@lunora/server 0.0.0 → 1.0.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. package/LICENSE.md +105 -0
  2. package/README.md +130 -9
  3. package/__assets__/package-og.svg +14 -0
  4. package/dist/data-model.d.mts +328 -0
  5. package/dist/data-model.d.ts +328 -0
  6. package/dist/data-model.mjs +1 -0
  7. package/dist/drizzle.d.mts +1 -0
  8. package/dist/drizzle.d.ts +1 -0
  9. package/dist/drizzle.mjs +1 -0
  10. package/dist/index.d.mts +1741 -0
  11. package/dist/index.d.ts +1741 -0
  12. package/dist/index.mjs +24 -0
  13. package/dist/packem_shared/LunoraError-DhggBJZF.mjs +51 -0
  14. package/dist/packem_shared/asBucketStorage-Cnxd9y2q.mjs +11 -0
  15. package/dist/packem_shared/bindTableFacade-DCuyr46L.mjs +71 -0
  16. package/dist/packem_shared/defineAggregateIndex-DzqxtAyV.mjs +236 -0
  17. package/dist/packem_shared/defineEnv-DjFkpkSP.mjs +187 -0
  18. package/dist/packem_shared/defineMigration-CAJLr6fx.mjs +8 -0
  19. package/dist/packem_shared/definePolicy-De67zPDS.mjs +29 -0
  20. package/dist/packem_shared/definePresence-D5LtwGl0.mjs +114 -0
  21. package/dist/packem_shared/defineSchemaExtension-Ck5_TUO8.mjs +100 -0
  22. package/dist/packem_shared/defineStorageRule-qu0mpilX.mjs +20 -0
  23. package/dist/packem_shared/httpAction-B7FYUEgr.mjs +340 -0
  24. package/dist/packem_shared/initLunora-CATvPsVt.mjs +86 -0
  25. package/dist/packem_shared/mask-CkZJHHMM.mjs +211 -0
  26. package/dist/packem_shared/onConnect-CIPXKPyw.mjs +13 -0
  27. package/dist/packem_shared/protectPublic-BjFkQ_Or.mjs +15 -0
  28. package/dist/packem_shared/rls-Zhf5wEeJ.mjs +551 -0
  29. package/dist/packem_shared/run-middleware-CYQOuoV6.mjs +18 -0
  30. package/dist/packem_shared/storageRules-4a30FSpI.mjs +88 -0
  31. package/dist/packem_shared/types.d-BDY0FYHK.d.ts +135 -0
  32. package/dist/packem_shared/types.d-DmvyEMD6.d.mts +135 -0
  33. package/dist/rls/testing.d.mts +63 -0
  34. package/dist/rls/testing.d.ts +63 -0
  35. package/dist/rls/testing.mjs +49 -0
  36. package/dist/types.d.mts +1029 -0
  37. package/dist/types.d.ts +1029 -0
  38. package/dist/types.mjs +31 -0
  39. package/package.json +59 -17
@@ -0,0 +1,211 @@
1
+ import { LunoraError } from './LunoraError-DhggBJZF.mjs';
2
+ import { bindTableFacade, bindOrm } from './bindTableFacade-DCuyr46L.mjs';
3
+
4
+ const permissionName = (permission) => typeof permission === "string" ? permission : permission.name;
5
+ const indexRolePermissions = (roles) => {
6
+ const map = /* @__PURE__ */ new Map();
7
+ for (const role of roles ?? []) {
8
+ map.set(role.name, new Set((role.permissions ?? []).map((permission) => permissionName(permission))));
9
+ }
10
+ return map;
11
+ };
12
+ const fnv1aHex = (input) => {
13
+ let hash = 2166136261;
14
+ for (let index = 0; index < input.length; index += 1) {
15
+ hash ^= input.codePointAt(index) ?? 0;
16
+ hash = Math.imul(hash, 16777619);
17
+ }
18
+ return (hash >>> 0).toString(16).padStart(8, "0");
19
+ };
20
+ const applyStrategy = (strategy, value, context) => {
21
+ try {
22
+ if (strategy === "redact") {
23
+ return null;
24
+ }
25
+ if (strategy === "hash") {
26
+ if (value === null || value === void 0) {
27
+ return value;
28
+ }
29
+ return fnv1aHex(typeof value === "string" ? value : JSON.stringify(value));
30
+ }
31
+ return strategy(value, context);
32
+ } catch {
33
+ return null;
34
+ }
35
+ };
36
+ const maskRow = (row, columns, base) => {
37
+ const out = { ...row };
38
+ for (const [column, strategy] of Object.entries(columns)) {
39
+ if (!(column in out)) {
40
+ continue;
41
+ }
42
+ out[column] = applyStrategy(strategy, row[column], { ...base, column, row });
43
+ }
44
+ return out;
45
+ };
46
+ const maskPage = (page, columns, base) => {
47
+ return { ...page, page: page.page.map((row) => maskRow(row, columns, base)) };
48
+ };
49
+ const isFacadeEntry = (value) => {
50
+ if (typeof value !== "object" || value === null || Array.isArray(value)) {
51
+ return false;
52
+ }
53
+ const candidate = value;
54
+ return typeof candidate["findMany"] === "function" && typeof candidate["withSearchIndex"] === "function";
55
+ };
56
+ const wrapDatabase = (base, perTable, context) => {
57
+ const wrapReader = (reader, columns) => {
58
+ return {
59
+ collect: async () => {
60
+ const rows = await reader.collect();
61
+ return rows.map((row) => maskRow(row, columns, context));
62
+ },
63
+ filter: (predicate) => wrapReader(
64
+ reader.filter((document) => predicate(document)),
65
+ columns
66
+ ),
67
+ first: async () => {
68
+ const row = await reader.first();
69
+ return row ? maskRow(row, columns, context) : null;
70
+ },
71
+ order: (direction) => wrapReader(reader.order(direction), columns),
72
+ paginate: async (options) => maskPage(await reader.paginate(options), columns, context),
73
+ take: async (limit) => {
74
+ const rows = await reader.take(limit);
75
+ return rows.map((row) => maskRow(row, columns, context));
76
+ },
77
+ unique: async () => {
78
+ const row = await reader.unique();
79
+ return row ? maskRow(row, columns, context) : null;
80
+ },
81
+ withIndex: (indexName, range) => wrapReader(reader.withIndex(indexName, range), columns),
82
+ withSearchIndex: (indexName, search) => wrapReader(reader.withSearchIndex(indexName, search), columns)
83
+ };
84
+ };
85
+ const locate = async (id, expectedTable) => {
86
+ if (base.lookupById) {
87
+ const located = await base.lookupById(id, expectedTable);
88
+ if (!located) {
89
+ return { row: null, tableName: void 0 };
90
+ }
91
+ return { row: located.row, tableName: perTable.has(located.tableName) ? located.tableName : void 0 };
92
+ }
93
+ const row = await base.get(id, expectedTable);
94
+ if (!row) {
95
+ return { row: null, tableName: void 0 };
96
+ }
97
+ let probeTables;
98
+ if (expectedTable === void 0) {
99
+ probeTables = [...perTable.keys()];
100
+ } else if (perTable.has(expectedTable)) {
101
+ probeTables = [expectedTable];
102
+ } else {
103
+ probeTables = [];
104
+ }
105
+ const probes = await Promise.all(
106
+ probeTables.map(async (tableName) => {
107
+ const probe = await base.findFirst(tableName, { limit: 1, where: { _id: id } });
108
+ return probe?.["_id"] === id ? tableName : void 0;
109
+ })
110
+ );
111
+ return { row, tableName: probes.find((entry) => entry !== void 0) };
112
+ };
113
+ const assertReductionAllowed = (tableName, fields, method) => {
114
+ const columns = perTable.get(tableName);
115
+ if (!columns) {
116
+ return;
117
+ }
118
+ const offending = fields.find((field) => typeof field === "string" && field in columns);
119
+ if (offending !== void 0) {
120
+ throw new LunoraError("MASK_UNSUPPORTED", `${method}() over masked column "${offending}" on "${tableName}" is not supported`);
121
+ }
122
+ };
123
+ const wrapped = {
124
+ ...base,
125
+ aggregate(tableName, options) {
126
+ assertReductionAllowed(tableName, [options.field], "aggregate");
127
+ return base.aggregate(tableName, options);
128
+ },
129
+ async findFirst(tableName, args) {
130
+ const row = await base.findFirst(tableName, args);
131
+ const columns = perTable.get(tableName);
132
+ return row && columns ? maskRow(row, columns, context) : row;
133
+ },
134
+ async findFirstOrThrow(tableName, args) {
135
+ const row = await base.findFirstOrThrow(tableName, args);
136
+ const columns = perTable.get(tableName);
137
+ return columns ? maskRow(row, columns, context) : row;
138
+ },
139
+ async findMany(tableName, args) {
140
+ const page = await base.findMany(tableName, args);
141
+ const columns = perTable.get(tableName);
142
+ return columns ? maskPage(page, columns, context) : page;
143
+ },
144
+ async get(id, expectedTable) {
145
+ const { row, tableName } = await locate(id, expectedTable);
146
+ const columns = tableName === void 0 ? void 0 : perTable.get(tableName);
147
+ if (!row || !columns) {
148
+ return row;
149
+ }
150
+ return maskRow(row, columns, context);
151
+ },
152
+ groupBy(tableName, options) {
153
+ assertReductionAllowed(tableName, [...options.by, options.agg?.field], "groupBy");
154
+ return base.groupBy(tableName, options);
155
+ },
156
+ query(tableName) {
157
+ const reader = base.query(tableName);
158
+ const columns = perTable.get(tableName);
159
+ return columns ? wrapReader(reader, columns) : reader;
160
+ },
161
+ async rankPage(tableName, indexName, options) {
162
+ const page = await base.rankPage(tableName, indexName, options);
163
+ const columns = perTable.get(tableName);
164
+ return columns ? maskPage(page, columns, context) : page;
165
+ }
166
+ };
167
+ const writableFacade = wrapped;
168
+ for (const tableName of perTable.keys()) {
169
+ if (isFacadeEntry(base[tableName])) {
170
+ writableFacade[tableName] = bindTableFacade(wrapped, tableName);
171
+ }
172
+ }
173
+ return wrapped;
174
+ };
175
+ const mask = (policies, options = {}) => {
176
+ const perTable = new Map(Object.entries(policies));
177
+ const rolePermissions = indexRolePermissions(options.roles);
178
+ return async ({ ctx, next }) => {
179
+ const auth = ctx.auth ?? {};
180
+ const identity = await auth.getIdentity?.() ?? null;
181
+ const roles = auth.roles ?? [];
182
+ const granted = /* @__PURE__ */ new Set();
183
+ for (const roleName of roles) {
184
+ for (const name of rolePermissions.get(roleName) ?? []) {
185
+ granted.add(name);
186
+ }
187
+ }
188
+ const maskContext = {
189
+ auth: {
190
+ can: (permission) => granted.has(permissionName(permission)),
191
+ identity,
192
+ roles,
193
+ // eslint-disable-next-line unicorn/no-null -- MaskContext.auth.userId is a public `null | string` type
194
+ userId: auth.userId ?? null
195
+ },
196
+ ctx
197
+ };
198
+ if (options.bypass?.(maskContext)) {
199
+ return next();
200
+ }
201
+ const wrapped = wrapDatabase(ctx.db, perTable, maskContext);
202
+ const extension = { db: wrapped };
203
+ const { orm } = ctx;
204
+ if (orm !== null && typeof orm === "object") {
205
+ extension.orm = bindOrm(wrapped);
206
+ }
207
+ return next({ ctx: extension });
208
+ };
209
+ };
210
+
211
+ export { mask };
@@ -0,0 +1,13 @@
1
+ const wrapLifecycle = (lifecycle, handler) => {
2
+ return {
3
+ args: {},
4
+ handler: (context, event) => handler(context, event),
5
+ kind: "mutation",
6
+ lifecycle,
7
+ visibility: "internal"
8
+ };
9
+ };
10
+ const onConnect = (handler) => wrapLifecycle("connect", handler);
11
+ const onDisconnect = (handler) => wrapLifecycle("disconnect", handler);
12
+
13
+ export { onConnect, onDisconnect };
@@ -0,0 +1,15 @@
1
+ import { r as runMiddlewareChain } from './run-middleware-CYQOuoV6.mjs';
2
+
3
+ const protectPublic = (options) => {
4
+ const chain = [options.rateLimit, options.captcha, ...options.use ?? []].filter(
5
+ (middleware) => middleware !== void 0
6
+ );
7
+ const composed = async ({ ctx, next }) => runMiddlewareChain(
8
+ chain,
9
+ ctx,
10
+ (context) => next({ ctx: context })
11
+ );
12
+ return composed;
13
+ };
14
+
15
+ export { protectPublic };