@flowerforce/flowerbase 1.8.4-beta.1 → 1.8.4-beta.3

package/src/utils/context/index.ts

@@ -1,9 +1,11 @@
+import fs from 'node:fs'
 import { createRequire } from 'node:module'
 import path from 'node:path'
 import { pathToFileURL } from 'node:url'
 import vm from 'vm'
 import { EJSON } from 'bson'
 import { StateManager } from '../../state'
+import { Function as AppFunction } from '../../features/functions/interface'
 import { generateContextData } from './helpers'
 import { GenerateContextParams } from './interface'
 
@@ -92,6 +94,42 @@ const wrapEsmModule = (code: string): string => {
   return `${prelude}\n${code}\n${trailer}`
 }
 
+const transpileSandboxModule = (code: string): string => {
+  const exportedNames: string[] = []
+  let transformed = code.includes('import ')
+    ? transformImportsToRequire(code)
+    : code
+
+  transformed = transformed.replace(
+    /^\s*export\s+function\s+([A-Za-z_$][\w$]*)\s*\(/gm,
+    (_match, name: string) => {
+      exportedNames.push(name)
+      return `function ${name}(`
+    }
+  )
+
+  transformed = transformed.replace(
+    /^\s*export\s+(const|let|var|class)\s+([A-Za-z_$][\w$]*)/gm,
+    (_match, kind: string, name: string) => {
+      exportedNames.push(name)
+      return `${kind} ${name}`
+    }
+  )
+
+  transformed = transformed.replace(
+    /^\s*export\s+default\s+/gm,
+    'module.exports = '
+  )
+
+  if (exportedNames.length === 0) {
+    return transformed
+  }
+
+  return `${transformed}\n${[...new Set(exportedNames)]
+    .map((name) => `exports.${name} = ${name}`)
+    .join('\n')}`
+}
+
 const resolveImportTarget = (specifier: string, customRequire: NodeRequire): string => {
   try {
     const resolved = customRequire.resolve(specifier)
@@ -123,6 +161,82 @@ type SandboxContext = vm.Context & {
   __fb_dirname?: string
 }
 
+type SandboxExecutionContext = ReturnType<typeof generateContextData>
+
+const resolveModulePath = (specifier: string, parentFile: string): string | undefined => {
+  const parentDir = path.dirname(parentFile)
+  const basePath = path.resolve(parentDir, specifier)
+  const candidates = [
+    basePath,
+    `${basePath}.js`,
+    `${basePath}.ts`,
+    path.join(basePath, 'index.js'),
+    path.join(basePath, 'index.ts')
+  ]
+
+  return candidates.find((candidate) => {
+    try {
+      return fs.statSync(candidate).isFile()
+    } catch {
+      return false
+    }
+  })
+}
+
+const executeSandboxModule = ({
+  code,
+  contextData,
+  filePath,
+  moduleCache
+}: {
+  code: string
+  contextData: SandboxExecutionContext
+  filePath: string
+  moduleCache: Map<string, unknown>
+}): unknown => {
+  if (moduleCache.has(filePath)) {
+    return moduleCache.get(filePath)
+  }
+
+  const sandboxModule: SandboxModule = { exports: {} }
+  moduleCache.set(filePath, sandboxModule.exports)
+  const baseRequire = createRequire(filePath)
+
+  const localRequire = ((specifier: string) => {
+    if (specifier.startsWith('.') || specifier.startsWith('/')) {
+      const resolvedPath = resolveModulePath(specifier, filePath)
+      if (resolvedPath) {
+        return executeSandboxModule({
+          code: fs.readFileSync(resolvedPath, 'utf-8'),
+          contextData,
+          filePath: resolvedPath,
+          moduleCache
+        })
+      }
+    }
+
+    return baseRequire(specifier)
+  }) as NodeRequire
+
+  const vmContext = vm.createContext({
+    ...contextData,
+    require: localRequire,
+    exports: sandboxModule.exports,
+    module: sandboxModule,
+    __filename: filePath,
+    __dirname: path.dirname(filePath),
+    __fb_require: localRequire,
+    __fb_filename: filePath,
+    __fb_dirname: path.dirname(filePath)
+  }) as SandboxContext
+
+  vm.runInContext(transpileSandboxModule(code), vmContext, { filename: filePath })
+  sandboxModule.exports = resolveExport(vmContext) ?? sandboxModule.exports
+  moduleCache.set(filePath, sandboxModule.exports)
+
+  return sandboxModule.exports
+}
+
 const isExportedFunction = (value: unknown): value is ExportedFunction =>
   typeof value === 'function'
 
@@ -141,10 +255,28 @@ const resolveExport = (ctx: SandboxContext): ExportedFunction | undefined => {
   return getDefaultExport(moduleExports) ?? getDefaultExport(contextExports)
 }
 
-const buildVmContext = (contextData: ReturnType<typeof generateContextData>) => {
+const buildVmContext = (
+  contextData: ReturnType<typeof generateContextData>,
+  currentFunction?: AppFunction
+) => {
   const sandboxModule: SandboxModule = { exports: {} }
-  const entryFile = require.main?.filename ?? process.cwd()
-  const customRequire = createRequire(entryFile)
+  const entryFile = currentFunction?.sourcePath ?? require.main?.filename ?? process.cwd()
+  const moduleCache = new Map<string, unknown>()
+  const customRequire = ((specifier: string) => {
+    if ((specifier.startsWith('.') || specifier.startsWith('/')) && currentFunction?.sourcePath) {
+      const resolvedPath = resolveModulePath(specifier, currentFunction.sourcePath)
+      if (resolvedPath) {
+        return executeSandboxModule({
+          code: fs.readFileSync(resolvedPath, 'utf-8'),
+          contextData,
+          filePath: resolvedPath,
+          moduleCache
+        })
+      }
+    }
+
+    return createRequire(entryFile)(specifier)
+  }) as NodeRequire
 
   const vmContext: SandboxContext = vm.createContext({
     ...contextData,
@@ -206,7 +338,10 @@ export async function GenerateContext({
       GenerateContextSync,
       request
     })
-    const { sandboxModule, entryFile, customRequire, vmContext } = buildVmContext(contextData)
+    const { sandboxModule, entryFile, customRequire, vmContext } = buildVmContext(
+      contextData,
+      functionToRun
+    )
 
     const vmModules = vm as typeof vm & {
       SourceTextModule?: typeof vm.SourceTextModule
@@ -271,10 +406,7 @@ export async function GenerateContext({
     }
 
     if (!usedVmModules) {
-      const codeToRun = functionToRun.code.includes('import ')
-        ? transformImportsToRequire(functionToRun.code)
-        : functionToRun.code
-      vm.runInContext(codeToRun, vmContext)
+      vm.runInContext(transpileSandboxModule(functionToRun.code), vmContext, { filename: entryFile })
     }
 
     sandboxModule.exports = resolveExport(vmContext) ?? sandboxModule.exports
@@ -323,12 +455,9 @@ export function GenerateContextSync({
     GenerateContextSync,
     request
   })
-  const { sandboxModule, vmContext } = buildVmContext(contextData)
-  const codeToRun = functionToRun.code.includes('import ')
-    ? transformImportsToRequire(functionToRun.code)
-    : functionToRun.code
+  const { sandboxModule, entryFile, vmContext } = buildVmContext(contextData, functionToRun)
 
-  vm.runInContext(codeToRun, vmContext)
+  vm.runInContext(transpileSandboxModule(functionToRun.code), vmContext, { filename: entryFile })
   sandboxModule.exports = resolveExport(vmContext) ?? sandboxModule.exports
   const fn = sandboxModule.exports as ExportedFunction
   if (deserializeArgs) {

package/src/utils/roles/helpers.ts

@@ -7,6 +7,8 @@ import { PermissionExpression } from './interface'
 import { MachineContext } from './machines/interface'
 
 const functionsConditions = ['%%true', '%%false']
+const andConditions = ['$and', '%and']
+const orConditions = ['$or', '%or']
 
 const normalizeUserRole = (user?: MachineContext['user']) => {
   if (!user) return user
@@ -22,30 +24,121 @@ const normalizeUserRole = (user?: MachineContext['user']) => {
     : user
 }
 
-export const evaluateExpression = async (
+const buildEvaluationContext = (
   params: MachineContext['params'],
-  expression?: PermissionExpression,
   user?: MachineContext['user']
-): Promise<boolean> => {
-  if (!expression || typeof expression === 'boolean') return !!expression
+) => {
   const normalizedUser = normalizeUserRole(user)
 
-  const value = {
-    ...params.expansions,
-    ...params.cursor,
+  return {
+    ...(params.expansions ?? {}),
+    ...(params.cursor ?? {}),
     '%%root': params.cursor,
     '%%prevRoot': params.expansions?.['%%prevRoot'],
     '%%user': normalizedUser,
     '%%true': true,
     '%%false': false
   }
+}
+
+const getFunctionCondition = (
+  expression: unknown
+): [string, Record<string, any>] | null => {
+  if (!expression || typeof expression !== 'object' || Array.isArray(expression)) {
+    return null
+  }
+
+  const entries = Object.entries(expression as Record<string, unknown>)
+  if (entries.length !== 1) {
+    return null
+  }
+
+  const [key, value] = entries[0]
+  if (!functionsConditions.includes(key)) {
+    return null
+  }
+
+  if (!value || typeof value !== 'object' || Array.isArray(value)) {
+    return null
+  }
+
+  return Object.prototype.hasOwnProperty.call(value, '%function')
+    ? [key, value as Record<string, any>]
+    : null
+}
+
+export const evaluateExpandedExpression = async (
+  expression: unknown,
+  params: MachineContext['params'],
+  user?: MachineContext['user']
+): Promise<boolean> => {
+  if (typeof expression === 'boolean') {
+    return expression
+  }
+
+  if (!expression || typeof expression !== 'object') {
+    return Boolean(expression)
+  }
+
+  const block = expression as Record<string, unknown>
+  const functionCondition = getFunctionCondition(block)
+
+  if (functionCondition) {
+    return evaluateComplexExpression(functionCondition, params, user)
+  }
+
+  const andKey = andConditions.find((key) => Object.prototype.hasOwnProperty.call(block, key))
+  if (andKey) {
+    const conditions = Array.isArray(block[andKey]) ? (block[andKey] as unknown[]) : []
+    if (!conditions.length) return true
+
+    for (const condition of conditions) {
+      if (!(await evaluateExpandedExpression(condition, params, user))) {
+        return false
+      }
+    }
+
+    return true
+  }
+
+  const orKey = orConditions.find((key) => Object.prototype.hasOwnProperty.call(block, key))
+  if (orKey) {
+    const conditions = Array.isArray(block[orKey]) ? (block[orKey] as unknown[]) : []
+    if (!conditions.length) return true
+
+    for (const condition of conditions) {
+      if (await evaluateExpandedExpression(condition, params, user)) {
+        return true
+      }
+    }
+
+    return false
+  }
+
+  const keys = Object.keys(block)
+  if (keys.length > 1) {
+    for (const key of keys) {
+      if (!(await evaluateExpandedExpression({ [key]: block[key] }, params, user))) {
+        return false
+      }
+    }
+
+    return true
+  }
+
+  return rulesMatcherUtils.checkRule(block as never, buildEvaluationContext(params, user), {})
+}
+
+export const evaluateExpression = async (
+  params: MachineContext['params'],
+  expression?: PermissionExpression,
+  user?: MachineContext['user']
+): Promise<boolean> => {
+  if (!expression || typeof expression === 'boolean') return !!expression
+
+  const value = buildEvaluationContext(params, user)
   const conditions = expandQuery(expression, value)
-  const complexCondition = Object.entries(conditions as Record<string, any>).find(
-    ([key]) => functionsConditions.includes(key)
-  )
-  return complexCondition
-    ? await evaluateComplexExpression(complexCondition, params, normalizedUser)
-    : rulesMatcherUtils.checkRule(conditions, value, {})
+  return evaluateExpandedExpression(conditions, params, user)
 }
 
 const evaluateComplexExpression = async (
@@ -74,7 +167,7 @@ const evaluateComplexExpression = async (
   const expandedArguments =
     fnArguments && fnArguments.length
       ? ((expandQuery({ args: fnArguments }, expansionContext) as { args: unknown[] })
-          .args ?? [])
+        .args ?? [])
       : [params.cursor]
 
   const response = await GenerateContext({

package/src/utils/roles/machines/utils.ts

@@ -2,6 +2,7 @@ import { Document, OptionalId } from 'mongodb'
 import { User } from '../../../auth/dtos'
 import { Filter } from '../../../features/rules/interface'
 import { getValidRule } from '../../../services/mongodb-atlas/utils'
+import { evaluateExpression } from '../helpers'
 import { Role } from '../interface'
 import { LogMachineInfoParams } from './interface'
 
@@ -28,6 +29,20 @@ export const getWinningRole = (
   return null
 }
 
+export const getWinningRoleAsync = async (
+  document: OptionalId<Document> | null,
+  user: User,
+  roles: Role[] = []
+): Promise<Role | null> => {
+  if (!roles.length) return null
+  for (const role of roles) {
+    if (await checkApplyWhenAsync(role.apply_when, user, document)) {
+      return role
+    }
+  }
+  return null
+}
+
 /**
  * Checks if the `apply_when` condition is valid for the given user and document.
  *
@@ -50,6 +65,25 @@ export const checkApplyWhen = (
   return !!validRule.length
 }
 
+export const checkApplyWhenAsync = async (
+  apply_when: Role['apply_when'],
+  user: User,
+  document: OptionalId<Document> | null
+) => {
+  return evaluateExpression(
+    {
+      type: 'read',
+      roles: [],
+      cursor: document,
+      expansions: {
+        '%%prevRoot': undefined
+      }
+    },
+    apply_when,
+    user
+  )
+}
+
 /**
  * Logs machine step information if logging is enabled.
  *