@opensaas/stack-core 0.1.0

package/src/lib/case-utils.test.ts

@@ -0,0 +1,127 @@
+import { describe, it, expect } from 'vitest'
+import {
+  pascalToCamel,
+  pascalToKebab,
+  kebabToPascal,
+  kebabToCamel,
+  getDbKey,
+  getUrlKey,
+  getListKeyFromUrl,
+} from './case-utils.js'
+
+describe('Case Conversion Utilities', () => {
+  describe('pascalToCamel', () => {
+    it('should convert single word PascalCase to camelCase', () => {
+      expect(pascalToCamel('User')).toBe('user')
+    })
+
+    it('should convert multi-word PascalCase to camelCase', () => {
+      expect(pascalToCamel('AuthUser')).toBe('authUser')
+      expect(pascalToCamel('BlogPost')).toBe('blogPost')
+      expect(pascalToCamel('UserProfile')).toBe('userProfile')
+    })
+
+    it('should handle already camelCase strings', () => {
+      expect(pascalToCamel('user')).toBe('user')
+      expect(pascalToCamel('authUser')).toBe('authUser')
+    })
+  })
+
+  describe('pascalToKebab', () => {
+    it('should convert single word PascalCase to kebab-case', () => {
+      expect(pascalToKebab('User')).toBe('user')
+    })
+
+    it('should convert multi-word PascalCase to kebab-case', () => {
+      expect(pascalToKebab('AuthUser')).toBe('auth-user')
+      expect(pascalToKebab('BlogPost')).toBe('blog-post')
+      expect(pascalToKebab('UserProfile')).toBe('user-profile')
+    })
+
+    it('should handle consecutive capital letters', () => {
+      expect(pascalToKebab('HTMLElement')).toBe('h-t-m-l-element')
+    })
+  })
+
+  describe('kebabToPascal', () => {
+    it('should convert single word kebab-case to PascalCase', () => {
+      expect(kebabToPascal('user')).toBe('User')
+    })
+
+    it('should convert multi-word kebab-case to PascalCase', () => {
+      expect(kebabToPascal('auth-user')).toBe('AuthUser')
+      expect(kebabToPascal('blog-post')).toBe('BlogPost')
+      expect(kebabToPascal('user-profile')).toBe('UserProfile')
+    })
+
+    it('should handle already PascalCase strings without hyphens', () => {
+      expect(kebabToPascal('User')).toBe('User')
+      // Note: "AuthUser" without hyphens is treated as a single word
+      expect(kebabToPascal('AuthUser')).toBe('AuthUser')
+    })
+  })
+
+  describe('kebabToCamel', () => {
+    it('should convert single word kebab-case to camelCase', () => {
+      expect(kebabToCamel('user')).toBe('user')
+    })
+
+    it('should convert multi-word kebab-case to camelCase', () => {
+      expect(kebabToCamel('auth-user')).toBe('authUser')
+      expect(kebabToCamel('blog-post')).toBe('blogPost')
+      expect(kebabToCamel('user-profile')).toBe('userProfile')
+    })
+  })
+
+  describe('getDbKey', () => {
+    it('should convert list key to database key format', () => {
+      expect(getDbKey('User')).toBe('user')
+      expect(getDbKey('AuthUser')).toBe('authUser')
+      expect(getDbKey('BlogPost')).toBe('blogPost')
+    })
+  })
+
+  describe('getUrlKey', () => {
+    it('should convert list key to URL key format', () => {
+      expect(getUrlKey('User')).toBe('user')
+      expect(getUrlKey('AuthUser')).toBe('auth-user')
+      expect(getUrlKey('BlogPost')).toBe('blog-post')
+    })
+  })
+
+  describe('getListKeyFromUrl', () => {
+    it('should convert URL key to list key format', () => {
+      expect(getListKeyFromUrl('user')).toBe('User')
+      expect(getListKeyFromUrl('auth-user')).toBe('AuthUser')
+      expect(getListKeyFromUrl('blog-post')).toBe('BlogPost')
+    })
+  })
+
+  describe('Round-trip conversions', () => {
+    it('should maintain consistency: PascalCase -> kebab-case -> PascalCase', () => {
+      const original = 'BlogPost'
+      const kebab = getUrlKey(original)
+      const backToPascal = getListKeyFromUrl(kebab)
+      expect(backToPascal).toBe(original)
+    })
+
+    it('should maintain consistency: PascalCase -> camelCase -> operations', () => {
+      const original = 'AuthUser'
+      const camel = getDbKey(original)
+      expect(camel).toBe('authUser')
+    })
+
+    it('should handle multi-word conversions correctly', () => {
+      const testCases = ['User', 'AuthUser', 'BlogPost', 'UserProfile']
+
+      testCases.forEach((original) => {
+        const url = getUrlKey(original)
+        const db = getDbKey(original)
+        const fromUrl = getListKeyFromUrl(url)
+
+        expect(fromUrl).toBe(original)
+        expect(db.charAt(0)).toBe(original.charAt(0).toLowerCase())
+      })
+    })
+  })
+})

package/src/lib/case-utils.ts

@@ -0,0 +1,74 @@
+/**
+ * Case conversion utilities for consistent naming across the stack
+ *
+ * - Config list names: PascalCase (e.g., "AuthUser", "BlogPost")
+ * - Prisma models: PascalCase (e.g., "AuthUser", "BlogPost")
+ * - Prisma client properties: camelCase (e.g., "authUser", "blogPost")
+ * - Context db properties: camelCase (e.g., "authUser", "blogPost")
+ * - URLs: kebab-case (e.g., "auth-user", "blog-post")
+ */
+
+/**
+ * Convert PascalCase to camelCase
+ * AuthUser -> authUser
+ * BlogPost -> blogPost
+ */
+export function pascalToCamel(str: string): string {
+  return str.charAt(0).toLowerCase() + str.slice(1)
+}
+
+/**
+ * Convert PascalCase to kebab-case
+ * AuthUser -> auth-user
+ * BlogPost -> blog-post
+ */
+export function pascalToKebab(str: string): string {
+  return str.replace(/([A-Z])/g, (match, p1, offset) => {
+    return offset > 0 ? `-${p1.toLowerCase()}` : p1.toLowerCase()
+  })
+}
+
+/**
+ * Convert kebab-case to PascalCase
+ * auth-user -> AuthUser
+ * blog-post -> BlogPost
+ */
+export function kebabToPascal(str: string): string {
+  return str
+    .split('-')
+    .map((word) => word.charAt(0).toUpperCase() + word.slice(1))
+    .join('')
+}
+
+/**
+ * Convert kebab-case to camelCase
+ * auth-user -> authUser
+ * blog-post -> blogPost
+ */
+export function kebabToCamel(str: string): string {
+  return str.replace(/-([a-z])/g, (match, p1) => p1.toUpperCase())
+}
+
+/**
+ * Get the database key for a list (camelCase)
+ * Used for accessing context.db and prisma client
+ */
+export function getDbKey(listKey: string): string {
+  return pascalToCamel(listKey)
+}
+
+/**
+ * Get the URL segment for a list (kebab-case)
+ * Used for constructing admin URLs
+ */
+export function getUrlKey(listKey: string): string {
+  return pascalToKebab(listKey)
+}
+
+/**
+ * Get the list key from a URL segment (PascalCase)
+ * Used for parsing admin URLs
+ */
+export function getListKeyFromUrl(urlSegment: string): string {
+  return kebabToPascal(urlSegment)
+}

package/src/utils/password.ts

@@ -0,0 +1,147 @@
+import bcrypt from 'bcryptjs'
+
+/**
+ * Default bcrypt cost factor (rounds)
+ * Higher values = more secure but slower
+ * 10 is a good balance for production use
+ */
+const DEFAULT_COST_FACTOR = 10
+
+/**
+ * Hash a plain text password using bcrypt
+ *
+ * @param plainPassword - The plain text password to hash
+ * @param costFactor - The bcrypt cost factor (default: 10)
+ * @returns Promise resolving to the hashed password
+ *
+ * @example
+ * ```typescript
+ * const hashed = await hashPassword('mypassword')
+ * // Returns: $2a$10$...
+ * ```
+ */
+export async function hashPassword(
+  plainPassword: string,
+  costFactor: number = DEFAULT_COST_FACTOR,
+): Promise<string> {
+  if (typeof plainPassword !== 'string' || plainPassword.length === 0) {
+    throw new Error('Password must be a non-empty string')
+  }
+
+  return bcrypt.hash(plainPassword, costFactor)
+}
+
+/**
+ * Compare a plain text password with a hashed password
+ *
+ * @param plainPassword - The plain text password to compare
+ * @param hashedPassword - The hashed password to compare against
+ * @returns Promise resolving to true if passwords match, false otherwise
+ *
+ * @example
+ * ```typescript
+ * const isValid = await comparePassword('mypassword', hashedPassword)
+ * if (isValid) {
+ *   // Password is correct
+ * }
+ * ```
+ */
+export async function comparePassword(
+  plainPassword: string,
+  hashedPassword: string,
+): Promise<boolean> {
+  if (typeof plainPassword !== 'string' || typeof hashedPassword !== 'string') {
+    return false
+  }
+
+  if (plainPassword.length === 0 || hashedPassword.length === 0) {
+    return false
+  }
+
+  try {
+    return await bcrypt.compare(plainPassword, hashedPassword)
+  } catch (error) {
+    // Invalid hash format or other bcrypt error
+    console.error('Password comparison failed:', error)
+    return false
+  }
+}
+
+/**
+ * Check if a string appears to be a bcrypt hash
+ * Bcrypt hashes follow the format: $2a$10$...
+ *
+ * @param value - The string to check
+ * @returns True if the string looks like a bcrypt hash
+ */
+export function isHashedPassword(value: string): boolean {
+  if (typeof value !== 'string') return false
+
+  // Bcrypt hashes start with $2a$, $2b$, or $2y$ followed by cost factor
+  // and are typically 60 characters long
+  return /^\$2[aby]\$\d{2}\$.{53}$/.test(value)
+}
+
+/**
+ * HashedPassword class wraps a bcrypt hash and provides a compare method
+ * This allows password field values to be used as strings while also
+ * providing a convenient compare() method for authentication
+ *
+ * @example
+ * ```typescript
+ * const user = await context.db.user.findUnique({ where: { id: '1' } })
+ * const isValid = await user.password.compare('plaintextPassword')
+ * ```
+ */
+export class HashedPassword {
+  constructor(private readonly hash: string) {
+    if (!hash || typeof hash !== 'string') {
+      throw new Error('HashedPassword requires a non-empty hash string')
+    }
+  }
+
+  /**
+   * Compare a plain text password with this hashed password
+   *
+   * @param plainPassword - The plain text password to compare
+   * @returns Promise resolving to true if passwords match
+   */
+  async compare(plainPassword: string): Promise<boolean> {
+    return comparePassword(plainPassword, this.hash)
+  }
+
+  /**
+   * Get the underlying hash string
+   * This allows the HashedPassword to be used anywhere a string is expected
+   */
+  toString(): string {
+    return this.hash
+  }
+
+  /**
+   * Get the underlying hash when used in string contexts
+   * This allows the HashedPassword to be coerced to a string automatically
+   */
+  [Symbol.toPrimitive](hint: string): string {
+    if (hint === 'string' || hint === 'default') {
+      return this.hash
+    }
+    return this.hash
+  }
+
+  /**
+   * Return the hash for JSON serialization
+   * This ensures the hash is properly serialized when converting to JSON
+   */
+  toJSON(): string {
+    return this.hash
+  }
+
+  /**
+   * Get the underlying hash value
+   * This allows accessing the raw hash string
+   */
+  valueOf(): string {
+    return this.hash
+  }
+}

package/src/validation/schema.test.ts

@@ -0,0 +1,171 @@
+import { describe, it, expect } from 'vitest'
+import { generateZodSchema, validateWithZod } from './schema.js'
+import type { FieldConfig } from '../config/types.js'
+import { text, integer, select } from '../fields/index.js'
+
+describe('Zod Schema Generation', () => {
+  describe('generateZodSchema', () => {
+    it('should generate schema for text field with required validation', () => {
+      const fields: Record<string, FieldConfig> = {
+        name: text({ validation: { isRequired: true } }),
+      }
+
+      const schema = generateZodSchema(fields, 'create')
+      expect(schema).toBeDefined()
+    })
+
+    it('should generate schema for text field with length validation', () => {
+      const fields: Record<string, FieldConfig> = {
+        title: text({
+          validation: { isRequired: true, length: { min: 3, max: 100 } },
+        }),
+      }
+
+      const schema = generateZodSchema(fields, 'create')
+      expect(schema).toBeDefined()
+    })
+
+    it('should generate schema for integer field with min/max validation', () => {
+      const fields: Record<string, FieldConfig> = {
+        age: integer({ validation: { isRequired: true, min: 0, max: 120 } }),
+      }
+
+      const schema = generateZodSchema(fields, 'create')
+      expect(schema).toBeDefined()
+    })
+
+    it('should generate schema for select field', () => {
+      const fields: Record<string, FieldConfig> = {
+        status: select({
+          options: [
+            { label: 'Active', value: 'active' },
+            { label: 'Inactive', value: 'inactive' },
+          ],
+          validation: { isRequired: true },
+        }),
+      }
+
+      const schema = generateZodSchema(fields, 'create')
+      expect(schema).toBeDefined()
+    })
+
+    it('should make fields optional in update mode', () => {
+      const fields: Record<string, FieldConfig> = {
+        name: text({ validation: { isRequired: true } }),
+      }
+
+      const schema = generateZodSchema(fields, 'update')
+      expect(schema).toBeDefined()
+    })
+  })
+
+  describe('validateWithZod', () => {
+    it('should pass validation for valid text field', () => {
+      const fields: Record<string, FieldConfig> = {
+        name: text({ validation: { isRequired: true } }),
+      }
+
+      const result = validateWithZod({ name: 'John Doe' }, fields, 'create')
+      expect(result.success).toBe(true)
+    })
+
+    it('should fail validation for missing required field', () => {
+      const fields: Record<string, FieldConfig> = {
+        name: text({ validation: { isRequired: true } }),
+      }
+
+      const result = validateWithZod({}, fields, 'create')
+      expect(result.success).toBe(false)
+      if (!result.success) {
+        expect(result.errors).toHaveProperty('name')
+      }
+    })
+
+    it('should fail validation for text too short', () => {
+      const fields: Record<string, FieldConfig> = {
+        title: text({
+          validation: { isRequired: true, length: { min: 5 } },
+        }),
+      }
+
+      const result = validateWithZod({ title: 'Hi' }, fields, 'create')
+      expect(result.success).toBe(false)
+      if (!result.success) {
+        expect(result.errors.title).toContain('at least 5 characters')
+      }
+    })
+
+    it('should fail validation for text too long', () => {
+      const fields: Record<string, FieldConfig> = {
+        title: text({ validation: { length: { max: 10 } } }),
+      }
+
+      const result = validateWithZod({ title: 'This is a very long title' }, fields, 'create')
+      expect(result.success).toBe(false)
+      if (!result.success) {
+        expect(result.errors.title).toContain('at most 10 characters')
+      }
+    })
+
+    it('should fail validation for integer below min', () => {
+      const fields: Record<string, FieldConfig> = {
+        age: integer({ validation: { min: 18 } }),
+      }
+
+      const result = validateWithZod({ age: 15 }, fields, 'create')
+      expect(result.success).toBe(false)
+      if (!result.success) {
+        expect(result.errors.age).toContain('at least 18')
+      }
+    })
+
+    it('should fail validation for integer above max', () => {
+      const fields: Record<string, FieldConfig> = {
+        age: integer({ validation: { max: 120 } }),
+      }
+
+      const result = validateWithZod({ age: 150 }, fields, 'create')
+      expect(result.success).toBe(false)
+      if (!result.success) {
+        expect(result.errors.age).toContain('at most 120')
+      }
+    })
+
+    it('should fail validation for invalid select value', () => {
+      const fields: Record<string, FieldConfig> = {
+        status: select({
+          options: [
+            { label: 'Active', value: 'active' },
+            { label: 'Inactive', value: 'inactive' },
+          ],
+          validation: { isRequired: true },
+        }),
+      }
+
+      const result = validateWithZod({ status: 'invalid' }, fields, 'create')
+      expect(result.success).toBe(false)
+      if (!result.success) {
+        expect(result.errors.status).toBeDefined()
+      }
+    })
+
+    it('should skip system fields in validation', () => {
+      const fields: Record<string, FieldConfig> = {
+        id: text(),
+        name: text({ validation: { isRequired: true } }),
+      }
+
+      const result = validateWithZod({ name: 'John' }, fields, 'create')
+      expect(result.success).toBe(true)
+    })
+
+    it('should allow required fields to be missing in update mode', () => {
+      const fields: Record<string, FieldConfig> = {
+        name: text({ validation: { isRequired: true } }),
+      }
+
+      const result = validateWithZod({}, fields, 'update')
+      expect(result.success).toBe(true)
+    })
+  })
+})

package/src/validation/schema.ts

@@ -0,0 +1,59 @@
+import { z } from 'zod'
+import type { FieldConfig } from '../config/types.js'
+
+/**
+ * Generate Zod schema from field configurations
+ */
+export function generateZodSchema(
+  fieldConfigs: Record<string, FieldConfig>,
+  operation: 'create' | 'update' = 'create',
+): z.ZodObject {
+  const shape: Record<string, z.ZodTypeAny> = {}
+
+  for (const [fieldName, fieldConfig] of Object.entries(fieldConfigs)) {
+    // Skip system fields and relationships
+    if (
+      ['id', 'createdAt', 'updatedAt'].includes(fieldName) ||
+      fieldConfig.type === 'relationship'
+    ) {
+      continue
+    }
+
+    // Use the field's schema generator
+    if (fieldConfig.getZodSchema) {
+      shape[fieldName] = fieldConfig.getZodSchema(fieldName, operation)
+    } else {
+      // Fallback for custom field types without schema generators
+      shape[fieldName] = z.any().optional()
+    }
+  }
+
+  return z.object(shape)
+}
+
+/**
+ * Validate data against field configurations using Zod
+ * Returns structured errors by field
+ */
+export function validateWithZod(
+  data: Record<string, unknown>,
+  fieldConfigs: Record<string, FieldConfig>,
+  operation: 'create' | 'update' = 'create',
+): { success: true } | { success: false; errors: Record<string, string> } {
+  const schema = generateZodSchema(fieldConfigs, operation)
+
+  const result = schema.safeParse(data)
+
+  if (result.success) {
+    return { success: true }
+  }
+
+  // Convert Zod errors to field-specific error messages
+  const errors: Record<string, string> = {}
+  for (const issue of result.error.issues) {
+    const fieldPath = issue.path.join('.')
+    errors[fieldPath] = issue.message
+  }
+
+  return { success: false, errors }
+}