@drax/crud-back 0.11.4 → 0.12.1

package/src/controllers/AbstractFastifyController.ts

@@ -1,10 +1,23 @@
 import AbstractService from "../services/AbstractService";
-import {CommonConfig, DraxConfig, ValidationError} from "@drax/common-back";
+import {
+    CommonConfig,
+    DraxConfig,
+    ForbiddenError,
+    InternalServerError,
+    InvalidIdError,
+    LimitError,
+    NotFoundError,
+    ValidationError,
+    SecuritySensitiveError,
+    UploadFileError,
+    BadRequestError
+} from "@drax/common-back";
 import {UnauthorizedError} from "@drax/common-back";
 import {IRbac} from "@drax/identity-share";
 import type {FastifyReply, FastifyRequest} from "fastify";
 import {IDraxExportResult, IDraxPermission, IDraxFieldFilter} from "@drax/crud-share";
 import {join} from "path";
+import QueryFilterRegex from "../regexs/QueryFilterRegex.js";
 
 declare module 'fastify' {
     interface FastifyRequest {
@@ -25,7 +38,7 @@ type CustomRequest = FastifyRequest<{
         page?: number
         limit?: number
         orderBy?: string
-        order?: 'asc' | 'desc' | boolean
+        order?: 'asc' | 'desc'
         search?: string
         filters?: string
         headers?: string
@@ -54,6 +67,9 @@ class AbstractFastifyController<T, C, U> {
     protected tenantAssert: boolean = false
     protected userAssert: boolean = false
 
+    protected defaultLimit: number = 1000
+    protected maximumLimit: number = 10000
+
     constructor(service: AbstractService<T, C, U>, permission: IDraxPermission) {
         this.service = service
         this.permission = permission
@@ -65,6 +81,11 @@ class AbstractFastifyController<T, C, U> {
             if (!stringFilters) {
                 return []
             }
+
+            if (!QueryFilterRegex.test(stringFilters)) {
+                throw new BadRequestError("Invalid filters format")
+            }
+
             const filterArray = stringFilters.split("|")
             const filters: IDraxFieldFilter[] = []
             filterArray.forEach((filter) => {
@@ -73,12 +94,12 @@ class AbstractFastifyController<T, C, U> {
             })
             return filters
         } catch (e) {
-            console.error(e)
+            console.error("parseFilters error",e)
             throw e
         }
     }
 
-    private applyUserAndTenantFilters(filters: IDraxFieldFilter[], rbac: any) {
+    private applyUserAndTenantFilters(filters: IDraxFieldFilter[], rbac: IRbac) {
         if (this.tenantFilter && rbac.tenantId) {
             filters.push({field: this.tenantField, operator: 'eq', value: rbac.tenantId})
         }
@@ -88,6 +109,18 @@ class AbstractFastifyController<T, C, U> {
         }
     }
 
+    private assertUserAndTenant(item: T, rbac: IRbac) {
+        if (this.tenantAssert) {
+            const itemTenantId = item[this.tenantField] && item[this.tenantField]._id ? item[this.tenantField]._id : null
+            rbac.assertTenantId(itemTenantId)
+        }
+
+        if (this.userAssert) {
+            const itemUserId = item[this.userField] && item[this.userField]._id ? item[this.userField]._id : null
+            rbac.assertUserId(itemUserId)
+        }
+    }
+
     private applyUserAndTenantSetters(payload: any, rbac: any) {
         if (this.tenantSetter && rbac.tenantId) {
             payload[this.tenantField] = rbac.tenantId
@@ -98,6 +131,28 @@ class AbstractFastifyController<T, C, U> {
         }
     }
 
+    handleError(e: unknown, reply: FastifyReply) {
+        console.error(e);
+
+        if (
+            e instanceof ValidationError ||
+            e instanceof NotFoundError ||
+            e instanceof BadRequestError ||
+            e instanceof UnauthorizedError ||
+            e instanceof ForbiddenError ||
+            e instanceof InvalidIdError ||
+            e instanceof SecuritySensitiveError ||
+            e instanceof UploadFileError ||
+            e instanceof LimitError
+        ) {
+            reply.status(e.statusCode).send(e.body);
+        } else {
+            const serverError = new InternalServerError()
+            reply.statusCode = serverError.statusCode
+            reply.status(500).send(serverError.body);
+        }
+    }
+
     async create(request: CustomRequest, reply: FastifyReply) {
         try {
             request.rbac.assertPermission(this.permission.Create)
@@ -106,17 +161,7 @@ class AbstractFastifyController<T, C, U> {
             let item = await this.service.create(payload as C)
             return item
         } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
+            this.handleError(e, reply)
         }
     }
 
@@ -131,19 +176,34 @@ class AbstractFastifyController<T, C, U> {
             const payload = request.body
             //this.applyUserAndTenantSetters(payload, request.rbac)
             let item = await this.service.update(id, payload as U)
+
+            if (!item) {
+                throw new NotFoundError()
+            }
+
             return item
         } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
+            this.handleError(e, reply)
+        }
+    }
+
+    async updatePartial(request: CustomRequest, reply: FastifyReply) {
+        try {
+            request.rbac.assertPermission(this.permission.Update)
+            if (!request.params.id) {
+                reply.statusCode = 400
+                reply.send({error: 'BAD REQUEST'})
             }
+            const id = request.params.id
+            const payload = request.body
+            //this.applyUserAndTenantSetters(payload, request.rbac)
+            let item = await this.service.updatePartial(id, payload as U)
+            if (!item) {
+                throw new NotFoundError()
+            }
+            return item
+        } catch (e) {
+            this.handleError(e, reply)
         }
     }
 
@@ -158,33 +218,29 @@ class AbstractFastifyController<T, C, U> {
 
             let item = await this.service.findById(id)
 
-            if(!item) {
+            if (!item) {
                 reply.statusCode = 404
                 reply.send({error: 'NOT_FOUND'})
             }
 
             if (this.tenantAssert) {
-                request.rbac.assertTenantId(item[this.tenantField].id)
+                const tenantId = item[this.tenantField] && item[this.tenantField]._id ? item[this.tenantField]._id : null
+                request.rbac.assertTenantId(tenantId)
             }
 
             await this.service.delete(id)
-            reply.send({message: 'Item deleted successfully'})
+            reply.send({
+                id: id,
+                message: 'Item deleted successfully',
+                deleted: true,
+                deletedAt: new Date(),
+            })
         } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
+            this.handleError(e, reply)
         }
     }
 
-    async findById(request: CustomRequest, reply: FastifyReply) : Promise<T> {
+    async findById(request: CustomRequest, reply: FastifyReply): Promise<T> {
         try {
             request.rbac.assertPermission(this.permission.View)
             if (!request.params.id) {
@@ -196,27 +252,22 @@ class AbstractFastifyController<T, C, U> {
             const id = request.params.id
             let item = await this.service.findById(id)
 
+            if (!item) {
+                throw new NotFoundError()
+            }
+
             if (this.tenantAssert) {
-                request.rbac.assertTenantId(item[this.tenantField].id)
+                const itemTenantId = item[this.tenantField] && item[this.tenantField]._id? item[this.tenantField]._id : null
+                request.rbac.assertTenantId(itemTenantId)
             }
 
             return item
         } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
+            this.handleError(e, reply)
         }
     }
 
-    async findByIds(request: CustomRequest, reply: FastifyReply):Promise<T[]> {
+    async findByIds(request: CustomRequest, reply: FastifyReply): Promise<T[]> {
         try {
             request.rbac.assertPermission(this.permission.View)
             if (!request.params.ids) {
@@ -225,53 +276,42 @@ class AbstractFastifyController<T, C, U> {
             }
             const ids = request.params.ids.split(",")
             let items = await this.service.findByIds(ids)
+
+            if (!items || items.length === 0) {
+                throw new NotFoundError()
+            }
+
             return items
         } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
+            this.handleError(e, reply)
         }
     }
 
-    async find(request: CustomRequest, reply: FastifyReply):Promise<T[]> {
+    async find(request: CustomRequest, reply: FastifyReply): Promise<T[]> {
         try {
             request.rbac.assertPermission(this.permission.View)
 
+            if (request.query.limit > this.maximumLimit) {
+                throw new LimitError(this.maximumLimit, request.query.limit)
+            }
+            const limit = request.query.limit ? request.query.limit : this.defaultLimit
+            const orderBy = request.query.orderBy
+            const order = request.query.order
             const search = request.query.search ??= undefined
             const filters = this.parseFilters(request.query.filters)
 
             this.applyUserAndTenantFilters(filters, request.rbac);
 
-            let items = await this.service.find({search,filters})
+            let items = await this.service.find({search, filters, order, orderBy, limit})
+
 
-            if (this.tenantAssert) {
-                items = items.filter(item => request.rbac.tenantId === item[this.tenantField].id)
-            }
             return items
         } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
+            this.handleError(e, reply)
         }
     }
 
-    async findOne(request: CustomRequest, reply: FastifyReply):Promise<T> {
+    async findOne(request: CustomRequest, reply: FastifyReply): Promise<T> {
         try {
             request.rbac.assertPermission(this.permission.View)
 
@@ -280,29 +320,16 @@ class AbstractFastifyController<T, C, U> {
 
             this.applyUserAndTenantFilters(filters, request.rbac);
 
-            let item = await this.service.findOne({search,filters})
+            let item = await this.service.findOne({search, filters})
 
-            if (this.tenantAssert) {
-                request.rbac.assertTenantId(item[this.tenantField].id)
-            }
 
             return item
         } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
+            this.handleError(e, reply)
         }
     }
 
-    async findBy(request: CustomRequest, reply: FastifyReply):Promise<T[]> {
+    async findBy(request: CustomRequest, reply: FastifyReply): Promise<T[]> {
         try {
             request.rbac.assertPermission(this.permission.View)
             if (!request.params.field || !request.params.value) {
@@ -310,30 +337,22 @@ class AbstractFastifyController<T, C, U> {
                 reply.send({error: 'BAD REQUEST'})
             }
 
+            const limit = this.defaultLimit
             const field = request.params.field
             const value = request.params.value
-            let items = await this.service.findBy(field,value)
+            let items = await this.service.findBy(field, value, limit)
 
-            if (this.tenantAssert) {
-                items = items.filter(item => request.rbac.tenantId === item[this.tenantField].id)
+            for (let item of items) {
+                this.assertUserAndTenant(item, request.rbac)
             }
+
             return items
         } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
+            this.handleError(e, reply)
         }
     }
 
-    async findOneBy(request: CustomRequest, reply: FastifyReply):Promise<T> {
+    async findOneBy(request: CustomRequest, reply: FastifyReply): Promise<T> {
         try {
             request.rbac.assertPermission(this.permission.View)
             if (!request.params.field || !request.params.value) {
@@ -343,59 +362,44 @@ class AbstractFastifyController<T, C, U> {
 
             const field = request.params.field
             const value = request.params.value
-            let item = await this.service.findOneBy(field,value)
-
-            if (this.tenantAssert) {
-                request.rbac.assertTenantId(item[this.tenantField].id)
-            }
+            let item = await this.service.findOneBy(field, value)
+            this.assertUserAndTenant(item, request.rbac);
 
             return item
         } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
+            this.handleError(e, reply)
         }
     }
 
+
+
     async search(request: CustomRequest, reply: FastifyReply) {
         try {
             request.rbac.assertPermission(this.permission.View)
             const search = request.query.search
-            const limit = 1000;
-            const filters = this.parseFilters(request.query.filters)
+            const filters = []
+            const limit = this.defaultLimit
 
             this.applyUserAndTenantFilters(filters, request.rbac);
 
             let item = await this.service.search(search, limit, filters)
             return item
         } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
+            this.handleError(e, reply)
         }
     }
 
     async paginate(request: CustomRequest, reply: FastifyReply) {
         try {
             request.rbac.assertPermission(this.permission.View)
-            const page = request.query.page
-            const limit = request.query.limit
+
+
+            if (request.query.limit > this.maximumLimit) {
+                throw new LimitError(this.maximumLimit, request.query.limit)
+            }
+
+            const page = request.query.page ? request.query.page : 1
+            const limit = request.query.limit ? request.query.limit : 10
             const orderBy = request.query.orderBy
             const order = request.query.order
             const search = request.query.search
@@ -407,17 +411,7 @@ class AbstractFastifyController<T, C, U> {
             let paginateResult = await this.service.paginate({page, limit, orderBy, order, search, filters})
             return paginateResult
         } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
+            this.handleError(e, reply)
         }
     }
 
@@ -465,17 +459,7 @@ class AbstractFastifyController<T, C, U> {
             }
 
         } catch (e) {
-            console.error(e)
-            if (e instanceof ValidationError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message, inputErrors: e.errors})
-            } else if (e instanceof UnauthorizedError) {
-                reply.statusCode = e.statusCode
-                reply.send({error: e.message})
-            } else {
-                reply.statusCode = 500
-                reply.send({error: 'INTERNAL_SERVER_ERROR'})
-            }
+            this.handleError(e, reply)
         }
     }
 }

package/src/index.ts

@@ -4,6 +4,17 @@ import AbstractSqliteRepository from "./repository/AbstractSqliteRepository.js";
 import AbstractService from "./services/AbstractService.js";
 import AbstractFastifyController from "./controllers/AbstractFastifyController.js";
 
+//schemas
+import {IdParamSchema} from "./schemas/IdParamSchema.js"
+import {DeleteBodyResponseSchema} from "./schemas/DeleteBodyResponseSchema.js"
+import {PaginateBodyResponseSchema, PaginateQuerySchema} from "./schemas/PaginateSchema.js"
+import {FindQuerySchema} from "./schemas/FindSchema.js"
+import {SearchQuerySchema} from "./schemas/SearchSchema.js"
+import {FindByParamSchema} from "./schemas/FindBySchema.js"
+import {ExportBodyResponseSchema} from "./schemas/ExportBodyResponseSchema.js"
+import {ErrorBodyResponseSchema, ValidationErrorBodyResponseSchema} from "./schemas/ErrorBodyResponseSchema.js"
+import {CrudSchemaBuilder} from "./builders/CrudSchemaBuilder.js";
+
 
 export {
 
@@ -13,4 +24,21 @@ export {
     AbstractService,
     AbstractFastifyController,
 
+
+    //Schemas
+    IdParamSchema,
+    DeleteBodyResponseSchema,
+    PaginateBodyResponseSchema,
+    PaginateQuerySchema,
+    FindQuerySchema,
+    SearchQuerySchema,
+    FindByParamSchema,
+    ErrorBodyResponseSchema,
+    ValidationErrorBodyResponseSchema,
+    ExportBodyResponseSchema,
+
+    //Builder
+    CrudSchemaBuilder,
+
+
 }

package/src/regexs/QueryFilterRegex.ts

@@ -0,0 +1,4 @@
+const QueryFilterRegex = /^(?:[a-zA-Z0-9_]+;(?:eq|like|ne|in|nin|gt|gte|lt|lte);[a-zA-Z0-9_]+)(?:\|[a-zA-Z0-9_]+;(?:eq|like|ne|in|nin|gt|gte|lt|lte);[a-zA-Z0-9_]+)*$/
+
+export default QueryFilterRegex
+export {QueryFilterRegex}