npm - @dyrected/core - Versions diffs - 2.5.24 → 2.5.26 - Mend

@dyrected/core 2.5.24 → 2.5.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (169) hide show

package/dist/__tests__/app.test.d.ts +2 -0
package/dist/__tests__/app.test.d.ts.map +1 -0
package/dist/__tests__/app.test.js +27 -0
package/dist/__tests__/app.test.js.map +1 -0
package/dist/__tests__/config.test.d.ts +2 -0
package/dist/__tests__/config.test.d.ts.map +1 -0
package/dist/__tests__/config.test.js +34 -0
package/dist/__tests__/config.test.js.map +1 -0
package/dist/__tests__/deleteMany.test.d.ts +2 -0
package/dist/__tests__/deleteMany.test.d.ts.map +1 -0
package/dist/__tests__/deleteMany.test.js +75 -0
package/dist/__tests__/deleteMany.test.js.map +1 -0
package/dist/__tests__/depth.test.d.ts +2 -0
package/dist/__tests__/depth.test.d.ts.map +1 -0
package/dist/__tests__/depth.test.js +81 -0
package/dist/__tests__/depth.test.js.map +1 -0
package/dist/__tests__/dynamic-options.test.d.ts +2 -0
package/dist/__tests__/dynamic-options.test.d.ts.map +1 -0
package/dist/__tests__/dynamic-options.test.js +132 -0
package/dist/__tests__/dynamic-options.test.js.map +1 -0
package/dist/__tests__/field-inference.test-types.d.ts +24 -0
package/dist/__tests__/field-inference.test-types.d.ts.map +1 -0
package/dist/__tests__/field-inference.test-types.js +87 -0
package/dist/__tests__/field-inference.test-types.js.map +1 -0
package/dist/__tests__/hooks.test.d.ts +2 -0
package/dist/__tests__/hooks.test.d.ts.map +1 -0
package/dist/__tests__/hooks.test.js +320 -0
package/dist/__tests__/hooks.test.js.map +1 -0
package/dist/__tests__/mocks.d.ts +68 -0
package/dist/__tests__/mocks.d.ts.map +1 -0
package/dist/__tests__/mocks.js +151 -0
package/dist/__tests__/mocks.js.map +1 -0
package/dist/__tests__/router.test.d.ts +2 -0
package/dist/__tests__/router.test.d.ts.map +1 -0
package/dist/__tests__/router.test.js +48 -0
package/dist/__tests__/router.test.js.map +1 -0
package/dist/__tests__/where.test.d.ts +2 -0
package/dist/__tests__/where.test.d.ts.map +1 -0
package/dist/__tests__/where.test.js +97 -0
package/dist/__tests__/where.test.js.map +1 -0
package/dist/app-BOrsS7Tz.d.cts +1771 -0
package/dist/app-BOrsS7Tz.d.ts +1771 -0
package/dist/app-BibuoHQG.d.cts +1764 -0
package/dist/app-BibuoHQG.d.ts +1764 -0
package/dist/app-aW2FMuYM.d.cts +1759 -0
package/dist/app-aW2FMuYM.d.ts +1759 -0
package/dist/app.d.ts +21 -0
package/dist/app.d.ts.map +1 -0
package/dist/app.js +56 -0
package/dist/app.js.map +1 -0
package/dist/auth/jexl.d.ts +10 -0
package/dist/auth/jexl.d.ts.map +1 -0
package/dist/auth/jexl.js +22 -0
package/dist/auth/jexl.js.map +1 -0
package/dist/auth/password.d.ts +10 -0
package/dist/auth/password.d.ts.map +1 -0
package/dist/auth/password.js +28 -0
package/dist/auth/password.js.map +1 -0
package/dist/auth/token.d.ts +20 -0
package/dist/auth/token.d.ts.map +1 -0
package/dist/auth/token.js +40 -0
package/dist/auth/token.js.map +1 -0
package/dist/chunk-4EDMZAM5.js +2692 -0
package/dist/chunk-FDQYPPG3.js +2698 -0
package/dist/chunk-NKDX67AW.js +2698 -0
package/dist/chunk-SUGK7UYL.js +311 -0
package/dist/chunk-ZFAOBRHT.js +2709 -0
package/dist/controllers/auth.controller.d.ts +125 -0
package/dist/controllers/auth.controller.d.ts.map +1 -0
package/dist/controllers/auth.controller.js +323 -0
package/dist/controllers/auth.controller.js.map +1 -0
package/dist/controllers/collection.controller.d.ts +88 -0
package/dist/controllers/collection.controller.d.ts.map +1 -0
package/dist/controllers/collection.controller.js +554 -0
package/dist/controllers/collection.controller.js.map +1 -0
package/dist/controllers/global.controller.d.ts +17 -0
package/dist/controllers/global.controller.d.ts.map +1 -0
package/dist/controllers/global.controller.js +116 -0
package/dist/controllers/global.controller.js.map +1 -0
package/dist/controllers/media.controller.d.ts +36 -0
package/dist/controllers/media.controller.d.ts.map +1 -0
package/dist/controllers/media.controller.js +155 -0
package/dist/controllers/media.controller.js.map +1 -0
package/dist/controllers/preview.controller.d.ts +37 -0
package/dist/controllers/preview.controller.d.ts.map +1 -0
package/dist/controllers/preview.controller.js +48 -0
package/dist/controllers/preview.controller.js.map +1 -0
package/dist/index-Bp7PDOYG.d.cts +1750 -0
package/dist/index-Bp7PDOYG.d.ts +1750 -0
package/dist/index-DfAmTZXk.d.cts +1749 -0
package/dist/index-DfAmTZXk.d.ts +1749 -0
package/dist/index.cjs +19 -2324
package/dist/index.d.cts +5 -6
package/dist/index.d.ts +5 -6
package/dist/index.d.ts.map +1 -0
package/dist/index.js +3 -5
package/dist/index.js.map +1 -0
package/dist/middleware/auth.d.ts +18 -0
package/dist/middleware/auth.d.ts.map +1 -0
package/dist/middleware/auth.js +45 -0
package/dist/middleware/auth.js.map +1 -0
package/dist/router.d.ts +8 -0
package/dist/router.d.ts.map +1 -0
package/dist/router.js +463 -0
package/dist/router.js.map +1 -0
package/dist/server.cjs +237 -45
package/dist/server.d.cts +22 -4
package/dist/server.d.ts +22 -4
package/dist/server.d.ts.map +1 -0
package/dist/server.js +2429 -8
package/dist/server.js.map +1 -0
package/dist/services/audit.service.d.ts +23 -0
package/dist/services/audit.service.d.ts.map +1 -0
package/dist/services/audit.service.js +28 -0
package/dist/services/audit.service.js.map +1 -0
package/dist/services/defaults.service.d.ts +8 -0
package/dist/services/defaults.service.d.ts.map +1 -0
package/dist/services/defaults.service.js +55 -0
package/dist/services/defaults.service.js.map +1 -0
package/dist/services/email.service.d.ts +33 -0
package/dist/services/email.service.d.ts.map +1 -0
package/dist/services/email.service.js +219 -0
package/dist/services/email.service.js.map +1 -0
package/dist/services/media.service.d.ts +20 -0
package/dist/services/media.service.d.ts.map +1 -0
package/dist/services/media.service.js +49 -0
package/dist/services/media.service.js.map +1 -0
package/dist/services/population.service.d.ts +20 -0
package/dist/services/population.service.d.ts.map +1 -0
package/dist/services/population.service.js +168 -0
package/dist/services/population.service.js.map +1 -0
package/dist/types/index.d.ts +1749 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +3 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/config.d.ts +8 -0
package/dist/utils/config.d.ts.map +1 -0
package/dist/utils/config.js +153 -0
package/dist/utils/config.js.map +1 -0
package/dist/utils/hooks.d.ts +41 -0
package/dist/utils/hooks.d.ts.map +1 -0
package/dist/utils/hooks.js +169 -0
package/dist/utils/hooks.js.map +1 -0
package/dist/utils/openapi.d.ts +6 -0
package/dist/utils/openapi.d.ts.map +1 -0
package/dist/utils/openapi.js +331 -0
package/dist/utils/openapi.js.map +1 -0
package/dist/utils/parse-where.d.ts +63 -0
package/dist/utils/parse-where.d.ts.map +1 -0
package/dist/utils/parse-where.js +196 -0
package/dist/utils/parse-where.js.map +1 -0
package/dist/utils/readonly-db.d.ts +9 -0
package/dist/utils/readonly-db.d.ts.map +1 -0
package/dist/utils/readonly-db.js +21 -0
package/dist/utils/readonly-db.js.map +1 -0
package/dist/utils/setup-prompt.d.ts +11 -0
package/dist/utils/setup-prompt.d.ts.map +1 -0
package/dist/utils/setup-prompt.js +863 -0
package/dist/utils/setup-prompt.js.map +1 -0
package/dist/utils/swagger.d.ts +5 -0
package/dist/utils/swagger.d.ts.map +1 -0
package/dist/utils/swagger.js +51 -0
package/dist/utils/swagger.js.map +1 -0
package/dist/utils/where-sanitizer.d.ts +10 -0
package/dist/utils/where-sanitizer.d.ts.map +1 -0
package/dist/utils/where-sanitizer.js +63 -0
package/dist/utils/where-sanitizer.js.map +1 -0
package/dist/where-sanitizer-DQIWTQZW.js +50 -0
package/package.json +1 -1

package/dist/server.cjs CHANGED Viewed

@@ -5,6 +5,9 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
@@ -27,6 +30,64 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 ));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/utils/where-sanitizer.ts
+var where_sanitizer_exports = {};
+__export(where_sanitizer_exports, {
+  sanitizeWhereClause: () => sanitizeWhereClause
+});
+function sanitizeWhereClause(where, fields) {
+  const fieldMap = /* @__PURE__ */ new Map();
+  function addFieldsToMap(fList, prefix = "") {
+    for (const f of fList) {
+      if ("name" in f && f.name) {
+        fieldMap.set(prefix + f.name, f);
+      }
+      if (f.type === "object" || f.type === "row" || f.type === "array") {
+        if ("fields" in f && Array.isArray(f.fields)) {
+          addFieldsToMap(f.fields, f.type === "object" || f.type === "array" ? `${prefix}${f.name}.` : prefix);
+        }
+      }
+    }
+  }
+  addFieldsToMap(fields);
+  function walk(node) {
+    const result = {};
+    for (const [key, value] of Object.entries(node)) {
+      if (key === "AND" || key === "OR") {
+        if (Array.isArray(value)) {
+          const processed = value.map((v) => walk(v)).filter((v) => Object.keys(v).length > 0);
+          if (processed.length > 0) {
+            result[key] = processed;
+          }
+        }
+        continue;
+      }
+      const fieldDef = fieldMap.get(key);
+      if (!fieldDef) continue;
+      if (fieldDef.admin?.filterable === false) continue;
+      if (NEVER_FILTERABLE_TYPES.includes(fieldDef.type)) continue;
+      result[key] = value;
+    }
+    return result;
+  }
+  return walk(where);
+}
+var NEVER_FILTERABLE_TYPES;
+var init_where_sanitizer = __esm({
+  "src/utils/where-sanitizer.ts"() {
+    "use strict";
+    NEVER_FILTERABLE_TYPES = [
+      "password",
+      "richText",
+      "json",
+      "file",
+      "image",
+      "join",
+      "collapsible"
+    ];
+  }
+});
 // src/server.ts
 var server_exports = {};
 __export(server_exports, {
@@ -109,7 +170,33 @@ var PopulationService = class {
     }
     const populatedDoc = { ...data };
     for (const field of fields) {
-      if (field.type === "join") continue;
+      if (field.type === "join" && field.collection && field.on && currentDepth === 0) {
+        const targetCollection = this.collections.find((c) => c.slug === field.collection);
+        if (targetCollection) {
+          const docId = populatedDoc.id;
+          if (docId) {
+            const where = { [field.on]: { equals: docId } };
+            const joinLimit = field.limit ?? 10;
+            const result = await this.db.find({
+              collection: field.collection,
+              where,
+              limit: joinLimit
+            });
+            const populatedDocs = await this.populate({
+              data: result.docs.map((doc) => DefaultsService.apply(targetCollection.fields, doc)),
+              fields: targetCollection.fields,
+              currentDepth: 1,
+              maxDepth
+            });
+            populatedDoc[field.name] = {
+              docs: populatedDocs,
+              hasNextPage: result.page * result.limit < result.total,
+              totalDocs: result.total
+            };
+          }
+        }
+        continue;
+      }
       if (field.type === "row" && field.fields) {
         const rowPopulated = await this.populate({ data, fields: field.fields, currentDepth, maxDepth });
         Object.assign(populatedDoc, rowPopulated);
@@ -294,7 +381,7 @@ async function runCollectionHooks(hooks, args, options = {}) {
   }
   return currentPayload;
 }
-async function executeFieldBeforeChange(fields, data, originalDoc, user) {
+async function executeFieldBeforeChange(fields, data, originalDoc, user, db) {
   if (!data || typeof data !== "object") return data;
   const result = { ...data };
   for (const field of fields) {
@@ -308,7 +395,8 @@ async function executeFieldBeforeChange(fields, data, originalDoc, user) {
           value: updatedValue,
           originalDoc: originalDoc ?? void 0,
           data: result,
-          user
+          user,
+          db
         });
       }
       result[field.name] = updatedValue;
@@ -319,7 +407,8 @@ async function executeFieldBeforeChange(fields, data, originalDoc, user) {
           field.fields,
           updatedValue,
           origValue,
-          user
+          user,
+          db
         );
       } else if (field.type === "array" && field.fields && Array.isArray(updatedValue)) {
         const arrayResult = [];
@@ -327,7 +416,7 @@ async function executeFieldBeforeChange(fields, data, originalDoc, user) {
           const item = updatedValue[i];
           const origItem = Array.isArray(origValue) ? origValue[i] : null;
           arrayResult.push(
-            await executeFieldBeforeChange(field.fields, item, origItem, user)
+            await executeFieldBeforeChange(field.fields, item, origItem, user, db)
           );
         }
         result[field.name] = arrayResult;
@@ -345,7 +434,8 @@ async function executeFieldBeforeChange(fields, data, originalDoc, user) {
                 blockConfig.fields,
                 blockData,
                 origBlock,
-                user
+                user,
+                db
               )
             );
           } else {
@@ -358,7 +448,7 @@ async function executeFieldBeforeChange(fields, data, originalDoc, user) {
   }
   return result;
 }
-async function executeFieldAfterRead(fields, doc, user) {
+async function executeFieldAfterRead(fields, doc, user, db) {
   if (!doc || typeof doc !== "object") return doc;
   const result = { ...doc };
   for (const field of fields) {
@@ -370,7 +460,8 @@ async function executeFieldAfterRead(fields, doc, user) {
         updatedValue = await hook({
           value: updatedValue,
           doc: result,
-          user
+          user,
+          db
         });
       }
       result[field.name] = updatedValue;
@@ -380,7 +471,8 @@ async function executeFieldAfterRead(fields, doc, user) {
         result[field.name] = await executeFieldAfterRead(
           field.fields,
           updatedValue,
-          user
+          user,
+          db
         );
       } else if (field.type === "array" && field.fields && Array.isArray(updatedValue)) {
         const arrayResult = [];
@@ -389,7 +481,8 @@ async function executeFieldAfterRead(fields, doc, user) {
             await executeFieldAfterRead(
               field.fields,
               item,
-              user
+              user,
+              db
             )
           );
         }
@@ -406,7 +499,8 @@ async function executeFieldAfterRead(fields, doc, user) {
               await executeFieldAfterRead(
                 blockConfig.fields,
                 typedBlock,
-                user
+                user,
+                db
               )
             );
           } else {
@@ -420,6 +514,23 @@ async function executeFieldAfterRead(fields, doc, user) {
   return result;
 }
+// src/utils/readonly-db.ts
+var WRITE_METHODS = ["create", "update", "delete", "updateGlobal", "execute"];
+function createReadonlyDb(db) {
+  return new Proxy(db, {
+    get(target, prop) {
+      if (WRITE_METHODS.includes(prop)) {
+        return () => {
+          throw new Error(
+            `[dyrected] Write operation "${String(prop)}" is not allowed in this hook phase. Use afterChange/afterDelete hooks for write operations.`
+          );
+        };
+      }
+      return Reflect.get(target, prop);
+    }
+  });
+}
 // src/controllers/collection.controller.ts
 var CollectionController = class {
   collection;
@@ -430,6 +541,7 @@ var CollectionController = class {
     const config = c.get("config");
     const db = config.db;
     if (!db) return c.json({ message: "Database not configured" }, 500);
+    const readonlyDb = createReadonlyDb(db);
     const limit = Number(c.req.query("limit")) || 10;
     const page = Number(c.req.query("page")) || 1;
     const depth = c.req.query("depth") !== void 0 ? Number(c.req.query("depth")) : 2;
@@ -443,10 +555,22 @@ var CollectionController = class {
       } catch {
       }
     }
+    if (where) {
+      if (this.collection.admin?.filterable === false) {
+        where = void 0;
+      } else {
+        const { sanitizeWhereClause: sanitizeWhereClause2 } = await Promise.resolve().then(() => (init_where_sanitizer(), where_sanitizer_exports));
+        where = sanitizeWhereClause2(where, this.collection.fields);
+        if (Object.keys(where).length === 0) {
+          where = void 0;
+        }
+      }
+    }
     const beforeReadResult = await runCollectionHooks(this.collection.hooks?.beforeRead, {
       req: c.req,
       query: where,
-      user
+      user,
+      db: readonlyDb
     });
     if (beforeReadResult !== void 0) {
       where = beforeReadResult;
@@ -477,9 +601,10 @@ var CollectionController = class {
       const docWithCollectionHooks = await runCollectionHooks(this.collection.hooks?.afterRead, {
         doc,
         req: c.req,
-        user
+        user,
+        db: readonlyDb
       });
-      const docWithFieldHooks = await executeFieldAfterRead(this.collection.fields, docWithCollectionHooks, user);
+      const docWithFieldHooks = await executeFieldAfterRead(this.collection.fields, docWithCollectionHooks, user, readonlyDb);
       processedDocs.push(docWithFieldHooks);
     }
     result.docs = processedDocs;
@@ -493,6 +618,7 @@ var CollectionController = class {
     const config = c.get("config");
     const db = config.db;
     if (!db) return c.json({ message: "Database not configured" }, 500);
+    const readonlyDb = createReadonlyDb(db);
     const id = c.req.param("id");
     const depth = c.req.query("depth") !== void 0 ? Number(c.req.query("depth")) : 10;
     const user = c.get("user");
@@ -503,9 +629,10 @@ var CollectionController = class {
     const docWithCollectionHooks = await runCollectionHooks(this.collection.hooks?.afterRead, {
       doc: docWithDefaults,
       req: c.req,
-      user
+      user,
+      db: readonlyDb
     });
-    const docWithFieldHooks = await executeFieldAfterRead(this.collection.fields, docWithCollectionHooks, user);
+    const docWithFieldHooks = await executeFieldAfterRead(this.collection.fields, docWithCollectionHooks, user, readonlyDb);
     if (depth > 0 && docWithFieldHooks) {
       const populationService = new PopulationService(db, config.collections);
       const populatedDoc = await populationService.populate({
@@ -522,6 +649,7 @@ var CollectionController = class {
     const config = c.get("config");
     const db = config.db;
     if (!db) return c.json({ message: "Database not configured" }, 500);
+    const readonlyDb = createReadonlyDb(db);
     const contentType = c.req.header("Content-Type") || "";
     if (contentType.toLowerCase().includes("multipart/form-data")) {
       return this.upload(c);
@@ -539,12 +667,13 @@ var CollectionController = class {
     if (this.collection.auth && data.password) {
       data.password = await hashPassword(data.password);
     }
-    data = await executeFieldBeforeChange(this.collection.fields, data, null, user);
+    data = await executeFieldBeforeChange(this.collection.fields, data, null, user, readonlyDb);
     data = await runCollectionHooks(this.collection.hooks?.beforeChange, {
       data,
       req: c.req,
       user,
-      operation: "create"
+      operation: "create",
+      db: readonlyDb
     });
     const doc = await db.create({ collection: this.collection.slug, data });
     if (this.collection.audit && db) {
@@ -561,20 +690,25 @@ var CollectionController = class {
       doc,
       user,
       req: c.req,
-      operation: "create"
+      operation: "create",
+      db
     }, { isolated: true });
     const readDoc = await runCollectionHooks(this.collection.hooks?.afterRead, {
       doc,
       req: c.req,
-      user
+      user,
+      db: readonlyDb
     });
-    const finalDoc = await executeFieldAfterRead(this.collection.fields, readDoc, user);
+    const finalDoc = await executeFieldAfterRead(this.collection.fields, readDoc, user, readonlyDb);
     return c.json(finalDoc, 201);
   }
   async upload(c) {
     const config = c.get("config");
     const storage = config.storage;
     if (!storage) return c.json({ message: "Storage not configured" }, 500);
+    const db = config.db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const readonlyDb = createReadonlyDb(db);
     const formData = await c.req.formData();
     const file = formData.get("file");
     if (!file) return c.json({ message: "No file uploaded" }, 400);
@@ -604,14 +738,15 @@ var CollectionController = class {
       createdBy: user?.sub ?? null,
       updatedBy: user?.sub ?? null
     };
-    data = await executeFieldBeforeChange(this.collection.fields, data, null, user);
+    data = await executeFieldBeforeChange(this.collection.fields, data, null, user, readonlyDb);
     data = await runCollectionHooks(this.collection.hooks?.beforeChange, {
       data,
       req: c.req,
       user,
-      operation: "create"
+      operation: "create",
+      db: readonlyDb
     });
-    const doc = await config.db.create({
+    const doc = await db.create({
       collection: this.collection.slug,
       data
     });
@@ -619,20 +754,23 @@ var CollectionController = class {
       doc,
       user,
       req: c.req,
-      operation: "create"
+      operation: "create",
+      db
     }, { isolated: true });
     const readDoc = await runCollectionHooks(this.collection.hooks?.afterRead, {
       doc,
       req: c.req,
-      user
+      user,
+      db: readonlyDb
     });
-    const finalDoc = await executeFieldAfterRead(this.collection.fields, readDoc, user);
+    const finalDoc = await executeFieldAfterRead(this.collection.fields, readDoc, user, readonlyDb);
     return c.json(finalDoc, 201);
   }
   async update(c) {
     const config = c.get("config");
     const db = config.db;
     if (!db) return c.json({ message: "Database not configured" }, 500);
+    const readonlyDb = createReadonlyDb(db);
     const id = c.req.param("id");
     if (!id) return c.json({ message: "Missing ID" }, 400);
     const body = await c.req.json();
@@ -653,13 +791,14 @@ var CollectionController = class {
     if (this.collection.audit) {
       before = originalDoc;
     }
-    data = await executeFieldBeforeChange(this.collection.fields, data, originalDoc, user);
+    data = await executeFieldBeforeChange(this.collection.fields, data, originalDoc, user, readonlyDb);
     data = await runCollectionHooks(this.collection.hooks?.beforeChange, {
       data,
       doc: originalDoc,
       req: c.req,
       user,
-      operation: "update"
+      operation: "update",
+      db: readonlyDb
     });
     const doc = await db.update({ collection: this.collection.slug, id, data });
     if (this.collection.audit && db) {
@@ -677,14 +816,16 @@ var CollectionController = class {
       previousDoc: originalDoc,
       user,
       req: c.req,
-      operation: "update"
+      operation: "update",
+      db
     }, { isolated: true });
     const readDoc = await runCollectionHooks(this.collection.hooks?.afterRead, {
       doc,
       req: c.req,
-      user
+      user,
+      db: readonlyDb
     });
-    const finalDoc = await executeFieldAfterRead(this.collection.fields, readDoc, user);
+    const finalDoc = await executeFieldAfterRead(this.collection.fields, readDoc, user, readonlyDb);
     return c.json(finalDoc);
   }
   /**
@@ -762,6 +903,7 @@ var CollectionController = class {
     const config = c.get("config");
     const db = config.db;
     if (!db) return c.json({ message: "Database not configured" }, 500);
+    const readonlyDb = createReadonlyDb(db);
     const id = c.req.param("id");
     if (!id) return c.json({ message: "Missing ID" }, 400);
     const user = c.get("user");
@@ -775,7 +917,8 @@ var CollectionController = class {
       id,
       doc,
       user,
-      req: c.req
+      req: c.req,
+      db: readonlyDb
     });
     await db.delete({ collection: this.collection.slug, id });
     if (this.collection.audit && db) {
@@ -792,7 +935,8 @@ var CollectionController = class {
       id,
       doc,
       user,
-      req: c.req
+      req: c.req,
+      db
     }, { isolated: true });
     return c.json({ message: "Deleted" });
   }
@@ -800,6 +944,7 @@ var CollectionController = class {
     const config = c.get("config");
     const db = config.db;
     if (!db) return c.json({ message: "Database not configured" }, 500);
+    const readonlyDb = createReadonlyDb(db);
     const user = c.get("user");
     let ids = [];
     try {
@@ -831,7 +976,8 @@ var CollectionController = class {
           id,
           doc,
           user,
-          req: c.req
+          req: c.req,
+          db: readonlyDb
         });
         await db.delete({ collection: this.collection.slug, id });
         deleted.push(id);
@@ -849,7 +995,8 @@ var CollectionController = class {
           id,
           doc,
           user,
-          req: c.req
+          req: c.req,
+          db
         }, { isolated: true });
       } catch (err) {
         failed.push({ id, error: err?.message ?? "Unknown error" });
@@ -894,13 +1041,15 @@ var GlobalController = class {
     const config = c.get("config");
     const db = config.db;
     if (!db) return c.json({ message: "Database not configured" }, 500);
+    const readonlyDb = createReadonlyDb(db);
     const depth = c.req.query("depth") !== void 0 ? Number(c.req.query("depth")) : 10;
     const user = c.get("user");
     let query = void 0;
     const beforeReadResult = await runCollectionHooks(this.global.hooks?.beforeRead, {
       req: c.req,
       query,
-      user
+      user,
+      db: readonlyDb
     });
     if (beforeReadResult !== void 0) {
       query = beforeReadResult;
@@ -916,9 +1065,10 @@ var GlobalController = class {
     const docWithCollectionHooks = await runCollectionHooks(this.global.hooks?.afterRead, {
       doc: dataWithDefaults,
       req: c.req,
-      user
+      user,
+      db: readonlyDb
     });
-    const docWithFieldHooks = await executeFieldAfterRead(this.global.fields, docWithCollectionHooks, user);
+    const docWithFieldHooks = await executeFieldAfterRead(this.global.fields, docWithCollectionHooks, user, readonlyDb);
     if (depth > 0 && docWithFieldHooks) {
       const populationService = new PopulationService(db, config.collections);
       const populatedData = await populationService.populate({
@@ -932,18 +1082,21 @@ var GlobalController = class {
     return c.json(docWithFieldHooks);
   }
   async update(c) {
-    const db = c.get("config").db;
+    const config = c.get("config");
+    const db = config.db;
     if (!db) return c.json({ message: "Database not configured" }, 500);
+    const readonlyDb = createReadonlyDb(db);
     const body = await c.req.json();
     const user = c.get("user");
     const originalDoc = await db.getGlobal({ slug: this.global.slug }) || {};
-    let data = await executeFieldBeforeChange(this.global.fields, body, originalDoc, user);
+    let data = await executeFieldBeforeChange(this.global.fields, body, originalDoc, user, readonlyDb);
     data = await runCollectionHooks(this.global.hooks?.beforeChange, {
       data,
       doc: originalDoc,
       req: c.req,
       user,
-      operation: "update"
+      operation: "update",
+      db: readonlyDb
     });
     const updated = await db.updateGlobal({ slug: this.global.slug, data });
     await runCollectionHooks(this.global.hooks?.afterChange, {
@@ -951,14 +1104,16 @@ var GlobalController = class {
       previousDoc: originalDoc,
       user,
       req: c.req,
-      operation: "update"
+      operation: "update",
+      db
     }, { isolated: true });
     const readDoc = await runCollectionHooks(this.global.hooks?.afterRead, {
       doc: updated,
       req: c.req,
-      user
+      user,
+      db: readonlyDb
     });
-    const finalDoc = await executeFieldAfterRead(this.global.fields, readDoc, user);
+    const finalDoc = await executeFieldAfterRead(this.global.fields, readDoc, user, readonlyDb);
     return c.json(finalDoc);
   }
   async seed(c) {
@@ -2207,6 +2362,9 @@ function registerRoutes(app, config) {
         hasMany: f.hasMany,
         fields: f.fields,
         blocks: f.blocks,
+        collection: f.collection,
+        on: f.on,
+        limit: f.limit,
         admin: f.admin,
         access: {
           read: await serializeAccess(f.access?.read),
@@ -2235,6 +2393,9 @@ function registerRoutes(app, config) {
         hasMany: f.hasMany,
         fields: f.fields,
         blocks: f.blocks,
+        collection: f.collection,
+        on: f.on,
+        limit: f.limit,
         admin: f.admin,
         access: {
           read: await serializeAccess(f.access?.read),
@@ -2327,6 +2488,37 @@ function registerRoutes(app, config) {
   app.get("/api/docs", (c) => {
     return c.html(getSwaggerHtml());
   });
+  app.get("/api/preferences/:key", requireAuth(), async (c) => {
+    const db = config.db;
+    const user = c.get("user");
+    const key = c.req.param("key");
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    if (!user?.collection || !user.sub) return c.json({ error: true, message: "Authentication required." }, 401);
+    if (!key) return c.json({ error: true, message: "Preference key is required." }, 400);
+    const doc = await db.findOne({ collection: user.collection, id: user.sub });
+    if (!doc) return c.json({ error: true, message: "User not found." }, 404);
+    const preferences = typeof doc.__preferences === "object" && doc.__preferences !== null ? doc.__preferences : {};
+    return c.json({ key, value: preferences[key] ?? null });
+  });
+  app.put("/api/preferences/:key", requireAuth(), async (c) => {
+    const db = config.db;
+    const user = c.get("user");
+    const key = c.req.param("key");
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    if (!user?.collection || !user.sub) return c.json({ error: true, message: "Authentication required." }, 401);
+    if (!key) return c.json({ error: true, message: "Preference key is required." }, 400);
+    const body = await c.req.json().catch(() => ({}));
+    const doc = await db.findOne({ collection: user.collection, id: user.sub });
+    if (!doc) return c.json({ error: true, message: "User not found." }, 404);
+    const preferences = typeof doc.__preferences === "object" && doc.__preferences !== null ? doc.__preferences : {};
+    const nextPreferences = { ...preferences, [key]: body.value };
+    await db.update({
+      collection: user.collection,
+      id: user.sub,
+      data: { __preferences: nextPreferences }
+    });
+    return c.json({ key, value: body.value });
+  });
   app.get("/api/media/:filename{.+$}", async (c) => {
     const mediaController = new MediaController("media");
     return mediaController.serve(c);

package/dist/server.d.cts CHANGED Viewed

@@ -1,10 +1,28 @@
-import { p as DyrectedContext, D as DyrectedConfig, C as CollectionConfig, G as GlobalConfig } from './app-C-HgyliB.cjs';
-export { M as createDyrectedApp } from './app-C-HgyliB.cjs';
+import * as hono_types from 'hono/types';
 import * as hono from 'hono';
 import { Hono, Context } from 'hono';
+import { D as DyrectedConfig, C as CollectionConfig, G as GlobalConfig } from './index-Bp7PDOYG.cjs';
 import * as hono_utils_http_status from 'hono/utils/http-status';
 import * as hono_utils_types from 'hono/utils/types';
-import 'hono/types';
+interface DyrectedContext {
+    Variables: {
+        config: DyrectedConfig;
+        siteId?: string;
+        workspaceId?: string;
+        /** Decoded JWT payload set by requireAuth() or optionalAuth() middleware. */
+        user?: {
+            sub: string;
+            email: string;
+            collection: string;
+            [key: string]: any;
+        };
+    };
+}
+/**
+ * Create the main Dyrected Hono application.
+ */
+declare function createDyrectedApp(rawConfig: DyrectedConfig): Promise<Hono<DyrectedContext, hono_types.BlankSchema, "/">>;
 /**
  * Register dynamic routes based on the provided configuration.
@@ -301,4 +319,4 @@ declare class PreviewController {
     }, 401, "json">)>;
 }
-export { AuthController, CollectionController, DyrectedContext, GlobalController, MediaController, PreviewController, registerRoutes };
+export { AuthController, CollectionController, type DyrectedContext, GlobalController, MediaController, PreviewController, createDyrectedApp, registerRoutes };

package/dist/server.d.ts CHANGED Viewed

@@ -1,10 +1,28 @@
-import { p as DyrectedContext, D as DyrectedConfig, C as CollectionConfig, G as GlobalConfig } from './app-C-HgyliB.js';
-export { M as createDyrectedApp } from './app-C-HgyliB.js';
+import * as hono_types from 'hono/types';
 import * as hono from 'hono';
 import { Hono, Context } from 'hono';
+import { D as DyrectedConfig, C as CollectionConfig, G as GlobalConfig } from './index-Bp7PDOYG.js';
 import * as hono_utils_http_status from 'hono/utils/http-status';
 import * as hono_utils_types from 'hono/utils/types';
-import 'hono/types';
+interface DyrectedContext {
+    Variables: {
+        config: DyrectedConfig;
+        siteId?: string;
+        workspaceId?: string;
+        /** Decoded JWT payload set by requireAuth() or optionalAuth() middleware. */
+        user?: {
+            sub: string;
+            email: string;
+            collection: string;
+            [key: string]: any;
+        };
+    };
+}
+/**
+ * Create the main Dyrected Hono application.
+ */
+declare function createDyrectedApp(rawConfig: DyrectedConfig): Promise<Hono<DyrectedContext, hono_types.BlankSchema, "/">>;
 /**
  * Register dynamic routes based on the provided configuration.
@@ -301,4 +319,4 @@ declare class PreviewController {
     }, 401, "json">)>;
 }
-export { AuthController, CollectionController, DyrectedContext, GlobalController, MediaController, PreviewController, registerRoutes };
+export { AuthController, CollectionController, type DyrectedContext, GlobalController, MediaController, PreviewController, createDyrectedApp, registerRoutes };

package/dist/server.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,cAAc,aAAa,CAAC;AAC5B,cAAc,kCAAkC,CAAC;AACjD,cAAc,wCAAwC,CAAC;AACvD,cAAc,oCAAoC,CAAC;AACnD,cAAc,mCAAmC,CAAC;AAClD,cAAc,qCAAqC,CAAC"}