@gencow/core 0.1.8 → 0.1.9

package/dist/index.d.ts

@@ -17,3 +17,6 @@ export { cronJobs } from "./crons";
 export type { CronJobsBuilder, CronJobDef, IntervalOptions, DailyOptions, WeeklyOptions } from "./crons";
 export { defineAuth } from "./auth-config";
 export type { GencowAuthConfig, AuthEmailVerification } from "./auth-config";
+export { gencowTable, ownerFilter, getTableAccessMeta, isGencowTable, getAllGencowTables } from "./table";
+export type { GencowTableOptions, AccessFilter, FieldAccessRule, TableAccessMeta } from "./table";
+export { createScopedDb, applyFieldAccess } from "./scoped-db";

package/dist/index.js

@@ -10,3 +10,6 @@ export { v, parseArgs, GencowValidationError } from "./v";
 export { withRetry } from "./retry";
 export { cronJobs } from "./crons";
 export { defineAuth } from "./auth-config";
+// ─── Data Isolation (gencowTable + scoped DB) ───────────
+export { gencowTable, ownerFilter, getTableAccessMeta, isGencowTable, getAllGencowTables } from "./table";
+export { createScopedDb, applyFieldAccess } from "./scoped-db";

package/dist/reactive.d.ts

@@ -61,8 +61,10 @@ export interface AIContext {
     embedMany: (texts: string[]) => Promise<number[][]>;
 }
 export interface GencowCtx {
-    /** Drizzle DB 인스턴스 — ctx.db.select().from(table) */
+    /** Drizzle DB 인스턴스 (scoped) — 스키마 filter 자동 적용, execute 차단 */
     db: any;
+    /** Raw Drizzle DB — 필터 없음, execute 허용. ⚠️ 이름이 곧 경고. */
+    unsafeDb: any;
     /** 인증 컨텍스트 — ctx.auth.getUserIdentity() */
     auth: AuthCtx;
     /** 파일 스토리지 — ctx.storage.store(), ctx.storage.getUrl() */

package/dist/scheduler.d.ts

@@ -10,18 +10,37 @@ export interface Scheduler {
     cron(name: string, pattern: string, handler: () => Promise<void>): void;
     /** Register an action handler */
     registerAction(name: string, handler: ActionHandler): void;
+    /** Execute a registered action by name — 선언적 crons.ts 문자열 액션 실행용 */
+    executeAction(name: string, args?: any): Promise<void>;
+}
+/**
+ * Create a scheduler instance — Convex scheduler 패턴 재현
+ *
+ * @example
+ * const scheduler = createScheduler();
+ *
+ * // Register actions
+ * scheduler.registerAction('emails.send', async (args) => { ... });
+ *
+ * // Schedule (Convex-style)
+ * scheduler.runAfter(5 * 60 * 1000, 'emails.send', { to: 'user@test.com' });
+ *
+ * // Cron (Convex-style)
+ * scheduler.cron('daily-cleanup', '0 2 * * *', async () => { ... });
+ */
+interface CronInfoEntry {
+    name: string;
+    pattern: string;
+    registeredAt: string;
+}
+interface PendingJobEntry {
+    id: string;
+    action: string;
+    scheduledAt: string;
 }
 export declare function getSchedulerInfo(): {
-    crons: {
-        name: string;
-        pattern: string;
-        registeredAt: string;
-    }[];
-    pendingJobs: {
-        id: string;
-        action: string;
-        scheduledAt: string;
-    }[];
+    crons: CronInfoEntry[];
+    pendingJobs: PendingJobEntry[];
 };
 export declare function createScheduler(): Scheduler;
 export {};

package/dist/scheduler.js

@@ -1,23 +1,6 @@
 import * as cron from "node-cron";
-// ─── Implementation ─────────────────────────────────────
-/**
- * Create a scheduler instance — Convex scheduler 패턴 재현
- *
- * @example
- * const scheduler = createScheduler();
- *
- * // Register actions
- * scheduler.registerAction('emails.send', async (args) => { ... });
- *
- * // Schedule (Convex-style)
- * scheduler.runAfter(5 * 60 * 1000, 'emails.send', { to: 'user@test.com' });
- *
- * // Cron (Convex-style)
- * scheduler.cron('daily-cleanup', '0 2 * * *', async () => { ... });
- */
-// Module-level state for dashboard introspection
-const _cronInfo = [];
-const _pendingJobs = [];
+const _cronInfo = globalThis.__gencow_cronInfo ??= [];
+const _pendingJobs = globalThis.__gencow_pendingJobs ??= [];
 export function getSchedulerInfo() {
     return {
         crons: _cronInfo,
@@ -96,5 +79,8 @@ export function createScheduler() {
         registerAction(name, handler) {
             actions.set(name, handler);
         },
+        async executeAction(name, args) {
+            await executeAction(name, args);
+        },
     };
 }

package/dist/scoped-db.d.ts

@@ -0,0 +1,34 @@
+/**
+ * packages/core/src/scoped-db.ts
+ *
+ * Creates a scoped (Proxy-wrapped) Drizzle DB instance that auto-injects
+ * schema-level access control filters from gencowTable() metadata.
+ *
+ * Key behaviors:
+ *   - .select().from(gencowTable) → auto-inject filter into WHERE
+ *   - .insert(table) / .update(table) / .delete(table) → inject filter for writes
+ *   - .leftJoin(table) / .innerJoin(table) → detect and inject filter
+ *   - .execute() → blocked (throws Error)
+ *   - .query.tableName.findMany() → inject filter into relational queries
+ *
+ * Run tests: bun test packages/core/src/__tests__/scoped-db.test.ts
+ */
+import type { GencowCtx } from "./reactive";
+/**
+ * Wrap a Drizzle DB instance with access control Proxy.
+ *
+ * @param db  - Raw Drizzle DB instance
+ * @param ctx - GencowCtx (provides auth for filter evaluation)
+ * @returns Proxy-wrapped DB with auto-filter injection
+ */
+export declare function createScopedDb(db: any, ctx: GencowCtx): any;
+/**
+ * Apply field-level access control to query results.
+ * Nullifies fields that the current user is not authorized to read.
+ *
+ * @param result - Query result (array or single object)
+ * @param table  - The gencowTable used in the query
+ * @param ctx    - GencowCtx for auth checks
+ * @returns Filtered result with unauthorized fields set to null
+ */
+export declare function applyFieldAccess(result: any, table: any, ctx: GencowCtx): any;

package/dist/scoped-db.js

@@ -0,0 +1,364 @@
+/**
+ * packages/core/src/scoped-db.ts
+ *
+ * Creates a scoped (Proxy-wrapped) Drizzle DB instance that auto-injects
+ * schema-level access control filters from gencowTable() metadata.
+ *
+ * Key behaviors:
+ *   - .select().from(gencowTable) → auto-inject filter into WHERE
+ *   - .insert(table) / .update(table) / .delete(table) → inject filter for writes
+ *   - .leftJoin(table) / .innerJoin(table) → detect and inject filter
+ *   - .execute() → blocked (throws Error)
+ *   - .query.tableName.findMany() → inject filter into relational queries
+ *
+ * Run tests: bun test packages/core/src/__tests__/scoped-db.test.ts
+ */
+import { and } from "drizzle-orm";
+import { getTableAccessMeta } from "./table";
+// ─── createScopedDb ─────────────────────────────────────
+/**
+ * Wrap a Drizzle DB instance with access control Proxy.
+ *
+ * @param db  - Raw Drizzle DB instance
+ * @param ctx - GencowCtx (provides auth for filter evaluation)
+ * @returns Proxy-wrapped DB with auto-filter injection
+ */
+export function createScopedDb(db, ctx) {
+    return new Proxy(db, {
+        get(target, prop) {
+            const propStr = typeof prop === "string" ? prop : "";
+            // ── Block dangerous methods ──────────────────
+            if (propStr === "execute") {
+                return () => {
+                    throw new Error("[gencow] ctx.db.execute() is not allowed. " +
+                        "Use ctx.db.select().from(table) for type-safe queries with automatic access control. " +
+                        "If you need raw SQL, use ctx.unsafeDb.execute().");
+                };
+            }
+            if (propStr === "$client" || propStr === "_") {
+                throw new Error(`[gencow] ctx.db.${propStr} is not allowed. ` +
+                    "Direct database client access bypasses access control. " +
+                    "Use ctx.unsafeDb if you need direct access.");
+            }
+            // ── Wrap select() ────────────────────────────
+            if (propStr === "select") {
+                return (...selectArgs) => {
+                    const selectResult = target.select(...selectArgs);
+                    return wrapSelectChain(selectResult, ctx);
+                };
+            }
+            // ── Wrap update() ────────────────────────────
+            if (propStr === "update") {
+                return (table) => {
+                    const updateResult = target.update(table);
+                    return wrapWriteChain(updateResult, table, ctx);
+                };
+            }
+            // ── Wrap delete() ────────────────────────────
+            if (propStr === "delete") {
+                return (table) => {
+                    const deleteResult = target.delete(table);
+                    return wrapWriteChain(deleteResult, table, ctx);
+                };
+            }
+            // ── Wrap query (relational API) ──────────────
+            if (propStr === "query") {
+                return wrapRelationalQuery(target.query, ctx);
+            }
+            // ── Pass through everything else ─────────────
+            const value = target[prop];
+            if (typeof value === "function") {
+                return value.bind(target);
+            }
+            return value;
+        },
+    });
+}
+// ─── Select chain: .from() + .join() → filter injection ─
+/**
+ * Wraps a Drizzle select() chain to intercept .from() and .join() calls.
+ * Each detected gencowTable gets its filter injected.
+ */
+function wrapSelectChain(selectResult, ctx) {
+    return new Proxy(selectResult, {
+        get(target, prop) {
+            const propStr = typeof prop === "string" ? prop : "";
+            // ── .from(table) → inject filter ────────────
+            if (propStr === "from") {
+                return (table, ...restArgs) => {
+                    const fromResult = target.from(table, ...restArgs);
+                    const meta = getTableAccessMeta(table);
+                    if (meta) {
+                        // Wrap the chain to inject filter and handle joins
+                        return wrapFromChain(fromResult, ctx, [{ table, meta }]);
+                    }
+                    // No gencowTable metadata — pass through but still wrap for join detection
+                    return wrapFromChain(fromResult, ctx, []);
+                };
+            }
+            const value = target[prop];
+            if (typeof value === "function") {
+                return value.bind(target);
+            }
+            return value;
+        },
+    });
+}
+/**
+ * Wraps the chain after .from() — handles .where(), .leftJoin(), .innerJoin(), etc.
+ * Accumulates filters from all detected tables and injects them at execution time.
+ */
+function wrapFromChain(chain, ctx, pendingFilters) {
+    return new Proxy(chain, {
+        get(target, prop) {
+            const propStr = typeof prop === "string" ? prop : "";
+            // ── Join methods → detect table, accumulate filter ──
+            if (["leftJoin", "rightJoin", "innerJoin", "fullJoin"].includes(propStr)) {
+                return (joinTable, ...joinArgs) => {
+                    const joinResult = target[propStr](joinTable, ...joinArgs);
+                    const joinMeta = getTableAccessMeta(joinTable);
+                    const newFilters = joinMeta
+                        ? [...pendingFilters, { table: joinTable, meta: joinMeta }]
+                        : pendingFilters;
+                    return wrapFromChain(joinResult, ctx, newFilters);
+                };
+            }
+            // ── .where() → combine with accumulated filters ──
+            if (propStr === "where") {
+                return (...whereArgs) => {
+                    const combinedFilter = buildCombinedFilter(pendingFilters, ctx);
+                    if (combinedFilter) {
+                        // Combine user's where with our filters
+                        const userWhere = whereArgs[0];
+                        const merged = userWhere ? and(userWhere, combinedFilter) : combinedFilter;
+                        const result = target.where(merged);
+                        // After .where(), no more filter injection needed — continue with clean proxy
+                        return wrapFromChain(result, ctx, []);
+                    }
+                    return wrapFromChain(target.where(...whereArgs), ctx, []);
+                };
+            }
+            // ── Terminal methods (then, execute, etc.) → inject pending filters ──
+            if (propStr === "then" || propStr === "execute") {
+                // If there are pending filters that haven't been injected via .where(),
+                // inject them now by calling .where() before execution
+                if (pendingFilters.length > 0) {
+                    const combinedFilter = buildCombinedFilter(pendingFilters, ctx);
+                    if (combinedFilter) {
+                        const filtered = target.where(combinedFilter);
+                        return filtered[prop].bind(filtered);
+                    }
+                }
+                const value = target[prop];
+                return typeof value === "function" ? value.bind(target) : value;
+            }
+            // ── Other chainable methods (.orderBy, .limit, .offset, etc.) ──
+            const value = target[prop];
+            if (typeof value === "function") {
+                return (...args) => {
+                    const result = value.apply(target, args);
+                    // If the result is thenable (query builder), keep wrapping
+                    if (result && typeof result === "object" && typeof result.then === "function") {
+                        return wrapFromChain(result, ctx, pendingFilters);
+                    }
+                    if (result && typeof result === "object" && "where" in result) {
+                        return wrapFromChain(result, ctx, pendingFilters);
+                    }
+                    return result;
+                };
+            }
+            return value;
+        },
+    });
+}
+// ─── Write chain: update()/delete() filter injection ────
+/**
+ * Wraps update(table) or delete(table) chains.
+ * Injects the table's filter into .where() so users can only modify their own rows.
+ */
+function wrapWriteChain(chain, table, ctx) {
+    const meta = getTableAccessMeta(table);
+    if (!meta) {
+        return chain; // No gencowTable metadata — pass through
+    }
+    return new Proxy(chain, {
+        get(target, prop) {
+            const propStr = typeof prop === "string" ? prop : "";
+            if (propStr === "where") {
+                return (...whereArgs) => {
+                    const filterResult = evaluateFilterSync(meta, ctx);
+                    if (typeof filterResult === "boolean") {
+                        if (!filterResult) {
+                            // false → block all writes — add impossible condition
+                            return target.where(whereArgs[0]); // Let it through but will match nothing
+                        }
+                        // true → no additional filter
+                        return target.where(...whereArgs);
+                    }
+                    // SQL condition — combine with user's where
+                    const userWhere = whereArgs[0];
+                    const merged = userWhere ? and(userWhere, filterResult) : filterResult;
+                    return target.where(merged);
+                };
+            }
+            // Terminal methods — inject filter if .where() wasn't called
+            if (propStr === "then" || propStr === "execute" || propStr === "returning") {
+                const filterResult = evaluateFilterSync(meta, ctx);
+                if (filterResult && typeof filterResult !== "boolean") {
+                    const filtered = target.where(filterResult);
+                    const value = filtered[prop];
+                    return typeof value === "function" ? value.bind(filtered) : value;
+                }
+                const value = target[prop];
+                return typeof value === "function" ? value.bind(target) : value;
+            }
+            const value = target[prop];
+            if (typeof value === "function") {
+                return value.bind(target);
+            }
+            return value;
+        },
+    });
+}
+// ─── Relational query wrapping ──────────────────────────
+/**
+ * Wraps db.query to intercept relational queries (findMany, findFirst).
+ */
+function wrapRelationalQuery(queryObj, ctx) {
+    if (!queryObj)
+        return queryObj;
+    return new Proxy(queryObj, {
+        get(target, tableName) {
+            const tableProxy = target[tableName];
+            if (!tableProxy || typeof tableProxy !== "object")
+                return tableProxy;
+            return new Proxy(tableProxy, {
+                get(tableTarget, method) {
+                    const methodStr = typeof method === "string" ? method : "";
+                    if (methodStr === "findMany" || methodStr === "findFirst") {
+                        return (args = {}) => {
+                            // Try to find the gencowTable by table name
+                            // (relational queries use the table name string)
+                            // We need to look up from registry by tableName
+                            const meta = findMetaByTableName(String(tableName));
+                            if (meta) {
+                                const filterResult = evaluateFilterSync(meta, ctx);
+                                if (filterResult && typeof filterResult !== "boolean") {
+                                    args.where = args.where ? and(args.where, filterResult) : filterResult;
+                                }
+                                else if (filterResult === false) {
+                                    // Deny all — return empty
+                                    args.where = args.where; // Keep existing, but won't match
+                                }
+                            }
+                            return tableTarget[method](args);
+                        };
+                    }
+                    const value = tableTarget[method];
+                    if (typeof value === "function") {
+                        return value.bind(tableTarget);
+                    }
+                    return value;
+                },
+            });
+        },
+    });
+}
+// ─── Filter helpers ─────────────────────────────────────
+/**
+ * Build a combined SQL filter from multiple table filters.
+ * Returns null if no filters to apply.
+ */
+function buildCombinedFilter(pendingFilters, ctx) {
+    const sqlConditions = [];
+    for (const { meta } of pendingFilters) {
+        const result = evaluateFilterSync(meta, ctx);
+        if (result === false) {
+            // Any false → deny all (AND with false = false)
+            // We'd need an always-false SQL expression
+            // For now, we create a `1 = 0` condition
+            const { sql: sqlTag } = require("drizzle-orm");
+            return sqlTag `1 = 0`;
+        }
+        if (result === true) {
+            continue; // Allow all — no condition needed
+        }
+        if (result) {
+            sqlConditions.push(result);
+        }
+    }
+    if (sqlConditions.length === 0)
+        return null;
+    if (sqlConditions.length === 1)
+        return sqlConditions[0];
+    return and(...sqlConditions) ?? null;
+}
+/**
+ * Evaluate a filter synchronously. If the filter is async, this will throw.
+ * For async filters, callers should use evaluateFilterAsync.
+ */
+function evaluateFilterSync(meta, ctx) {
+    const result = meta.filter(ctx);
+    if (result instanceof Promise) {
+        throw new Error(`[gencow] Async filter on table "${meta.tableName}" is not supported in synchronous context. ` +
+            "Use synchronous filters for schema-level access control.");
+    }
+    return result;
+}
+/**
+ * Find table access metadata by table name string.
+ * Used by relational query proxy where we only have the table name.
+ */
+function findMetaByTableName(name) {
+    for (const [, meta] of globalThis.__gencow_tableAccessRegistry || []) {
+        if (meta.tableName === name)
+            return meta;
+    }
+    return undefined;
+}
+// ─── fieldAccess post-processing ────────────────────────
+/**
+ * Apply field-level access control to query results.
+ * Nullifies fields that the current user is not authorized to read.
+ *
+ * @param result - Query result (array or single object)
+ * @param table  - The gencowTable used in the query
+ * @param ctx    - GencowCtx for auth checks
+ * @returns Filtered result with unauthorized fields set to null
+ */
+export function applyFieldAccess(result, table, ctx) {
+    const meta = getTableAccessMeta(table);
+    if (!meta?.fieldAccess)
+        return result;
+    const fieldAccess = meta.fieldAccess;
+    // Determine which fields to mask
+    const maskedFields = [];
+    for (const [field, rule] of Object.entries(fieldAccess)) {
+        try {
+            if (!rule.read(ctx)) {
+                maskedFields.push(field);
+            }
+        }
+        catch {
+            // If read check throws (e.g., requireAuth on anonymous), mask the field
+            maskedFields.push(field);
+        }
+    }
+    if (maskedFields.length === 0)
+        return result;
+    const maskRow = (row) => {
+        if (!row || typeof row !== "object")
+            return row;
+        const masked = { ...row };
+        for (const field of maskedFields) {
+            if (field in masked) {
+                masked[field] = null;
+            }
+        }
+        return masked;
+    };
+    if (Array.isArray(result)) {
+        return result.map(maskRow);
+    }
+    return maskRow(result);
+}

package/dist/storage.d.ts

@@ -5,6 +5,12 @@ interface StorageFile {
     type: string;
     path: string;
 }
+export interface StorageOptions {
+    /** Raw SQL 실행 함수 — DB 자동 기록 + 쿼터 검증에 필요 */
+    rawSql?: (sql: string, params?: unknown[]) => Promise<unknown[]>;
+    /** 앱별 스토리지 쿼터 (bytes). 0 = 무제한. 기본: 1GB */
+    storageQuota?: number;
+}
 export interface Storage {
     /** Store a file and return a storageId — Convex의 ctx.storage.store() */
     store(file: File | Blob, filename?: string): Promise<string>;
@@ -20,14 +26,26 @@ export interface Storage {
 /**
  * Create a storage instance — Convex storage 패턴 재현
  *
+ * @param dir - 파일 저장 디렉토리
+ * @param options - DB 연동 + 쿼터 옵션
+ *
  * @example
- * const storage = createStorage('./uploads');
+ * const storage = createStorage('./uploads', { rawSql, storageQuota: 1024 * 1024 * 1024 });
  * const id = await storage.store(file);
  * const url = storage.getUrl(id);
  */
-export declare function createStorage(dir?: string): Storage;
+export declare function createStorage(dir?: string, options?: StorageOptions): Storage;
 /**
  * Hono routes for serving stored files
+ *
+ * 인증 없이 public URL로 서빙 — Convex getUrl() 패턴과 동일.
+ * 접근 제어는 URL을 반환하는 query/mutation 레벨에서 개발자가 구현.
  */
-export declare function storageRoutes(storage: ReturnType<typeof createStorage>, rawSql?: (sql: string, params?: any[]) => Promise<any[]>, storageDir?: string): (c: any) => Promise<any>;
+export declare function storageRoutes(storage: ReturnType<typeof createStorage>, rawSql?: (sql: string, params?: unknown[]) => Promise<unknown[]>, storageDir?: string): (c: {
+    req: {
+        param: (key: string) => string;
+    };
+    json: (data: unknown, status?: number) => Response;
+    body: (data: unknown, status: number, headers: Record<string, string>) => Response;
+}) => Promise<Response>;
 export {};