@medusajs/framework 2.13.1 → 2.13.2-preview-20260129180641
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/http/middleware-file-loader.d.ts.map +1 -1
- package/dist/http/middleware-file-loader.js +9 -3
- package/dist/http/middleware-file-loader.js.map +1 -1
- package/dist/http/middlewares/check-permissions.js +3 -3
- package/dist/http/middlewares/check-permissions.js.map +1 -1
- package/dist/http/middlewares/error-handler.d.ts.map +1 -1
- package/dist/http/middlewares/error-handler.js +3 -0
- package/dist/http/middlewares/error-handler.js.map +1 -1
- package/dist/http/utils/field-filtering/field-parser.d.ts +32 -0
- package/dist/http/utils/field-filtering/field-parser.d.ts.map +1 -0
- package/dist/http/utils/field-filtering/field-parser.js +87 -0
- package/dist/http/utils/field-filtering/field-parser.js.map +1 -0
- package/dist/http/utils/field-filtering/field-validator.d.ts +24 -0
- package/dist/http/utils/field-filtering/field-validator.d.ts.map +1 -0
- package/dist/http/utils/field-filtering/field-validator.js +67 -0
- package/dist/http/utils/field-filtering/field-validator.js.map +1 -0
- package/dist/http/utils/field-filtering/index.d.ts +33 -0
- package/dist/http/utils/field-filtering/index.d.ts.map +1 -0
- package/dist/http/utils/field-filtering/index.js +9 -0
- package/dist/http/utils/field-filtering/index.js.map +1 -0
- package/dist/http/utils/get-query-config.d.ts +13 -4
- package/dist/http/utils/get-query-config.d.ts.map +1 -1
- package/dist/http/utils/get-query-config.js +29 -104
- package/dist/http/utils/get-query-config.js.map +1 -1
- package/dist/http/utils/policies/rbac-field-filter.d.ts +19 -0
- package/dist/http/utils/policies/rbac-field-filter.d.ts.map +1 -0
- package/dist/http/utils/policies/rbac-field-filter.js +348 -0
- package/dist/http/utils/policies/rbac-field-filter.js.map +1 -0
- package/dist/http/utils/validate-query.d.ts +1 -1
- package/dist/http/utils/validate-query.d.ts.map +1 -1
- package/dist/http/utils/validate-query.js +4 -4
- package/dist/http/utils/validate-query.js.map +1 -1
- package/dist/{utils → policies}/has-permission.d.ts +1 -1
- package/dist/policies/has-permission.d.ts.map +1 -0
- package/dist/{utils → policies}/has-permission.js +5 -2
- package/dist/policies/has-permission.js.map +1 -0
- package/dist/policies/index.d.ts +1 -0
- package/dist/policies/index.d.ts.map +1 -1
- package/dist/policies/index.js +1 -0
- package/dist/policies/index.js.map +1 -1
- package/dist/utils/index.d.ts +0 -1
- package/dist/utils/index.d.ts.map +1 -1
- package/dist/utils/index.js +0 -1
- package/dist/utils/index.js.map +1 -1
- package/package.json +10 -10
- package/dist/utils/has-permission.d.ts.map +0 -1
- package/dist/utils/has-permission.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware-file-loader.d.ts","sourceRoot":"","sources":["../../src/http/middleware-file-loader.ts"],"names":[],"mappings":"AAKA,OAAO,EACL,KAAK,4BAA4B,EACjC,KAAK,qBAAqB,EAE1B,KAAK,0BAA0B,EAC/B,KAAK,oBAAoB,EAE1B,MAAM,SAAS,CAAA;AAOhB;;;;GAIG;AACH,qBAAa,oBAAoB;;
|
|
1
|
+
{"version":3,"file":"middleware-file-loader.d.ts","sourceRoot":"","sources":["../../src/http/middleware-file-loader.ts"],"names":[],"mappings":"AAKA,OAAO,EACL,KAAK,4BAA4B,EACjC,KAAK,qBAAqB,EAE1B,KAAK,0BAA0B,EAC/B,KAAK,oBAAoB,EAE1B,MAAM,SAAS,CAAA;AAOhB;;;;GAIG;AACH,qBAAa,oBAAoB;;IAgJ/B;;;;OAIG;IACG,OAAO,CAAC,SAAS,EAAE,MAAM;IAa/B;;OAEG;IACH,eAAe;IAIf;;OAEG;IACH,cAAc;IAId;;OAEG;IACH,yBAAyB;IAIzB;;;OAGG;IACH,gCAAgC;CAGjC"}
|
|
@@ -13,9 +13,9 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
|
|
|
13
13
|
var _MiddlewareFileLoader_instances, _MiddlewareFileLoader_errorHandler, _MiddlewareFileLoader_middleware, _MiddlewareFileLoader_additionalDataValidatorRoutes, _MiddlewareFileLoader_bodyParserConfigRoutes, _MiddlewareFileLoader_processMiddlewareFile;
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
15
|
exports.MiddlewareFileLoader = void 0;
|
|
16
|
+
const zod_1 = require("@medusajs/deps/zod");
|
|
16
17
|
const utils_1 = require("@medusajs/utils");
|
|
17
18
|
const path_1 = require("path");
|
|
18
|
-
const zod_1 = require("@medusajs/deps/zod");
|
|
19
19
|
const logger_1 = require("../logger");
|
|
20
20
|
const types_1 = require("./types");
|
|
21
21
|
/**
|
|
@@ -153,8 +153,14 @@ async function _MiddlewareFileLoader_processMiddlewareFile(absolutePath) {
|
|
|
153
153
|
validator: zod_1.z.object(route.additionalDataValidator).nullish(),
|
|
154
154
|
});
|
|
155
155
|
}
|
|
156
|
-
if (route.middlewares) {
|
|
157
|
-
route.middlewares
|
|
156
|
+
if (route.middlewares || route.policies) {
|
|
157
|
+
const middlewares = route.middlewares ?? [];
|
|
158
|
+
if (route.policies && !route.middlewares?.length) {
|
|
159
|
+
middlewares.push((_, __, next) => {
|
|
160
|
+
next();
|
|
161
|
+
});
|
|
162
|
+
}
|
|
163
|
+
middlewares.forEach((middleware) => {
|
|
158
164
|
result.middleware.push({
|
|
159
165
|
handler: middleware,
|
|
160
166
|
matcher: matcher,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware-file-loader.js","sourceRoot":"","sources":["../../src/http/middleware-file-loader.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAA0E;AAC1E,+BAA2B;
|
|
1
|
+
{"version":3,"file":"middleware-file-loader.js","sourceRoot":"","sources":["../../src/http/middleware-file-loader.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,4CAAsC;AACtC,2CAA0E;AAC1E,+BAA2B;AAE3B,sCAAkC;AAClC,mCAOgB;AAEhB;;GAEG;AACH,MAAM,oBAAoB,GAAG,aAAa,CAAA;AAE1C;;;;GAIG;AACH,MAAa,oBAAoB;IAAjC;;QACE;;WAEG;QACH,qDAA0C;QAE1C;;WAEG;QACH,2CAAsC,EAAE;QAExC;;;WAGG;UALqC;QAExC;;;WAGG;QACH,8DAAiE,EAAE;QAEnE;;WAEG;UAJgE;QAEnE;;WAEG;QACH,uDAAmD,EAAE;QAErD;;;WAGG;UALkD;IA0KvD,CAAC;IA9CC;;;;OAIG;IACH,KAAK,CAAC,OAAO,CAAC,SAAiB;QAC7B,MAAM,EAAE,GAAG,IAAI,kBAAU,CAAC,SAAS,CAAC,CAAA;QACpC,IAAI,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,oBAAoB,KAAK,CAAC,EAAE,CAAC;YAClD,MAAM,uBAAA,IAAI,oFAAuB,MAA3B,IAAI,EACR,IAAA,WAAI,EAAC,SAAS,EAAE,GAAG,oBAAoB,KAAK,CAAC,CAC9C,CAAA;QACH,CAAC;aAAM,IAAI,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,oBAAoB,KAAK,CAAC,EAAE,CAAC;YACzD,MAAM,uBAAA,IAAI,oFAAuB,MAA3B,IAAI,EACR,IAAA,WAAI,EAAC,SAAS,EAAE,GAAG,oBAAoB,KAAK,CAAC,CAC9C,CAAA;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,uBAAA,IAAI,0CAAc,CAAA;IAC3B,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,uBAAA,IAAI,wCAAY,CAAA;IACzB,CAAC;IAED;;OAEG;IACH,yBAAyB;QACvB,OAAO,uBAAA,IAAI,oDAAwB,CAAA;IACrC,CAAC;IAED;;;OAGG;IACH,gCAAgC;QAC9B,OAAO,uBAAA,IAAI,2DAA+B,CAAA;IAC5C,CAAC;CACF;AA9LD,oDA8LC;;AAxKC;;;GAGG;AACH,KAAK,sDAAwB,YAAoB;IAC/C,MAAM,iBAAiB,GAAG,MAAM,IAAA,qBAAa,EAAC,YAAY,CAAC,CAAA;IAE3D,IAAI,IAAA,qBAAa,EAAC,iBAAiB,CAAC,EAAE,CAAC;QACrC,OAAM;IACR,CAAC;IAED,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,OAAO,CAAA;IAClD,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,eAAM,CAAC,IAAI,CACT,wCAAwC,YAAY,sCAAsC,CAC3F,CAAA;QACD,OAAM;IACR,CAAC;IAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAqC,CAAA;IACrE,IAAI,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACtC,eAAM,CAAC,IAAI,CACT,mCAAmC,YAAY,wEAAwE,CACxH,CAAA;QACD,OAAM;IACR,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAK1B,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE;QAChB,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CACb,wGAAwG,IAAI,CAAC,SAAS,CACpH,KAAK,EACL,IAAI,EACJ,CAAC,CACF,EAAE,CACJ,CAAA;QACH,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAErC,IAAI,KAAK,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACnC,IAAI,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,CAAC,GAAG,oBAAY,CAAC,CAAA;YAChD,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5B,OAAO,GAAG,CAAC,GAAG,oBAAY,CAAC,CAAA;YAC7B,CAAC;YAED,eAAM,CAAC,KAAK,CACV,6CAA6C,OAAO,IAAI,KAAK,CAAC,OAAO,EAAE,CACxE,CAAA;YAED,MAAM,CAAC,sBAAsB,CAAC,IAAI,CAAC;gBACjC,OAAO,EAAE,OAAO;gBAChB,OAAO;gBACP,MAAM,EAAE,KAAK,CAAC,UAAU;aACzB,CAAC,CAAA;QACJ,CAAC;QAED,IAAI,KAAK,CAAC,uBAAuB,KAAK,SAAS,EAAE,CAAC;YAChD,IAAI,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,CAAC,GAAG,oBAAY,CAAC,CAAA;YAChD,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5B,OAAO,GAAG,CAAC,GAAG,oBAAY,CAAC,CAAA;YAC7B,CAAC;YAED,eAAM,CAAC,KAAK,CACV,iDAAiD,OAAO,IAAI,KAAK,CAAC,OAAO,EAAE,CAC5E,CAAA;YAED,MAAM,CAAC,6BAA6B,CAAC,IAAI,CAAC;gBACxC,OAAO,EAAE,OAAO;gBAChB,OAAO;gBACP,MAAM,EAAE,KAAK,CAAC,uBAAuB;gBACrC,SAAS,EAAE,OAAC,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,OAAO,EAAE;aAC7D,CAAC,CAAA;QACJ,CAAC;QAED,IAAI,KAAK,CAAC,WAAW,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACxC,MAAM,WAAW,GAAG,KAAK,CAAC,WAAW,IAAI,EAAE,CAAA;YAC3C,IAAI,KAAK,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,MAAM,EAAE,CAAC;gBACjD,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE;oBAC/B,IAAI,EAAE,CAAA;gBACR,CAAC,CAAC,CAAA;YACJ,CAAC;YAED,WAAW,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;gBACjC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,OAAO,EAAE,UAAU;oBACnB,OAAO,EAAE,OAAO;oBAChB,OAAO,EAAE,KAAK,CAAC,OAAO;oBACtB,QAAQ,EAAE,KAAK,CAAC,QAAQ;iBACzB,CAAC,CAAA;YACJ,CAAC,CAAC,CAAA;QACJ,CAAC;QACD,OAAO,MAAM,CAAA;IACf,CAAC,EACD;QACE,sBAAsB,EAAE,EAAE;QAC1B,6BAA6B,EAAE,EAAE;QACjC,UAAU,EAAE,EAAE;KACf,CACF,CAAA;IAED,MAAM,YAAY,GAChB,gBAAgB,CAAC,YAAiD,CAAA;IAEpE,IAAI,YAAY,EAAE,CAAC;QACjB,uBAAA,IAAI,sCAAiB,YAAY,MAAA,CAAA;IACnC,CAAC;IACD,uBAAA,IAAI,oCAAe,uBAAA,IAAI,wCAAY,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,MAAA,CAAA;IAC7D,uBAAA,IAAI,gDAA2B,uBAAA,IAAI,oDAAwB,CAAC,MAAM,CAChE,MAAM,CAAC,sBAAsB,CAC9B,MAAA,CAAA;IACD,uBAAA,IAAI,uDACF,uBAAA,IAAI,2DAA+B,CAAC,MAAM,CACxC,MAAM,CAAC,6BAA6B,CACrC,MAAA,CAAA;AACL,CAAC"}
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.wrapWithPoliciesCheck = wrapWithPoliciesCheck;
|
|
4
4
|
const utils_1 = require("@medusajs/utils");
|
|
5
|
-
const has_permission_1 = require("../../
|
|
5
|
+
const has_permission_1 = require("../../policies/has-permission");
|
|
6
6
|
/**
|
|
7
7
|
* Core permission checking logic for middleware and routes
|
|
8
8
|
*/
|
|
@@ -16,7 +16,7 @@ async function checkPermissions(policies, req) {
|
|
|
16
16
|
// Get roles from JWT token's app_metadata
|
|
17
17
|
const roleIds = authContext?.app_metadata?.roles || [];
|
|
18
18
|
if (!roleIds.length) {
|
|
19
|
-
throw new utils_1.MedusaError(utils_1.MedusaError.Types.
|
|
19
|
+
throw new utils_1.MedusaError(utils_1.MedusaError.Types.FORBIDDEN, "Forbidden");
|
|
20
20
|
}
|
|
21
21
|
const hasAccess = await (0, has_permission_1.hasPermission)({
|
|
22
22
|
roles: roleIds,
|
|
@@ -27,7 +27,7 @@ async function checkPermissions(policies, req) {
|
|
|
27
27
|
const policyKeys = policyList
|
|
28
28
|
.map((p) => `${p.resource}:${p.operation}`)
|
|
29
29
|
.join(", ");
|
|
30
|
-
throw new utils_1.MedusaError(utils_1.MedusaError.Types.
|
|
30
|
+
throw new utils_1.MedusaError(utils_1.MedusaError.Types.FORBIDDEN, `Insufficient permissions. Required policies: ${policyKeys}`);
|
|
31
31
|
}
|
|
32
32
|
}
|
|
33
33
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"check-permissions.js","sourceRoot":"","sources":["../../../src/http/middlewares/check-permissions.ts"],"names":[],"mappings":";;AA8DA,sDAmBC;AAjFD,2CAA6C;AAC7C
|
|
1
|
+
{"version":3,"file":"check-permissions.js","sourceRoot":"","sources":["../../../src/http/middlewares/check-permissions.ts"],"names":[],"mappings":";;AA8DA,sDAmBC;AAjFD,2CAA6C;AAC7C,kEAA6D;AAa7D;;GAEG;AACH,KAAK,UAAU,gBAAgB,CAC7B,QAAuC,EACvC,GAA+B;IAE/B,8BAA8B;IAC9B,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAA;IAElE,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;QACvB,OAAM;IACR,CAAC;IAED,MAAM,WAAW,GAAG,GAAG,CAAC,YAAY,CAAA;IACpC,0CAA0C;IAC1C,MAAM,OAAO,GAAI,WAAW,EAAE,YAAY,EAAE,KAAkB,IAAI,EAAE,CAAA;IAEpE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QACpB,MAAM,IAAI,mBAAW,CAAC,mBAAW,CAAC,KAAK,CAAC,SAAS,EAAE,WAAW,CAAC,CAAA;IACjE,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,IAAA,8BAAa,EAAC;QACpC,KAAK,EAAE,OAAO;QACd,OAAO,EAAE,UAAU;QACnB,SAAS,EAAE,GAAG,CAAC,KAAK;KACrB,CAAC,CAAA;IAEF,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,UAAU,GAAG,UAAU;aAC1B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,SAAS,EAAE,CAAC;aAC1C,IAAI,CAAC,IAAI,CAAC,CAAA;QAEb,MAAM,IAAI,mBAAW,CACnB,mBAAW,CAAC,KAAK,CAAC,SAAS,EAC3B,gDAAgD,UAAU,EAAE,CAC7D,CAAA;IACH,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,qBAAqB,CACnC,OAA2B,EAC3B,QAAuC;IAEvC,OAAO,KAAK,EACV,GAA+B,EAC/B,GAAmB,EACnB,IAAwB,EACxB,EAAE;QACF,IAAI,CAAC;YACH,GAAG,CAAC,QAAQ,KAAK,EAAE,CAAA;YACnB,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAA;YAEvE,MAAM,gBAAgB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAA;YACrC,OAAO,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAA;QAChC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,KAAK,CAAC,CAAA;QACpB,CAAC;IACH,CAAC,CAAA;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"error-handler.d.ts","sourceRoot":"","sources":["../../../src/http/middlewares/error-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAA0B,MAAM,SAAS,CAAA;AAerE,wBAAgB,YAAY,
|
|
1
|
+
{"version":3,"file":"error-handler.d.ts","sourceRoot":"","sources":["../../../src/http/middlewares/error-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAA0B,MAAM,SAAS,CAAA;AAerE,wBAAgB,YAAY,IAuFV,mBAAmB,CACpC;AAED;;;;;;;;;;;;;;;;;GAiBG"}
|
|
@@ -39,6 +39,9 @@ function errorHandler() {
|
|
|
39
39
|
case utils_1.MedusaError.Types.UNAUTHORIZED:
|
|
40
40
|
statusCode = 401;
|
|
41
41
|
break;
|
|
42
|
+
case utils_1.MedusaError.Types.FORBIDDEN:
|
|
43
|
+
statusCode = 403;
|
|
44
|
+
break;
|
|
42
45
|
case utils_1.MedusaError.Types.PAYMENT_AUTHORIZATION_ERROR:
|
|
43
46
|
statusCode = 422;
|
|
44
47
|
break;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"error-handler.js","sourceRoot":"","sources":["../../../src/http/middlewares/error-handler.ts"],"names":[],"mappings":";;AAeA,
|
|
1
|
+
{"version":3,"file":"error-handler.js","sourceRoot":"","sources":["../../../src/http/middlewares/error-handler.ts"],"names":[],"mappings":";;AAeA,oCAwFC;AAtGD,+DAAmD;AAEnD,2CAAwE;AAExE,+DAAuD;AAEvD,MAAM,qBAAqB,GAAG,iCAAiC,CAAA;AAC/D,MAAM,mBAAmB,GAAG,gCAAgC,CAAA;AAC5D,MAAM,uBAAuB,GAAG,4BAA4B,CAAA;AAE5D,MAAM,SAAS,GAAG,WAAW,CAAA;AAC7B,MAAM,qBAAqB,GAAG,uBAAuB,CAAA;AACrD,MAAM,mBAAmB,GAAG,qBAAqB,CAAA;AAEjD,SAAgB,YAAY;IAC1B,OAAO,SAAS,gBAAgB,CAC9B,GAAgB,EAChB,GAAkB,EAClB,GAAa,EACb,CAAe;QAEf,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK;YACtB,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,iCAAyB,CAAC,MAAM,CAAC;YACrD,CAAC,CAAC,OAAO,CAAA;QAEX,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CACV,0EAA0E,CAC3E,CAAA;QACH,CAAC;QAED,GAAG,GAAG,IAAA,qCAAe,EAAC,GAAG,CAAC,CAAA;QAE1B,MAAM,SAAS,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,CAAA;QACtC,MAAM,MAAM,GAAG;YACb,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,OAAO,EAAE,GAAG,CAAC,OAAO;SACrB,CAAA;QAED,IAAI,UAAU,GAAG,GAAG,CAAA;QACpB,QAAQ,SAAS,EAAE,CAAC;YAClB,KAAK,qBAAqB,CAAC;YAC3B,KAAK,mBAAmB,CAAC;YACzB,KAAK,uBAAuB,CAAC;YAC7B,KAAK,mBAAW,CAAC,KAAK,CAAC,QAAQ;gBAC7B,UAAU,GAAG,GAAG,CAAA;gBAChB,MAAM,CAAC,IAAI,GAAG,mBAAmB,CAAA;gBACjC,MAAM,CAAC,OAAO;oBACZ,2GAA2G,CAAA;gBAC7G,MAAK;YACP,KAAK,mBAAW,CAAC,KAAK,CAAC,YAAY;gBACjC,UAAU,GAAG,GAAG,CAAA;gBAChB,MAAK;YACP,KAAK,mBAAW,CAAC,KAAK,CAAC,SAAS;gBAC9B,UAAU,GAAG,GAAG,CAAA;gBAChB,MAAK;YACP,KAAK,mBAAW,CAAC,KAAK,CAAC,2BAA2B;gBAChD,UAAU,GAAG,GAAG,CAAA;gBAChB,MAAK;YACP,KAAK,mBAAW,CAAC,KAAK,CAAC,eAAe;gBACpC,UAAU,GAAG,GAAG,CAAA;gBAChB,MAAM,CAAC,IAAI,GAAG,qBAAqB,CAAA;gBACnC,MAAK;YACP,KAAK,mBAAW,CAAC,KAAK,CAAC,WAAW,CAAC;YACnC,KAAK,mBAAW,CAAC,KAAK,CAAC,YAAY;gBACjC,UAAU,GAAG,GAAG,CAAA;gBAChB,MAAK;YACP,KAAK,mBAAW,CAAC,KAAK,CAAC,SAAS;gBAC9B,UAAU,GAAG,GAAG,CAAA;gBAChB,MAAK;YACP,KAAK,mBAAW,CAAC,KAAK,CAAC,QAAQ;gBAC7B,UAAU,GAAG,GAAG,CAAA;gBAChB,MAAM,CAAC,IAAI,GAAG,SAAS,CAAA;gBACvB,MAAK;YACP,KAAK,mBAAW,CAAC,KAAK,CAAC,gBAAgB,CAAC;YACxC,KAAK,mBAAW,CAAC,KAAK,CAAC,gBAAgB;gBACrC,MAAK;YACP;gBACE,MAAM,CAAC,IAAI,GAAG,eAAe,CAAA;gBAC7B,MAAM,CAAC,OAAO,GAAG,4BAA4B,CAAA;gBAC7C,MAAM,CAAC,IAAI,GAAG,eAAe,CAAA;gBAC7B,MAAK;QACT,CAAC;QAED,IAAI,UAAU,IAAI,GAAG,EAAE,CAAC;YACtB,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACnB,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAC1B,CAAC;QAED,IAAI,QAAQ,IAAI,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACjD,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,IAAA,mCAAY,EAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;YAC1E,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC;gBAC1B,IAAI,EAAE,mBAAW,CAAC,KAAK,CAAC,YAAY;gBACpC,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;aAC7B,CAAC,CAAA;YACF,OAAM;QACR,CAAC;QAED,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IACrC,CAAmC,CAAA;AACrC,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG"}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
import { ParsedFields } from "./index";
|
|
2
|
+
/**
|
|
3
|
+
* Handles parsing of field strings into structured field sets
|
|
4
|
+
* Supports various field modifiers:
|
|
5
|
+
* - `+field` or ` field`: Add to defaults
|
|
6
|
+
* - `-field`: Remove from defaults
|
|
7
|
+
* - `*field` or `field.*`: Select all properties of a relation
|
|
8
|
+
*/
|
|
9
|
+
export declare class FieldParser {
|
|
10
|
+
/**
|
|
11
|
+
* Parse field string and defaults into structured field sets
|
|
12
|
+
* @param fields - Comma-separated field string from query
|
|
13
|
+
* @param defaults - Default fields to include
|
|
14
|
+
* @returns ParsedFields with fields and starFields sets
|
|
15
|
+
*/
|
|
16
|
+
static parse(fields: string | undefined, defaults?: string[]): ParsedFields;
|
|
17
|
+
/**
|
|
18
|
+
* Determines if custom fields should replace defaults
|
|
19
|
+
* Fields replace defaults when any field doesn't have a modifier prefix
|
|
20
|
+
*/
|
|
21
|
+
private static shouldReplaceDefaults;
|
|
22
|
+
/**
|
|
23
|
+
* Apply field modifiers (+, -, etc) to the field set
|
|
24
|
+
*/
|
|
25
|
+
private static applyFieldModifiers;
|
|
26
|
+
/**
|
|
27
|
+
* Extract star fields (* prefix or .* suffix) from allFields into starFields set
|
|
28
|
+
* Star fields represent "select all properties" for a relation
|
|
29
|
+
*/
|
|
30
|
+
private static extractStarFields;
|
|
31
|
+
}
|
|
32
|
+
//# sourceMappingURL=field-parser.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"field-parser.d.ts","sourceRoot":"","sources":["../../../../src/http/utils/field-filtering/field-parser.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAEtC;;;;;;GAMG;AACH,qBAAa,WAAW;IACtB;;;;;OAKG;IACH,MAAM,CAAC,KAAK,CACV,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,QAAQ,GAAE,MAAM,EAAO,GACtB,YAAY;IAsBf;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,qBAAqB;IAepC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,mBAAmB;IAwBlC;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.FieldParser = void 0;
|
|
4
|
+
const utils_1 = require("@medusajs/utils");
|
|
5
|
+
/**
|
|
6
|
+
* Handles parsing of field strings into structured field sets
|
|
7
|
+
* Supports various field modifiers:
|
|
8
|
+
* - `+field` or ` field`: Add to defaults
|
|
9
|
+
* - `-field`: Remove from defaults
|
|
10
|
+
* - `*field` or `field.*`: Select all properties of a relation
|
|
11
|
+
*/
|
|
12
|
+
class FieldParser {
|
|
13
|
+
/**
|
|
14
|
+
* Parse field string and defaults into structured field sets
|
|
15
|
+
* @param fields - Comma-separated field string from query
|
|
16
|
+
* @param defaults - Default fields to include
|
|
17
|
+
* @returns ParsedFields with fields and starFields sets
|
|
18
|
+
*/
|
|
19
|
+
static parse(fields, defaults = []) {
|
|
20
|
+
const starFields = new Set();
|
|
21
|
+
let allFields = new Set(defaults);
|
|
22
|
+
if ((0, utils_1.isDefined)(fields)) {
|
|
23
|
+
const customFields = fields.split(",").filter(Boolean);
|
|
24
|
+
const shouldReplaceDefaultFields = this.shouldReplaceDefaults(customFields);
|
|
25
|
+
if (shouldReplaceDefaultFields) {
|
|
26
|
+
allFields = new Set(customFields.map((f) => f.replace(/^[+ -]/, "")));
|
|
27
|
+
}
|
|
28
|
+
else {
|
|
29
|
+
this.applyFieldModifiers(customFields, allFields);
|
|
30
|
+
}
|
|
31
|
+
allFields.add("id");
|
|
32
|
+
}
|
|
33
|
+
this.extractStarFields(allFields, starFields);
|
|
34
|
+
return { fields: allFields, starFields };
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* Determines if custom fields should replace defaults
|
|
38
|
+
* Fields replace defaults when any field doesn't have a modifier prefix
|
|
39
|
+
*/
|
|
40
|
+
static shouldReplaceDefaults(customFields) {
|
|
41
|
+
return (!customFields.length ||
|
|
42
|
+
customFields.some((field) => {
|
|
43
|
+
return !(field.startsWith("-") ||
|
|
44
|
+
field.startsWith("+") ||
|
|
45
|
+
field.startsWith(" ") ||
|
|
46
|
+
field.startsWith("*") ||
|
|
47
|
+
field.endsWith(".*"));
|
|
48
|
+
}));
|
|
49
|
+
}
|
|
50
|
+
/**
|
|
51
|
+
* Apply field modifiers (+, -, etc) to the field set
|
|
52
|
+
*/
|
|
53
|
+
static applyFieldModifiers(customFields, allFields) {
|
|
54
|
+
customFields.forEach((field) => {
|
|
55
|
+
if (field.startsWith("+") || field.startsWith(" ")) {
|
|
56
|
+
allFields.add(field.trim().replace(/^\+/, ""));
|
|
57
|
+
}
|
|
58
|
+
else if (field.startsWith("-")) {
|
|
59
|
+
const fieldName = field.replace(/^-/, "");
|
|
60
|
+
for (const reqField of allFields) {
|
|
61
|
+
const reqFieldName = reqField.replace(/^\*/, "");
|
|
62
|
+
if (reqFieldName === fieldName ||
|
|
63
|
+
reqFieldName.startsWith(fieldName + ".")) {
|
|
64
|
+
allFields.delete(reqField);
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
else {
|
|
69
|
+
allFields.add(field);
|
|
70
|
+
}
|
|
71
|
+
});
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Extract star fields (* prefix or .* suffix) from allFields into starFields set
|
|
75
|
+
* Star fields represent "select all properties" for a relation
|
|
76
|
+
*/
|
|
77
|
+
static extractStarFields(allFields, starFields) {
|
|
78
|
+
allFields.forEach((field) => {
|
|
79
|
+
if (field.startsWith("*") || field.endsWith(".*")) {
|
|
80
|
+
starFields.add(field.replace(/(^\*|\.\*$)/, ""));
|
|
81
|
+
allFields.delete(field);
|
|
82
|
+
}
|
|
83
|
+
});
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
exports.FieldParser = FieldParser;
|
|
87
|
+
//# sourceMappingURL=field-parser.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"field-parser.js","sourceRoot":"","sources":["../../../../src/http/utils/field-filtering/field-parser.ts"],"names":[],"mappings":";;;AAAA,2CAA2C;AAG3C;;;;;;GAMG;AACH,MAAa,WAAW;IACtB;;;;;OAKG;IACH,MAAM,CAAC,KAAK,CACV,MAA0B,EAC1B,WAAqB,EAAE;QAEvB,MAAM,UAAU,GAAgB,IAAI,GAAG,EAAE,CAAA;QACzC,IAAI,SAAS,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAgB,CAAA;QAEhD,IAAI,IAAA,iBAAS,EAAC,MAAM,CAAC,EAAE,CAAC;YACtB,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;YACtD,MAAM,0BAA0B,GAAG,IAAI,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAA;YAE3E,IAAI,0BAA0B,EAAE,CAAC;gBAC/B,SAAS,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC,CAAA;YACvE,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,mBAAmB,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;YACnD,CAAC;YAED,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QACrB,CAAC;QAED,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAA;QAE7C,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,CAAA;IAC1C,CAAC;IAED;;;OAGG;IACK,MAAM,CAAC,qBAAqB,CAAC,YAAsB;QACzD,OAAO,CACL,CAAC,YAAY,CAAC,MAAM;YACpB,YAAY,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;gBAC1B,OAAO,CAAC,CACN,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;oBACrB,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;oBACrB,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;oBACrB,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;oBACrB,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CACrB,CAAA;YACH,CAAC,CAAC,CACH,CAAA;IACH,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,mBAAmB,CAChC,YAAsB,EACtB,SAAsB;QAEtB,YAAY,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YAC7B,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnD,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAA;YAChD,CAAC;iBAAM,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjC,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;gBACzC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;oBACjC,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;oBAChD,IACE,YAAY,KAAK,SAAS;wBAC1B,YAAY,CAAC,UAAU,CAAC,SAAS,GAAG,GAAG,CAAC,EACxC,CAAC;wBACD,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;oBAC5B,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;YACtB,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;IAED;;;OAGG;IACK,MAAM,CAAC,iBAAiB,CAC9B,SAAsB,EACtB,UAAuB;QAEvB,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YAC1B,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClD,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,CAAA;gBAChD,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;YACzB,CAAC;QACH,CAAC,CAAC,CAAA;IACJ,CAAC;CACF;AA7FD,kCA6FC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import { FieldFilterContext, IFieldFilter } from "./index";
|
|
2
|
+
/**
|
|
3
|
+
* Filter that only allows explicitly specified fields
|
|
4
|
+
* Fields not in the allowed list are returned as not allowed
|
|
5
|
+
*/
|
|
6
|
+
export declare class AllowedFieldFilter implements IFieldFilter {
|
|
7
|
+
private allowed;
|
|
8
|
+
constructor({ allowed }: {
|
|
9
|
+
allowed: string[];
|
|
10
|
+
});
|
|
11
|
+
getNotAllowedFields(context: FieldFilterContext): string[];
|
|
12
|
+
}
|
|
13
|
+
/**
|
|
14
|
+
* Filter that restricts specific fields
|
|
15
|
+
* Fields containing any restricted segment are returned as not allowed
|
|
16
|
+
*/
|
|
17
|
+
export declare class RestrictedFieldFilter implements IFieldFilter {
|
|
18
|
+
private restricted;
|
|
19
|
+
constructor({ restricted }: {
|
|
20
|
+
restricted: string[];
|
|
21
|
+
});
|
|
22
|
+
getNotAllowedFields(context: FieldFilterContext): string[];
|
|
23
|
+
}
|
|
24
|
+
//# sourceMappingURL=field-validator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"field-validator.d.ts","sourceRoot":"","sources":["../../../../src/http/utils/field-filtering/field-validator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAE1D;;;GAGG;AACH,qBAAa,kBAAmB,YAAW,YAAY;IACrD,OAAO,CAAC,OAAO,CAAU;gBAEb,EAAE,OAAO,EAAE,EAAE;QAAE,OAAO,EAAE,MAAM,EAAE,CAAA;KAAE;IAI9C,mBAAmB,CAAC,OAAO,EAAE,kBAAkB,GAAG,MAAM,EAAE;CAmC3D;AAED;;;GAGG;AACH,qBAAa,qBAAsB,YAAW,YAAY;IACxD,OAAO,CAAC,UAAU,CAAU;gBAEhB,EAAE,UAAU,EAAE,EAAE;QAAE,UAAU,EAAE,MAAM,EAAE,CAAA;KAAE;IAIpD,mBAAmB,CAAC,OAAO,EAAE,kBAAkB,GAAG,MAAM,EAAE;CAqB3D"}
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.RestrictedFieldFilter = exports.AllowedFieldFilter = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* Filter that only allows explicitly specified fields
|
|
6
|
+
* Fields not in the allowed list are returned as not allowed
|
|
7
|
+
*/
|
|
8
|
+
class AllowedFieldFilter {
|
|
9
|
+
constructor({ allowed }) {
|
|
10
|
+
this.allowed = allowed;
|
|
11
|
+
}
|
|
12
|
+
getNotAllowedFields(context) {
|
|
13
|
+
const { parsedFields } = context;
|
|
14
|
+
const { fields, starFields } = parsedFields;
|
|
15
|
+
const fieldsToCheck = [...fields, ...Array.from(starFields)];
|
|
16
|
+
const notAllowedFields = [];
|
|
17
|
+
fieldsToCheck.forEach((field) => {
|
|
18
|
+
const hasAllowedField = this.allowed.includes(field);
|
|
19
|
+
if (hasAllowedField) {
|
|
20
|
+
return;
|
|
21
|
+
}
|
|
22
|
+
// Select full relation - must match an allowed field fully
|
|
23
|
+
// e.g product.variants must have product.variants in allowedFields
|
|
24
|
+
if (starFields.has(field)) {
|
|
25
|
+
if (hasAllowedField) {
|
|
26
|
+
return;
|
|
27
|
+
}
|
|
28
|
+
notAllowedFields.push(field);
|
|
29
|
+
return;
|
|
30
|
+
}
|
|
31
|
+
const fieldStartsWithAllowedField = this.allowed.some((allowedField) => field.startsWith(allowedField));
|
|
32
|
+
if (!fieldStartsWithAllowedField) {
|
|
33
|
+
notAllowedFields.push(field);
|
|
34
|
+
return;
|
|
35
|
+
}
|
|
36
|
+
});
|
|
37
|
+
return notAllowedFields;
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
exports.AllowedFieldFilter = AllowedFieldFilter;
|
|
41
|
+
/**
|
|
42
|
+
* Filter that restricts specific fields
|
|
43
|
+
* Fields containing any restricted segment are returned as not allowed
|
|
44
|
+
*/
|
|
45
|
+
class RestrictedFieldFilter {
|
|
46
|
+
constructor({ restricted }) {
|
|
47
|
+
this.restricted = restricted;
|
|
48
|
+
}
|
|
49
|
+
getNotAllowedFields(context) {
|
|
50
|
+
const { parsedFields } = context;
|
|
51
|
+
const { fields, starFields } = parsedFields;
|
|
52
|
+
const fieldsToCheck = [...fields, ...Array.from(starFields)];
|
|
53
|
+
const notAllowedFields = [];
|
|
54
|
+
fieldsToCheck.forEach((field) => {
|
|
55
|
+
const fieldSegments = field.split(".");
|
|
56
|
+
const hasRestrictedField = this.restricted.some((restrictedField) => fieldSegments.includes(restrictedField));
|
|
57
|
+
if (hasRestrictedField) {
|
|
58
|
+
notAllowedFields.push(field);
|
|
59
|
+
return;
|
|
60
|
+
}
|
|
61
|
+
return;
|
|
62
|
+
});
|
|
63
|
+
return notAllowedFields;
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
exports.RestrictedFieldFilter = RestrictedFieldFilter;
|
|
67
|
+
//# sourceMappingURL=field-validator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"field-validator.js","sourceRoot":"","sources":["../../../../src/http/utils/field-filtering/field-validator.ts"],"names":[],"mappings":";;;AAEA;;;GAGG;AACH,MAAa,kBAAkB;IAG7B,YAAY,EAAE,OAAO,EAAyB;QAC5C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;IACxB,CAAC;IAED,mBAAmB,CAAC,OAA2B;QAC7C,MAAM,EAAE,YAAY,EAAE,GAAG,OAAO,CAAA;QAChC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,YAAY,CAAA;QAC3C,MAAM,aAAa,GAAG,CAAC,GAAG,MAAM,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAA;QAC5D,MAAM,gBAAgB,GAAa,EAAE,CAAA;QAErC,aAAa,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YAC9B,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;YAEpD,IAAI,eAAe,EAAE,CAAC;gBACpB,OAAM;YACR,CAAC;YAED,2DAA2D;YAC3D,mEAAmE;YACnE,IAAI,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC1B,IAAI,eAAe,EAAE,CAAC;oBACpB,OAAM;gBACR,CAAC;gBACD,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;gBAC5B,OAAM;YACR,CAAC;YAED,MAAM,2BAA2B,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE,CACrE,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC,CAC/B,CAAA;YAED,IAAI,CAAC,2BAA2B,EAAE,CAAC;gBACjC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;gBAC5B,OAAM;YACR,CAAC;QACH,CAAC,CAAC,CAAA;QAEF,OAAO,gBAAgB,CAAA;IACzB,CAAC;CACF;AA1CD,gDA0CC;AAED;;;GAGG;AACH,MAAa,qBAAqB;IAGhC,YAAY,EAAE,UAAU,EAA4B;QAClD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;IAC9B,CAAC;IAED,mBAAmB,CAAC,OAA2B;QAC7C,MAAM,EAAE,YAAY,EAAE,GAAG,OAAO,CAAA;QAChC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,YAAY,CAAA;QAC3C,MAAM,aAAa,GAAG,CAAC,GAAG,MAAM,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAA;QAC5D,MAAM,gBAAgB,GAAa,EAAE,CAAA;QAErC,aAAa,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YAC9B,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YACtC,MAAM,kBAAkB,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,eAAe,EAAE,EAAE,CAClE,aAAa,CAAC,QAAQ,CAAC,eAAe,CAAC,CACxC,CAAA;YACD,IAAI,kBAAkB,EAAE,CAAC;gBACvB,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;gBAC5B,OAAM;YACR,CAAC;YAED,OAAM;QACR,CAAC,CAAC,CAAA;QAEF,OAAO,gBAAgB,CAAA;IACzB,CAAC;CACF;AA5BD,sDA4BC"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Parsed fields structure after processing field strings
|
|
3
|
+
*/
|
|
4
|
+
export interface ParsedFields {
|
|
5
|
+
/** Regular fields to select */
|
|
6
|
+
fields: Set<string>;
|
|
7
|
+
/** Star fields representing full relation selections (e.g., *product.variants) */
|
|
8
|
+
starFields: Set<string>;
|
|
9
|
+
}
|
|
10
|
+
/**
|
|
11
|
+
* Context passed to field filters for determining access
|
|
12
|
+
*/
|
|
13
|
+
export interface FieldFilterContext {
|
|
14
|
+
/** The main entity being queried (e.g., "product", "order") */
|
|
15
|
+
entity: string;
|
|
16
|
+
/** Parsed fields to filter */
|
|
17
|
+
parsedFields: ParsedFields;
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* Interface for field filters following the Strategy pattern
|
|
21
|
+
* Allows adding new field filtering logic without modifying prepareListQuery
|
|
22
|
+
*/
|
|
23
|
+
export interface IFieldFilter {
|
|
24
|
+
/**
|
|
25
|
+
* Returns fields that should be excluded from the query
|
|
26
|
+
* @param context - The filter context containing entity and parsed fields
|
|
27
|
+
* @returns Array of field names that are not allowed
|
|
28
|
+
*/
|
|
29
|
+
getNotAllowedFields(context: FieldFilterContext): Promise<string[]> | string[];
|
|
30
|
+
}
|
|
31
|
+
export { FieldParser } from "./field-parser";
|
|
32
|
+
export { AllowedFieldFilter, RestrictedFieldFilter } from "./field-validator";
|
|
33
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/http/utils/field-filtering/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,+BAA+B;IAC/B,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;IACnB,kFAAkF;IAClF,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,+DAA+D;IAC/D,MAAM,EAAE,MAAM,CAAA;IACd,8BAA8B;IAC9B,YAAY,EAAE,YAAY,CAAA;CAC3B;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B;;;;OAIG;IACH,mBAAmB,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,GAAG,MAAM,EAAE,CAAA;CAC/E;AAED,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAA;AAC5C,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAA"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.RestrictedFieldFilter = exports.AllowedFieldFilter = exports.FieldParser = void 0;
|
|
4
|
+
var field_parser_1 = require("./field-parser");
|
|
5
|
+
Object.defineProperty(exports, "FieldParser", { enumerable: true, get: function () { return field_parser_1.FieldParser; } });
|
|
6
|
+
var field_validator_1 = require("./field-validator");
|
|
7
|
+
Object.defineProperty(exports, "AllowedFieldFilter", { enumerable: true, get: function () { return field_validator_1.AllowedFieldFilter; } });
|
|
8
|
+
Object.defineProperty(exports, "RestrictedFieldFilter", { enumerable: true, get: function () { return field_validator_1.RestrictedFieldFilter; } });
|
|
9
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/http/utils/field-filtering/index.ts"],"names":[],"mappings":";;;AAiCA,+CAA4C;AAAnC,2GAAA,WAAW,OAAA;AACpB,qDAA6E;AAApE,qHAAA,kBAAkB,OAAA;AAAE,wHAAA,qBAAqB,OAAA"}
|
|
@@ -1,8 +1,13 @@
|
|
|
1
1
|
import { FindConfig, QueryConfig, RequestQueryFields } from "@medusajs/types";
|
|
2
|
+
import { PolicyDefinition } from "@medusajs/utils";
|
|
3
|
+
import { AuthContext, MedusaRequest } from "../types";
|
|
2
4
|
export declare function pickByConfig<TModel>(obj: TModel | TModel[], config: FindConfig<TModel>): Partial<TModel> | Partial<TModel>[];
|
|
3
5
|
export declare function prepareListQuery<T extends RequestQueryFields, TEntity>(validated: T, queryConfig?: QueryConfig<TEntity> & {
|
|
4
6
|
restricted?: string[];
|
|
5
|
-
}
|
|
7
|
+
}, req?: MedusaRequest & {
|
|
8
|
+
policies?: PolicyDefinition[];
|
|
9
|
+
auth_context?: AuthContext;
|
|
10
|
+
}): Promise<{
|
|
6
11
|
listConfig: {
|
|
7
12
|
select: string[] | undefined;
|
|
8
13
|
relations: string[];
|
|
@@ -12,6 +17,7 @@ export declare function prepareListQuery<T extends RequestQueryFields, TEntity>(
|
|
|
12
17
|
withDeleted: boolean | undefined;
|
|
13
18
|
};
|
|
14
19
|
remoteQueryConfig: {
|
|
20
|
+
entity: string | TEntity | undefined;
|
|
15
21
|
fields: string[];
|
|
16
22
|
pagination: {
|
|
17
23
|
skip: number;
|
|
@@ -24,10 +30,13 @@ export declare function prepareListQuery<T extends RequestQueryFields, TEntity>(
|
|
|
24
30
|
};
|
|
25
31
|
withDeleted: boolean | undefined;
|
|
26
32
|
};
|
|
27
|
-
}
|
|
33
|
+
}>;
|
|
28
34
|
export declare function prepareRetrieveQuery<T extends RequestQueryFields, TEntity>(validated: T, queryConfig?: QueryConfig<TEntity> & {
|
|
29
35
|
restricted?: string[];
|
|
30
|
-
}
|
|
36
|
+
}, req?: MedusaRequest & {
|
|
37
|
+
policies?: PolicyDefinition[];
|
|
38
|
+
auth_context?: AuthContext;
|
|
39
|
+
}): Promise<{
|
|
31
40
|
retrieveConfig: {
|
|
32
41
|
select: string[] | undefined;
|
|
33
42
|
relations: string[];
|
|
@@ -37,5 +46,5 @@ export declare function prepareRetrieveQuery<T extends RequestQueryFields, TEnti
|
|
|
37
46
|
pagination: {};
|
|
38
47
|
withDeleted: boolean | undefined;
|
|
39
48
|
};
|
|
40
|
-
}
|
|
49
|
+
}>;
|
|
41
50
|
//# sourceMappingURL=get-query-config.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-query-config.d.ts","sourceRoot":"","sources":["../../../src/http/utils/get-query-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;
|
|
1
|
+
{"version":3,"file":"get-query-config.d.ts","sourceRoot":"","sources":["../../../src/http/utils/get-query-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA;AAC7E,OAAO,EAOL,gBAAgB,EAGjB,MAAM,iBAAiB,CAAA;AACxB,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AASrD,wBAAgB,YAAY,CAAC,MAAM,EACjC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,EACtB,MAAM,EAAE,UAAU,CAAC,MAAM,CAAC,GACzB,OAAO,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAWrC;AAED,wBAAsB,gBAAgB,CAAC,CAAC,SAAS,kBAAkB,EAAE,OAAO,EAC1E,SAAS,EAAE,CAAC,EACZ,WAAW,GAAE,WAAW,CAAC,OAAO,CAAC,GAAG;IAAE,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;CAAO,EAClE,GAAG,CAAC,EAAE,aAAa,GAAG;IACpB,QAAQ,CAAC,EAAE,gBAAgB,EAAE,CAAA;IAC7B,YAAY,CAAC,EAAE,WAAW,CAAA;CAC3B;;;;;;;;;;;;;;;;;;;;;;;GA8GF;AAED,wBAAsB,oBAAoB,CACxC,CAAC,SAAS,kBAAkB,EAC5B,OAAO,EAEP,SAAS,EAAE,CAAC,EACZ,WAAW,CAAC,EAAE,WAAW,CAAC,OAAO,CAAC,GAAG;IAAE,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;CAAE,EAC9D,GAAG,CAAC,EAAE,aAAa,GAAG;IACpB,QAAQ,CAAC,EAAE,gBAAgB,EAAE,CAAA;IAC7B,YAAY,CAAC,EAAE,WAAW,CAAA;CAC3B;;;;;;;;;;GAmBF"}
|
|
@@ -4,6 +4,8 @@ exports.pickByConfig = pickByConfig;
|
|
|
4
4
|
exports.prepareListQuery = prepareListQuery;
|
|
5
5
|
exports.prepareRetrieveQuery = prepareRetrieveQuery;
|
|
6
6
|
const utils_1 = require("@medusajs/utils");
|
|
7
|
+
const field_filtering_1 = require("./field-filtering");
|
|
8
|
+
const rbac_field_filter_1 = require("./policies/rbac-field-filter");
|
|
7
9
|
function pickByConfig(obj, config) {
|
|
8
10
|
const fields = [...(config.select ?? []), ...(config.relations ?? [])];
|
|
9
11
|
if (fields.length) {
|
|
@@ -16,111 +18,33 @@ function pickByConfig(obj, config) {
|
|
|
16
18
|
}
|
|
17
19
|
return obj;
|
|
18
20
|
}
|
|
19
|
-
function
|
|
20
|
-
|
|
21
|
-
fields.forEach((field) => {
|
|
22
|
-
const fieldSegments = field.split(".");
|
|
23
|
-
const hasRestrictedField = restricted.some((restrictedField) => fieldSegments.includes(restrictedField));
|
|
24
|
-
if (hasRestrictedField) {
|
|
25
|
-
notAllowedFields.push(field);
|
|
26
|
-
return;
|
|
27
|
-
}
|
|
28
|
-
return;
|
|
29
|
-
});
|
|
30
|
-
return notAllowedFields;
|
|
31
|
-
}
|
|
32
|
-
function checkAllowedFields({ fields, allowed, starFields, }) {
|
|
33
|
-
const notAllowedFields = [];
|
|
34
|
-
fields.forEach((field) => {
|
|
35
|
-
const hasAllowedField = allowed.includes(field);
|
|
36
|
-
if (hasAllowedField) {
|
|
37
|
-
return;
|
|
38
|
-
}
|
|
39
|
-
// Select full relation in that case it must match an allowed field fully
|
|
40
|
-
// e.g product.variants in that case we must have a product.variants in the allowedFields
|
|
41
|
-
if (starFields.has(field)) {
|
|
42
|
-
if (hasAllowedField) {
|
|
43
|
-
return;
|
|
44
|
-
}
|
|
45
|
-
notAllowedFields.push(field);
|
|
46
|
-
return;
|
|
47
|
-
}
|
|
48
|
-
const fieldStartsWithAllowedField = allowed.some((allowedField) => field.startsWith(allowedField));
|
|
49
|
-
if (!fieldStartsWithAllowedField) {
|
|
50
|
-
notAllowedFields.push(field);
|
|
51
|
-
return;
|
|
52
|
-
}
|
|
53
|
-
});
|
|
54
|
-
return notAllowedFields;
|
|
55
|
-
}
|
|
56
|
-
function prepareListQuery(validated, queryConfig = {}) {
|
|
57
|
-
let { allowed = [], restricted = [], defaults = [], defaultLimit = 50, isList, } = queryConfig;
|
|
21
|
+
async function prepareListQuery(validated, queryConfig = {}, req) {
|
|
22
|
+
let { allowed = [], restricted = [], defaults = [], defaultLimit = 50, isList, entity, } = queryConfig;
|
|
58
23
|
const { order, fields, limit = defaultLimit, offset = 0, with_deleted, } = validated;
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
const
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
field.startsWith("+") ||
|
|
70
|
-
field.startsWith(" ") ||
|
|
71
|
-
field.startsWith("*") ||
|
|
72
|
-
field.endsWith(".*"));
|
|
73
|
-
});
|
|
74
|
-
if (shouldReplaceDefaultFields) {
|
|
75
|
-
allFields = new Set(customFields.map((f) => f.replace(/^[+ -]/, "")));
|
|
76
|
-
}
|
|
77
|
-
else {
|
|
78
|
-
customFields.forEach((field) => {
|
|
79
|
-
if (field.startsWith("+") || field.startsWith(" ")) {
|
|
80
|
-
allFields.add(field.trim().replace(/^\+/, ""));
|
|
81
|
-
}
|
|
82
|
-
else if (field.startsWith("-")) {
|
|
83
|
-
const fieldName = field.replace(/^-/, "");
|
|
84
|
-
for (const reqField of allFields) {
|
|
85
|
-
const reqFieldName = reqField.replace(/^\*/, "");
|
|
86
|
-
if (reqFieldName === fieldName ||
|
|
87
|
-
reqFieldName.startsWith(fieldName + ".")) {
|
|
88
|
-
allFields.delete(reqField);
|
|
89
|
-
}
|
|
90
|
-
}
|
|
91
|
-
}
|
|
92
|
-
else {
|
|
93
|
-
allFields.add(field);
|
|
94
|
-
}
|
|
95
|
-
});
|
|
96
|
-
}
|
|
97
|
-
allFields.add("id");
|
|
24
|
+
const parsedFields = field_filtering_1.FieldParser.parse(fields, defaults);
|
|
25
|
+
const { fields: allFields, starFields } = parsedFields;
|
|
26
|
+
const rbacFilterFieldsFeatureFlag = utils_1.FeatureFlag.isFeatureEnabled("rbac_filter_fields");
|
|
27
|
+
const filters = [];
|
|
28
|
+
if (req?.policies && entity && rbacFilterFieldsFeatureFlag) {
|
|
29
|
+
filters.push(new rbac_field_filter_1.RBACFieldFilter({
|
|
30
|
+
policies: req.policies,
|
|
31
|
+
userRoles: req.auth_context?.app_metadata?.roles || [],
|
|
32
|
+
container: req.scope,
|
|
33
|
+
}));
|
|
98
34
|
}
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
starFields.add(field.replace(/(^\*|\.\*$)/, ""));
|
|
102
|
-
allFields.delete(field);
|
|
103
|
-
}
|
|
104
|
-
});
|
|
105
|
-
let notAllowedFields = [];
|
|
106
|
-
if (allowed.length || restricted.length) {
|
|
107
|
-
const fieldsToCheck = [...allFields, ...Array.from(starFields)];
|
|
108
|
-
if (allowed.length) {
|
|
109
|
-
notAllowedFields = checkAllowedFields({
|
|
110
|
-
fields: fieldsToCheck,
|
|
111
|
-
starFields,
|
|
112
|
-
allowed,
|
|
113
|
-
});
|
|
114
|
-
}
|
|
115
|
-
else if (restricted.length) {
|
|
116
|
-
notAllowedFields = checkRestrictedFields({
|
|
117
|
-
fields: fieldsToCheck,
|
|
118
|
-
restricted,
|
|
119
|
-
});
|
|
120
|
-
}
|
|
35
|
+
if (allowed.length) {
|
|
36
|
+
filters.push(new field_filtering_1.AllowedFieldFilter({ allowed }));
|
|
121
37
|
}
|
|
122
|
-
if (
|
|
123
|
-
|
|
38
|
+
else if (restricted.length) {
|
|
39
|
+
filters.push(new field_filtering_1.RestrictedFieldFilter({ restricted }));
|
|
40
|
+
}
|
|
41
|
+
const notAllowedArrays = await (0, utils_1.promiseAll)(filters.map((f) => f.getNotAllowedFields({ entity: entity, parsedFields })));
|
|
42
|
+
const notAllowedFields = [...new Set(notAllowedArrays.flat())];
|
|
43
|
+
if (notAllowedFields.length && rbacFilterFieldsFeatureFlag) {
|
|
44
|
+
notAllowedFields.forEach((field) => {
|
|
45
|
+
allFields.delete(field);
|
|
46
|
+
starFields.delete(field);
|
|
47
|
+
});
|
|
124
48
|
}
|
|
125
49
|
// TODO: maintain backward compatibility, remove in the future
|
|
126
50
|
const { select, relations } = (0, utils_1.stringToSelectRelationObject)(Array.from(allFields));
|
|
@@ -151,6 +75,7 @@ function prepareListQuery(validated, queryConfig = {}) {
|
|
|
151
75
|
withDeleted: with_deleted,
|
|
152
76
|
},
|
|
153
77
|
remoteQueryConfig: {
|
|
78
|
+
entity,
|
|
154
79
|
// Add starFields that are relations only on which we want all properties with a dedicated format to the remote query
|
|
155
80
|
fields: [
|
|
156
81
|
...Array.from(allFields),
|
|
@@ -167,8 +92,8 @@ function prepareListQuery(validated, queryConfig = {}) {
|
|
|
167
92
|
},
|
|
168
93
|
};
|
|
169
94
|
}
|
|
170
|
-
function prepareRetrieveQuery(validated, queryConfig) {
|
|
171
|
-
const { listConfig, remoteQueryConfig } = prepareListQuery(validated, queryConfig);
|
|
95
|
+
async function prepareRetrieveQuery(validated, queryConfig, req) {
|
|
96
|
+
const { listConfig, remoteQueryConfig } = await prepareListQuery(validated, queryConfig, req);
|
|
172
97
|
return {
|
|
173
98
|
retrieveConfig: {
|
|
174
99
|
select: listConfig.select,
|