npm - @nixxie-cms/core - Versions diffs - 1.0.3 → 1.1.0 - Mend

@nixxie-cms/core 1.0.3 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (202) hide show

package/dist/{non-null-graphql-add6bb3d.cjs.js → non-null-graphql-4a44c122.cjs.js} RENAMED Viewed

@@ -1,6 +1,6 @@
 'use strict';
-var resolveHooks = require('./resolve-hooks-165a9ce2.cjs.js');
+var resolveHooks = require('./resolve-hooks-10a5f84c.cjs.js');
 function resolveDbNullable(validation, db) {
   if ((db === null || db === void 0 ? void 0 : db.isNullable) === false) return false;

package/dist/{non-null-graphql-a84ed64d.esm.js → non-null-graphql-8c5feaae.esm.js} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { m as merge } from './resolve-hooks-6813a045.esm.js';
+import { m as merge } from './resolve-hooks-9e676794.esm.js';
 function resolveDbNullable(validation, db) {
   if ((db === null || db === void 0 ? void 0 : db.isNullable) === false) return false;

package/dist/{resolve-hooks-165a9ce2.cjs.js → resolve-hooks-10a5f84c.cjs.js} RENAMED Viewed

@@ -5,6 +5,7 @@ var nextFields = require('./next-fields-49c025ef.cjs.js');
 require('@graphql-ts/schema');
 require('@graphql-ts/extend');
 var graphql = require('graphql');
+var node_async_hooks = require('node:async_hooks');
 const userInputError = msg => new graphql.GraphQLError(`Input error: ${msg}`, {
   extensions: {
@@ -316,6 +317,236 @@ function idFieldType(config) {
   };
 }
+/**
+ * Cascade deletion: enacts a collection's `cascade` rules inside the delete pipeline.
+ *
+ * Cascaded operations go through the normal mutation APIs (`context.sudo().db`), so the
+ * target collections' hooks, access events and their OWN cascade rules all run — deletes
+ * recurse naturally. A visited-set carried through AsyncLocalStorage guards against
+ * cycles (A → B → A) across the recursive mutation calls, which derive fresh context
+ * objects and therefore can't carry the state themselves.
+ *
+ * Note on atomicity: each cascaded operation commits independently (the hook pipeline
+ * is not transactional). `restrict` rules are checked up front, before anything is
+ * deleted, so refusals are always clean; a mid-cascade failure aborts the remaining
+ * cascade and the root delete, but already-cascaded operations stay committed.
+ */
+const cascadeStack = new node_async_hooks.AsyncLocalStorage();
+/** Page size for fetching related records. */
+const PAGE = 100;
+/** Safety cap on preview tree size. */
+const PREVIEW_LIMIT = 1000;
+const visitKey = (listKey, id) => `${listKey}:${id}`;
+/** Where-filter matching the target collection's records that point at `itemId`. */
+function matchWhere(rule, itemId) {
+  return rule.many ? {
+    [rule.field]: {
+      some: {
+        id: {
+          equals: itemId
+        }
+      }
+    }
+  } : {
+    [rule.field]: {
+      id: {
+        equals: itemId
+      }
+    }
+  };
+}
+function ruleAction(rule) {
+  var _rule$action;
+  return (_rule$action = rule.action) !== null && _rule$action !== void 0 ? _rule$action : 'delete';
+}
+/**
+ * Check `restrict` rules for an item about to be deleted. Runs before any cascade work,
+ * so a refused delete leaves the database untouched. Records that are already part of
+ * the in-flight cascade (visited) don't count — they are being deleted too.
+ */
+async function enforceCascadeRestrictions(list, context, item) {
+  var _list$cascade;
+  const rules = ((_list$cascade = list.cascade) !== null && _list$cascade !== void 0 ? _list$cascade : []).filter(rule => ruleAction(rule) === 'restrict');
+  if (!rules.length) return;
+  const visited = cascadeStack.getStore();
+  const sudo = context.sudo();
+  for (const rule of rules) {
+    const matches = await sudo.db[rule.collection].findMany({
+      where: matchWhere(rule, String(item.id)),
+      take: PAGE
+    });
+    const blocking = visited ? matches.filter(match => !visited.has(visitKey(rule.collection, match.id))) : matches;
+    if (blocking.length) {
+      throw new Error(`Cannot delete this ${list.listKey} item: ${blocking.length}${matches.length === PAGE ? '+' : ''} related ` + `${rule.collection} record(s) reference it through "${rule.field}" (cascade rule: restrict). ` + `Delete or reassign them first.`);
+    }
+  }
+}
+/**
+ * Enact the non-restrict cascade rules for an item that is about to be deleted.
+ * Called from the delete pipeline after hooks, immediately before the database delete.
+ */
+async function runCascade(list, context, item) {
+  var _list$cascade2, _cascadeStack$getStor;
+  const rules = ((_list$cascade2 = list.cascade) !== null && _list$cascade2 !== void 0 ? _list$cascade2 : []).filter(rule => ruleAction(rule) !== 'restrict');
+  // Mark the root as visited even when it has no rules itself — an ancestor cascade may
+  // be in flight, and other branches must know this item is already being handled.
+  const visited = (_cascadeStack$getStor = cascadeStack.getStore()) !== null && _cascadeStack$getStor !== void 0 ? _cascadeStack$getStor : new Set();
+  visited.add(visitKey(list.listKey, item.id));
+  if (!rules.length) return;
+  await cascadeStack.run(visited, async () => {
+    const sudo = context.sudo();
+    const itemId = String(item.id);
+    for (const rule of rules) {
+      var _rule$softDeleteField;
+      const action = ruleAction(rule);
+      if (!sudo.db[rule.collection]) {
+        throw new Error(`Cascade rule on ${list.listKey} points at unknown collection "${rule.collection}"`);
+      }
+      // softDelete'd records still reference the deleted item, so the match query must
+      // exclude already-stamped rows or this loop would never drain.
+      const softDeleteField = (_rule$softDeleteField = rule.softDeleteField) !== null && _rule$softDeleteField !== void 0 ? _rule$softDeleteField : 'deletedAt';
+      const where = action === 'softDelete' ? {
+        ...matchWhere(rule, itemId),
+        [softDeleteField]: null
+      } : matchWhere(rule, itemId);
+      for (;;) {
+        const matches = await sudo.db[rule.collection].findMany({
+          where: where,
+          take: PAGE
+        });
+        const pending = matches.filter(match => !visited.has(visitKey(rule.collection, match.id)));
+        if (!pending.length) break;
+        for (const match of pending) {
+          const matchId = String(match.id);
+          if (action === 'delete') {
+            // Recurses into the target's own pipeline (hooks + its cascade rules).
+            await sudo.db[rule.collection].deleteOne({
+              where: {
+                id: matchId
+              }
+            });
+          } else if (action === 'setNull') {
+            visited.add(visitKey(rule.collection, match.id));
+            await sudo.db[rule.collection].updateOne({
+              where: {
+                id: matchId
+              },
+              data: {
+                [rule.field]: rule.many ? {
+                  disconnect: [{
+                    id: itemId
+                  }]
+                } : {
+                  disconnect: true
+                }
+              }
+            });
+          } else if (action === 'softDelete') {
+            visited.add(visitKey(rule.collection, match.id));
+            await sudo.db[rule.collection].updateOne({
+              where: {
+                id: matchId
+              },
+              data: {
+                [softDeleteField]: new Date().toISOString()
+              }
+            });
+          }
+        }
+        if (matches.length < PAGE) break;
+      }
+    }
+  });
+}
+// ── Dry-run preview ──
+/**
+ * Compute — without changing anything — the full tree of records a delete would touch,
+ * following cascade rules recursively. Surface this in delete confirmations:
+ * "This will delete 1 Post, 47 Comments and disconnect 3 Drafts."
+ *
+ * @example
+ * const preview = await previewDelete(context, 'Post', postId)
+ * console.log(preview.totals) // { Comment: { delete: 47 }, Draft: { setNull: 3 } }
+ */
+async function previewDelete(context, listKey, itemId) {
+  const lists = context.__internal.lists;
+  if (!lists[listKey]) throw new Error(`previewDelete: unknown collection "${listKey}"`);
+  const sudo = context.sudo();
+  const totals = {};
+  const visited = new Set();
+  let nodes = 0;
+  let truncated = false;
+  const count = (collection, action) => {
+    var _totals$collection, _slot$action;
+    const slot = (_totals$collection = totals[collection]) !== null && _totals$collection !== void 0 ? _totals$collection : totals[collection] = {};
+    slot[action] = ((_slot$action = slot[action]) !== null && _slot$action !== void 0 ? _slot$action : 0) + 1;
+  };
+  async function walk(currentKey, id, action) {
+    visited.add(visitKey(currentKey, id));
+    const list = lists[currentKey];
+    const node = {
+      collection: currentKey,
+      id,
+      action,
+      children: []
+    };
+    const labelField = list.ui.labelField;
+    try {
+      const item = await sudo.db[currentKey].findOne({
+        where: {
+          id
+        }
+      });
+      const label = item === null || item === void 0 ? void 0 : item[labelField];
+      if (label != null && labelField !== 'id') node.label = String(label);
+    } catch {
+      // label is cosmetic — never fail the preview over it
+    }
+    // Only deletes propagate further cascades.
+    if (action !== 'delete') return node;
+    for (const rule of (_list$cascade3 = list.cascade) !== null && _list$cascade3 !== void 0 ? _list$cascade3 : []) {
+      var _list$cascade3;
+      const childAction = ruleAction(rule);
+      if (!lists[rule.collection]) continue;
+      let skip = 0;
+      for (;;) {
+        const matches = await sudo.db[rule.collection].findMany({
+          where: matchWhere(rule, id),
+          take: PAGE,
+          skip
+        });
+        for (const match of matches) {
+          if (visited.has(visitKey(rule.collection, match.id))) continue;
+          if (nodes >= PREVIEW_LIMIT) {
+            truncated = true;
+            return node;
+          }
+          nodes++;
+          count(rule.collection, childAction);
+          node.children.push(await walk(rule.collection, String(match.id), childAction));
+        }
+        if (matches.length < PAGE) break;
+        skip += PAGE;
+      }
+    }
+    return node;
+  }
+  const root = await walk(listKey, itemId, 'delete');
+  return {
+    root,
+    totals,
+    truncated
+  };
+}
 // yes, these two types have the fields but they're semantically different types
 // (even though, yes, having EnumFilter by defined as EnumNullableFilter<Enum>, would be the same type but names would show up differently in editors for example)
@@ -876,7 +1107,7 @@ const BigIntFilter$2 = nextFields.g.inputObject({
     })
   })
 });
-const String$2 = {
+const String$3 = {
   optional: StringNullableFilter$2,
   required: StringFilter$2
 };
@@ -907,7 +1138,7 @@ const BigInt$3 = {
 var postgresql = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  String: String$2,
+  String: String$3,
   Boolean: Boolean$2,
   Int: Int$2,
   Float: Float$2,
@@ -1404,7 +1635,7 @@ const BigIntFilter$1 = nextFields.g.inputObject({
     })
   })
 });
-const String$1 = {
+const String$2 = {
   optional: StringNullableFilter$1,
   required: StringFilter$1
 };
@@ -1435,7 +1666,7 @@ const BigInt$2 = {
 var sqlite = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  String: String$1,
+  String: String$2,
   Boolean: Boolean$1,
   Int: Int$1,
   Float: Float$1,
@@ -1944,7 +2175,7 @@ const BigIntFilter = nextFields.g.inputObject({
     })
   })
 });
-const String = {
+const String$1 = {
   optional: StringNullableFilter,
   required: StringFilter
 };
@@ -1975,7 +2206,7 @@ const BigInt$1 = {
 var mysql = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  String: String,
+  String: String$1,
   Boolean: Boolean,
   Int: Int,
   Float: Float,
@@ -2027,6 +2258,7 @@ function expandVoidHooks(hooks) {
 exports.accessDeniedError = accessDeniedError;
 exports.accessReturnError = accessReturnError;
+exports.enforceCascadeRestrictions = enforceCascadeRestrictions;
 exports.expandVoidHooks = expandVoidHooks;
 exports.extensionError = extensionError;
 exports.filterAccessError = filterAccessError;
@@ -2036,8 +2268,10 @@ exports.limitsExceededError = limitsExceededError;
 exports.merge = merge;
 exports.mysql = mysql;
 exports.postgresql = postgresql;
+exports.previewDelete = previewDelete;
 exports.relationshipError = relationshipError;
 exports.resolverError = resolverError;
+exports.runCascade = runCascade;
 exports.sqlite = sqlite;
 exports.userInputError = userInputError;
 exports.validationFailureError = validationFailureError;

package/dist/{resolve-hooks-6813a045.esm.js → resolve-hooks-9e676794.esm.js} RENAMED Viewed

@@ -3,6 +3,7 @@ import { g, f as fieldType, o as orderDirectionEnum, Q as QueryMode } from './ne
 import '@graphql-ts/schema';
 import '@graphql-ts/extend';
 import { GraphQLError } from 'graphql';
+import { AsyncLocalStorage } from 'node:async_hooks';
 const userInputError = msg => new GraphQLError(`Input error: ${msg}`, {
   extensions: {
@@ -314,6 +315,236 @@ function idFieldType(config) {
   };
 }
+/**
+ * Cascade deletion: enacts a collection's `cascade` rules inside the delete pipeline.
+ *
+ * Cascaded operations go through the normal mutation APIs (`context.sudo().db`), so the
+ * target collections' hooks, access events and their OWN cascade rules all run — deletes
+ * recurse naturally. A visited-set carried through AsyncLocalStorage guards against
+ * cycles (A → B → A) across the recursive mutation calls, which derive fresh context
+ * objects and therefore can't carry the state themselves.
+ *
+ * Note on atomicity: each cascaded operation commits independently (the hook pipeline
+ * is not transactional). `restrict` rules are checked up front, before anything is
+ * deleted, so refusals are always clean; a mid-cascade failure aborts the remaining
+ * cascade and the root delete, but already-cascaded operations stay committed.
+ */
+const cascadeStack = new AsyncLocalStorage();
+/** Page size for fetching related records. */
+const PAGE = 100;
+/** Safety cap on preview tree size. */
+const PREVIEW_LIMIT = 1000;
+const visitKey = (listKey, id) => `${listKey}:${id}`;
+/** Where-filter matching the target collection's records that point at `itemId`. */
+function matchWhere(rule, itemId) {
+  return rule.many ? {
+    [rule.field]: {
+      some: {
+        id: {
+          equals: itemId
+        }
+      }
+    }
+  } : {
+    [rule.field]: {
+      id: {
+        equals: itemId
+      }
+    }
+  };
+}
+function ruleAction(rule) {
+  var _rule$action;
+  return (_rule$action = rule.action) !== null && _rule$action !== void 0 ? _rule$action : 'delete';
+}
+/**
+ * Check `restrict` rules for an item about to be deleted. Runs before any cascade work,
+ * so a refused delete leaves the database untouched. Records that are already part of
+ * the in-flight cascade (visited) don't count — they are being deleted too.
+ */
+async function enforceCascadeRestrictions(list, context, item) {
+  var _list$cascade;
+  const rules = ((_list$cascade = list.cascade) !== null && _list$cascade !== void 0 ? _list$cascade : []).filter(rule => ruleAction(rule) === 'restrict');
+  if (!rules.length) return;
+  const visited = cascadeStack.getStore();
+  const sudo = context.sudo();
+  for (const rule of rules) {
+    const matches = await sudo.db[rule.collection].findMany({
+      where: matchWhere(rule, String(item.id)),
+      take: PAGE
+    });
+    const blocking = visited ? matches.filter(match => !visited.has(visitKey(rule.collection, match.id))) : matches;
+    if (blocking.length) {
+      throw new Error(`Cannot delete this ${list.listKey} item: ${blocking.length}${matches.length === PAGE ? '+' : ''} related ` + `${rule.collection} record(s) reference it through "${rule.field}" (cascade rule: restrict). ` + `Delete or reassign them first.`);
+    }
+  }
+}
+/**
+ * Enact the non-restrict cascade rules for an item that is about to be deleted.
+ * Called from the delete pipeline after hooks, immediately before the database delete.
+ */
+async function runCascade(list, context, item) {
+  var _list$cascade2, _cascadeStack$getStor;
+  const rules = ((_list$cascade2 = list.cascade) !== null && _list$cascade2 !== void 0 ? _list$cascade2 : []).filter(rule => ruleAction(rule) !== 'restrict');
+  // Mark the root as visited even when it has no rules itself — an ancestor cascade may
+  // be in flight, and other branches must know this item is already being handled.
+  const visited = (_cascadeStack$getStor = cascadeStack.getStore()) !== null && _cascadeStack$getStor !== void 0 ? _cascadeStack$getStor : new Set();
+  visited.add(visitKey(list.listKey, item.id));
+  if (!rules.length) return;
+  await cascadeStack.run(visited, async () => {
+    const sudo = context.sudo();
+    const itemId = String(item.id);
+    for (const rule of rules) {
+      var _rule$softDeleteField;
+      const action = ruleAction(rule);
+      if (!sudo.db[rule.collection]) {
+        throw new Error(`Cascade rule on ${list.listKey} points at unknown collection "${rule.collection}"`);
+      }
+      // softDelete'd records still reference the deleted item, so the match query must
+      // exclude already-stamped rows or this loop would never drain.
+      const softDeleteField = (_rule$softDeleteField = rule.softDeleteField) !== null && _rule$softDeleteField !== void 0 ? _rule$softDeleteField : 'deletedAt';
+      const where = action === 'softDelete' ? {
+        ...matchWhere(rule, itemId),
+        [softDeleteField]: null
+      } : matchWhere(rule, itemId);
+      for (;;) {
+        const matches = await sudo.db[rule.collection].findMany({
+          where: where,
+          take: PAGE
+        });
+        const pending = matches.filter(match => !visited.has(visitKey(rule.collection, match.id)));
+        if (!pending.length) break;
+        for (const match of pending) {
+          const matchId = String(match.id);
+          if (action === 'delete') {
+            // Recurses into the target's own pipeline (hooks + its cascade rules).
+            await sudo.db[rule.collection].deleteOne({
+              where: {
+                id: matchId
+              }
+            });
+          } else if (action === 'setNull') {
+            visited.add(visitKey(rule.collection, match.id));
+            await sudo.db[rule.collection].updateOne({
+              where: {
+                id: matchId
+              },
+              data: {
+                [rule.field]: rule.many ? {
+                  disconnect: [{
+                    id: itemId
+                  }]
+                } : {
+                  disconnect: true
+                }
+              }
+            });
+          } else if (action === 'softDelete') {
+            visited.add(visitKey(rule.collection, match.id));
+            await sudo.db[rule.collection].updateOne({
+              where: {
+                id: matchId
+              },
+              data: {
+                [softDeleteField]: new Date().toISOString()
+              }
+            });
+          }
+        }
+        if (matches.length < PAGE) break;
+      }
+    }
+  });
+}
+// ── Dry-run preview ──
+/**
+ * Compute — without changing anything — the full tree of records a delete would touch,
+ * following cascade rules recursively. Surface this in delete confirmations:
+ * "This will delete 1 Post, 47 Comments and disconnect 3 Drafts."
+ *
+ * @example
+ * const preview = await previewDelete(context, 'Post', postId)
+ * console.log(preview.totals) // { Comment: { delete: 47 }, Draft: { setNull: 3 } }
+ */
+async function previewDelete(context, listKey, itemId) {
+  const lists = context.__internal.lists;
+  if (!lists[listKey]) throw new Error(`previewDelete: unknown collection "${listKey}"`);
+  const sudo = context.sudo();
+  const totals = {};
+  const visited = new Set();
+  let nodes = 0;
+  let truncated = false;
+  const count = (collection, action) => {
+    var _totals$collection, _slot$action;
+    const slot = (_totals$collection = totals[collection]) !== null && _totals$collection !== void 0 ? _totals$collection : totals[collection] = {};
+    slot[action] = ((_slot$action = slot[action]) !== null && _slot$action !== void 0 ? _slot$action : 0) + 1;
+  };
+  async function walk(currentKey, id, action) {
+    visited.add(visitKey(currentKey, id));
+    const list = lists[currentKey];
+    const node = {
+      collection: currentKey,
+      id,
+      action,
+      children: []
+    };
+    const labelField = list.ui.labelField;
+    try {
+      const item = await sudo.db[currentKey].findOne({
+        where: {
+          id
+        }
+      });
+      const label = item === null || item === void 0 ? void 0 : item[labelField];
+      if (label != null && labelField !== 'id') node.label = String(label);
+    } catch {
+      // label is cosmetic — never fail the preview over it
+    }
+    // Only deletes propagate further cascades.
+    if (action !== 'delete') return node;
+    for (const rule of (_list$cascade3 = list.cascade) !== null && _list$cascade3 !== void 0 ? _list$cascade3 : []) {
+      var _list$cascade3;
+      const childAction = ruleAction(rule);
+      if (!lists[rule.collection]) continue;
+      let skip = 0;
+      for (;;) {
+        const matches = await sudo.db[rule.collection].findMany({
+          where: matchWhere(rule, id),
+          take: PAGE,
+          skip
+        });
+        for (const match of matches) {
+          if (visited.has(visitKey(rule.collection, match.id))) continue;
+          if (nodes >= PREVIEW_LIMIT) {
+            truncated = true;
+            return node;
+          }
+          nodes++;
+          count(rule.collection, childAction);
+          node.children.push(await walk(rule.collection, String(match.id), childAction));
+        }
+        if (matches.length < PAGE) break;
+        skip += PAGE;
+      }
+    }
+    return node;
+  }
+  const root = await walk(listKey, itemId, 'delete');
+  return {
+    root,
+    totals,
+    truncated
+  };
+}
 // yes, these two types have the fields but they're semantically different types
 // (even though, yes, having EnumFilter by defined as EnumNullableFilter<Enum>, would be the same type but names would show up differently in editors for example)
@@ -874,7 +1105,7 @@ const BigIntFilter$2 = g.inputObject({
     })
   })
 });
-const String$2 = {
+const String$3 = {
   optional: StringNullableFilter$2,
   required: StringFilter$2
 };
@@ -905,7 +1136,7 @@ const BigInt$3 = {
 var postgresql = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  String: String$2,
+  String: String$3,
   Boolean: Boolean$2,
   Int: Int$2,
   Float: Float$2,
@@ -1402,7 +1633,7 @@ const BigIntFilter$1 = g.inputObject({
     })
   })
 });
-const String$1 = {
+const String$2 = {
   optional: StringNullableFilter$1,
   required: StringFilter$1
 };
@@ -1433,7 +1664,7 @@ const BigInt$2 = {
 var sqlite = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  String: String$1,
+  String: String$2,
   Boolean: Boolean$1,
   Int: Int$1,
   Float: Float$1,
@@ -1942,7 +2173,7 @@ const BigIntFilter = g.inputObject({
     })
   })
 });
-const String = {
+const String$1 = {
   optional: StringNullableFilter,
   required: StringFilter
 };
@@ -1973,7 +2204,7 @@ const BigInt$1 = {
 var mysql = /*#__PURE__*/Object.freeze({
   __proto__: null,
-  String: String,
+  String: String$1,
   Boolean: Boolean,
   Int: Int,
   Float: Float,
@@ -2023,4 +2254,4 @@ function expandVoidHooks(hooks) {
   };
 }
-export { mysql as a, accessReturnError as b, accessDeniedError as c, filterAccessError as d, extensionError as e, formatKeys as f, expandVoidHooks as g, relationshipError as h, idFieldType as i, limitsExceededError as l, merge as m, postgresql as p, resolverError as r, sqlite as s, userInputError as u, validationFailureError as v };
+export { postgresql as a, mysql as b, accessReturnError as c, accessDeniedError as d, extensionError as e, formatKeys as f, filterAccessError as g, expandVoidHooks as h, idFieldType as i, enforceCascadeRestrictions as j, resolverError as k, limitsExceededError as l, merge as m, relationshipError as n, previewDelete as p, runCascade as r, sqlite as s, userInputError as u, validationFailureError as v };