@classytic/arc 1.1.0 → 2.1.2

package/dist/policies/index.js

@@ -1,196 +0,0 @@
-// src/policies/helpers.ts
-function createPolicyMiddleware(policy, operation) {
-  return async function policyMiddleware(request, reply) {
-    const context = {
-      document: request.document,
-      body: request.body,
-      params: request.params,
-      query: request.query
-    };
-    const result = await policy.can(request.user, operation, context);
-    if (!result.allowed) {
-      return reply.code(403).send({
-        success: false,
-        error: "Access denied",
-        message: result.reason || "You do not have permission to perform this action"
-      });
-    }
-    request.policyResult = result;
-    if (result.filters && Object.keys(result.filters).length > 0) {
-      request.query = request.query || {};
-      request.query._policyFilters = result.filters;
-    }
-    if (result.fieldMask) {
-      request.fieldMask = result.fieldMask;
-    }
-    if (result.metadata) {
-      request.policyMetadata = result.metadata;
-    }
-  };
-}
-function combinePolicies(...policies) {
-  if (policies.length === 0) {
-    throw new Error("combinePolicies requires at least one policy");
-  }
-  if (policies.length === 1) {
-    return policies[0];
-  }
-  return {
-    async can(user, operation, context) {
-      const results = [];
-      for (const policy of policies) {
-        const result = await policy.can(user, operation, context);
-        if (!result.allowed) {
-          return result;
-        }
-        results.push(result);
-      }
-      const mergedResult = {
-        allowed: true,
-        filters: {},
-        metadata: {}
-      };
-      for (const result of results) {
-        if (result.filters) {
-          Object.assign(mergedResult.filters, result.filters);
-        }
-      }
-      const allExcludes = /* @__PURE__ */ new Set();
-      const allIncludes = [];
-      for (const result of results) {
-        if (result.fieldMask?.exclude) {
-          result.fieldMask.exclude.forEach((field) => allExcludes.add(field));
-        }
-        if (result.fieldMask?.include) {
-          allIncludes.push(new Set(result.fieldMask.include));
-        }
-      }
-      if (allExcludes.size > 0 || allIncludes.length > 0) {
-        mergedResult.fieldMask = {};
-        if (allExcludes.size > 0) {
-          mergedResult.fieldMask.exclude = Array.from(allExcludes);
-        }
-        if (allIncludes.length > 0) {
-          const intersection = allIncludes.reduce((acc, set) => {
-            return new Set([...acc].filter((x) => set.has(x)));
-          });
-          if (intersection.size > 0) {
-            mergedResult.fieldMask.include = Array.from(intersection);
-          }
-        }
-      }
-      for (const result of results) {
-        if (result.metadata) {
-          Object.assign(mergedResult.metadata, result.metadata);
-        }
-      }
-      if (Object.keys(mergedResult.filters).length === 0) {
-        delete mergedResult.filters;
-      }
-      if (Object.keys(mergedResult.metadata).length === 0) {
-        delete mergedResult.metadata;
-      }
-      return mergedResult;
-    },
-    toMiddleware(operation) {
-      const middlewares = policies.map((p) => p.toMiddleware(operation));
-      return async (request, reply) => {
-        for (const middleware of middlewares) {
-          await middleware(request, reply);
-          if (reply.sent) {
-            return;
-          }
-        }
-      };
-    }
-  };
-}
-function anyPolicy(...policies) {
-  if (policies.length === 0) {
-    throw new Error("anyPolicy requires at least one policy");
-  }
-  if (policies.length === 1) {
-    return policies[0];
-  }
-  return {
-    async can(user, operation, context) {
-      let firstDenial = null;
-      for (const policy of policies) {
-        const result = await policy.can(user, operation, context);
-        if (result.allowed) {
-          return result;
-        }
-        if (!firstDenial) {
-          firstDenial = result;
-        }
-      }
-      return firstDenial;
-    },
-    toMiddleware(operation) {
-      return async (request, reply) => {
-        const results = [];
-        for (const policy of policies) {
-          const result = await policy.can(
-            request.user,
-            operation,
-            {
-              document: request.document,
-              body: request.body,
-              params: request.params,
-              query: request.query
-            }
-          );
-          if (result.allowed) {
-            request.policyResult = result;
-            if (result.filters) {
-              request.query = request.query || {};
-              request.query._policyFilters = result.filters;
-            }
-            if (result.fieldMask) {
-              request.fieldMask = result.fieldMask;
-            }
-            if (result.metadata) {
-              request.policyMetadata = result.metadata;
-            }
-            return;
-          }
-          results.push(result);
-        }
-        return reply.code(403).send({
-          success: false,
-          error: "Access denied",
-          message: results[0]?.reason || "You do not have permission to perform this action"
-        });
-      };
-    }
-  };
-}
-function allowAll() {
-  return {
-    can() {
-      return { allowed: true };
-    },
-    toMiddleware() {
-      return async () => {
-      };
-    }
-  };
-}
-function denyAll(reason = "Operation not allowed") {
-  return {
-    can() {
-      return { allowed: false, reason };
-    },
-    toMiddleware() {
-      return async (request, reply) => {
-        return reply.code(403).send({
-          success: false,
-          error: "Access denied",
-          message: reason
-        });
-      };
-    }
-  };
-}
-
-export { allowAll, anyPolicy, combinePolicies, createPolicyMiddleware, denyAll };

package/dist/presets/index.js

@@ -1,384 +0,0 @@
-// src/permissions/index.ts
-function allowPublic() {
-  const check = () => true;
-  check._isPublic = true;
-  return check;
-}
-function requireRoles(roles, options) {
-  const check = (ctx) => {
-    if (!ctx.user) {
-      return { granted: false, reason: "Authentication required" };
-    }
-    const userRoles = ctx.user.roles ?? [];
-    if (roles.some((r) => userRoles.includes(r))) {
-      return true;
-    }
-    return {
-      granted: false,
-      reason: `Required roles: ${roles.join(", ")}`
-    };
-  };
-  check._roles = roles;
-  return check;
-}
-
-// src/presets/softDelete.ts
-function softDeletePreset(options = {}) {
-  const { deletedField: _deletedField = "deletedAt" } = options;
-  return {
-    name: "softDelete",
-    additionalRoutes: (permissions) => [
-      {
-        method: "GET",
-        path: "/deleted",
-        handler: "getDeleted",
-        summary: "Get soft-deleted items",
-        permissions: permissions.list ?? requireRoles(["admin"]),
-        wrapHandler: true
-      },
-      {
-        method: "POST",
-        path: "/:id/restore",
-        handler: "restore",
-        summary: "Restore soft-deleted item",
-        permissions: permissions.update ?? requireRoles(["admin"]),
-        wrapHandler: true
-      }
-    ]
-  };
-}
-
-// src/presets/slugLookup.ts
-function slugLookupPreset(options = {}) {
-  const { slugField = "slug" } = options;
-  return {
-    name: "slugLookup",
-    additionalRoutes: (permissions) => [
-      {
-        method: "GET",
-        path: `/slug/:${slugField}`,
-        handler: "getBySlug",
-        summary: "Get by slug",
-        permissions: permissions.get ?? allowPublic(),
-        wrapHandler: true
-        // Handler is a ControllerHandler
-      }
-    ],
-    // Pass to controller so it knows which param to read
-    controllerOptions: {
-      slugField
-    }
-  };
-}
-
-// src/presets/ownedByUser.ts
-function createOwnershipCheck(ownerField, bypassRoles) {
-  return async (request, _reply) => {
-    const user = request.user;
-    if (!user) return;
-    const userWithRoles = user;
-    if (userWithRoles.roles && bypassRoles.some((r) => userWithRoles.roles.includes(r))) return;
-    const userWithId = user;
-    const userId = userWithId._id ?? userWithId.id;
-    if (userId) {
-      request._ownershipCheck = {
-        field: ownerField,
-        userId
-      };
-    }
-  };
-}
-function ownedByUserPreset(options = {}) {
-  const {
-    ownerField = "userId",
-    bypassRoles = ["admin", "superadmin"]
-  } = options;
-  const ownershipMiddleware = createOwnershipCheck(ownerField, bypassRoles);
-  return {
-    name: "ownedByUser",
-    middlewares: {
-      update: [ownershipMiddleware],
-      delete: [ownershipMiddleware]
-    }
-  };
-}
-
-// src/presets/multiTenant.ts
-function defaultExtractOrganizationId(request) {
-  const context = request.context;
-  if (context?.organizationId) {
-    return context.organizationId;
-  }
-  const user = request.user;
-  if (user?.organizationId) {
-    return user.organizationId;
-  }
-  if (user?.organization) {
-    const org = user.organization;
-    return org._id || org.id || org;
-  }
-  return null;
-}
-function createTenantFilter(tenantField, bypassRoles, extractOrganizationId) {
-  return async (request, reply) => {
-    const user = request.user;
-    if (!user) {
-      reply.code(401).send({
-        success: false,
-        error: "Unauthorized",
-        message: "Authentication required for multi-tenant resources"
-      });
-      return;
-    }
-    const userWithRoles = user;
-    if (userWithRoles.roles && bypassRoles.some((r) => userWithRoles.roles.includes(r))) return;
-    const orgId = extractOrganizationId(request);
-    if (!orgId) {
-      reply.code(403).send({
-        success: false,
-        error: "Forbidden",
-        message: "Organization context required for this operation"
-      });
-      return;
-    }
-    request.query = request.query ?? {};
-    request.query._policyFilters = {
-      ...request.query._policyFilters ?? {},
-      [tenantField]: orgId
-    };
-  };
-}
-function createFlexibleTenantFilter(tenantField, bypassRoles, extractOrganizationId) {
-  return async (request, reply) => {
-    const user = request.user;
-    const orgId = extractOrganizationId(request);
-    if (!orgId) {
-      return;
-    }
-    if (!user) {
-      reply.code(401).send({
-        success: false,
-        error: "Unauthorized",
-        message: "Authentication required for organization-scoped data"
-      });
-      return;
-    }
-    const userWithRoles = user;
-    if (userWithRoles.roles && bypassRoles.some((r) => userWithRoles.roles.includes(r))) {
-      return;
-    }
-    request.query = request.query ?? {};
-    request.query._policyFilters = {
-      ...request.query._policyFilters ?? {},
-      [tenantField]: orgId
-    };
-  };
-}
-function createTenantInjection(tenantField, extractOrganizationId) {
-  return async (request, reply) => {
-    const orgId = extractOrganizationId(request);
-    if (!orgId) {
-      reply.code(403).send({
-        success: false,
-        error: "Forbidden",
-        message: "Organization context required to create resources"
-      });
-      return;
-    }
-    if (request.body) {
-      request.body[tenantField] = orgId;
-    }
-  };
-}
-function multiTenantPreset(options = {}) {
-  const {
-    tenantField = "organizationId",
-    bypassRoles = ["superadmin"],
-    extractOrganizationId = defaultExtractOrganizationId,
-    allowPublic: allowPublic2 = []
-  } = options;
-  const strictTenantFilter = createTenantFilter(tenantField, bypassRoles, extractOrganizationId);
-  const flexibleTenantFilter = createFlexibleTenantFilter(tenantField, bypassRoles, extractOrganizationId);
-  const tenantInjection = createTenantInjection(tenantField, extractOrganizationId);
-  const getFilter = (route) => allowPublic2.includes(route) ? flexibleTenantFilter : strictTenantFilter;
-  return {
-    name: "multiTenant",
-    middlewares: {
-      list: [getFilter("list")],
-      get: [getFilter("get")],
-      create: [tenantInjection],
-      update: [getFilter("update")],
-      delete: [getFilter("delete")]
-    }
-  };
-}
-
-// src/presets/tree.ts
-function treePreset(options = {}) {
-  const { parentField = "parent" } = options;
-  return {
-    name: "tree",
-    additionalRoutes: (permissions) => [
-      {
-        method: "GET",
-        path: "/tree",
-        handler: "getTree",
-        summary: "Get hierarchical tree",
-        permissions: permissions.list ?? allowPublic(),
-        wrapHandler: true
-      },
-      {
-        method: "GET",
-        path: `/:${parentField}/children`,
-        handler: "getChildren",
-        summary: "Get children of parent",
-        permissions: permissions.list ?? allowPublic(),
-        wrapHandler: true
-      }
-    ],
-    // Pass to controller so it knows which param to read
-    controllerOptions: {
-      parentField
-    }
-  };
-}
-
-// src/presets/audited.ts
-function auditedPreset(options = {}) {
-  const { createdByField = "createdBy", updatedByField = "updatedBy" } = options;
-  const injectCreatedBy = async (request, _reply) => {
-    const userWithId = request.user;
-    if (userWithId?._id || userWithId?.id) {
-      const userId = userWithId._id ?? userWithId.id;
-      request.body[createdByField] = userId;
-      request.body[updatedByField] = userId;
-    }
-    return void 0;
-  };
-  const injectUpdatedBy = async (request, _reply) => {
-    const userWithId = request.user;
-    if (userWithId?._id || userWithId?.id) {
-      request.body[updatedByField] = userWithId._id ?? userWithId.id;
-    }
-    return void 0;
-  };
-  return {
-    name: "audited",
-    schemaOptions: {
-      fieldRules: {
-        [createdByField]: { systemManaged: true },
-        [updatedByField]: { systemManaged: true },
-        createdAt: { systemManaged: true },
-        updatedAt: { systemManaged: true }
-      }
-    },
-    middlewares: {
-      create: [injectCreatedBy],
-      update: [injectUpdatedBy]
-    }
-  };
-}
-
-// src/presets/index.ts
-var flexibleMultiTenantPreset = (options = {}) => multiTenantPreset({ ...options, allowPublic: ["list", "get"] });
-var presetRegistry = {
-  softDelete: softDeletePreset,
-  slugLookup: slugLookupPreset,
-  ownedByUser: ownedByUserPreset,
-  multiTenant: multiTenantPreset,
-  tree: treePreset,
-  audited: auditedPreset
-};
-function getPreset(nameOrConfig) {
-  if (typeof nameOrConfig === "object" && nameOrConfig.name) {
-    const { name, ...options } = nameOrConfig;
-    return resolvePreset(name, options);
-  }
-  return resolvePreset(nameOrConfig);
-}
-function resolvePreset(name, options = {}) {
-  const factory = presetRegistry[name];
-  if (!factory) {
-    const available = Object.keys(presetRegistry).join(", ");
-    throw new Error(
-      `Unknown preset: '${name}'
-Available presets: ${available}
-Docs: https://github.com/classytic/arc#presets`
-    );
-  }
-  return factory(options);
-}
-function registerPreset(name, factory) {
-  if (presetRegistry[name]) {
-    throw new Error(`Preset '${name}' already exists`);
-  }
-  presetRegistry[name] = factory;
-}
-function getAvailablePresets() {
-  return Object.keys(presetRegistry);
-}
-function applyPresets(config, presets = []) {
-  let result = { ...config };
-  for (const preset of presets) {
-    const resolved = resolvePresetInput(preset);
-    result = mergePreset(result, resolved);
-  }
-  return result;
-}
-function resolvePresetInput(preset) {
-  if (typeof preset === "object" && ("middlewares" in preset || "additionalRoutes" in preset)) {
-    return preset;
-  }
-  if (typeof preset === "object" && "name" in preset) {
-    const { name, ...options } = preset;
-    return resolvePreset(name, options);
-  }
-  return resolvePreset(preset);
-}
-function mergePreset(config, preset) {
-  const result = { ...config };
-  if (preset.additionalRoutes) {
-    const routes = typeof preset.additionalRoutes === "function" ? preset.additionalRoutes(config.permissions ?? {}) : preset.additionalRoutes;
-    result.additionalRoutes = [
-      ...result.additionalRoutes ?? [],
-      ...routes
-    ];
-  }
-  if (preset.middlewares) {
-    result.middlewares = result.middlewares ?? {};
-    for (const [op, mws] of Object.entries(preset.middlewares)) {
-      const key = op;
-      result.middlewares[key] = [
-        ...result.middlewares[key] ?? [],
-        ...mws ?? []
-      ];
-    }
-  }
-  if (preset.schemaOptions) {
-    result.schemaOptions = {
-      ...result.schemaOptions,
-      ...preset.schemaOptions
-    };
-  }
-  if (preset.controllerOptions) {
-    result._controllerOptions = {
-      ...result._controllerOptions,
-      ...preset.controllerOptions
-    };
-  }
-  if (preset.hooks && preset.hooks.length > 0) {
-    result._hooks = result._hooks ?? [];
-    for (const hook of preset.hooks) {
-      result._hooks.push({
-        presetName: preset.name,
-        operation: hook.operation,
-        phase: hook.phase,
-        handler: hook.handler,
-        priority: hook.priority
-      });
-    }
-  }
-  return result;
-}
-
-export { applyPresets, auditedPreset, flexibleMultiTenantPreset, getAvailablePresets, getPreset, multiTenantPreset, ownedByUserPreset, registerPreset, slugLookupPreset, softDeletePreset, treePreset };

package/dist/presets/multiTenant.d.ts

@@ -1,39 +0,0 @@
-import { d as RequestWithExtras, e as CrudRouteKey, f as PresetResult } from '../index-B4t03KQ0.js';
-import 'mongoose';
-import 'fastify';
-import '../types-B99TBmFV.js';
-
-/**
- * Multi-Tenant Preset
- *
- * Adds tenant (organization) filtering and injection middlewares.
- */
-
-interface MultiTenantOptions {
-    /** Field name in database (default: 'organizationId') */
-    tenantField?: string;
-    /** Roles that bypass tenant isolation (default: ['superadmin']) */
-    bypassRoles?: string[];
-    /**
-     * Custom function to extract organizationId from request
-     * If not provided, tries in order:
-     * 1. request.context.organizationId
-     * 2. request.user.organizationId
-     * 3. request.user.organization
-     */
-    extractOrganizationId?: (request: RequestWithExtras) => string | null | undefined;
-    /**
-     * Routes that allow public access (no auth required)
-     * When a route is in this array:
-     * - If no org context: allow through without filtering (public data)
-     * - If org context present: require auth and apply filter
-     *
-     * @default [] (strict mode - all routes require auth)
-     * @example
-     * multiTenantPreset({ allowPublic: ['list', 'get'] })
-     */
-    allowPublic?: CrudRouteKey[];
-}
-declare function multiTenantPreset(options?: MultiTenantOptions): PresetResult;
-
-export { type MultiTenantOptions, multiTenantPreset as default, multiTenantPreset };