npm - @jskit-ai/crud-core - Versions diffs - 0.1.26 → 0.1.28 - Mend

@jskit-ai/crud-core 0.1.26 → 0.1.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/package.descriptor.mjs +2 -2
package/package.json +17 -7
package/src/client/composables/crudClientSupportHelpers.js +5 -17
package/src/server/createCrudRepositoryFromResource.js +57 -0
package/src/server/createCrudServiceFromResource.js +101 -0
package/src/server/crudModuleConfig.js +13 -21
package/src/server/fieldAccess.js +316 -0
package/src/server/listQueryValidators.js +87 -0
package/src/server/lookupHydration.js +546 -0
package/src/server/lookupPathSupport.js +45 -0
package/src/server/lookupProviders.js +43 -0
package/src/server/repositoryMethods.js +381 -0
package/src/server/repositorySupport.js +205 -0
package/src/server/serviceEvents.js +53 -0
package/src/shared/crudFieldMetaSupport.js +54 -0
package/src/shared/crudNamespaceSupport.js +31 -0
package/test/createCrudRepositoryFromResource.test.js +731 -0
package/test/createCrudServiceFromResource.test.js +263 -0
package/test/crudFieldMetaSupport.test.js +47 -0
package/test/fieldAccess.test.js +86 -0
package/test/listQueryValidators.test.js +162 -0
package/test/lookupProviders.test.js +103 -0
package/test/repositorySupport.test.js +282 -1
package/test/serviceEvents.test.js +28 -0

package/test/createCrudServiceFromResource.test.js ADDED Viewed

@@ -0,0 +1,263 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import { createCrudServiceFromResource } from "../src/server/createCrudServiceFromResource.js";
+function createResourceWithOutputSchema(overrides = {}) {
+  return {
+    resource: "contacts",
+    operations: {
+      view: {
+        outputValidator: {
+          schema: {
+            type: "object",
+            properties: {
+              id: { type: "integer" },
+              name: { type: "string" },
+              optionalSecret: { type: "string" },
+              nullableSecret: {
+                anyOf: [{ type: "string" }, { type: "null" }]
+              },
+              defaultedSecret: {
+                type: "string",
+                default: ""
+              }
+            },
+            required: ["id", "name", "nullableSecret", "defaultedSecret"]
+          }
+        }
+      }
+    },
+    ...overrides
+  };
+}
+function createRepositoryDouble(overrides = {}) {
+  return {
+    async list(query) {
+      return { items: [query], nextCursor: null };
+    },
+    async findById(recordId) {
+      return recordId === 1 ? { id: 1 } : null;
+    },
+    async create(payload) {
+      return { id: 2, ...payload };
+    },
+    async updateById(recordId, payload) {
+      if (recordId !== 1) {
+        return null;
+      }
+      return { id: 1, ...payload };
+    },
+    async deleteById(recordId) {
+      if (recordId !== 1) {
+        return null;
+      }
+      return { id: 1, deleted: true };
+    },
+    ...overrides
+  };
+}
+test("createCrudServiceFromResource builds default service events", () => {
+  const { baseServiceEvents } = createCrudServiceFromResource({
+    resource: "contacts"
+  });
+  assert.equal(baseServiceEvents.createRecord[0].realtime.event, "contacts.record.changed");
+  assert.equal(baseServiceEvents.updateRecord[0].realtime.event, "contacts.record.changed");
+  assert.equal(baseServiceEvents.deleteRecord[0].realtime.event, "contacts.record.changed");
+});
+test("createCrudServiceFromResource normalizes namespace for realtime event names", () => {
+  const { baseServiceEvents } = createCrudServiceFromResource({
+    resource: "customer-orders"
+  });
+  assert.equal(baseServiceEvents.createRecord[0].realtime.event, "customer_orders.record.changed");
+});
+test("createCrudServiceFromResource delegates service methods and applies 404 semantics", async () => {
+  const { createBaseService } = createCrudServiceFromResource({
+    resource: "contacts"
+  });
+  const service = createBaseService({
+    repository: createRepositoryDouble()
+  });
+  const list = await service.listRecords({ limit: 2 }, {});
+  assert.deepEqual(list, {
+    items: [{ limit: 2 }],
+    nextCursor: null
+  });
+  assert.deepEqual(await service.getRecord(1, {}), { id: 1 });
+  await assert.rejects(
+    () => service.getRecord(9, {}),
+    (error) => error?.status === 404 && error?.message === "Record not found."
+  );
+  assert.deepEqual(await service.createRecord({ name: "A" }, {}), { id: 2, name: "A" });
+  assert.deepEqual(await service.updateRecord(1, { name: "B" }, {}), { id: 1, name: "B" });
+  await assert.rejects(
+    () => service.updateRecord(9, { name: "B" }, {}),
+    (error) => error?.status === 404 && error?.message === "Record not found."
+  );
+  assert.deepEqual(await service.deleteRecord(1, {}), { id: 1, deleted: true });
+  await assert.rejects(
+    () => service.deleteRecord(9, {}),
+    (error) => error?.status === 404 && error?.message === "Record not found."
+  );
+});
+test("createCrudServiceFromResource validates required inputs", async () => {
+  assert.throws(
+    () => createCrudServiceFromResource({}),
+    /resource\.resource/
+  );
+  const { createBaseService } = createCrudServiceFromResource({
+    resource: "contacts"
+  });
+  assert.throws(
+    () => createBaseService({}),
+    /requires repository/
+  );
+  const service = createBaseService({
+    repository: createRepositoryDouble({
+      async create() {
+        return null;
+      }
+    })
+  });
+  await assert.rejects(
+    () => service.createRecord({}, {}),
+    /contactsService could not load the created record/
+  );
+});
+test("createCrudServiceFromResource readable field hooks require view output schema", async () => {
+  const { createBaseService } = createCrudServiceFromResource({
+    resource: "contacts"
+  });
+  const service = createBaseService({
+    repository: createRepositoryDouble(),
+    fieldAccess: {
+      readable: () => ["id"]
+    }
+  });
+  await assert.rejects(
+    () => service.getRecord(1, {}),
+    /requires resource\.operations\.view\.outputValidator\.schema for fieldAccess\.readable/
+  );
+});
+test("createCrudServiceFromResource enforces writable field access hooks", async () => {
+  const createCalls = [];
+  const { createBaseService } = createCrudServiceFromResource(createResourceWithOutputSchema());
+  const service = createBaseService({
+    repository: createRepositoryDouble({
+      async create(payload) {
+        createCalls.push(payload);
+        return { id: 2, ...payload };
+      }
+    }),
+    fieldAccess: {
+      writable: () => ["name"]
+    }
+  });
+  await assert.rejects(
+    () => service.createRecord({ name: "A", optionalSecret: "hidden" }, {}),
+    (error) => error?.status === 403 && /Write access denied for fields: optionalSecret/.test(error?.message || "")
+  );
+  assert.equal(createCalls.length, 0);
+});
+test("createCrudServiceFromResource supports writable field strip mode", async () => {
+  const createCalls = [];
+  const { createBaseService } = createCrudServiceFromResource(createResourceWithOutputSchema());
+  const service = createBaseService({
+    repository: createRepositoryDouble({
+      async create(payload) {
+        createCalls.push(payload);
+        return { id: 2, ...payload, nullableSecret: "x", defaultedSecret: "y" };
+      }
+    }),
+    fieldAccess: {
+      writable: () => ["name"],
+      writeMode: "strip"
+    }
+  });
+  await service.createRecord({ name: "A", optionalSecret: "hidden" }, {});
+  assert.deepEqual(createCalls, [{ name: "A" }]);
+});
+test("createCrudServiceFromResource applies readable field access hooks with drop/null/default redaction", async () => {
+  const { createBaseService } = createCrudServiceFromResource(createResourceWithOutputSchema());
+  const service = createBaseService({
+    repository: createRepositoryDouble({
+      async findById() {
+        return {
+          id: 1,
+          name: "A",
+          optionalSecret: "drop-me",
+          nullableSecret: "redact-to-null",
+          defaultedSecret: "redact-to-default"
+        };
+      }
+    }),
+    fieldAccess: {
+      readable: () => ["id", "name"]
+    }
+  });
+  const record = await service.getRecord(1, {});
+  assert.deepEqual(record, {
+    id: 1,
+    name: "A",
+    nullableSecret: null,
+    defaultedSecret: ""
+  });
+});
+test("createCrudServiceFromResource readable filtering fails fast for required non-nullable fields without defaults", async () => {
+  const { createBaseService } = createCrudServiceFromResource({
+    resource: "contacts",
+    operations: {
+      view: {
+        outputValidator: {
+          schema: {
+            type: "object",
+            properties: {
+              id: { type: "integer" },
+              strictSecret: { type: "string" }
+            },
+            required: ["id", "strictSecret"]
+          }
+        }
+      }
+    }
+  });
+  const service = createBaseService({
+    repository: createRepositoryDouble({
+      async findById() {
+        return { id: 1, strictSecret: "value" };
+      }
+    }),
+    fieldAccess: {
+      readable: () => ["id"]
+    }
+  });
+  await assert.rejects(
+    () => service.getRecord(1, {}),
+    /cannot redact required non-nullable field "strictSecret" without schema\.default/
+  );
+});

package/test/crudFieldMetaSupport.test.js ADDED Viewed

@@ -0,0 +1,47 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import {
+  checkCrudLookupFormControl,
+  isCrudRuntimeOutputOnlyFieldKey
+} from "../src/shared/crudFieldMetaSupport.js";
+test("checkCrudLookupFormControl defaults to autocomplete", () => {
+  assert.equal(checkCrudLookupFormControl(undefined), "autocomplete");
+  assert.equal(checkCrudLookupFormControl(""), "autocomplete");
+});
+test("checkCrudLookupFormControl accepts select", () => {
+  assert.equal(checkCrudLookupFormControl("select"), "select");
+});
+test("checkCrudLookupFormControl accepts explicit empty default", () => {
+  assert.equal(checkCrudLookupFormControl(undefined, { defaultValue: "" }), "");
+});
+test("checkCrudLookupFormControl throws for invalid value", () => {
+  assert.throws(
+    () => checkCrudLookupFormControl("Select", { context: "testContext" }),
+    /testContext must be "autocomplete" or "select"\./
+  );
+});
+test("isCrudRuntimeOutputOnlyFieldKey matches lookups", () => {
+  assert.equal(isCrudRuntimeOutputOnlyFieldKey("lookups"), true);
+  assert.equal(isCrudRuntimeOutputOnlyFieldKey(" lookups "), true);
+  assert.equal(isCrudRuntimeOutputOnlyFieldKey("id"), false);
+});
+test("isCrudRuntimeOutputOnlyFieldKey supports custom lookup container key", () => {
+  assert.equal(
+    isCrudRuntimeOutputOnlyFieldKey("lookupData", {
+      lookupContainerKey: "lookupData"
+    }),
+    true
+  );
+  assert.equal(
+    isCrudRuntimeOutputOnlyFieldKey("lookups", {
+      lookupContainerKey: "lookupData"
+    }),
+    false
+  );
+});

package/test/fieldAccess.test.js ADDED Viewed

@@ -0,0 +1,86 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import { createFieldAccessForRoleMatrix } from "../src/server/fieldAccess.js";
+test("createFieldAccessForRoleMatrix resolves role and action policies", () => {
+  const fieldAccess = createFieldAccessForRoleMatrix({
+    default: {
+      readable: {
+        list: ["id", "name"],
+        "*": ["id"]
+      },
+      writable: {
+        create: ["name"],
+        update: ["name"]
+      }
+    },
+    admin: {
+      readable: "*",
+      writable: "*"
+    },
+    writeMode: "strip"
+  });
+  assert.equal(fieldAccess.writeMode, "strip");
+  assert.deepEqual(
+    fieldAccess.readable({
+      action: "list",
+      context: { auth: { role: "user" } }
+    }),
+    ["id", "name"]
+  );
+  assert.deepEqual(
+    fieldAccess.readable({
+      action: "view",
+      context: { auth: { role: "user" } }
+    }),
+    ["id"]
+  );
+  assert.equal(
+    fieldAccess.writable({
+      action: "update",
+      context: { auth: { role: "admin" } }
+    }),
+    "*"
+  );
+});
+test("createFieldAccessForRoleMatrix supports function policies and default role fallback", () => {
+  const fieldAccess = createFieldAccessForRoleMatrix({
+    default: {
+      readable: ({ action }) => (action === "list" ? ["id"] : ["id", "name"]),
+      writable: {
+        "*": ["name"]
+      }
+    }
+  });
+  assert.deepEqual(
+    fieldAccess.readable({
+      action: "list",
+      context: { auth: { role: "unknown" } }
+    }),
+    ["id"]
+  );
+  assert.deepEqual(
+    fieldAccess.readable({
+      action: "view",
+      context: { auth: { role: "unknown" } }
+    }),
+    ["id", "name"]
+  );
+  assert.deepEqual(
+    fieldAccess.writable({
+      action: "update",
+      context: { auth: { role: "unknown" } }
+    }),
+    ["name"]
+  );
+});
+test("createFieldAccessForRoleMatrix validates writeMode", () => {
+  assert.throws(
+    () => createFieldAccessForRoleMatrix({ writeMode: "invalid-mode" }),
+    /fieldAccess\.writeMode must be "throw" or "strip"/
+  );
+});

package/test/listQueryValidators.test.js ADDED Viewed

@@ -0,0 +1,162 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import {
+  cursorPaginationQueryValidator
+} from "@jskit-ai/kernel/shared/validators";
+import { compileRouteValidator } from "@jskit-ai/kernel/_testable";
+import {
+  listSearchQueryValidator,
+  lookupIncludeQueryValidator,
+  createCrudParentFilterQueryValidator,
+  resolveCrudParentFilterKeys
+} from "../src/server/listQueryValidators.js";
+test("listSearchQueryValidator normalizes q", () => {
+  const normalized = listSearchQueryValidator.normalize({
+    q: "  ani  "
+  });
+  assert.deepEqual(normalized, {
+    q: "ani"
+  });
+});
+test("listSearchQueryValidator keeps q optional when merged with pagination query validator", () => {
+  const compiled = compileRouteValidator({
+    queryValidator: [cursorPaginationQueryValidator, listSearchQueryValidator]
+  });
+  assert.deepEqual(compiled.schema.querystring.required || [], []);
+});
+test("lookupIncludeQueryValidator normalizes include", () => {
+  const normalized = lookupIncludeQueryValidator.normalize({
+    include: "  vetId,ownerId  "
+  });
+  assert.deepEqual(normalized, {
+    include: "vetId,ownerId"
+  });
+});
+test("lookupIncludeQueryValidator keeps include optional when merged with pagination and search", () => {
+  const compiled = compileRouteValidator({
+    queryValidator: [cursorPaginationQueryValidator, listSearchQueryValidator, lookupIncludeQueryValidator]
+  });
+  assert.deepEqual(compiled.schema.querystring.required || [], []);
+});
+test("resolveCrudParentFilterKeys returns lookup keys that exist in create schema", () => {
+  const resource = {
+    operations: {
+      create: {
+        bodyValidator: {
+          schema: {
+            type: "object",
+            properties: {
+              contactId: { type: "integer" },
+              name: { type: "string" },
+              vetId: { type: "integer" }
+            }
+          }
+        }
+      }
+    },
+    fieldMeta: [
+      {
+        key: "contactId",
+        relation: {
+          kind: "lookup",
+          apiPath: "/contacts",
+          valueKey: "id"
+        }
+      },
+      {
+        key: "vetId",
+        relation: {
+          kind: "lookup",
+          apiPath: "/vets",
+          valueKey: "id"
+        }
+      },
+      {
+        key: "ignoredLookup",
+        relation: {
+          kind: "lookup",
+          apiPath: "/ignored",
+          valueKey: "id"
+        }
+      }
+    ]
+  };
+  assert.deepEqual(resolveCrudParentFilterKeys(resource), ["contactId", "vetId"]);
+});
+test("createCrudParentFilterQueryValidator normalizes configured parent filters", () => {
+  const validator = createCrudParentFilterQueryValidator({
+    operations: {
+      create: {
+        bodyValidator: {
+          schema: {
+            type: "object",
+            properties: {
+              contactId: { type: "integer" }
+            }
+          }
+        }
+      }
+    },
+    fieldMeta: [
+      {
+        key: "contactId",
+        relation: {
+          kind: "lookup",
+          apiPath: "/contacts",
+          valueKey: "id"
+        }
+      }
+    ]
+  });
+  const normalized = validator.normalize({
+    contactId: "  42  ",
+    unknown: "x"
+  });
+  assert.deepEqual(normalized, {
+    contactId: "42"
+  });
+});
+test("createCrudParentFilterQueryValidator keeps parent filters optional when merged", () => {
+  const parentValidator = createCrudParentFilterQueryValidator({
+    operations: {
+      create: {
+        bodyValidator: {
+          schema: {
+            type: "object",
+            properties: {
+              contactId: { type: "integer" }
+            }
+          }
+        }
+      }
+    },
+    fieldMeta: [
+      {
+        key: "contactId",
+        relation: {
+          kind: "lookup",
+          apiPath: "/contacts",
+          valueKey: "id"
+        }
+      }
+    ]
+  });
+  const compiled = compileRouteValidator({
+    queryValidator: [cursorPaginationQueryValidator, listSearchQueryValidator, parentValidator]
+  });
+  assert.deepEqual(compiled.schema.querystring.required || [], []);
+});

package/test/lookupProviders.test.js ADDED Viewed

@@ -0,0 +1,103 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import {
+  resolveCrudLookupProviderToken,
+  createCrudLookupProviderResolver,
+  createCrudLookupProvider
+} from "../src/server/lookupProviders.js";
+test("resolveCrudLookupProviderToken normalizes namespace to lookup token", () => {
+  assert.equal(resolveCrudLookupProviderToken("vets"), "crud.lookup.vets");
+  assert.equal(resolveCrudLookupProviderToken("vets/clinics/"), "crud.lookup.vets.clinics");
+  assert.equal(resolveCrudLookupProviderToken("contact-categories"), "crud.lookup.contact_categories");
+  assert.equal(resolveCrudLookupProviderToken("customer-categories/line-items"), "crud.lookup.customer_categories.line_items");
+});
+test("resolveCrudLookupProviderToken throws for empty namespace", () => {
+  assert.throws(
+    () => resolveCrudLookupProviderToken(""),
+    /requires relation\.namespace/
+  );
+});
+test("createCrudLookupProviderResolver resolves providers through scope.make()", () => {
+  const calls = [];
+  const scope = {
+    make(token) {
+      calls.push(token);
+      return { token };
+    }
+  };
+  const resolveLookupProvider = createCrudLookupProviderResolver(scope, {
+    context: "customersProvider"
+  });
+  const resolved = resolveLookupProvider({
+    namespace: "vets"
+  });
+  assert.equal(calls[0], "crud.lookup.vets");
+  assert.deepEqual(resolved, {
+    token: "crud.lookup.vets"
+  });
+});
+test("createCrudLookupProvider wraps repository.listByIds and preserves include when provided", async () => {
+  const calls = [];
+  const provider = createCrudLookupProvider({
+    async listByIds(ids = [], options = {}) {
+      calls.push({
+        ids,
+        options
+      });
+      return [{ id: 1 }];
+    }
+  });
+  const result = await provider.listByIds([1, 2], {
+    include: "*",
+    limit: 10
+  });
+  assert.deepEqual(result, [{ id: 1 }]);
+  assert.deepEqual(calls[0], {
+    ids: [1, 2],
+    options: {
+      include: "*",
+      limit: 10
+    }
+  });
+});
+test("createCrudLookupProvider defaults include=none when include is not provided", async () => {
+  const calls = [];
+  const provider = createCrudLookupProvider({
+    async listByIds(ids = [], options = {}) {
+      calls.push({
+        ids,
+        options
+      });
+      return [{ id: 1 }];
+    }
+  });
+  await provider.listByIds([1, 2], {
+    limit: 10
+  });
+  assert.deepEqual(calls[0], {
+    ids: [1, 2],
+    options: {
+      include: "none",
+      limit: 10
+    }
+  });
+});
+test("createCrudLookupProvider validates repository contract", () => {
+  assert.throws(
+    () => createCrudLookupProvider({}),
+    /requires repository\.listByIds/
+  );
+});