npm - @objectstack/objectql - Versions diffs - 4.1.0 → 4.2.0 - Mend

@objectstack/objectql 4.1.0 → 4.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -418,6 +418,7 @@ declare class ObjectStackProtocolImplementation implements ObjectStackProtocol {
         object: string;
         id: string;
         data: any;
+        expectedVersion?: string;
         context?: any;
     }): Promise<{
         object: string;
@@ -427,12 +428,33 @@ declare class ObjectStackProtocolImplementation implements ObjectStackProtocol {
     deleteData(request: {
         object: string;
         id: string;
+        expectedVersion?: string;
         context?: any;
     }): Promise<{
         object: string;
         id: string;
         success: boolean;
     }>;
+    /**
+     * Optimistic Concurrency Control gate shared by updateData/deleteData.
+     *
+     * When the caller passes a non-empty `expectedVersion` token (typically
+     * the `updated_at` value they read), this fetches the current record
+     * and compares its `updated_at` against the token. Mismatch → throw
+     * `ConcurrentUpdateError` which the REST layer maps to 409.
+     *
+     * Behaviour:
+     *  - Empty/missing token → no check (opt-in semantics; existing callers
+     *    that haven't yet adopted OCC are unaffected).
+     *  - Record not found → no check; downstream `engine.update` will
+     *    surface the usual `RECORD_NOT_FOUND` 404. We intentionally do not
+     *    treat "missing record" as a concurrency conflict.
+     *  - Record has no `updated_at` field (timestamps disabled) → no check.
+     *    Logging would be noisy here; OCC is opt-in and the absence of a
+     *    version column is an explicit "this object doesn't support OCC"
+     *    signal.
+     */
+    private assertVersionMatch;
     /**
      * Cross-object substring search across all registered objects that opt in
      * via `enable.searchable !== false` and `enable.apiEnabled !== false`.

package/dist/index.d.ts CHANGED Viewed

@@ -418,6 +418,7 @@ declare class ObjectStackProtocolImplementation implements ObjectStackProtocol {
         object: string;
         id: string;
         data: any;
+        expectedVersion?: string;
         context?: any;
     }): Promise<{
         object: string;
@@ -427,12 +428,33 @@ declare class ObjectStackProtocolImplementation implements ObjectStackProtocol {
     deleteData(request: {
         object: string;
         id: string;
+        expectedVersion?: string;
         context?: any;
     }): Promise<{
         object: string;
         id: string;
         success: boolean;
     }>;
+    /**
+     * Optimistic Concurrency Control gate shared by updateData/deleteData.
+     *
+     * When the caller passes a non-empty `expectedVersion` token (typically
+     * the `updated_at` value they read), this fetches the current record
+     * and compares its `updated_at` against the token. Mismatch → throw
+     * `ConcurrentUpdateError` which the REST layer maps to 409.
+     *
+     * Behaviour:
+     *  - Empty/missing token → no check (opt-in semantics; existing callers
+     *    that haven't yet adopted OCC are unaffected).
+     *  - Record not found → no check; downstream `engine.update` will
+     *    surface the usual `RECORD_NOT_FOUND` 404. We intentionally do not
+     *    treat "missing record" as a concurrency conflict.
+     *  - Record has no `updated_at` field (timestamps disabled) → no check.
+     *    Logging would be noisy here; OCC is opt-in and the absence of a
+     *    version column is an explicit "this object doesn't support OCC"
+     *    signal.
+     */
+    private assertVersionMatch;
     /**
      * Cross-object substring search across all registered objects that opt in
      * via `enable.searchable !== false` and `enable.apiEnabled !== false`.

package/dist/index.js CHANGED Viewed

@@ -668,6 +668,25 @@ function simpleHash(str) {
   }
   return Math.abs(hash).toString(16);
 }
+var ConcurrentUpdateError = class extends Error {
+  constructor(opts) {
+    super(opts.message ?? "Record was modified by another user");
+    this.code = "CONCURRENT_UPDATE";
+    this.status = 409;
+    this.name = "ConcurrentUpdateError";
+    this.currentVersion = opts.currentVersion;
+    this.currentRecord = opts.currentRecord;
+  }
+};
+function normaliseVersionToken(v) {
+  if (v === null || v === void 0) return null;
+  const s = String(v).trim();
+  if (!s) return null;
+  if (s.length >= 2 && s.startsWith('"') && s.endsWith('"')) {
+    return s.slice(1, -1);
+  }
+  return s;
+}
 var SERVICE_CONFIG = {
   auth: { route: "/api/v1/auth", plugin: "plugin-auth" },
   automation: { route: "/api/v1/automation", plugin: "plugin-automation" },
@@ -1261,6 +1280,7 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
     };
   }
   async updateData(request) {
+    await this.assertVersionMatch(request.object, request.id, request.expectedVersion, request.context);
     const opts = { where: { id: request.id } };
     if (request.context !== void 0) opts.context = request.context;
     const result = await this.engine.update(request.object, request.data, opts);
@@ -1271,6 +1291,7 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
     };
   }
   async deleteData(request) {
+    await this.assertVersionMatch(request.object, request.id, request.expectedVersion, request.context);
     const opts = { where: { id: request.id } };
     if (request.context !== void 0) opts.context = request.context;
     await this.engine.delete(request.object, opts);
@@ -1280,6 +1301,42 @@ var _ObjectStackProtocolImplementation = class _ObjectStackProtocolImplementatio
       success: true
     };
   }
+  /**
+   * Optimistic Concurrency Control gate shared by updateData/deleteData.
+   *
+   * When the caller passes a non-empty `expectedVersion` token (typically
+   * the `updated_at` value they read), this fetches the current record
+   * and compares its `updated_at` against the token. Mismatch → throw
+   * `ConcurrentUpdateError` which the REST layer maps to 409.
+   *
+   * Behaviour:
+   *  - Empty/missing token → no check (opt-in semantics; existing callers
+   *    that haven't yet adopted OCC are unaffected).
+   *  - Record not found → no check; downstream `engine.update` will
+   *    surface the usual `RECORD_NOT_FOUND` 404. We intentionally do not
+   *    treat "missing record" as a concurrency conflict.
+   *  - Record has no `updated_at` field (timestamps disabled) → no check.
+   *    Logging would be noisy here; OCC is opt-in and the absence of a
+   *    version column is an explicit "this object doesn't support OCC"
+   *    signal.
+   */
+  async assertVersionMatch(object, id, expectedVersion, context) {
+    const expected = normaliseVersionToken(expectedVersion);
+    if (!expected) return;
+    const findOpts = { where: { id } };
+    if (context !== void 0) findOpts.context = context;
+    const current = await this.engine.findOne(object, findOpts);
+    if (!current) return;
+    const currentVersion = normaliseVersionToken(current.updated_at);
+    if (!currentVersion) return;
+    if (currentVersion !== expected) {
+      throw new ConcurrentUpdateError({
+        currentVersion,
+        currentRecord: current,
+        message: `Record ${object}/${id} was modified by another user (current version ${currentVersion}, expected ${expected})`
+      });
+    }
+  }
   // ==========================================
   // Global Search (M10.5)
   // ==========================================