@flowerforce/flowerbase 1.3.1-beta.3 → 1.3.1-beta.5

package/dist/features/functions/utils.d.ts

@@ -1,3 +1,4 @@
+import { Document } from 'mongodb';
 import { ExecuteQueryParams, Functions } from './interface';
 /**
  * > Loads the functions config json file
@@ -15,12 +16,12 @@ export declare const executeQuery: ({ currentMethod, query, update, filter, opti
     findOne: () => Promise<unknown>;
     count: () => Promise<number>;
     deleteOne: () => Promise<unknown>;
-    insertOne: () => Promise<import("mongodb/mongodb").InsertOneResult<import("bson").Document>>;
-    updateOne: () => Promise<unknown> | import("mongodb/mongodb").FindCursor<any> | import("mongodb/mongodb").ChangeStream<import("bson").Document, import("bson").Document> | import("mongodb/mongodb").AggregationCursor<import("bson").Document>;
-    findOneAndUpdate: () => Promise<import("bson").Document | null>;
-    aggregate: () => Promise<import("bson").Document[]>;
-    insertMany: () => Promise<import("mongodb/mongodb").InsertManyResult<import("bson").Document>>;
-    updateMany: () => Promise<import("mongodb/mongodb").UpdateResult<import("bson").Document>>;
-    deleteMany: () => Promise<import("mongodb/mongodb").DeleteResult>;
+    insertOne: () => Promise<import("mongodb").InsertOneResult<Document>>;
+    updateOne: () => Promise<unknown> | import("mongodb").FindCursor<any> | import("mongodb").ChangeStream<Document, Document> | import("mongodb").AggregationCursor<Document>;
+    findOneAndUpdate: () => Promise<Document | null>;
+    aggregate: () => Promise<Document[]>;
+    insertMany: () => Promise<import("mongodb").InsertManyResult<Document>>;
+    updateMany: () => Promise<import("mongodb").UpdateResult<Document>>;
+    deleteMany: () => Promise<import("mongodb").DeleteResult>;
 }>;
 //# sourceMappingURL=utils.d.ts.map

package/dist/features/functions/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/features/functions/utils.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAE3D;;;GAGG;AACH,eAAO,MAAM,aAAa,GAAU,gBAAuB,KAAG,OAAO,CAAC,SAAS,CAwB9E,CAAA;AAED;;;;;GAKG;AACH,eAAO,MAAM,YAAY,GAAU,+GAWhC,kBAAkB;;;;;;;;;;;;EA+DpB,CAAA"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/features/functions/utils.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAGlC,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAE3D;;;GAGG;AACH,eAAO,MAAM,aAAa,GAAU,gBAAuB,KAAG,OAAO,CAAC,SAAS,CAwB9E,CAAA;AAED;;;;;GAKG;AACH,eAAO,MAAM,YAAY,GAAU,+GAWhC,kBAAkB;;;;;;;;;;;;EA4EpB,CAAA"}

package/dist/features/functions/utils.js

@@ -70,16 +70,29 @@ const executeQuery = (_a) => __awaiter(void 0, [_a], void 0, function* ({ curren
         : typeof returnNewDocument === 'boolean'
             ? { returnDocument: returnNewDocument ? 'after' : 'before' }
             : undefined;
+    const parsedOptions = resolvedOptions ? bson_1.EJSON.deserialize(resolvedOptions) : undefined;
     return {
         find: () => __awaiter(void 0, void 0, void 0, function* () {
-            return yield currentMethod(bson_1.EJSON.deserialize(resolvedQuery)).toArray();
+            return yield (() => {
+                const cursor = currentMethod(bson_1.EJSON.deserialize(resolvedQuery));
+                if (parsedOptions === null || parsedOptions === void 0 ? void 0 : parsedOptions.sort) {
+                    cursor.sort(parsedOptions.sort);
+                }
+                if (typeof (parsedOptions === null || parsedOptions === void 0 ? void 0 : parsedOptions.skip) === 'number') {
+                    cursor.skip(parsedOptions.skip);
+                }
+                if (typeof (parsedOptions === null || parsedOptions === void 0 ? void 0 : parsedOptions.limit) === 'number') {
+                    cursor.limit(parsedOptions.limit);
+                }
+                return cursor.toArray();
+            })();
         }),
         findOne: () => currentMethod(bson_1.EJSON.deserialize(resolvedQuery)),
-        count: () => currentMethod(bson_1.EJSON.deserialize(resolvedQuery), resolvedOptions ? bson_1.EJSON.deserialize(resolvedOptions) : undefined),
+        count: () => currentMethod(bson_1.EJSON.deserialize(resolvedQuery), parsedOptions),
         deleteOne: () => currentMethod(bson_1.EJSON.deserialize(resolvedQuery)),
         insertOne: () => currentMethod(bson_1.EJSON.deserialize(document)),
         updateOne: () => currentMethod(bson_1.EJSON.deserialize(resolvedQuery), bson_1.EJSON.deserialize(resolvedUpdate)),
-        findOneAndUpdate: () => currentMethod(bson_1.EJSON.deserialize(resolvedQuery), bson_1.EJSON.deserialize(resolvedUpdate), resolvedOptions ? bson_1.EJSON.deserialize(resolvedOptions) : undefined),
+        findOneAndUpdate: () => currentMethod(bson_1.EJSON.deserialize(resolvedQuery), bson_1.EJSON.deserialize(resolvedUpdate), parsedOptions),
         aggregate: () => __awaiter(void 0, void 0, void 0, function* () {
             return (yield currentMethod(bson_1.EJSON.deserialize(pipeline), {}, // TODO -> ADD OPTIONS
             isClient)).toArray();

package/dist/services/mongodb-atlas/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/services/mongodb-atlas/index.ts"],"names":[],"mappings":"AAaA,OAAO,EAAyC,oBAAoB,EAAE,MAAM,SAAS,CAAA;AA4yBrF,QAAA,MAAM,YAAY,EAAE,oBAsBlB,CAAA;AAEF,eAAe,YAAY,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/services/mongodb-atlas/index.ts"],"names":[],"mappings":"AAcA,OAAO,EAAyC,oBAAoB,EAAE,MAAM,SAAS,CAAA;AA60BrF,QAAA,MAAM,YAAY,EAAE,oBAsBlB,CAAA;AAEF,eAAe,YAAY,CAAA"}

package/dist/services/mongodb-atlas/index.js

@@ -12,6 +12,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+const get_1 = __importDefault(require("lodash/get"));
 const isEqual_1 = __importDefault(require("lodash/isEqual"));
 const machines_1 = require("../../utils/roles/machines");
 const utils_1 = require("../../utils/roles/machines/utils");
@@ -36,6 +37,29 @@ const logService = (message, payload) => {
         return;
     console.log('[service-debug]', message, payload !== null && payload !== void 0 ? payload : '');
 };
+const getUpdatedPaths = (update) => {
+    const entries = Object.entries(update !== null && update !== void 0 ? update : {});
+    const hasOperators = entries.some(([key]) => key.startsWith('$'));
+    if (!hasOperators) {
+        return Object.keys(update !== null && update !== void 0 ? update : {});
+    }
+    const paths = new Set();
+    for (const [key, value] of entries) {
+        if (!key.startsWith('$'))
+            continue;
+        if (value && typeof value === 'object' && !Array.isArray(value)) {
+            Object.keys(value).forEach((path) => paths.add(path));
+        }
+    }
+    return [...paths];
+};
+const areUpdatedFieldsAllowed = (filtered, updated, updatedPaths) => {
+    if (!filtered)
+        return false;
+    if (!updatedPaths.length)
+        return (0, isEqual_1.default)(filtered, updated);
+    return updatedPaths.every((path) => (0, isEqual_1.default)((0, get_1.default)(filtered, path), (0, get_1.default)(updated, path)));
+};
 const getOperators = (collection, { rules, collName, user, run_as_system }) => {
     var _a, _b;
     const normalizedRules = rules !== null && rules !== void 0 ? rules : {};
@@ -238,6 +262,7 @@ const getOperators = (collection, { rules, collName, user, run_as_system }) => {
                 const winningRole = (0, utils_1.getWinningRole)(result, user, roles);
                 // Check if the update data contains MongoDB update operators (e.g., $set, $inc)
                 const hasOperators = Object.keys(data).some((key) => key.startsWith('$'));
+                const updatedPaths = getUpdatedPaths(data);
                 // Flatten the update object to extract the actual fields being modified
                 // const docToCheck = hasOperators
                 //   ? Object.values(data).reduce((acc, operation) => ({ ...acc, ...operation }), {})
@@ -264,7 +289,7 @@ const getOperators = (collection, { rules, collName, user, run_as_system }) => {
                     }, user)
                     : fallbackAccess(docToCheck);
                 // Ensure no unauthorized changes are made
-                const areDocumentsEqual = (0, isEqual_1.default)(document, docToCheck);
+                const areDocumentsEqual = areUpdatedFieldsAllowed(document, docToCheck, updatedPaths);
                 if (!status || !areDocumentsEqual) {
                     throw new Error('Update not permitted');
                 }
@@ -296,6 +321,7 @@ const getOperators = (collection, { rules, collName, user, run_as_system }) => {
                 }
                 const winningRole = (0, utils_1.getWinningRole)(result, user, roles);
                 const hasOperators = Object.keys(data).some((key) => key.startsWith('$'));
+                const updatedPaths = Array.isArray(data) ? [] : getUpdatedPaths(data);
                 const pipeline = [
                     {
                         $match: { $and: safeQuery }
@@ -316,7 +342,7 @@ const getOperators = (collection, { rules, collName, user, run_as_system }) => {
                         expansions: {}
                     }, user)
                     : fallbackAccess(docToCheck);
-                const areDocumentsEqual = (0, isEqual_1.default)(document, docToCheck);
+                const areDocumentsEqual = areUpdatedFieldsAllowed(document, docToCheck, updatedPaths);
                 if (!status || !areDocumentsEqual) {
                     throw new Error('Update not permitted');
                 }
@@ -574,6 +600,7 @@ const getOperators = (collection, { rules, collName, user, run_as_system }) => {
                 }
                 // Check if the update data contains MongoDB update operators (e.g., $set, $inc)
                 const hasOperators = Object.keys(data).some((key) => key.startsWith('$'));
+                const updatedPaths = getUpdatedPaths(data);
                 // Flatten the update object to extract the actual fields being modified
                 // const docToCheck = hasOperators
                 //   ? Object.values(data).reduce((acc, operation) => ({ ...acc, ...operation }), {})
@@ -600,7 +627,7 @@ const getOperators = (collection, { rules, collName, user, run_as_system }) => {
                     return status ? document : undefined;
                 })));
                 // Ensure no unauthorized changes are made
-                const areDocumentsEqual = (0, isEqual_1.default)(docsToCheck, filteredItems);
+                const areDocumentsEqual = docsToCheck.every((doc, index) => areUpdatedFieldsAllowed(filteredItems[index], doc, updatedPaths));
                 if (!areDocumentsEqual) {
                     console.log('check1 In updateMany --> (!areDocumentsEqual)');
                     throw new Error('Update not permitted');

package/dist/utils/crypto/index.js

@@ -36,7 +36,7 @@ exports.hashPassword = hashPassword;
 const comparePassword = (plaintext, storedPassword) => __awaiter(void 0, void 0, void 0, function* () {
     const [storedHash, storedSalt] = storedPassword.split('.');
     if (!storedHash || !storedSalt) {
-        throw new Error(`Invalid stored password: ${storedPassword}`);
+        throw new Error('Invalid credentials');
     }
     const storedBuffer = Buffer.from(storedHash, 'hex');
     const buffer = (yield scrypt(plaintext, storedSalt, 64));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@flowerforce/flowerbase",
-  "version": "1.3.1-beta.3",
+  "version": "1.3.1-beta.5",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/features/functions/utils.ts

@@ -1,5 +1,6 @@
 import fs from 'fs'
 import path from 'node:path'
+import { Document } from 'mongodb'
 import { EJSON } from 'bson'
 import { GetOperatorsFunction } from '../../services/mongodb-atlas/model'
 import { ExecuteQueryParams, Functions } from './interface'
@@ -65,11 +66,24 @@ export const executeQuery = async ({
       : typeof returnNewDocument === 'boolean'
         ? { returnDocument: returnNewDocument ? 'after' : 'before' }
         : undefined
+  const parsedOptions = resolvedOptions ? EJSON.deserialize(resolvedOptions) : undefined
   return {
     find: async () =>
-      await (currentMethod as ReturnType<GetOperatorsFunction>['find'])(
-        EJSON.deserialize(resolvedQuery)
-      ).toArray(),
+      await (() => {
+        const cursor = (currentMethod as ReturnType<GetOperatorsFunction>['find'])(
+          EJSON.deserialize(resolvedQuery)
+        )
+        if (parsedOptions?.sort) {
+          cursor.sort(parsedOptions.sort as Document)
+        }
+        if (typeof parsedOptions?.skip === 'number') {
+          cursor.skip(parsedOptions.skip)
+        }
+        if (typeof parsedOptions?.limit === 'number') {
+          cursor.limit(parsedOptions.limit)
+        }
+        return cursor.toArray()
+      })(),
     findOne: () =>
       (currentMethod as ReturnType<GetOperatorsFunction>['findOne'])(
         EJSON.deserialize(resolvedQuery)
@@ -77,7 +91,7 @@ export const executeQuery = async ({
     count: () =>
       (currentMethod as ReturnType<GetOperatorsFunction>['count'])(
         EJSON.deserialize(resolvedQuery),
-        resolvedOptions ? EJSON.deserialize(resolvedOptions) : undefined
+        parsedOptions
       ),
     deleteOne: () =>
       (currentMethod as ReturnType<GetOperatorsFunction>['deleteOne'])(
@@ -92,7 +106,7 @@ export const executeQuery = async ({
       (currentMethod as ReturnType<GetOperatorsFunction>['findOneAndUpdate'])(
         EJSON.deserialize(resolvedQuery),
         EJSON.deserialize(resolvedUpdate),
-        resolvedOptions ? EJSON.deserialize(resolvedOptions) : undefined
+        parsedOptions
       ),
     aggregate: async () =>
       (await (currentMethod as ReturnType<GetOperatorsFunction>['aggregate'])(

package/src/services/mongodb-atlas/index.ts

@@ -1,3 +1,4 @@
+import get from 'lodash/get'
 import isEqual from 'lodash/isEqual'
 import {
   Collection,
@@ -42,6 +43,34 @@ const logService = (message: string, payload?: unknown) => {
   console.log('[service-debug]', message, payload ?? '')
 }
 
+const getUpdatedPaths = (update: Document) => {
+  const entries = Object.entries(update ?? {})
+  const hasOperators = entries.some(([key]) => key.startsWith('$'))
+
+  if (!hasOperators) {
+    return Object.keys(update ?? {})
+  }
+
+  const paths = new Set<string>()
+  for (const [key, value] of entries) {
+    if (!key.startsWith('$')) continue
+    if (value && typeof value === 'object' && !Array.isArray(value)) {
+      Object.keys(value as Document).forEach((path) => paths.add(path))
+    }
+  }
+  return [...paths]
+}
+
+const areUpdatedFieldsAllowed = (
+  filtered: Document | null | undefined,
+  updated: Document,
+  updatedPaths: string[]
+) => {
+  if (!filtered) return false
+  if (!updatedPaths.length) return isEqual(filtered, updated)
+  return updatedPaths.every((path) => isEqual(get(filtered, path), get(updated, path)))
+}
+
 const getOperators: GetOperatorsFunction = (
   collection,
   { rules, collName, user, run_as_system }
@@ -273,6 +302,7 @@ const getOperators: GetOperatorsFunction = (
 
         // Check if the update data contains MongoDB update operators (e.g., $set, $inc)
         const hasOperators = Object.keys(data).some((key) => key.startsWith('$'))
+        const updatedPaths = getUpdatedPaths(data as Document)
 
         // Flatten the update object to extract the actual fields being modified
         // const docToCheck = hasOperators
@@ -304,7 +334,7 @@ const getOperators: GetOperatorsFunction = (
           )
           : fallbackAccess(docToCheck)
         // Ensure no unauthorized changes are made
-        const areDocumentsEqual = isEqual(document, docToCheck)
+        const areDocumentsEqual = areUpdatedFieldsAllowed(document, docToCheck, updatedPaths)
 
         if (!status || !areDocumentsEqual) {
           throw new Error('Update not permitted')
@@ -343,6 +373,7 @@ const getOperators: GetOperatorsFunction = (
 
         const winningRole = getWinningRole(result, user, roles)
         const hasOperators = Object.keys(data).some((key) => key.startsWith('$'))
+        const updatedPaths = Array.isArray(data) ? [] : getUpdatedPaths(data as Document)
         const pipeline = [
           {
             $match: { $and: safeQuery }
@@ -369,7 +400,7 @@ const getOperators: GetOperatorsFunction = (
           )
           : fallbackAccess(docToCheck)
 
-        const areDocumentsEqual = isEqual(document, docToCheck)
+        const areDocumentsEqual = areUpdatedFieldsAllowed(document, docToCheck, updatedPaths)
         if (!status || !areDocumentsEqual) {
           throw new Error('Update not permitted')
         }
@@ -704,6 +735,7 @@ const getOperators: GetOperatorsFunction = (
 
         // Check if the update data contains MongoDB update operators (e.g., $set, $inc)
         const hasOperators = Object.keys(data).some((key) => key.startsWith('$'))
+        const updatedPaths = getUpdatedPaths(data as Document)
 
         // Flatten the update object to extract the actual fields being modified
         // const docToCheck = hasOperators
@@ -743,7 +775,9 @@ const getOperators: GetOperatorsFunction = (
         )
 
         // Ensure no unauthorized changes are made
-        const areDocumentsEqual = isEqual(docsToCheck, filteredItems)
+        const areDocumentsEqual = docsToCheck.every((doc, index) =>
+          areUpdatedFieldsAllowed(filteredItems[index], doc, updatedPaths)
+        )
 
         if (!areDocumentsEqual) {
           console.log('check1 In updateMany --> (!areDocumentsEqual)')

package/src/utils/crypto/index.ts

@@ -24,7 +24,7 @@ export const comparePassword = async (plaintext: string, storedPassword: string)
   const [storedHash, storedSalt] = storedPassword.split('.')
 
   if (!storedHash || !storedSalt) {
-    throw new Error(`Invalid stored password: ${storedPassword}`);
+    throw new Error('Invalid credentials');
   }
 
   const storedBuffer = Buffer.from(storedHash, 'hex')