@carbonorm/carbonnode 6.0.18 → 6.0.20

package/src/executors/SqlExecutor.ts

@@ -27,6 +27,43 @@ import { getLogContext, LogLevel, logWithLevel } from "../utils/logLevel";
 
 const SQL_ALLOWLIST_BLOCKED_CODE = "SQL_ALLOWLIST_BLOCKED";
 
+const fillRandomBytes = (bytes: Uint8Array): void => {
+    const cryptoRef = (globalThis as { crypto?: Crypto }).crypto;
+    if (!cryptoRef || typeof cryptoRef.getRandomValues !== "function") {
+        throw new Error("Secure random source unavailable: crypto.getRandomValues is required for UUID generation.");
+    }
+    cryptoRef.getRandomValues(bytes);
+};
+
+const generateUuidV7 = (): string => {
+    const bytes = new Uint8Array(16);
+    const random = new Uint8Array(10);
+    fillRandomBytes(random);
+
+    const timestampMs = Date.now();
+    bytes[0] = Math.floor(timestampMs / 1099511627776) & 0xff; // 2^40
+    bytes[1] = Math.floor(timestampMs / 4294967296) & 0xff; // 2^32
+    bytes[2] = Math.floor(timestampMs / 16777216) & 0xff; // 2^24
+    bytes[3] = Math.floor(timestampMs / 65536) & 0xff; // 2^16
+    bytes[4] = Math.floor(timestampMs / 256) & 0xff; // 2^8
+    bytes[5] = timestampMs & 0xff;
+
+    // RFC 9562 UUIDv7 layout
+    bytes[6] = 0x70 | (random[0] & 0x0f); // version 7 + rand_a high bits
+    bytes[7] = random[1]; // rand_a low bits
+    bytes[8] = 0x80 | (random[2] & 0x3f); // variant + rand_b high bits
+    bytes[9] = random[3];
+    bytes[10] = random[4];
+    bytes[11] = random[5];
+    bytes[12] = random[6];
+    bytes[13] = random[7];
+    bytes[14] = random[8];
+    bytes[15] = random[9];
+
+    const hex = Array.from(bytes, (byte) => byte.toString(16).padStart(2, "0")).join("");
+    return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20)}`;
+};
+
 export type SqlAllowListBlockedError = Error & {
     code: typeof SQL_ALLOWLIST_BLOCKED_CODE;
     tableName?: string;
@@ -72,6 +109,157 @@ const createSqlAllowListBlockedError = (args: {
 export class SqlExecutor<
     G extends OrmGenerics
 > extends Executor<G> {
+    private getPostRequestRows(): Record<string, any>[] {
+        const request = this.request as any;
+        if (!request) return [];
+
+        if (Array.isArray(request)) {
+            return request as Record<string, any>[];
+        }
+
+        if (
+            Array.isArray(request.dataInsertMultipleRows)
+            && request.dataInsertMultipleRows.length > 0
+        ) {
+            return request.dataInsertMultipleRows as Record<string, any>[];
+        }
+
+        const verb = C6C.REPLACE in request ? C6C.REPLACE : C6C.INSERT;
+        if (verb in request && request[verb] && typeof request[verb] === "object") {
+            return [request[verb] as Record<string, any>];
+        }
+
+        if (typeof request === "object") {
+            return [request as Record<string, any>];
+        }
+
+        return [];
+    }
+
+    private getTypeValidationForColumn(shortKey: string, fullKey: string): Record<string, any> | undefined {
+        const validation = (this.config.restModel as any)?.TYPE_VALIDATION;
+        if (!validation || typeof validation !== "object") return undefined;
+        return validation[shortKey] ?? validation[fullKey];
+    }
+
+    private isUuidLikePrimaryColumn(columnDef: Record<string, any> | undefined): boolean {
+        if (!columnDef || typeof columnDef !== "object") return false;
+        if (columnDef.AUTO_INCREMENT === true) return false;
+
+        const mysqlType = String(columnDef.MYSQL_TYPE ?? "").toLowerCase();
+        const maxLength = String(columnDef.MAX_LENGTH ?? "").trim();
+
+        if (mysqlType.includes("uuid")) return true;
+
+        const isBinary16 = mysqlType.includes("binary")
+            && (maxLength === "16" || /\b16\b/.test(mysqlType) || mysqlType === "binary");
+        const isUuidString = (mysqlType.includes("char") || mysqlType.includes("varchar"))
+            && (maxLength === "32" || maxLength === "36");
+
+        return isBinary16 || isUuidString;
+    }
+
+    private hasDefinedValue(value: unknown): boolean {
+        if (value === undefined || value === null) return false;
+        if (typeof value === "string" && value.trim() === "") return false;
+        return true;
+    }
+
+    private generatePrimaryUuidValue(columnDef: Record<string, any>): string {
+        const mysqlType = String(columnDef.MYSQL_TYPE ?? "").toLowerCase();
+        const maxLength = String(columnDef.MAX_LENGTH ?? "").trim();
+        const uuid = generateUuidV7();
+
+        // BINARY(16) and CHAR/VARCHAR(32) commonly persist UUIDs as 32-hex.
+        if (mysqlType.includes("binary") || maxLength === "32") {
+            return uuid.replace(/-/g, "").toUpperCase();
+        }
+
+        return uuid;
+    }
+
+    private assignMissingPostPrimaryUuids(): void {
+        if (this.config.requestMethod !== C6C.POST) return;
+
+        const rows = this.getPostRequestRows();
+        if (rows.length === 0) return;
+
+        const columns = this.config.restModel.COLUMNS as Record<string, string>;
+        const tableName = this.config.restModel.TABLE_NAME as string;
+        const primaryShorts = this.config.restModel.PRIMARY_SHORT ?? [];
+
+        const primaryColumns = primaryShorts
+            .map((shortKey) => {
+                const fullKey = Object.keys(columns).find((key) => columns[key] === shortKey)
+                    ?? `${tableName}.${shortKey}`;
+                const columnDef = this.getTypeValidationForColumn(shortKey, fullKey);
+                return { shortKey, fullKey, columnDef };
+            })
+            .filter(({ columnDef }) => this.isUuidLikePrimaryColumn(columnDef));
+
+        if (primaryColumns.length === 0) return;
+
+        for (const row of rows) {
+            if (!row || typeof row !== "object") continue;
+
+            const useQualifiedKeyByDefault = Object.keys(row).some((key) => key.includes("."));
+
+            for (const primaryColumn of primaryColumns) {
+                const existing = row[primaryColumn.shortKey] ?? row[primaryColumn.fullKey];
+                if (this.hasDefinedValue(existing)) continue;
+
+                const generated = this.generatePrimaryUuidValue(primaryColumn.columnDef!);
+                if (Object.prototype.hasOwnProperty.call(row, primaryColumn.shortKey)) {
+                    row[primaryColumn.shortKey] = generated;
+                    continue;
+                }
+                if (Object.prototype.hasOwnProperty.call(row, primaryColumn.fullKey)) {
+                    row[primaryColumn.fullKey] = generated;
+                    continue;
+                }
+
+                row[useQualifiedKeyByDefault ? primaryColumn.fullKey : primaryColumn.shortKey] = generated;
+            }
+        }
+    }
+
+    private buildPostResponseRows(insertId?: number | string): Record<string, unknown>[] {
+        const rows = this.getPostRequestRows();
+        if (rows.length === 0) return [];
+
+        const columns = this.config.restModel.COLUMNS as Record<string, string>;
+        const validColumns = new Set(Object.values(columns));
+        const pkShorts = this.config.restModel.PRIMARY_SHORT ?? [];
+        const now = new Date().toISOString();
+
+        return rows.map((row, index) => {
+            const normalized = this.normalizeRequestPayload(row ?? {});
+
+            if (validColumns.has("changed_at") && normalized.changed_at === undefined) {
+                normalized.changed_at = now;
+            }
+            if (validColumns.has("created_at") && normalized.created_at === undefined) {
+                normalized.created_at = now;
+            }
+            if (validColumns.has("updated_at") && normalized.updated_at === undefined) {
+                normalized.updated_at = now;
+            }
+
+            // When DB generated PK is numeric/autoincrement, expose it for the single-row insert.
+            if (
+                index === 0
+                && insertId !== undefined
+                && insertId !== null
+                && pkShorts.length === 1
+                && !this.hasDefinedValue(normalized[pkShorts[0]])
+            ) {
+                normalized[pkShorts[0]] = insertId;
+            }
+
+            return normalized;
+        });
+    }
+
     private resolveSqlLogMethod(method: iRestMethods, sql: string): string {
         const token = sql.trim().split(/\s+/, 1)[0]?.toUpperCase();
         if (token) return token;
@@ -112,6 +300,8 @@ export class SqlExecutor<
             throw e;
         }
 
+        this.assignMissingPostPrimaryUuids();
+
         const logContext = getLogContext(this.config, this.request);
         logWithLevel(
             LogLevel.DEBUG,
@@ -549,6 +739,9 @@ export class SqlExecutor<
         const logContext = getLogContext(this.config, this.request);
         const cacheResults = method === C6C.GET
             && (this.request.cacheResults ?? true);
+        const cacheAllowListStatus: SqlAllowListStatus = this.config.sqlAllowListPath
+            ? "allowed"
+            : "not verified";
 
         const cacheRequestData = cacheResults
             ? JSON.parse(JSON.stringify(this.request ?? {}))
@@ -560,7 +753,13 @@ export class SqlExecutor<
 
         const evictFromCache =
             method === C6C.GET && cacheResults && cacheRequestData
-                ? () => evictCacheEntry(method, tableName, cacheRequestData)
+                ? () => evictCacheEntry(
+                    method,
+                    tableName,
+                    cacheRequestData,
+                    logContext,
+                    cacheAllowListStatus,
+                )
                 : undefined;
 
         if (cacheResults) {
@@ -568,7 +767,8 @@ export class SqlExecutor<
                 method,
                 tableName,
                 cacheRequestData,
-                logContext
+                logContext,
+                cacheAllowListStatus,
             );
             if (cachedRequest) {
                 const cachedData = (await cachedRequest).data;
@@ -611,12 +811,14 @@ export class SqlExecutor<
         setCache(method, tableName, cacheRequestData, {
             requestArgumentsSerialized,
             request: cacheRequest,
+            allowListStatus: cacheAllowListStatus,
         });
 
         const cacheResponse = await cacheRequest;
         setCache(method, tableName, cacheRequestData, {
             requestArgumentsSerialized,
             request: cacheRequest,
+            allowListStatus: cacheAllowListStatus,
             response: cacheResponse,
             final: true,
         });
@@ -695,7 +897,9 @@ export class SqlExecutor<
         return {
             affected: result.affectedRows as number,
             insertId: result.insertId as number,
-            rest: [],
+            rest: method === C6C.POST
+                ? this.buildPostResponseRows(result.insertId as number | string | undefined)
+                : [],
             sql: { sql: sqlExecution.sql, values: sqlExecution.values },
         } as DetermineResponseDataType<G['RequestMethod'], G['RestTableInterface']>;
     }

package/src/types/ormInterfaces.ts

@@ -116,6 +116,7 @@ export interface iCacheResponse<ResponseDataType = any> {
 export interface iCacheAPI<ResponseDataType = any> {
     requestArgumentsSerialized: string;
     request: Promise<iCacheResponse<ResponseDataType>>;
+    allowListStatus?: "allowed" | "denied" | "not verified";
     response?: iCacheResponse<ResponseDataType> & {
         __carbonTiming?: {
             start: number;

package/src/utils/cacheManager.ts

@@ -1,6 +1,6 @@
 import type {iCacheAPI, iCacheResponse} from "../types/ormInterfaces";
 import {LogContext, LogLevel, logWithLevel, shouldLog} from "./logLevel";
-import logSql from "./logSql";
+import logSql, { SqlAllowListStatus } from "./logSql";
 
 // -----------------------------------------------------------------------------
 // Cache Storage
@@ -61,13 +61,13 @@ export function checkCache<ResponseDataType = any>(
     method: string,
     tableName: string | string[],
     requestData: any,
-    logContext: LogContext,
+    logContext?: LogContext,
+    allowListStatus?: SqlAllowListStatus,
 ): Promise<iCacheResponse<ResponseDataType>> | false {
     const key = makeCacheKey(method, tableName, requestData);
     const cached = apiRequestCache.get(key);
 
     if (!cached) {
-        console.log('apiRequestCache.size', apiRequestCache.size)
         return false;
     }
 
@@ -75,7 +75,7 @@ export function checkCache<ResponseDataType = any>(
         const sql = cached.response?.data?.sql?.sql ?? "";
         const sqlMethod = sql.trim().split(/\s+/, 1)[0]?.toUpperCase() || method;
         logSql({
-            allowListStatus: "not verified",
+            allowListStatus: cached.allowListStatus ?? allowListStatus ?? "not verified",
             cacheStatus: "hit",
             context: logContext,
             method: sqlMethod,
@@ -103,7 +103,24 @@ export function evictCacheEntry(
     method: string,
     tableName: string | string[],
     requestData: any,
+    logContext?: LogContext,
+    allowListStatus?: SqlAllowListStatus,
 ): boolean {
     const key = makeCacheKey(method, tableName, requestData);
-    return apiRequestCache.delete(key);
+    const cached = apiRequestCache.get(key);
+    const deleted = apiRequestCache.delete(key);
+
+    if (deleted && shouldLog(LogLevel.INFO, logContext)) {
+        const sql = cached?.response?.data?.sql?.sql ?? "";
+        const sqlMethod = sql.trim().split(/\s+/, 1)[0]?.toUpperCase() || method;
+        logSql({
+            allowListStatus: cached?.allowListStatus ?? allowListStatus ?? "not verified",
+            cacheStatus: "evicted",
+            context: logContext,
+            method: sqlMethod,
+            sql,
+        });
+    }
+
+    return deleted;
 }

package/src/utils/logSql.ts

@@ -6,7 +6,7 @@ import type { LogContext } from "./logLevel";
 import { LogLevel, shouldLog } from "./logLevel";
 
 export type SqlAllowListStatus = "allowed" | "denied" | "not verified";
-export type SqlCacheStatus = "hit" | "miss" | "ignored";
+export type SqlCacheStatus = "hit" | "miss" | "ignored" | "evicted";
 
 export type LogSqlContextOptions = {
     cacheStatus: SqlCacheStatus;
@@ -66,6 +66,8 @@ const cacheLabel = (cacheStatus: SqlCacheStatus): string => {
     switch (cacheStatus) {
         case "hit":
             return `${C.METHOD_COLORS.SELECT}[CACHE HIT]${C.RESET}`;
+        case "evicted":
+            return `${C.WARN}[CACHE EVICTED]${C.RESET}`;
         case "ignored":
             return `${C.WARN}[CACHE IGNORED]${C.RESET}`;
         default: