@forestadmin/agent 1.0.0-alpha.1

package/dist/routes/modification/update-field.js

@@ -0,0 +1,39 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const datasource_toolkit_1 = require("@forestadmin/datasource-toolkit");
+const types_1 = require("../../types");
+const collection_route_1 = __importDefault(require("../collection-route"));
+const id_1 = __importDefault(require("../../utils/id"));
+const query_string_1 = __importDefault(require("../../utils/query-string"));
+class UpdateField extends collection_route_1.default {
+    setupRoutes(router) {
+        router.put(`/${this.collection.name}/:id/relationships/:field/:index(\\d+)`, this.handleUpdate.bind(this));
+    }
+    async handleUpdate(context) {
+        await this.services.authorization.assertCanEdit(context, this.collection.name);
+        const { field, index, id } = context.params;
+        const subRecord = context.request.body?.data?.attributes;
+        // Validate parameters
+        // @fixme At the time of writing this route, the Validator does not support composite types
+        datasource_toolkit_1.FieldValidator.validate(this.collection, field, [{ [field]: [subRecord] }]);
+        // Create caller & filter
+        const unpackedId = id_1.default.unpackId(this.collection.schema, id);
+        const conditionTree = datasource_toolkit_1.ConditionTreeFactory.intersect(datasource_toolkit_1.ConditionTreeFactory.matchIds(this.collection.schema, [unpackedId]), await this.services.permissions.getScope(this.collection, context));
+        const caller = query_string_1.default.parseCaller(context);
+        const filter = new datasource_toolkit_1.Filter({ conditionTree });
+        // Load & check record
+        const [record] = await this.collection.list(caller, filter, new datasource_toolkit_1.Projection(field));
+        if (index > record[field]?.length) {
+            throw new datasource_toolkit_1.ValidationError(`Field '${field}' is too short`);
+        }
+        record[field][index] = subRecord;
+        // Update record
+        await this.collection.update(caller, filter, { [field]: record[field] });
+        context.response.status = types_1.HttpCode.NoContent;
+    }
+}
+exports.default = UpdateField;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXBkYXRlLWZpZWxkLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3JvdXRlcy9tb2RpZmljYXRpb24vdXBkYXRlLWZpZWxkLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsd0VBTXlDO0FBSXpDLHVDQUF1QztBQUN2QywyRUFBa0Q7QUFDbEQsd0RBQXFDO0FBQ3JDLDRFQUF5RDtBQUV6RCxNQUFxQixXQUFZLFNBQVEsMEJBQWU7SUFDdEQsV0FBVyxDQUFDLE1BQWM7UUFDeEIsTUFBTSxDQUFDLEdBQUcsQ0FDUixJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSx3Q0FBd0MsRUFDaEUsSUFBSSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQzdCLENBQUM7SUFDSixDQUFDO0lBRU0sS0FBSyxDQUFDLFlBQVksQ0FBQyxPQUFnQjtRQUN4QyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLGFBQWEsQ0FBQyxPQUFPLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUUvRSxNQUFNLEVBQUUsS0FBSyxFQUFFLEtBQUssRUFBRSxFQUFFLEVBQUUsR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDO1FBQzVDLE1BQU0sU0FBUyxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsSUFBSSxFQUFFLElBQUksRUFBRSxVQUFVLENBQUM7UUFFekQsc0JBQXNCO1FBQ3RCLDJGQUEyRjtRQUMzRixtQ0FBYyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLEtBQUssRUFBRSxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBRTVFLHlCQUF5QjtRQUN6QixNQUFNLFVBQVUsR0FBRyxZQUFPLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ2hFLE1BQU0sYUFBYSxHQUFHLHlDQUFvQixDQUFDLFNBQVMsQ0FDbEQseUNBQW9CLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxFQUFFLENBQUMsVUFBVSxDQUFDLENBQUMsRUFDbkUsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxPQUFPLENBQUMsQ0FDbkUsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLHNCQUFpQixDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN0RCxNQUFNLE1BQU0sR0FBRyxJQUFJLDJCQUFNLENBQUMsRUFBRSxhQUFhLEVBQUUsQ0FBQyxDQUFDO1FBRTdDLHNCQUFzQjtRQUN0QixNQUFNLENBQUMsTUFBTSxDQUFDLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsTUFBTSxFQUFFLElBQUksK0JBQVUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDO1FBRW5GLElBQUksS0FBSyxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsRUFBRSxNQUFNLEVBQUU7WUFDakMsTUFBTSxJQUFJLG9DQUFlLENBQUMsVUFBVSxLQUFLLGdCQUFnQixDQUFDLENBQUM7U0FDNUQ7UUFFRCxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsS0FBSyxDQUFDLEdBQUcsU0FBUyxDQUFDO1FBRWpDLGdCQUFnQjtRQUNoQixNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxNQUFNLEVBQUUsRUFBRSxDQUFDLEtBQUssQ0FBQyxFQUFFLE1BQU0sQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7UUFFekUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLEdBQUcsZ0JBQVEsQ0FBQyxTQUFTLENBQUM7SUFDL0MsQ0FBQztDQUNGO0FBMUNELDhCQTBDQyJ9

package/dist/routes/modification/update-relation.d.ts

@@ -0,0 +1,11 @@
+/// <reference types="koa__router" />
+import { Context } from 'koa';
+import Router from '@koa/router';
+import RelationRoute from '../relation-route';
+export default class UpdateRelation extends RelationRoute {
+    setupRoutes(router: Router): void;
+    handleUpdateRelationRoute(context: Context): Promise<void>;
+    private updateManyToOne;
+    private updateOneToOne;
+}
+//# sourceMappingURL=update-relation.d.ts.map

package/dist/routes/modification/update-relation.js

@@ -0,0 +1,59 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const datasource_toolkit_1 = require("@forestadmin/datasource-toolkit");
+const types_1 = require("../../types");
+const id_1 = __importDefault(require("../../utils/id"));
+const query_string_1 = __importDefault(require("../../utils/query-string"));
+const relation_route_1 = __importDefault(require("../relation-route"));
+class UpdateRelation extends relation_route_1.default {
+    setupRoutes(router) {
+        router.put(`/${this.collection.name}/:parentId/relationships/${this.relationName}`, this.handleUpdateRelationRoute.bind(this));
+    }
+    async handleUpdateRelationRoute(context) {
+        const relation = this.collection.schema.fields[this.relationName];
+        const caller = query_string_1.default.parseCaller(context);
+        const parentId = id_1.default.unpackId(this.collection.schema, context.params.parentId);
+        const linkedId = context.request.body?.data?.id
+            ? id_1.default.unpackId(this.foreignCollection.schema, context.request.body.data.id)
+            : null;
+        if (relation.type === 'ManyToOne') {
+            await this.updateManyToOne(context, relation, parentId, linkedId, caller);
+        }
+        else if (relation.type === 'OneToOne') {
+            await this.updateOneToOne(context, relation, parentId, linkedId, caller);
+        }
+        context.response.status = types_1.HttpCode.NoContent;
+    }
+    async updateManyToOne(context, relation, parentId, linkedId, caller) {
+        // Perms
+        const scope = await this.services.permissions.getScope(this.collection, context);
+        await this.services.authorization.assertCanEdit(context, this.collection.name);
+        // Load the value that will be used as foreignKey (=== linkedId[0] most of the time)
+        const foreignValue = linkedId
+            ? await datasource_toolkit_1.CollectionUtils.getValue(this.foreignCollection, caller, linkedId, relation.foreignKeyTarget)
+            : null;
+        // Overwrite old foreign key with new one (only one query needed).
+        const fkOwner = datasource_toolkit_1.ConditionTreeFactory.matchIds(this.collection.schema, [parentId]);
+        await this.collection.update(caller, new datasource_toolkit_1.Filter({ conditionTree: datasource_toolkit_1.ConditionTreeFactory.intersect(fkOwner, scope) }), { [relation.foreignKey]: foreignValue });
+    }
+    async updateOneToOne(context, relation, parentId, linkedId, caller) {
+        // Permissions
+        const scope = await this.services.permissions.getScope(this.foreignCollection, context);
+        await this.services.authorization.assertCanEdit(context, this.foreignCollection.name);
+        // Load the value that will be used as originKey (=== parentId[0] most of the time)
+        const originValue = await datasource_toolkit_1.CollectionUtils.getValue(this.collection, caller, parentId, relation.originKeyTarget);
+        // Break old relation (may update zero or one records).
+        const oldFkOwner = new datasource_toolkit_1.ConditionTreeLeaf(relation.originKey, 'Equal', originValue);
+        await this.foreignCollection.update(caller, new datasource_toolkit_1.Filter({ conditionTree: datasource_toolkit_1.ConditionTreeFactory.intersect(oldFkOwner, scope) }), { [relation.originKey]: null });
+        // Create new relation (will update exactly one record).
+        if (linkedId) {
+            const newFkOwner = datasource_toolkit_1.ConditionTreeFactory.matchIds(this.foreignCollection.schema, [linkedId]);
+            await this.foreignCollection.update(caller, new datasource_toolkit_1.Filter({ conditionTree: datasource_toolkit_1.ConditionTreeFactory.intersect(newFkOwner, scope) }), { [relation.originKey]: originValue });
+        }
+    }
+}
+exports.default = UpdateRelation;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXBkYXRlLXJlbGF0aW9uLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3JvdXRlcy9tb2RpZmljYXRpb24vdXBkYXRlLXJlbGF0aW9uLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsd0VBU3lDO0FBSXpDLHVDQUF1QztBQUN2Qyx3REFBcUM7QUFDckMsNEVBQXlEO0FBQ3pELHVFQUE4QztBQUU5QyxNQUFxQixjQUFlLFNBQVEsd0JBQWE7SUFDdkQsV0FBVyxDQUFDLE1BQWM7UUFDeEIsTUFBTSxDQUFDLEdBQUcsQ0FDUixJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSw0QkFBNEIsSUFBSSxDQUFDLFlBQVksRUFBRSxFQUN2RSxJQUFJLENBQUMseUJBQXlCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUMxQyxDQUFDO0lBQ0osQ0FBQztJQUVNLEtBQUssQ0FBQyx5QkFBeUIsQ0FBQyxPQUFnQjtRQUNyRCxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDO1FBQ2xFLE1BQU0sTUFBTSxHQUFHLHNCQUFpQixDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN0RCxNQUFNLFFBQVEsR0FBRyxZQUFPLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFbkYsTUFBTSxRQUFRLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxFQUFFLEVBQUU7WUFDN0MsQ0FBQyxDQUFDLFlBQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO1lBQy9FLENBQUMsQ0FBQyxJQUFJLENBQUM7UUFFVCxJQUFJLFFBQVEsQ0FBQyxJQUFJLEtBQUssV0FBVyxFQUFFO1lBQ2pDLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxPQUFPLEVBQUUsUUFBUSxFQUFFLFFBQVEsRUFBRSxRQUFRLEVBQUUsTUFBTSxDQUFDLENBQUM7U0FDM0U7YUFBTSxJQUFJLFFBQVEsQ0FBQyxJQUFJLEtBQUssVUFBVSxFQUFFO1lBQ3ZDLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxPQUFPLEVBQUUsUUFBUSxFQUFFLFFBQVEsRUFBRSxRQUFRLEVBQUUsTUFBTSxDQUFDLENBQUM7U0FDMUU7UUFFRCxPQUFPLENBQUMsUUFBUSxDQUFDLE1BQU0sR0FBRyxnQkFBUSxDQUFDLFNBQVMsQ0FBQztJQUMvQyxDQUFDO0lBRU8sS0FBSyxDQUFDLGVBQWUsQ0FDM0IsT0FBZ0IsRUFDaEIsUUFBeUIsRUFDekIsUUFBcUIsRUFDckIsUUFBcUIsRUFDckIsTUFBYztRQUVkLFFBQVE7UUFDUixNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQ2pGLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBRS9FLG9GQUFvRjtRQUNwRixNQUFNLFlBQVksR0FBRyxRQUFRO1lBQzNCLENBQUMsQ0FBQyxNQUFNLG9DQUFlLENBQUMsUUFBUSxDQUM1QixJQUFJLENBQUMsaUJBQWlCLEVBQ3RCLE1BQU0sRUFDTixRQUFRLEVBQ1IsUUFBUSxDQUFDLGdCQUFnQixDQUMxQjtZQUNILENBQUMsQ0FBQyxJQUFJLENBQUM7UUFFVCxrRUFBa0U7UUFDbEUsTUFBTSxPQUFPLEdBQUcseUNBQW9CLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxFQUFFLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQztRQUVsRixNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUMxQixNQUFNLEVBQ04sSUFBSSwyQkFBTSxDQUFDLEVBQUUsYUFBYSxFQUFFLHlDQUFvQixDQUFDLFNBQVMsQ0FBQyxPQUFPLEVBQUUsS0FBSyxDQUFDLEVBQUUsQ0FBQyxFQUM3RSxFQUFFLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxFQUFFLFlBQVksRUFBRSxDQUN4QyxDQUFDO0lBQ0osQ0FBQztJQUVPLEtBQUssQ0FBQyxjQUFjLENBQzFCLE9BQWdCLEVBQ2hCLFFBQXdCLEVBQ3hCLFFBQXFCLEVBQ3JCLFFBQXFCLEVBQ3JCLE1BQWM7UUFFZCxjQUFjO1FBQ2QsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLGlCQUFpQixFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQ3hGLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFdEYsbUZBQW1GO1FBQ25GLE1BQU0sV0FBVyxHQUFHLE1BQU0sb0NBQWUsQ0FBQyxRQUFRLENBQ2hELElBQUksQ0FBQyxVQUFVLEVBQ2YsTUFBTSxFQUNOLFFBQVEsRUFDUixRQUFRLENBQUMsZUFBZSxDQUN6QixDQUFDO1FBRUYsdURBQXVEO1FBQ3ZELE1BQU0sVUFBVSxHQUFHLElBQUksc0NBQWlCLENBQUMsUUFBUSxDQUFDLFNBQVMsRUFBRSxPQUFPLEVBQUUsV0FBVyxDQUFDLENBQUM7UUFDbkYsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsTUFBTSxDQUNqQyxNQUFNLEVBQ04sSUFBSSwyQkFBTSxDQUFDLEVBQUUsYUFBYSxFQUFFLHlDQUFvQixDQUFDLFNBQVMsQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLEVBQUUsQ0FBQyxFQUNoRixFQUFFLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxFQUFFLElBQUksRUFBRSxDQUMvQixDQUFDO1FBRUYsd0RBQXdEO1FBQ3hELElBQUksUUFBUSxFQUFFO1lBQ1osTUFBTSxVQUFVLEdBQUcseUNBQW9CLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDO1lBQzVGLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sQ0FDakMsTUFBTSxFQUNOLElBQUksMkJBQU0sQ0FBQyxFQUFFLGFBQWEsRUFBRSx5Q0FBb0IsQ0FBQyxTQUFTLENBQUMsVUFBVSxFQUFFLEtBQUssQ0FBQyxFQUFFLENBQUMsRUFDaEYsRUFBRSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsRUFBRSxXQUFXLEVBQUUsQ0FDdEMsQ0FBQztTQUNIO0lBQ0gsQ0FBQztDQUNGO0FBOUZELGlDQThGQyJ9

package/dist/routes/modification/update.d.ts

@@ -0,0 +1,9 @@
+/// <reference types="koa__router" />
+import { Context } from 'koa';
+import Router from '@koa/router';
+import CollectionRoute from '../collection-route';
+export default class UpdateRoute extends CollectionRoute {
+    setupRoutes(router: Router): void;
+    handleUpdate(context: Context): Promise<void>;
+}
+//# sourceMappingURL=update.d.ts.map

package/dist/routes/modification/update.js

@@ -0,0 +1,31 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const datasource_toolkit_1 = require("@forestadmin/datasource-toolkit");
+const collection_route_1 = __importDefault(require("../collection-route"));
+const id_1 = __importDefault(require("../../utils/id"));
+const query_string_1 = __importDefault(require("../../utils/query-string"));
+class UpdateRoute extends collection_route_1.default {
+    setupRoutes(router) {
+        router.put(`/${this.collection.name}/:id`, this.handleUpdate.bind(this));
+    }
+    async handleUpdate(context) {
+        await this.services.authorization.assertCanEdit(context, this.collection.name);
+        const id = id_1.default.unpackId(this.collection.schema, context.params.id);
+        const { body } = context.request;
+        if ('relationships' in body.data) {
+            delete body.data.relationships;
+        }
+        const record = this.services.serializer.deserialize(this.collection, body);
+        datasource_toolkit_1.RecordValidator.validate(this.collection, record);
+        const conditionTree = datasource_toolkit_1.ConditionTreeFactory.intersect(datasource_toolkit_1.ConditionTreeFactory.matchIds(this.collection.schema, [id]), await this.services.permissions.getScope(this.collection, context));
+        const caller = query_string_1.default.parseCaller(context);
+        await this.collection.update(caller, new datasource_toolkit_1.Filter({ conditionTree }), record);
+        const [updateResult] = await this.collection.list(caller, new datasource_toolkit_1.Filter({ conditionTree }), datasource_toolkit_1.ProjectionFactory.all(this.collection));
+        context.response.body = this.services.serializer.serialize(this.collection, updateResult);
+    }
+}
+exports.default = UpdateRoute;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXBkYXRlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3JvdXRlcy9tb2RpZmljYXRpb24vdXBkYXRlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsd0VBS3lDO0FBSXpDLDJFQUFrRDtBQUNsRCx3REFBcUM7QUFDckMsNEVBQXlEO0FBRXpELE1BQXFCLFdBQVksU0FBUSwwQkFBZTtJQUN0RCxXQUFXLENBQUMsTUFBYztRQUN4QixNQUFNLENBQUMsR0FBRyxDQUFDLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLE1BQU0sRUFBRSxJQUFJLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO0lBQzNFLENBQUM7SUFFTSxLQUFLLENBQUMsWUFBWSxDQUFDLE9BQWdCO1FBQ3hDLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBRS9FLE1BQU0sRUFBRSxHQUFHLFlBQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLEVBQUUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUV2RSxNQUFNLEVBQUUsSUFBSSxFQUFFLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQztRQUVqQyxJQUFJLGVBQWUsSUFBSSxJQUFJLENBQUMsSUFBSSxFQUFFO1lBQ2hDLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUM7U0FDaEM7UUFFRCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxJQUFJLENBQUMsQ0FBQztRQUMzRSxvQ0FBZSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBRWxELE1BQU0sYUFBYSxHQUFHLHlDQUFvQixDQUFDLFNBQVMsQ0FDbEQseUNBQW9CLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUMsRUFDM0QsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxPQUFPLENBQUMsQ0FDbkUsQ0FBQztRQUNGLE1BQU0sTUFBTSxHQUFHLHNCQUFpQixDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUN0RCxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxJQUFJLDJCQUFNLENBQUMsRUFBRSxhQUFhLEVBQUUsQ0FBQyxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBQzVFLE1BQU0sQ0FBQyxZQUFZLENBQUMsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUMvQyxNQUFNLEVBQ04sSUFBSSwyQkFBTSxDQUFDLEVBQUUsYUFBYSxFQUFFLENBQUMsRUFDN0Isc0NBQWlCLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FDdkMsQ0FBQztRQUVGLE9BQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLFlBQVksQ0FBQyxDQUFDO0lBQzVGLENBQUM7Q0FDRjtBQWpDRCw4QkFpQ0MifQ==

package/dist/routes/relation-route.d.ts

@@ -0,0 +1,10 @@
+import { Collection, DataSource } from '@forestadmin/datasource-toolkit';
+import { AgentOptionsWithDefaults } from '../types';
+import { ForestAdminHttpDriverServices } from '../services';
+import CollectionRoute from './collection-route';
+export default abstract class RelationRoute extends CollectionRoute {
+    protected readonly relationName: string;
+    protected get foreignCollection(): Collection;
+    constructor(services: ForestAdminHttpDriverServices, options: AgentOptionsWithDefaults, dataSource: DataSource, collectionName: string, relationName: string);
+}
+//# sourceMappingURL=relation-route.d.ts.map

package/dist/routes/relation-route.js

@@ -0,0 +1,18 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const collection_route_1 = __importDefault(require("./collection-route"));
+class RelationRoute extends collection_route_1.default {
+    constructor(services, options, dataSource, collectionName, relationName) {
+        super(services, options, dataSource, collectionName);
+        this.relationName = relationName;
+    }
+    get foreignCollection() {
+        const schema = this.collection.schema.fields[this.relationName];
+        return this.collection.dataSource.getCollection(schema.foreignCollection);
+    }
+}
+exports.default = RelationRoute;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmVsYXRpb24tcm91dGUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvcm91dGVzL3JlbGF0aW9uLXJvdXRlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBSUEsMEVBQWlEO0FBRWpELE1BQThCLGFBQWMsU0FBUSwwQkFBZTtJQVNqRSxZQUNFLFFBQXVDLEVBQ3ZDLE9BQWlDLEVBQ2pDLFVBQXNCLEVBQ3RCLGNBQXNCLEVBQ3RCLFlBQW9CO1FBRXBCLEtBQUssQ0FBQyxRQUFRLEVBQUUsT0FBTyxFQUFFLFVBQVUsRUFBRSxjQUFjLENBQUMsQ0FBQztRQUNyRCxJQUFJLENBQUMsWUFBWSxHQUFHLFlBQVksQ0FBQztJQUNuQyxDQUFDO0lBZkQsSUFBYyxpQkFBaUI7UUFDN0IsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxZQUFZLENBQW1CLENBQUM7UUFFbEYsT0FBTyxJQUFJLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQyxhQUFhLENBQUMsTUFBTSxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDNUUsQ0FBQztDQVlGO0FBbkJELGdDQW1CQyJ9

package/dist/routes/security/authentication.d.ts

@@ -0,0 +1,15 @@
+/// <reference types="koa__router" />
+import Router from '@koa/router';
+import { Context } from 'koa';
+import { RouteType } from '../../types';
+import BaseRoute from '../base-route';
+export default class Authentication extends BaseRoute {
+    readonly type = RouteType.Authentication;
+    private client;
+    bootstrap(): Promise<void>;
+    setupRoutes(router: Router): void;
+    handleAuthentication(context: Context): Promise<void>;
+    handleAuthenticationCallback(context: Context): Promise<void>;
+    private static checkRenderingId;
+}
+//# sourceMappingURL=authentication.d.ts.map

package/dist/routes/security/authentication.js

@@ -0,0 +1,74 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const openid_client_1 = require("openid-client");
+const datasource_toolkit_1 = require("@forestadmin/datasource-toolkit");
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const koa_jwt_1 = __importDefault(require("koa-jwt"));
+const types_1 = require("../../types");
+const base_route_1 = __importDefault(require("../base-route"));
+const forest_http_api_1 = __importDefault(require("../../utils/forest-http-api"));
+class Authentication extends base_route_1.default {
+    constructor() {
+        super(...arguments);
+        this.type = types_1.RouteType.Authentication;
+    }
+    async bootstrap() {
+        // Retrieve OpenId Issuer from forestadmin-server
+        // We can't use 'Issuer.discover' because the oidc config is behind an auth-wall.
+        const issuer = new openid_client_1.Issuer(await forest_http_api_1.default.getOpenIdIssuerMetadata(this.options));
+        const registration = {
+            token_endpoint_auth_method: 'none',
+        };
+        // Register a new oidc client
+        this.client = await issuer.Client.register(registration, {
+            initialAccessToken: this.options.envSecret,
+        });
+    }
+    setupRoutes(router) {
+        router.post('/authentication', this.handleAuthentication.bind(this));
+        router.get('/authentication/callback', this.handleAuthenticationCallback.bind(this));
+        router.use((0, koa_jwt_1.default)({ secret: this.options.authSecret, cookie: 'forest_session_token' }));
+    }
+    async handleAuthentication(context) {
+        const renderingId = Number(context.request.body?.renderingId);
+        Authentication.checkRenderingId(renderingId);
+        const authorizationUrl = this.client.authorizationUrl({
+            scope: 'openid email profile',
+            state: JSON.stringify({ renderingId }),
+        });
+        context.response.body = { authorizationUrl };
+    }
+    async handleAuthenticationCallback(context) {
+        // Retrieve renderingId
+        const { query } = context.request;
+        const state = query.state.toString();
+        let renderingId;
+        try {
+            renderingId = JSON.parse(state).renderingId;
+            Authentication.checkRenderingId(renderingId);
+        }
+        catch {
+            throw new datasource_toolkit_1.ValidationError('Failed to retrieve renderingId from query[state]');
+        }
+        // Retrieve user
+        const tokenSet = await this.client.callback(undefined, query, { state });
+        const accessToken = tokenSet.access_token;
+        const user = await forest_http_api_1.default.getUserInformation(this.options, renderingId, accessToken);
+        // Generate final token.
+        const token = jsonwebtoken_1.default.sign(user, this.options.authSecret, { expiresIn: '1 hours' });
+        context.response.body = {
+            token,
+            tokenData: jsonwebtoken_1.default.decode(token),
+        };
+    }
+    static checkRenderingId(renderingId) {
+        if (Number.isNaN(renderingId)) {
+            throw new datasource_toolkit_1.ValidationError('Rendering id must be a number');
+        }
+    }
+}
+exports.default = Authentication;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXV0aGVudGljYXRpb24uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcm91dGVzL3NlY3VyaXR5L2F1dGhlbnRpY2F0aW9uLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsaURBQWlFO0FBQ2pFLHdFQUFrRTtBQUVsRSxnRUFBd0M7QUFDeEMsc0RBQTBCO0FBRzFCLHVDQUF3QztBQUN4QywrREFBc0M7QUFDdEMsa0ZBQXdEO0FBRXhELE1BQXFCLGNBQWUsU0FBUSxvQkFBUztJQUFyRDs7UUFDVyxTQUFJLEdBQUcsaUJBQVMsQ0FBQyxjQUFjLENBQUM7SUFzRTNDLENBQUM7SUFsRVUsS0FBSyxDQUFDLFNBQVM7UUFDdEIsaURBQWlEO1FBQ2pELGlGQUFpRjtRQUNqRixNQUFNLE1BQU0sR0FBRyxJQUFJLHNCQUFNLENBQUMsTUFBTSx5QkFBYSxDQUFDLHVCQUF1QixDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO1FBRXJGLE1BQU0sWUFBWSxHQUFHO1lBQ25CLDBCQUEwQixFQUFFLE1BQTBCO1NBQ3ZELENBQUM7UUFFRiw2QkFBNkI7UUFDN0IsSUFBSSxDQUFDLE1BQU0sR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLFlBQVksRUFBRTtZQUN2RCxrQkFBa0IsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVM7U0FDM0MsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELFdBQVcsQ0FBQyxNQUFjO1FBQ3hCLE1BQU0sQ0FBQyxJQUFJLENBQUMsaUJBQWlCLEVBQUUsSUFBSSxDQUFDLG9CQUFvQixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO1FBQ3JFLE1BQU0sQ0FBQyxHQUFHLENBQUMsMEJBQTBCLEVBQUUsSUFBSSxDQUFDLDRCQUE0QixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO1FBRXJGLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBQSxpQkFBRyxFQUFDLEVBQUUsTUFBTSxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsVUFBVSxFQUFFLE1BQU0sRUFBRSxzQkFBc0IsRUFBRSxDQUFDLENBQUMsQ0FBQztJQUN2RixDQUFDO0lBRU0sS0FBSyxDQUFDLG9CQUFvQixDQUFDLE9BQWdCO1FBQ2hELE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxXQUFXLENBQUMsQ0FBQztRQUM5RCxjQUFjLENBQUMsZ0JBQWdCLENBQUMsV0FBVyxDQUFDLENBQUM7UUFFN0MsTUFBTSxnQkFBZ0IsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLGdCQUFnQixDQUFDO1lBQ3BELEtBQUssRUFBRSxzQkFBc0I7WUFDN0IsS0FBSyxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsRUFBRSxXQUFXLEVBQUUsQ0FBQztTQUN2QyxDQUFDLENBQUM7UUFFSCxPQUFPLENBQUMsUUFBUSxDQUFDLElBQUksR0FBRyxFQUFFLGdCQUFnQixFQUFFLENBQUM7SUFDL0MsQ0FBQztJQUVNLEtBQUssQ0FBQyw0QkFBNEIsQ0FBQyxPQUFnQjtRQUN4RCx1QkFBdUI7UUFDdkIsTUFBTSxFQUFFLEtBQUssRUFBRSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUM7UUFDbEMsTUFBTSxLQUFLLEdBQUcsS0FBSyxDQUFDLEtBQUssQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUNyQyxJQUFJLFdBQW1CLENBQUM7UUFFeEIsSUFBSTtZQUNGLFdBQVcsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDLFdBQVcsQ0FBQztZQUM1QyxjQUFjLENBQUMsZ0JBQWdCLENBQUMsV0FBVyxDQUFDLENBQUM7U0FDOUM7UUFBQyxNQUFNO1lBQ04sTUFBTSxJQUFJLG9DQUFlLENBQUMsa0RBQWtELENBQUMsQ0FBQztTQUMvRTtRQUVELGdCQUFnQjtRQUNoQixNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLFNBQVMsRUFBRSxLQUFLLEVBQUUsRUFBRSxLQUFLLEVBQUUsQ0FBQyxDQUFDO1FBQ3pFLE1BQU0sV0FBVyxHQUFHLFFBQVEsQ0FBQyxZQUFZLENBQUM7UUFDMUMsTUFBTSxJQUFJLEdBQUcsTUFBTSx5QkFBYSxDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsV0FBVyxFQUFFLFdBQVcsQ0FBQyxDQUFDO1FBRTVGLHdCQUF3QjtRQUN4QixNQUFNLEtBQUssR0FBRyxzQkFBWSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxVQUFVLEVBQUUsRUFBRSxTQUFTLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQztRQUV6RixPQUFPLENBQUMsUUFBUSxDQUFDLElBQUksR0FBRztZQUN0QixLQUFLO1lBQ0wsU0FBUyxFQUFFLHNCQUFZLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQztTQUN0QyxDQUFDO0lBQ0osQ0FBQztJQUVPLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxXQUFtQjtRQUNqRCxJQUFJLE1BQU0sQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLEVBQUU7WUFDN0IsTUFBTSxJQUFJLG9DQUFlLENBQUMsK0JBQStCLENBQUMsQ0FBQztTQUM1RDtJQUNILENBQUM7Q0FDRjtBQXZFRCxpQ0F1RUMifQ==

package/dist/routes/security/ip-whitelist.d.ts

@@ -0,0 +1,14 @@
+/// <reference types="koa__router" />
+import { Context, Next } from 'koa';
+import Router from '@koa/router';
+import { RouteType } from '../../types';
+import BaseRoute from '../base-route';
+export default class IpWhitelist extends BaseRoute {
+    type: RouteType;
+    private configuration;
+    setupRoutes(router: Router): void;
+    /** Load whitelist */
+    bootstrap(): Promise<void>;
+    checkIp(context: Context, next: Next): Promise<boolean>;
+}
+//# sourceMappingURL=ip-whitelist.d.ts.map

package/dist/routes/security/ip-whitelist.js

@@ -0,0 +1,35 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const forest_ip_utils_1 = __importDefault(require("forest-ip-utils"));
+const types_1 = require("../../types");
+const base_route_1 = __importDefault(require("../base-route"));
+const forest_http_api_1 = __importDefault(require("../../utils/forest-http-api"));
+class IpWhitelist extends base_route_1.default {
+    constructor() {
+        super(...arguments);
+        this.type = types_1.RouteType.Authentication;
+    }
+    setupRoutes(router) {
+        router.use(this.checkIp.bind(this));
+    }
+    /** Load whitelist */
+    async bootstrap() {
+        this.configuration = await forest_http_api_1.default.getIpWhitelistConfiguration(this.options);
+    }
+    async checkIp(context, next) {
+        if (this.configuration.isFeatureEnabled) {
+            const { ipRules } = this.configuration;
+            const currentIp = context.request.headers['x-forwarded-for'] ?? context.request.ip;
+            const allowed = ipRules.some(ipRule => forest_ip_utils_1.default.isIpMatchesRule(currentIp, ipRule));
+            if (!allowed) {
+                return context.throw(types_1.HttpCode.Forbidden, `IP address rejected (${currentIp})`);
+            }
+        }
+        return next();
+    }
+}
+exports.default = IpWhitelist;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaXAtd2hpdGVsaXN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3JvdXRlcy9zZWN1cml0eS9pcC13aGl0ZWxpc3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFDQSxzRUFBcUM7QUFHckMsdUNBQWtEO0FBQ2xELCtEQUFzQztBQUN0QyxrRkFBc0Y7QUFFdEYsTUFBcUIsV0FBWSxTQUFRLG9CQUFTO0lBQWxEOztRQUNFLFNBQUksR0FBRyxpQkFBUyxDQUFDLGNBQWMsQ0FBQztJQTBCbEMsQ0FBQztJQXRCQyxXQUFXLENBQUMsTUFBYztRQUN4QixNQUFNLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVELHFCQUFxQjtJQUNaLEtBQUssQ0FBQyxTQUFTO1FBQ3RCLElBQUksQ0FBQyxhQUFhLEdBQUcsTUFBTSx5QkFBYSxDQUFDLDJCQUEyQixDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUNyRixDQUFDO0lBRUQsS0FBSyxDQUFDLE9BQU8sQ0FBQyxPQUFnQixFQUFFLElBQVU7UUFDeEMsSUFBSSxJQUFJLENBQUMsYUFBYSxDQUFDLGdCQUFnQixFQUFFO1lBQ3ZDLE1BQU0sRUFBRSxPQUFPLEVBQUUsR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDO1lBQ3ZDLE1BQU0sU0FBUyxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLGlCQUFpQixDQUFDLElBQUksT0FBTyxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDbkYsTUFBTSxPQUFPLEdBQUcsT0FBTyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLHlCQUFNLENBQUMsZUFBZSxDQUFDLFNBQVMsRUFBRSxNQUFNLENBQUMsQ0FBQyxDQUFDO1lBRWxGLElBQUksQ0FBQyxPQUFPLEVBQUU7Z0JBQ1osT0FBTyxPQUFPLENBQUMsS0FBSyxDQUFDLGdCQUFRLENBQUMsU0FBUyxFQUFFLHdCQUF3QixTQUFTLEdBQUcsQ0FBQyxDQUFDO2FBQ2hGO1NBQ0Y7UUFFRCxPQUFPLElBQUksRUFBRSxDQUFDO0lBQ2hCLENBQUM7Q0FDRjtBQTNCRCw4QkEyQkMifQ==

package/dist/routes/security/scope-invalidation.d.ts

@@ -0,0 +1,11 @@
+/// <reference types="koa__router" />
+import Router from '@koa/router';
+import { RouteType } from '../../types';
+import BaseRoute from '../base-route';
+export default class ScopeInvalidation extends BaseRoute {
+    readonly type = RouteType.PrivateRoute;
+    setupRoutes(router: Router): void;
+    /** Route called when scopes are modified so that we don't have to wait for expiration. */
+    private invalidateCache;
+}
+//# sourceMappingURL=scope-invalidation.d.ts.map

package/dist/routes/security/scope-invalidation.js

@@ -0,0 +1,28 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const datasource_toolkit_1 = require("@forestadmin/datasource-toolkit");
+const types_1 = require("../../types");
+const base_route_1 = __importDefault(require("../base-route"));
+class ScopeInvalidation extends base_route_1.default {
+    constructor() {
+        super(...arguments);
+        this.type = types_1.RouteType.PrivateRoute;
+    }
+    setupRoutes(router) {
+        router.post(`/scope-cache-invalidation`, this.invalidateCache.bind(this));
+    }
+    /** Route called when scopes are modified so that we don't have to wait for expiration. */
+    async invalidateCache(context) {
+        const renderingId = Number(context.request.body?.renderingId);
+        if (Number.isNaN(renderingId)) {
+            throw new datasource_toolkit_1.ValidationError('Malformed body');
+        }
+        this.services.permissions.invalidateCache(renderingId);
+        context.response.status = types_1.HttpCode.NoContent;
+    }
+}
+exports.default = ScopeInvalidation;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2NvcGUtaW52YWxpZGF0aW9uLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3JvdXRlcy9zZWN1cml0eS9zY29wZS1pbnZhbGlkYXRpb24udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFDQSx3RUFBa0U7QUFHbEUsdUNBQWtEO0FBQ2xELCtEQUFzQztBQUV0QyxNQUFxQixpQkFBa0IsU0FBUSxvQkFBUztJQUF4RDs7UUFDVyxTQUFJLEdBQUcsaUJBQVMsQ0FBQyxZQUFZLENBQUM7SUFrQnpDLENBQUM7SUFoQkMsV0FBVyxDQUFDLE1BQWM7UUFDeEIsTUFBTSxDQUFDLElBQUksQ0FBQywyQkFBMkIsRUFBRSxJQUFJLENBQUMsZUFBZSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO0lBQzVFLENBQUM7SUFFRCwwRkFBMEY7SUFDbEYsS0FBSyxDQUFDLGVBQWUsQ0FBQyxPQUFnQjtRQUM1QyxNQUFNLFdBQVcsR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsV0FBVyxDQUFDLENBQUM7UUFFOUQsSUFBSSxNQUFNLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxFQUFFO1lBQzdCLE1BQU0sSUFBSSxvQ0FBZSxDQUFDLGdCQUFnQixDQUFDLENBQUM7U0FDN0M7UUFFRCxJQUFJLENBQUMsUUFBUSxDQUFDLFdBQVcsQ0FBQyxlQUFlLENBQUMsV0FBVyxDQUFDLENBQUM7UUFFdkQsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLEdBQUcsZ0JBQVEsQ0FBQyxTQUFTLENBQUM7SUFDL0MsQ0FBQztDQUNGO0FBbkJELG9DQW1CQyJ9

package/dist/routes/system/error-handling.d.ts

@@ -0,0 +1,13 @@
+/// <reference types="koa__router" />
+import Router from '@koa/router';
+import { RouteType } from '../../types';
+import BaseRoute from '../base-route';
+export default class ErrorHandling extends BaseRoute {
+    type: RouteType;
+    setupRoutes(router: Router): void;
+    private errorHandler;
+    private getErrorStatus;
+    private getErrorMessage;
+    private debugLogError;
+}
+//# sourceMappingURL=error-handling.d.ts.map

package/dist/routes/system/error-handling.js

@@ -0,0 +1,75 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const koa_1 = require("koa");
+const datasource_toolkit_1 = require("@forestadmin/datasource-toolkit");
+const types_1 = require("../../types");
+const base_route_1 = __importDefault(require("../base-route"));
+class ErrorHandling extends base_route_1.default {
+    constructor() {
+        super(...arguments);
+        this.type = types_1.RouteType.ErrorHandler;
+    }
+    setupRoutes(router) {
+        router.use(this.errorHandler.bind(this));
+    }
+    async errorHandler(context, next) {
+        try {
+            await next();
+        }
+        catch (e) {
+            context.response.status = this.getErrorStatus(e);
+            context.response.body = { errors: [{ detail: this.getErrorMessage(e) }] };
+            if (!this.options.isProduction) {
+                process.nextTick(() => this.debugLogError(context, e));
+            }
+        }
+    }
+    getErrorStatus(error) {
+        if (error instanceof datasource_toolkit_1.ValidationError)
+            return types_1.HttpCode.BadRequest;
+        if (error instanceof datasource_toolkit_1.ForbiddenError)
+            return types_1.HttpCode.Forbidden;
+        if (error instanceof datasource_toolkit_1.UnprocessableError)
+            return types_1.HttpCode.Unprocessable;
+        if (error instanceof koa_1.HttpError)
+            return error.status;
+        return types_1.HttpCode.InternalServerError;
+    }
+    getErrorMessage(error) {
+        if (error instanceof koa_1.HttpError ||
+            error instanceof datasource_toolkit_1.ValidationError ||
+            error instanceof datasource_toolkit_1.UnprocessableError ||
+            error instanceof datasource_toolkit_1.ForbiddenError) {
+            return error.message;
+        }
+        if (this.options.customizeErrorMessage) {
+            const message = this.options.customizeErrorMessage(error);
+            if (message)
+                return message;
+        }
+        return 'Unexpected error';
+    }
+    debugLogError(context, error) {
+        const { request } = context;
+        const query = JSON.stringify(request.query, null, ' ')?.replace(/"/g, '');
+        console.error('');
+        console.error(`\x1b[33m===== An exception was raised =====\x1b[0m`);
+        console.error(`${request.method} \x1b[34m${request.path}\x1b[36m?${query}\x1b[0m`);
+        if (request.method === 'POST' || request.method === 'PUT' || request.method === 'PATCH') {
+            const body = JSON.stringify(request.body, null, ' ')?.replace(/"/g, '');
+            console.error('');
+            console.error(`Body \x1b[36m${body}\x1b[0m`);
+        }
+        console.error('');
+        console.error('\x1b[31m', error.message, '\x1b[0m');
+        console.error('');
+        console.error(error.stack);
+        console.error(`\x1b[33m===================================\x1b[0m`);
+        console.error('');
+    }
+}
+exports.default = ErrorHandling;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXJyb3ItaGFuZGxpbmcuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcm91dGVzL3N5c3RlbS9lcnJvci1oYW5kbGluZy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLDZCQUErQztBQUMvQyx3RUFJeUM7QUFHekMsdUNBQWtEO0FBQ2xELCtEQUFzQztBQUV0QyxNQUFxQixhQUFjLFNBQVEsb0JBQVM7SUFBcEQ7O1FBQ0UsU0FBSSxHQUFHLGlCQUFTLENBQUMsWUFBWSxDQUFDO0lBbUVoQyxDQUFDO0lBakVDLFdBQVcsQ0FBQyxNQUFjO1FBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztJQUMzQyxDQUFDO0lBRU8sS0FBSyxDQUFDLFlBQVksQ0FBQyxPQUFnQixFQUFFLElBQVU7UUFDckQsSUFBSTtZQUNGLE1BQU0sSUFBSSxFQUFFLENBQUM7U0FDZDtRQUFDLE9BQU8sQ0FBQyxFQUFFO1lBQ1YsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLGNBQWMsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNqRCxPQUFPLENBQUMsUUFBUSxDQUFDLElBQUksR0FBRyxFQUFFLE1BQU0sRUFBRSxDQUFDLEVBQUUsTUFBTSxFQUFFLElBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUM7WUFFMUUsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxFQUFFO2dCQUM5QixPQUFPLENBQUMsUUFBUSxDQUFDLEdBQUcsRUFBRSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7YUFDeEQ7U0FDRjtJQUNILENBQUM7SUFFTyxjQUFjLENBQUMsS0FBWTtRQUNqQyxJQUFJLEtBQUssWUFBWSxvQ0FBZTtZQUFFLE9BQU8sZ0JBQVEsQ0FBQyxVQUFVLENBQUM7UUFDakUsSUFBSSxLQUFLLFlBQVksbUNBQWM7WUFBRSxPQUFPLGdCQUFRLENBQUMsU0FBUyxDQUFDO1FBQy9ELElBQUksS0FBSyxZQUFZLHVDQUFrQjtZQUFFLE9BQU8sZ0JBQVEsQ0FBQyxhQUFhLENBQUM7UUFDdkUsSUFBSSxLQUFLLFlBQVksZUFBUztZQUFFLE9BQU8sS0FBSyxDQUFDLE1BQU0sQ0FBQztRQUVwRCxPQUFPLGdCQUFRLENBQUMsbUJBQW1CLENBQUM7SUFDdEMsQ0FBQztJQUVPLGVBQWUsQ0FBQyxLQUFZO1FBQ2xDLElBQ0UsS0FBSyxZQUFZLGVBQVM7WUFDMUIsS0FBSyxZQUFZLG9DQUFlO1lBQ2hDLEtBQUssWUFBWSx1Q0FBa0I7WUFDbkMsS0FBSyxZQUFZLG1DQUFjLEVBQy9CO1lBQ0EsT0FBTyxLQUFLLENBQUMsT0FBTyxDQUFDO1NBQ3RCO1FBRUQsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLHFCQUFxQixFQUFFO1lBQ3RDLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMscUJBQXFCLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDMUQsSUFBSSxPQUFPO2dCQUFFLE9BQU8sT0FBTyxDQUFDO1NBQzdCO1FBRUQsT0FBTyxrQkFBa0IsQ0FBQztJQUM1QixDQUFDO0lBRU8sYUFBYSxDQUFDLE9BQWdCLEVBQUUsS0FBWTtRQUNsRCxNQUFNLEVBQUUsT0FBTyxFQUFFLEdBQUcsT0FBTyxDQUFDO1FBRTVCLE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxJQUFJLEVBQUUsR0FBRyxDQUFDLEVBQUUsT0FBTyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsQ0FBQztRQUMxRSxPQUFPLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ2xCLE9BQU8sQ0FBQyxLQUFLLENBQUMsb0RBQW9ELENBQUMsQ0FBQztRQUNwRSxPQUFPLENBQUMsS0FBSyxDQUFDLEdBQUcsT0FBTyxDQUFDLE1BQU0sWUFBWSxPQUFPLENBQUMsSUFBSSxZQUFZLEtBQUssU0FBUyxDQUFDLENBQUM7UUFFbkYsSUFBSSxPQUFPLENBQUMsTUFBTSxLQUFLLE1BQU0sSUFBSSxPQUFPLENBQUMsTUFBTSxLQUFLLEtBQUssSUFBSSxPQUFPLENBQUMsTUFBTSxLQUFLLE9BQU8sRUFBRTtZQUN2RixNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxFQUFFLEdBQUcsQ0FBQyxFQUFFLE9BQU8sQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFDeEUsT0FBTyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUNsQixPQUFPLENBQUMsS0FBSyxDQUFDLGdCQUFnQixJQUFJLFNBQVMsQ0FBQyxDQUFDO1NBQzlDO1FBRUQsT0FBTyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNsQixPQUFPLENBQUMsS0FBSyxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUMsT0FBTyxFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBQ3BELE9BQU8sQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDbEIsT0FBTyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDM0IsT0FBTyxDQUFDLEtBQUssQ0FBQyxvREFBb0QsQ0FBQyxDQUFDO1FBQ3BFLE9BQU8sQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDcEIsQ0FBQztDQUNGO0FBcEVELGdDQW9FQyJ9

package/dist/routes/system/healthcheck.d.ts

@@ -0,0 +1,11 @@
+/// <reference types="koa__router" />
+import { Context } from 'koa';
+import Router from '@koa/router';
+import { RouteType } from '../../types';
+import BaseRoute from '../base-route';
+export default class HealthCheck extends BaseRoute {
+    type: RouteType;
+    setupRoutes(router: Router): void;
+    handleRequest(ctx: Context): Promise<void>;
+}
+//# sourceMappingURL=healthcheck.d.ts.map

package/dist/routes/system/healthcheck.js

@@ -0,0 +1,22 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const types_1 = require("../../types");
+const base_route_1 = __importDefault(require("../base-route"));
+class HealthCheck extends base_route_1.default {
+    constructor() {
+        super(...arguments);
+        this.type = types_1.RouteType.PublicRoute;
+    }
+    setupRoutes(router) {
+        router.get('/', this.handleRequest.bind(this));
+    }
+    async handleRequest(ctx) {
+        ctx.response.body = { error: null, message: 'Agent is running' };
+        ctx.response.status = types_1.HttpCode.Ok;
+    }
+}
+exports.default = HealthCheck;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGVhbHRoY2hlY2suanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcm91dGVzL3N5c3RlbS9oZWFsdGhjaGVjay50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUdBLHVDQUFrRDtBQUNsRCwrREFBc0M7QUFFdEMsTUFBcUIsV0FBWSxTQUFRLG9CQUFTO0lBQWxEOztRQUNFLFNBQUksR0FBRyxpQkFBUyxDQUFDLFdBQVcsQ0FBQztJQVUvQixDQUFDO0lBUkMsV0FBVyxDQUFDLE1BQWM7UUFDeEIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztJQUNqRCxDQUFDO0lBRU0sS0FBSyxDQUFDLGFBQWEsQ0FBQyxHQUFZO1FBQ3JDLEdBQUcsQ0FBQyxRQUFRLENBQUMsSUFBSSxHQUFHLEVBQUUsS0FBSyxFQUFFLElBQUksRUFBRSxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsQ0FBQztRQUNqRSxHQUFHLENBQUMsUUFBUSxDQUFDLE1BQU0sR0FBRyxnQkFBUSxDQUFDLEVBQUUsQ0FBQztJQUNwQyxDQUFDO0NBQ0Y7QUFYRCw4QkFXQyJ9

package/dist/routes/system/logger.d.ts

@@ -0,0 +1,10 @@
+/// <reference types="koa__router" />
+import Router from '@koa/router';
+import { RouteType } from '../../types';
+import BaseRoute from '../base-route';
+export default class Logger extends BaseRoute {
+    type: RouteType;
+    setupRoutes(router: Router): void;
+    private logger;
+}
+//# sourceMappingURL=logger.d.ts.map

package/dist/routes/system/logger.js

@@ -0,0 +1,35 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const types_1 = require("../../types");
+const base_route_1 = __importDefault(require("../base-route"));
+class Logger extends base_route_1.default {
+    constructor() {
+        super(...arguments);
+        this.type = types_1.RouteType.LoggerHandler;
+    }
+    setupRoutes(router) {
+        router.use(this.logger.bind(this));
+    }
+    async logger(context, next) {
+        const timer = Date.now();
+        try {
+            await next();
+        }
+        finally {
+            let logLevel = 'Info';
+            if (context.response.status >= types_1.HttpCode.BadRequest)
+                logLevel = 'Warn';
+            if (context.response.status >= types_1.HttpCode.InternalServerError)
+                logLevel = 'Error';
+            let message = `[${context.response.status}]`;
+            message += ` ${context.request.method} ${context.request.path}`;
+            message += ` - ${Date.now() - timer}ms`;
+            this.options?.logger(logLevel, message);
+        }
+    }
+}
+exports.default = Logger;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibG9nZ2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3JvdXRlcy9zeXN0ZW0vbG9nZ2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBS0EsdUNBQWtEO0FBQ2xELCtEQUFzQztBQUV0QyxNQUFxQixNQUFPLFNBQVEsb0JBQVM7SUFBN0M7O1FBQ0UsU0FBSSxHQUFHLGlCQUFTLENBQUMsYUFBYSxDQUFDO0lBdUJqQyxDQUFDO0lBckJDLFdBQVcsQ0FBQyxNQUFjO1FBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztJQUNyQyxDQUFDO0lBRU8sS0FBSyxDQUFDLE1BQU0sQ0FBQyxPQUFnQixFQUFFLElBQVU7UUFDL0MsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBRXpCLElBQUk7WUFDRixNQUFNLElBQUksRUFBRSxDQUFDO1NBQ2Q7Z0JBQVM7WUFDUixJQUFJLFFBQVEsR0FBZ0IsTUFBTSxDQUFDO1lBQ25DLElBQUksT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLElBQUksZ0JBQVEsQ0FBQyxVQUFVO2dCQUFFLFFBQVEsR0FBRyxNQUFNLENBQUM7WUFDdEUsSUFBSSxPQUFPLENBQUMsUUFBUSxDQUFDLE1BQU0sSUFBSSxnQkFBUSxDQUFDLG1CQUFtQjtnQkFBRSxRQUFRLEdBQUcsT0FBTyxDQUFDO1lBRWhGLElBQUksT0FBTyxHQUFHLElBQUksT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLEdBQUcsQ0FBQztZQUM3QyxPQUFPLElBQUksSUFBSSxPQUFPLENBQUMsT0FBTyxDQUFDLE1BQU0sSUFBSSxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ2hFLE9BQU8sSUFBSSxNQUFNLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxLQUFLLElBQUksQ0FBQztZQUV4QyxJQUFJLENBQUMsT0FBTyxFQUFFLE1BQU0sQ0FBQyxRQUFRLEVBQUUsT0FBTyxDQUFDLENBQUM7U0FDekM7SUFDSCxDQUFDO0NBQ0Y7QUF4QkQseUJBd0JDIn0=

package/dist/services/authorization/authorization.d.ts

@@ -0,0 +1,15 @@
+import { Context } from 'koa';
+import ActionPermissionService from './internal/action-permission';
+export default class AuthorizationService {
+    private readonly actionPermissionService;
+    constructor(actionPermissionService: ActionPermissionService);
+    assertCanBrowse(context: Context, collectionName: string): Promise<void>;
+    assertCanRead(context: Context, collectionName: string): Promise<void>;
+    assertCanAdd(context: Context, collectionName: string): Promise<void>;
+    assertCanEdit(context: Context, collectionName: string): Promise<void>;
+    assertCanDelete(context: Context, collectionName: string): Promise<void>;
+    assertCanExport(context: Context, collectionName: string): Promise<void>;
+    private assertCanOnCollection;
+    assertCanExecuteCustomAction(context: Context, customActionName: string, collectionName: string): Promise<void>;
+}
+//# sourceMappingURL=authorization.d.ts.map