@declaro/core 2.0.0-y.0 → 2.1.0

package/src/application/create-request-context.test.ts

@@ -0,0 +1,345 @@
+import { createRequest } from 'node-mocks-http'
+import { beforeEach, describe, expect, it } from 'vitest'
+import { Context, type DeclaroRequestScope, type DeclaroScope } from '../context/context'
+import type { Request } from '../http/request'
+import { createRequestContext } from './create-request-context'
+import { useDeclaro } from './use-declaro'
+
+// Extended scopes for testing
+interface TestAppScope extends DeclaroScope {
+    testAppValue?: string
+    sharedKey?: string
+    appValue?: string
+    appFactory?: string
+    appClass?: TestClass
+    eagerDep?: string
+}
+
+interface TestRequestScope extends DeclaroRequestScope {
+    middlewareTest?: string
+    asyncTest?: string
+    middleware1?: string
+    middleware2?: string
+    sharedKey?: string
+    appValue?: string
+    appFactory?: string
+    appClass?: TestClass
+}
+
+class TestClass {
+    getValue() {
+        return 'class-result'
+    }
+}
+
+describe('createRequestContext', () => {
+    let appContext: Context<TestAppScope>
+    let mockRequest: Request
+
+    beforeEach(async () => {
+        // Create app context with Declaro middleware
+        appContext = new Context<TestAppScope>()
+        await appContext.use(useDeclaro())
+
+        // Create mock request
+        mockRequest = createRequest({
+            method: 'POST',
+            url: 'https://example.com/api/test?param1=value1&param2=value2',
+            headers: {
+                'Content-Type': 'application/json',
+                Authorization: 'Bearer test-token-123',
+                'X-Custom-Header': 'custom-value',
+                'User-Agent': 'test-agent/1.0',
+            },
+            body: {
+                test: 'data',
+            },
+        }) as Request
+    })
+
+    describe('basic functionality', () => {
+        it('should create a request context from app context', async () => {
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            expect(requestContext).toBeInstanceOf(Context)
+            expect(requestContext).not.toBe(appContext)
+        })
+
+        it('should extend the app context', async () => {
+            // Add a value to app context
+            appContext.registerValue('testAppValue', 'app-test-value')
+
+            const requestContext = (await createRequestContext(appContext, mockRequest)) as Context<TestRequestScope>
+
+            // Should be able to access app context values
+            expect((requestContext as any).resolve('testAppValue')).toBe('app-test-value')
+        })
+
+        it('should run request middleware', async () => {
+            let middlewareRan = false
+
+            appContext.scope.requestMiddleware.push((context) => {
+                middlewareRan = true
+                ;(context as any).registerValue('middlewareTest', 'middleware-value')
+            })
+
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            expect(middlewareRan).toBe(true)
+            expect((requestContext as any).resolve('middlewareTest')).toBe('middleware-value')
+        })
+
+        it('should initialize eager dependencies', async () => {
+            let eagerFactoryRan = false
+
+            appContext.registerFactory(
+                'eagerDep',
+                () => {
+                    eagerFactoryRan = true
+                    return 'eager-value'
+                },
+                [],
+                { eager: true },
+            )
+
+            await createRequestContext(appContext, mockRequest)
+
+            expect(eagerFactoryRan).toBe(true)
+        })
+    })
+
+    describe('request injection', () => {
+        it('should inject the request object', async () => {
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            const injectedRequest = requestContext.resolve('request')
+
+            expect(injectedRequest).toBe(mockRequest)
+            expect(injectedRequest.method).toBe('POST')
+            expect(injectedRequest.url).toBe('https://example.com/api/test?param1=value1&param2=value2')
+        })
+
+        it('should provide request via scope property', async () => {
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            expect(requestContext.scope.request).toBe(mockRequest)
+        })
+    })
+
+    describe('headers injection', () => {
+        it('should inject headers object', async () => {
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            const headers = requestContext.resolve('headers')
+
+            expect(headers).toBeDefined()
+            expect(headers['content-type']).toBe('application/json')
+            expect(headers['authorization']).toBe('Bearer test-token-123')
+            expect(headers['x-custom-header']).toBe('custom-value')
+            expect(headers['user-agent']).toBe('test-agent/1.0')
+        })
+
+        it('should provide headers via scope property', async () => {
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            expect(requestContext.scope.headers).toBeDefined()
+            expect(requestContext.scope.headers).toBe(mockRequest.headers)
+        })
+
+        it('should handle missing headers gracefully', async () => {
+            const requestWithoutHeaders = createRequest({
+                method: 'GET',
+                url: '/test',
+                // No headers
+            }) as Request
+
+            const requestContext = await createRequestContext(appContext, requestWithoutHeaders)
+
+            const headers = requestContext.resolve('headers')
+            expect(headers).toBeDefined()
+            expect(Object.keys(headers).length).toBeGreaterThanOrEqual(0)
+        })
+    })
+
+    describe('header function injection', () => {
+        it('should inject header function', async () => {
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            const headerFunction = requestContext.resolve('header')
+
+            expect(typeof headerFunction).toBe('function')
+        })
+
+        it('should provide header function via scope property', async () => {
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            expect(typeof requestContext.scope.header).toBe('function')
+        })
+
+        it('should retrieve specific headers', async () => {
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            const header = requestContext.scope.header
+
+            expect(header('content-type')).toBe('application/json')
+            expect(header('authorization')).toBe('Bearer test-token-123')
+            expect(header('x-custom-header')).toBe('custom-value')
+            expect(header('user-agent')).toBe('test-agent/1.0')
+        })
+
+        it('should return undefined for non-existent headers', async () => {
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            const header = requestContext.scope.header
+
+            expect(header('non-existent-header' as any)).toBeUndefined()
+        })
+
+        it('should handle case-insensitive header names', async () => {
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            const header = requestContext.scope.header
+
+            // HTTP headers are case-insensitive, Node.js typically lowercases them
+            expect(header('Content-Type' as any)).toBe('application/json')
+        })
+    })
+
+    describe('middleware arrays injection', () => {
+        it('should inject requestMiddleware array', async () => {
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            const requestMiddleware = requestContext.resolve('requestMiddleware')
+
+            expect(Array.isArray(requestMiddleware)).toBe(true)
+        })
+
+        it('should inject nodeMiddleware array', async () => {
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            const nodeMiddleware = requestContext.resolve('nodeMiddleware')
+
+            expect(Array.isArray(nodeMiddleware)).toBe(true)
+        })
+
+        it('should provide middleware arrays via scope properties', async () => {
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            expect(Array.isArray(requestContext.scope.requestMiddleware)).toBe(true)
+            expect(Array.isArray(requestContext.scope.nodeMiddleware)).toBe(true)
+        })
+    })
+
+    describe('type safety and scope validation', () => {
+        it('should satisfy RequestScope interface', async () => {
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            // Test that all RequestScope properties are available
+            expect(requestContext.scope.request).toBeDefined()
+            expect(requestContext.scope.headers).toBeDefined()
+            expect(typeof requestContext.scope.header).toBe('function')
+            expect(Array.isArray(requestContext.scope.requestMiddleware)).toBe(true)
+            expect(Array.isArray(requestContext.scope.nodeMiddleware)).toBe(true)
+        })
+
+        it('should allow injection of all RequestScope dependencies', async () => {
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            // Test direct resolution of all expected dependencies
+            expect(() => requestContext.resolve('request')).not.toThrow()
+            expect(() => requestContext.resolve('headers')).not.toThrow()
+            expect(() => requestContext.resolve('header')).not.toThrow()
+            expect(() => requestContext.resolve('requestMiddleware')).not.toThrow()
+            expect(() => requestContext.resolve('nodeMiddleware')).not.toThrow()
+        })
+    })
+
+    describe('dependency inheritance', () => {
+        it('should inherit all app dependencies', async () => {
+            // Register various types of dependencies in app context
+            appContext.registerValue('appValue', 'test-value')
+            appContext.registerFactory('appFactory', () => 'factory-result', [])
+            ;(appContext as any).registerClass('appClass', TestClass, [])
+
+            const requestContext = (await createRequestContext(appContext, mockRequest)) as Context<TestRequestScope>
+
+            // All should be accessible in request context
+            expect((requestContext as any).resolve('appValue')).toBe('test-value')
+            expect((requestContext as any).resolve('appFactory')).toBe('factory-result')
+            expect(((requestContext as any).resolve('appClass') as TestClass).getValue()).toBe('class-result')
+        })
+
+        it('should allow request context to override app dependencies', async () => {
+            appContext.registerValue('sharedKey', 'app-value')
+
+            // Add middleware that overrides the value
+            appContext.scope.requestMiddleware.push((context) => {
+                ;(context as any).registerValue('sharedKey', 'request-value')
+            })
+
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            expect((requestContext as any).resolve('sharedKey')).toBe('request-value')
+        })
+    })
+
+    describe('error handling', () => {
+        it('should handle middleware errors gracefully', async () => {
+            // Add middleware that throws
+            appContext.scope.requestMiddleware.push(() => {
+                throw new Error('Middleware error')
+            })
+
+            await expect(createRequestContext(appContext, mockRequest)).rejects.toThrow('Middleware error')
+        })
+
+        it('should handle null/undefined request', async () => {
+            // The current implementation doesn't validate the request parameter
+            // It will set request to null and continue processing
+            const requestContext = await createRequestContext(appContext, null as any)
+
+            expect(requestContext.resolve('request')).toBeNull()
+            expect(requestContext.resolve('headers')).toEqual({})
+        })
+    })
+
+    describe('async middleware support', () => {
+        it('should handle async middleware', async () => {
+            let asyncMiddlewareRan = false
+
+            appContext.scope.requestMiddleware.push(async (context) => {
+                await new Promise((resolve) => setTimeout(resolve, 10))
+                asyncMiddlewareRan = true
+                ;(context as any).registerValue('asyncTest', 'async-result')
+            })
+
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            expect(asyncMiddlewareRan).toBe(true)
+            expect((requestContext as any).resolve('asyncTest')).toBe('async-result')
+        })
+
+        it('should run multiple async middleware in sequence', async () => {
+            const executionOrder: number[] = []
+
+            appContext.scope.requestMiddleware.push(
+                async (context) => {
+                    await new Promise((resolve) => setTimeout(resolve, 20))
+                    executionOrder.push(1)
+                    ;(context as any).registerValue('middleware1', 'first')
+                },
+                async (context) => {
+                    await new Promise((resolve) => setTimeout(resolve, 10))
+                    executionOrder.push(2)
+                    ;(context as any).registerValue('middleware2', 'second')
+                },
+            )
+
+            const requestContext = await createRequestContext(appContext, mockRequest)
+
+            expect(executionOrder).toEqual([1, 2])
+            expect((requestContext as any).resolve('middleware1')).toBe('first')
+            expect((requestContext as any).resolve('middleware2')).toBe('second')
+        })
+    })
+})

package/src/application/create-request-context.ts

@@ -0,0 +1,19 @@
+import { Context, type DeclaroRequestScope, type DeclaroScope } from '../context/context'
+import { provideRequest, type Request } from '../http/request'
+
+export async function createRequestContext<S extends DeclaroScope>(
+    appContext: Context<S>,
+    request: Request,
+): Promise<Context<DeclaroRequestScope>> {
+    const context = new Context<DeclaroRequestScope>()
+    context.extend(appContext)
+
+    provideRequest(context, request)
+
+    const requestMiddleware = appContext.scope.requestMiddleware
+    await context.use(...requestMiddleware)
+
+    await context.initializeEagerDependencies()
+
+    return context
+}

package/src/application/use-declaro.ts

@@ -0,0 +1,27 @@
+import type { IncomingHttpHeaders } from 'http'
+import type { Context, DeclaroScope } from '../context/context'
+import { provideRequestMiddleware } from '../http/request-context'
+
+export function useDeclaro() {
+    return async <S extends DeclaroScope>(context: Context<S>) => {
+        context.registerValue('requestMiddleware', [])
+        context.registerValue('nodeMiddleware', [])
+
+        provideRequestMiddleware(context, async (context) => {
+            // TODO: Support modern web Request type, and Headers instance for full fetch compatibility
+
+            context.registerFactory(
+                'headers',
+                (request: Request) => {
+                    return request?.headers ?? {}
+                },
+                ['request'],
+            )
+
+            context.registerValue('header', (header: keyof IncomingHttpHeaders) => {
+                const headers = context.resolve('headers')
+                return headers[header]
+            })
+        })
+    }
+}

package/src/auth/permission-validator.test.ts

@@ -43,7 +43,7 @@ describe('Permission Builder', () => {
 
         const validResult = validator.safeValidate(['look', 'we', 'have', 'some', 'permissions', 'and', 'some', 'more'])
 
-        expect(validResult).to.deep.equal({
+        expect(validResult).toEqual({
             valid: true,
             errorMessage: '',
             errors: [],
@@ -51,7 +51,7 @@ describe('Permission Builder', () => {
 
         expect(() => validator.safeValidate(['we', 'are', 'not', 'authorized'])).not.toThrowError()
         const result = validator.safeValidate(['we', 'are', 'not', 'authorized'])
-        expect(result).to.deep.equal({
+        expect(result).toEqual({
             valid: false,
             errorMessage: 'Tisk tisk',
             errors: [new PermissionError('Tisk tisk', validator.rules[0], ['we', 'are', 'not', 'authorized'])],
@@ -206,4 +206,240 @@ describe('Permission Builder', () => {
         expect(validator3.safeValidate(['namespace::resource.action1:write']).valid).toBe(true)
         expect(validator3.safeValidate(['namespace::resource.action2:delete']).valid).toBe(true)
     })
+
+    describe('Nested Permission Validators', () => {
+        it('should support nesting validators with someOf for OR logic', () => {
+            // Create nested validator: permission1 OR (permission2 AND permission3)
+            const nestedValidator = PermissionValidator.create().allOf(['permission2', 'permission3'])
+            const validator = PermissionValidator.create().someOf(
+                ['permission1', nestedValidator],
+                'Need permission1 OR (permission2 AND permission3)',
+            )
+
+            // Test with permission1 only - should pass
+            expect(validator.safeValidate(['permission1']).valid).toBe(true)
+
+            // Test with permission2 and permission3 - should pass
+            expect(validator.safeValidate(['permission2', 'permission3']).valid).toBe(true)
+
+            // Test with all permissions - should pass
+            expect(validator.safeValidate(['permission1', 'permission2', 'permission3']).valid).toBe(true)
+
+            // Test with permission2 only - should fail
+            expect(validator.safeValidate(['permission2']).valid).toBe(false)
+
+            // Test with permission3 only - should fail
+            expect(validator.safeValidate(['permission3']).valid).toBe(false)
+
+            // Test with no permissions - should fail
+            expect(validator.safeValidate([]).valid).toBe(false)
+        })
+
+        it('should support nesting validators with allOf for AND logic', () => {
+            // Create nested validator: permission1 AND (permission2 OR permission3)
+            const nestedValidator = PermissionValidator.create().someOf(['permission2', 'permission3'])
+            const validator = PermissionValidator.create().allOf(
+                ['permission1', nestedValidator],
+                'Need permission1 AND (permission2 OR permission3)',
+            )
+
+            // Test with permission1 and permission2 - should pass
+            expect(validator.safeValidate(['permission1', 'permission2']).valid).toBe(true)
+
+            // Test with permission1 and permission3 - should pass
+            expect(validator.safeValidate(['permission1', 'permission3']).valid).toBe(true)
+
+            // Test with all permissions - should pass
+            expect(validator.safeValidate(['permission1', 'permission2', 'permission3']).valid).toBe(true)
+
+            // Test with permission1 only - should fail
+            expect(validator.safeValidate(['permission1']).valid).toBe(false)
+
+            // Test with permission2 only - should fail
+            expect(validator.safeValidate(['permission2']).valid).toBe(false)
+
+            // Test with permission2 and permission3 only - should fail
+            expect(validator.safeValidate(['permission2', 'permission3']).valid).toBe(false)
+        })
+
+        it('should support multiple levels of nesting', () => {
+            // Create complex nested validator: permission1 OR (permission2 AND (permission3 OR permission4))
+            const deepNestedValidator = PermissionValidator.create().someOf(['permission3', 'permission4'])
+            const nestedValidator = PermissionValidator.create().allOf(['permission2', deepNestedValidator])
+            const validator = PermissionValidator.create().someOf(
+                ['permission1', nestedValidator],
+                'Complex permission logic failed',
+            )
+
+            // Test with permission1 only - should pass
+            expect(validator.safeValidate(['permission1']).valid).toBe(true)
+
+            // Test with permission2 and permission3 - should pass
+            expect(validator.safeValidate(['permission2', 'permission3']).valid).toBe(true)
+
+            // Test with permission2 and permission4 - should pass
+            expect(validator.safeValidate(['permission2', 'permission4']).valid).toBe(true)
+
+            // Test with permission2, permission3, and permission4 - should pass
+            expect(validator.safeValidate(['permission2', 'permission3', 'permission4']).valid).toBe(true)
+
+            // Test with permission2 only - should fail
+            expect(validator.safeValidate(['permission2']).valid).toBe(false)
+
+            // Test with permission3 and permission4 only - should fail
+            expect(validator.safeValidate(['permission3', 'permission4']).valid).toBe(false)
+        })
+
+        it('should support nesting with noneOf for exclusion logic', () => {
+            // Create validator: permission1 AND NOT(permission2 OR permission3)
+            const excludeValidator = PermissionValidator.create().someOf(['permission2', 'permission3'])
+            const validator = PermissionValidator.create()
+                .allOf(['permission1'], 'Must have permission1')
+                .noneOf([excludeValidator], 'Cannot have permission2 or permission3')
+
+            // Test with permission1 only - should pass
+            expect(validator.safeValidate(['permission1']).valid).toBe(true)
+
+            // Test with permission1 and permission4 - should pass
+            expect(validator.safeValidate(['permission1', 'permission4']).valid).toBe(true)
+
+            // Test with permission1 and permission2 - should fail
+            expect(validator.safeValidate(['permission1', 'permission2']).valid).toBe(false)
+
+            // Test with permission1 and permission3 - should fail
+            expect(validator.safeValidate(['permission1', 'permission3']).valid).toBe(false)
+
+            // Test with permission1, permission2, and permission3 - should fail
+            expect(validator.safeValidate(['permission1', 'permission2', 'permission3']).valid).toBe(false)
+        })
+
+        it('should provide meaningful error messages for nested validators', () => {
+            const nestedValidator = PermissionValidator.create().allOf(
+                ['permission2', 'permission3'],
+                'Missing required permissions 2 and 3',
+            )
+            const validator = PermissionValidator.create().someOf(
+                ['permission1', nestedValidator],
+                'Need permission1 OR both permission2 and permission3',
+            )
+
+            const result = validator.safeValidate(['permission2'])
+
+            expect(result.valid).toBe(false)
+            expect(result.errorMessage).toBe('Need permission1 OR both permission2 and permission3')
+            expect(result.errors).toHaveLength(1)
+        })
+
+        it('should work with real-world permission patterns using nesting', () => {
+            // Create validator for: write:all OR (create:all AND update:all)
+            const createAndUpdate = PermissionValidator.create().allOf(['create:all', 'update:all'])
+            const validator = PermissionValidator.create().someOf(
+                ['write:all', createAndUpdate],
+                'Need write:all OR (create:all AND update:all)',
+            )
+
+            // Test with write:all - should pass
+            expect(validator.safeValidate(['write:all']).valid).toBe(true)
+
+            // Test with create:all and update:all - should pass
+            expect(validator.safeValidate(['create:all', 'update:all']).valid).toBe(true)
+
+            // Test with all permissions - should pass
+            expect(validator.safeValidate(['write:all', 'create:all', 'update:all']).valid).toBe(true)
+
+            // Test with create:all only - should fail
+            expect(validator.safeValidate(['create:all']).valid).toBe(false)
+
+            // Test with update:all only - should fail
+            expect(validator.safeValidate(['update:all']).valid).toBe(false)
+
+            // Test with read:all - should fail
+            expect(validator.safeValidate(['read:all']).valid).toBe(false)
+        })
+
+        it('should support the exact syntax mentioned: someOf with nested allOf for OR-AND logic', () => {
+            // Test the exact pattern: baseValidator.someOf(['permission1', baseValidator.someOf(['permission2', 'permission3'])])
+            // This creates: permission1 OR (permission2 AND permission3)
+            const nestedValidator = PermissionValidator.create().allOf(['permission2', 'permission3'])
+            const validator = PermissionValidator.create().someOf(['permission1', nestedValidator])
+
+            // Test permission1 only - should pass
+            expect(validator.safeValidate(['permission1']).valid).toBe(true)
+
+            // Test permission2 and permission3 - should pass
+            expect(validator.safeValidate(['permission2', 'permission3']).valid).toBe(true)
+
+            // Test all permissions - should pass
+            expect(validator.safeValidate(['permission1', 'permission2', 'permission3']).valid).toBe(true)
+
+            // Test permission2 only - should fail
+            expect(validator.safeValidate(['permission2']).valid).toBe(false)
+
+            // Test permission3 only - should fail
+            expect(validator.safeValidate(['permission3']).valid).toBe(false)
+
+            // Test no permissions - should fail
+            expect(validator.safeValidate([]).valid).toBe(false)
+        })
+
+        it('should work with wildcards in nested validators', () => {
+            // Create validator: admin:* OR (books:read AND books:write)
+            const booksReadWrite = PermissionValidator.create().allOf(['books:read', 'books:write'])
+            const validator = PermissionValidator.create().someOf(
+                ['admin:*', booksReadWrite],
+                'Need admin access OR books read/write',
+            )
+
+            // Test with admin wildcard - should pass
+            expect(validator.safeValidate(['admin:read']).valid).toBe(true)
+            expect(validator.safeValidate(['admin:write']).valid).toBe(true)
+            expect(validator.safeValidate(['admin:delete']).valid).toBe(true)
+
+            // Test with books read and write - should pass
+            expect(validator.safeValidate(['books:read', 'books:write']).valid).toBe(true)
+
+            // Test with books read only - should fail
+            expect(validator.safeValidate(['books:read']).valid).toBe(false)
+
+            // Test with books write only - should fail
+            expect(validator.safeValidate(['books:write']).valid).toBe(false)
+
+            // Test with other permissions - should fail
+            expect(validator.safeValidate(['users:read']).valid).toBe(false)
+        })
+
+        it('should demonstrate practical usage for upsert/bulkUpsert permissions', () => {
+            // Create validator for upsert/bulkUpsert: books:write:all OR (books:create:all AND books:update:all)
+            const createAndUpdate = PermissionValidator.create().allOf(['books:create:all', 'books:update:all'])
+            const upsertValidator = PermissionValidator.create().someOf(
+                ['books:write:all', createAndUpdate],
+                'Need books:write:all OR (books:create:all AND books:update:all)',
+            )
+
+            // Test with write permission - should pass
+            expect(upsertValidator.safeValidate(['books:write:all']).valid).toBe(true)
+
+            // Test with create and update permissions - should pass
+            expect(upsertValidator.safeValidate(['books:create:all', 'books:update:all']).valid).toBe(true)
+
+            // Test with all permissions - should pass
+            expect(
+                upsertValidator.safeValidate(['books:write:all', 'books:create:all', 'books:update:all']).valid,
+            ).toBe(true)
+
+            // Test with create only - should fail
+            expect(upsertValidator.safeValidate(['books:create:all']).valid).toBe(false)
+
+            // Test with update only - should fail
+            expect(upsertValidator.safeValidate(['books:update:all']).valid).toBe(false)
+
+            // Test with read only - should fail
+            expect(upsertValidator.safeValidate(['books:read:all']).valid).toBe(false)
+
+            // Test error message
+            const result = upsertValidator.safeValidate(['books:create:all'])
+            expect(result.valid).toBe(false)
+            expect(result.errorMessage).toBe('Need books:write:all OR (books:create:all AND books:update:all)')
+        })
+    })
 })

package/src/auth/permission-validator.ts

@@ -44,7 +44,7 @@ export class PermissionValidator {
         return this
     }
 
-    allOf(permissions: RulePermission[], errorMessage?: string) {
+    allOf(permissions: RulePermission[], errorMessage: string = 'You do not have the required permissions') {
         this.addRule({
             type: PermissionRuleType.ALL_OF,
             permissions,
@@ -53,7 +53,7 @@ export class PermissionValidator {
         return this
     }
 
-    noneOf(permissions: RulePermission[], errorMessage?: string) {
+    noneOf(permissions: RulePermission[], errorMessage: string = 'You have forbidden permissions') {
         this.addRule({
             type: PermissionRuleType.NONE_OF,
             permissions,
@@ -62,7 +62,7 @@ export class PermissionValidator {
         return this
     }
 
-    someOf(permissions: RulePermission[], errorMessage?: string) {
+    someOf(permissions: RulePermission[], errorMessage: string = 'You do not have any of the required permissions') {
         this.addRule({
             type: PermissionRuleType.SOME_OF,
             permissions,