@donotdev/functions 0.0.6 → 0.0.7

package/src/firebase/crud/get.ts

@@ -10,15 +10,19 @@
  */
 
 import * as v from 'valibot';
-import { HIDDEN_STATUSES } from '@donotdev/core/server';
 
-import { transformFirestoreData } from '../../shared/index.js';
-import { filterVisibleFields } from '../../shared/index.js';
+import {
+  filterVisibleFields,
+  hasRoleAccess,
+  HIDDEN_STATUSES,
+} from '@donotdev/core/server';
+import type { UserRole } from '@donotdev/core/server';
 import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
 
+import { transformFirestoreData } from '../../shared/index.js';
 import { DoNotDevError } from '../../shared/utils.js';
 import { createBaseFunction } from '../baseFunction.js';
-import { CRUD_CONFIG } from '../config/constants.js';
+import { CRUD_READ_CONFIG } from '../config/constants.js';
 
 import type {
   CallableFunction,
@@ -37,9 +41,10 @@ function getEntityLogicFactory(
 ) {
   return async function getEntityLogic(
     data: GetEntityRequest,
-    context: { uid: string; request: CallableRequest<any> }
+    context: { uid: string; userRole: UserRole; request: CallableRequest<any> }
   ) {
     const { id } = data;
+    const { userRole } = context;
 
     // Get the document reference
     const db = getFirebaseAdminFirestore();
@@ -53,12 +58,14 @@ function getEntityLogicFactory(
       throw new DoNotDevError('Entity not found', 'not-found');
     }
 
-    // Check if the user is an admin
-    const isAdmin = context.request.auth?.token?.isAdmin === true;
+    const isAdmin = hasRoleAccess(userRole, 'admin'); // Uses role hierarchy
 
     // Hide drafts/deleted from non-admin users (security: hidden statuses never reach public)
     const docData = doc.data();
-    if (!isAdmin && (HIDDEN_STATUSES as readonly string[]).includes(docData?.status)) {
+    if (
+      !isAdmin &&
+      (HIDDEN_STATUSES as readonly string[]).includes(docData?.status)
+    ) {
       throw new DoNotDevError('Entity not found', 'not-found');
     }
 
@@ -66,7 +73,7 @@ function getEntityLogicFactory(
     const filteredData = filterVisibleFields(
       docData || {},
       documentSchema,
-      isAdmin
+      userRole
     );
 
     // Transform the document data back to the application format
@@ -81,12 +88,14 @@ function getEntityLogicFactory(
  * Generic function to get entities from any Firestore collection
  * @param collection - The Firestore collection name
  * @param documentSchema - The Valibot schema for document validation
+ * @param requiredRole - Minimum role required for this operation
  * @param customSchema - Optional custom request schema
  * @returns Firebase callable function
  */
 export const getEntity = (
   collection: string,
   documentSchema: v.BaseSchema<unknown, any, v.BaseIssue<unknown>>,
+  requiredRole: UserRole,
   customSchema?: v.BaseSchema<unknown, any, v.BaseIssue<unknown>>
 ): CallableFunction<GetEntityRequest, Promise<any>> => {
   const requestSchema =
@@ -96,9 +105,10 @@ export const getEntity = (
     });
 
   return createBaseFunction(
-    CRUD_CONFIG,
+    CRUD_READ_CONFIG,
     requestSchema,
     'get_entity',
-    getEntityLogicFactory(collection, documentSchema)
+    getEntityLogicFactory(collection, documentSchema),
+    requiredRole
   );
 };

package/src/firebase/crud/list.ts

@@ -9,12 +9,25 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { Query } from '@donotdev/firebase/server';
-import { HIDDEN_STATUSES } from '@donotdev/core/server';
+import * as v from 'valibot';
 
-import type { CallableRequest } from 'firebase-functions/v2/https';
+import {
+  filterVisibleFields,
+  hasRoleAccess,
+  HIDDEN_STATUSES,
+} from '@donotdev/core/server';
+import type { UserRole } from '@donotdev/core/server';
+import { getFirebaseAdminFirestore, Query } from '@donotdev/firebase/server';
 
-import * as v from 'valibot';
+import { transformFirestoreData } from '../../shared/index.js';
+import { DoNotDevError } from '../../shared/utils.js';
+import { createBaseFunction } from '../baseFunction.js';
+import { CRUD_READ_CONFIG } from '../config/constants.js';
+
+import type {
+  CallableFunction,
+  CallableRequest,
+} from 'firebase-functions/v2/https';
 
 export interface ListEntityRequest {
   where?: Array<[string, any, any]>;
@@ -26,15 +39,6 @@ export interface ListEntityRequest {
     query: string;
   };
 }
-import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
-
-import { transformFirestoreData } from '../../shared/index.js';
-import { filterVisibleFields } from '../../shared/index.js';
-import { DoNotDevError } from '../../shared/utils.js';
-import { createBaseFunction } from '../baseFunction.js';
-import { CRUD_CONFIG } from '../config/constants.js';
-
-import type { CallableFunction } from 'firebase-functions/v2/https';
 
 /**
  * Generic business logic for listing entities
@@ -42,17 +46,21 @@ import type { CallableFunction } from 'firebase-functions/v2/https';
  */
 function listEntitiesLogicFactory(
   collection: string,
-  documentSchema: v.BaseSchema<unknown, any, v.BaseIssue<unknown>>
+  documentSchema: v.BaseSchema<unknown, any, v.BaseIssue<unknown>>,
+  listFields?: string[]
 ) {
   return async function listEntitiesLogic(
     data: ListEntityRequest,
-    context: { uid: string; request: CallableRequest<ListEntityRequest> }
+    context: {
+      uid: string;
+      userRole: UserRole;
+      request: CallableRequest<ListEntityRequest>;
+    }
   ) {
     const { where = [], orderBy = [], limit = 50, startAfterId, search } = data;
+    const { userRole } = context;
 
-    // Check if the user is an admin (needed early for draft filtering)
-    const user = context.request.auth;
-    const isAdmin = user?.token?.isAdmin === true;
+    const isAdmin = hasRoleAccess(userRole, 'admin'); // Uses role hierarchy
 
     // Start with a Query (not a CollectionReference)
     const db = getFirebaseAdminFirestore();
@@ -98,14 +106,56 @@ function listEntitiesLogicFactory(
     // Apply limit for page size
     query = query.limit(limit);
 
+    // DEBUG: Log query details
+    console.log(
+      `[listEntities] Collection: ${collection}, UserRole: ${userRole}, IsAdmin: ${isAdmin}`
+    );
+    console.log(
+      `[listEntities] Filters - where: ${JSON.stringify(where)}, orderBy: ${JSON.stringify(orderBy)}, limit: ${limit}`
+    );
+
     // Execute the query
     const snapshot = await query.get();
 
+    // DEBUG: Log result count
+    console.log(
+      `[listEntities] Query returned ${snapshot.docs.length} documents`
+    );
+
+    // DEBUG: Log schema info
+    const schemaHasEntries = !!(documentSchema as any)?.entries;
+    console.log(`[listEntities] Schema has entries: ${schemaHasEntries}`);
+
     // Filter document fields based on visibility and user role
-    const docs = snapshot.docs.map((doc: any) => ({
-      id: doc.id,
-      ...filterVisibleFields(doc.data() || {}, documentSchema, isAdmin),
-    }));
+    const docs = snapshot.docs.map((doc: any) => {
+      const visibleData = filterVisibleFields(
+        doc.data() || {},
+        documentSchema,
+        userRole
+      );
+
+      // If listFields specified, filter to only those fields (plus id always)
+      if (listFields && listFields.length > 0) {
+        const filtered: Record<string, any> = { id: doc.id };
+        for (const field of listFields) {
+          if (field in visibleData) {
+            filtered[field] = visibleData[field];
+          }
+        }
+        return filtered;
+      }
+
+      // No listFields restriction, return all visible fields
+      return {
+        id: doc.id,
+        ...visibleData,
+      };
+    });
+
+    // DEBUG: Log filtered docs
+    console.log(
+      `[listEntities] Filtered docs count: ${docs.length}, first doc keys: ${docs[0] ? Object.keys(docs[0]).join(', ') : 'N/A'}`
+    );
 
     // Return the paginated result with metadata
     return {
@@ -121,13 +171,17 @@ function listEntitiesLogicFactory(
  * Generic function to list entities from any Firestore collection
  * @param collection - The Firestore collection name
  * @param documentSchema - The Valibot schema for document validation
+ * @param requiredRole - Minimum role required for this operation
  * @param customSchema - Optional custom request schema
+ * @param listFields - Optional array of field names to include (plus id). If not provided, all visible fields are returned.
  * @returns Firebase callable function
  */
 export const listEntities = (
   collection: string,
   documentSchema: v.BaseSchema<unknown, any, v.BaseIssue<unknown>>,
-  customSchema?: v.BaseSchema<unknown, any, v.BaseIssue<unknown>>
+  requiredRole: UserRole,
+  customSchema?: v.BaseSchema<unknown, any, v.BaseIssue<unknown>>,
+  listFields?: string[]
 ): CallableFunction<ListEntityRequest, Promise<any>> => {
   const requestSchema =
     customSchema ||
@@ -147,9 +201,10 @@ export const listEntities = (
     });
 
   return createBaseFunction(
-    CRUD_CONFIG,
+    CRUD_READ_CONFIG,
     requestSchema,
     'list_entities',
-    listEntitiesLogicFactory(collection, documentSchema)
+    listEntitiesLogicFactory(collection, documentSchema, listFields),
+    requiredRole
   );
 };

package/src/firebase/crud/update.ts

@@ -11,19 +11,16 @@
 
 import * as v from 'valibot';
 
-import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
 import { DEFAULT_STATUS_VALUE } from '@donotdev/core/server';
+import type { UserRole } from '@donotdev/core/server';
+import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
 
 import {
   prepareForFirestore,
   transformFirestoreData,
 } from '../../shared/index.js';
 import { updateMetadata } from '../../shared/index.js';
-import {
-  assertAdmin,
-  validateDocument,
-  DoNotDevError,
-} from '../../shared/utils.js';
+import { DoNotDevError, validateDocument } from '../../shared/utils.js';
 import { createBaseFunction } from '../baseFunction.js';
 import { CRUD_CONFIG } from '../config/constants.js';
 
@@ -48,12 +45,10 @@ function updateEntityLogicFactory(
 ) {
   return async function updateEntityLogic(
     data: UpdateEntityRequest,
-    context: { uid: string; request: CallableRequest<any> }
+    context: { uid: string; userRole: UserRole; request: CallableRequest<any> }
   ) {
     const { id, payload, idempotencyKey } = data;
-
-    // Ensure the user is an admin
-    const uid = await assertAdmin(context.uid);
+    const { uid } = context;
 
     // Idempotency check if key provided
     if (idempotencyKey) {
@@ -129,12 +124,14 @@ function updateEntityLogicFactory(
  * Generic function to update entities in any Firestore collection
  * @param collection - The Firestore collection name
  * @param documentSchema - The Valibot schema for document validation
+ * @param requiredRole - Minimum role required for this operation
  * @param customSchema - Optional custom request schema
  * @returns Firebase callable function
  */
 export const updateEntity = (
   collection: string,
   documentSchema: v.BaseSchema<unknown, any, v.BaseIssue<unknown>>,
+  requiredRole: UserRole,
   customSchema?: v.BaseSchema<unknown, any, v.BaseIssue<unknown>>
 ): CallableFunction<UpdateEntityRequest, Promise<any>> => {
   const requestSchema =
@@ -149,6 +146,7 @@ export const updateEntity = (
     CRUD_CONFIG,
     requestSchema,
     'update_entity',
-    updateEntityLogicFactory(collection, documentSchema)
+    updateEntityLogicFactory(collection, documentSchema),
+    requiredRole
   );
 };

package/src/firebase/helpers/githubAccessHelper.ts

@@ -9,11 +9,12 @@
  * @author AMBROISE PARK Consulting
  */
 
+import { logger } from 'firebase-functions/v2';
+
 import {
   getFirebaseAdminAuth,
   getFirebaseAdminFirestore,
 } from '@donotdev/firebase/server';
-import { logger } from 'firebase-functions/v2';
 
 import { handleError } from '../../shared/errorHandling.js';
 import { GitHubApiService } from '../../shared/index.js';

package/src/firebase/helpers/githubTeamAccessHelper.ts

@@ -9,9 +9,10 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
 import { logger } from 'firebase-functions/v2';
 
+import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
+
 import { handleError } from '../../shared/errorHandling.js';
 import { GitHubApiService } from '../../shared/index.js';
 

package/src/firebase/index.ts

@@ -19,3 +19,10 @@ export * from './scheduled/index.js';
 
 // Base function for creating Firebase functions
 export { createBaseFunction } from './baseFunction.js';
+
+// CRUD function registration utility
+export {
+  registerCrudFunctions,
+  createCrudFunctions,
+  type CrudFunctions,
+} from './registerCrudFunctions.js';

package/src/firebase/oauth/disconnect.ts

@@ -9,11 +9,11 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
 import { onCall, HttpsError } from 'firebase-functions/v2/https';
 
 import { OAUTH_PARTNERS } from '@donotdev/core/server';
 import type { OAuthPartnerId, OAuthPurpose } from '@donotdev/core/server';
+import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
 
 import { assertAuthenticated } from '../../shared/utils.js';
 

package/src/firebase/oauth/exchangeToken.ts

@@ -9,10 +9,6 @@
  * @author AMBROISE PARK Consulting
  */
 
-import {
-  getFirebaseAdminFirestore,
-  FieldValue,
-} from '@donotdev/firebase/server';
 import { onCall, HttpsError } from 'firebase-functions/v2/https';
 
 import {
@@ -20,6 +16,10 @@ import {
   type ExchangeTokenRequest,
   type OAuthPartnerId,
 } from '@donotdev/core/server';
+import {
+  getFirebaseAdminFirestore,
+  FieldValue,
+} from '@donotdev/firebase/server';
 
 import { assertAuthenticated } from '../../shared/utils.js';
 

package/src/firebase/oauth/getConnections.ts

@@ -9,10 +9,10 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
 import { onCall, HttpsError } from 'firebase-functions/v2/https';
 
 import type { OAuthPurpose } from '@donotdev/core/server';
+import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
 
 import { assertAuthenticated } from '../../shared/utils.js';
 

package/src/firebase/oauth/githubAccess.ts

@@ -9,9 +9,8 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
 import { logger } from 'firebase-functions/v2';
-import { onCall, type CallableRequest } from 'firebase-functions/v2/https';
+import { onCall } from 'firebase-functions/v2/https';
 import * as v from 'valibot';
 
 import {
@@ -22,6 +21,7 @@ import {
   type RevokeGitHubAccessRequest,
   type CheckGitHubAccessRequest,
 } from '@donotdev/core/server';
+import { getFirebaseAdminAuth } from '@donotdev/firebase/server';
 
 import { handleError } from '../../shared/errorHandling.js';
 import { GitHubApiService } from '../../shared/index.js';
@@ -29,6 +29,7 @@ import { assertAuthenticated } from '../../shared/utils.js';
 import { AUTH_CONFIG } from '../config/constants.js';
 import { githubPersonalAccessToken } from '../config/secrets.js';
 
+import type { CallableRequest } from 'firebase-functions/v2/https';
 import type { CallableFunction } from 'firebase-functions/v2/https';
 
 const OAUTH_CONFIG = {

package/src/firebase/oauth/refreshToken.ts

@@ -9,16 +9,16 @@
  * @author AMBROISE PARK Consulting
  */
 
-import {
-  getFirebaseAdminFirestore,
-  FieldValue,
-} from '@donotdev/firebase/server';
 import { onCall, HttpsError } from 'firebase-functions/v2/https';
 
 import {
   OAUTH_PARTNERS,
   type OAuthRefreshRequest,
 } from '@donotdev/core/server';
+import {
+  getFirebaseAdminFirestore,
+  FieldValue,
+} from '@donotdev/firebase/server';
 
 import { assertAuthenticated } from '../../shared/utils.js';
 

package/src/firebase/registerCrudFunctions.ts

@@ -0,0 +1,127 @@
+// packages/functions/src/firebase/registerCrudFunctions.ts
+
+/**
+ * @fileoverview Auto-register CRUD functions from entities
+ * @description Utility to automatically generate CRUD Cloud Functions for all entities
+ *
+ * @version 0.0.2
+ * @since 0.0.1
+ * @author AMBROISE PARK Consulting
+ */
+
+import { createSchemas } from '@donotdev/core/server';
+import type { Entity } from '@donotdev/core/server';
+
+import {
+  createEntity,
+  getEntity,
+  updateEntity,
+  deleteEntity,
+  listEntities,
+} from './crud/index.js';
+
+import type { HttpsFunction } from 'firebase-functions/v2/https';
+
+interface RegisterOptions {
+  prefix?: string;
+}
+
+/** CRUD functions object returned by createCrudFunctions */
+export type CrudFunctions = Record<string, HttpsFunction>;
+
+/**
+ * Create CRUD functions for all entities (ESM-friendly)
+ * Returns an object of functions that can be spread/exported
+ *
+ * @param entities - Object of { key: Entity } (from `import * as entities from 'entities'`)
+ * @param options - Optional configuration
+ * @returns Object of CRUD functions keyed by name
+ *
+ * @example
+ * ```typescript
+ * // ESM pattern - use with build-time export generation
+ * import * as entities from 'entities';
+ * import { createCrudFunctions } from '@donotdev/functions/firebase';
+ *
+ * export const crud = createCrudFunctions(entities);
+ * // Build process generates: export const { create_cars, ... } = crud;
+ * ```
+ */
+export function createCrudFunctions(
+  entities: Record<string, Entity | unknown>,
+  options: RegisterOptions = {}
+): CrudFunctions {
+  const { prefix = '' } = options;
+  const functions: CrudFunctions = {};
+
+  for (const [key, value] of Object.entries(entities)) {
+    if (!isEntity(value)) continue;
+
+    const entity = value as Entity;
+    const col = entity.collection;
+    const schemas = createSchemas(entity);
+    const access = entity.access;
+
+    functions[`${prefix}create_${col}`] = createEntity(
+      col,
+      schemas.create,
+      access.create
+    );
+    functions[`${prefix}get_${col}`] = getEntity(col, schemas.get, access.read);
+    // Use schemas.get for visibility filtering, entity.listFields for field selection
+    functions[`${prefix}list_${col}`] = listEntities(
+      col,
+      schemas.get,
+      access.read,
+      undefined,
+      entity.listFields
+    );
+    // Always create listCard - uses same schemas.get, field selection via listCardFields ?? listFields ?? undefined
+    functions[`${prefix}listCard_${col}`] = listEntities(
+      col,
+      schemas.get,
+      access.read,
+      undefined,
+      entity.listCardFields ?? entity.listFields ?? undefined
+    );
+    functions[`${prefix}update_${col}`] = updateEntity(
+      col,
+      schemas.update,
+      access.update
+    );
+    functions[`${prefix}delete_${col}`] = deleteEntity(col, access.delete);
+  }
+
+  return functions;
+}
+
+/**
+ * @deprecated Use createCrudFunctions() for ESM. This mutates target which doesn't work in ESM.
+ * Auto-register CRUD functions for all entities (CJS pattern)
+ */
+export function registerCrudFunctions(
+  entities: Record<string, Entity | unknown>,
+  target?: Record<string, any>,
+  options: RegisterOptions = {}
+): CrudFunctions {
+  const functions = createCrudFunctions(entities, options);
+
+  // If target provided, mutate it (CJS compat)
+  if (target) {
+    Object.assign(target, functions);
+  }
+
+  return functions;
+}
+
+/**
+ * Type guard to check if a value is an Entity
+ */
+function isEntity(value: unknown): value is Entity {
+  return (
+    typeof value === 'object' &&
+    value !== null &&
+    'collection' in value &&
+    'fields' in value
+  );
+}

package/src/firebase/scheduled/checkExpiredSubscriptions.ts

@@ -9,12 +9,13 @@
  * @author AMBROISE PARK Consulting
  */
 
+import { logger } from 'firebase-functions/v2';
+import { onSchedule } from 'firebase-functions/v2/scheduler';
+
 import {
   getFirebaseAdminAuth,
   getFirebaseAdminFirestore,
 } from '@donotdev/firebase/server';
-import { logger } from 'firebase-functions/v2';
-import { onSchedule } from 'firebase-functions/v2/scheduler';
 
 import { handleError } from '../../shared/errorHandling.js';
 

package/src/shared/billing/webhookHandler.ts

@@ -11,12 +11,12 @@
 
 import Stripe from 'stripe';
 
-import type { StripeBackConfig } from '@donotdev/core/server';
 import {
   validateStripeBackConfig,
   SUBSCRIPTION_STATUS,
   SUBSCRIPTION_TIERS,
 } from '@donotdev/core/server';
+import type { StripeBackConfig } from '@donotdev/core/server';
 
 import { handleError } from '../errorHandling.js';
 import { logger } from '../logger.js';

package/src/shared/errorHandling.ts

@@ -9,8 +9,8 @@
  * @author AMBROISE PARK Consulting
  */
 
-import * as v from 'valibot';
 import { HttpsError } from 'firebase-functions/v2/https';
+import * as v from 'valibot';
 
 import type { ErrorCode } from '@donotdev/core/server';
 import { EntityHookError } from '@donotdev/core/server';

package/src/shared/utils/external/subscription.ts

@@ -9,15 +9,14 @@
  * @author AMBROISE PARK Consulting
  */
 
-import {
-  getFirebaseAdminAuth,
-  getFirebaseAdminFirestore,
-} from '@donotdev/firebase/server';
-
 import type {
   SubscriptionStatus,
   SubscriptionClaims,
 } from '@donotdev/core/server';
+import {
+  getFirebaseAdminAuth,
+  getFirebaseAdminFirestore,
+} from '@donotdev/firebase/server';
 
 /**
  * Maps Stripe price ID to subscription tier

package/src/shared/utils/firebaseHelpers.ts

@@ -9,11 +9,13 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { onCall, type CallableRequest } from 'firebase-functions/v2/https';
+import { onCall } from 'firebase-functions/v2/https';
 import * as v from 'valibot';
 
 import { withSchemaValidation } from './schemaValidation.js';
 
+import type { CallableRequest } from 'firebase-functions/v2/https';
+
 /**
  * Creates a Firebase onCall function with schema validation
  *

package/src/shared/utils/internal/idempotency.ts

@@ -9,9 +9,10 @@
  * @author AMBROISE PARK Consulting
  */
 
-import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
 import { logger } from 'firebase-functions/v2';
 
+import { getFirebaseAdminFirestore } from '@donotdev/firebase/server';
+
 export interface IdempotencyResult<T = any> {
   result: T;
   processedAt: string;