@mongoosejs/studio 0.1.20 → 0.2.0

package/backend/actions/ChatMessage/executeScript.js

@@ -39,7 +39,10 @@ module.exports = ({ db, studioConnection }) => async function executeScript(para
 
   // Create a sandbox with the db object
   const logs = [];
-  const sandbox = { db, console: {}, ObjectId: mongoose.Types.ObjectId };
+  if (!db.Types) {
+    db.Types = mongoose.Types;
+  }
+  const sandbox = { db, mongoose, console: {}, ObjectId: mongoose.Types.ObjectId };
 
   // Capture console logs
   sandbox.console.log = function() {

package/backend/actions/ChatThread/createChatMessage.js

@@ -101,42 +101,48 @@ module.exports = ({ db, studioConnection, options }) => async function createCha
 };
 
 const systemPrompt = `
-  You are a data querying assistant who writes scripts for users accessing MongoDB data using Node.js and Mongoose.
+You are a data querying assistant who writes scripts for users accessing MongoDB data using Node.js and Mongoose.
 
-  Keep scripts concise. Avoid unnecessary comments, error handling, and temporary variables.
+The following globals are available. Assume no other globals exist.
+- db: The Mongoose connection object or Mongoose singleton depending on what the user passed in
+- mongoose: the output of require('mongoose').
+- ObjectId: MongoDB ObjectId class from mongoose.Types.ObjectId
+- console: has a stubbed log() function that logs to the console and is accessible in the output.
 
-  Do not write any imports or require() statements, that will cause the script to break.
+Keep scripts concise. Avoid unnecessary comments, error handling, and temporary variables.
 
-  If the user approves the script, the script will run in the Node.js server in a sandboxed vm.createContext() call with only 1 global variable: db, which contains the Mongoose connection. The script return value will then send the response via JSON to the client. Be aware that the result of the query will be serialized to JSON before being displayed to the user. MAKE SURE TO RETURN A VALUE FROM THE SCRIPT.
+Do not write any imports or require() statements, that will cause the script to break.
 
-  Optimize scripts for readability first, followed by reliability, followed by performance. Avoid using the aggregation framework unless explicitly requested by the user. Use indexed fields in queries where possible.
+If the user approves the script, the script will run in the Node.js server in a sandboxed vm.createContext() call with only 1 global variable: db, which contains the Mongoose connection. The script return value will then send the response via JSON to the client. Be aware that the result of the query will be serialized to JSON before being displayed to the user. MAKE SURE TO RETURN A VALUE FROM THE SCRIPT.
 
-  Assume the user has pre-defined schemas and models. Do not define any new schemas or models for the user.
+Optimize scripts for readability first, followed by reliability, followed by performance. Avoid using the aggregation framework unless explicitly requested by the user. Use indexed fields in queries where possible.
 
-  Use async/await where possible. Assume top-level await is allowed.
+Assume the user has pre-defined schemas and models. Do not define any new schemas or models for the user.
 
-  Write at most one script, unless the user explicitly asks for multiple scripts.
+Use async/await where possible. Assume top-level await is allowed.
 
-  Think carefully about the user's input and identify the models referred to by the user's query.
+Write at most one script, unless the user explicitly asks for multiple scripts.
 
-  Format output as Markdown, including code fences for any scripts the user requested.
+Think carefully about the user's input and identify the models referred to by the user's query.
 
-  Add a brief text description of what the script does.
+Format output as Markdown, including code fences for any scripts the user requested.
 
-  If the user's query is best answered with a chart, return a Chart.js 4 configuration as \`return { $chart: chartJSConfig };\`. Disable ChartJS animation by default unless user asks for it. Set responsive: true, maintainAspectRatio: false options unless the user explicitly asks.
+Add a brief text description of what the script does.
 
-  If the user\'s query is best answered by a map, return an object { $featureCollection } which contains a GeoJSON FeatureCollection
+If the user's query is best answered with a chart, return a Chart.js 4 configuration as \`return { $chart: chartJSConfig };\`. Disable ChartJS animation by default unless user asks for it. Set responsive: true, maintainAspectRatio: false options unless the user explicitly asks.
 
-  Example output:
+If the user\'s query is best answered by a map, return an object { $featureCollection } which contains a GeoJSON FeatureCollection
 
-  The following script counts the number of users which are not deleted.
+Example output:
 
-  \`\`\`javascript
-  const users = await db.model('User').find({ isDeleted: false });
-  return { numUsers: users.length };
-  \`\`\`
+The following script counts the number of users which are not deleted.
 
-  -----------
+\`\`\`javascript
+const users = await db.model('User').find({ isDeleted: false });
+return { numUsers: users.length };
+\`\`\`
 
-  Here is a description of the user's models. Assume these are the only models available in the system unless explicitly instructed otherwise by the user.
-  `.trim();
+-----------
+
+Here is a description of the user's models. Assume these are the only models available in the system unless explicitly instructed otherwise by the user.
+`.trim();

package/backend/helpers/evaluateFilter.js

@@ -29,7 +29,8 @@ module.exports = function evaluateFilter(searchText) {
   const context = vm.createContext({
     ObjectId,
     Date,
-    Math
+    Math,
+    objectIdRange
   });
 
   let result;
@@ -49,3 +50,39 @@ module.exports = function evaluateFilter(searchText) {
 
   throw new Error('Invalid search filter: must evaluate to an object');
 };
+
+function objectIdRange(start, end) {
+  if (start instanceof Date) {
+    start = ObjectId.createFromTime(start.getTime() / 1000);
+  } else if (typeof start === 'string') {
+    if (/^[a-fA-F0-9]{24}$/.test(start)) {
+      start = new ObjectId(start);
+    } else if (!Number.isNaN(new Date(start).valueOf())) {
+      start = ObjectId.createFromTime(new Date(start).getTime() / 1000);
+    } else {
+      throw new Error('Invalid start');
+    }
+  }
+  if (end instanceof Date) {
+    end = ObjectId.createFromTime(end.getTime() / 1000);
+  } else if (typeof end === 'string') {
+    if (/^[a-fA-F0-9]{24}$/.test(end)) {
+      end = new ObjectId(end);
+    } else if (!Number.isNaN(new Date(end).valueOf())) {
+      end = ObjectId.createFromTime(new Date(end).getTime() / 1000);
+    } else {
+      throw new Error('Invalid end');
+    }
+  }
+
+  if (start != null && end != null) {
+    return { $gte: start, $lte: end };
+  }
+  if (start != null) {
+    return { $gte: start };
+  }
+  if (end != null) {
+    return { $lte: end };
+  }
+  throw new Error('objectIdRange requires at least one parameter (start or end)');
+}

package/express.js

@@ -61,7 +61,7 @@ module.exports = async function mongooseStudioExpressApp(apiUrl, conn, options)
         .then(res => res.json())
         .then(({ user, roles }) => {
           if (!user || !roles) {
-            throw new Error('Not authorized');
+            return res.status(403).json({ message: 'Not authorized' });
           }
           req._internals = req._internals || {};
           req._internals.authorization = authorization;
@@ -71,7 +71,9 @@ module.exports = async function mongooseStudioExpressApp(apiUrl, conn, options)
 
           next();
         })
-        .catch(err => next(err));
+        .catch(err => {
+          return res.status(500).json({ message: err.message });
+        });
     },
     express.json(),
     objectRouter(backend, toRoute)