/authorizer-expression-ast.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAwJH;;GAEG;AACH,MAAM,OAAO,8BAA+B,SAAQ,KAAK;IAC9C,aAAa,CAAU;IACvB,WAAW,CAAU;IAI9B,YACE,OAAe,EACf,eAAuC,EACvC,WAAoB;QAEpB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,gCAAgC,CAAC;QAE7C,IAAI,OAAO,eAAe,KAAK,QAAQ,EAAE,CAAC;YACxC,IAAI,CAAC,aAAa,GAAG,eAAe,CAAC,KAAK,CAAC;YAC3C,IAAI,CAAC,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,aAAa,GAAG,eAAe,CAAC;YACrC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QACjC,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
import type { RefExpressionDependency, RefExpressionWarning, ResolvedExpressionSlots } from '#src/references/expression-types.js';
|
|
3
|
+
import { RefExpressionParser } from '#src/references/expression-types.js';
|
|
4
|
+
import type { modelEntityType } from '../types.js';
|
|
5
|
+
import type { AuthorizerExpressionInfo } from './authorizer-expression-ast.js';
|
|
6
|
+
/**
|
|
7
|
+
* Expression parser for model authorizer role expressions.
|
|
8
|
+
*
|
|
9
|
+
* Parses expressions like:
|
|
10
|
+
* - `model.id === auth.userId` (ownership check)
|
|
11
|
+
* - `auth.hasRole('admin')` (global role check)
|
|
12
|
+
* - `model.id === auth.userId || auth.hasRole('admin')` (combined)
|
|
13
|
+
*
|
|
14
|
+
* Uses Acorn to parse JavaScript expressions and validates
|
|
15
|
+
* that only supported constructs are used.
|
|
16
|
+
*
|
|
17
|
+
* @example
|
|
18
|
+
* ```typescript
|
|
19
|
+
* const schema = z.object({
|
|
20
|
+
* expression: ctx.withExpression(authorizerExpressionParser, { model: modelSlot }),
|
|
21
|
+
* });
|
|
22
|
+
* ```
|
|
23
|
+
*/
|
|
24
|
+
export declare class AuthorizerExpressionParser extends RefExpressionParser<string, AuthorizerExpressionInfo | undefined, {
|
|
25
|
+
model: typeof modelEntityType;
|
|
26
|
+
}> {
|
|
27
|
+
readonly name = "authorizer-expression";
|
|
28
|
+
/**
|
|
29
|
+
* Zod schema for validating expression strings.
|
|
30
|
+
* Requires a non-empty string value.
|
|
31
|
+
*/
|
|
32
|
+
readonly schema: z.ZodString;
|
|
33
|
+
/**
|
|
34
|
+
* Parse the expression string into an AST.
|
|
35
|
+
*
|
|
36
|
+
* @param value - The expression string
|
|
37
|
+
* @param _projectDef - The project definition (unused during parsing)
|
|
38
|
+
* @returns The parsed expression info, or undefined if parsing fails
|
|
39
|
+
*/
|
|
40
|
+
parse(value: string): AuthorizerExpressionInfo | undefined;
|
|
41
|
+
/**
|
|
42
|
+
* Get validation warnings for the expression.
|
|
43
|
+
*
|
|
44
|
+
* Validates:
|
|
45
|
+
* - Syntax errors from parsing
|
|
46
|
+
* - Model field references exist
|
|
47
|
+
* - Auth field references are valid
|
|
48
|
+
* - Role names exist in project config (warning only)
|
|
49
|
+
*/
|
|
50
|
+
getWarnings(value: string, parseResult: AuthorizerExpressionInfo | undefined, projectDef: unknown, resolvedSlots: ResolvedExpressionSlots<{
|
|
51
|
+
model: typeof modelEntityType;
|
|
52
|
+
}>): RefExpressionWarning[];
|
|
53
|
+
/**
|
|
54
|
+
* Get entity/field dependencies from the expression.
|
|
55
|
+
*
|
|
56
|
+
* Currently returns empty array as we don't yet track
|
|
57
|
+
* entity-level dependencies (just field names).
|
|
58
|
+
* Future: could track model field entity references for renames.
|
|
59
|
+
*/
|
|
60
|
+
getDependencies(): RefExpressionDependency[];
|
|
61
|
+
/**
|
|
62
|
+
* Update the expression when dependencies are renamed.
|
|
63
|
+
*
|
|
64
|
+
* Currently returns value unchanged as we don't yet
|
|
65
|
+
* support field renames in expressions.
|
|
66
|
+
*/
|
|
67
|
+
updateForRename(value: string): string;
|
|
68
|
+
/**
|
|
69
|
+
* Extract model context from the project definition container using resolved slots.
|
|
70
|
+
*/
|
|
71
|
+
private getModelContext;
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Singleton instance of AuthorizerExpressionParser.
|
|
75
|
+
*/
|
|
76
|
+
export declare const authorizerExpressionParser: AuthorizerExpressionParser;
|
|
77
|
+
//# sourceMappingURL=authorizer-expression-parser.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authorizer-expression-parser.d.ts","sourceRoot":"","sources":["../../../../src/schema/models/authorizer/authorizer-expression-parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,KAAK,EACV,uBAAuB,EACvB,oBAAoB,EACpB,uBAAuB,EACxB,MAAM,qCAAqC,CAAC;AAE7C,OAAO,EAAE,mBAAmB,EAAE,MAAM,qCAAqC,CAAC;AAE1E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,gCAAgC,CAAC;AAM/E;;;;;;;;;;;;;;;;;GAiBG;AACH,qBAAa,0BAA2B,SAAQ,mBAAmB,CACjE,MAAM,EACN,wBAAwB,GAAG,SAAS,EACpC;IAAE,KAAK,EAAE,OAAO,eAAe,CAAA;CAAE,CAClC;IACC,QAAQ,CAAC,IAAI,2BAA2B;IAExC;;;OAGG;IACH,QAAQ,CAAC,MAAM,cAA+C;IAE9D;;;;;;OAMG;IACH,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG,wBAAwB,GAAG,SAAS;IAY1D;;;;;;;;OAQG;IACH,WAAW,CACT,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,wBAAwB,GAAG,SAAS,EACjD,UAAU,EAAE,OAAO,EACnB,aAAa,EAAE,uBAAuB,CAAC;QAAE,KAAK,EAAE,OAAO,eAAe,CAAA;KAAE,CAAC,GACxE,oBAAoB,EAAE;IAuCzB;;;;;;OAMG;IACH,eAAe,IAAI,uBAAuB,EAAE;IAK5C;;;;;OAKG;IACH,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAKtC;;OAEG;IACH,OAAO,CAAC,eAAe;CAyCxB;AAED;;GAEG;AACH,eAAO,MAAM,0BAA0B,4BAAmC,CAAC"}
|
|
@@ -0,0 +1,147 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
import { RefExpressionParser } from '#src/references/expression-types.js';
|
|
3
|
+
import { parseAuthorizerExpression } from './authorizer-expression-acorn-parser.js';
|
|
4
|
+
import { AuthorizerExpressionParseError } from './authorizer-expression-ast.js';
|
|
5
|
+
import { validateAuthorizerExpression } from './authorizer-expression-validator.js';
|
|
6
|
+
/**
|
|
7
|
+
* Expression parser for model authorizer role expressions.
|
|
8
|
+
*
|
|
9
|
+
* Parses expressions like:
|
|
10
|
+
* - `model.id === auth.userId` (ownership check)
|
|
11
|
+
* - `auth.hasRole('admin')` (global role check)
|
|
12
|
+
* - `model.id === auth.userId || auth.hasRole('admin')` (combined)
|
|
13
|
+
*
|
|
14
|
+
* Uses Acorn to parse JavaScript expressions and validates
|
|
15
|
+
* that only supported constructs are used.
|
|
16
|
+
*
|
|
17
|
+
* @example
|
|
18
|
+
* ```typescript
|
|
19
|
+
* const schema = z.object({
|
|
20
|
+
* expression: ctx.withExpression(authorizerExpressionParser, { model: modelSlot }),
|
|
21
|
+
* });
|
|
22
|
+
* ```
|
|
23
|
+
*/
|
|
24
|
+
export class AuthorizerExpressionParser extends RefExpressionParser {
|
|
25
|
+
name = 'authorizer-expression';
|
|
26
|
+
/**
|
|
27
|
+
* Zod schema for validating expression strings.
|
|
28
|
+
* Requires a non-empty string value.
|
|
29
|
+
*/
|
|
30
|
+
schema = z.string().min(1, 'Expression is required');
|
|
31
|
+
/**
|
|
32
|
+
* Parse the expression string into an AST.
|
|
33
|
+
*
|
|
34
|
+
* @param value - The expression string
|
|
35
|
+
* @param _projectDef - The project definition (unused during parsing)
|
|
36
|
+
* @returns The parsed expression info, or undefined if parsing fails
|
|
37
|
+
*/
|
|
38
|
+
parse(value) {
|
|
39
|
+
try {
|
|
40
|
+
return parseAuthorizerExpression(value);
|
|
41
|
+
}
|
|
42
|
+
catch (error) {
|
|
43
|
+
if (error instanceof AuthorizerExpressionParseError) {
|
|
44
|
+
// Return undefined for parse errors - they'll be reported as warnings
|
|
45
|
+
return undefined;
|
|
46
|
+
}
|
|
47
|
+
throw error;
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
/**
|
|
51
|
+
* Get validation warnings for the expression.
|
|
52
|
+
*
|
|
53
|
+
* Validates:
|
|
54
|
+
* - Syntax errors from parsing
|
|
55
|
+
* - Model field references exist
|
|
56
|
+
* - Auth field references are valid
|
|
57
|
+
* - Role names exist in project config (warning only)
|
|
58
|
+
*/
|
|
59
|
+
getWarnings(value, parseResult, projectDef, resolvedSlots) {
|
|
60
|
+
const warnings = [];
|
|
61
|
+
// If parsing failed, report the error as a warning
|
|
62
|
+
if (!parseResult) {
|
|
63
|
+
try {
|
|
64
|
+
parseAuthorizerExpression(value);
|
|
65
|
+
}
|
|
66
|
+
catch (error) {
|
|
67
|
+
if (error instanceof AuthorizerExpressionParseError) {
|
|
68
|
+
warnings.push({
|
|
69
|
+
message: error.message,
|
|
70
|
+
});
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
return warnings;
|
|
74
|
+
}
|
|
75
|
+
// Cast to ProjectDefinitionContainer - the parser receives the container
|
|
76
|
+
const container = projectDef;
|
|
77
|
+
// Get model context from resolved slots
|
|
78
|
+
const modelContext = this.getModelContext(container, resolvedSlots);
|
|
79
|
+
if (!modelContext) {
|
|
80
|
+
// Can't validate without model context
|
|
81
|
+
return warnings;
|
|
82
|
+
}
|
|
83
|
+
// Validate the expression (container provides role access via authConfigSpec)
|
|
84
|
+
const validationWarnings = validateAuthorizerExpression(parseResult.ast, modelContext, container);
|
|
85
|
+
warnings.push(...validationWarnings);
|
|
86
|
+
return warnings;
|
|
87
|
+
}
|
|
88
|
+
/**
|
|
89
|
+
* Get entity/field dependencies from the expression.
|
|
90
|
+
*
|
|
91
|
+
* Currently returns empty array as we don't yet track
|
|
92
|
+
* entity-level dependencies (just field names).
|
|
93
|
+
* Future: could track model field entity references for renames.
|
|
94
|
+
*/
|
|
95
|
+
getDependencies() {
|
|
96
|
+
// TODO: Track model field entities for rename support
|
|
97
|
+
return [];
|
|
98
|
+
}
|
|
99
|
+
/**
|
|
100
|
+
* Update the expression when dependencies are renamed.
|
|
101
|
+
*
|
|
102
|
+
* Currently returns value unchanged as we don't yet
|
|
103
|
+
* support field renames in expressions.
|
|
104
|
+
*/
|
|
105
|
+
updateForRename(value) {
|
|
106
|
+
// TODO: Implement rename support using AST position info
|
|
107
|
+
return value;
|
|
108
|
+
}
|
|
109
|
+
/**
|
|
110
|
+
* Extract model context from the project definition container using resolved slots.
|
|
111
|
+
*/
|
|
112
|
+
getModelContext(container, resolvedSlots) {
|
|
113
|
+
const modelPath = resolvedSlots.model;
|
|
114
|
+
if (modelPath.length === 0) {
|
|
115
|
+
return undefined;
|
|
116
|
+
}
|
|
117
|
+
// Navigate to the model in the project definition
|
|
118
|
+
// The path is like ['models', 0] for models[0]
|
|
119
|
+
let current = container.definition;
|
|
120
|
+
for (const segment of modelPath) {
|
|
121
|
+
if (current === null || current === undefined) {
|
|
122
|
+
return undefined;
|
|
123
|
+
}
|
|
124
|
+
current = current[segment];
|
|
125
|
+
}
|
|
126
|
+
const model = current;
|
|
127
|
+
if (!model || typeof model.name !== 'string') {
|
|
128
|
+
return undefined;
|
|
129
|
+
}
|
|
130
|
+
// Model fields are nested under model.model.fields in the definition
|
|
131
|
+
const scalarFieldNames = new Set();
|
|
132
|
+
for (const field of model.model?.fields ?? []) {
|
|
133
|
+
if (typeof field.name === 'string') {
|
|
134
|
+
scalarFieldNames.add(field.name);
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
return {
|
|
138
|
+
modelName: model.name,
|
|
139
|
+
scalarFieldNames,
|
|
140
|
+
};
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
/**
|
|
144
|
+
* Singleton instance of AuthorizerExpressionParser.
|
|
145
|
+
*/
|
|
146
|
+
export const authorizerExpressionParser = new AuthorizerExpressionParser();
|
|
147
|
+
//# sourceMappingURL=authorizer-expression-parser.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authorizer-expression-parser.js","sourceRoot":"","sources":["../../../../src/schema/models/authorizer/authorizer-expression-parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AASxB,OAAO,EAAE,mBAAmB,EAAE,MAAM,qCAAqC,CAAC;AAK1E,OAAO,EAAE,yBAAyB,EAAE,MAAM,yCAAyC,CAAC;AACpF,OAAO,EAAE,8BAA8B,EAAE,MAAM,gCAAgC,CAAC;AAChF,OAAO,EAAE,4BAA4B,EAAE,MAAM,sCAAsC,CAAC;AAEpF;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,OAAO,0BAA2B,SAAQ,mBAI/C;IACU,IAAI,GAAG,uBAAuB,CAAC;IAExC;;;OAGG;IACM,MAAM,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,wBAAwB,CAAC,CAAC;IAE9D;;;;;;OAMG;IACH,KAAK,CAAC,KAAa;QACjB,IAAI,CAAC;YACH,OAAO,yBAAyB,CAAC,KAAK,CAAC,CAAC;QAC1C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,8BAA8B,EAAE,CAAC;gBACpD,sEAAsE;gBACtE,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;;;;OAQG;IACH,WAAW,CACT,KAAa,EACb,WAAiD,EACjD,UAAmB,EACnB,aAAyE;QAEzE,MAAM,QAAQ,GAA2B,EAAE,CAAC;QAE5C,mDAAmD;QACnD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,yBAAyB,CAAC,KAAK,CAAC,CAAC;YACnC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,KAAK,YAAY,8BAA8B,EAAE,CAAC;oBACpD,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,KAAK,CAAC,OAAO;qBACvB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,yEAAyE;QACzE,MAAM,SAAS,GAAG,UAAwC,CAAC;QAE3D,wCAAwC;QACxC,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QACpE,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,uCAAuC;YACvC,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,8EAA8E;QAC9E,MAAM,kBAAkB,GAAG,4BAA4B,CACrD,WAAW,CAAC,GAAG,EACf,YAAY,EACZ,SAAS,CACV,CAAC;QAEF,QAAQ,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,CAAC;QAErC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;;;;;OAMG;IACH,eAAe;QACb,sDAAsD;QACtD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;;;;OAKG;IACH,eAAe,CAAC,KAAa;QAC3B,yDAAyD;QACzD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,eAAe,CACrB,SAAqC,EACrC,aAAyE;QAEzE,MAAM,SAAS,GAAG,aAAa,CAAC,KAAK,CAAC;QACtC,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,kDAAkD;QAClD,+CAA+C;QAC/C,IAAI,OAAO,GAAY,SAAS,CAAC,UAAU,CAAC;QAC5C,KAAK,MAAM,OAAO,IAAI,SAAS,EAAE,CAAC;YAChC,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;gBAC9C,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,OAAO,GAAI,OAA4C,CAAC,OAAO,CAAC,CAAC;QACnE,CAAC;QAED,MAAM,KAAK,GAAG,OAGN,CAAC;QAET,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7C,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,qEAAqE;QACrE,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;QAC3C,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,KAAK,EAAE,MAAM,IAAI,EAAE,EAAE,CAAC;YAC9C,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACnC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;QAED,OAAO;YACL,SAAS,EAAE,KAAK,CAAC,IAAI;YACrB,gBAAgB;SACjB,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG,IAAI,0BAA0B,EAAE,CAAC"}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Validator for authorizer expressions.
|
|
3
|
+
*
|
|
4
|
+
* Validates that:
|
|
5
|
+
* - Model field references exist on the parent model
|
|
6
|
+
* - Auth field references are valid AuthContext properties
|
|
7
|
+
* - Role names exist in project config (warning only)
|
|
8
|
+
*/
|
|
9
|
+
import type { ProjectDefinitionContainer } from '#src/definition/project-definition-container.js';
|
|
10
|
+
import type { RefExpressionWarning } from '#src/references/expression-types.js';
|
|
11
|
+
import type { AuthorizerExpressionNode } from './authorizer-expression-ast.js';
|
|
12
|
+
/**
|
|
13
|
+
* Model information needed for validation.
|
|
14
|
+
*/
|
|
15
|
+
export interface ModelValidationContext {
|
|
16
|
+
/** The model name (for error messages) */
|
|
17
|
+
modelName: string;
|
|
18
|
+
/** Set of valid scalar field names on the model */
|
|
19
|
+
scalarFieldNames: Set<string>;
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* Validate an authorizer expression AST against model and project context.
|
|
23
|
+
*
|
|
24
|
+
* @param ast - The parsed expression AST
|
|
25
|
+
* @param modelContext - Information about the parent model
|
|
26
|
+
* @param container - The project definition container for accessing roles
|
|
27
|
+
* @returns Array of warnings (errors are thrown, warnings are returned)
|
|
28
|
+
*
|
|
29
|
+
* @example
|
|
30
|
+
* ```typescript
|
|
31
|
+
* const warnings = validateAuthorizerExpression(
|
|
32
|
+
* ast,
|
|
33
|
+
* { modelName: 'User', scalarFieldNames: new Set(['id', 'email']) },
|
|
34
|
+
* container,
|
|
35
|
+
* );
|
|
36
|
+
* ```
|
|
37
|
+
*/
|
|
38
|
+
export declare function validateAuthorizerExpression(ast: AuthorizerExpressionNode, modelContext: ModelValidationContext, container: ProjectDefinitionContainer): RefExpressionWarning[];
|
|
39
|
+
/**
|
|
40
|
+
* Extract model validation context from a model configuration.
|
|
41
|
+
*
|
|
42
|
+
* @param modelConfig - The parsed model configuration
|
|
43
|
+
* @returns Model validation context for the validator
|
|
44
|
+
*/
|
|
45
|
+
export declare function createModelValidationContext(modelConfig: {
|
|
46
|
+
name: string;
|
|
47
|
+
fields?: {
|
|
48
|
+
name: string;
|
|
49
|
+
}[];
|
|
50
|
+
}): ModelValidationContext;
|
|
51
|
+
//# sourceMappingURL=authorizer-expression-validator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authorizer-expression-validator.d.ts","sourceRoot":"","sources":["../../../../src/schema/models/authorizer/authorizer-expression-validator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,iDAAiD,CAAC;AAClG,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAC;AAIhF,OAAO,KAAK,EACV,wBAAwB,EAEzB,MAAM,gCAAgC,CAAC;AAExC;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,0CAA0C;IAC1C,SAAS,EAAE,MAAM,CAAC;IAClB,mDAAmD;IACnD,gBAAgB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;CAC/B;AAoBD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,4BAA4B,CAC1C,GAAG,EAAE,wBAAwB,EAC7B,YAAY,EAAE,sBAAsB,EACpC,SAAS,EAAE,0BAA0B,GACpC,oBAAoB,EAAE,CAwExB;AAED;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAAC,WAAW,EAAE;IACxD,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CAC7B,GAAG,sBAAsB,CAWzB"}
|
|
@@ -0,0 +1,125 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Validator for authorizer expressions.
|
|
3
|
+
*
|
|
4
|
+
* Validates that:
|
|
5
|
+
* - Model field references exist on the parent model
|
|
6
|
+
* - Auth field references are valid AuthContext properties
|
|
7
|
+
* - Role names exist in project config (warning only)
|
|
8
|
+
*/
|
|
9
|
+
import { authConfigSpec } from '#src/plugins/spec/auth-config-spec.js';
|
|
10
|
+
/**
|
|
11
|
+
* Valid auth context field names that can be accessed.
|
|
12
|
+
*/
|
|
13
|
+
const VALID_AUTH_FIELDS = new Set(['userId']);
|
|
14
|
+
/**
|
|
15
|
+
* Get role names from the project definition container using the auth config spec.
|
|
16
|
+
*
|
|
17
|
+
* @param container - The project definition container
|
|
18
|
+
* @returns Set of defined role names
|
|
19
|
+
*/
|
|
20
|
+
function getRoleNames(container) {
|
|
21
|
+
const authConfig = container.pluginStore.use(authConfigSpec);
|
|
22
|
+
const roles = authConfig.getAuthConfig(container.definition)?.roles;
|
|
23
|
+
return new Set(roles?.map((role) => role.name));
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* Validate an authorizer expression AST against model and project context.
|
|
27
|
+
*
|
|
28
|
+
* @param ast - The parsed expression AST
|
|
29
|
+
* @param modelContext - Information about the parent model
|
|
30
|
+
* @param container - The project definition container for accessing roles
|
|
31
|
+
* @returns Array of warnings (errors are thrown, warnings are returned)
|
|
32
|
+
*
|
|
33
|
+
* @example
|
|
34
|
+
* ```typescript
|
|
35
|
+
* const warnings = validateAuthorizerExpression(
|
|
36
|
+
* ast,
|
|
37
|
+
* { modelName: 'User', scalarFieldNames: new Set(['id', 'email']) },
|
|
38
|
+
* container,
|
|
39
|
+
* );
|
|
40
|
+
* ```
|
|
41
|
+
*/
|
|
42
|
+
export function validateAuthorizerExpression(ast, modelContext, container) {
|
|
43
|
+
const warnings = [];
|
|
44
|
+
const roleNames = getRoleNames(container);
|
|
45
|
+
function walk(node) {
|
|
46
|
+
switch (node.type) {
|
|
47
|
+
case 'fieldComparison': {
|
|
48
|
+
validateFieldRef(node.left);
|
|
49
|
+
validateFieldRef(node.right);
|
|
50
|
+
break;
|
|
51
|
+
}
|
|
52
|
+
case 'hasRole': {
|
|
53
|
+
// Warn if role doesn't exist (but allow - plugins may define roles)
|
|
54
|
+
if (!roleNames.has(node.role)) {
|
|
55
|
+
warnings.push({
|
|
56
|
+
message: `Role '${node.role}' is not defined in the project configuration. Available roles: ${[...roleNames].join(', ')}.`,
|
|
57
|
+
start: node.roleStart,
|
|
58
|
+
end: node.roleEnd,
|
|
59
|
+
});
|
|
60
|
+
}
|
|
61
|
+
break;
|
|
62
|
+
}
|
|
63
|
+
case 'hasSomeRole': {
|
|
64
|
+
// Warn if any role doesn't exist (but allow - plugins may define roles)
|
|
65
|
+
for (let i = 0; i < node.roles.length; i++) {
|
|
66
|
+
const role = node.roles[i];
|
|
67
|
+
if (!roleNames.has(role)) {
|
|
68
|
+
const start = node.rolesStart[i];
|
|
69
|
+
const end = node.rolesEnd[i];
|
|
70
|
+
warnings.push({
|
|
71
|
+
message: `Role '${role}' is not defined in the project configuration. Available roles: ${[...roleNames].join(', ')}.`,
|
|
72
|
+
start,
|
|
73
|
+
end,
|
|
74
|
+
});
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
break;
|
|
78
|
+
}
|
|
79
|
+
case 'binaryLogical': {
|
|
80
|
+
walk(node.left);
|
|
81
|
+
walk(node.right);
|
|
82
|
+
break;
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
function validateFieldRef(node) {
|
|
87
|
+
if (node.source === 'model') {
|
|
88
|
+
// Check if field exists on model
|
|
89
|
+
if (!modelContext.scalarFieldNames.has(node.field)) {
|
|
90
|
+
warnings.push({
|
|
91
|
+
message: `Field '${node.field}' does not exist on model '${modelContext.modelName}'.`,
|
|
92
|
+
start: node.start,
|
|
93
|
+
end: node.end,
|
|
94
|
+
});
|
|
95
|
+
}
|
|
96
|
+
}
|
|
97
|
+
else if (!VALID_AUTH_FIELDS.has(node.field)) {
|
|
98
|
+
// node.source === 'auth' is implied since source is 'model' | 'auth'
|
|
99
|
+
warnings.push({
|
|
100
|
+
message: `Invalid auth property '${node.field}'. Valid properties are: ${[...VALID_AUTH_FIELDS].join(', ')}.`,
|
|
101
|
+
start: node.start,
|
|
102
|
+
end: node.end,
|
|
103
|
+
});
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
walk(ast);
|
|
107
|
+
return warnings;
|
|
108
|
+
}
|
|
109
|
+
/**
|
|
110
|
+
* Extract model validation context from a model configuration.
|
|
111
|
+
*
|
|
112
|
+
* @param modelConfig - The parsed model configuration
|
|
113
|
+
* @returns Model validation context for the validator
|
|
114
|
+
*/
|
|
115
|
+
export function createModelValidationContext(modelConfig) {
|
|
116
|
+
const scalarFieldNames = new Set();
|
|
117
|
+
for (const field of modelConfig.fields ?? []) {
|
|
118
|
+
scalarFieldNames.add(field.name);
|
|
119
|
+
}
|
|
120
|
+
return {
|
|
121
|
+
modelName: modelConfig.name,
|
|
122
|
+
scalarFieldNames,
|
|
123
|
+
};
|
|
124
|
+
}
|
|
125
|
+
//# sourceMappingURL=authorizer-expression-validator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authorizer-expression-validator.js","sourceRoot":"","sources":["../../../../src/schema/models/authorizer/authorizer-expression-validator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,OAAO,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAC;AAiBvE;;GAEG;AACH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;AAE9C;;;;;GAKG;AACH,SAAS,YAAY,CAAC,SAAqC;IACzD,MAAM,UAAU,GAAG,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAE7D,MAAM,KAAK,GAAG,UAAU,CAAC,aAAa,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,KAAK,CAAC;IACpE,OAAO,IAAI,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAClD,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,4BAA4B,CAC1C,GAA6B,EAC7B,YAAoC,EACpC,SAAqC;IAErC,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAC5C,MAAM,SAAS,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;IAE1C,SAAS,IAAI,CAAC,IAA8B;QAC1C,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;YAClB,KAAK,iBAAiB,CAAC,CAAC,CAAC;gBACvB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC5B,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC7B,MAAM;YACR,CAAC;YAED,KAAK,SAAS,CAAC,CAAC,CAAC;gBACf,oEAAoE;gBACpE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC9B,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,SAAS,IAAI,CAAC,IAAI,mEAAmE,CAAC,GAAG,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;wBAC1H,KAAK,EAAE,IAAI,CAAC,SAAS;wBACrB,GAAG,EAAE,IAAI,CAAC,OAAO;qBAClB,CAAC,CAAC;gBACL,CAAC;gBACD,MAAM;YACR,CAAC;YAED,KAAK,aAAa,CAAC,CAAC,CAAC;gBACnB,wEAAwE;gBACxE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;oBAC3B,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;wBACzB,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;wBACjC,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;wBAC7B,QAAQ,CAAC,IAAI,CAAC;4BACZ,OAAO,EAAE,SAAS,IAAI,mEAAmE,CAAC,GAAG,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;4BACrH,KAAK;4BACL,GAAG;yBACJ,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;gBACD,MAAM;YACR,CAAC;YAED,KAAK,eAAe,CAAC,CAAC,CAAC;gBACrB,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAChB,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACjB,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,SAAS,gBAAgB,CAAC,IAAkB;QAC1C,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YAC5B,iCAAiC;YACjC,IAAI,CAAC,YAAY,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACnD,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,UAAU,IAAI,CAAC,KAAK,8BAA8B,YAAY,CAAC,SAAS,IAAI;oBACrF,KAAK,EAAE,IAAI,CAAC,KAAK;oBACjB,GAAG,EAAE,IAAI,CAAC,GAAG;iBACd,CAAC,CAAC;YACL,CAAC;QACH,CAAC;aAAM,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9C,qEAAqE;YACrE,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,0BAA0B,IAAI,CAAC,KAAK,4BAA4B,CAAC,GAAG,iBAAiB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;gBAC7G,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,GAAG,EAAE,IAAI,CAAC,GAAG;aACd,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,CAAC,GAAG,CAAC,CAAC;IAEV,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,4BAA4B,CAAC,WAG5C;IACC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAE3C,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;QAC7C,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IAED,OAAO;QACL,SAAS,EAAE,WAAW,CAAC,IAAI;QAC3B,gBAAgB;KACjB,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
import type { def } from '#src/schema/creator/index.js';
|
|
3
|
+
/**
|
|
4
|
+
* Schema for a single authorizer role.
|
|
5
|
+
*
|
|
6
|
+
* A role defines a named authorization check that can be referenced
|
|
7
|
+
* by operations (GraphQL queries/mutations, service methods).
|
|
8
|
+
*/
|
|
9
|
+
export declare const createAuthorizerRoleSchema: import("#src/schema/creator/index.js").DefinitionSchemaCreatorWithSlots<z.ZodType<{
|
|
10
|
+
id: string;
|
|
11
|
+
name: string;
|
|
12
|
+
expression: string;
|
|
13
|
+
}, {
|
|
14
|
+
id: string;
|
|
15
|
+
name: string;
|
|
16
|
+
expression: string;
|
|
17
|
+
}, z.core.$ZodTypeInternals<{
|
|
18
|
+
id: string;
|
|
19
|
+
name: string;
|
|
20
|
+
expression: string;
|
|
21
|
+
}, {
|
|
22
|
+
id: string;
|
|
23
|
+
name: string;
|
|
24
|
+
expression: string;
|
|
25
|
+
}>>, {
|
|
26
|
+
modelSlot: import("../../../index.js").DefinitionEntityType<false>;
|
|
27
|
+
}>;
|
|
28
|
+
export type AuthorizerRoleConfig = def.InferOutput<typeof createAuthorizerRoleSchema>;
|
|
29
|
+
export type AuthorizerRoleConfigInput = def.InferInput<typeof createAuthorizerRoleSchema>;
|
|
30
|
+
/**
|
|
31
|
+
* Schema for model authorizer configuration.
|
|
32
|
+
*
|
|
33
|
+
* The authorizer defines instance-level authorization checks
|
|
34
|
+
* that operations can reference.
|
|
35
|
+
*/
|
|
36
|
+
export declare const createModelAuthorizerSchema: import("#src/schema/creator/index.js").DefinitionSchemaCreatorWithSlots<z.ZodObject<{
|
|
37
|
+
roles: z.ZodDefault<z.ZodArray<z.ZodType<{
|
|
38
|
+
id: string;
|
|
39
|
+
name: string;
|
|
40
|
+
expression: string;
|
|
41
|
+
}, {
|
|
42
|
+
id: string;
|
|
43
|
+
name: string;
|
|
44
|
+
expression: string;
|
|
45
|
+
}, z.core.$ZodTypeInternals<{
|
|
46
|
+
id: string;
|
|
47
|
+
name: string;
|
|
48
|
+
expression: string;
|
|
49
|
+
}, {
|
|
50
|
+
id: string;
|
|
51
|
+
name: string;
|
|
52
|
+
expression: string;
|
|
53
|
+
}>>>>;
|
|
54
|
+
}, z.core.$strip>, {
|
|
55
|
+
modelSlot: import("../../../index.js").DefinitionEntityType<false>;
|
|
56
|
+
}>;
|
|
57
|
+
export type ModelAuthorizerConfig = def.InferOutput<typeof createModelAuthorizerSchema>;
|
|
58
|
+
export type ModelAuthorizerConfigInput = def.InferInput<typeof createModelAuthorizerSchema>;
|
|
59
|
+
//# sourceMappingURL=authorizer.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authorizer.d.ts","sourceRoot":"","sources":["../../../../src/schema/models/authorizer/authorizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,8BAA8B,CAAC;AASxD;;;;;GAKG;AACH,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;EAkCtC,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG,GAAG,CAAC,WAAW,CAChD,OAAO,0BAA0B,CAClC,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG,GAAG,CAAC,UAAU,CACpD,OAAO,0BAA0B,CAClC,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;;EAYvC,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG,GAAG,CAAC,WAAW,CACjD,OAAO,2BAA2B,CACnC,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG,GAAG,CAAC,UAAU,CACrD,OAAO,2BAA2B,CACnC,CAAC"}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
import { definitionSchemaWithSlots } from '#src/schema/creator/schema-creator.js';
|
|
3
|
+
import { VALIDATORS } from '#src/schema/utils/validation.js';
|
|
4
|
+
import { modelEntityType } from '../types.js';
|
|
5
|
+
import { authorizerExpressionParser } from './authorizer-expression-parser.js';
|
|
6
|
+
import { modelAuthorizerRoleEntityType } from './types.js';
|
|
7
|
+
/**
|
|
8
|
+
* Schema for a single authorizer role.
|
|
9
|
+
*
|
|
10
|
+
* A role defines a named authorization check that can be referenced
|
|
11
|
+
* by operations (GraphQL queries/mutations, service methods).
|
|
12
|
+
*/
|
|
13
|
+
export const createAuthorizerRoleSchema = definitionSchemaWithSlots({ modelSlot: modelEntityType }, (ctx, { modelSlot }) => ctx.withEnt(z.object({
|
|
14
|
+
/** Unique identifier for this role */
|
|
15
|
+
id: z.string(),
|
|
16
|
+
/**
|
|
17
|
+
* Name of the role (camelCase).
|
|
18
|
+
* Used as the key in the generated roles object.
|
|
19
|
+
* @example 'owner', 'viewer', 'organizationMember'
|
|
20
|
+
*/
|
|
21
|
+
name: VALIDATORS.CAMEL_CASE_STRING,
|
|
22
|
+
/**
|
|
23
|
+
* TypeScript expression that evaluates to a boolean.
|
|
24
|
+
*
|
|
25
|
+
* Available context variables:
|
|
26
|
+
* - `model` - The model instance being authorized
|
|
27
|
+
* - `userId` - The authenticated user's ID (implicit auth context)
|
|
28
|
+
* - `hasRole()` / `hasSomeRole()` - Role checking functions
|
|
29
|
+
*
|
|
30
|
+
* @example 'model.id === userId'
|
|
31
|
+
* @example 'hasRole("admin")'
|
|
32
|
+
* @example 'model.authorId === userId || hasRole("admin")'
|
|
33
|
+
*/
|
|
34
|
+
expression: ctx.withExpression(authorizerExpressionParser, {
|
|
35
|
+
model: modelSlot,
|
|
36
|
+
}),
|
|
37
|
+
}), {
|
|
38
|
+
type: modelAuthorizerRoleEntityType,
|
|
39
|
+
parentSlot: modelSlot,
|
|
40
|
+
}));
|
|
41
|
+
/**
|
|
42
|
+
* Schema for model authorizer configuration.
|
|
43
|
+
*
|
|
44
|
+
* The authorizer defines instance-level authorization checks
|
|
45
|
+
* that operations can reference.
|
|
46
|
+
*/
|
|
47
|
+
export const createModelAuthorizerSchema = definitionSchemaWithSlots({ modelSlot: modelEntityType }, (ctx, { modelSlot }) => z.object({
|
|
48
|
+
/**
|
|
49
|
+
* Array of role definitions for this model.
|
|
50
|
+
* Each role is a named authorization check.
|
|
51
|
+
*/
|
|
52
|
+
roles: z
|
|
53
|
+
.array(createAuthorizerRoleSchema(ctx, { modelSlot }))
|
|
54
|
+
.default([]),
|
|
55
|
+
}));
|
|
56
|
+
//# sourceMappingURL=authorizer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"authorizer.js","sourceRoot":"","sources":["../../../../src/schema/models/authorizer/authorizer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,OAAO,EAAE,yBAAyB,EAAE,MAAM,uCAAuC,CAAC;AAClF,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAE7D,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,0BAA0B,EAAE,MAAM,mCAAmC,CAAC;AAC/E,OAAO,EAAE,6BAA6B,EAAE,MAAM,YAAY,CAAC;AAE3D;;;;;GAKG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAG,yBAAyB,CACjE,EAAE,SAAS,EAAE,eAAe,EAAE,EAC9B,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CACrB,GAAG,CAAC,OAAO,CACT,CAAC,CAAC,MAAM,CAAC;IACP,sCAAsC;IACtC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd;;;;OAIG;IACH,IAAI,EAAE,UAAU,CAAC,iBAAiB;IAClC;;;;;;;;;;;OAWG;IACH,UAAU,EAAE,GAAG,CAAC,cAAc,CAAC,0BAA0B,EAAE;QACzD,KAAK,EAAE,SAAS;KACjB,CAAC;CACH,CAAC,EACF;IACE,IAAI,EAAE,6BAA6B;IACnC,UAAU,EAAE,SAAS;CACtB,CACF,CACJ,CAAC;AAUF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG,yBAAyB,CAClE,EAAE,SAAS,EAAE,eAAe,EAAE,EAC9B,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CACrB,CAAC,CAAC,MAAM,CAAC;IACP;;;OAGG;IACH,KAAK,EAAE,CAAC;SACL,KAAK,CAAC,0BAA0B,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;SACrD,OAAO,CAAC,EAAE,CAAC;CACf,CAAC,CACL,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
export * from './authorizer-expression-acorn-parser.js';
|
|
2
|
+
export * from './authorizer-expression-ast.js';
|
|
3
|
+
export * from './authorizer-expression-parser.js';
|
|
4
|
+
export * from './authorizer-expression-validator.js';
|
|
5
|
+
export * from './authorizer.js';
|
|
6
|
+
export * from './types.js';
|
|
7
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/schema/models/authorizer/index.ts"],"names":[],"mappings":"AAAA,cAAc,yCAAyC,CAAC;AACxD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,mCAAmC,CAAC;AAClD,cAAc,sCAAsC,CAAC;AACrD,cAAc,iBAAiB,CAAC;AAChC,cAAc,YAAY,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
export * from './authorizer-expression-acorn-parser.js';
|
|
2
|
+
export * from './authorizer-expression-ast.js';
|
|
3
|
+
export * from './authorizer-expression-parser.js';
|
|
4
|
+
export * from './authorizer-expression-validator.js';
|
|
5
|
+
export * from './authorizer.js';
|
|
6
|
+
export * from './types.js';
|
|
7
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/schema/models/authorizer/index.ts"],"names":[],"mappings":"AAAA,cAAc,yCAAyC,CAAC;AACxD,cAAc,gCAAgC,CAAC;AAC/C,cAAc,mCAAmC,CAAC;AAClD,cAAc,sCAAsC,CAAC;AACrD,cAAc,iBAAiB,CAAC;AAChC,cAAc,YAAY,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/schema/models/authorizer/types.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH,eAAO,MAAM,6BAA6B,+DAGzC,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { createEntityType } from '#src/references/index.js';
|
|
2
|
+
import { modelEntityType } from '../types.js';
|
|
3
|
+
/**
|
|
4
|
+
* Entity type for model authorizer roles.
|
|
5
|
+
* Each role is a child of the model it belongs to.
|
|
6
|
+
*/
|
|
7
|
+
export const modelAuthorizerRoleEntityType = createEntityType('model-authorizer-role', { parentType: modelEntityType });
|
|
8
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/schema/models/authorizer/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAE5D,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C;;;GAGG;AACH,MAAM,CAAC,MAAM,6BAA6B,GAAG,gBAAgB,CAC3D,uBAAuB,EACvB,EAAE,UAAU,EAAE,eAAe,EAAE,CAChC,CAAC"}
|