npm - @cosmicdrift/kumiko-bundled-features - Versions diffs - 0.14.0 → 0.16.0 - Mend

@cosmicdrift/kumiko-bundled-features 0.14.0 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (269) hide show

package/src/user-data-rights/run-user-export.ts CHANGED Viewed

@@ -20,6 +20,7 @@
 // landen. user-data-rights-defaults/hooks/user.userdata-hook expose
 // expliziert KEIN passwordHash + KEINE roles (privileged columns).
+import { selectMany } from "@cosmicdrift/kumiko-framework/bun-db";
 import type { DbRunner } from "@cosmicdrift/kumiko-framework/db";
 import {
   EXT_USER_DATA,
@@ -29,7 +30,6 @@ import {
   type UserDataExportSnippet,
 } from "@cosmicdrift/kumiko-framework/engine";
 import type { getTemporal } from "@cosmicdrift/kumiko-framework/time";
-import { eq } from "drizzle-orm";
 import { tenantMembershipsTable } from "../tenant";
 import { buildFileRefZipPath } from "./zip-path";
@@ -116,11 +116,9 @@ export async function runUserExport(args: RunUserExportArgs): Promise<UserExport
   const { db, registry, userId, now } = args;
   // Memberships → Tenant-Liste fuer Hook-Iteration.
-  // @cast-boundary db-row.
-  const memberships = (await db
-    .select({ tenantId: tenantMembershipsTable["tenantId"] })
-    .from(tenantMembershipsTable)
-    .where(eq(tenantMembershipsTable["userId"], userId))) as Array<{ tenantId: TenantId }>;
+  const memberships = await selectMany<{ tenantId: TenantId }>(db, tenantMembershipsTable, {
+    userId,
+  });
   const tenantList: TenantId[] = memberships.map((m) => m.tenantId);

package/src/user-data-rights/schema/download-attempt.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { buildDrizzleTable } from "@cosmicdrift/kumiko-framework/db";
+import { buildEntityTable } from "@cosmicdrift/kumiko-framework/db";
 import {
   createEntity,
   createTextField,
@@ -34,4 +34,4 @@ export const downloadAttemptEntity = createEntity({
   retention: { keepFor: "90d", strategy: "hardDelete", reference: "attemptedAt" },
 });
-export const downloadAttemptsTable = buildDrizzleTable("downloadAttempt", downloadAttemptEntity);
+export const downloadAttemptsTable = buildEntityTable("downloadAttempt", downloadAttemptEntity);

package/src/user-data-rights/schema/download-token.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { buildDrizzleTable } from "@cosmicdrift/kumiko-framework/db";
+import { buildEntityTable } from "@cosmicdrift/kumiko-framework/db";
 import {
   createBigIntField,
   createEntity,
@@ -105,7 +105,7 @@ export const exportDownloadTokenEntity = createEntity({
   ],
 });
-export const exportDownloadTokensTable = buildDrizzleTable(
+export const exportDownloadTokensTable = buildEntityTable(
   "exportDownloadToken",
   exportDownloadTokenEntity,
 );

package/src/user-data-rights/schema/export-job.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { buildDrizzleTable } from "@cosmicdrift/kumiko-framework/db";
+import { buildEntityTable, sql } from "@cosmicdrift/kumiko-framework/db";
 import {
   createBigIntField,
   createEntity,
@@ -7,7 +7,6 @@ import {
   createTextField,
   createTimestampField,
 } from "@cosmicdrift/kumiko-framework/engine";
-import { sql } from "drizzle-orm";
 // Export-Job-Lifecycle (S2.U3+U4 Atom 1).
 //
@@ -163,4 +162,4 @@ export const exportJobEntity = createEntity({
   ],
 });
-export const exportJobsTable = buildDrizzleTable("exportJob", exportJobEntity);
+export const exportJobsTable = buildEntityTable("exportJob", exportJobEntity);

package/src/user-data-rights-defaults/__tests__/user-data-rights-defaults.integration.ts CHANGED Viewed

@@ -10,13 +10,13 @@
 //   - "cross data matrix checks" (Cross-Tenant-Isolation: Tenant A's
 //     fileRef-Forget beruehrt Tenant B's Files nicht)
+import { afterAll, beforeAll, describe, expect, test } from "bun:test";
+import { asRawClient, insertOne } from "@cosmicdrift/kumiko-framework/bun-db";
 import {
   setupTestStack,
   type TestStack,
   unsafeCreateEntityTable,
 } from "@cosmicdrift/kumiko-framework/stack";
-import { sql } from "drizzle-orm";
-import { afterAll, beforeAll, describe, expect, test } from "vitest";
 import { createComplianceProfilesFeature } from "../../compliance-profiles";
 import { createDataRetentionFeature } from "../../data-retention";
 import { createFilesFeature } from "../../files";
@@ -52,9 +52,9 @@ beforeAll(async () => {
   await unsafeCreateEntityTable(stack.db, userEntity);
   // file_refs ist framework-pgTable (nicht entity-getrieben, S1.5 hat
-  // die Schema-Sicht ohne buildDrizzleTable-Auto-Generation). Manuelle
+  // die Schema-Sicht ohne buildEntityTable-Auto-Generation). Manuelle
   // CREATE matched die Spalten aus framework/src/files/file-ref-table.ts
-  await stack.db.execute(sql`
+  await asRawClient(stack.db).unsafe(`
     CREATE TABLE IF NOT EXISTS file_refs (
       id UUID PRIMARY KEY,
       tenant_id UUID NOT NULL,
@@ -90,21 +90,18 @@ async function seedUser(id: string, overrides: Record<string, unknown> = {}): Pr
   // Schema hat tenant_id-Spalte automatisch (Framework-Default).
   // Pragmatisch: SYSTEM_TENANT_ID fuer User-Rows in Tests.
   const SYSTEM_TENANT = "00000000-0000-4000-8000-000000000001";
-  await stack.db
-    .insert(userTable)
-    .values({
-      id,
-      tenantId: SYSTEM_TENANT,
-      email: `user-${id}@example.com`,
-      passwordHash: "hashed-password",
-      displayName: `User ${id}`,
-      locale: "de",
-      emailVerified: true,
-      roles: '["Member"]',
-      status: USER_STATUS.Active,
-      ...overrides,
-    })
-    .onConflictDoNothing();
+  await insertOne(stack.db, userTable, {
+    id,
+    tenantId: SYSTEM_TENANT,
+    email: `user-${id}@example.com`,
+    passwordHash: "hashed-password",
+    displayName: `User ${id}`,
+    locale: "de",
+    emailVerified: true,
+    roles: '["Member"]',
+    status: USER_STATUS.Active,
+    ...overrides,
+  });
 }
 async function seedFileRef(
@@ -113,18 +110,24 @@ async function seedFileRef(
   insertedById: string | null,
   fileName: string,
 ): Promise<void> {
-  await stack.db.execute(sql`
+  await asRawClient(stack.db).unsafe(
+    `
     INSERT INTO file_refs (id, tenant_id, storage_key, file_name, mime_type, size, inserted_by_id)
-    VALUES (${id}, ${tenantId}, ${`storage/${id}`}, ${fileName}, 'application/pdf', 1024, ${insertedById})
+    VALUES ($1, $2, $3, $4, 'application/pdf', 1024, $5)
     ON CONFLICT (id) DO NOTHING
-  `);
+  `,
+    [id, tenantId, `storage/${id}`, fileName, insertedById],
+  );
 }
 async function fetchUser(id: string) {
-  const result = await stack.db.execute(sql`
+  const result = await asRawClient(stack.db).unsafe(
+    `
     SELECT id, email, display_name, password_hash, status, deleted_at
-    FROM read_users WHERE id = ${id}
-  `);
+    FROM read_users WHERE id = $1
+  `,
+    [id],
+  );
   // biome-ignore lint/suspicious/noExplicitAny: drizzle execute returns any-typed array
   const rows = ((result as any).rows ?? result) as Array<{
     id: string;
@@ -140,13 +143,17 @@ async function fetchUser(id: string) {
 async function fetchFileRefs(tenantId: string, insertedById?: string | null) {
   const result =
     insertedById === undefined
-      ? await stack.db.execute(sql`SELECT * FROM file_refs WHERE tenant_id = ${tenantId}`)
+      ? await asRawClient(stack.db).unsafe(`SELECT * FROM file_refs WHERE tenant_id = $1`, [
+          tenantId,
+        ])
       : insertedById === null
-        ? await stack.db.execute(
-            sql`SELECT * FROM file_refs WHERE tenant_id = ${tenantId} AND inserted_by_id IS NULL`,
+        ? await asRawClient(stack.db).unsafe(
+            `SELECT * FROM file_refs WHERE tenant_id = $1 AND inserted_by_id IS NULL`,
+            [tenantId],
           )
-        : await stack.db.execute(
-            sql`SELECT * FROM file_refs WHERE tenant_id = ${tenantId} AND inserted_by_id = ${insertedById}`,
+        : await asRawClient(stack.db).unsafe(
+            `SELECT * FROM file_refs WHERE tenant_id = $1 AND inserted_by_id = $2`,
+            [tenantId, insertedById],
           );
   // biome-ignore lint/suspicious/noExplicitAny: drizzle execute typing
   return (result as any).rows ?? result;

package/src/user-data-rights-defaults/db/queries/user-hook.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { asRawClient } from "@cosmicdrift/kumiko-framework/bun-db";
+import type { DbRunner } from "@cosmicdrift/kumiko-framework/db";
+export async function anonymizeDeletedUser(
+  db: DbRunner,
+  params: {
+    readonly email: string;
+    readonly displayName: string;
+    readonly status: string;
+    readonly userId: string;
+  },
+): Promise<void> {
+  await asRawClient(db).unsafe(
+    'UPDATE "read_users" SET email = $1, display_name = $2, password_hash = $3, status = $4, deleted_at = now() WHERE id = $5',
+    [params.email, params.displayName, null, params.status, params.userId],
+  );
+}

package/src/user-data-rights-defaults/hooks/file-ref.userdata-hook.ts CHANGED Viewed

@@ -1,6 +1,6 @@
+import { deleteMany, selectMany, updateMany } from "@cosmicdrift/kumiko-framework/bun-db";
 import type { UserDataDeleteHook, UserDataExportHook } from "@cosmicdrift/kumiko-framework/engine";
 import { fileRefsTable } from "@cosmicdrift/kumiko-framework/files";
-import { and, eq } from "drizzle-orm";
 // userData-Hook fuer fileRef-entity (S2.H2).
 //
@@ -30,15 +30,10 @@ import { and, eq } from "drizzle-orm";
 // Cleanup als TODO und faellen das in S2.U5 nochmal an.
 export const fileRefExportHook: UserDataExportHook = async (ctx) => {
-  const rawRows = await ctx.db
-    .select()
-    .from(fileRefsTable)
-    .where(
-      and(
-        eq(fileRefsTable["tenantId"], ctx.tenantId),
-        eq(fileRefsTable["insertedById"], ctx.userId),
-      ),
-    );
+  const rawRows = await selectMany(ctx.db, fileRefsTable, {
+    tenantId: ctx.tenantId,
+    insertedById: ctx.userId,
+  });
   // @cast-boundary db-row: drizzle liefert insertedAt als Instant
   // (framework-customType). Fuer JSON-Export brauchen wir String —
@@ -83,27 +78,17 @@ export const fileRefDeleteHook: UserDataDeleteHook = async (ctx, strategy) => {
     // Hard-delete der FileRef-Rows fuer diesen User in diesem Tenant.
     // Storage-Binary-Cleanup folgt in S2.U5 wenn der Forget-Job-Ctx
     // den Storage-Provider exposed.
-    await ctx.db
-      .delete(fileRefsTable)
-      .where(
-        and(
-          eq(fileRefsTable["tenantId"], ctx.tenantId),
-          eq(fileRefsTable["insertedById"], ctx.userId),
-        ),
-      );
+    await deleteMany(ctx.db, fileRefsTable, { tenantId: ctx.tenantId, insertedById: ctx.userId });
   } else {
     // anonymize: insertedById=null, FileRef + binary bleiben.
     // Use-case: shared chat-Attachment in einem Multi-User-Channel —
     // Author-Identifikation raus, Datei bleibt fuer andere User
     // sichtbar.
-    await ctx.db
-      .update(fileRefsTable)
-      .set({ insertedById: null })
-      .where(
-        and(
-          eq(fileRefsTable["tenantId"], ctx.tenantId),
-          eq(fileRefsTable["insertedById"], ctx.userId),
-        ),
-      );
+    await updateMany(
+      ctx.db,
+      fileRefsTable,
+      { insertedById: null },
+      { tenantId: ctx.tenantId, insertedById: ctx.userId },
+    );
   }
 };

package/src/user-data-rights-defaults/hooks/user.userdata-hook.ts CHANGED Viewed

@@ -1,6 +1,5 @@
-import { fetchOne } from "@cosmicdrift/kumiko-framework/db";
+import { fetchOne, updateMany } from "@cosmicdrift/kumiko-framework/bun-db";
 import type { UserDataDeleteHook, UserDataExportHook } from "@cosmicdrift/kumiko-framework/engine";
-import { eq, sql } from "drizzle-orm";
 import {
   USER_ANONYMIZED_DISPLAY_NAME,
   USER_ANONYMIZED_EMAIL_DOMAIN,
@@ -10,6 +9,7 @@ import {
   USER_STATUS,
   userTable,
 } from "../../user";
+import { anonymizeDeletedUser } from "../db/queries/user-hook";
 // userData-Hook fuer user-entity (S2.H1).
 //
@@ -32,7 +32,7 @@ import {
 //                Frist auf einer FK-target-Entity)
 export const userExportHook: UserDataExportHook = async (ctx) => {
-  const row = (await fetchOne(ctx.db, userTable, eq(userTable["id"], ctx.userId))) as {
+  const row = (await fetchOne(ctx.db, userTable, { id: ctx.userId })) as {
     id: string;
     email: string;
     displayName: string;
@@ -64,28 +64,26 @@ export const userDeleteHook: UserDataDeleteHook = async (ctx, strategy) => {
   // Tenants Member sein), kein tenantId-Filter noetig.
   if (strategy === "delete") {
-    await ctx.db
-      .update(userTable)
-      .set({
-        email: `${USER_DELETED_EMAIL_PREFIX}-${ctx.userId}@${USER_ANONYMIZED_EMAIL_DOMAIN}`,
-        displayName: USER_DELETED_DISPLAY_NAME,
-        passwordHash: null,
-        status: USER_STATUS.Deleted,
-        deletedAt: sql`now()`,
-      })
-      .where(eq(userTable["id"], ctx.userId));
+    await anonymizeDeletedUser(ctx.db, {
+      email: `${USER_DELETED_EMAIL_PREFIX}-${ctx.userId}@${USER_ANONYMIZED_EMAIL_DOMAIN}`,
+      displayName: USER_DELETED_DISPLAY_NAME,
+      status: USER_STATUS.Deleted,
+      userId: ctx.userId,
+    });
   } else {
     // anonymize: PII raus, aber Row bleibt active (damit FK-References
     // weiter aufloesbar sind). Account ist effektiv weiter nutzbar
     // wenn der User sich neu authentifiziert — pragmatisch akzeptabel
     // weil "anonymize" auf user-entity ein seltener Edge-Case ist
     // (typisch hard-delete fuer User).
-    await ctx.db
-      .update(userTable)
-      .set({
+    await updateMany(
+      ctx.db,
+      userTable,
+      {
         email: `${USER_ANONYMIZED_EMAIL_PREFIX}-${ctx.userId}@${USER_ANONYMIZED_EMAIL_DOMAIN}`,
         displayName: USER_ANONYMIZED_DISPLAY_NAME,
-      })
-      .where(eq(userTable["id"], ctx.userId));
+      },
+      { id: ctx.userId },
+    );
   }
 };