@gencow/core 0.1.19 → 0.1.21

package/dist/scoped-db.js

@@ -1,364 +0,0 @@
-/**
- * packages/core/src/scoped-db.ts
- *
- * Creates a scoped (Proxy-wrapped) Drizzle DB instance that auto-injects
- * schema-level access control filters from gencowTable() metadata.
- *
- * Key behaviors:
- *   - .select().from(gencowTable) → auto-inject filter into WHERE
- *   - .insert(table) / .update(table) / .delete(table) → inject filter for writes
- *   - .leftJoin(table) / .innerJoin(table) → detect and inject filter
- *   - .execute() → blocked (throws Error)
- *   - .query.tableName.findMany() → inject filter into relational queries
- *
- * Run tests: bun test packages/core/src/__tests__/scoped-db.test.ts
- */
-import { and } from "drizzle-orm";
-import { getTableAccessMeta } from "./table";
-// ─── createScopedDb ─────────────────────────────────────
-/**
- * Wrap a Drizzle DB instance with access control Proxy.
- *
- * @param db  - Raw Drizzle DB instance
- * @param ctx - GencowCtx (provides auth for filter evaluation)
- * @returns Proxy-wrapped DB with auto-filter injection
- */
-export function createScopedDb(db, ctx) {
-    return new Proxy(db, {
-        get(target, prop) {
-            const propStr = typeof prop === "string" ? prop : "";
-            // ── Block dangerous methods ──────────────────
-            if (propStr === "execute") {
-                return () => {
-                    throw new Error("[gencow] ctx.db.execute() is not allowed. " +
-                        "Use ctx.db.select().from(table) for type-safe queries with automatic access control. " +
-                        "If you need raw SQL, use ctx.unsafeDb.execute().");
-                };
-            }
-            if (propStr === "$client" || propStr === "_") {
-                throw new Error(`[gencow] ctx.db.${propStr} is not allowed. ` +
-                    "Direct database client access bypasses access control. " +
-                    "Use ctx.unsafeDb if you need direct access.");
-            }
-            // ── Wrap select() ────────────────────────────
-            if (propStr === "select") {
-                return (...selectArgs) => {
-                    const selectResult = target.select(...selectArgs);
-                    return wrapSelectChain(selectResult, ctx);
-                };
-            }
-            // ── Wrap update() ────────────────────────────
-            if (propStr === "update") {
-                return (table) => {
-                    const updateResult = target.update(table);
-                    return wrapWriteChain(updateResult, table, ctx);
-                };
-            }
-            // ── Wrap delete() ────────────────────────────
-            if (propStr === "delete") {
-                return (table) => {
-                    const deleteResult = target.delete(table);
-                    return wrapWriteChain(deleteResult, table, ctx);
-                };
-            }
-            // ── Wrap query (relational API) ──────────────
-            if (propStr === "query") {
-                return wrapRelationalQuery(target.query, ctx);
-            }
-            // ── Pass through everything else ─────────────
-            const value = target[prop];
-            if (typeof value === "function") {
-                return value.bind(target);
-            }
-            return value;
-        },
-    });
-}
-// ─── Select chain: .from() + .join() → filter injection ─
-/**
- * Wraps a Drizzle select() chain to intercept .from() and .join() calls.
- * Each detected gencowTable gets its filter injected.
- */
-function wrapSelectChain(selectResult, ctx) {
-    return new Proxy(selectResult, {
-        get(target, prop) {
-            const propStr = typeof prop === "string" ? prop : "";
-            // ── .from(table) → inject filter ────────────
-            if (propStr === "from") {
-                return (table, ...restArgs) => {
-                    const fromResult = target.from(table, ...restArgs);
-                    const meta = getTableAccessMeta(table);
-                    if (meta) {
-                        // Wrap the chain to inject filter and handle joins
-                        return wrapFromChain(fromResult, ctx, [{ table, meta }]);
-                    }
-                    // No gencowTable metadata — pass through but still wrap for join detection
-                    return wrapFromChain(fromResult, ctx, []);
-                };
-            }
-            const value = target[prop];
-            if (typeof value === "function") {
-                return value.bind(target);
-            }
-            return value;
-        },
-    });
-}
-/**
- * Wraps the chain after .from() — handles .where(), .leftJoin(), .innerJoin(), etc.
- * Accumulates filters from all detected tables and injects them at execution time.
- */
-function wrapFromChain(chain, ctx, pendingFilters) {
-    return new Proxy(chain, {
-        get(target, prop) {
-            const propStr = typeof prop === "string" ? prop : "";
-            // ── Join methods → detect table, accumulate filter ──
-            if (["leftJoin", "rightJoin", "innerJoin", "fullJoin"].includes(propStr)) {
-                return (joinTable, ...joinArgs) => {
-                    const joinResult = target[propStr](joinTable, ...joinArgs);
-                    const joinMeta = getTableAccessMeta(joinTable);
-                    const newFilters = joinMeta
-                        ? [...pendingFilters, { table: joinTable, meta: joinMeta }]
-                        : pendingFilters;
-                    return wrapFromChain(joinResult, ctx, newFilters);
-                };
-            }
-            // ── .where() → combine with accumulated filters ──
-            if (propStr === "where") {
-                return (...whereArgs) => {
-                    const combinedFilter = buildCombinedFilter(pendingFilters, ctx);
-                    if (combinedFilter) {
-                        // Combine user's where with our filters
-                        const userWhere = whereArgs[0];
-                        const merged = userWhere ? and(userWhere, combinedFilter) : combinedFilter;
-                        const result = target.where(merged);
-                        // After .where(), no more filter injection needed — continue with clean proxy
-                        return wrapFromChain(result, ctx, []);
-                    }
-                    return wrapFromChain(target.where(...whereArgs), ctx, []);
-                };
-            }
-            // ── Terminal methods (then, execute, etc.) → inject pending filters ──
-            if (propStr === "then" || propStr === "execute") {
-                // If there are pending filters that haven't been injected via .where(),
-                // inject them now by calling .where() before execution
-                if (pendingFilters.length > 0) {
-                    const combinedFilter = buildCombinedFilter(pendingFilters, ctx);
-                    if (combinedFilter) {
-                        const filtered = target.where(combinedFilter);
-                        return filtered[prop].bind(filtered);
-                    }
-                }
-                const value = target[prop];
-                return typeof value === "function" ? value.bind(target) : value;
-            }
-            // ── Other chainable methods (.orderBy, .limit, .offset, etc.) ──
-            const value = target[prop];
-            if (typeof value === "function") {
-                return (...args) => {
-                    const result = value.apply(target, args);
-                    // If the result is thenable (query builder), keep wrapping
-                    if (result && typeof result === "object" && typeof result.then === "function") {
-                        return wrapFromChain(result, ctx, pendingFilters);
-                    }
-                    if (result && typeof result === "object" && "where" in result) {
-                        return wrapFromChain(result, ctx, pendingFilters);
-                    }
-                    return result;
-                };
-            }
-            return value;
-        },
-    });
-}
-// ─── Write chain: update()/delete() filter injection ────
-/**
- * Wraps update(table) or delete(table) chains.
- * Injects the table's filter into .where() so users can only modify their own rows.
- */
-function wrapWriteChain(chain, table, ctx) {
-    const meta = getTableAccessMeta(table);
-    if (!meta) {
-        return chain; // No gencowTable metadata — pass through
-    }
-    return new Proxy(chain, {
-        get(target, prop) {
-            const propStr = typeof prop === "string" ? prop : "";
-            if (propStr === "where") {
-                return (...whereArgs) => {
-                    const filterResult = evaluateFilterSync(meta, ctx);
-                    if (typeof filterResult === "boolean") {
-                        if (!filterResult) {
-                            // false → block all writes — add impossible condition
-                            return target.where(whereArgs[0]); // Let it through but will match nothing
-                        }
-                        // true → no additional filter
-                        return target.where(...whereArgs);
-                    }
-                    // SQL condition — combine with user's where
-                    const userWhere = whereArgs[0];
-                    const merged = userWhere ? and(userWhere, filterResult) : filterResult;
-                    return target.where(merged);
-                };
-            }
-            // Terminal methods — inject filter if .where() wasn't called
-            if (propStr === "then" || propStr === "execute" || propStr === "returning") {
-                const filterResult = evaluateFilterSync(meta, ctx);
-                if (filterResult && typeof filterResult !== "boolean") {
-                    const filtered = target.where(filterResult);
-                    const value = filtered[prop];
-                    return typeof value === "function" ? value.bind(filtered) : value;
-                }
-                const value = target[prop];
-                return typeof value === "function" ? value.bind(target) : value;
-            }
-            const value = target[prop];
-            if (typeof value === "function") {
-                return value.bind(target);
-            }
-            return value;
-        },
-    });
-}
-// ─── Relational query wrapping ──────────────────────────
-/**
- * Wraps db.query to intercept relational queries (findMany, findFirst).
- */
-function wrapRelationalQuery(queryObj, ctx) {
-    if (!queryObj)
-        return queryObj;
-    return new Proxy(queryObj, {
-        get(target, tableName) {
-            const tableProxy = target[tableName];
-            if (!tableProxy || typeof tableProxy !== "object")
-                return tableProxy;
-            return new Proxy(tableProxy, {
-                get(tableTarget, method) {
-                    const methodStr = typeof method === "string" ? method : "";
-                    if (methodStr === "findMany" || methodStr === "findFirst") {
-                        return (args = {}) => {
-                            // Try to find the gencowTable by table name
-                            // (relational queries use the table name string)
-                            // We need to look up from registry by tableName
-                            const meta = findMetaByTableName(String(tableName));
-                            if (meta) {
-                                const filterResult = evaluateFilterSync(meta, ctx);
-                                if (filterResult && typeof filterResult !== "boolean") {
-                                    args.where = args.where ? and(args.where, filterResult) : filterResult;
-                                }
-                                else if (filterResult === false) {
-                                    // Deny all — return empty
-                                    args.where = args.where; // Keep existing, but won't match
-                                }
-                            }
-                            return tableTarget[method](args);
-                        };
-                    }
-                    const value = tableTarget[method];
-                    if (typeof value === "function") {
-                        return value.bind(tableTarget);
-                    }
-                    return value;
-                },
-            });
-        },
-    });
-}
-// ─── Filter helpers ─────────────────────────────────────
-/**
- * Build a combined SQL filter from multiple table filters.
- * Returns null if no filters to apply.
- */
-function buildCombinedFilter(pendingFilters, ctx) {
-    const sqlConditions = [];
-    for (const { meta } of pendingFilters) {
-        const result = evaluateFilterSync(meta, ctx);
-        if (result === false) {
-            // Any false → deny all (AND with false = false)
-            // We'd need an always-false SQL expression
-            // For now, we create a `1 = 0` condition
-            const { sql: sqlTag } = require("drizzle-orm");
-            return sqlTag `1 = 0`;
-        }
-        if (result === true) {
-            continue; // Allow all — no condition needed
-        }
-        if (result) {
-            sqlConditions.push(result);
-        }
-    }
-    if (sqlConditions.length === 0)
-        return null;
-    if (sqlConditions.length === 1)
-        return sqlConditions[0];
-    return and(...sqlConditions) ?? null;
-}
-/**
- * Evaluate a filter synchronously. If the filter is async, this will throw.
- * For async filters, callers should use evaluateFilterAsync.
- */
-function evaluateFilterSync(meta, ctx) {
-    const result = meta.filter(ctx);
-    if (result instanceof Promise) {
-        throw new Error(`[gencow] Async filter on table "${meta.tableName}" is not supported in synchronous context. ` +
-            "Use synchronous filters for schema-level access control.");
-    }
-    return result;
-}
-/**
- * Find table access metadata by table name string.
- * Used by relational query proxy where we only have the table name.
- */
-function findMetaByTableName(name) {
-    for (const [, meta] of globalThis.__gencow_tableAccessRegistry || []) {
-        if (meta.tableName === name)
-            return meta;
-    }
-    return undefined;
-}
-// ─── fieldAccess post-processing ────────────────────────
-/**
- * Apply field-level access control to query results.
- * Nullifies fields that the current user is not authorized to read.
- *
- * @param result - Query result (array or single object)
- * @param table  - The gencowTable used in the query
- * @param ctx    - GencowCtx for auth checks
- * @returns Filtered result with unauthorized fields set to null
- */
-export function applyFieldAccess(result, table, ctx) {
-    const meta = getTableAccessMeta(table);
-    if (!meta?.fieldAccess)
-        return result;
-    const fieldAccess = meta.fieldAccess;
-    // Determine which fields to mask
-    const maskedFields = [];
-    for (const [field, rule] of Object.entries(fieldAccess)) {
-        try {
-            if (!rule.read(ctx)) {
-                maskedFields.push(field);
-            }
-        }
-        catch {
-            // If read check throws (e.g., requireAuth on anonymous), mask the field
-            maskedFields.push(field);
-        }
-    }
-    if (maskedFields.length === 0)
-        return result;
-    const maskRow = (row) => {
-        if (!row || typeof row !== "object")
-            return row;
-        const masked = { ...row };
-        for (const field of maskedFields) {
-            if (field in masked) {
-                masked[field] = null;
-            }
-        }
-        return masked;
-    };
-    if (Array.isArray(result)) {
-        return result.map(maskRow);
-    }
-    return maskRow(result);
-}

package/dist/table.d.ts

@@ -1,67 +0,0 @@
-/**
- * packages/core/src/table.ts
- *
- * gencowTable() — Drizzle pgTable wrapper with schema-level access control.
- * Inspired by KeystoneJS's declarative filter pattern.
- *
- * Run tests: bun test packages/core/src/__tests__/table.test.ts
- */
-import { pgTable } from "drizzle-orm/pg-core";
-import type { GencowCtx } from "./reactive";
-import type { SQL } from "drizzle-orm";
-/**
- * Access control filter function.
- * Returns a Drizzle SQL condition, `true` (allow all), or `false` (deny all).
- * Can be async (e.g., for team membership lookups).
- */
-export type AccessFilter = (ctx: GencowCtx) => SQL | boolean | Promise<SQL | boolean>;
-/** Field-level access control: per-field read permission. */
-export interface FieldAccessRule {
-    read: (ctx: GencowCtx) => boolean;
-}
-/** Options for gencowTable — access control metadata. */
-export interface GencowTableOptions {
-    /** Row-level filter — auto-injected into all queries on this table */
-    filter: AccessFilter;
-    /** Field-level access — unauthorized fields are nullified in results */
-    fieldAccess?: Record<string, FieldAccessRule>;
-}
-/** Stored metadata for a gencowTable. */
-export interface TableAccessMeta {
-    filter: AccessFilter;
-    fieldAccess?: Record<string, FieldAccessRule>;
-    tableName: string;
-}
-declare global {
-    var __gencow_tableAccessRegistry: Map<any, TableAccessMeta>;
-}
-/**
- * Drizzle pgTable wrapper with schema-level access control.
- *
- * Creates a standard Drizzle pgTable (100% compatible) and registers
- * filter + fieldAccess metadata that ctx.db Proxy uses to auto-inject
- * WHERE clauses.
- *
- * @param name    - PostgreSQL table name
- * @param columns - Drizzle column definitions (same as pgTable)
- * @param options - Access control (filter required, fieldAccess optional)
- */
-export declare function gencowTable<T extends Record<string, any>>(name: string, columns: T, options: GencowTableOptions): ReturnType<typeof pgTable<string, T>>;
-/**
- * Convenience helper for userId-based isolation.
- *
- * Usage:
- *   export const tasks = gencowTable("tasks", { ... }, ownerFilter("userId"));
- *   export const files = gencowTable("files", { ... }, ownerFilter("ownerId"));
- *
- * @param columnName - Name of the user ID column (default: "userId")
- */
-export declare function ownerFilter(columnName?: string): GencowTableOptions;
-/** Get access control metadata for a table. Returns undefined for plain pgTable. */
-export declare function getTableAccessMeta(table: any): TableAccessMeta | undefined;
-/** Check if a table has gencowTable metadata registered. */
-export declare function isGencowTable(table: any): boolean;
-/** Get all registered gencowTables (for audit/boot-time checks). */
-export declare function getAllGencowTables(): Map<any, TableAccessMeta>;
-/** Reset registry (for testing only). */
-export declare function _resetTableRegistry(): void;

package/dist/table.js

@@ -1,98 +0,0 @@
-/**
- * packages/core/src/table.ts
- *
- * gencowTable() — Drizzle pgTable wrapper with schema-level access control.
- * Inspired by KeystoneJS's declarative filter pattern.
- *
- * Run tests: bun test packages/core/src/__tests__/table.test.ts
- */
-import { pgTable } from "drizzle-orm/pg-core";
-import { eq } from "drizzle-orm";
-function isOwnerFilter(opts) {
-    return "_ownerColumn" in opts;
-}
-if (!globalThis.__gencow_tableAccessRegistry) {
-    globalThis.__gencow_tableAccessRegistry = new Map();
-}
-const tableAccessRegistry = globalThis.__gencow_tableAccessRegistry;
-// ─── gencowTable() ──────────────────────────────────────
-/**
- * Drizzle pgTable wrapper with schema-level access control.
- *
- * Creates a standard Drizzle pgTable (100% compatible) and registers
- * filter + fieldAccess metadata that ctx.db Proxy uses to auto-inject
- * WHERE clauses.
- *
- * @param name    - PostgreSQL table name
- * @param columns - Drizzle column definitions (same as pgTable)
- * @param options - Access control (filter required, fieldAccess optional)
- */
-export function gencowTable(name, columns, options) {
-    if (!options || (typeof options.filter !== "function" && !isOwnerFilter(options))) {
-        throw new Error(`[gencow] gencowTable("${name}") requires a filter option. ` +
-            `Use ownerFilter("userId") for simple user isolation, ` +
-            `or { filter: () => true } for public tables.`);
-    }
-    // Create standard Drizzle pgTable — fully compatible
-    const table = pgTable(name, columns);
-    // Resolve ownerFilter to a concrete filter bound to this table
-    let filter;
-    if (isOwnerFilter(options)) {
-        const columnName = options._ownerColumn;
-        const col = table[columnName];
-        if (!col) {
-            throw new Error(`[gencow] ownerFilter("${columnName}"): column "${columnName}" not found on table "${name}". ` +
-                `Available columns: ${Object.keys(table).filter(k => !k.startsWith("_") && !k.startsWith("$")).join(", ")}`);
-        }
-        filter = (ctx) => {
-            const user = ctx.auth.requireAuth();
-            return eq(col, user.id);
-        };
-    }
-    else {
-        filter = options.filter;
-    }
-    // Store access control metadata keyed by the table object reference
-    tableAccessRegistry.set(table, {
-        filter,
-        fieldAccess: options.fieldAccess,
-        tableName: name,
-    });
-    return table;
-}
-// ─── ownerFilter() helper ───────────────────────────────
-/**
- * Convenience helper for userId-based isolation.
- *
- * Usage:
- *   export const tasks = gencowTable("tasks", { ... }, ownerFilter("userId"));
- *   export const files = gencowTable("files", { ... }, ownerFilter("ownerId"));
- *
- * @param columnName - Name of the user ID column (default: "userId")
- */
-export function ownerFilter(columnName = "userId") {
-    // Return a marker object — gencowTable() resolves this to a concrete filter
-    // by binding to the actual table column at registration time.
-    return {
-        _ownerColumn: columnName,
-        // Placeholder filter — replaced by gencowTable()
-        filter: () => { throw new Error("[gencow] ownerFilter placeholder should not be called directly"); },
-    };
-}
-// ─── Lookup ─────────────────────────────────────────────
-/** Get access control metadata for a table. Returns undefined for plain pgTable. */
-export function getTableAccessMeta(table) {
-    return tableAccessRegistry.get(table);
-}
-/** Check if a table has gencowTable metadata registered. */
-export function isGencowTable(table) {
-    return tableAccessRegistry.has(table);
-}
-/** Get all registered gencowTables (for audit/boot-time checks). */
-export function getAllGencowTables() {
-    return new Map(tableAccessRegistry);
-}
-/** Reset registry (for testing only). */
-export function _resetTableRegistry() {
-    tableAccessRegistry.clear();
-}