@ditojs/server 1.0.0-rc.0 → 1.1.0

package/package.json

@@ -1,7 +1,7 @@
 {
-  "type": "module",
   "name": "@ditojs/server",
-  "version": "1.0.0-rc.0",
+  "version": "1.1.0",
+  "type": "module",
   "description": "Dito.js Server – Dito.js is a declarative and modern web framework, based on Objection.js, Koa.js and Vue.js",
   "repository": "https://github.com/ditojs/dito/tree/master/packages/server",
   "author": "Jürg Lehni <juerg@scratchdisk.com> (http://scratchdisk.com)",
@@ -21,15 +21,15 @@
     "node >= 14"
   ],
   "dependencies": {
-    "@ditojs/admin": "^1.0.0-rc.0",
-    "@ditojs/router": "^1.0.0-rc.0",
-    "@ditojs/utils": "^1.0.0-rc.0",
+    "@ditojs/admin": "^1.1.0",
+    "@ditojs/router": "^1.1.0",
+    "@ditojs/utils": "^1.1.0",
     "@koa/cors": "^3.2.0",
     "@koa/multer": "^3.0.0",
     "@originjs/vite-plugin-commonjs": "^1.0.3",
-    "ajv": "^7.2.4",
-    "ajv-formats": "^1.6.1",
-    "aws-sdk": "^2.1093.0",
+    "ajv": "^8.10.0",
+    "ajv-formats": "^2.1.1",
+    "aws-sdk": "^2.1095.0",
     "axios": "^0.26.1",
     "bcryptjs": "^2.4.3",
     "bytes": "^3.1.2",
@@ -62,8 +62,8 @@
     "passthrough-counter": "^1.0.0",
     "picocolors": "^1.0.0",
     "picomatch": "^2.3.1",
-    "pino": "^7.8.1",
-    "pino-pretty": "^7.5.3",
+    "pino": "^7.9.1",
+    "pino-pretty": "^7.5.4",
     "pluralize": "^8.0.0",
     "repl": "^0.1.3",
     "uuid": "^8.3.2",
@@ -77,10 +77,10 @@
     "objection": "^2.2.0"
   },
   "devDependencies": {
-    "knex": "^0.21.17",
+    "knex": "^0.21.21",
     "objection": "^2.2.18",
     "pg": "^8.7.3",
     "sqlite3": "^5.0.2"
   },
-  "gitHead": "e643586e4b26a850f54c52a1f1bf8f0421c05d31"
+  "gitHead": "32b276bd5d9eaf468352a69f361bdb5df5ed373c"
 }

package/src/app/Validator.js

@@ -1,13 +1,10 @@
 import objection from 'objection'
-import ajv from 'ajv'
+import Ajv from 'ajv'
 import addFormats from 'ajv-formats'
 import { isArray, isObject, clone, isAsync, isPromise } from '@ditojs/utils'
 import { formatJson } from '../utils/index.js'
 import * as schema from '../schema/index.js'
 
-// TODO: Switch to direct import once Ajv is updated / supports ESM.
-const Ajv = ajv.default
-
 // Dito does not rely on objection.AjvValidator but instead implements its own
 // validator instance that is shared across the whole app and handles schema
 // compilation and caching differently:
@@ -195,7 +192,9 @@ export class Validator extends objection.Validator {
     const duplicates = {}
     for (const error of errors) {
       // Adjust dataPaths to reflect nested validation in Objection.
-      const dataPath = `${options?.dataPath || ''}${error.dataPath}`
+      // NOTE: As of Ajv 8, `error.dataPath` is now called `error.instancePath`,
+      // but we stick to `error.dataPath` in Dito.js
+      const dataPath = `${options?.dataPath || ''}${error.instancePath}`
       // Unknown properties are reported in `['propertyName']` notation,
       // so replace those with dot-notation, see:
       // https://github.com/epoberezkin/ajv/issues/671
@@ -254,12 +253,15 @@ export class Validator extends objection.Validator {
     return errorHash
   }
 
-  prefixDataPaths(errors, dataPathPrefix) {
+  prefixInstancePaths(errors, instancePathPrefix) {
+    // As of Ajv 8, `error.dataPath` is now called `error.instancePath`. In
+    // Dito.js we stick to `error.dataPath`, but until the errors pass through
+    // `parseErrors()`, we stick to `error.instancePath` for consistency.
     return errors.map(error => ({
       ...error,
-      dataPath: error.dataPath
-        ? `${dataPathPrefix}${error.dataPath}`
-        : dataPathPrefix
+      instancePath: error.instancePath
+        ? `${instancePathPrefix}${error.instancePath}`
+        : instancePathPrefix
     }))
   }
 

package/src/controllers/AdminController.js

@@ -71,7 +71,7 @@ export class AdminController extends Controller {
     // Shield admin views against unauthorized access.
     const authorization = this.processAuthorize(this.authorize)
     return async (ctx, next) => {
-      if (/^\/dito\b/.test(ctx.url)) {
+      if (ctx.url === '/dito.js') {
         // Return without calling `next()`
         return this.sendDitoObject(ctx)
       } else if (/\/views\b/.test(ctx.url)) {
@@ -129,6 +129,7 @@ export class AdminController extends Controller {
 
     const cwd = path.resolve('.')
     const root = this.getPath('build')
+    const base = `${this.url}/`
     const views = path.join(root, 'views')
 
     // Read `package.json` from the closest package.json, so we can emulate
@@ -138,11 +139,27 @@ export class AdminController extends Controller {
 
     return defineConfig(merge({
       root,
-      base: `${this.url}/`,
+      base,
       mode: this.mode,
       envFile: false,
       configFile: false,
-      plugins: [createVuePlugin(), createCommonJsPlugin()],
+      plugins: [
+        createVuePlugin(),
+        createCommonJsPlugin(),
+        {
+          // Private plugin to inject script tag above main module that loads
+          // the `dito` object through its own end-point, see `sendDitoObject()`
+          name: 'inject-dito-object',
+          transformIndexHtml: {
+            enforce: 'post',
+            transform(html) {
+              return html.replace(
+                /(\s*)(<script type="module"[^>]*?><\/script>)/,
+                `$1<script src="${base}dito.js"></script>$1$2`
+              )
+            }
+          }
+        }],
       build: {
         ...(development
           ? {}

package/src/controllers/ControllerAction.js

@@ -11,8 +11,8 @@ export default class ControllerAction {
       method = _method,
       path = _path,
       scope,
-      authorize = _authorize,
-      transacted = controller.transacted,
+      authorize,
+      transacted,
       parameters,
       returns,
       options = {},
@@ -27,14 +27,17 @@ export default class ControllerAction {
     this.method = method
     this.path = path
     this.scope = scope
-    this.authorize = authorize
-    this.transacted = !!(transacted || (
-      // Core graph and assets operations are always transacted, unless the
-      // method is 'get':
-      core && method !== 'get' && (
-        controller.graph ||
-        controller.assets
-      ))
+    this.authorize = authorize || _authorize
+    this.transacted = !!(
+      transacted ||
+      controller.transacted || (
+        // Core graph and assets operations are always transacted, unless the
+        // method is 'get':
+        core && method !== 'get' && (
+          controller.graph ||
+          controller.assets
+        )
+      )
     )
     this.authorization = controller.processAuthorize(this.authorize)
     this.app = controller.app

package/src/models/definitions/filters.js

@@ -89,7 +89,7 @@ function wrapWithValidation(filter, name, app) {
             type: 'FilterValidation',
             message:
             `The provided data for query filter '${name}' is not valid`,
-            errors: app.validator.prefixDataPaths(
+            errors: app.validator.prefixInstancePaths(
               error.errors,
             `.${name}`
             )

package/src/schema/keywords/_validate.js

@@ -40,12 +40,12 @@ export const validateAsync = {
 }
 
 function getParams(ctx, data, parentSchema, dataCtx) {
-  const { dataPath, parentData, parentDataProperty, rootData } = dataCtx
+  const { instancePath, parentData, parentDataProperty, rootData } = dataCtx
   return {
     data,
     parentData,
     rootData,
-    dataPath,
+    instancePath,
     // NOTE: We rename parentDataProperty to parentKey / parentIndex:
     [isNumber(parentDataProperty) ? 'parentIndex' : 'parentKey']:
       parentDataProperty,
@@ -56,7 +56,7 @@ function getParams(ctx, data, parentSchema, dataCtx) {
   }
 }
 
-function getErrors(error, { validator, dataPath }) {
+function getErrors(error, { validator, instancePath }) {
   const errors = isArray(error.errors)
     // Ajv errors array:
     ? error.errors
@@ -66,6 +66,6 @@ function getErrors(error, { validator, dataPath }) {
       message: error.message || error.toString(),
       params: {}
     }]
-  // Return errors prefixed with the current dataPath:
-  return validator.prefixDataPaths(errors, dataPath)
+  // Return errors prefixed with the current instancePath:
+  return validator.prefixInstancePaths(errors, instancePath)
 }