@dyrected/core 2.5.13 → 2.5.16

package/dist/server.cjs

@@ -268,6 +268,150 @@ async function verifyPassword(plain, stored) {
   return (0, import_node_crypto.timingSafeEqual)(derivedKey, storedBuffer);
 }
 
+// src/utils/hooks.ts
+async function runCollectionHooks(hooks, args) {
+  if (!hooks || hooks.length === 0) {
+    return args.data ?? args.doc ?? void 0;
+  }
+  let currentPayload = args.data ?? args.doc ?? void 0;
+  for (const hook of hooks) {
+    const result = await hook({
+      ...args,
+      data: args.data !== void 0 ? currentPayload : void 0,
+      doc: args.doc !== void 0 ? currentPayload : void 0
+    });
+    if (result !== void 0) {
+      currentPayload = result;
+    }
+  }
+  return currentPayload;
+}
+async function executeFieldBeforeChange(fields, data, originalDoc, user) {
+  if (!data || typeof data !== "object") return data;
+  const result = { ...data };
+  for (const field of fields) {
+    if (!field.name) continue;
+    const value = result[field.name];
+    const origValue = originalDoc?.[field.name];
+    let updatedValue = value;
+    if (field.hooks?.beforeChange) {
+      for (const hook of field.hooks.beforeChange) {
+        updatedValue = await hook({
+          value: updatedValue,
+          originalDoc: originalDoc ?? void 0,
+          data: result,
+          user
+        });
+      }
+      result[field.name] = updatedValue;
+    }
+    if (updatedValue !== void 0 && updatedValue !== null) {
+      if (field.type === "object" && field.fields) {
+        result[field.name] = await executeFieldBeforeChange(
+          field.fields,
+          updatedValue,
+          origValue,
+          user
+        );
+      } else if (field.type === "array" && field.fields && Array.isArray(updatedValue)) {
+        const arrayResult = [];
+        for (let i = 0; i < updatedValue.length; i++) {
+          const item = updatedValue[i];
+          const origItem = Array.isArray(origValue) ? origValue[i] : null;
+          arrayResult.push(
+            await executeFieldBeforeChange(field.fields, item, origItem, user)
+          );
+        }
+        result[field.name] = arrayResult;
+      } else if (field.type === "blocks" && field.blocks && Array.isArray(updatedValue)) {
+        const blocksResult = [];
+        for (let i = 0; i < updatedValue.length; i++) {
+          const blockData = updatedValue[i];
+          const origBlock = Array.isArray(origValue) ? origValue[i] : null;
+          const blockConfig = field.blocks.find(
+            (b) => b.slug === blockData.blockType
+          );
+          if (blockConfig) {
+            blocksResult.push(
+              await executeFieldBeforeChange(
+                blockConfig.fields,
+                blockData,
+                origBlock,
+                user
+              )
+            );
+          } else {
+            blocksResult.push(blockData);
+          }
+        }
+        result[field.name] = blocksResult;
+      }
+    }
+  }
+  return result;
+}
+async function executeFieldAfterRead(fields, doc, user) {
+  if (!doc || typeof doc !== "object") return doc;
+  const result = { ...doc };
+  for (const field of fields) {
+    if (!field.name) continue;
+    const value = result[field.name];
+    let updatedValue = value;
+    if (field.hooks?.afterRead) {
+      for (const hook of field.hooks.afterRead) {
+        updatedValue = await hook({
+          value: updatedValue,
+          doc: result,
+          user
+        });
+      }
+      result[field.name] = updatedValue;
+    }
+    if (updatedValue !== void 0 && updatedValue !== null) {
+      if (field.type === "object" && field.fields) {
+        result[field.name] = await executeFieldAfterRead(
+          field.fields,
+          updatedValue,
+          user
+        );
+      } else if (field.type === "array" && field.fields && Array.isArray(updatedValue)) {
+        const arrayResult = [];
+        for (const item of updatedValue) {
+          arrayResult.push(
+            await executeFieldAfterRead(
+              field.fields,
+              item,
+              user
+            )
+          );
+        }
+        result[field.name] = arrayResult;
+      } else if (field.type === "blocks" && field.blocks && Array.isArray(updatedValue)) {
+        const blocksResult = [];
+        for (const blockData of updatedValue) {
+          const typedBlock = blockData;
+          const blockConfig = field.blocks.find(
+            (b) => b.slug === typedBlock.blockType
+          );
+          if (blockConfig) {
+            blocksResult.push(
+              await executeFieldAfterRead(
+                blockConfig.fields,
+                typedBlock,
+                user
+              )
+            );
+          } else {
+            blocksResult.push(blockData);
+          }
+        }
+        result[field.name] = blocksResult;
+      }
+    }
+  }
+  return result;
+}
+
 // src/controllers/collection.controller.ts
 var CollectionController = class {
   collection;
@@ -282,6 +426,7 @@ var CollectionController = class {
     const page = Number(c.req.query("page")) || 1;
     const depth = c.req.query("depth") !== void 0 ? Number(c.req.query("depth")) : 2;
     const sort = c.req.query("sort") || void 0;
+    const user = c.get("user");
     let where = void 0;
     const whereRaw = c.req.query("where");
     if (whereRaw) {
@@ -290,6 +435,14 @@ var CollectionController = class {
       } catch {
       }
     }
+    const beforeReadResult = await runCollectionHooks(this.collection.hooks?.beforeRead, {
+      req: c.req,
+      query: where,
+      user
+    });
+    if (beforeReadResult !== void 0) {
+      where = beforeReadResult;
+    }
     let result = await db.find({
       collection: this.collection.slug,
       limit,
@@ -311,6 +464,17 @@ var CollectionController = class {
       });
     }
     result.docs = result.docs.map((doc) => DefaultsService.apply(this.collection.fields, doc));
+    const processedDocs = [];
+    for (const doc of result.docs) {
+      const docWithCollectionHooks = await runCollectionHooks(this.collection.hooks?.afterRead, {
+        doc,
+        req: c.req,
+        user
+      });
+      const docWithFieldHooks = await executeFieldAfterRead(this.collection.fields, docWithCollectionHooks, user);
+      processedDocs.push(docWithFieldHooks);
+    }
+    result.docs = processedDocs;
     if (depth > 0) {
       const populationService = new PopulationService(db, config.collections);
       result = await populationService.populateResult(result, this.collection.fields, depth);
@@ -323,21 +487,28 @@ var CollectionController = class {
     if (!db) return c.json({ message: "Database not configured" }, 500);
     const id = c.req.param("id");
     const depth = c.req.query("depth") !== void 0 ? Number(c.req.query("depth")) : 10;
+    const user = c.get("user");
     if (!id) return c.json({ message: "Missing ID" }, 400);
     const doc = await db.findOne({ collection: this.collection.slug, id });
     if (!doc) return c.json({ message: "Not Found" }, 404);
     const docWithDefaults = DefaultsService.apply(this.collection.fields, doc);
-    if (depth > 0 && docWithDefaults) {
+    const docWithCollectionHooks = await runCollectionHooks(this.collection.hooks?.afterRead, {
+      doc: docWithDefaults,
+      req: c.req,
+      user
+    });
+    const docWithFieldHooks = await executeFieldAfterRead(this.collection.fields, docWithCollectionHooks, user);
+    if (depth > 0 && docWithFieldHooks) {
       const populationService = new PopulationService(db, config.collections);
       const populatedDoc = await populationService.populate({
-        data: docWithDefaults,
+        data: docWithFieldHooks,
         fields: this.collection.fields,
         currentDepth: 0,
         maxDepth: depth
       });
       return c.json(populatedDoc);
     }
-    return c.json(docWithDefaults);
+    return c.json(docWithFieldHooks);
   }
   async create(c) {
     const config = c.get("config");
@@ -350,7 +521,7 @@ var CollectionController = class {
     const body = await c.req.json();
     const user = c.get("user");
     const now = (/* @__PURE__ */ new Date()).toISOString();
-    const data = {
+    let data = {
       ...body,
       createdAt: now,
       updatedAt: now,
@@ -360,6 +531,13 @@ var CollectionController = class {
     if (this.collection.auth && data.password) {
       data.password = await hashPassword(data.password);
     }
+    data = await executeFieldBeforeChange(this.collection.fields, data, null, user);
+    data = await runCollectionHooks(this.collection.hooks?.beforeChange, {
+      data,
+      req: c.req,
+      user,
+      operation: "create"
+    });
     const doc = await db.create({ collection: this.collection.slug, data });
     if (this.collection.audit && db) {
       AuditService.log(db, {
@@ -371,7 +549,19 @@ var CollectionController = class {
         after: doc
       });
     }
-    return c.json(doc, 201);
+    await runCollectionHooks(this.collection.hooks?.afterChange, {
+      doc,
+      user,
+      req: c.req,
+      operation: "create"
+    });
+    const readDoc = await runCollectionHooks(this.collection.hooks?.afterRead, {
+      doc,
+      req: c.req,
+      user
+    });
+    const finalDoc = await executeFieldAfterRead(this.collection.fields, readDoc, user);
+    return c.json(finalDoc, 201);
   }
   async upload(c) {
     const config = c.get("config");
@@ -398,18 +588,38 @@ var CollectionController = class {
     });
     const user = c.get("user");
     const now = (/* @__PURE__ */ new Date()).toISOString();
+    let data = {
+      ...otherData,
+      ...fileData,
+      createdAt: now,
+      updatedAt: now,
+      createdBy: user?.sub ?? null,
+      updatedBy: user?.sub ?? null
+    };
+    data = await executeFieldBeforeChange(this.collection.fields, data, null, user);
+    data = await runCollectionHooks(this.collection.hooks?.beforeChange, {
+      data,
+      req: c.req,
+      user,
+      operation: "create"
+    });
     const doc = await config.db.create({
       collection: this.collection.slug,
-      data: {
-        ...otherData,
-        ...fileData,
-        createdAt: now,
-        updatedAt: now,
-        createdBy: user?.sub ?? null,
-        updatedBy: user?.sub ?? null
-      }
+      data
     });
-    return c.json(doc, 201);
+    await runCollectionHooks(this.collection.hooks?.afterChange, {
+      doc,
+      user,
+      req: c.req,
+      operation: "create"
+    });
+    const readDoc = await runCollectionHooks(this.collection.hooks?.afterRead, {
+      doc,
+      req: c.req,
+      user
+    });
+    const finalDoc = await executeFieldAfterRead(this.collection.fields, readDoc, user);
+    return c.json(finalDoc, 201);
   }
   async update(c) {
     const config = c.get("config");
@@ -419,7 +629,7 @@ var CollectionController = class {
     if (!id) return c.json({ message: "Missing ID" }, 400);
     const body = await c.req.json();
     const user = c.get("user");
-    const data = { ...body };
+    let data = { ...body };
     if (this.collection.auth) {
       delete data.password;
       delete data.oldPassword;
@@ -429,10 +639,20 @@ var CollectionController = class {
       updatedAt: (/* @__PURE__ */ new Date()).toISOString(),
       updatedBy: user?.sub ?? null
     });
+    const originalDoc = await db.findOne({ collection: this.collection.slug, id });
+    if (!originalDoc) return c.json({ message: "Not Found" }, 404);
     let before = null;
     if (this.collection.audit) {
-      before = await db.findOne({ collection: this.collection.slug, id });
-    }
+      before = originalDoc;
+    }
+    data = await executeFieldBeforeChange(this.collection.fields, data, originalDoc, user);
+    data = await runCollectionHooks(this.collection.hooks?.beforeChange, {
+      data,
+      doc: originalDoc,
+      req: c.req,
+      user,
+      operation: "update"
+    });
     const doc = await db.update({ collection: this.collection.slug, id, data });
     if (this.collection.audit && db) {
       AuditService.log(db, {
@@ -444,7 +664,20 @@ var CollectionController = class {
         after: doc
       });
     }
-    return c.json(doc);
+    await runCollectionHooks(this.collection.hooks?.afterChange, {
+      doc,
+      previousDoc: originalDoc,
+      user,
+      req: c.req,
+      operation: "update"
+    });
+    const readDoc = await runCollectionHooks(this.collection.hooks?.afterRead, {
+      doc,
+      req: c.req,
+      user
+    });
+    const finalDoc = await executeFieldAfterRead(this.collection.fields, readDoc, user);
+    return c.json(finalDoc);
   }
   /**
    * POST /api/collections/:slug/:id/change-password
@@ -524,10 +757,18 @@ var CollectionController = class {
     const id = c.req.param("id");
     if (!id) return c.json({ message: "Missing ID" }, 400);
     const user = c.get("user");
+    const doc = await db.findOne({ collection: this.collection.slug, id });
+    if (!doc) return c.json({ message: "Not Found" }, 404);
     let before = null;
     if (this.collection.audit) {
-      before = await db.findOne({ collection: this.collection.slug, id });
+      before = doc;
     }
+    await runCollectionHooks(this.collection.hooks?.beforeDelete, {
+      id,
+      doc,
+      user,
+      req: c.req
+    });
     await db.delete({ collection: this.collection.slug, id });
     if (this.collection.audit && db) {
       AuditService.log(db, {
@@ -539,6 +780,12 @@ var CollectionController = class {
         after: null
       });
     }
+    await runCollectionHooks(this.collection.hooks?.afterDelete, {
+      id,
+      doc,
+      user,
+      req: c.req
+    });
     return c.json({ message: "Deleted" });
   }
   async deleteMany(c) {
@@ -563,10 +810,21 @@ var CollectionController = class {
     const failed = [];
     for (const id of ids) {
       try {
+        const doc = await db.findOne({ collection: this.collection.slug, id });
+        if (!doc) {
+          failed.push({ id, error: "Not Found" });
+          continue;
+        }
         let before = null;
         if (this.collection.audit) {
-          before = await db.findOne({ collection: this.collection.slug, id });
+          before = doc;
         }
+        await runCollectionHooks(this.collection.hooks?.beforeDelete, {
+          id,
+          doc,
+          user,
+          req: c.req
+        });
         await db.delete({ collection: this.collection.slug, id });
         deleted.push(id);
         if (this.collection.audit) {
@@ -579,6 +837,12 @@ var CollectionController = class {
             after: null
           });
         }
+        await runCollectionHooks(this.collection.hooks?.afterDelete, {
+          id,
+          doc,
+          user,
+          req: c.req
+        });
       } catch (err) {
         failed.push({ id, error: err?.message ?? "Unknown error" });
       }
@@ -623,6 +887,16 @@ var GlobalController = class {
     const db = config.db;
     if (!db) return c.json({ message: "Database not configured" }, 500);
     const depth = c.req.query("depth") !== void 0 ? Number(c.req.query("depth")) : 10;
+    const user = c.get("user");
+    let query = void 0;
+    const beforeReadResult = await runCollectionHooks(this.global.hooks?.beforeRead, {
+      req: c.req,
+      query,
+      user
+    });
+    if (beforeReadResult !== void 0) {
+      query = beforeReadResult;
+    }
     let data = await db.getGlobal({ slug: this.global.slug });
     const isEmpty = !data || Object.keys(data).length === 0;
     if (isEmpty && this.global.initialData) {
@@ -631,24 +905,53 @@ var GlobalController = class {
       data = this.global.initialData;
     }
     const dataWithDefaults = DefaultsService.apply(this.global.fields, data);
-    if (depth > 0 && dataWithDefaults) {
+    const docWithCollectionHooks = await runCollectionHooks(this.global.hooks?.afterRead, {
+      doc: dataWithDefaults,
+      req: c.req,
+      user
+    });
+    const docWithFieldHooks = await executeFieldAfterRead(this.global.fields, docWithCollectionHooks, user);
+    if (depth > 0 && docWithFieldHooks) {
       const populationService = new PopulationService(db, config.collections);
       const populatedData = await populationService.populate({
-        data: dataWithDefaults,
+        data: docWithFieldHooks,
         fields: this.global.fields,
         currentDepth: 0,
         maxDepth: depth
       });
       return c.json(populatedData);
     }
-    return c.json(dataWithDefaults);
+    return c.json(docWithFieldHooks);
   }
   async update(c) {
     const db = c.get("config").db;
     if (!db) return c.json({ message: "Database not configured" }, 500);
     const body = await c.req.json();
-    const data = await db.updateGlobal({ slug: this.global.slug, data: body });
-    return c.json(data);
+    const user = c.get("user");
+    const originalDoc = await db.getGlobal({ slug: this.global.slug }) || {};
+    let data = await executeFieldBeforeChange(this.global.fields, body, originalDoc, user);
+    data = await runCollectionHooks(this.global.hooks?.beforeChange, {
+      data,
+      doc: originalDoc,
+      req: c.req,
+      user,
+      operation: "update"
+    });
+    const updated = await db.updateGlobal({ slug: this.global.slug, data });
+    await runCollectionHooks(this.global.hooks?.afterChange, {
+      doc: updated,
+      previousDoc: originalDoc,
+      user,
+      req: c.req,
+      operation: "update"
+    });
+    const readDoc = await runCollectionHooks(this.global.hooks?.afterRead, {
+      doc: updated,
+      req: c.req,
+      user
+    });
+    const finalDoc = await executeFieldAfterRead(this.global.fields, readDoc, user);
+    return c.json(finalDoc);
   }
   async seed(c) {
     const config = c.get("config");
@@ -1557,12 +1860,13 @@ function fieldToSchema(field) {
       schema = { type: "string", format: "date-time" };
       break;
     case "select":
-      schema = { type: "string", enum: field.options?.map((o) => typeof o === "string" ? o : o.value) };
+    case "radio":
+      schema = { type: "string", enum: Array.isArray(field.options) ? field.options.map((o) => typeof o === "string" ? o : o.value) : void 0 };
       break;
     case "multiSelect":
       schema = {
         type: "array",
-        items: { type: "string", enum: field.options?.map((o) => typeof o === "string" ? o : o.value) }
+        items: { type: "string", enum: Array.isArray(field.options) ? field.options.map((o) => typeof o === "string" ? o : o.value) : void 0 }
       };
       break;
     case "relationship":
@@ -1686,6 +1990,49 @@ function accessGate(target, action) {
     await next();
   };
 }
+async function checkAccess(access, accessArgs) {
+  if (access === void 0 || access === null) return true;
+  if (typeof access === "function") {
+    try {
+      const result = await access(accessArgs);
+      return typeof result === "boolean" ? result : !!result;
+    } catch (err) {
+      console.error("[dyrected/core] Functional access check failed:", err);
+      return false;
+    }
+  }
+  if (typeof access === "string" || typeof access === "boolean") {
+    return evaluateAccess(access, accessArgs);
+  }
+  return true;
+}
+function serializeFieldForApi(f) {
+  if (!f) return f;
+  const serialized = { ...f };
+  if (serialized.admin?.hooks) {
+    const hooks = { ...serialized.admin.hooks };
+    if (typeof hooks.onChange === "function") {
+      hooks.onChange = hooks.onChange.toString();
+    }
+    if (typeof hooks.options === "function") {
+      hooks.options = hooks.options.toString();
+    }
+    serialized.admin = { ...serialized.admin, hooks };
+  }
+  if (typeof serialized.options === "function" || serialized.options && typeof serialized.options === "object" && "resolve" in serialized.options) {
+    serialized.options = { _dynamic: true };
+  }
+  if (serialized.fields) {
+    serialized.fields = serialized.fields.map(serializeFieldForApi);
+  }
+  if (serialized.blocks) {
+    serialized.blocks = serialized.blocks.map((b) => ({
+      ...b,
+      fields: b.fields?.map(serializeFieldForApi)
+    }));
+  }
+  return serialized;
+}
 function registerRoutes(app, config) {
   app.get("/api/schemas", optionalAuth(), async (c) => {
     const siteId = c.req.header("X-Site-Id");
@@ -1701,26 +2048,10 @@ function registerRoutes(app, config) {
     }
     const user = c.get("user");
     const accessArgs = { user, req: c.req, doc: null };
-    const resolveAccess = async (access) => {
-      if (access === void 0 || access === null) return true;
-      if (typeof access === "function") {
-        try {
-          const result = await access(accessArgs);
-          return typeof result === "boolean" ? result : !!result;
-        } catch (err) {
-          console.error("[dyrected/core] Functional access check failed:", err);
-          return false;
-        }
-      }
-      if (typeof access === "string" || typeof access === "boolean") {
-        return evaluateAccess(access, accessArgs);
-      }
-      return true;
-    };
     const serializeAccess = async (access) => {
       if (typeof access === "string") return access;
       if (typeof access === "boolean") return access;
-      return resolveAccess(access);
+      return checkAccess(access, accessArgs);
     };
     const filteredCollections = await Promise.all(collections.filter((col) => !siteId || col.shared || !col.siteId || col.siteId === siteId).map(async (col) => ({
       slug: col.slug,
@@ -1731,7 +2062,7 @@ function registerRoutes(app, config) {
         update: await serializeAccess(col.access?.update),
         delete: await serializeAccess(col.access?.delete)
       },
-      fields: await Promise.all(col.fields.map(async (f) => ({
+      fields: await Promise.all(col.fields.map(serializeFieldForApi).map(async (f) => ({
         name: f.name,
         type: f.type,
         label: f.label,
@@ -1759,7 +2090,7 @@ function registerRoutes(app, config) {
         read: await serializeAccess(glb.access?.read),
         update: await serializeAccess(glb.access?.update)
       },
-      fields: await Promise.all(glb.fields.map(async (f) => ({
+      fields: await Promise.all(glb.fields.map(serializeFieldForApi).map(async (f) => ({
         name: f.name,
         type: f.type,
         label: f.label,
@@ -1784,6 +2115,78 @@ function registerRoutes(app, config) {
       admin: config.admin || {}
     });
   });
+  app.get("/api/dyrected/options/:collection/:field", optionalAuth(), async (c) => {
+    const { collection: colSlug, field: fieldName } = c.req.param();
+    const siteId = c.req.header("X-Site-Id");
+    let collections = [...config.collections];
+    if (siteId && config.onSchemaFetch) {
+      const dynamic = await config.onSchemaFetch(siteId);
+      if (dynamic.collections) collections = [...collections, ...dynamic.collections];
+    }
+    const user = c.get("user");
+    let collection = collections.find((col) => col.slug === colSlug);
+    let field;
+    if (collection) {
+      const accessExpr = collection.access?.read;
+      if (accessExpr !== void 0 && accessExpr !== null) {
+        const accessArgs = { user, req: c.req, doc: null };
+        const allowed = await checkAccess(accessExpr, accessArgs);
+        if (!allowed) {
+          return c.json({ error: true, message: `Access denied: read on ${colSlug}` }, 403);
+        }
+      }
+      field = collection.fields.find((f) => f.name === fieldName);
+    } else {
+      let globals = [...config.globals];
+      if (siteId && config.onSchemaFetch) {
+        const dynamic = await config.onSchemaFetch(siteId);
+        if (dynamic.globals) globals = [...globals, ...dynamic.globals];
+      }
+      const glb = globals.find((g) => g.slug === colSlug);
+      if (!glb) {
+        return c.json({ error: true, message: `${colSlug} not found as collection or global` }, 404);
+      }
+      const accessExpr = glb.access?.read;
+      if (accessExpr !== void 0 && accessExpr !== null) {
+        const accessArgs = { user, req: c.req, doc: null };
+        const allowed = await checkAccess(accessExpr, accessArgs);
+        if (!allowed) {
+          return c.json({ error: true, message: `Access denied: read on global ${colSlug}` }, 403);
+        }
+      }
+      field = glb.fields.find((f) => f.name === fieldName);
+    }
+    if (!field) {
+      return c.json({ error: true, message: `Field ${fieldName} not found in ${colSlug}` }, 404);
+    }
+    let resolver;
+    if (typeof field.options === "function") {
+      resolver = field.options;
+    } else if (field.options && typeof field.options === "object" && "resolve" in field.options) {
+      resolver = field.options.resolve;
+    }
+    if (!resolver) {
+      return c.json({ error: true, message: `Field ${fieldName} in ${colSlug} is not dynamic` }, 400);
+    }
+    try {
+      const db = c.get("db") || config.db;
+      const queryParams = c.req.query();
+      const reqContext = {
+        query: queryParams,
+        headers: c.req.header(),
+        raw: c.req.raw
+      };
+      const result = await resolver({
+        db,
+        user,
+        req: reqContext
+      });
+      return c.json(result);
+    } catch (err) {
+      console.error(`[dyrected/core] Failed to resolve dynamic options for field ${fieldName}:`, err);
+      return c.json({ error: true, message: err.message || "Failed to resolve dynamic options" }, 500);
+    }
+  });
   app.get("/api/openapi.json", (c) => {
     return c.json(generateOpenApi(config));
   });