@object-ui/data-objectstack 0.5.0 → 3.0.0

package/src/security.ts

@@ -0,0 +1,230 @@
+/**
+ * ObjectUI
+ * Copyright (c) 2024-present ObjectStack Inc.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+/**
+ * Security module integration for @objectstack/spec v3.0.0
+ * Provides advanced security policies: CSP config, audit logging, data masking.
+ */
+
+export interface SecurityPolicy {
+  /** Content Security Policy configuration */
+  csp?: CSPConfig;
+  /** Audit logging configuration */
+  auditLog?: AuditLogConfig;
+  /** Data masking rules */
+  dataMasking?: DataMaskingConfig;
+}
+
+export interface CSPConfig {
+  /** Script sources */
+  scriptSrc: string[];
+  /** Style sources */
+  styleSrc: string[];
+  /** Image sources */
+  imgSrc: string[];
+  /** Connect sources (APIs, WebSockets) */
+  connectSrc: string[];
+  /** Font sources */
+  fontSrc: string[];
+  /** Frame sources */
+  frameSrc?: string[];
+  /** Report URI for violations */
+  reportUri?: string;
+}
+
+export interface AuditLogConfig {
+  /** Whether audit logging is enabled */
+  enabled: boolean;
+  /** Events to audit */
+  events: AuditEventType[];
+  /** Log retention days */
+  retentionDays?: number;
+  /** External log destination */
+  destination?: 'console' | 'server' | 'both';
+}
+
+export type AuditEventType =
+  | 'auth.login'
+  | 'auth.logout'
+  | 'auth.failed'
+  | 'data.create'
+  | 'data.read'
+  | 'data.update'
+  | 'data.delete'
+  | 'admin.config'
+  | 'admin.user'
+  | 'admin.role';
+
+export interface DataMaskingConfig {
+  /** Fields to mask */
+  rules: DataMaskingRule[];
+  /** Default masking character */
+  maskChar?: string;
+}
+
+export interface DataMaskingRule {
+  /** Field name or pattern */
+  field: string;
+  /** Masking strategy */
+  strategy: 'full' | 'partial' | 'hash' | 'redact';
+  /** Number of visible characters (for partial masking) */
+  visibleChars?: number;
+  /** Roles that can see unmasked data */
+  exemptRoles?: string[];
+}
+
+export interface AuditLogEntry {
+  /** Event timestamp */
+  timestamp: string;
+  /** Event type */
+  event: AuditEventType;
+  /** User who triggered the event */
+  userId: string;
+  /** Target resource */
+  resource?: string;
+  /** Record ID */
+  recordId?: string;
+  /** Additional details */
+  details?: Record<string, unknown>;
+  /** IP address */
+  ipAddress?: string;
+}
+
+/**
+ * Security policy manager.
+ * Handles CSP generation, audit logging, and data masking.
+ */
+export class SecurityManager {
+  private policy: SecurityPolicy;
+  private auditLog: AuditLogEntry[] = [];
+
+  constructor(policy: SecurityPolicy = {}) {
+    this.policy = policy;
+  }
+
+  /**
+   * Generate a CSP header string from the configuration.
+   */
+  generateCSPHeader(): string {
+    const csp = this.policy.csp;
+    if (!csp) return '';
+
+    const directives: string[] = [];
+    
+    if (csp.scriptSrc?.length) directives.push(`script-src ${csp.scriptSrc.join(' ')}`);
+    if (csp.styleSrc?.length) directives.push(`style-src ${csp.styleSrc.join(' ')}`);
+    if (csp.imgSrc?.length) directives.push(`img-src ${csp.imgSrc.join(' ')}`);
+    if (csp.connectSrc?.length) directives.push(`connect-src ${csp.connectSrc.join(' ')}`);
+    if (csp.fontSrc?.length) directives.push(`font-src ${csp.fontSrc.join(' ')}`);
+    if (csp.frameSrc?.length) directives.push(`frame-src ${csp.frameSrc.join(' ')}`);
+    if (csp.reportUri) directives.push(`report-uri ${csp.reportUri}`);
+
+    return directives.join('; ');
+  }
+
+  /**
+   * Record an audit log entry.
+   */
+  recordAudit(entry: Omit<AuditLogEntry, 'timestamp'>): void {
+    if (!this.policy.auditLog?.enabled) return;
+    if (this.policy.auditLog.events && !this.policy.auditLog.events.includes(entry.event)) return;
+
+    const fullEntry: AuditLogEntry = {
+      ...entry,
+      timestamp: new Date().toISOString(),
+    };
+
+    this.auditLog.push(fullEntry);
+
+    const dest = this.policy.auditLog.destination ?? 'console';
+    if (dest === 'console' || dest === 'both') {
+      console.info('[AUDIT]', fullEntry.event, fullEntry.userId, fullEntry.resource ?? '');
+    }
+  }
+
+  /**
+   * Get audit log entries.
+   */
+  getAuditLog(filter?: { event?: AuditEventType; userId?: string; since?: string }): AuditLogEntry[] {
+    let entries = [...this.auditLog];
+    if (filter?.event) entries = entries.filter(e => e.event === filter.event);
+    if (filter?.userId) entries = entries.filter(e => e.userId === filter.userId);
+    if (filter?.since) entries = entries.filter(e => e.timestamp >= filter.since!);
+    return entries;
+  }
+
+  /**
+   * Apply data masking to a record.
+   */
+  maskRecord(record: Record<string, unknown>, userRoles: string[] = []): Record<string, unknown> {
+    if (!this.policy.dataMasking?.rules?.length) return record;
+
+    const masked = { ...record };
+    const maskChar = this.policy.dataMasking.maskChar ?? '*';
+
+    for (const rule of this.policy.dataMasking.rules) {
+      if (!(rule.field in masked) || masked[rule.field] == null) continue;
+      
+      // Check role exemptions
+      if (rule.exemptRoles?.some(role => userRoles.includes(role))) continue;
+
+      const value = String(masked[rule.field]);
+      
+      switch (rule.strategy) {
+        case 'full':
+          masked[rule.field] = maskChar.repeat(value.length);
+          break;
+        case 'partial': {
+          const visible = rule.visibleChars ?? 4;
+          // Values shorter than visibleChars are fully masked for security
+          if (value.length <= visible) {
+            masked[rule.field] = maskChar.repeat(value.length);
+          } else {
+            masked[rule.field] = value.slice(0, visible) + maskChar.repeat(value.length - visible);
+          }
+          break;
+        }
+        case 'hash':
+          masked[rule.field] = `[HASHED:${simpleHash(value)}]`;
+          break;
+        case 'redact':
+          masked[rule.field] = '[REDACTED]';
+          break;
+      }
+    }
+
+    return masked;
+  }
+
+  /**
+   * Update the security policy.
+   */
+  updatePolicy(policy: Partial<SecurityPolicy>): void {
+    this.policy = { ...this.policy, ...policy };
+  }
+
+  /**
+   * Get current security policy.
+   */
+  getPolicy(): SecurityPolicy {
+    return { ...this.policy };
+  }
+}
+
+/**
+ * Simple hash function for data masking (not cryptographic).
+ */
+function simpleHash(str: string): string {
+  let hash = 0;
+  for (let i = 0; i < str.length; i++) {
+    const char = str.charCodeAt(i);
+    hash = ((hash << 5) - hash) + char;
+    hash = hash & hash; // Convert to 32-bit integer
+  }
+  return Math.abs(hash).toString(36);
+}

package/src/studio.ts

@@ -0,0 +1,152 @@
+/**
+ * ObjectUI
+ * Copyright (c) 2024-present ObjectStack Inc.
+ *
+ * This source code is licensed under the MIT license found in the
+ * LICENSE file in the root directory of this source tree.
+ */
+
+/**
+ * Studio module integration for @objectstack/spec v3.0.0
+ * Provides visual designer schema improvements: canvas, property editors, theme builder.
+ */
+
+export interface StudioCanvasConfig {
+  /** Canvas width */
+  width: number;
+  /** Canvas height */
+  height: number;
+  /** Background type */
+  background: 'grid' | 'dots' | 'lines' | 'none';
+  /** Grid size in pixels */
+  gridSize: number;
+  /** Snap to grid */
+  snapToGrid: boolean;
+  /** Zoom range */
+  zoom: {
+    min: number;
+    max: number;
+    step: number;
+    current: number;
+  };
+  /** Pan offset */
+  panOffset: { x: number; y: number };
+  /** Show minimap */
+  showMinimap: boolean;
+  /** Minimap position */
+  minimapPosition: 'top-left' | 'top-right' | 'bottom-left' | 'bottom-right';
+}
+
+export interface StudioPropertyEditor {
+  /** Property name */
+  name: string;
+  /** Display label */
+  label: string;
+  /** Editor type */
+  type: 'text' | 'number' | 'boolean' | 'select' | 'color' | 'code' | 'expression';
+  /** Default value */
+  defaultValue?: unknown;
+  /** Options for select type */
+  options?: Array<{ label: string; value: string }>;
+  /** Group/category */
+  group?: string;
+  /** Description */
+  description?: string;
+  /** Whether the property supports live preview */
+  livePreview?: boolean;
+}
+
+export interface StudioThemeBuilderConfig {
+  /** Available color palettes */
+  palettes: StudioColorPalette[];
+  /** Typography presets */
+  typography: StudioTypographyPreset[];
+  /** Spacing scale */
+  spacing: number[];
+  /** Border radius options */
+  borderRadius: number[];
+  /** Shadow presets */
+  shadows: StudioShadowPreset[];
+}
+
+export interface StudioColorPalette {
+  name: string;
+  colors: Record<string, string>;
+}
+
+export interface StudioTypographyPreset {
+  name: string;
+  fontFamily: string;
+  fontSize: Record<string, string>;
+  fontWeight: Record<string, number>;
+  lineHeight: Record<string, string>;
+}
+
+export interface StudioShadowPreset {
+  name: string;
+  value: string;
+}
+
+/**
+ * Default canvas configuration for designers.
+ */
+export function createDefaultCanvasConfig(overrides?: Partial<StudioCanvasConfig>): StudioCanvasConfig {
+  return {
+    width: 1200,
+    height: 800,
+    background: 'grid',
+    gridSize: 8,
+    snapToGrid: true,
+    zoom: {
+      min: 0.25,
+      max: 3,
+      step: 0.1,
+      current: 1,
+    },
+    panOffset: { x: 0, y: 0 },
+    showMinimap: false,
+    minimapPosition: 'bottom-right',
+    ...overrides,
+  };
+}
+
+/**
+ * Snap a position to the grid.
+ */
+export function snapToGrid(x: number, y: number, gridSize: number): { x: number; y: number } {
+  return {
+    x: Math.round(x / gridSize) * gridSize,
+    y: Math.round(y / gridSize) * gridSize,
+  };
+}
+
+/**
+ * Calculate auto-layout positions for a set of items.
+ * Uses a simple grid-based layout algorithm.
+ */
+export function calculateAutoLayout(
+  items: Array<{ id: string; width: number; height: number }>,
+  canvasWidth: number,
+  padding: number = 40,
+  gap: number = 40,
+): Array<{ id: string; x: number; y: number }> {
+  const positions: Array<{ id: string; x: number; y: number }> = [];
+  let currentX = padding;
+  let currentY = padding;
+  let rowMaxHeight = 0;
+
+  for (const item of items) {
+    // Wrap to next row if exceeds canvas width
+    if (currentX + item.width + padding > canvasWidth) {
+      currentX = padding;
+      currentY += rowMaxHeight + gap;
+      rowMaxHeight = 0;
+    }
+
+    positions.push({ id: item.id, x: currentX, y: currentY });
+    currentX += item.width + gap;
+    rowMaxHeight = Math.max(rowMaxHeight, item.height);
+  }
+
+  return positions;
+}

package/src/upload.test.ts

@@ -0,0 +1,112 @@
+/**
+ * Tests for ObjectStackAdapter file upload integration
+ */
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { ObjectStackAdapter } from './index';
+
+describe('ObjectStackAdapter File Upload', () => {
+  let adapter: ObjectStackAdapter;
+
+  beforeEach(() => {
+    adapter = new ObjectStackAdapter({
+      baseUrl: 'http://localhost:3000',
+      autoReconnect: false,
+    });
+    vi.clearAllMocks();
+  });
+
+  describe('uploadFile', () => {
+    it('should be a method on the adapter', () => {
+      expect(typeof adapter.uploadFile).toBe('function');
+    });
+
+    it('should call fetch with multipart form data when connected', async () => {
+      const mockResponse = {
+        ok: true,
+        json: vi.fn().mockResolvedValue({
+          id: 'file-1',
+          filename: 'test.pdf',
+          mimeType: 'application/pdf',
+          size: 1024,
+          url: 'http://localhost:3000/files/file-1',
+        }),
+      };
+
+      global.fetch = vi.fn().mockResolvedValue(mockResponse);
+
+      // Manually set connected state by accessing private field
+      (adapter as any).connected = true;
+      (adapter as any).connectionState = 'connected';
+
+      const file = new File(['test content'], 'test.pdf', { type: 'application/pdf' });
+
+      const result = await adapter.uploadFile('documents', file, {
+        recordId: 'rec-123',
+        fieldName: 'attachment',
+      });
+
+      expect(global.fetch).toHaveBeenCalledWith(
+        expect.stringContaining('/api/data/documents/upload'),
+        expect.objectContaining({
+          method: 'POST',
+          body: expect.any(FormData),
+        }),
+      );
+
+      expect(result.id).toBe('file-1');
+      expect(result.filename).toBe('test.pdf');
+    });
+
+    it('should throw on upload failure', async () => {
+      const mockResponse = {
+        ok: false,
+        status: 413,
+        statusText: 'Payload Too Large',
+        json: vi.fn().mockResolvedValue({ message: 'File too large' }),
+      };
+
+      global.fetch = vi.fn().mockResolvedValue(mockResponse);
+
+      // Manually set connected state
+      (adapter as any).connected = true;
+      (adapter as any).connectionState = 'connected';
+
+      const file = new File(['test'], 'large.bin', { type: 'application/octet-stream' });
+
+      await expect(adapter.uploadFile('documents', file)).rejects.toThrow('File too large');
+    });
+  });
+
+  describe('uploadFiles', () => {
+    it('should be a method on the adapter', () => {
+      expect(typeof adapter.uploadFiles).toBe('function');
+    });
+
+    it('should upload multiple files', async () => {
+      const mockResponse = {
+        ok: true,
+        json: vi.fn().mockResolvedValue([
+          { id: 'file-1', filename: 'a.pdf', mimeType: 'application/pdf', size: 100, url: '/files/1' },
+          { id: 'file-2', filename: 'b.pdf', mimeType: 'application/pdf', size: 200, url: '/files/2' },
+        ]),
+      };
+
+      global.fetch = vi.fn().mockResolvedValue(mockResponse);
+
+      // Manually set connected state
+      (adapter as any).connected = true;
+      (adapter as any).connectionState = 'connected';
+
+      const files = [
+        new File(['content1'], 'a.pdf', { type: 'application/pdf' }),
+        new File(['content2'], 'b.pdf', { type: 'application/pdf' }),
+      ];
+
+      const results = await adapter.uploadFiles('documents', files);
+
+      expect(results).toHaveLength(2);
+      expect(results[0].id).toBe('file-1');
+      expect(results[1].id).toBe('file-2');
+    });
+  });
+});