@ditojs/server 1.1.0 → 1.3.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ditojs/server",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "type": "module",
   "description": "Dito.js Server – Dito.js is a declarative and modern web framework, based on Objection.js, Koa.js and Vue.js",
   "repository": "https://github.com/ditojs/dito/tree/master/packages/server",
@@ -21,9 +21,9 @@
     "node >= 14"
   ],
   "dependencies": {
-    "@ditojs/admin": "^1.1.0",
-    "@ditojs/router": "^1.1.0",
-    "@ditojs/utils": "^1.1.0",
+    "@ditojs/admin": "^1.3.0",
+    "@ditojs/router": "^1.3.0",
+    "@ditojs/utils": "^1.3.0",
     "@koa/cors": "^3.2.0",
     "@koa/multer": "^3.0.0",
     "@originjs/vite-plugin-commonjs": "^1.0.3",
@@ -53,7 +53,6 @@
     "koa-session": "^6.2.0",
     "koa-static": "^5.0.0",
     "mime-types": "^2.1.35",
-    "minimatch": "^5.0.1",
     "multer": "^1.4.4",
     "multer-s3": "^2.10.0",
     "nanoid": "^3.3.1",
@@ -82,5 +81,5 @@
     "pg": "^8.7.3",
     "sqlite3": "^5.0.2"
   },
-  "gitHead": "32b276bd5d9eaf468352a69f361bdb5df5ed373c"
+  "gitHead": "23aac9eddfc17e3e9367db2b7ac73595bc2bad37"
 }

package/src/app/Application.js

@@ -122,6 +122,11 @@ export class Application extends Koa {
       controller,
       action
     }
+    if (!(method in this.router)) {
+      throw new Error(
+        `Unsupported HTTP method '${method}' in route '${path}'`
+      )
+    }
     this.router[method](path, route)
   }
 

package/src/app/Validator.js

@@ -193,12 +193,14 @@ export class Validator extends objection.Validator {
     for (const error of errors) {
       // Adjust dataPaths to reflect nested validation in Objection.
       // NOTE: As of Ajv 8, `error.dataPath` is now called `error.instancePath`,
-      // but we stick to `error.dataPath` in Dito.js
-      const dataPath = `${options?.dataPath || ''}${error.instancePath}`
+      // but we stick to `error.dataPath` in Dito.js, and support both in errors
+      // passed in here.
+      const instancePath = (error.instancePath ?? error.dataPath) || ''
+      const dataPath = `${options?.dataPath || ''}${instancePath}`
       // Unknown properties are reported in `['propertyName']` notation,
       // so replace those with dot-notation, see:
       // https://github.com/epoberezkin/ajv/issues/671
-      const key = dataPath.replace(/\['([^']*)'\]/g, '.$1').slice(1)
+      const key = dataPath.replace(/\['([^']*)'\]/g, '/$1').slice(1)
       const { message, keyword, params } = error
       const definition = keyword === 'format'
         ? this.getFormat(params.format)

package/src/controllers/AdminController.js

@@ -13,7 +13,7 @@ import { merge } from '@ditojs/utils'
 import { Controller } from './Controller.js'
 import { handleConnectMiddleware } from '../middleware/index.js'
 import { ControllerError } from '../errors/index.js'
-import { formatJson } from '../utils/index.js'
+import { formatJson, deprecate } from '../utils/index.js'
 
 export class AdminController extends Controller {
   // @override
@@ -34,11 +34,19 @@ export class AdminController extends Controller {
   }
 
   getPath(name) {
-    const str = this.config[name]?.path
+    const { config } = this
+    let str = config[name]
+    if (config.build?.path || config.dist?.path) {
+      deprecate(`config.admin.build.path and config.admin.dist.path are deprecated. Use config.admin.root and config.admin.dist instead.`)
+
+      str = name === 'root' ? config.build?.path
+        : name === 'dist' ? config.dist?.path
+        : null
+    }
     if (!str) {
       throw new ControllerError(
         this,
-        `Missing admin.${name}.path configuration.`
+        `Missing \`config.admin.${name}\` configuration.`
       )
     }
     return path.resolve(str)
@@ -85,8 +93,8 @@ export class AdminController extends Controller {
     this.koa = new Koa()
     this.koa.use(this.middleware())
     if (this.mode === 'development') {
-      // Calling getPath() throws exception if admin.build.path is not defined:
-      if (this.getPath('build')) {
+      // Calling getPath() throws exception if config.admin.root is not defined:
+      if (this.getPath('root')) {
         this.app.once('after:start', () => this.setupViteServer())
       }
     } else {
@@ -128,14 +136,14 @@ export class AdminController extends Controller {
     const development = this.mode === 'development'
 
     const cwd = path.resolve('.')
-    const root = this.getPath('build')
+    const root = this.getPath('root')
     const base = `${this.url}/`
     const views = path.join(root, 'views')
 
     // Read `package.json` from the closest package.json, so we can emulate
     // ESM-style imports mappings in rollup / vite.
     const pkg = findUpSync('package.json', { cwd: root })
-    const { imports } = JSON.parse(fs.readFileSync(pkg, 'utf8'))
+    const { imports = {} } = JSON.parse(fs.readFileSync(pkg, 'utf8'))
 
     return defineConfig(merge({
       root,
@@ -209,7 +217,7 @@ export class AdminController extends Controller {
             replacement: '#',
             customResolver(id) {
               for (const [find, replacement] of Object.entries(imports)) {
-                picomatch.isMatch(id, find, {
+                picomatch.isMatch(id, find.replace('*', '**'), {
                   capture: true,
                   onMatch({ input, regex }) {
                     const replacementPath = path.resolve(replacement)

package/src/controllers/CollectionController.js

@@ -176,7 +176,7 @@ export class CollectionController extends Controller {
     )
   }
 
-  toCoreActions(actions) {
+  convertToCoreActions(actions) {
     // Mark action object and methods as core, so `Controller.processValues()`
     // can filter correctly.
     for (const action of Object.values(actions)) {
@@ -188,7 +188,7 @@ export class CollectionController extends Controller {
     return actions
   }
 
-  collection = this.toCoreActions({
+  collection = this.convertToCoreActions({
     async get(ctx, modify) {
       const result = await this.execute(ctx, (query, trx) => {
         query.find(ctx.query, this.allowParam).modify(getModify(modify, trx))
@@ -235,7 +235,7 @@ export class CollectionController extends Controller {
     }
   })
 
-  member = this.toCoreActions({
+  member = this.convertToCoreActions({
     async get(ctx, modify) {
       return this.execute(ctx, (query, trx) => query
         .findById(ctx.memberId)

package/src/controllers/Controller.js

@@ -6,8 +6,8 @@ import {
   ResponseError, WrappedError, ControllerError, AuthorizationError
 } from '../errors/index.js'
 import {
-  getOwnProperty, getAllKeys, processHandlerParameters, describeFunction,
-  formatJson, deprecate
+  getOwnProperty, getOwnKeys, getAllKeys, processHandlerParameters,
+  describeFunction, formatJson, deprecate
 } from '../utils/index.js'
 import {
   isObject, isString, isArray, isBoolean, isFunction, asArray, equals,
@@ -312,43 +312,44 @@ export class Controller {
     // NOTE: `handleAllow()` and `handleAuthorize()` are applied in sequence of
     // the `values` inheritance, from sub-class to base-class.
 
-    const mergedAllow = {}
-    const mergedAuthorize = {}
-    let hasOwnAllow = false
+    let allowMap = {}
+    const authorizeMap = {}
 
-    const excludeKey = key => ['allow', 'authorize'].includes(key)
+    const includeKey = key => !['allow', 'authorize'].includes(key)
 
     const handleAllow = (allow, current) => {
+      const getFilteredMap = keys =>
+        Object.fromEntries(keys.filter(includeKey).map(key => [key, true]))
+
       if (allow) {
-        allow = asArray(allow)
-        hasOwnAllow = true
-      } else if (!hasOwnAllow) {
-        // Only keep adding to the merged `allow` if we didn't already encounter
-        // an own `allow` object further up the chain.
-        allow = Object.keys(current)
-      }
-      if (allow) {
-        if (allow.includes('*')) {
-          allow = getAllKeys(current)
-        }
-        for (const key of allow) {
-          if (!excludeKey(key)) {
-            mergedAllow[key] = true
-          }
+        // The controller action object provides its own allow setting:
+        // - Clear whatever has been collected in `mergedAllow` so far
+        // - Merge the `allow` setting with all the own keys of the object,
+        //   unless:
+        // - If the allow setting includes '*', allow all keys of the object,
+        //   even the inherited ones.
+        let keys = asArray(allow)
+        if (keys.includes('*')) {
+          keys = getAllKeys(current)
+        } else {
+          keys = [
+            ...keys,
+            ...getOwnKeys(current)
+          ]
         }
+        allowMap = getFilteredMap(keys) // Clear previous keys by overriding.
+      } else {
+        // The controller action object does not provide its own allow setting,
+        // so add its own keys to the already allowed inherited keys so far.
+        Object.assign(allowMap, getFilteredMap(getOwnKeys(current)))
       }
+      // console.log('allow', Object.keys(allowMap))
     }
 
     const handleAuthorize = authorize => {
       const add = (key, value) => {
-        // Since we're walking up in the inheritance chain, only take on an
-        // authorize setting for a given key if it wasn't already defined before
-        if (
-          key in values &&
-          !(key in mergedAuthorize) &&
-          !excludeKey(key)
-        ) {
-          mergedAuthorize[key] = value
+        if (key in values && includeKey(key)) {
+          authorizeMap[key] = value
         }
       }
 
@@ -365,20 +366,23 @@ export class Controller {
       }
     }
 
-    // Process the `allow` and `authorize` settings in sequence of the `values`
-    // inheritance, from sub-class to base-class.
+    // Process the `allow` and `authorize` settings in reversed sequence of the
+    // `values` inheritance, from base-class to sub-class.
+    const chain = []
     let current = values
     while (current !== Object.prototype && !current.hasOwnProperty('$core')) {
-      handleAllow(getOwnProperty(current, 'allow'), current)
-      handleAuthorize(getOwnProperty(current, 'authorize'))
+      chain.unshift(current)
       current = Object.getPrototypeOf(current)
     }
 
-    // At the end of the chain, also support both settings on the controller-
-    // level, and thus applied to all action objects in the controller.
-    if (this.allow) {
-      handleAllow(this.allow, values)
+    for (const current of chain) {
+      handleAllow(getOwnProperty(current, 'allow'), current)
+      handleAuthorize(getOwnProperty(current, 'authorize'))
     }
+
+    // At the end of the chain, also support authorize settings on the
+    // controller-level, and thus applied to all action objects in the
+    // controller.
     if (this.authorize) {
       handleAuthorize(this.authorize)
     }
@@ -387,7 +391,7 @@ export class Controller {
       // Create a filtered `values` object that only contains the allowed fields
       values: getAllKeys(values).reduce(
         (result, key) => {
-          if (mergedAllow[key]) {
+          if (allowMap[key]) {
             result[key] = values[key]
           }
           return result
@@ -397,8 +401,8 @@ export class Controller {
         // `super` in handler functions.
         Object.create(Object.getPrototypeOf(values))
       ),
-      allow: Object.keys(mergedAllow),
-      authorize: mergedAuthorize
+      allow: Object.keys(allowMap),
+      authorize: authorizeMap
     }
   }
 

package/src/utils/object.js

@@ -1,7 +1,9 @@
 import { asArray } from '@ditojs/utils'
 
+export const getOwnKeys = Object.keys
+
 export function getAllKeys(object) {
-  // Unlike `Object.keys()`, this returns all enumerable keys not just own ones.
+  // Unlike `getOwnKeys()`, this returns all enumerable keys not just own ones.
   const keys = []
   for (const key in object) {
     keys.push(key)