@mongoosejs/studio 0.0.89 → 0.0.91

package/astra.js

@@ -154,6 +154,6 @@ void async function main() {
 # Astra Notes
 
 1. Must use collections. Tables don't support `countDocuments()` or `estimatedDocumentCount()`.
-2. Annoying issue: collections don't let you store keys that start with '$'. Ended up creating separate connection to store ChatMessages in MongoDB.
-3. `countDocuments()` with filter erroring out with more than 1000 documents is problematic, e.g. https://studio-astra-demo.netlify.app/imdb/#/?search={genres:'Drama'} fails
+2. Collections don't let you store keys that start with '$', which is problematic for `$chart`. Ended up creating separate connection to store ChatMessages in MongoDB.
+3. `countDocuments()` with filter erroring out with more than 1000 documents caused trouble. Worked around it by converting `countDocuments()` to `find()` using Mongoose middleware.
 */

package/backend/actions/ChatMessage/executeScript.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const Archetype = require('archetype');
+const authorize = require('../../authorize');
 const mongoose = require('mongoose');
 const vm = require('vm');
 
@@ -12,7 +13,10 @@ const ExecuteScriptParams = new Archetype({
     $type: mongoose.Types.ObjectId
   },
   script: {
-    $type: String
+    $type: 'string'
+  },
+  roles: {
+    $type: ['string']
   }
 }).compile('ExecuteScriptParams');
 
@@ -20,6 +24,8 @@ module.exports = ({ db, studioConnection }) => async function executeScript(para
   const { userId, chatMessageId, script } = new ExecuteScriptParams(params);
   const ChatMessage = studioConnection.model('__Studio_ChatMessage');
 
+  await authorize('ChatMessage.executeScript', roles);
+
   const chatMessage = await ChatMessage.findById(chatMessageId);
   if (!chatMessage) {
     throw new Error('Chat message not found');

package/backend/actions/ChatThread/createChatMessage.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const Archetype = require('archetype');
+const authorize = require('../../authorize');
 const getModelDescriptions = require('../../helpers/getModelDescriptions');
 const mongoose = require('mongoose');
 
@@ -17,6 +18,9 @@ const CreateChatMessageParams = new Archetype({
   authorization: {
     $type: 'string',
     $required: true
+  },
+  roles: {
+    $type: ['string'],
   }
 }).compile('CreateChatMessageParams');
 
@@ -56,10 +60,12 @@ Here is a description of the user's models. Assume these are the only models ava
 `.trim();
 
 module.exports = ({ db, studioConnection, options }) => async function createChatMessage(params) {
-  const { chatThreadId, userId, content, script, authorization } = new CreateChatMessageParams(params);
+  const { chatThreadId, userId, content, script, authorization, roles } = new CreateChatMessageParams(params);
   const ChatThread = studioConnection.model('__Studio_ChatThread');
   const ChatMessage = studioConnection.model('__Studio_ChatMessage');
 
+  await authorize('ChatThread.createChatMessage', roles);
+
   // Check that the user owns the thread
   const chatThread = await ChatThread.findOne({ _id: chatThreadId });
   if (!chatThread) {

package/backend/actions/ChatThread/createChatThread.js

@@ -1,11 +1,15 @@
 'use strict';
 
 const Archetype = require('archetype');
+const authorize = require('../../authorize');
 const mongoose = require('mongoose');
 
 const CreateChatThreadParams = new Archetype({
   userId: {
     $type: mongoose.Types.ObjectId
+  },
+  roles: {
+    $type: ['string'],
   }
 }).compile('CreateChatThreadParams');
 
@@ -13,6 +17,8 @@ module.exports = ({ studioConnection }) => async function createChatThread(param
   const { userId } = new CreateChatThreadParams(params);
   const ChatThread = studioConnection.model('__Studio_ChatThread');
 
+  await authorize('ChatThread.createChatThread', roles);
+
   const chatThread = await ChatThread.create({ userId });
 
   return { chatThread };

package/backend/actions/ChatThread/getChatThread.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const Archetype = require('archetype');
+const authorize = require('../../authorize');
 const mongoose = require('mongoose');
 
 const GetChatThreadParams = new Archetype({
@@ -9,14 +10,19 @@ const GetChatThreadParams = new Archetype({
   },
   userId: {
     $type: mongoose.Types.ObjectId
+  },
+  roles: {
+    $type: ['string']
   }
 }).compile('GetChatThreadParams');
 
 module.exports = ({ db, studioConnection }) => async function getChatThread(params) {
-  const { chatThreadId, userId } = new GetChatThreadParams(params);
+  const { chatThreadId, userId, roles } = new GetChatThreadParams(params);
   const ChatThread = studioConnection.model('__Studio_ChatThread');
   const ChatMessage = studioConnection.model('__Studio_ChatMessage');
 
+  await authorize('ChatThread.getChatThread', roles);
+
   const chatThread = await ChatThread.findById(chatThreadId);
 
   if (!chatThread) {

package/backend/actions/ChatThread/listChatThreads.js

@@ -1,19 +1,25 @@
 'use strict';
 
 const Archetype = require('archetype');
+const authorize = require('../../authorize');
 const mongoose = require('mongoose');
 
 const ListChatThreadsParams = new Archetype({
   userId: {
     $type: mongoose.Types.ObjectId
+  },
+  roles: {
+    $type: ['string']
   }
 }).compile('ListChatThreadsParams');
 
 module.exports = ({ db, studioConnection }) => async function listChatThreads(params) {
-  // Just validate the params object, but no actual parameters needed
-  const { userId } = new ListChatThreadsParams(params);
+  // Validate the params object
+  const { userId, roles } = new ListChatThreadsParams(params);
   const ChatThread = studioConnection.model('__Studio_ChatThread');
 
+  await authorize('ChatThread.listChatThreads', roles);
+
   // Get all chat threads
   const chatThreads = await ChatThread.find(userId ? { userId } : {})
     .sort({ updatedAt: -1 }); // Sort by most recently updated

package/backend/actions/Dashboard/createDashboard.js

@@ -1,5 +1,7 @@
 'use strict';
+
 const Archetype = require('archetype');
+const authorize = require('../../authorize');
 
 const CreateDashboardParams = new Archetype({
   title: {
@@ -9,14 +11,19 @@ const CreateDashboardParams = new Archetype({
   code: {
     $type: 'string',
     $required: true
+  },
+  roles: {
+    $type: ['string']
   }
 }).compile('CreateDashboardParams');
 
 module.exports = ({ db }) => async function createDashboard(params) {
-  const { title, code } = new CreateDashboardParams(params);
+  const { title, code, roles } = new CreateDashboardParams(params);
   const Dashboard = db.model('__Studio_Dashboard');
 
+  await authorize('Dashboard.createDashboard', roles);
+
   const dashboard = await Dashboard.create({ title, code });
 
   return { dashboard };
-};
+};

package/backend/actions/Dashboard/deleteDashboard.js

@@ -1,19 +1,24 @@
 'use strict';
 
 const Archetype = require('archetype');
-const vm = require('vm');
+const authorize = require('../../authorize');
 
 const DeleteDashboardParams = new Archetype({
   dashboardId: {
     $type: 'string',
     $required: true
   },
+  roles: {
+    $type: ['string']
+  }
 }).compile('DeleteDashboardParams');
 
 module.exports = ({ db }) => async function deleteDashboard(params) {
-  const { dashboardId } = new DeleteDashboardParams(params);
+  const { dashboardId, roles } = new DeleteDashboardParams(params);
   const Dashboard = db.model('__Studio_Dashboard');
 
+  await authorize('Dashboard.deleteDashboard', roles);
+
   const result = await Dashboard.deleteOne({ _id: dashboardId }).orFail();
   return { result };
-};
+};

package/backend/actions/Dashboard/getDashboard.js

@@ -2,6 +2,7 @@
 
 const Archetype = require('archetype');
 const vm = require('vm');
+const authorize = require('../../authorize');
 
 const GetDashboardParams = new Archetype({
   dashboardId: {
@@ -10,13 +11,18 @@ const GetDashboardParams = new Archetype({
   },
   evaluate: {
     $type: 'boolean'
+  },
+  roles: {
+    $type: ['string']
   }
 }).compile('GetDashboardParams');
 
 module.exports = ({ db }) => async function getDashboard(params) {
-  const { dashboardId, evaluate } = new GetDashboardParams(params);
+  const { dashboardId, evaluate, roles } = new GetDashboardParams(params);
   const Dashboard = db.model('__Studio_Dashboard');
 
+  await authorize('Dashboard.getDashboard', roles);
+
   const dashboard = await Dashboard.findOne({ _id: dashboardId });
   if (evaluate) {
     let result = null;
@@ -25,9 +31,9 @@ module.exports = ({ db }) => async function getDashboard(params) {
     } catch (error) {
       return { dashboard, error: { message: error.message } };
     }
-    
+
     return { dashboard, result };
   }
 
   return { dashboard };
-};
+};

package/backend/actions/Dashboard/getDashboards.js

@@ -1,10 +1,13 @@
 'use strict';
 
+const authorize = require('../../authorize');
 
-module.exports = ({ db }) => async function getDashboards() {
+module.exports = ({ db }) => async function getDashboards(roles) {
   const Dashboard = db.model('__Studio_Dashboard');
 
+  await authorize('Dashboard.getDashboards', roles);
+
   const dashboards = await Dashboard.find();
 
   return { dashboards }
-};
+};

package/backend/actions/Dashboard/updateDashboard.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const Archetype = require('archetype');
+const authorize = require('../../authorize');
 
 const UpdateDashboardParams = new Archetype({
   dashboardId: {
@@ -16,16 +17,21 @@ const UpdateDashboardParams = new Archetype({
   },
   description: {
     $type: 'string'
+  },
+  roles: {
+    $type: ['string']
   }
 }).compile('UpdateDashboardParams');
 
 module.exports = ({ db }) => async function updateDashboard(params) {
-  const { dashboardId, code, title, description } = new UpdateDashboardParams(params);
+  const { dashboardId, code, title, description, roles } = new UpdateDashboardParams(params);
 
   const Dashboard = db.models[`__Studio_Dashboard`];
 
+  await authorize('Dashboard.updateDashboard', roles);
+
   const updateObj = { code };
-  
+
   if (title) {
     updateObj.title = title;
   }
@@ -36,7 +42,7 @@ module.exports = ({ db }) => async function updateDashboard(params) {
 
   const doc = await Dashboard.
     findByIdAndUpdate(dashboardId, updateObj, { sanitizeFilter: true, returnDocument: 'after', overwriteImmutable: true });
-  
+
   let result = null;
   try {
     result = await doc.evaluate();
@@ -45,4 +51,4 @@ module.exports = ({ db }) => async function updateDashboard(params) {
   }
 
   return { doc, result };
-};
+};

package/backend/actions/Model/createDocument.js

@@ -2,6 +2,7 @@
 
 const Archetype = require('archetype');
 const { EJSON } = require('bson');
+const authorize = require('../../authorize');
 
 const CreateDocumentParams = new Archetype({
   model: {
@@ -20,16 +21,14 @@ const CreateDocumentParams = new Archetype({
 module.exports = ({ db }) => async function CreateDocument(params) {
   const { model, data, roles } = new CreateDocumentParams(params);
 
-  if (roles && roles.includes('readonly')) {
-    throw new Error('Not authorized');
-  }
+  await authorize('Model.createDocument', roles);
 
   const Model = db.models[model];
   if (Model == null) {
     throw new Error(`Model ${model} not found`);
   }
-  
+
   const doc = await Model.create(EJSON.deserialize(data));
-  
+
   return { doc };
-};
+};

package/backend/actions/Model/deleteDocument.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const Archetype = require('archetype');
+const authorize = require('../../authorize');
 
 const DeleteDocumentParams = new Archetype({
   model: {
@@ -21,9 +22,8 @@ module.exports = ({ db }) => async function DeleteDocument(params) {
 
   const Model = db.models[model];
 
-  if (roles && roles.includes('readonly')) {
-    throw new Error('Not authorized');
-  }
+  await authorize('Model.deleteDocument', roles);
+
   if (Model == null) {
     throw new Error(`Model ${model} not found`);
   }
@@ -33,6 +33,6 @@ module.exports = ({ db }) => async function DeleteDocument(params) {
     setOptions({ sanitizeFilter: true }).
     orFail();
     console.log('what is doc', doc);
-  
+
   return { doc };
-};
+};

package/backend/actions/Model/deleteDocuments.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const Archetype = require('archetype');
+const authorize = require('../../authorize');
 
 const DeleteDocumentsParams = new Archetype({
   model: {
@@ -21,9 +22,8 @@ module.exports = ({ db }) => async function DeleteDocuments(params) {
 
   const Model = db.models[model];
 
-  if (roles && roles.includes('readonly')) {
-    throw new Error('Not authorized');
-  }
+  await authorize('Model.deleteDocuments', roles);
+
   if (Model == null) {
     throw new Error(`Model ${model} not found`);
   }
@@ -32,7 +32,7 @@ module.exports = ({ db }) => async function DeleteDocuments(params) {
     deleteMany({_id: { $in: documentIds }}).
     setOptions({ sanitizeFilter: true }).
     orFail();
-   
-  
+
+
   return { };
-};
+};

package/backend/actions/Model/dropIndex.js

@@ -0,0 +1,36 @@
+'use strict';
+
+const Archetype = require('archetype');
+const authorize = require('../../authorize');
+
+const DropIndexParams = new Archetype({
+  model: {
+    $type: 'string',
+    $required: true
+  },
+  name: {
+    $type: 'string',
+    $required: true
+  },
+  roles: {
+    $type: ['string']
+  }
+}).compile('DropIndexParams');
+
+module.exports = ({ db }) => async function getIndexes(params) {
+  const { model, name, roles } = new DropIndexParams(params);
+
+  await authorize('Model.dropIndex', roles);
+
+  const Model = db.models[model];
+  if (Model == null) {
+    throw new Error(`Model ${model} not found`);
+  }
+
+  await Model.collection.dropIndex(name);
+
+  const mongoDBIndexes = await Model.listIndexes();
+  return {
+    mongoDBIndexes
+  };
+};

package/backend/actions/Model/exportQueryResults.js

@@ -3,6 +3,7 @@
 const Archetype = require('archetype');
 const mongoose = require('mongoose');
 const { stringify } = require('csv-stringify/sync');
+const authorize = require('../../authorize');
 
 const GetDocumentsParams = new Archetype({
   model: {
@@ -21,13 +22,18 @@ const GetDocumentsParams = new Archetype({
       }
       return v;
     }
+  },
+  roles: {
+    $type: ['string']
   }
 }).compile('GetDocumentsParams');
 
 module.exports = ({ db }) => async function exportQueryResults(params, req, res) {
   params = new GetDocumentsParams(params);
   let { filter } = params;
-  const { model, propertiesToInclude } = params;
+  const { model, propertiesToInclude, roles } = params;
+
+  await authorize('Model.exportQueryResults', roles);
 
   const Model = db.models[model];
   if (Model == null) {

package/backend/actions/Model/getDocument.js

@@ -2,6 +2,7 @@
 
 const Archetype = require('archetype');
 const removeSpecifiedPaths = require('../../helpers/removeSpecifiedPaths');
+const authorize = require('../../authorize');
 
 const GetDocumentParams = new Archetype({
   model: {
@@ -11,11 +12,16 @@ const GetDocumentParams = new Archetype({
   documentId: {
     $type: 'string',
     $required: true
+  },
+  roles: {
+    $type: ['string']
   }
 }).compile('GetDocumentParams');
 
 module.exports = ({ db }) => async function getDocument(params) {
-  const { model, documentId } = new GetDocumentParams(params);
+  const { model, documentId, roles } = new GetDocumentParams(params);
+
+  await authorize('Model.getDocument', roles);
 
   const Model = db.models[model];
   if (Model == null) {
@@ -35,6 +41,6 @@ module.exports = ({ db }) => async function getDocument(params) {
     };
   }
   removeSpecifiedPaths(schemaPaths, '.$*');
-  
+
   return { doc: doc.toJSON({ virtuals: true, getters: false, transform: false }), schemaPaths };
-};
+};

package/backend/actions/Model/getDocuments.js

@@ -3,6 +3,7 @@
 const Archetype = require('archetype');
 const removeSpecifiedPaths = require('../../helpers/removeSpecifiedPaths');
 const { EJSON } = require('bson')
+const authorize = require('../../authorize');
 
 const GetDocumentsParams = new Archetype({
   model: {
@@ -24,11 +25,17 @@ const GetDocumentsParams = new Archetype({
   },
   sort: {
     $type: Archetype.Any
+  },
+  roles: {
+    $type: ['string']
   }
 }).compile('GetDocumentsParams');
 
 module.exports = ({ db }) => async function getDocuments(params) {
   params = new GetDocumentsParams(params);
+  const { roles } = params;
+  await authorize('Model.getDocuments', roles);
+
   let { filter } = params;
   if (filter != null && Object.keys(filter).length > 0) {
     filter = EJSON.parse(filter);

package/backend/actions/Model/getIndexes.js

@@ -1,18 +1,22 @@
 'use strict';
 
 const Archetype = require('archetype');
+const authorize = require('../../authorize');
 
 const GetDocumentsParams = new Archetype({
   model: {
     $type: 'string',
     $required: true
   },
+  roles: {
+    $type: ['string']
+  }
 }).compile('GetDocumentsParams');
 
 module.exports = ({ db }) => async function getIndexes(params) {
-  params = new GetDocumentsParams(params);
+  const { model, roles } = new GetDocumentsParams(params);
 
-  const { model } = params;
+  await authorize('Model.getIndexes', roles);
 
   const Model = db.models[model];
   if (Model == null) {

package/backend/actions/Model/index.js

@@ -3,6 +3,7 @@
 exports.createDocument = require('./createDocument')
 exports.deleteDocument = require('./deleteDocument');
 exports.deleteDocuments = require('./deleteDocuments');
+exports.dropIndex = require('./dropIndex');
 exports.exportQueryResults = require('./exportQueryResults');
 exports.getDocument = require('./getDocument');
 exports.getDocuments = require('./getDocuments');

package/backend/actions/Model/listModels.js

@@ -1,7 +1,19 @@
 'use strict';
 
-module.exports = ({ db }) => async function listModels() {
+const Archetype = require('archetype');
+const authorize = require('../../authorize');
+
+const ListModelsParams = new Archetype({
+  roles: {
+    $type: ['string']
+  }
+}).compile('ListModelsParams');
+
+module.exports = ({ db }) => async function listModels(params) {
+  const { roles } = new ListModelsParams(params);
+  await authorize('Model.listModels', roles);
+
   return {
     models: Object.keys(db.models).filter(key => !key.startsWith('__Studio_')).sort()
   };
-};
+};

package/backend/actions/Model/updateDocument.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const Archetype = require('archetype');
+const authorize = require('../../authorize');
 
 const UpdateDocumentsParams = new Archetype({
   model: {
@@ -23,9 +24,8 @@ const UpdateDocumentsParams = new Archetype({
 module.exports = ({ db }) => async function updateDocument(params) {
   const { model, _id, update, roles } = new UpdateDocumentsParams(params);
 
-  if (roles && roles.includes('readonly')) {
-    throw new Error('Not authorized');
-  }
+  await authorize('Document.updateDocument', roles);
+
   const Model = db.models[model];
   if (Model == null) {
     throw new Error(`Model ${model} not found`);
@@ -40,6 +40,6 @@ module.exports = ({ db }) => async function updateDocument(params) {
 
   const doc = await Model.
     findByIdAndUpdate(_id, processedUpdate, { sanitizeFilter: true, returnDocument: 'after', overwriteImmutable: true, runValidators: false });
-  
+
   return { doc };
-};
+};

package/backend/actions/Model/updateDocuments.js

@@ -1,7 +1,7 @@
 'use strict';
 
 const Archetype = require('archetype');
-const mongoose = require('mongoose');
+const authorize = require('../../authorize');
 
 const UpdateDocumentsParams = new Archetype({
   model: {
@@ -24,9 +24,8 @@ const UpdateDocumentsParams = new Archetype({
 module.exports = ({ db }) => async function updateDocuments(params) {
   const { model, _id, update, roles } = new UpdateDocumentsParams(params);
 
-  if (roles && roles.includes('readonly')) {
-    throw new Error('Not authorized');
-  }
+  await authorize('Document.updateDocuments', roles);
+
   const Model = db.models[model];
   if (Model == null) {
     throw new Error(`Model ${model} not found`);
@@ -41,6 +40,6 @@ module.exports = ({ db }) => async function updateDocuments(params) {
 
   const result = await Model.
     updateMany({ _id: { $in: _id } }, processedUpdate, { overwriteImmutable: true, runValidators: false });
-  
+
   return { result };
-};
+};